Report - 1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click

Report Overview

Submitted URL
1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
IP
178.253.29.51
ASN
#202492 Silverhill Group Holding Ltd
Submitted
2024-05-07 23:36:54
Access
public
Website Title
1xBet ᐉ Online sports betting ᐉ 1xBet online bookmaker log in ᐉ 1xlite-461430.top
Final URL
1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
108

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.googletagmanager.com	75	2011-11-11	2013-05-22	2024-05-07	847 B	172 kB	142.250.74.168
region1.analytics.google.com	unknown	1997-09-15	2022-03-17	2024-05-06	1.1 kB	448 B	216.239.34.36
aus5.mozilla.org	2548	1998-01-24	2015-10-27	2024-05-06	521 B	477 B	35.244.181.201
radar.cedexis.com	3035	2009-01-07	2013-11-27	2024-05-07	412 B	667 B	45.54.49.5
v3.traincdn.com	unknown	2022-11-10	2022-11-25	2024-05-04	91 kB	4.8 MB	185.244.209.62
1xlite-461430.top	unknown	2023-08-11	2023-08-11	2024-05-07	101 kB	317 kB	178.253.29.51
widget.suphelper.top	unknown	2023-08-02	2023-10-04	2024-05-02	6.5 kB	964 kB	172.64.148.184
www.google.no	25607	2001-02-26	2016-04-05	2024-05-07	587 B	578 B	142.250.74.163
services.addons.mozilla.org	6161	1998-01-24	2012-05-21	2024-05-06	677 B	1.8 kB	54.230.111.21
pp23vi1.com	unknown	2023-03-09	2023-04-06	2024-05-04	439 B	387 B	178.253.14.123

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed
2024-05-07	medium	1xlite-461430.top	Sinkholed

ThreatFox

No alerts detected

JavaScript (115)

	URL	Size	First Seen	Last Seen
	unknown	44 B	2023-04-14	2024-05-19
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26:15 Last Seen2024-05-19 17:47:18 Times Seen951 Hash 00beb9884d0391b342eadd30744b539a 3124c0bd593822379d22f13d3e08e70a1bf5ea14 92394eec5690449a4f6cfc9a7f97497a69e926b2365cb9a9aad3507a844f835c Loading...

	unknown	47 B	2023-04-14	2024-05-19
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26:15 Last Seen2024-05-19 17:47:18 Times Seen949 Hash 580b3e56fc9ab6e8b4655f43ee057cc1 5dfce565e446f4a167195de9a1a5dd26163c711c 446f07b6e56de61d2c2d5b6ba408cc580b492a6d1ede8fc51cfde4ef75a2b382 Loading...

	data:text/javascript,export const meta = import.meta;	32 B	2023-12-06	2024-05-19
Pretty URL data:text/javascript,export const meta = import.meta; IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-06 14:32:28 Last Seen2024-05-19 17:47:18 Times Seen974 Hash 6d772b7d405b447ecee54ab61cdd5108 dd65fb9cd5a7cb94a40fe161f4f72303a61eb3b7 b90ff694e492935b6036fb7e878d365dab51aafa46f0afb1e33414e7ecc3307b Loading...

	v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboard/Page.NewCy/adc1b632-4d951a46.js	14 kB	2024-04-27	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboard/Page.NewCy/adc1b632-4d951a46.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-27 18:05:15 Last Seen2024-05-08 09:00:23 Times Seen30 Hash 395deb0abfd0ea102c0c9aa4cf08b2f9 b53c99a2bce733f0a45a075000949d34e2fd0b17 f11d7b6985d7e97030628cf137377b14e9316f8919f80dff4cdd488366aa6652 Loading...

	v3.traincdn.com/_nuxt/desktop/default/betting.SportsMenuCompact-e547fa93.js	7.8 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/betting.SportsMenuCompact-e547fa93.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:30 Last Seen2024-05-08 09:00:23 Times Seen21 Hash 3078429361b9801527b7f4deb1ff2633 c0bf69639f54697d7fcf5ee8ed06072a629b3fff 3042f5f56a8fae2d232bd88071179a50133e8d90fd11ec2f52259b23d8e0cb5a Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/5e0dc9f15b39.js	53 B	2024-04-24	2024-05-19
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/5e0dc9f15b39.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-24 06:33:07 Last Seen2024-05-19 17:11:27 Times Seen52 Hash bb7e15ec1662efa164ad912bd1c65e19 bdd420a5f5bf96a8a4f85abbbe3b0cd2ad547f52 a9378fb3de73c35f466dfae4d2956a63b95813d4eaf88ae7f4ce820d0992cc01 Loading...

	v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingContent-636888aa.js	1.3 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingContent-636888aa.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:27 Last Seen2024-05-08 09:00:23 Times Seen22 Hash 59e405a5c84540fd5cd4a47c01954bb9 877928ec86d9742b605ab481e28e4ca40163154b a50357ec75eb7f36a26bfe20b003e614f8bfd8298d502b26c9dc36cbdc1d362a Loading...

	widget.suphelper.top/injector.js	208 kB	2023-12-17	2024-05-19
Pretty URL widget.suphelper.top/injector.js IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-17 15:23:16 Last Seen2024-05-19 17:47:18 Times Seen1032 Hash faa1c0b5a845868ac1a8071b6b87d458 71034e9bb2726a20b2afa197ff4e1b52c2ab976b d7585c13a4abd3b295a15b2bce2b2d7121a697f42ea85f89f40624ac26b075d0 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/DownloadAppWidget/modal.IplWorldInstallModal/modal.office.TwoFactorAuthEnableModal-74c102e0.js	16 kB	2024-04-27	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/DownloadAppWidget/modal.IplWorldInstallModal/modal.office.TwoFactorAuthEnableModal-74c102e0.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-27 18:05:16 Last Seen2024-05-08 09:00:23 Times Seen26 Hash 18f932fe4f53ce3de4a44b04b0524916 ed47f4f593c25b33012b0369c19883c23e7d3df1 c665029c63cfd9399be9c74e897668b621e3a6e690f0da69196f4c73c16f0cee Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_chunk_M4D4AAJL.js	101 kB	2024-04-24	2024-05-15
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_chunk_M4D4AAJL.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-24 06:33:08 Last Seen2024-05-15 18:55:38 Times Seen69 Hash 51ddc52774f4e5bd6a6f1c22e9d19674 374c2fbb2b68ad9c28898dfe60da3fd828ccf7c4 642e66ee14ca90b6ff8f91fbfdce400c6834a037dee18a60a72922ea727bb442 Loading...

	v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.Homepage/Page.NewCyber.Cyber/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamp/Page./8c362243-68160950.js	20 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.Homepage/Page.NewCyber.Cyber/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamp/Page./8c362243-68160950.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:30 Last Seen2024-05-08 09:00:23 Times Seen22 Hash 860ea683ac1ca8494adc10cb2ea4fcdf a1004cb9bb3a036d215dfbf6b9bade88ad81a7a3 e8fcc72111c9040f545dd314899e61e406ceaa76601c816dc3c1a7b407f88850 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/RegistrationWidgetApp-4b1f6e54.js	76 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/RegistrationWidgetApp-4b1f6e54.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:28 Last Seen2024-05-08 09:00:23 Times Seen22 Hash 05e740893c07a5cc45b5f0f2d787dbf5 28c364157e02ce207609bca53064a4b513e8bda7 a2af38a1cec7178448ce8d1aee99190b643f50894d3d05cac2e5234caeac8e5e Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_sweetalert2_X3CQ7PJQ.js	69 kB	2024-03-23	2024-05-19
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_sweetalert2_X3CQ7PJQ.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-03-23 16:35:38 Last Seen2024-05-19 17:47:20 Times Seen114 Hash 138de5d55ee831195dd90bbf5c557926 4413082980942643803d8d4567df2f8395c0e868 55a6d9d38b0c68a21367ae7ae43333bfa61e2eddd38b2376eb5b192f0a0383cd Loading...

	unknown	34 B	2023-04-14	2024-05-19
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26:15 Last Seen2024-05-19 17:47:18 Times Seen962 Hash 7bcdb973ab8af8e24ab11cb554a1ba6e 24e8a10f240f2b06f81d7c173cd0a90606641fc1 916ec4eb9b485eb47f43a17fe212e84e4b72600b45eb6d4588599ad495a57fcd Loading...

	1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782	2.0 kB	2024-05-07	2024-05-08
Pretty URL 1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-07 09:57:20 Last Seen2024-05-08 01:36:59 Times Seen6 Hash 991153757cb65d57b6e6a8783a559b80 75396d28d126eada9fd69f33367626010d646633 3a5ba93a4eb20431badba0e7b99b59d7f8643b62d74ae41af64bae7520d523d1 Loading...

	v3.traincdn.com/_nuxt/desktop/default/runtime-baf5b66c.js	47 kB	2024-05-07	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/runtime-baf5b66c.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-07 06:20:18 Last Seen2024-05-08 09:00:23 Times Seen22 Hash ef9def5f3c8a190bfffb14ce24c6eb58 c5fa568c8f9bee2aa988c80a7246e07edd8d84ba d5d3ad6908352036bda426fe1fdc6f1dc03ac13a7029bbf25fa50580abd9064f Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_localforage_PLMWICWN.js	30 kB	2024-03-23	2024-05-19
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_localforage_PLMWICWN.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-03-23 16:35:38 Last Seen2024-05-19 17:47:20 Times Seen111 Hash dfa127e93d125d4f6c566203eaf225f2 32c1fd89c4eeed7ac2a942582b3786659b15cd43 cf5077d1cff62ce76807408ebc2203563b7a221ddf1cf38339c6d54289bff390 Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/3a9e96a04d11.js	4.2 kB	2024-04-27	2024-05-08
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/3a9e96a04d11.js IP 0.0.0.0 ASN #0 Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-27 09:33:58 Last Seen2024-05-08 09:00:22 Times Seen16 Hash da4fcf0e06e63dbfcf3058f435e0a172 7c544d459b9305c651de2b6c6a48a8188504c3ae f2735fd1ef60ddd6d03eb6c9a4b37b94913c89775308c2880f8dcdf8a321e115 Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/5f591efad77b.js	1.5 kB	2024-04-27	2024-05-08
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/5f591efad77b.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-27 09:33:57 Last Seen2024-05-08 09:00:21 Times Seen16 Hash 7def1ae39ae3ec1a1a1d626c24e5a7f2 c01023fb1bb0149d53435f5e665c7936ce88aee6 9b43d70a4acc4172dd9c3fceaa2e5f0585b1263516eb3b1f05c363980294152e Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Asia.Homepage-b9493cb9.js	37 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Asia.Homepage-b9493cb9.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:30 Last Seen2024-05-08 09:00:23 Times Seen22 Hash 63e1a6027725eca572736670eb935432 e3578492cf68e66a44f556a98545294a5b1bed5a e96e0e4abe03d7fb0d2449e0f2bf27bb0ee85cdd4d7b4098276c712842b45d8c Loading...

	widget.suphelper.top/_next/static/chunks/webpack-fb94d2f19425a3e3.js	3.8 kB	2023-10-05	2024-05-19
Pretty URL widget.suphelper.top/_next/static/chunks/webpack-fb94d2f19425a3e3.js IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-05 09:17:37 Last Seen2024-05-19 17:11:23 Times Seen2070 Hash ba1681cca05ff7b4f8698587da76ab26 7113520b461dfcbdcbc1725a1acc6e05547bf20e bcfc83f65454f29634e61503e84d77f3fe8bc06451b90927bf842e9ad352ac64 Loading...

	widget.suphelper.top/_next/static/chunks/main-fa1d3b21fd97b583.js	108 kB	2023-11-02	2024-05-19
Pretty URL widget.suphelper.top/_next/static/chunks/main-fa1d3b21fd97b583.js IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-02 21:20:57 Last Seen2024-05-19 17:47:18 Times Seen2523 Hash 83680ce862de40c43fc92e04b1ad0a3d 67eb6762545f4e1fee446794f4738d0f0577b6b4 e70f39978f08895aef6849daf891af65bff03e476eb9b1384dfb36cd4ac9fe75 Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/03e03ebafcdc.js	372 B	2024-04-27	2024-05-08
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/03e03ebafcdc.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-27 09:33:58 Last Seen2024-05-08 09:00:20 Times Seen23 Hash 441a6448f5a4242779baf6fc1399b13e b646aa02b2ed08c1590c6f4536341cb2e51a4f1c 0eede7ea7bad647cc90b8044489561c58d2d5865e88ecc59a572589c6ccea6b7 Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/e8b8c79f9b52.js	504 B	2024-04-27	2024-05-08
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/e8b8c79f9b52.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-27 09:33:58 Last Seen2024-05-08 09:00:24 Times Seen30 Hash 5387051085dcc459e7077d5d8000b85d d22afab6c65228f0056f66e4f150783f6014e36b 34377c13fd72112cac96fba3642f084661361aea701a70ba3702c82c9bb42790 Loading...

	unknown	39 B	2023-04-14	2024-05-19
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26:15 Last Seen2024-05-19 17:47:18 Times Seen954 Hash bc51ed8c76553717f10d58b2df60fd76 e2d03a8fd8d280074b226c288880f9df299c7cb1 bee994eaf88453f6343ba57571a069054c12c9b4e42f8cbad4f2ad75c7fb264c Loading...

	www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66	322 kB	2024-05-08	2024-05-08
Pretty URL www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 01:36:59 Last Seen2024-05-08 01:37:01 Times Seen2 Hash 75c5905aa52b7bdf460628ed44eca228 64c96da4830341e4c1a06910d9fcd81efda837c3 3ac1b9f8ca981e8b6be302eb6b8f75f73d56e94d1edb57f5e44a7ae1e576159f Loading...

	v3.traincdn.com/_nuxt/desktop/default/Layout.FooterComponent.Lazy/Page.Game.Project-807a62cf.js	20 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Layout.FooterComponent.Lazy/Page.Game.Project-807a62cf.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:30 Last Seen2024-05-08 09:00:23 Times Seen26 Hash adc7f8e289bd475a5a922c91b93591b2 540252cd02880714746d3656e61c67e7acab7fda 3b542ce26d333f558f94adb8cac49e58be95a5470eb3079d1dc0b2b7a7c97b6b Loading...

	v3.traincdn.com/_nuxt/desktop/default/betting.coupon2-183c618c.js	1.0 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/betting.coupon2-183c618c.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:30 Last Seen2024-05-08 09:00:23 Times Seen21 Hash 54f54116f151f6469527d5f5c584887c 8078098cda5d50eeb285da4fc78655562f8324ed 8112adb0bbfa619109d5a6c3263e5e1761599c14b3c474b58b2f5ca512b46efb Loading...

	widget.suphelper.top/	196 B	2023-07-20	2024-05-19
Pretty URL widget.suphelper.top/ IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-07-20 14:42:12 Last Seen2024-05-19 17:11:23 Times Seen2120 Hash aa729c2ec64b60ce3b2052cc8edaa329 0f673deff4bffdd337a6220feb0b7b5b5ff666c4 9693391d461678be59d683100b1442f4ee65d2cf5bda3904fbf6232a7eb921ca Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/ea5e649383e3.js	5.0 kB	2024-04-27	2024-05-08
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/ea5e649383e3.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-27 09:33:58 Last Seen2024-05-08 09:00:20 Times Seen16 Hash feb5d0c05443398468224d2944536b10 d795e84479919f2fca3e48ddb1c9fea251260f92 d613b9c5f54a7d16fcfaf0ee200b05548ff0cc03a52ea1c3ef75c0315f5582e5 Loading...

	widget.suphelper.top/_next/static/chunks/0c294a17-329dda05de2a378d.js	10 kB	2024-01-20	2024-05-19
Pretty URL widget.suphelper.top/_next/static/chunks/0c294a17-329dda05de2a378d.js IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-20 01:21:35 Last Seen2024-05-19 17:47:20 Times Seen608 Hash 54b2d4e92e16d2ea51898124107af46a ab4225b696e63c9040de1511fa229cf65b4d3750 e17ccea95df87c35add9994b01ef7bb6e8b5c2ebea282c461199a140a5675662 Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/f44f14b6b316.js	1.2 kB	2024-04-27	2024-05-08
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/f44f14b6b316.js IP 0.0.0.0 ASN #0 Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-27 09:33:56 Last Seen2024-05-08 09:00:22 Times Seen16 Hash 22e67b67b6c959d57aa78ae317120f36 ba2fb2181061d5aed5b6c98ef0aa0bd0aa135ece c696029dc6e79eb249d40656e1842626f439c5ba2851629fa1b33faf884111a3 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.Main.Asian/registration.Main/user.userRegistration-b32053db.js	32 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.Main.Asian/registration.Main/user.userRegistration-b32053db.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:30 Last Seen2024-05-08 09:00:23 Times Seen49 Hash 3f5e6415a870624bda2cd9741726af93 a5f7d27d2ca9f7e89a230ad43754f4e0390f293a 68449536372a92443232c2c9299ebc24a5f62543e6b12cd0a137b078f50d6e9b Loading...

	v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside/betting.SportMenuApp-87a02531.js	42 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside/betting.SportMenuApp-87a02531.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:31 Last Seen2024-05-08 09:00:23 Times Seen22 Hash 21a80fe42c418607606b5ee8ebc9ebe2 b93c8e0a2f18dd371501e1a8739e9445b2c1d9d1 880f72443c469f2d2e9421789eaeb1f2042a8c4ccfc8ce9057a685d588a97ff3 Loading...

	v3.traincdn.com/_nuxt/desktop/default/app-1483c42a.js	853 kB	2024-05-07	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/app-1483c42a.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-07 06:20:17 Last Seen2024-05-08 09:00:23 Times Seen22 Hash c4d75347728629ec3f0b90dc82f0a3d2 ff949fe02da04d39be746f8d091a1a7b30126f7a 8ca2bd3ad104c33fb6189e87cab8992734ca6bf99a631ed413f63444b834d33b Loading...

	widget.suphelper.top/_next/static/chunks/pages/_app-9c47c295eecaa68a.js	1.0 MB	2024-05-02	2024-05-15
Pretty URL widget.suphelper.top/_next/static/chunks/pages/_app-9c47c295eecaa68a.js IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 12:28:02 Last Seen2024-05-15 07:03:13 Times Seen91 Hash 5997e7f54cf2aebf463f16902ccbc7fc 659b9677d6196eabd63ce0feb5f4466accb72df7 08d0ab3696a84b16c7cc5306bf6d83dd27f99a2ce221ed337bf09dec8ebf95db Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/60c7aeb54494.js	715 B	2024-04-27	2024-05-08
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/60c7aeb54494.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-27 09:33:58 Last Seen2024-05-08 09:00:21 Times Seen28 Hash 0a4d6d7efa89ba140b62c6aee5e8fc6f 9e5b132d8df77dc2fe824cf30a362084400f23c5 60e4e95557382dcdc956e8e80595030789aedfcf6c9f2ff90e92c5f4a2631e0d Loading...

	v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.Asian-2f003ed9.js	122 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.Asian-2f003ed9.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:28 Last Seen2024-05-08 01:37:00 Times Seen20 Hash 6bb873114649db4b87839383a7d31921 91b56ad064a4b8fd0d7edb89a040c6b9d06866aa 6dc41e4f75d65dd3dc2f311198e1a9b2b65e0687c2d905b7d64cf9265f7bda2d Loading...

	widget.suphelper.top/_next/static/chunks/pages/index-ed7cd77912c6e3a9.js	107 kB	2024-04-25	2024-05-19
Pretty URL widget.suphelper.top/_next/static/chunks/pages/index-ed7cd77912c6e3a9.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 18:56:15 Last Seen2024-05-19 17:47:20 Times Seen243 Hash d0a7ecc59065580118a9ea8880c58962 21573546ac5011592094ef6aea0696ccdeb2164d e1b09efa81ca44cda394e366b64fbf2b3f0725eab9ad24782839cbb8f66842b5 Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_accept_language_parser_QKZ6ULEV.js	1.3 kB	2024-03-23	2024-05-19
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_accept_language_parser_QKZ6ULEV.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-03-23 16:35:35 Last Seen2024-05-19 17:47:18 Times Seen77 Hash 518e0ae196483ada8b528a1f2b7df0a1 50e66030d9aca44adb3bd7893ef3c42593e26be4 529ca09688eb85183a34a43651cad1e8fabae2a02924753d54786f3de5e85693 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/Registration.Fields-07683518.js	40 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/Registration.Fields-07683518.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:28 Last Seen2024-05-08 09:00:27 Times Seen46 Hash 5609f3d5d46109e5230f492c3d89cdcd 522c0a551da1db7753e72b6a629064a6170791d9 13f2ef217e2e8cc997cbcaa97126a6c31430ae1d073e406944364fb5f45f70e7 Loading...

	v3.traincdn.com/_nuxt/desktop/default/commons/app-2e30fd7d.js	138 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/commons/app-2e30fd7d.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:29 Last Seen2024-05-08 09:00:23 Times Seen52 Hash 03b89bdb4f6013159d40de88c98403b6 cf41351caa86d91b56cf839d54ab28bf8f4f54f8 42d02ce0b520e2d8ce7341a0b07d92cd3833d762337b1f8aabc6f7f23e6fad4a Loading...

	v3.traincdn.com/_nuxt/desktop/default/ioc.dependencies.18-dc087bc0.js	3.1 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/ioc.dependencies.18-dc087bc0.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:28 Last Seen2024-05-08 09:00:23 Times Seen21 Hash 66c4eb11ec60384b198e73db080c0f32 6fb7618e384b9e01454c7b984728236f178192da b45c772a5a204e430a575b896edc43205412a5f28539c2e48c152df7669ad7cb Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/635ff2d38c89.js	435 B	2024-04-27	2024-05-08
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/635ff2d38c89.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-27 09:33:58 Last Seen2024-05-08 09:00:22 Times Seen25 Hash 213bb33769eecf49a9d71c164b83a3d6 2caacec15b0665fc36759a6bdf499512788dd7f3 75e86ca16a3f828026bc32b7aab627175289750ac184bd505d531c591d2bf011 Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_popper_js_MO5RLEN3.js	21 kB	2024-03-23	2024-05-19
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_popper_js_MO5RLEN3.js IP 0.0.0.0 ASN #0 Introduced by importedModule Embedded in HTML false Observations First Seen2024-03-23 16:35:33 Last Seen2024-05-19 17:47:20 Times Seen111 Hash 598d5481ac96b9bf8013b0eb1413b8e5 cc7e3384da379a215ac43b2385e901e22ceb6327 1488ecc35389c72a3aa26d468420069f6b719db456ea82605762311da663b65f Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/Layout.FooterComponent.Lazy-8e891b7b.js	30 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/Layout.FooterComponent.Lazy-8e891b7b.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:30 Last Seen2024-05-08 09:00:23 Times Seen25 Hash 93a3cdd4ea0ae5eb295e71988355c5d4 0c9e334aebd99fb9c44575c99abda82d0b53acb1 104a5a19f0a8b4d443e55c32daf49eea2343ee96da27b48c21f09e1425081d62 Loading...

	v3.traincdn.com/_nuxt/desktop/default/consultant.supHelperV2-ef321a16.js	3.2 kB	2024-04-27	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/consultant.supHelperV2-ef321a16.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-27 13:30:37 Last Seen2024-05-08 09:00:23 Times Seen67 Hash 0cc9277dab4117c9b162cc01e1f0b97f 5b7d9007e2d99d3715c5f226aadf44aa4da4332b 6d7637a83c7812813039573e9c67efbb30e4021a971c546621a397eb72ea4bd0 Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_vue_final_modal_XPPMTKII.js	25 kB	2024-04-24	2024-05-15
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_vue_final_modal_XPPMTKII.js IP 0.0.0.0 ASN #0 Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-24 06:33:06 Last Seen2024-05-15 18:55:36 Times Seen55 Hash 701ad5a22b8ea7213a53e334d0898349 87749d947f6aa40eb671447b58261d710ec5479b 07669c2ea7c29dd69e47f5518ba73b76389f3479e19f7362b461ef0fff96c1f0 Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_chunk_Y7BFQXXC.js	1.0 kB	2024-03-23	2024-05-19
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_chunk_Y7BFQXXC.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-03-23 16:35:38 Last Seen2024-05-19 17:47:18 Times Seen77 Hash 8fecd56fc5520134f3c39b17431fe0c2 e0cedac030a1fcf68779a592ed9e0775beb45123 3e01dfddf1e68faa32769d615eeb0e838a29241d18a57090040c595ee05f0ba8 Loading...

	v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.Homepage-633ca92a.js	134 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.Homepage-633ca92a.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:28 Last Seen2024-05-08 09:00:23 Times Seen22 Hash 474bfa89621896100251055f7c19712b 0e19c615fc77f9ed2d69d74b7f8a42d41c6f5138 ea0fef6e0a33df0b36bdce2df6b8bf50eef0dd3b71c7c6fc567a7d7c5d39fdd3 Loading...

	widget.suphelper.top/_next/static/f385e6db/_buildManifest.js	519 B	2024-04-25	2024-05-19
Pretty URL widget.suphelper.top/_next/static/f385e6db/_buildManifest.js IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 18:56:14 Last Seen2024-05-19 17:11:24 Times Seen145 Hash 06c1d20d74764a4f7dea57ebb09df4d8 d6592eaad86ec7b7bc373774bf911385ea7cf07d 46185c722db3b74c04c371b445abb1da2fa2592059437ee508a23e96c1fdf169 Loading...

	widget.suphelper.top/_next/static/f385e6db/_middlewareManifest.js	92 B	2023-03-07	2024-05-19
Pretty URL widget.suphelper.top/_next/static/f385e6db/_middlewareManifest.js IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:01 Last Seen2024-05-19 17:47:20 Times Seen8006 Hash 7c3f7e060745668041278118c0bb3d6d e639f56695b3cc30d78dce7a0084aa8299a1311a de5341313a4dc5d982ca50ae4a491e84bc5e80b0f439d87f05fc3973c1b7e59a Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/49e90f3b8dc2.js	2.1 kB	2024-04-27	2024-05-08
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/49e90f3b8dc2.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-27 09:33:56 Last Seen2024-05-08 09:00:22 Times Seen16 Hash e4a5e0e3cafb59fadf6c400cfd363b1a 9782ef66f8c66b9daf7c71799bb64a36791aafcd 528a971a8fd97998b7c66f789d482b73572d3f2f0a1c621aa917552c0abf3c68 Loading...

	unknown	47 B	2023-04-14	2024-05-19
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26:15 Last Seen2024-05-19 17:47:18 Times Seen951 Hash a01893d8e129ad16c1e0fc5c7537f411 0e46d1bf2718f848d9d596fa269eaedb31204772 cbe7b89533bcd75b69f3e54807308551d68242ec1761e63bee1a99fc6e560175 Loading...

	v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.BettingContent-3ca7fb18.js	1.2 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.BettingContent-3ca7fb18.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:29 Last Seen2024-05-08 09:00:23 Times Seen21 Hash 52ab057c90af6d742e95f43ff97e95ff dfdce102add5fc4fa06ac366a663e7a732bd9352 feedd981d953d2933cbb35a49608ebf408f13f457399c2b11aa1ef5eb76db547 Loading...

	v3.traincdn.com/_nuxt/desktop/default/betting.CentralMenuApp-a5b5de2e.js	76 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/betting.CentralMenuApp-a5b5de2e.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:31 Last Seen2024-05-08 01:37:00 Times Seen20 Hash 4fb1e7d0f5418f3df96622b000ebe6fb eef890c8cf6d2c72eae34e39ba2e8e6ff79c8754 fd9fede696dd12b00cc9af15ca68f1209b5fd351f5bc32052221adbbb12d8e8b Loading...

	widget.suphelper.top/_next/static/chunks/framework-49f1e091cbf6b261.js	141 kB	2023-03-08	2024-05-19
Pretty URL widget.suphelper.top/_next/static/chunks/framework-49f1e091cbf6b261.js IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 08:26:33 Last Seen2024-05-19 17:47:20 Times Seen2533 Hash 896d1930437c1ab92b8a359c1d6fdaae 71e0e23d1af9722f356eb5d1c497d100ec8b0f7a 8c508636d885890bfb5c56bcd6dad1b8b64c498781d351b588a8de7f686774d4 Loading...

	widget.suphelper.top/_next/static/chunks/7413e8b9-8adee4b5b5407a55.js	78 kB	2024-01-20	2024-05-19
Pretty URL widget.suphelper.top/_next/static/chunks/7413e8b9-8adee4b5b5407a55.js IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-20 01:21:34 Last Seen2024-05-19 17:47:20 Times Seen610 Hash dc6852529f28802d37affa5953d07260 4edd220fe8df4b009a1775ebe57f19d40999659f 4aefb18221e4fb46818b0f52302b7c7717e45701e26990726cce645d8c80ed84 Loading...

	v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside-9ec0f9e5.js	66 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside-9ec0f9e5.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:27 Last Seen2024-05-08 09:00:23 Times Seen22 Hash 5c486444497d7afeea7cabf3a651d76a a5c40dee88530a85a4c061ad4379b13e3b8df745 9c3b64738e185dacb94ddfa13c1807be093f49e0a3b5810f92db524ea9f60020 Loading...

	widget.suphelper.top/_next/static/chunks/663-81a4add2f1c95639.js	373 kB	2024-04-24	2024-05-19
Pretty URL widget.suphelper.top/_next/static/chunks/663-81a4add2f1c95639.js IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:05 Last Seen2024-05-19 17:47:20 Times Seen236 Hash 36e4e2c2a2498b008514f1f0250c8018 cfa53d1c8533fb5941d9ff4f1e45e8c831658693 42cd70d177e33b23f4982b671f4bb7f03a966053874a320af3f3ea7b7b7ca1f0 Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/d492f4568b81.js	1.4 kB	2024-04-27	2024-05-08
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/d492f4568b81.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-27 09:33:56 Last Seen2024-05-08 09:00:22 Times Seen16 Hash 1ca49088b69c49762c2b4dab10ebe060 d9b6754b9fd11ad9be0cec795758b89b3b9dc62b fc430e6fe7bd867ba551df2263494ba5dde0e1826aa3a16cd52af79430abec1a Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/entry-414928da.js	2.3 MB	2024-04-27	2024-05-08
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/entry-414928da.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-27 09:33:56 Last Seen2024-05-08 09:00:22 Times Seen16 Hash 2ff74ba461966e9ef07ec952168d3783 eac39aaad2751e37b7b7e1cf6d966696f9c1c044 2073d859a26714aca057e24cb8c9ac7e8fd7bc8a184406d49cf0c46980ab405d Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/0f8a3bdbdd12.js	1.0 kB	2024-04-27	2024-05-08
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/0f8a3bdbdd12.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-27 09:33:57 Last Seen2024-05-08 09:00:22 Times Seen16 Hash b49b08255ad6dd3864f907913b849ebe d795fb55582cfc60ad8e9316849952ace5cdfd29 3fbd78a17348b646b42ee72bcebc1c930f88f26e3b9e42ae3c488637e1e4a655 Loading...

	radar.cedexis.com/1/23802/radar.js	390 B	2024-02-13	2024-05-19
Pretty URL radar.cedexis.com/1/23802/radar.js IP 45.54.49.5 ASN #63911 NetActuate, Inc Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-13 14:23:26 Last Seen2024-05-19 17:47:20 Times Seen300 Hash 82dec77fd0353c7c71ce053b8601387e fbbca95419e1d0c042e0a5fdf10f380aca66188c 39f2b7b0fa78d37d0c84d2d6618bd635d86fd683d9bcdd5729850cb2a62522f7 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/GameProvider/Page.Betting.Asia.Homepage/Page.Betting.MultiLive/Page.CricketWorldCupPage/Page/17c2374e-b595fcd5.js	144 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/GameProvider/Page.Betting.Asia.Homepage/Page.Betting.MultiLive/Page.CricketWorldCupPage/Page/17c2374e-b595fcd5.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:27 Last Seen2024-05-08 09:00:23 Times Seen22 Hash aedaa99fcce183a213f358a727e9eb87 7fe33331acbced57be412f96baff3a4595e207fb 2ccadc0a2eea97aeeb5f1825ad9bdac3873481a54bcd3b42cf6724271cd0f6ac Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-js-modal-11d3184a.js	27 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-js-modal-11d3184a.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:30 Last Seen2024-05-08 09:00:23 Times Seen54 Hash ead4a901af60e4b8138e732f0aea9637 7c1d57d444a07553738ddcb8b6a2bee305a0c215 e6bc116e4cb54d011d2a1fa1f87ab12d1f320aa8dc54c89b1f286f2b02ee14c0 Loading...

	v3.traincdn.com/_nuxt/desktop/default/Betting.Core-d4a24bae.js	2.4 kB	2024-05-07	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Betting.Core-d4a24bae.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-07 06:20:17 Last Seen2024-05-08 09:00:23 Times Seen21 Hash 3a0e4a54185bcc66d2e032dd30a385eb 627755ca54def0761f25f827d5b4cb483e1ca83d e0bc5ffed1e6fd6285fea94e991fa8ec48a5f17677519c766d7ee7e757a02239 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/betting.HomeSliderComponent-f347b217.js	28 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/betting.HomeSliderComponent-f347b217.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:29 Last Seen2024-05-08 01:37:00 Times Seen20 Hash 18963957c8f45d24c0819a973d362e7b 5a1846a89c5cc9e8028044ff5948bd94f428c412 d1c98b4199c034c2a115ba70268a3e536640ca8b992887df0b085d476ab1275f Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/Auth.Forms/RegistrationWidgetApp/components/userControl.auth_form_extended/registration.Main/da7322db-022bbfcd.js	26 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/Auth.Forms/RegistrationWidgetApp/components/userControl.auth_form_extended/registration.Main/da7322db-022bbfcd.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:28 Last Seen2024-05-08 09:00:23 Times Seen49 Hash e30c678eadf7bd0fcc773e1599b97ddf 41243dc14d9eb2569fa832a3b8c27fc0158991aa a4334d54b8db6d6eceb88c48ee428dfbb0ad3749d4137439f77859e205b52806 Loading...

	widget.suphelper.top/_next/static/chunks/1743016e-d00d67a74426f155.js	481 kB	2024-01-20	2024-05-19
Pretty URL widget.suphelper.top/_next/static/chunks/1743016e-d00d67a74426f155.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-20 01:21:34 Last Seen2024-05-19 17:47:20 Times Seen601 Hash 46260bb46d51262abee818c0c3bcf1c6 fe3be222aec74704fad1fa2559788b1fa287094a 20700e65659e04d422580d9c792ba811b7b76de4ec1b3163c284af83bd5a7d6c Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/2c4bdd620ac9.js	6.7 kB	2024-04-27	2024-05-08
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/2c4bdd620ac9.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-27 09:33:56 Last Seen2024-05-08 09:00:22 Times Seen16 Hash db345f9ab9f4b60494ed02dd78f38d79 cb9cbbfabcb9c33191f6dae2927282f0ff4fa236 e9fe103123d124c15580efc873171acc3a1235957353992c779f9ab30938aab4 Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/7bd3bc288fd4.js	450 B	2024-01-25	2024-05-19
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/7bd3bc288fd4.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-01-25 11:06:32 Last Seen2024-05-19 17:11:27 Times Seen139 Hash 056ce527a12544a37f984ac598be2344 6946b65cf1c68960e5f9ac0900a0df66a13e7e85 cd7cdf53c803ca43a37171180d14c2374e45ab347d309f9b83a107b9ad9b4ed1 Loading...

	v3.traincdn.com/_nuxt/desktop/default/date-fns-locale-21-290f49eb.js	7.0 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/date-fns-locale-21-290f49eb.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:29 Last Seen2024-05-08 09:00:23 Times Seen54 Hash 91d17dbf833b48149a8b5d2f21895879 bd71a45fa4419ab4ddbc676f0a9cca2be05e1703 f085ff2e310ab82817411e3ed64d0902de49e149d0958cadb91d518ed5854335 Loading...

	v3.traincdn.com/_nuxt/desktop/default/DownloadAppWidget-b6662b37.js	12 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/DownloadAppWidget-b6662b37.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:29 Last Seen2024-05-08 09:00:23 Times Seen21 Hash d5bb5783c476219b31ce5582083fd74b 326b40532b72988c1d23fb931daabead75d18482 2724a816ddb0fd1234ca8cebf9db4fd60290f282fcfcb5619ffe70be9c0160b7 Loading...

	widget.suphelper.top/_next/static/chunks/81.9c6562bba5669b47.js	37 kB	2023-10-13	2024-05-19
Pretty URL widget.suphelper.top/_next/static/chunks/81.9c6562bba5669b47.js IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-13 06:04:09 Last Seen2024-05-19 17:47:20 Times Seen3234 Hash 6782c8abf3d14391f6ed5c805a973cf5 a08b255c0084e14d74199f5af64522ffaba14486 88331f3bf38157ecb0e64f22c08a582384dc74c8bae09d9f78b9eab5fe82cfa3 Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/cb22691ee4d9.js	731 B	2024-04-27	2024-05-08
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/cb22691ee4d9.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-27 09:33:55 Last Seen2024-05-08 09:00:21 Times Seen26 Hash bd6d9e7b07e097eb950f4b8bd6ada2b4 d332a4f5771e4f6d2cd47cd94ff85c5eb5847418 ea2bfc78a76204b704ee4ff215cfd6be3c7edb98b6c6e77501c5dbb88f261ea5 Loading...

	1xlite-461430.top/polyfills.js	0 B	2023-03-07	2024-05-19
Pretty URL 1xlite-461430.top/polyfills.js IP 178.253.29.51 ASN #202492 Silverhill Group Holding Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-19 19:07:01 Times Seen37838466 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main.BettingLeftAside-14b63672.js	21 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main.BettingLeftAside-14b63672.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:29 Last Seen2024-05-08 09:00:23 Times Seen22 Hash fb60e20d94667a730b2505f72a36269f 9553f3349aae185bd43d95b7ea735790b5ac35d4 24b7cc1abd1d6224f08db147e7c866945d1f205b36b55ac5a5f1c47ed96d69ab Loading...

	v3.traincdn.com/_nuxt/desktop/default/betting.media-64ed71be.js	17 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/betting.media-64ed71be.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:27 Last Seen2024-05-08 09:00:23 Times Seen53 Hash fda91a0dd5e8251a0c4c540d7e54ed52 3c4a6e38286708cd62ff071ccf97e73f37200728 b3c3c2ee09cf4af0164878165cd9971fbfe83a461c18ad0ef7cfc33b36b782ef Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/betting.media-233f5bf5.js	56 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/betting.media-233f5bf5.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:31 Last Seen2024-05-08 09:00:23 Times Seen52 Hash 45302df89a240c65824afccc0240c030 84573118a402aa9a4ee0321ccf3f914c438a8369 25b695450684f580508f24855ea2d181ecd499e26573010621dd4a2ddc5af16a Loading...

	v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.Homepage/Page.Betting.Main/Page.Betting.Main.Asian/Page.Betting.TeamGames/Page.New/a4ad9f6b-09b98935.js	15 kB	2024-04-27	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.Homepage/Page.Betting.Main/Page.Betting.Main.Asian/Page.Betting.TeamGames/Page.New/a4ad9f6b-09b98935.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-27 18:05:15 Last Seen2024-05-08 09:00:23 Times Seen30 Hash 81deb8b2ab30cd1729e21622a32d9814 41b982e7a7e4eec22ce01ff1a3b854e51e385789 41159eb3d25b42d4e655a6a3f4e6b0777c2d8a572277d77f9104e171b8aa5589 Loading...

	v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.BettingLeftAside/Page.Betting.Main.Asian/betting.CentralMenuApp/betting.SportsMenuCompact-cca22477.js	15 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.BettingLeftAside/Page.Betting.Main.Asian/betting.CentralMenuApp/betting.SportsMenuCompact-cca22477.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:30 Last Seen2024-05-08 09:00:23 Times Seen22 Hash 2f5a8b05ac32c583fcde180d9d46fce9 86cc94f0c76922b731336bb6c13ff2839f37d689 6f2a20b4cda56cb4d92bd6d3817945c5e659723eaf3e5c85f0a00274c909a9cd Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.v-tooltip-ff4800a4.js	77 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.v-tooltip-ff4800a4.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:28 Last Seen2024-05-08 09:00:23 Times Seen54 Hash 45f90516ee8a557d78c08e1e925c1490 adc0363ed75f47f9513a36a94173c6e4940a2adc f5b8b3c4e62dbb4ebc5fd634f5bb17b3145a14c21bdc3e9c0a4dcb45b9e573fe Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_vue_deps_OVKZGHR6.js	81 kB	2024-04-25	2024-05-15
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_vue_deps_OVKZGHR6.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-25 18:56:15 Last Seen2024-05-15 18:55:36 Times Seen32 Hash 67267513246705d46a0bb83e1f8efd2a d1af6d9ad50f110bbb4bb4d75965dd939a14e15d 35acb34c3273056ead66f9ae7dc11b3c2e3bd1a4c46dc22daaa6900c150c2b2c Loading...

	www.googletagmanager.com/gtm.js?id=GTM-KFGPRJ2V	178 kB	2024-05-08	2024-05-08
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-KFGPRJ2V IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 01:36:55 Last Seen2024-05-08 01:37:01 Times Seen3 Hash 6e2ea79cb562c29cf1cd3178bb0022d2 84daa2a3216c5baecdc810e25e4ea602c8870f22 75a9127a2a992de9547cab4069bf5a4bcd0fd872aaf4276fcde3f991a574ab83 Loading...

	v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main/Page.Betting.Main.BettingLeftAside/Page.Betting.TeamGames/betting.GamesSliderApp/b/e7e00398-3883d633.js	7.6 kB	2024-04-27	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main/Page.Betting.Main.BettingLeftAside/Page.Betting.TeamGames/betting.GamesSliderApp/b/e7e00398-3883d633.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-27 18:05:15 Last Seen2024-05-08 09:00:23 Times Seen30 Hash 68b874a85269b1e64bfd1065d0254a1a 46d5559120d28058a530b18616085b6826bb03c3 7a51983ef71867325dd5d9bf7b7eadc66b567a882f50c1d09158bf4f7de8b587 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.TeamGames-ffc54199.js	41 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.TeamGames-ffc54199.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:30 Last Seen2024-05-08 09:00:23 Times Seen22 Hash 3645d2d457e7c89dbddbc70d1bb71d2e d91ac83ee98ca90c4a45448683041facd9b325cd a615e922b7060fe133277857d8a581923a62ce0da64aff95340bd9b884856a5a Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/betting.SportMenuApp-bfe18bfa.js	31 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/betting.SportMenuApp-bfe18bfa.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:27 Last Seen2024-05-08 09:00:23 Times Seen22 Hash f9da465f4f7355523306ce6bbf89c0d5 c39974e7867bcdd6bbe385ba52c9be335afdfe6b a5ff3777031e8ee4babfe1d6a7a6fff1fb2fc0db58de71ea8202bc37a7aab0f2 Loading...

	v3.traincdn.com/_nuxt/desktop/default/betting.SportMenuApp-1f0079e1.js	110 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/betting.SportMenuApp-1f0079e1.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:27 Last Seen2024-05-08 09:00:23 Times Seen22 Hash 756179b1f968d35107908086a552c869 5c1f6c8a0c1eed4246c04dac52c4b7056fc991e8 37093cd5b15bf40421db8a64625a01317d043479685d2e1f84accb8fbf992ea6 Loading...

	v3.traincdn.com/_nuxt/check-ob.js	211 B	2024-04-24	2024-05-19
Pretty URL v3.traincdn.com/_nuxt/check-ob.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:10 Last Seen2024-05-19 17:47:19 Times Seen275 Hash ced67278c38d1ce1297c121af69fff8a df6e1531fd84d956263b04254e6f94f5356623f4 2958134c3c00f7c6320858dd66e454c2856e4842821d3523c4cc5e44e1ec8616 Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/62bd07c5cb50.js	2.6 kB	2024-04-27	2024-05-08
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/62bd07c5cb50.js IP 0.0.0.0 ASN #0 Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-27 09:33:56 Last Seen2024-05-08 09:00:21 Times Seen16 Hash 942da12c1a44ccf257f6ea3e09ed3175 117b957d554602393aed24ffb08c957f89dc622c ecb8f76caef1e9eda494ea85e50bfa687baf1a99774b32edd34b03e8215f4075 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/conversion-f0624fc4.js	198 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/conversion-f0624fc4.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:28 Last Seen2024-05-08 09:00:26 Times Seen44 Hash 191ff223860f458112e0be2a63bd9857 850dd681d5b31321f00b8df955a455aa9478e44e 40e1fe6d194776c5fa845dda1dbebda9c2bc3154d8c45793ae74a2e1bf147016 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Cyber.Game/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboar/ff3e75d4-74b93b4d.js	32 kB	2024-04-27	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Cyber.Game/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboar/ff3e75d4-74b93b4d.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-27 13:30:37 Last Seen2024-05-08 09:00:23 Times Seen56 Hash 56a0eecb3ec4576e9abf6f8f3e2707f9 6ddfcb4b1669c1323d87906b720fe8e4c258c143 81a5331c3ce30f9e8f21bf5e69591e24dd0c77d9b69157bf0a5e2242fc299ed4 Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/7b53ac9cad2f.js	41 kB	2024-04-27	2024-05-08
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/7b53ac9cad2f.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-27 09:33:56 Last Seen2024-05-08 09:00:27 Times Seen21 Hash de79bf6739658de7bc537d692f3638fe 1e7a3af0be67bc48ac8f184324daff5f1422ac26 35f8f183f2c85dfafed1127ec3f72da678b9eea861b4083672ae4580ff6a0af0 Loading...

	v3.traincdn.com/_nuxt/desktop/default/analytics-a8ae3276.js	6.4 kB	2024-04-27	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/analytics-a8ae3276.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-27 13:30:35 Last Seen2024-05-08 09:00:26 Times Seen65 Hash 60f915b0daad3af04303726381897e81 133c20a7f58c18758483c23f595d5a4f22ba9371 320b5a7d25c926dc55eb7a53f4348bf7c34bd7f5bc6ad3bcd1d16029239dc3a1 Loading...

	unknown	96 B	2023-12-06	2024-05-19
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-12-06 14:32:27 Last Seen2024-05-19 17:47:18 Times Seen974 Hash 94361ed86ab9b2fbb8d805c2025df46a 3f428332f7a1c7196a85c93a373a966d75708c19 eee4d228a49a86625f29410cf9a23d145e821a09cbb1f7a4d7557d206872715a Loading...

	v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main-499ac9a4.js	237 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main-499ac9a4.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:27 Last Seen2024-05-08 09:00:23 Times Seen22 Hash 8b5b82fea92540c112a534ae258307e2 380afabff0faa228d8c4f10cc9947b310d1bab68 ab31af22488ac9b76c9790f4d3cf1096a9402e7ab4a5b8e09d373cb5b62bc651 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/app-d26cc899.js	954 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/app-d26cc899.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:29 Last Seen2024-05-08 09:00:23 Times Seen54 Hash 1992415420cd9d59941e07133aa0c521 308a748fa982a440a112cb9e449f25a23bd6d83e 94a8f060251c7e705ee8c823783cb067e2844edb0f3900b6b0e91948d92ce907 Loading...

	v3.traincdn.com/_nuxt/desktop/default/DownloadAppWidgetAnalytics-2f154c8d.js	416 B	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/DownloadAppWidgetAnalytics-2f154c8d.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:28 Last Seen2024-05-08 09:00:21 Times Seen17 Hash f82b46dce7c19fd9f12e08311e06b4d7 a22d1a217e0b5665e976cecf1cba74c7f884ba21 a5a3de88355ca693c9e33b10b37c3f175362fb3c581ab02c44fbb4fc424c4b1d Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/cd57c0a6e95b.js	1.5 kB	2024-04-27	2024-05-08
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/cd57c0a6e95b.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-27 09:33:58 Last Seen2024-05-08 09:00:20 Times Seen16 Hash 76cb7b38bd7dd009e525ca10453839cd 6f243fa517f2f2eb7c5de651fca6efed3c6f7ded 91471eda0cfb8a92d2139d87180f101574355cc4009e8983507054f8f9883aa3 Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/92745f711024.js	188 kB	2024-04-27	2024-05-08
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/92745f711024.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-27 09:33:56 Last Seen2024-05-08 09:00:22 Times Seen16 Hash fdfc9ec2fb0c6c09b91f4d7afd8b013e fda34cd7ed3c34c04b95aa7ef5c8602246560792 52c22cd0255170803b57877f20365b1cc0cee020b6fff69c71fe0f7f6c9f276f Loading...

	v3.traincdn.com/_nuxt/desktop/default/Layout.SeoModule.Lazy-db205bbd.js	8.7 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Layout.SeoModule.Lazy-db205bbd.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:30 Last Seen2024-05-08 09:00:23 Times Seen53 Hash a5db05d47f7f37c06acc29a0f4eeb447 b9ddddb586721548eaa4a62d7ae420bfcfc5bddb 4053d0ffbd3af6bc022131a3f123bd4e88825f1b5f06a74dd2072a2b0fe3f243 Loading...

	v3.traincdn.com/_nuxt/desktop/default/Layout.Betting.ExpressDay-c5a846fb.js	10 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Layout.Betting.ExpressDay-c5a846fb.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:31 Last Seen2024-05-08 09:00:23 Times Seen22 Hash be042bab68dd466121fb1460a17b1795 3dfa3c583644e2aa71ff199a262a54e17cd378d6 2a7bf413f8f8d67f545da852425cdec3b3960fa2c62960ca49c5a2dc43108ac0 Loading...

	v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.BettingLeftAside-9f71ae9a.js	37 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.BettingLeftAside-9f71ae9a.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:28 Last Seen2024-05-08 09:00:23 Times Seen22 Hash 149f1f916b0c47494c7bdc15122390d4 f6be7ef6c3649f4b83fd19f7459dbce46ff15925 f8ecbd7355d64beb3e23daea185a634fa436012d707160381bb3b65548a9c92b Loading...

	widget.suphelper.top/_next/static/f385e6db/_ssgManifest.js	77 B	2023-03-07	2024-05-19
Pretty URL widget.suphelper.top/_next/static/f385e6db/_ssgManifest.js IP 172.64.148.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:02 Last Seen2024-05-19 17:47:24 Times Seen87589 Hash b6652df95db52feb4daf4eca35380933 65451d110137761b318c82d9071c042db80c4036 6f5b4aa00d2f8d6aed9935b471806bf7acef464d0c1d390260e5fe27f800c67e Loading...

	v3.traincdn.com/_nuxt/desktop/default/betting.HomeSliderComponent-b079a12e.js	24 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/betting.HomeSliderComponent-b079a12e.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:28 Last Seen2024-05-08 01:37:00 Times Seen20 Hash dff08fc651e74f6ad7d80f2cb43e29e5 e1b0c10b245faa60623785bdefd27c9999483231 fb6ee46c49eb61f09a2dbfe856f0b41f4206323fd9dcc2dc8921ce951b9780bf Loading...

	1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782	924 B	2024-02-25	2024-05-19
Pretty URL 1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-02-25 06:56:59 Last Seen2024-05-19 17:11:23 Times Seen148 Hash 92bf20f2f922cc746bec8fe320b23ed3 768e5dbe711e1b62cad807b11ded99ef85001483 b81f4c4f575092cb52a07f89a96291f8e258b3f6bf61e51df0fec3bcc3132fea Loading...

	v3.traincdn.com/_nuxt/desktop/default/Layout.FooterComponent.Lazy-0434410a.js	28 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Layout.FooterComponent.Lazy-0434410a.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:27 Last Seen2024-05-08 09:00:23 Times Seen26 Hash 9167c6082d419d35f57a606871184d06 d4c4fac03b353c5881c352d6ac0c05947dc2e633 bed35ed9386f6d0d6f3096d00c7d14e042c5cb404f07ef0bb9abb4cc381e89c3 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-notification-4e9ad522.js	12 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-notification-4e9ad522.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:31 Last Seen2024-05-08 09:00:23 Times Seen53 Hash 805e7c2cd861f2191db66c39ab28e86b a6353246547e9a9fd01093fcb784d708d187e3ef 82686dab55962ead6916346bd901b3fc03357bb2a0e74dfe966ff784d75b2368 Loading...

	1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782	756 kB	2024-05-08	2024-05-08
Pretty URL 1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-08 01:37:00 Last Seen2024-05-08 01:37:00 Times Seen1 Hash acacb1b3d0b06fdf0f875344495dff84 f00a4222c52d137fbe87e5f3d5b1f02824b5010e 160249c30b29f3d886133eea1a1c0ec00d190d0601d52ec2c261b08e5409c91d Loading...

	1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782	15 kB	2024-05-02	2024-05-14
Pretty URL 1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-02 16:50:31 Last Seen2024-05-14 10:51:33 Times Seen17 Hash 3e520df15f0dee47790b221cd7d47d5b a9dc00c41ac65b02bce01a2deaf9a44379f25e8d e14077003b6f51a50d2c053edcace82150b0f1b20373a11ca7dc57e4231cbf34 Loading...

	v3.traincdn.com/_nuxt/desktop/default/DC-7e6a4aad.js	2.3 kB	2024-05-02	2024-05-08
Pretty URL v3.traincdn.com/_nuxt/desktop/default/DC-7e6a4aad.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 16:50:29 Last Seen2024-05-08 09:00:23 Times Seen50 Hash b44bc16cd2630bfada5ec9cbdbfcafab 43918946155d48f6cc8ecba42e2cf2cab28debd7 189ec6fd8e44cc47498706a2d2c815da1dc255040ef5ef57f5faa7c10c05ae42 Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/c7de6303dfb7.js	424 B	2024-04-27	2024-05-08
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/c7de6303dfb7.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-27 09:33:58 Last Seen2024-05-08 09:00:20 Times Seen23 Hash 33e7498a57ccd45d4321735d481a7313 46b45796c16d136c29f360cbb68d5b205904bcfd 778fa85294ad50c151be62183dbe5c18d754019a84e6c8a929b2c641d38ce3e4 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 370427a5057a0b9e1110202bc868cc28	36 kB	2024-05-08	2024-05-08
Pretty Observations First Seen2024-05-08 01:37:00 Last Seen2024-05-08 01:37:00 Times Seen1 Hash 370427a5057a0b9e1110202bc868cc28 c9052fb9c8e0e792f01f576dfad27d55cd11fe8e d069ac0b36f2db7d92deedcf8385d87a9d2fc0e3af97646abfbb353b3c9db0da Loading...

	#2 Eval - f4b0aa3bcb1f11644abd98e66fc8648f	178 kB	2024-05-08	2024-05-08
Pretty Observations First Seen2024-05-08 01:37:00 Last Seen2024-05-08 01:37:00 Times Seen1 Hash f4b0aa3bcb1f11644abd98e66fc8648f 6709af0dbfa5464623313e9985b2aefeea6e55f1 a5bf56b7bd73c886de4405e460211b96b983577c5cbc48dbeed9a50fe8b476ba Loading...

HTTP Transactions (266)

URL IP Response Size

v3.traincdn.com/_nuxt/desktop/default/css/885d64fc.css

185.244.209.62

332 B

URL
v3.traincdn.com/_nuxt/desktop/default/css/885d64fc.css
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

File type
ASCII text, with very long lines (975), with no line terminators
Size
332 B (332 bytes)
Hash
31aa50dcbc858f61bf3ed903493b8431
abf67e7f02256d2d5c5e2054b2930aa9b5ece999
18337e3b3c6f57695afaca43e471c075fd711e0485b4e7f1fdc1b6fe4e8703d7

HTTP Headers

GET /_nuxt/desktop/default/css/885d64fc.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:10 GMT
content-type: text/css
content-length: 332
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-14c"
content-encoding: gzip
expires: Tue, 07 May 2024 12:17:32 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-47f533d60102c4981a4f65d0f566d777-27e6e781ebb5c8c6-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T12:17:32+00:00, 2024-05-07T20:11:24+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Layout.Betting.ExpressDay-c5a846fb.js

185.244.209.62

200 OK

3.4 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/Layout.Betting.ExpressDay-c5a846fb.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (10178), with no line terminators
Size
3.4 kB (3365 bytes)
Hash
be042bab68dd466121fb1460a17b1795
3dfa3c583644e2aa71ff199a262a54e17cd378d6
2a7bf413f8f8d67f545da852425cdec3b3960fa2c62960ca49c5a2dc43108ac0

HTTP Headers

GET /_nuxt/desktop/default/Layout.Betting.ExpressDay-c5a846fb.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:10 GMT
content-type: application/javascript; charset=utf-8
content-length: 3365
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-d25"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:00 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-a02a196a969d476431130b7484e70421-ec134ae8573b326c-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:00+00:00, 2024-05-07T14:49:12+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/a4f501bb.css

185.244.209.62

200 OK

7.4 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/a4f501bb.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (54112), with no line terminators
Size
7.4 kB (7418 bytes)
Hash
32a89d535782c71f2aee2541afe97325
9ad12cc6ccd6b059073f779e9d91c6c6674e1289
ea1bc845a76d5e0e7738e217f8f0c47ac62ace9bddebba5059499b3451aa6ef8

HTTP Headers

GET /_nuxt/desktop/default/css/a4f501bb.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:10 GMT
content-type: text/css
content-length: 7418
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-1cfa"
content-encoding: gzip
expires: Tue, 07 May 2024 10:53:28 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-57f461d08d63ad28db48e27b51fc5739-d010b317ad6d404e-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T10:53:28+00:00, 2024-05-07T11:19:47+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/6cc025d5.css

185.244.209.62

1.3 kB

URL
v3.traincdn.com/_nuxt/desktop/default/css/6cc025d5.css
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

File type
ASCII text, with very long lines (6716), with no line terminators
Size
1.3 kB (1324 bytes)
Hash
be35c859b4087d52ff863e02472b7438
acce1097a331dc2ec0669d17db06c679e7c81be6
af7c9af6bda4b329f14b870f4df09e1b11e87d8dba17c30eed496dc5d27dfc1f

HTTP Headers

GET /_nuxt/desktop/default/css/6cc025d5.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:10 GMT
content-type: text/css
content-length: 1324
last-modified: Mon, 06 May 2024 10:23:04 GMT
etag: "6638af88-52c"
content-encoding: gzip
expires: Tue, 07 May 2024 12:27:19 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-0b7d76b437dba17906c36aa3403e97d5-58d75c3388f8c81b-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T12:27:19+00:00, 2024-05-07T13:56:30+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/a7906856.css

185.244.209.62

336 B

URL
v3.traincdn.com/_nuxt/desktop/default/css/a7906856.css
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

File type
ASCII text, with very long lines (1099), with no line terminators
Size
336 B (336 bytes)
Hash
6921418ff9395c44037498a4cf17ee66
31879049279e2cb5bc06b249d80d1735ef112b19
e6de221b29f3b4e47505c877067f28565ab5e1b419dc5003aca29c49596e73ab

HTTP Headers

GET /_nuxt/desktop/default/css/a7906856.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:10 GMT
content-type: text/css
content-length: 336
last-modified: Mon, 06 May 2024 10:23:04 GMT
etag: "6638af88-150"
content-encoding: gzip
expires: Tue, 07 May 2024 12:27:19 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-acbdccd5a4e8b47699e55d2f2f92a769-76639279993d861e-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T12:27:19+00:00, 2024-05-07T13:56:30+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/98ce2926.css

185.244.209.62

200 OK

1.5 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/98ce2926.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (8509), with no line terminators
Size
1.5 kB (1491 bytes)
Hash
b0cd3891fe08ec67c50bbdfd9f7e9181
205511f8e55a0498e8129c290759a26ba4a4db31
75c619e9cabd7b2c1939e6837909e12c51fb3e68888ba20d650cb1939f983f6e

HTTP Headers

GET /_nuxt/desktop/default/css/98ce2926.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:10 GMT
content-type: text/css
content-length: 1491
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-5d3"
content-encoding: gzip
expires: Tue, 07 May 2024 12:27:19 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-8e8dc064907c2549c3f77b084f3d5c86-1aa6fb8759c17859-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T12:27:19+00:00, 2024-05-07T13:56:30+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.TeamGames-ffc54199.js

185.244.209.62

10 kB

URL
v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.TeamGames-ffc54199.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

File type
JavaScript source, ASCII text, with very long lines (40656), with no line terminators
Size
10 kB (9977 bytes)
Hash
3645d2d457e7c89dbddbc70d1bb71d2e
d91ac83ee98ca90c4a45448683041facd9b325cd
a615e922b7060fe133277857d8a581923a62ce0da64aff95340bd9b884856a5a

HTTP Headers

GET /_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.TeamGames-ffc54199.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:10 GMT
content-type: application/javascript; charset=utf-8
content-length: 9977
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-26f9"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:00 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-131fd84fbfea7e9217d0a5185448c573-7f7e452cf12f9c90-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:00+00:00, 2024-05-07T14:49:13+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.Homepage/Page.Betting.Main/Page.Betting.Main.Asian/Page.Betting.TeamGames/Page.New/a4ad9f6b-09b98935.js

185.244.209.62

200 OK

4.2 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.Homepage/Page.Betting.Main/Page.Betting.Main.Asian/Page.Betting.TeamGames/Page.New/a4ad9f6b-09b98935.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (14590), with no line terminators
Size
4.2 kB (4207 bytes)
Hash
81deb8b2ab30cd1729e21622a32d9814
41b982e7a7e4eec22ce01ff1a3b854e51e385789
41159eb3d25b42d4e655a6a3f4e6b0777c2d8a572277d77f9104e171b8aa5589

HTTP Headers

GET /_nuxt/desktop/default/Page.Betting.Asia.Homepage/Page.Betting.Main/Page.Betting.Main.Asian/Page.Betting.TeamGames/Page.New/a4ad9f6b-09b98935.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:10 GMT
content-type: application/javascript; charset=utf-8
content-length: 4207
last-modified: Mon, 06 May 2024 10:23:04 GMT
etag: "6638af88-106f"
content-encoding: gzip
expires: Wed, 08 May 2024 08:41:46 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-540644ce053849e352df00971dfac403-376cc98750edf3e7-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T08:41:46+00:00, 2024-05-07T10:01:00+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.Main.Asian/registration.Main/user.userRegistration-b32053db.js

185.244.209.62

200 OK

9.2 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.Main.Asian/registration.Main/user.userRegistration-b32053db.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (31683), with no line terminators
Size
9.2 kB (9205 bytes)
Hash
3f5e6415a870624bda2cd9741726af93
a5f7d27d2ca9f7e89a230ad43754f4e0390f293a
68449536372a92443232c2c9299ebc24a5f62543e6b12cd0a137b078f50d6e9b

HTTP Headers

GET /_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.Main.Asian/registration.Main/user.userRegistration-b32053db.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:10 GMT
content-type: application/javascript; charset=utf-8
content-length: 9205
last-modified: Mon, 06 May 2024 10:23:04 GMT
etag: "6638af88-23f5"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:00 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-3c71f9926614ebe773b0bc34af7753ae-fb5f0464818d0c79-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:00+00:00, 2024-05-07T14:49:13+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main/Page.Betting.Main.BettingLeftAside/Page.Betting.TeamGames/betting.GamesSliderApp/b/e7e00398-3883d633.js

185.244.209.62

2.2 kB

URL
v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main/Page.Betting.Main.BettingLeftAside/Page.Betting.TeamGames/betting.GamesSliderApp/b/e7e00398-3883d633.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

File type
JavaScript source, ASCII text, with very long lines (7613), with no line terminators
Size
2.2 kB (2209 bytes)
Hash
68b874a85269b1e64bfd1065d0254a1a
46d5559120d28058a530b18616085b6826bb03c3
7a51983ef71867325dd5d9bf7b7eadc66b567a882f50c1d09158bf4f7de8b587

HTTP Headers

GET /_nuxt/desktop/default/Page.Betting.Main/Page.Betting.Main.BettingLeftAside/Page.Betting.TeamGames/betting.GamesSliderApp/b/e7e00398-3883d633.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:10 GMT
content-type: application/javascript; charset=utf-8
content-length: 2209
last-modified: Mon, 06 May 2024 10:23:04 GMT
etag: "6638af88-8a1"
content-encoding: gzip
expires: Wed, 08 May 2024 08:41:40 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-981ddfd0350d812f4e01d9fead504ca4-46cd7232ebec2ec5-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T08:41:40+00:00, 2024-05-07T10:01:00+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main-499ac9a4.js

185.244.209.62

200 OK

58 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main-499ac9a4.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (64940), with no line terminators
Size
58 kB (58244 bytes)
Hash
8b5b82fea92540c112a534ae258307e2
380afabff0faa228d8c4f10cc9947b310d1bab68
ab31af22488ac9b76c9790f4d3cf1096a9402e7ab4a5b8e09d373cb5b62bc651

HTTP Headers

GET /_nuxt/desktop/default/Page.Betting.Main-499ac9a4.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:10 GMT
content-type: application/javascript; charset=utf-8
content-length: 58244
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-e384"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:00 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-22f04da98217e1a0a4d8e84fe78b1475-0de77d75843c8e60-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:00+00:00, 2024-05-07T14:49:13+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/app-1483c42a.js

185.244.209.62

200 OK

225 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/app-1483c42a.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (64966), with no line terminators
Size
225 kB (224914 bytes)
Hash
c4d75347728629ec3f0b90dc82f0a3d2
ff949fe02da04d39be746f8d091a1a7b30126f7a
8ca2bd3ad104c33fb6189e87cab8992734ca6bf99a631ed413f63444b834d33b

HTTP Headers

GET /_nuxt/desktop/default/app-1483c42a.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:10 GMT
content-type: application/javascript; charset=utf-8
content-length: 224914
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-36e92"
content-encoding: gzip
expires: Wed, 08 May 2024 09:01:03 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-c4f43684b7c8601e69ec70b0edff8b88-71b51ecc7060c602-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T09:01:03+00:00, 2024-05-07T09:06:10+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside-9ec0f9e5.js

185.244.209.62

200 OK

17 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside-9ec0f9e5.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65113), with no line terminators
Size
17 kB (17011 bytes)
Hash
5c486444497d7afeea7cabf3a651d76a
a5c40dee88530a85a4c061ad4379b13e3b8df745
9c3b64738e185dacb94ddfa13c1807be093f49e0a3b5810f92db524ea9f60020

HTTP Headers

GET /_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside-9ec0f9e5.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:10 GMT
content-type: application/javascript; charset=utf-8
content-length: 17011
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-4273"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:00 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-7022094aceb61dec72809d02c0cae5db-e856c3e43a79fb17-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:00+00:00, 2024-05-07T14:49:13+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/polyfills.js

178.253.29.51

0 B

URL
1xlite-461430.top/polyfills.js
IP
178.253.29.51:0
ASN
#202492 Silverhill Group Holding Ltd

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /polyfills.js HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2235918160-0cca-11ef-945a-6dc9d9560782%22%7D; platform_type=desktop; auid=sv0dM2Y6uuqIW4v/AxdSAg==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:10 GMT
content-type: text/javascript; charset=utf-8
content-length: 0
vary: user-agent
cache-control: public, max-age=2678400, s-maxage=2678400
etag: W/"0-2jmj7l5rSw0yVb/vlWAYkK/YBwk"
x-time-ng: 0.020
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.028
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main.BettingLeftAside-14b63672.js

185.244.209.62

5.9 kB

URL
v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main.BettingLeftAside-14b63672.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

File type
JavaScript source, ASCII text, with very long lines (21262), with no line terminators
Size
5.9 kB (5874 bytes)
Hash
fb60e20d94667a730b2505f72a36269f
9553f3349aae185bd43d95b7ea735790b5ac35d4
24b7cc1abd1d6224f08db147e7c866945d1f205b36b55ac5a5f1c47ed96d69ab

HTTP Headers

GET /_nuxt/desktop/default/vendors/Page.Betting.Main.BettingLeftAside-14b63672.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:10 GMT
content-type: application/javascript; charset=utf-8
content-length: 5874
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-16f2"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:00 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-4f6ea4acdd500ebc5ee183cd3a218139-4552f3fd32cbd8c8-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:00+00:00, 2024-05-07T14:49:13+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboard/Page.NewCy/adc1b632-4d951a46.js

185.244.209.62

200 OK

3.5 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboard/Page.NewCy/adc1b632-4d951a46.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (13913), with no line terminators
Size
3.5 kB (3531 bytes)
Hash
395deb0abfd0ea102c0c9aa4cf08b2f9
b53c99a2bce733f0a45a075000949d34e2fd0b17
f11d7b6985d7e97030628cf137377b14e9316f8919f80dff4cdd488366aa6652

HTTP Headers

GET /_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboard/Page.NewCy/adc1b632-4d951a46.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:10 GMT
content-type: application/javascript; charset=utf-8
content-length: 3531
last-modified: Mon, 06 May 2024 10:23:04 GMT
etag: "6638af88-dcb"
content-encoding: gzip
expires: Wed, 08 May 2024 08:41:39 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-6d10b18d02940a6ee7fa271e61d55e4c-5191f5d375b12431-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T08:41:39+00:00, 2024-05-07T10:01:01+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/9eb4939a.css

185.244.209.62

200 OK

2.8 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/9eb4939a.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (20960), with no line terminators
Size
2.8 kB (2763 bytes)
Hash
6cae6098e169876c305ca92f82fe3cde
d27c18f05738795d575c8ce370ed83cf07da0a5a
7095d096e88dd0a09d84d063de1e0eedd406b032150a5af99e796c2ac63bcfe5

HTTP Headers

GET /_nuxt/desktop/default/css/9eb4939a.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:10 GMT
content-type: text/css
content-length: 2763
last-modified: Mon, 06 May 2024 10:23:04 GMT
etag: "6638af88-acb"
content-encoding: gzip
expires: Tue, 07 May 2024 12:27:19 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-2ca71f2fae2b416bcfb30f5a7f78005c-de787c447aad8d4e-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T12:27:19+00:00, 2024-05-07T13:56:30+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside/betting.SportMenuApp-87a02531.js

185.244.209.62

10 kB

URL
v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside/betting.SportMenuApp-87a02531.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

File type
JavaScript source, ASCII text, with very long lines (41615), with no line terminators
Size
10 kB (10290 bytes)
Hash
21a80fe42c418607606b5ee8ebc9ebe2
b93c8e0a2f18dd371501e1a8739e9445b2c1d9d1
880f72443c469f2d2e9421789eaeb1f2042a8c4ccfc8ce9057a685d588a97ff3

HTTP Headers

GET /_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside/betting.SportMenuApp-87a02531.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:10 GMT
content-type: application/javascript; charset=utf-8
content-length: 10290
last-modified: Mon, 06 May 2024 10:23:04 GMT
etag: "6638af88-2832"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:00 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-f57b62ccf9c10a3dd4a1fc33b0489db8-7ae88031d4f87ac3-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:00+00:00, 2024-05-07T14:49:13+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/c3d37cc4.css

185.244.209.62

194 B

URL
v3.traincdn.com/_nuxt/desktop/default/css/c3d37cc4.css
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

File type
ASCII text, with very long lines (395), with no line terminators
Size
194 B (194 bytes)
Hash
7f1ee7f9ec47159043591789124ec7cc
bb021131214d4b70b327355a5a947b974f2eccbd
4041bafac614e354c03b647dc8d226e140460381c4816a65528e4ba428b0a0ad

HTTP Headers

GET /_nuxt/desktop/default/css/c3d37cc4.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:10 GMT
content-type: text/css
content-length: 194
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-c2"
content-encoding: gzip
expires: Wed, 08 May 2024 09:23:40 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-e017f19f6cb4d9ebc67db280cda77e2d-7f788f5bb1c808ef-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T09:23:40+00:00, 2024-05-07T14:34:20+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingContent-636888aa.js

185.244.209.62

200 OK

644 B

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingContent-636888aa.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (1333), with no line terminators
Size
644 B (644 bytes)
Hash
59e405a5c84540fd5cd4a47c01954bb9
877928ec86d9742b605ab481e28e4ca40163154b
a50357ec75eb7f36a26bfe20b003e614f8bfd8298d502b26c9dc36cbdc1d362a

HTTP Headers

GET /_nuxt/desktop/default/Page.Betting.Main.BettingContent-636888aa.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:10 GMT
content-type: application/javascript; charset=utf-8
content-length: 644
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-284"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:00 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-d75f6432c5a52990b974a8116c4a212e-f7542154b50fc921-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:00+00:00, 2024-05-07T14:49:13+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/ca542d7f.css

185.244.209.62

200 OK

3.2 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/ca542d7f.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (31339), with no line terminators
Size
3.2 kB (3226 bytes)
Hash
9e9b190c1ab8126c2576203d5d43ec63
a80ccb6739023605edbd86be13f38a58ff7f4906
c4a28e2bbc67a853613460727d4abba3687be55593a7513a4079ea34579fbb02

HTTP Headers

GET /_nuxt/desktop/default/css/ca542d7f.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:10 GMT
content-type: text/css
content-length: 3226
last-modified: Mon, 06 May 2024 10:23:04 GMT
etag: "6638af88-c9a"
content-encoding: gzip
expires: Wed, 08 May 2024 09:58:01 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-612e5324bab97b683aa9fa00895f7575-048b4d6977a3909a-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T09:58:01+00:00, 2024-05-07T10:40:52+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Layout.SeoModule.Lazy-db205bbd.js

185.244.209.62

200 OK

2.5 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/Layout.SeoModule.Lazy-db205bbd.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (8663), with no line terminators
Size
2.5 kB (2475 bytes)
Hash
a5db05d47f7f37c06acc29a0f4eeb447
b9ddddb586721548eaa4a62d7ae420bfcfc5bddb
4053d0ffbd3af6bc022131a3f123bd4e88825f1b5f06a74dd2072a2b0fe3f243

HTTP Headers

GET /_nuxt/desktop/default/Layout.SeoModule.Lazy-db205bbd.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:11 GMT
content-type: application/javascript; charset=utf-8
content-length: 2475
last-modified: Mon, 06 May 2024 10:23:04 GMT
etag: "6638af88-9ab"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:00 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-20fa247e9acb9b943b5efd939b7f7661-64eb0a1863ce7ac0-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:00+00:00, 2024-05-07T14:49:13+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/runtime-baf5b66c.js

185.244.209.62

200 OK

15 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/runtime-baf5b66c.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (47215), with no line terminators
Size
15 kB (14752 bytes)
Hash
ef9def5f3c8a190bfffb14ce24c6eb58
c5fa568c8f9bee2aa988c80a7246e07edd8d84ba
d5d3ad6908352036bda426fe1fdc6f1dc03ac13a7029bbf25fa50580abd9064f

HTTP Headers

GET /_nuxt/desktop/default/runtime-baf5b66c.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:11 GMT
content-type: application/javascript; charset=utf-8
content-length: 14752
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-39a0"
content-encoding: gzip
expires: Tue, 07 May 2024 10:54:45 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-ff7f3557ecad274f41da419f227aa3ab-8e4908b8dfcf0bfe-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T10:54:45+00:00, 2024-05-07T10:57:48+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/85148a0b.css

185.244.209.62

4.0 kB

URL
v3.traincdn.com/_nuxt/desktop/default/css/85148a0b.css
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

File type
ASCII text, with very long lines (32277), with no line terminators
Size
4.0 kB (3964 bytes)
Hash
eeaf257a8645b90669a2ea93b8fb534e
d81289258b7a5c126dd860232760852cc8ad865e
3a170c88ab694ad7552f7a84baa04ddb248c32b7f8ffe16d55dd73685de87aa6

HTTP Headers

GET /_nuxt/desktop/default/css/85148a0b.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:11 GMT
content-type: text/css
content-length: 3964
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-f7c"
content-encoding: gzip
expires: Tue, 07 May 2024 12:54:58 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-cc6b77b9ec0d7984e75e636f9d51ce71-b80d1a7854608451-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T12:54:58+00:00, 2024-05-07T13:56:30+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Layout.FooterComponent.Lazy-0434410a.js

185.244.209.62

7.8 kB

URL
v3.traincdn.com/_nuxt/desktop/default/Layout.FooterComponent.Lazy-0434410a.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (28142), with no line terminators
Size
7.8 kB (7775 bytes)
Hash
9167c6082d419d35f57a606871184d06
d4c4fac03b353c5881c352d6ac0c05947dc2e633
bed35ed9386f6d0d6f3096d00c7d14e042c5cb404f07ef0bb9abb4cc381e89c3

HTTP Headers

GET /_nuxt/desktop/default/Layout.FooterComponent.Lazy-0434410a.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:11 GMT
content-type: application/javascript; charset=utf-8
content-length: 7775
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-1e5f"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:00 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-b0da800a485dfc4b7c926b4d64835e58-103d4d593f36d3f9-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:00+00:00, 2024-05-07T14:49:13+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/commons/app-2e30fd7d.js

185.244.209.62

200 OK

47 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/commons/app-2e30fd7d.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65476)
Size
47 kB (46801 bytes)
Hash
03b89bdb4f6013159d40de88c98403b6
cf41351caa86d91b56cf839d54ab28bf8f4f54f8
42d02ce0b520e2d8ce7341a0b07d92cd3833d762337b1f8aabc6f7f23e6fad4a

HTTP Headers

GET /_nuxt/desktop/default/commons/app-2e30fd7d.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:11 GMT
content-type: application/javascript; charset=utf-8
content-length: 46801
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-b6d1"
content-encoding: gzip
expires: Tue, 07 May 2024 14:31:58 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-2b73f0d56287e3aa2ae7ed848ad6e642-deb2a00cf053e8fd-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:31:58+00:00, 2024-05-07T14:49:13+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/75bcd414.css

185.244.209.62

2.3 kB

URL
v3.traincdn.com/_nuxt/desktop/default/css/75bcd414.css
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

File type
ASCII text, with very long lines (9958), with no line terminators
Size
2.3 kB (2277 bytes)
Hash
76a1e3dd8e25bf9a48bdd896de779d20
38c3643e25808d1f3ab167273201eac8c113c088
aa36f7a0cd4e7059cfef75dda25cd20e0bd1fbbe3d10a4ed0697cb937f009273

HTTP Headers

GET /_nuxt/desktop/default/css/75bcd414.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:11 GMT
content-type: text/css
content-length: 2277
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-8e5"
content-encoding: gzip
expires: Tue, 07 May 2024 11:27:59 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-ce01b3aa55cf8eba510ef3309b218bcd-48760c43441833a1-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T11:27:59+00:00, 2024-05-07T12:10:05+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/Layout.FooterComponent.Lazy-8e891b7b.js

185.244.209.62

200 OK

8.3 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/Layout.FooterComponent.Lazy-8e891b7b.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (29805), with no line terminators
Size
8.3 kB (8283 bytes)
Hash
93a3cdd4ea0ae5eb295e71988355c5d4
0c9e334aebd99fb9c44575c99abda82d0b53acb1
104a5a19f0a8b4d443e55c32daf49eea2343ee96da27b48c21f09e1425081d62

HTTP Headers

GET /_nuxt/desktop/default/vendors/Layout.FooterComponent.Lazy-8e891b7b.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:11 GMT
content-type: application/javascript; charset=utf-8
content-length: 8283
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-205b"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:00 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-2ade4c0c78929e12b5f499383b62a31e-e06dbe2e5ddd6ec8-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:00+00:00, 2024-05-07T14:49:13+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/5cfdf959.css

185.244.209.62

1.1 kB

URL
v3.traincdn.com/_nuxt/desktop/default/css/5cfdf959.css
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

File type
ASCII text, with very long lines (4632), with no line terminators
Size
1.1 kB (1113 bytes)
Hash
f74d8b7e31b6ab236a9577348874385d
87091e6542649037a05fc137fa449b713c85225d
b33d72295f1edbfc13da30236c4b811cffe4ba8ef758a515914cd69cf02edbf8

HTTP Headers

GET /_nuxt/desktop/default/css/5cfdf959.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:11 GMT
content-type: text/css
content-length: 1113
last-modified: Mon, 06 May 2024 10:23:04 GMT
etag: "6638af88-459"
content-encoding: gzip
expires: Wed, 08 May 2024 06:45:39 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-da402966aa8d8153a5966e9658f039a5-ba02d4082cafd7a5-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T06:45:39+00:00, 2024-05-07T09:06:33+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/035c0001.css

185.244.209.62

200 OK

14 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/035c0001.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
14 kB (13859 bytes)
Hash
ac3b78bdd1c881f78913b967fd22a91f
15295665baa2ccaf71e8a093f333d087621a17ee
ee4c84a2fe257a888fcec5809b67b563aba3a4c52f102154ffa19a685434d835

HTTP Headers

GET /_nuxt/desktop/default/css/035c0001.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:11 GMT
content-type: text/css
content-length: 13859
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-3623"
content-encoding: gzip
expires: Wed, 08 May 2024 09:01:03 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-e6ea80c62ffae5a10cdd0e722c2377ec-a6d81b8cb26f52ae-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T09:01:03+00:00, 2024-05-07T09:06:10+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/app-d26cc899.js

185.244.209.62

267 kB

URL
v3.traincdn.com/_nuxt/desktop/default/vendors/app-d26cc899.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (61101)
Size
267 kB (267237 bytes)
Hash
1992415420cd9d59941e07133aa0c521
308a748fa982a440a112cb9e449f25a23bd6d83e
94a8f060251c7e705ee8c823783cb067e2844edb0f3900b6b0e91948d92ce907

HTTP Headers

GET /_nuxt/desktop/default/vendors/app-d26cc899.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:11 GMT
content-type: application/javascript; charset=utf-8
content-length: 267237
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-413e5"
content-encoding: gzip
expires: Tue, 07 May 2024 14:31:58 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-5ce7ec9c3e7f171e7d5f4586ed155c7f-c72723fbdf694cd0-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:31:58+00:00, 2024-05-07T14:49:12+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Layout.FooterComponent.Lazy/Page.Game.Project-807a62cf.js

185.244.209.62

6.3 kB

URL
v3.traincdn.com/_nuxt/desktop/default/Layout.FooterComponent.Lazy/Page.Game.Project-807a62cf.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

File type
JavaScript source, ASCII text, with very long lines (20014), with no line terminators
Size
6.3 kB (6258 bytes)
Hash
adc7f8e289bd475a5a922c91b93591b2
540252cd02880714746d3656e61c67e7acab7fda
3b542ce26d333f558f94adb8cac49e58be95a5470eb3079d1dc0b2b7a7c97b6b

HTTP Headers

GET /_nuxt/desktop/default/Layout.FooterComponent.Lazy/Page.Game.Project-807a62cf.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:11 GMT
content-type: application/javascript; charset=utf-8
content-length: 6258
last-modified: Mon, 06 May 2024 10:23:04 GMT
etag: "6638af88-1872"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:00 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-70d1699d80a22a0b572476ffb7868ea7-e545dd4463b95d42-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:00+00:00, 2024-05-07T14:49:13+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/version.json

185.244.209.62

200 OK

44 B

URL GET HTTP/2
v3.traincdn.com/version.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text
Size
44 B (44 bytes)
Hash
265e4e9c948f929631d7e9bcf0d19d5b
c70f40cde4e09003b980fdae5130f3695de16add
62ec6fa5c15470b882bd7e05f5651b0a265a0cb2857cffa5cbfa34b3d2cf42ba

HTTP Headers

GET /version.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:11 GMT
content-type: application/json
content-length: 44
last-modified: Mon, 06 May 2024 10:24:15 GMT
etag: "6638afcf-2c"
content-encoding: gzip
expires: Mon, 06 May 2024 10:50:26 GMT
cache-control: max-age=60, max-age=60, s-maxage=60
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-0ab21b8318dd9d94476392192f7dba48-eba929e8eec6c17b-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T10:49:26+00:00, 2024-05-07T23:35:59+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2

185.244.209.62

200 OK

64 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 63748, version 1.0
Size
64 kB (63748 bytes)
Hash
6887b6f24414dbc612dbf42ccdc76b70
8068d3abfbc6cbf35b55919da45b1f4d2d136238
fc5c015fc32518f1ed810fa84ca28941eb9d5a3c81acc8df69a4dbbeedef7b0c

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:11 GMT
content-type: font/woff2
content-length: 63748
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "6887b6f24414dbc612dbf42ccdc76b70"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-9b56d1c608279aed5ebcebad9e6e64ef-5bb81253000fde4b-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:13:59+00:00, 2024-05-07T23:15:21+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Medium.woff2

185.244.209.62

200 OK

65 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Medium.woff2
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 64732, version 1.0
Size
65 kB (64732 bytes)
Hash
3ac5d40d1b3966fc5eb09ecca74d9cbf
a69f32357765dd321519889aeacba5e9ca893bb0
3310766b8f58538d07abded74a2babe1acbe1a3ee820d5b8c8265da666f4fb0c

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Medium.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:11 GMT
content-type: font/woff2
content-length: 64732
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "3ac5d40d1b3966fc5eb09ecca74d9cbf"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-05ecac4ac87794c40dc466d5e3d2727a-22a17ce7e0e2b3a5-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:56:30+00:00, 2024-05-07T22:46:51+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2

185.244.209.62

200 OK

64 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 63920, version 1.0
Size
64 kB (63920 bytes)
Hash
a65527fcb58f66a7cfbc0e6b160538b4
45d260e7fa343401b5bb0df982a014f53e2d253b
fb13c3a1cbac60649b76f7d7f85c1645d35ac69b85ce5f4eb0692505ecc2cd45

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:11 GMT
content-type: font/woff2
content-length: 63920
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "a65527fcb58f66a7cfbc0e6b160538b4"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-55bb4eb661025cc2648fb68c24360ac3-74e4055e822431f4-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:54:39+00:00, 2024-05-07T22:37:28+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/check-ob.js

185.244.209.62

187 B

URL
v3.traincdn.com/_nuxt/check-ob.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

File type
JavaScript source, ASCII text
Size
187 B (187 bytes)
Hash
ced67278c38d1ce1297c121af69fff8a
df6e1531fd84d956263b04254e6f94f5356623f4
2958134c3c00f7c6320858dd66e454c2856e4842821d3523c4cc5e44e1ec8616

HTTP Headers

GET /_nuxt/check-ob.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:11 GMT
content-type: application/javascript; charset=utf-8
content-length: 187
last-modified: Mon, 06 May 2024 10:23:37 GMT
etag: "6638afa9-bb"
content-encoding: gzip
expires: Tue, 07 May 2024 12:56:18 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-f636741e3d6944b2844c6c2086ab8c98-c4409e693d947a11-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T12:56:18+00:00, 2024-05-07T11:36:39+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/1da51baa342984a84ca1ac8dd900998b.png

185.244.209.62

653 B

URL
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/1da51baa342984a84ca1ac8dd900998b.png
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

File type
PNG image data, 32 x 32, 8-bit colormap, non-interlaced
Size
653 B (653 bytes)
Hash
e6f0766cbd95db33da44e7a9140648f2
5f196b1bfe8c3f92bd2ebcd67124e72e81ae6aaf
c0399d478788d5d483f104a2e8cb7c32f41cb40e9df0c22e831b2bfa2db63ec0

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/1da51baa342984a84ca1ac8dd900998b.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:11 GMT
content-type: image/png
content-length: 653
last-modified: Tue, 25 Apr 2023 13:43:56 GMT
etag: "e6f0766cbd95db33da44e7a9140648f2"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-403b860bbd8551b4662855cf8ba3e4ce-a184ec627aa6ae10-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:12:59+00:00, 2024-05-07T23:15:36+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/f5105820.css

185.244.209.62

200 OK

194 B

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/f5105820.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (395), with no line terminators
Size
194 B (194 bytes)
Hash
2818ab9c6ece35261fbf658165189623
f01f8175a7a89449a1dad5f2a7df06c5866c10af
b4f0b619b6f6ece6589df376a16eae022b084640348887d3c557e20a37207583

HTTP Headers

GET /_nuxt/desktop/default/css/f5105820.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:12 GMT
content-type: text/css
content-length: 194
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-c2"
content-encoding: gzip
expires: Wed, 08 May 2024 09:24:14 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-5e1d84f6fb512f3e720ac0c56030bc81-f156e0037d817bff-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T09:24:14+00:00, 2024-05-07T17:58:36+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.BettingContent-3ca7fb18.js

185.244.209.62

633 B

URL
v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.BettingContent-3ca7fb18.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

File type
JavaScript source, ASCII text, with very long lines (1235), with no line terminators
Size
633 B (633 bytes)
Hash
52ab057c90af6d742e95f43ff97e95ff
dfdce102add5fc4fa06ac366a663e7a732bd9352
feedd981d953d2933cbb35a49608ebf408f13f457399c2b11aa1ef5eb76db547

HTTP Headers

GET /_nuxt/desktop/default/Page.Betting.Asia.BettingContent-3ca7fb18.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:12 GMT
content-type: application/javascript; charset=utf-8
content-length: 633
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-279"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:12 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-007fad9b95c905a384355d8fd4f26597-62b824d7ebc173f0-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:12+00:00, 2024-05-07T15:18:12+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.BettingLeftAside/Page.Betting.Main.Asian/betting.CentralMenuApp/betting.SportsMenuCompact-cca22477.js

185.244.209.62

200 OK

4.2 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.BettingLeftAside/Page.Betting.Main.Asian/betting.CentralMenuApp/betting.SportsMenuCompact-cca22477.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (14574), with no line terminators
Size
4.2 kB (4187 bytes)
Hash
2f5a8b05ac32c583fcde180d9d46fce9
86cc94f0c76922b731336bb6c13ff2839f37d689
6f2a20b4cda56cb4d92bd6d3817945c5e659723eaf3e5c85f0a00274c909a9cd

HTTP Headers

GET /_nuxt/desktop/default/Page.Betting.Asia.BettingLeftAside/Page.Betting.Main.Asian/betting.CentralMenuApp/betting.SportsMenuCompact-cca22477.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:12 GMT
content-type: application/javascript; charset=utf-8
content-length: 4187
last-modified: Mon, 06 May 2024 10:23:04 GMT
etag: "6638af88-105b"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:12 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-5f7d57dd660712e4854f5b44d5bf96a3-91e90625e7f4cbdb-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:12+00:00, 2024-05-07T15:18:13+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/2a37879e.css

185.244.209.62

200 OK

1.3 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/2a37879e.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (6872), with no line terminators
Size
1.3 kB (1331 bytes)
Hash
7727cc93d85a2459297f9b1237fc6a92
f37f7a3ec3d30df2513a38dd2c67fefaf038edec
e4559060670fd8cf92ad4e830ae9237d2bbc735470f4597ad5d943388d9248d2

HTTP Headers

GET /_nuxt/desktop/default/css/2a37879e.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:12 GMT
content-type: text/css
content-length: 1331
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-533"
content-encoding: gzip
expires: Tue, 07 May 2024 12:28:13 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-b83b6f0fae4967859f8af87f48c4d9e7-cd12336bd1d81dec-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T12:28:13+00:00, 2024-05-07T15:18:59+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.BettingLeftAside-9f71ae9a.js

185.244.209.62

10 kB

URL
v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.BettingLeftAside-9f71ae9a.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (37196), with no line terminators
Size
10 kB (10214 bytes)
Hash
149f1f916b0c47494c7bdc15122390d4
f6be7ef6c3649f4b83fd19f7459dbce46ff15925
f8ecbd7355d64beb3e23daea185a634fa436012d707160381bb3b65548a9c92b

HTTP Headers

GET /_nuxt/desktop/default/Page.Betting.Asia.BettingLeftAside-9f71ae9a.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:12 GMT
content-type: application/javascript; charset=utf-8
content-length: 10214
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-27e6"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:12 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-7979383661b4b54ba93d4e7c5102707f-c1d2c5ec6206e544-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:12+00:00, 2024-05-07T15:18:13+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Asia.Homepage-b9493cb9.js

185.244.209.62

200 OK

10 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Asia.Homepage-b9493cb9.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (36638), with no line terminators
Size
10 kB (10115 bytes)
Hash
63e1a6027725eca572736670eb935432
e3578492cf68e66a44f556a98545294a5b1bed5a
e96e0e4abe03d7fb0d2449e0f2bf27bb0ee85cdd4d7b4098276c712842b45d8c

HTTP Headers

GET /_nuxt/desktop/default/vendors/Page.Betting.Asia.Homepage-b9493cb9.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:12 GMT
content-type: application/javascript; charset=utf-8
content-length: 10115
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-2783"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:13 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-f5bf118fd7778b8d1d68d36c52243c73-97ebaf5fc4595757-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:13+00:00, 2024-05-07T15:18:15+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.Homepage/Page.NewCyber.Cyber/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamp/Page./8c362243-68160950.js

185.244.209.62

200 OK

5.6 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.Homepage/Page.NewCyber.Cyber/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamp/Page./8c362243-68160950.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (19536), with no line terminators
Size
5.6 kB (5565 bytes)
Hash
860ea683ac1ca8494adc10cb2ea4fcdf
a1004cb9bb3a036d215dfbf6b9bade88ad81a7a3
e8fcc72111c9040f545dd314899e61e406ceaa76601c816dc3c1a7b407f88850

HTTP Headers

GET /_nuxt/desktop/default/Page.Betting.Asia.Homepage/Page.NewCyber.Cyber/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamp/Page./8c362243-68160950.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:12 GMT
content-type: application/javascript; charset=utf-8
content-length: 5565
last-modified: Mon, 06 May 2024 10:23:04 GMT
etag: "6638af88-15bd"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:13 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-d6465acbf02a8e94bbc49f3f2726e007-49b4bc07955fa31f-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:13+00:00, 2024-05-07T15:18:15+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/4b5c6c89.css

185.244.209.62

6.7 kB

URL
v3.traincdn.com/_nuxt/desktop/default/css/4b5c6c89.css
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

File type
ASCII text, with very long lines (53058), with no line terminators
Size
6.7 kB (6667 bytes)
Hash
173f5247c95e1b42bb3b77ed0a8eb44d
5b4b32ac3c6b995e254b7e8e1ecdf00ef4882aa9
f20b6d24581afe4c6af83abbc14b11194385c8e5f15a27e972724f61891c6dd0

HTTP Headers

GET /_nuxt/desktop/default/css/4b5c6c89.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:12 GMT
content-type: text/css
content-length: 6667
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-1a0b"
content-encoding: gzip
expires: Tue, 07 May 2024 12:55:22 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-bb721594388bc2c650ae3b0c5ab611a9-748778c1a52b39a8-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T12:55:22+00:00, 2024-05-07T15:18:59+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.Homepage-633ca92a.js

185.244.209.62

200 OK

32 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.Homepage-633ca92a.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (64912), with no line terminators
Size
32 kB (32522 bytes)
Hash
474bfa89621896100251055f7c19712b
0e19c615fc77f9ed2d69d74b7f8a42d41c6f5138
ea0fef6e0a33df0b36bdce2df6b8bf50eef0dd3b71c7c6fc567a7d7c5d39fdd3

HTTP Headers

GET /_nuxt/desktop/default/Page.Betting.Asia.Homepage-633ca92a.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:12 GMT
content-type: application/javascript; charset=utf-8
content-length: 32522
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-7f0a"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:13 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-3085eb5b2102a1be7141b605e9715682-35e13daf64a5040b-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:13+00:00, 2024-05-07T15:18:15+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/GameProvider/Page.Betting.Asia.Homepage/Page.Betting.MultiLive/Page.CricketWorldCupPage/Page/17c2374e-b595fcd5.js

185.244.209.62

37 kB

URL
v3.traincdn.com/_nuxt/desktop/default/vendors/GameProvider/Page.Betting.Asia.Homepage/Page.Betting.MultiLive/Page.CricketWorldCupPage/Page/17c2374e-b595fcd5.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

File type
JavaScript source, ASCII text, with very long lines (65461)
Size
37 kB (37176 bytes)
Hash
aedaa99fcce183a213f358a727e9eb87
7fe33331acbced57be412f96baff3a4595e207fb
2ccadc0a2eea97aeeb5f1825ad9bdac3873481a54bcd3b42cf6724271cd0f6ac

HTTP Headers

GET /_nuxt/desktop/default/vendors/GameProvider/Page.Betting.Asia.Homepage/Page.Betting.MultiLive/Page.CricketWorldCupPage/Page/17c2374e-b595fcd5.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:12 GMT
content-type: application/javascript; charset=utf-8
content-length: 37176
last-modified: Mon, 06 May 2024 10:23:04 GMT
etag: "6638af88-9138"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:13 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-5f017a424455ef375933a459bd8dac7c-17903453bd841005-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:13+00:00, 2024-05-07T15:18:14+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/f72f2b10.css

185.244.209.62

200 OK

4.8 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/f72f2b10.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (38649), with no line terminators
Size
4.8 kB (4780 bytes)
Hash
8ab5f1e804e2a4565dea164054ff0907
7ee2bea2c9dcb6424f707c35588a316a249270fa
ce3424802faaac382a0efe23fbc285123fae95d0461ecf26e4881e1907acd9ec

HTTP Headers

GET /_nuxt/desktop/default/css/f72f2b10.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:12 GMT
content-type: text/css
content-length: 4780
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-12ac"
content-encoding: gzip
expires: Tue, 07 May 2024 12:28:13 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-5fb2bc96d0ffc99f894224f0a0a468b8-3c80da44417e1537-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T12:28:13+00:00, 2024-05-07T15:19:00+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.Asian-2f003ed9.js

185.244.209.62

200 OK

29 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.Asian-2f003ed9.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (64788), with no line terminators
Size
29 kB (28917 bytes)
Hash
6bb873114649db4b87839383a7d31921
91b56ad064a4b8fd0d7edb89a040c6b9d06866aa
6dc41e4f75d65dd3dc2f311198e1a9b2b65e0687c2d905b7d64cf9265f7bda2d

HTTP Headers

GET /_nuxt/desktop/default/Page.Betting.Main.Asian-2f003ed9.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:12 GMT
content-type: application/javascript; charset=utf-8
content-length: 28917
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-70f5"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:13 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-c97bb14fd1743184b3a1fe222568c009-a552b3f1b2781539-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:13+00:00, 2024-05-07T15:18:15+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.v-tooltip-ff4800a4.js

185.244.209.62

200 OK

22 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.v-tooltip-ff4800a4.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65476)
Size
22 kB (21889 bytes)
Hash
45f90516ee8a557d78c08e1e925c1490
adc0363ed75f47f9513a36a94173c6e4940a2adc
f5b8b3c4e62dbb4ebc5fd634f5bb17b3145a14c21bdc3e9c0a4dcb45b9e573fe

HTTP Headers

GET /_nuxt/desktop/default/vendors/plugins.v-tooltip-ff4800a4.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:12 GMT
content-type: application/javascript; charset=utf-8
content-length: 21889
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-5581"
content-encoding: gzip
expires: Tue, 07 May 2024 14:31:59 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-364468b572f13048c255fdb3100cc620-4f5462f557bc848e-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:31:59+00:00, 2024-05-07T14:53:12+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-notification-4e9ad522.js

185.244.209.62

4.6 kB

URL
v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-notification-4e9ad522.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

File type
JavaScript source, ASCII text, with very long lines (12527), with no line terminators
Size
4.6 kB (4556 bytes)
Hash
805e7c2cd861f2191db66c39ab28e86b
a6353246547e9a9fd01093fcb784d708d187e3ef
82686dab55962ead6916346bd901b3fc03357bb2a0e74dfe966ff784d75b2368

HTTP Headers

GET /_nuxt/desktop/default/vendors/plugins.vue-notification-4e9ad522.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:12 GMT
content-type: application/javascript; charset=utf-8
content-length: 4556
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-11cc"
content-encoding: gzip
expires: Tue, 07 May 2024 14:31:59 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-ec273f3f42d55347192cb075e6bb0e03-4a615fed2e7299cb-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:31:59+00:00, 2024-05-07T14:53:12+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/e5c0e314.css

185.244.209.62

953 B

URL
v3.traincdn.com/_nuxt/desktop/default/css/e5c0e314.css
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

File type
ASCII text, with very long lines (3352), with no line terminators
Size
953 B (953 bytes)
Hash
748da80084597d87b4ff5e98b017b07b
db6ad2ec24bfcbe751a23061d935403e1163f471
4eaf4071f43aaa0243a4c6948131b7a3e03fe6ab1f4228da38e8588c15e01f24

HTTP Headers

GET /_nuxt/desktop/default/css/e5c0e314.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:12 GMT
content-type: text/css
content-length: 953
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-3b9"
content-encoding: gzip
expires: Tue, 07 May 2024 11:05:11 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-c4d6a6c2dfaa40db83cd2b8cecf9c17a-bb8d4341b8d98cfa-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T11:05:10+00:00, 2024-05-07T15:29:39+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/date-fns-locale-21-290f49eb.js

185.244.209.62

2.1 kB

URL
v3.traincdn.com/_nuxt/desktop/default/date-fns-locale-21-290f49eb.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

File type
JavaScript source, ASCII text, with very long lines (6960), with no line terminators
Size
2.1 kB (2120 bytes)
Hash
91d17dbf833b48149a8b5d2f21895879
bd71a45fa4419ab4ddbc676f0a9cca2be05e1703
f085ff2e310ab82817411e3ed64d0902de49e149d0958cadb91d518ed5854335

HTTP Headers

GET /_nuxt/desktop/default/date-fns-locale-21-290f49eb.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:12 GMT
content-type: application/javascript; charset=utf-8
content-length: 2120
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-848"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:15 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-51504a56c086b44a3f0c2ac686891875-91ccad1aabf17ff8-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:15+00:00, 2024-05-07T17:01:49+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-js-modal-11d3184a.js

185.244.209.62

200 OK

8.1 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-js-modal-11d3184a.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (26717), with no line terminators
Size
8.1 kB (8055 bytes)
Hash
ead4a901af60e4b8138e732f0aea9637
7c1d57d444a07553738ddcb8b6a2bee305a0c215
e6bc116e4cb54d011d2a1fa1f87ab12d1f320aa8dc54c89b1f286f2b02ee14c0

HTTP Headers

GET /_nuxt/desktop/default/vendors/plugins.vue-js-modal-11d3184a.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:12 GMT
content-type: application/javascript; charset=utf-8
content-length: 8055
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-1f77"
content-encoding: gzip
expires: Tue, 07 May 2024 14:31:59 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-d0a64703f0d343694f36a05edd532aad-bd8d233505b34e73-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:31:59+00:00, 2024-05-07T14:53:12+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/6a3b01d318b759a5d8cbcd76fd908037.json

178.253.29.51

1.5 kB

URL
1xlite-461430.top/genfiles/cms/1-285/desktop/media_asset/6a3b01d318b759a5d8cbcd76fd908037.json
IP
178.253.29.51:0
ASN
#202492 Silverhill Group Holding Ltd

File type
JSON text data
Size
1.5 kB (1478 bytes)
Hash
eec4805fe0f6e17d5ade92a382f5b068
ca6a26fe8ea31e66c0bef88c4e7f489dce9f9a4b
b50904054641c30b6b4ee7ed4290b52022825f2e9e9e3a4a060b8ecddf28c898

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/6a3b01d318b759a5d8cbcd76fd908037.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2235918160-0cca-11ef-945a-6dc9d9560782%22%7D; platform_type=desktop; auid=sv0dM2Y6uuqIW4v/AxdSAg==
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:12 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Wed, 28 Feb 2024 21:42:45 GMT
etag: W/"eec4805fe0f6e17d5ade92a382f5b068"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.008
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Betting.Core-d4a24bae.js

185.244.209.62

1.6 kB

URL
v3.traincdn.com/_nuxt/desktop/default/Betting.Core-d4a24bae.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

File type
JavaScript source, ASCII text, with very long lines (2425), with no line terminators
Size
1.6 kB (1577 bytes)
Hash
3a0e4a54185bcc66d2e032dd30a385eb
627755ca54def0761f25f827d5b4cb483e1ca83d
e0bc5ffed1e6fd6285fea94e991fa8ec48a5f17677519c766d7ee7e757a02239

HTTP Headers

GET /_nuxt/desktop/default/Betting.Core-d4a24bae.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:12 GMT
content-type: application/javascript; charset=utf-8
content-length: 1577
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-629"
content-encoding: gzip
expires: Tue, 07 May 2024 10:54:52 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-fd13fa26675082c5a33969c6dc22d7d9-e162c8eb4eaa8ae9-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T10:54:52+00:00, 2024-05-07T11:19:48+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/version.json?timestamp=1715124972807

178.253.29.51

44 B

URL
1xlite-461430.top/version.json?timestamp=1715124972807
IP
178.253.29.51:0
ASN
#202492 Silverhill Group Holding Ltd

File type
ASCII text
Size
44 B (44 bytes)
Hash
265e4e9c948f929631d7e9bcf0d19d5b
c70f40cde4e09003b980fdae5130f3695de16add
62ec6fa5c15470b882bd7e05f5651b0a265a0cb2857cffa5cbfa34b3d2cf42ba

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /version.json?timestamp=1715124972807 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2235918160-0cca-11ef-945a-6dc9d9560782%22%7D; platform_type=desktop; auid=sv0dM2Y6uuqIW4v/AxdSAg==; SESSION=3de462c77cef1cdd4d60e050e4c5d13b; window_width=1920
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:12 GMT
content-type: application/json
content-length: 44
last-modified: Mon, 06 May 2024 10:24:15 GMT
vary: Accept-Encoding
etag: "6638afcf-2c"
content-encoding: gzip
expires: Tue, 07 May 2024 23:37:12 GMT
access-control-allow-origin: *
cache-control: max-age=60, max-age=60, s-maxage=60
accept-ranges: bytes
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.007
X-Firefox-Spdy: h2

1xlite-461430.top/seo-module-api/api/public/v1/analytics-counters?url=https:%2F%2F1xlite-461430.top&projectId=285

178.253.29.51

200 OK

141 B

URL GET HTTP/2
1xlite-461430.top/seo-module-api/api/public/v1/analytics-counters?url=https:%2F%2F1xlite-461430.top&projectId=285
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
141 B (141 bytes)
Hash
bd9be2fa89d26e9e6f1b2e08ffcd0ed6
90eae25ee792254c7ca97e98c5782078f9bdc37f
c11510c5556799ec6bf918684e80903d08cf6237d3c4f94d32a8ebf35d067a1d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /seo-module-api/api/public/v1/analytics-counters?url=https:%2F%2F1xlite-461430.top&projectId=285 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2235918160-0cca-11ef-945a-6dc9d9560782%22%7D; platform_type=desktop; auid=sv0dM2Y6uuqIW4v/AxdSAg==; SESSION=3de462c77cef1cdd4d60e050e4c5d13b; window_width=1920
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:12 GMT
content-type: application/json
content-length: 141
cache-control: max-age=1200, must-revalidate, public, s-maxage=1800, stale-if-error=86400, stale-while-revalidate=300
x-content-digest: enebf83560af95b198ca2d2caf127b1151
age: 831
x-request-id: c9a6a9571f96a58db8848ca5645d4808
x-request-guid: c9a6a9571f96a58db8848ca5645d4808
x-time-ng: 0.001
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: p;dur=1.1699199676514, wf-uht;dur=0.009
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/consultant.supHelperV2-ef321a16.js

185.244.209.62

200 OK

1.5 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/consultant.supHelperV2-ef321a16.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (3229), with no line terminators
Size
1.5 kB (1451 bytes)
Hash
0cc9277dab4117c9b162cc01e1f0b97f
5b7d9007e2d99d3715c5f226aadf44aa4da4332b
6d7637a83c7812813039573e9c67efbb30e4021a971c546621a397eb72ea4bd0

HTTP Headers

GET /_nuxt/desktop/default/consultant.supHelperV2-ef321a16.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:12 GMT
content-type: application/javascript; charset=utf-8
content-length: 1451
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-5ab"
content-encoding: gzip
expires: Wed, 08 May 2024 08:42:00 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-ccf2fa262a384e0d6a5a8f5c280fa673-3247f089502d7ba7-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T08:42:00+00:00, 2024-05-07T09:23:42+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/ioc.dependencies.18-dc087bc0.js

185.244.209.62

200 OK

1.3 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/ioc.dependencies.18-dc087bc0.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (3073), with no line terminators
Size
1.3 kB (1321 bytes)
Hash
66c4eb11ec60384b198e73db080c0f32
6fb7618e384b9e01454c7b984728236f178192da
b45c772a5a204e430a575b896edc43205412a5f28539c2e48c152df7669ad7cb

HTTP Headers

GET /_nuxt/desktop/default/ioc.dependencies.18-dc087bc0.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:13 GMT
content-type: application/javascript; charset=utf-8
content-length: 1321
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-529"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:15 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-0306ba56c107101e49053e77405a701e-a3be8c9bc31a807d-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:15+00:00, 2024-05-07T15:18:26+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Cyber.Game/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboar/ff3e75d4-74b93b4d.js

185.244.209.62

200 OK

7.4 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Cyber.Game/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboar/ff3e75d4-74b93b4d.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (32231), with no line terminators
Size
7.4 kB (7381 bytes)
Hash
56a0eecb3ec4576e9abf6f8f3e2707f9
6ddfcb4b1669c1323d87906b720fe8e4c258c143
81a5331c3ce30f9e8f21bf5e69591e24dd0c77d9b69157bf0a5e2242fc299ed4

HTTP Headers

GET /_nuxt/desktop/default/vendors/Page.Cyber.Game/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboar/ff3e75d4-74b93b4d.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:13 GMT
content-type: application/javascript; charset=utf-8
content-length: 7381
last-modified: Mon, 06 May 2024 10:23:04 GMT
etag: "6638af88-1cd5"
content-encoding: gzip
expires: Wed, 08 May 2024 08:41:53 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-6660c8e74bf8d95bebd6b33dbc1ac1f0-3e3e1307e2188087-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T08:41:53+00:00, 2024-05-07T10:11:00+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/betting.SportMenuApp-bfe18bfa.js

185.244.209.62

7.7 kB

URL
v3.traincdn.com/_nuxt/desktop/default/vendors/betting.SportMenuApp-bfe18bfa.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

File type
JavaScript source, ASCII text, with very long lines (31337), with no line terminators
Size
7.7 kB (7722 bytes)
Hash
f9da465f4f7355523306ce6bbf89c0d5
c39974e7867bcdd6bbe385ba52c9be335afdfe6b
a5ff3777031e8ee4babfe1d6a7a6fff1fb2fc0db58de71ea8202bc37a7aab0f2

HTTP Headers

GET /_nuxt/desktop/default/vendors/betting.SportMenuApp-bfe18bfa.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:13 GMT
content-type: application/javascript; charset=utf-8
content-length: 7722
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-1e2a"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:16 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-e7251cecc49b2e788f76c789a4f1b48f-ea99a8b8ed245d87-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:16+00:00, 2024-05-07T15:18:29+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/ad481252.css

185.244.209.62

200 OK

3.0 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/ad481252.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (22886), with no line terminators
Size
3.0 kB (3006 bytes)
Hash
f1e1bb557e1155bf9c70751dec445176
013c5224a1bbbf0d6603f25e31863aa90f279b40
7aa1af5184d161c5f279c0da3199cef2dfc0aac5e90cce3e880f1f89401a0a15

HTTP Headers

GET /_nuxt/desktop/default/css/ad481252.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:13 GMT
content-type: text/css
content-length: 3006
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-bbe"
content-encoding: gzip
expires: Tue, 07 May 2024 12:29:01 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-a1b2b904b5b23e08780966e986792804-c2ceb6e476b7568b-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T12:29:01+00:00, 2024-05-07T17:01:18+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/betting.SportMenuApp-1f0079e1.js

185.244.209.62

25 kB

URL
v3.traincdn.com/_nuxt/desktop/default/betting.SportMenuApp-1f0079e1.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65483), with no line terminators
Size
25 kB (24938 bytes)
Hash
756179b1f968d35107908086a552c869
5c1f6c8a0c1eed4246c04dac52c4b7056fc991e8
37093cd5b15bf40421db8a64625a01317d043479685d2e1f84accb8fbf992ea6

HTTP Headers

GET /_nuxt/desktop/default/betting.SportMenuApp-1f0079e1.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:13 GMT
content-type: application/javascript; charset=utf-8
content-length: 24938
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-616a"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:16 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-82a7a0a29f918fcc3af1ccf9a12c93dc-b356ce1f29fdb9be-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:16+00:00, 2024-05-07T15:18:33+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/betting.HomeSliderComponent-f347b217.js

185.244.209.62

7.4 kB

URL
v3.traincdn.com/_nuxt/desktop/default/vendors/betting.HomeSliderComponent-f347b217.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

File type
JavaScript source, ASCII text, with very long lines (27479), with no line terminators
Size
7.4 kB (7388 bytes)
Hash
18963957c8f45d24c0819a973d362e7b
5a1846a89c5cc9e8028044ff5948bd94f428c412
d1c98b4199c034c2a115ba70268a3e536640ca8b992887df0b085d476ab1275f

HTTP Headers

GET /_nuxt/desktop/default/vendors/betting.HomeSliderComponent-f347b217.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:13 GMT
content-type: application/javascript; charset=utf-8
content-length: 7388
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-1cdc"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:16 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-14a8c8be4fa0fd494dafc72d42bf62f3-d2dd265841ff02fa-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:16+00:00, 2024-05-07T17:01:22+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/85022173.css

185.244.209.62

200 OK

1.7 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/85022173.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (9757), with no line terminators
Size
1.7 kB (1731 bytes)
Hash
d9ff2bf37891da2be05d7fd5442113f5
419f63a7b47f983139a1cdc040707ab4b90bc255
05d90d1e2368c45cf52f0796d76035b98b8ab02ff57d218005ddffbfc20963c5

HTTP Headers

GET /_nuxt/desktop/default/css/85022173.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:13 GMT
content-type: text/css
content-length: 1731
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-6c3"
content-encoding: gzip
expires: Tue, 07 May 2024 12:55:22 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-993fdf6cd54a9d776514980c2246fbe7-52f5fb589bbe6936-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T12:55:22+00:00, 2024-05-07T17:01:18+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/betting.HomeSliderComponent-b079a12e.js

185.244.209.62

7.6 kB

URL
v3.traincdn.com/_nuxt/desktop/default/betting.HomeSliderComponent-b079a12e.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

File type
JavaScript source, ASCII text, with very long lines (24523), with no line terminators
Size
7.6 kB (7605 bytes)
Hash
dff08fc651e74f6ad7d80f2cb43e29e5
e1b0c10b245faa60623785bdefd27c9999483231
fb6ee46c49eb61f09a2dbfe856f0b41f4206323fd9dcc2dc8921ce951b9780bf

HTTP Headers

GET /_nuxt/desktop/default/betting.HomeSliderComponent-b079a12e.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:13 GMT
content-type: application/javascript; charset=utf-8
content-length: 7605
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-1db5"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:16 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-c45e93dce2f0cae606c558e1ddab4535-bf5f35cc88f84976-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:16+00:00, 2024-05-07T16:33:55+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/9f2746da.css

185.244.209.62

1.3 kB

URL
v3.traincdn.com/_nuxt/desktop/default/css/9f2746da.css
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

File type
ASCII text, with very long lines (6439), with no line terminators
Size
1.3 kB (1305 bytes)
Hash
cdd7464b2b178b37ed8a1368b6383203
0a13fc4908d91476649bb51e33d690b460a5a89c
aeacff8e3f578ea2842f067e3f42d53e72a4f668cf526c60dc659bd89f5a3c6b

HTTP Headers

GET /_nuxt/desktop/default/css/9f2746da.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:13 GMT
content-type: text/css
content-length: 1305
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-519"
content-encoding: gzip
expires: Tue, 07 May 2024 12:29:01 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-a05026d4b731cc8650137b9132de2bd3-fd947750ca559f59-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T12:29:01+00:00, 2024-05-07T17:01:19+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/betting.CentralMenuApp-a5b5de2e.js

185.244.209.62

19 kB

URL
v3.traincdn.com/_nuxt/desktop/default/betting.CentralMenuApp-a5b5de2e.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65283), with no line terminators
Size
19 kB (18960 bytes)
Hash
4fb1e7d0f5418f3df96622b000ebe6fb
eef890c8cf6d2c72eae34e39ba2e8e6ff79c8754
fd9fede696dd12b00cc9af15ca68f1209b5fd351f5bc32052221adbbb12d8e8b

HTTP Headers

GET /_nuxt/desktop/default/betting.CentralMenuApp-a5b5de2e.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:13 GMT
content-type: application/javascript; charset=utf-8
content-length: 18960
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-4a10"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:16 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-706423706e6a6b9249120b9a6d471165-cf0b049dc775f92a-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:16+00:00, 2024-05-07T15:18:34+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/526e44d9.css

185.244.209.62

459 B

URL
v3.traincdn.com/_nuxt/desktop/default/css/526e44d9.css
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

File type
ASCII text, with very long lines (1526), with no line terminators
Size
459 B (459 bytes)
Hash
97fdf5b6e7dfddf6ab251e984133b2c3
bb552fe685c52c34e0ed91e4dfaa9df2675ad086
92fcdb73c544b1f2befe78685340fd3371e920187a2232f8e4bffd73985d40e3

HTTP Headers

GET /_nuxt/desktop/default/css/526e44d9.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:13 GMT
content-type: text/css
content-length: 459
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-1cb"
content-encoding: gzip
expires: Tue, 07 May 2024 11:05:30 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-0d2fd4f6a7c793d3237fefd15df967eb-76c99c69f67c6090-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T11:05:30+00:00, 2024-05-07T15:46:31+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/betting.media-233f5bf5.js

185.244.209.62

17 kB

URL
v3.traincdn.com/_nuxt/desktop/default/vendors/betting.media-233f5bf5.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (41022), with NEL line terminators
Size
17 kB (16831 bytes)
Hash
45302df89a240c65824afccc0240c030
84573118a402aa9a4ee0321ccf3f914c438a8369
25b695450684f580508f24855ea2d181ecd499e26573010621dd4a2ddc5af16a

HTTP Headers

GET /_nuxt/desktop/default/vendors/betting.media-233f5bf5.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:13 GMT
content-type: application/javascript; charset=utf-8
content-length: 16831
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-41bf"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:16 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-c57225ca0720df244a4d1857fb9c06df-195a153a286f3c3f-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:16+00:00, 2024-05-07T15:14:52+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/ff267c5c.css

185.244.209.62

1.5 kB

URL
v3.traincdn.com/_nuxt/desktop/default/css/ff267c5c.css
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

File type
ASCII text, with very long lines (7000), with no line terminators
Size
1.5 kB (1486 bytes)
Hash
f379bc6f4b94f34d96f6fe51159bee63
f4c0d4dbef1e1e734e84e05d75e4ff950d06eb60
b2a5bd6495250a19500dd5a6ca62f045c8b70226a668dc63ef40c78883bdae11

HTTP Headers

GET /_nuxt/desktop/default/css/ff267c5c.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:13 GMT
content-type: text/css
content-length: 1486
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-5ce"
content-encoding: gzip
expires: Tue, 07 May 2024 14:34:32 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-a339e782b732680d81c2db00eedb6c50-966a644bc65a66d9-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:34:32+00:00, 2024-05-07T17:11:07+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/betting.media-64ed71be.js

185.244.209.62

200 OK

4.7 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/betting.media-64ed71be.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (16761), with no line terminators
Size
4.7 kB (4726 bytes)
Hash
fda91a0dd5e8251a0c4c540d7e54ed52
3c4a6e38286708cd62ff071ccf97e73f37200728
b3c3c2ee09cf4af0164878165cd9971fbfe83a461c18ad0ef7cfc33b36b782ef

HTTP Headers

GET /_nuxt/desktop/default/betting.media-64ed71be.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:13 GMT
content-type: application/javascript; charset=utf-8
content-length: 4726
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-1276"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:16 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-51f9a65543d59d3f53dd16c581578191-58b92d6ee3d88769-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:16+00:00, 2024-05-07T15:14:52+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/gamespreview/getbanner?whence=55&ref=1&gr=285&lng=en&fCountry=137

178.253.29.51

200 OK

176 B

URL GET HTTP/2
1xlite-461430.top/service-api/gamespreview/getbanner?whence=55&ref=1&gr=285&lng=en&fCountry=137
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
176 B (176 bytes)
Hash
ac86deb03def477abf768a8455c8aa90
87bbc45a47946c01a6f494da652c5b1940e4a62c
6a19047f1e73a26daaac3ec171356c005d39984c931de6c0c0b4184ade05c55b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/gamespreview/getbanner?whence=55&ref=1&gr=285&lng=en&fCountry=137 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2235918160-0cca-11ef-945a-6dc9d9560782%22%7D; platform_type=desktop; auid=sv0dM2Y6uuqIW4v/AxdSAg==; SESSION=3de462c77cef1cdd4d60e050e4c5d13b; window_width=1280
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:13 GMT
content-type: application/json; charset=utf-8
content-length: 176
x-time-ng: 0.003
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.011
X-Firefox-Spdy: h2

1xlite-461430.top/session-api/sessions/user

178.253.29.51

16 B

URL
1xlite-461430.top/session-api/sessions/user
IP
178.253.29.51:0
ASN
#202492 Silverhill Group Holding Ltd

File type
JSON text data
Size
16 B (16 bytes)
Hash
646b2e82b65602d35f7aa6283c387e3a
b163a70c5df8e4b0861a23a04f8a6f78393747f4
b68bf12405ee2cb5b76764df21dbc2df0953ddff4072ddc5281d1aab05e8c4ab

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /session-api/sessions/user HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2235918160-0cca-11ef-945a-6dc9d9560782%22%7D; platform_type=desktop; auid=sv0dM2Y6uuqIW4v/AxdSAg==; SESSION=3de462c77cef1cdd4d60e050e4c5d13b; window_width=1280
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:13 GMT
content-type: application/json
content-length: 16
cache-control: no-cache, private
x-time-ng: 0.003
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: p;dur=1.5430450439453, wf-uht;dur=0.010
X-Firefox-Spdy: h2

1xlite-461430.top/bff-api/event-logo/v2/suitable.json?lang=en

178.253.29.51

200 OK

2 B

URL GET HTTP/2
1xlite-461430.top/bff-api/event-logo/v2/suitable.json?lang=en
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
2 B (2 bytes)
Hash
d751713988987e9331980363e24189ce
97d170e1550eee4afc0af065b78cda302a97674c
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bff-api/event-logo/v2/suitable.json?lang=en HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2235918160-0cca-11ef-945a-6dc9d9560782%22%7D; platform_type=desktop; auid=sv0dM2Y6uuqIW4v/AxdSAg==; SESSION=3de462c77cef1cdd4d60e050e4c5d13b; window_width=1280
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:13 GMT
content-type: application/json
content-length: 2
cache-control: no-cache, private
server-timing: bff;dur=12.13, dt_total;dur=13.723, wf-uht;dur=0.022
traceparent: 00-ba323cf4fccaceea2cda5e6e547c8028-2f1755fed0c26bbf-01
x-dt: 285
x-time-ng: 0.013
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/88cfac66.css

185.244.209.62

200 OK

97 B

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/88cfac66.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
97 B (97 bytes)
Hash
9deb70dd3fbdc7061ed21c5632fbc55b
22ae1cadf75b3fdd5e3e3762842b1b7a6f6e7ed8
be8196057ac43ab3882caf30239c364e1ef4ceda087e92ca87187ce239f022f9

HTTP Headers

GET /_nuxt/desktop/default/css/88cfac66.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:13 GMT
content-type: text/css
content-length: 97
last-modified: Mon, 06 May 2024 10:23:04 GMT
etag: "6638af88-61"
content-encoding: gzip
expires: Tue, 07 May 2024 16:27:42 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-65bf6cdbe831950110d84e445040cc55-050f8b9dc6552830-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T16:27:42+00:00, 2024-05-07T13:45:35+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/Auth.Forms/RegistrationWidgetApp/components/userControl.auth_form_extended/registration.Main/da7322db-022bbfcd.js

185.244.209.62

8.5 kB

URL
v3.traincdn.com/_nuxt/desktop/default/vendors/Auth.Forms/RegistrationWidgetApp/components/userControl.auth_form_extended/registration.Main/da7322db-022bbfcd.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

File type
JavaScript source, ASCII text, with very long lines (25972)
Size
8.5 kB (8520 bytes)
Hash
e30c678eadf7bd0fcc773e1599b97ddf
41243dc14d9eb2569fa832a3b8c27fc0158991aa
a4334d54b8db6d6eceb88c48ee428dfbb0ad3749d4137439f77859e205b52806

HTTP Headers

GET /_nuxt/desktop/default/vendors/Auth.Forms/RegistrationWidgetApp/components/userControl.auth_form_extended/registration.Main/da7322db-022bbfcd.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:13 GMT
content-type: application/javascript; charset=utf-8
content-length: 8520
last-modified: Mon, 06 May 2024 10:23:04 GMT
etag: "6638af88-2148"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:16 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-8942c61cd0eb6d89e170e8653672c884-a1af92d90da80410-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:16+00:00, 2024-05-07T15:30:09+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/25e24e18.css

185.244.209.62

200 OK

1.5 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/25e24e18.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (6262), with no line terminators
Size
1.5 kB (1505 bytes)
Hash
09f1bd90913ad83743065cc13ee3e0c6
0f1d49d4ddfccf474d882839c1ac901a8c1d91e6
b0222e16baaccc20a1143166da7715bbab586f1d8d8bebf26f91e98738a55a92

HTTP Headers

GET /_nuxt/desktop/default/css/25e24e18.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:13 GMT
content-type: text/css
content-length: 1505
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-5e1"
content-encoding: gzip
expires: Tue, 07 May 2024 12:28:59 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-bec3c4772aeefedc99bc64de3d28f7c9-d38ba332e99f06d8-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T12:28:59+00:00, 2024-05-07T16:33:54+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-icons/1.0.328/285/common.svg

185.244.209.62

200 OK

81 kB

URL GET HTTP/2
v3.traincdn.com/sys-icons/1.0.328/285/common.svg
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
81 kB (80664 bytes)
Hash
231eb6c1a7f584c3ea20e780c11a6877
7c80916f8793c554e7f4a4c59f6ef7da95d334a0
5fee320aa833ae8ca93decb23cee8528fac26358632b1557758d9c6618c03fb9

HTTP Headers

GET /sys-icons/1.0.328/285/common.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:13 GMT
content-type: image/svg+xml
last-modified: Mon, 15 Apr 2024 07:13:32 GMT
etag: W/"7bf3e9e7d79beac942f5e7748a3af2e6"
x-amz-meta-mtime: 1713165210.217888091
content-encoding: gzip
expires: Tue, 23 Apr 2024 10:38:01 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-a6eef10ec054c23f84863e5e717c9af1-09ce902c6e3ab9b8-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-22T10:38:01+00:00, 2024-05-07T12:12:51+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/betting.coupon2-183c618c.js

185.244.209.62

579 B

URL
v3.traincdn.com/_nuxt/desktop/default/betting.coupon2-183c618c.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

File type
JavaScript source, ASCII text, with very long lines (1003), with no line terminators
Size
579 B (579 bytes)
Hash
54f54116f151f6469527d5f5c584887c
8078098cda5d50eeb285da4fc78655562f8324ed
8112adb0bbfa619109d5a6c3263e5e1761599c14b3c474b58b2f5ca512b46efb

HTTP Headers

GET /_nuxt/desktop/default/betting.coupon2-183c618c.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:13 GMT
content-type: application/javascript; charset=utf-8
content-length: 579
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-243"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:16 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-06df087bd0195a8ae07755bfa7b8956e-e4adbddf8b8b2722-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:16+00:00, 2024-05-07T15:18:35+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LiveFeed/WebGetTopChampsZip?lng=en&gr=285&country=137

178.253.29.51

395 B

URL
1xlite-461430.top/service-api/LiveFeed/WebGetTopChampsZip?lng=en&gr=285&country=137
IP
178.253.29.51:0
ASN
#202492 Silverhill Group Holding Ltd

File type
JSON text data
Size
395 B (395 bytes)
Hash
75993569645a5b2513536e3fb0c622ac
4b3a639c259658d2d1b6f09382694a908d60a1d8
715537f3f2a0ef2675ce3e13d350d8a44c64aa9306d0b1b137c63f184da7c501

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/WebGetTopChampsZip?lng=en&gr=285&country=137 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2235918160-0cca-11ef-945a-6dc9d9560782%22%7D; platform_type=desktop; auid=sv0dM2Y6uuqIW4v/AxdSAg==; SESSION=3de462c77cef1cdd4d60e050e4c5d13b; window_width=1280
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:13 GMT
content-type: application/json; charset=utf-8
content-length: 395
cache-control: no-cache
content-encoding: br
last-modified: Tue, 07 May 2024 23:36:13 GMT
vary: Accept-Encoding
x-time-ng: 0.004
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.011
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LiveFeed/GetTopGamesStatZip?lng=en&antisports=66

178.253.29.51

200 OK

2.5 kB

URL GET HTTP/2
1xlite-461430.top/service-api/LiveFeed/GetTopGamesStatZip?lng=en&antisports=66
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
2.5 kB (2452 bytes)
Hash
e250bc929c1058e996d272efafcf35fa
38b59bbf89ffd7036a11dea898992aeb3a60a59c
8fa3cc2cb19f0c3cc440f08c6a3e0bae9de296b3f83f8ef2f3af1cabb4a3d3cf

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/GetTopGamesStatZip?lng=en&antisports=66 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2235918160-0cca-11ef-945a-6dc9d9560782%22%7D; platform_type=desktop; auid=sv0dM2Y6uuqIW4v/AxdSAg==; SESSION=3de462c77cef1cdd4d60e050e4c5d13b; window_width=1280
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:13 GMT
content-type: application/json; charset=utf-8
content-length: 2452
cache-control: public, max-age=5
content-encoding: br
last-modified: Tue, 07 May 2024 23:36:13 GMT
vary: Accept-Encoding
x-time-ng: 0.008
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.015
X-Firefox-Spdy: h2

1xlite-461430.top/sys-betting-app-front/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782

178.253.29.51

200 OK

40 kB

URL GET HTTP/2
1xlite-461430.top/sys-betting-app-front/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
40 kB (39828 bytes)
Hash
b32e4b8c65433be8c24121f6b5f81ca8
b2e3f0d20247597270ac5ddfdcdc5889d1cb3e78
52f14a8533c31d64300583dde14b34ee3279210ec62137e43e81a11a07c29112

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sys-betting-app-front/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
content-type: application/json
x-requested-with: XMLHttpRequest
mf-render-mode: json
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2235918160-0cca-11ef-945a-6dc9d9560782%22%7D; platform_type=desktop; auid=sv0dM2Y6uuqIW4v/AxdSAg==; SESSION=3de462c77cef1cdd4d60e050e4c5d13b; window_width=1280
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:13 GMT
content-type: application/json
content-encoding: br
server-timing: total;dur=24;desc="Total __BETTING_APP__", dt_total;dur=33.245, wf-uht;dur=0.052
set-cookie: tzo=3; Path=/
traceparent: 00-791bcbc18e754fd7d7f468c2cd7c383a-594ac01cb33a8828-01
vary: Accept-Encoding, Accept-Encoding
x-dt: 285
x-time-ng: 0.031, 0.037
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

1xlite-461430.top/genfiles/cms/desktop/contact/dbc1950bbcc8e27b5dbec1f42635e8d0.svg

178.253.29.51

296 B

URL
1xlite-461430.top/genfiles/cms/desktop/contact/dbc1950bbcc8e27b5dbec1f42635e8d0.svg
IP
178.253.29.51:0
ASN
#202492 Silverhill Group Holding Ltd

File type
SVG Scalable Vector Graphics image
Size
296 B (296 bytes)
Hash
b1bf63d00887bb0354e9d89c7d790a01
2d64ab25c9afff682abd6732f62ba62a197e972b
a6a4fbbd99a0a82de03f05da827ccd9d019574bf3450727530403c2b5ce92df0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/desktop/contact/dbc1950bbcc8e27b5dbec1f42635e8d0.svg HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2235918160-0cca-11ef-945a-6dc9d9560782%22%7D; platform_type=desktop; auid=sv0dM2Y6uuqIW4v/AxdSAg==; SESSION=3de462c77cef1cdd4d60e050e4c5d13b; window_width=1280
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:14 GMT
content-type: image/svg+xml
content-length: 296
last-modified: Fri, 23 Feb 2024 10:03:47 GMT
etag: "b1bf63d00887bb0354e9d89c7d790a01"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
accept-ranges: bytes
X-Firefox-Spdy: h2

1xlite-461430.top/genfiles/cms/desktop/contact/6726b16cfb4e516989153ce398d4a0e4.svg

178.253.29.51

506 B

URL
1xlite-461430.top/genfiles/cms/desktop/contact/6726b16cfb4e516989153ce398d4a0e4.svg
IP
178.253.29.51:0
ASN
#202492 Silverhill Group Holding Ltd

File type
SVG Scalable Vector Graphics image
Size
506 B (506 bytes)
Hash
9c340eae608db0c25657b4a73d769afe
988fbf333a2e9290211cd9e6b7c98c59719012b0
b92e969acd8a1e0f9cfd1f84080ca5ccb8cb49b105299434c275a8813faf841e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/desktop/contact/6726b16cfb4e516989153ce398d4a0e4.svg HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2235918160-0cca-11ef-945a-6dc9d9560782%22%7D; platform_type=desktop; auid=sv0dM2Y6uuqIW4v/AxdSAg==; SESSION=3de462c77cef1cdd4d60e050e4c5d13b; window_width=1280
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:14 GMT
content-type: image/svg+xml
content-length: 506
last-modified: Fri, 23 Feb 2024 10:03:36 GMT
etag: "9c340eae608db0c25657b4a73d769afe"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
accept-ranges: bytes
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/DownloadAppWidgetAnalytics-2f154c8d.js

185.244.209.62

365 B

URL
v3.traincdn.com/_nuxt/desktop/default/DownloadAppWidgetAnalytics-2f154c8d.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

File type
JavaScript source, ASCII text, with very long lines (416), with no line terminators
Size
365 B (365 bytes)
Hash
f82b46dce7c19fd9f12e08311e06b4d7
a22d1a217e0b5665e976cecf1cba74c7f884ba21
a5a3de88355ca693c9e33b10b37c3f175362fb3c581ab02c44fbb4fc424c4b1d

HTTP Headers

GET /_nuxt/desktop/default/DownloadAppWidgetAnalytics-2f154c8d.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:14 GMT
content-type: application/javascript; charset=utf-8
content-length: 365
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-16d"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:30 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-8063dd5d2fcfe7b0a7069a4ee1b60c6e-0bf03019b4ea7eb7-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:30+00:00, 2024-05-07T15:29:44+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json

178.253.29.51

200 OK

23 B

URL POST HTTP/2
1xlite-461430.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
23 B (23 bytes)
Hash
ea6385860ef393e614f658b7b5391d9f
0027aa3f6494f0913b39721d7d04d449011c6608
d601f1265b840297c65ff473ed192bd789dd4daad807fd43640477e4e4633d80

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Content-Type: application/json
X-Lang: en
X-Uuid: 83174a4b-7a7c-4d7e-ae8b-23d6f43294e8
Content-Length: 81
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2235918160-0cca-11ef-945a-6dc9d9560782%22%7D; platform_type=desktop; auid=sv0dM2Y6uuqIW4v/AxdSAg==; SESSION=3de462c77cef1cdd4d60e050e4c5d13b; window_width=1280; _glhf=1715142750
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:14 GMT
content-type: application/json
content-length: 23
x-time-ng: 0.000
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.008
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/DownloadAppWidget/modal.IplWorldInstallModal/modal.office.TwoFactorAuthEnableModal-74c102e0.js

185.244.209.62

5.6 kB

URL
v3.traincdn.com/_nuxt/desktop/default/vendors/DownloadAppWidget/modal.IplWorldInstallModal/modal.office.TwoFactorAuthEnableModal-74c102e0.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

File type
JavaScript source, ASCII text, with very long lines (15997)
Size
5.6 kB (5562 bytes)
Hash
18f932fe4f53ce3de4a44b04b0524916
ed47f4f593c25b33012b0369c19883c23e7d3df1
c665029c63cfd9399be9c74e897668b621e3a6e690f0da69196f4c73c16f0cee

HTTP Headers

GET /_nuxt/desktop/default/vendors/DownloadAppWidget/modal.IplWorldInstallModal/modal.office.TwoFactorAuthEnableModal-74c102e0.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:14 GMT
content-type: application/javascript; charset=utf-8
content-length: 5562
last-modified: Mon, 06 May 2024 10:23:04 GMT
etag: "6638af88-15ba"
content-encoding: gzip
expires: Wed, 08 May 2024 08:42:16 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-80c74ce01b23c0abdffc3fbd86d1db29-0a53838782853a98-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T08:42:16+00:00, 2024-05-07T12:30:22+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/web-api/external-api/config/getVideoAccessConfig

178.253.29.51

4.0 kB

URL
1xlite-461430.top/web-api/external-api/config/getVideoAccessConfig
IP
178.253.29.51:0
ASN
#202492 Silverhill Group Holding Ltd

File type
JSON text data
Size
4.0 kB (4000 bytes)
Hash
cb0bc8eedc642fc591c0eef57e6c67e5
6c62aeececef0a5ff474bb21bf569ad8d48f6bd0
c57136f602923fc19534e58f7da5a483616d80031222372e19a29fd6f22b0a0e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /web-api/external-api/config/getVideoAccessConfig HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2235918160-0cca-11ef-945a-6dc9d9560782%22%7D; platform_type=desktop; auid=sv0dM2Y6uuqIW4v/AxdSAg==; SESSION=3de462c77cef1cdd4d60e050e4c5d13b; window_width=1280; _glhf=1715142750; che_g=e38fa854-3b8f-5cec-67b0-279293bd9acd
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:14 GMT
content-type: application/json
cache-control: no-cache, private
content-encoding: br
server-timing: p;dur=20, dt_total;dur=21.963, wf-uht;dur=0.033
traceparent: 00-1809b7ea86c54542e0b8b45ee62c88d8-a13884e970b7cba1-01
vary: Accept-Encoding
x-dt: 285
x-time-ng: 0.021
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/DownloadAppWidget-b6662b37.js

185.244.209.62

200 OK

4.1 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/DownloadAppWidget-b6662b37.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (12039), with no line terminators
Size
4.1 kB (4124 bytes)
Hash
d5bb5783c476219b31ce5582083fd74b
326b40532b72988c1d23fb931daabead75d18482
2724a816ddb0fd1234ca8cebf9db4fd60290f282fcfcb5619ffe70be9c0160b7

HTTP Headers

GET /_nuxt/desktop/default/DownloadAppWidget-b6662b37.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:14 GMT
content-type: application/javascript; charset=utf-8
content-length: 4124
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-101c"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:35 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-c6c2b6e64233580318c7826de8656329-aa3633171f50c202-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:35+00:00, 2024-05-07T15:29:49+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sfiles/logo-champ/fb87599cd1236423aaeb35a23a706e18.webp

185.244.209.62

2.0 kB

URL
v3.traincdn.com/sfiles/logo-champ/fb87599cd1236423aaeb35a23a706e18.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

File type
RIFF (little-endian) data, Web/P image
Size
2.0 kB (1982 bytes)
Hash
870d4e81d1d5e1b0bc23e9cbd4407760
34818a0fc0f536005e182e7cfcbc54cd08bface8
195fa94124acd96f6e3b973b5adb6245c2962c244a765b3e399afea7e60faab5

HTTP Headers

GET /sfiles/logo-champ/fb87599cd1236423aaeb35a23a706e18.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:14 GMT
content-type: image/webp
content-length: 1982
last-modified: Wed, 04 Jan 2023 08:10:48 GMT
etag: "870d4e81d1d5e1b0bc23e9cbd4407760"
cache-control: public, max-age=86400, public
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-c20c4b8e6738005281ee630e58bf5d58-2c6d381f6b204f5e-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-03-19T22:39:48+00:00, 2024-05-07T18:06:25+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/26adcfbe9c2dc689a4147d17ad31f348.webp

185.244.209.62

200 OK

788 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/26adcfbe9c2dc689a4147d17ad31f348.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
788 B (788 bytes)
Hash
33a8ab4754080b55227b04787d515805
0098031d96d1ffbea2b2c01c50b7b0da6a017125
b350f394cd3aeefe88a95b98a6f99c9e063dea63e4068b3a30e751ede8a79c1c

HTTP Headers

GET /resized/size16/sfiles/logo_teams/26adcfbe9c2dc689a4147d17ad31f348.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:14 GMT
content-type: image/webp
content-length: 788
cache-control: max-age=94608000
content-disposition: inline; filename="26adcfbe9c2dc689a4147d17ad31f348.webp"
content-security-policy: script-src 'none'
expires: Mon, 26 Apr 2027 19:47:18 GMT
x-request-id: ae842630f1010cc821a2a8db35817d9a
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-100955635808797737ecd530854148ce-96e6b927a4a181ff-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T19:47:18+00:00, 2024-05-04T12:55:29+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/237d7df8d263bc2787c001ed1c4152b8.webp

185.244.209.62

200 OK

718 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/237d7df8d263bc2787c001ed1c4152b8.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
718 B (718 bytes)
Hash
fbc788d3e4018f6ae486aed078d25fa7
356fee9899b25c4915d3e31e9c8c4bb8681a2d0f
9ee03c7ca068cc733d9cda6d01be409fcd007cfe5c6d38661b58f90bbb3fd9a1

HTTP Headers

GET /resized/size16/sfiles/logo_teams/237d7df8d263bc2787c001ed1c4152b8.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:14 GMT
content-type: image/webp
content-length: 718
cache-control: max-age=94608000
content-disposition: inline; filename="237d7df8d263bc2787c001ed1c4152b8.webp"
content-security-policy: script-src 'none'
expires: Mon, 26 Apr 2027 07:39:39 GMT
x-request-id: 5e21da8ecf136033746ce7102f9bc841
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-151db5f654ac30dc6d03f92247110447-f528a92478bf4274-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T07:39:39+00:00, 2024-05-06T02:09:10+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/2374.webp

185.244.209.62

782 B

URL
v3.traincdn.com/resized/size16/sfiles/logo_teams/2374.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

File type
RIFF (little-endian) data, Web/P image
Size
782 B (782 bytes)
Hash
53df0a0bbacefe7b27366eb024b9222d
ba24352095fcc83f28a93bd24d17bd514507878d
670535fdd7639dbfb61d21efac29ffcc422d2b587d13de66c96e07c3ee2b735a

HTTP Headers

GET /resized/size16/sfiles/logo_teams/2374.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:14 GMT
content-type: image/webp
content-length: 782
cache-control: max-age=94608000
content-disposition: inline; filename="2374.webp"
content-security-policy: script-src 'none'
expires: Mon, 26 Apr 2027 19:29:49 GMT
x-request-id: d1a7641a53ebd738084a7900c765b2ad
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-2f515414e5e700aaa5a9fff438392ee7-d3f2e54dfb91edae-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T19:29:49+00:00, 2024-05-04T18:26:13+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/11715.webp

185.244.209.62

706 B

URL
v3.traincdn.com/resized/size16/sfiles/logo_teams/11715.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

File type
RIFF (little-endian) data, Web/P image
Size
706 B (706 bytes)
Hash
2ca109c41ac584d78ad9e6d5629ad653
685c514e52474c6056b78c7fe1065583d69cce08
97efd20e425b9c6ea8b0c9cf4a2989cd6e286695859075f75a1b0b7860995266

HTTP Headers

GET /resized/size16/sfiles/logo_teams/11715.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:14 GMT
content-type: image/webp
content-length: 706
cache-control: max-age=94608000
content-disposition: inline; filename="11715.webp"
content-security-policy: script-src 'none'
expires: Fri, 05 Mar 2027 12:25:41 GMT
x-request-id: d2d5ff306c6c3ad5ab7f2405f07b7490
x-time-ng: 0.035
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-f338961158d4ceadfbc4d9f5143a66e5-20820aeb49d5883e-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-03-05T12:25:41+00:00, 2024-03-05T17:10:20+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/6854.webp

185.244.209.62

792 B

URL
v3.traincdn.com/resized/size16/sfiles/logo_teams/6854.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

File type
RIFF (little-endian) data, Web/P image
Size
792 B (792 bytes)
Hash
4c6d23c3b36f262234413d5814bb3287
1d11cde2f47eeac8c1a0ceaf9fb4e53ed1b98757
26d2a4f14c6684b197200bfb39ccea57a469e8ee5c0965d81fe756e1b0c44edc

HTTP Headers

GET /resized/size16/sfiles/logo_teams/6854.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:14 GMT
content-type: image/webp
content-length: 792
cache-control: max-age=94608000
content-disposition: inline; filename="6854.webp"
content-security-policy: script-src 'none'
expires: Tue, 04 May 2027 02:02:45 GMT
x-request-id: a39e384b678b43352e71c18c1c3a52ae
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-c40e967eaad467025cffb3709ae65cdc-89f09156fb65a084-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-04T02:02:45+00:00, 2024-05-05T21:11:18+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/8d555a2cacdac3e3cc957971dba3114a.webp

185.244.209.62

200 OK

754 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/8d555a2cacdac3e3cc957971dba3114a.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
754 B (754 bytes)
Hash
016ba99c1fb65c78e5301b046ab87a6b
07bd5d79eea6dac883e823bb8e6e5f652cfae520
025703937b373e2bcac264c1a96597aa0495caeec504123c912a93056317c46b

HTTP Headers

GET /resized/size16/sfiles/logo_teams/8d555a2cacdac3e3cc957971dba3114a.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:14 GMT
content-type: image/webp
content-length: 754
cache-control: max-age=94608000
content-disposition: inline; filename="8d555a2cacdac3e3cc957971dba3114a.webp"
content-security-policy: script-src 'none'
expires: Tue, 06 Apr 2027 01:04:53 GMT
x-request-id: 9b4f11531a889294007866ae07bb074d
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-6880f32b298f6747de82a5dd1f972866-5dd58db18e88000c-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-06T01:04:53+00:00, 2024-04-10T00:16:19+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sfiles/logo-champ/246a944858d7a07393dd4f6739f94bf9.webp

185.244.209.62

200 OK

7.1 kB

URL GET HTTP/2
v3.traincdn.com/sfiles/logo-champ/246a944858d7a07393dd4f6739f94bf9.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
7.1 kB (7066 bytes)
Hash
14b81bb2a70130c395b98ba4cb1f4a3a
378094090781a2d412f234bff2bb311adf0a22d0
11128b17e044b6dfe4d716c11854e95486c9e942a942064c82968f6a34c777bb

HTTP Headers

GET /sfiles/logo-champ/246a944858d7a07393dd4f6739f94bf9.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:14 GMT
content-type: image/webp
content-length: 7066
last-modified: Wed, 04 Jan 2023 07:42:08 GMT
etag: "14b81bb2a70130c395b98ba4cb1f4a3a"
cache-control: public, max-age=86400, public
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-54c2c8d8f6f64f36dc09f2a5ef677ba2-d99f7b254f1d036a-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T00:05:10+00:00, 2024-05-07T01:49:09+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/8472.webp

185.244.209.62

200 OK

744 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/8472.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
744 B (744 bytes)
Hash
9c0ad43335054d5a2e7d1dd5b08a09b7
8e40b67a1f78d50e7afb78b3093f7a131d72d79e
ca216f878e8eee7ee159d53eff50f4390498fb4526f76e30e9b6bcf5ea214a6b

HTTP Headers

GET /resized/size16/sfiles/logo_teams/8472.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:14 GMT
content-type: image/webp
content-length: 744
cache-control: max-age=94608000
content-disposition: inline; filename="8472.webp"
content-security-policy: script-src 'none'
expires: Fri, 30 Apr 2027 18:30:37 GMT
x-request-id: eedddb2d22c6f701578eea30f950c535
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-5a08e951718ac54c5a2aae4199167bb1-802b8c4c51af04b0-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-30T18:30:37+00:00, 2024-05-01T12:18:07+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/8492.webp

185.244.209.62

780 B

URL
v3.traincdn.com/resized/size16/sfiles/logo_teams/8492.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

File type
RIFF (little-endian) data, Web/P image
Size
780 B (780 bytes)
Hash
3dd44cf69df412685847cf56636b62df
101b3a5e2faf781150b3fec57f0d0292f244f079
6ae5ae16dd41a9f2715dd42ef0d073e77ad272958c3af03d8a9996a7cf5fe292

HTTP Headers

GET /resized/size16/sfiles/logo_teams/8492.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:14 GMT
content-type: image/webp
content-length: 780
cache-control: max-age=94608000
content-disposition: inline; filename="8492.webp"
content-security-policy: script-src 'none'
expires: Thu, 04 Mar 2027 13:59:34 GMT
x-request-id: aebcabbfbe9ed8212e10ee0d6880d363
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-c923317eb7feb5503298a97f048e48be-c02ccf784ddfc221-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-03-04T13:59:34+00:00, 2024-03-05T09:49:32+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/1d1318f0301ee3623289e442209b311b.webp

185.244.209.62

200 OK

726 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/1d1318f0301ee3623289e442209b311b.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
726 B (726 bytes)
Hash
f85da6e2cdcb560d8b8a10a47964ce45
c14f3d00dfbba7d2c0acf1967fbc026e08f5a432
a9717d49b9f33e6f12375a0a96673ac607832dfb9e9317dac7f3418ff5ebc618

HTTP Headers

GET /resized/size16/sfiles/logo_teams/1d1318f0301ee3623289e442209b311b.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:14 GMT
content-type: image/webp
content-length: 726
cache-control: max-age=94608000
content-disposition: inline; filename="1d1318f0301ee3623289e442209b311b.webp"
content-security-policy: script-src 'none'
expires: Fri, 30 Apr 2027 17:15:40 GMT
x-request-id: 22d55f1c1a3e5fc03d04e49756577b00
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-3113aaceb287fb86037ed6735441c5de-89ca11a535deabf8-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-30T17:15:40+00:00, 2024-05-03T06:35:26+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/116127.webp

185.244.209.62

200 OK

808 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/116127.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
808 B (808 bytes)
Hash
2c56ef6cbe13667fbdbfa2858e4ef6cf
53d2cec67f2b33c07e41ce94eece59356472cfb7
87a1b41019ae59837f2b84677ac6c4359228b14a2bf2ecf2124cc65639e7a991

HTTP Headers

GET /resized/size16/sfiles/logo_teams/116127.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:14 GMT
content-type: image/webp
content-length: 808
cache-control: max-age=94608000
content-disposition: inline; filename="116127.webp"
content-security-policy: script-src 'none'
expires: Fri, 30 Apr 2027 01:20:38 GMT
x-request-id: 60032eeabedce7f9a383440edc8681fa
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-5e94516675a489935cf7d153f16bca86-8e416c0cf55e7599-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-30T01:20:38+00:00, 2024-05-03T06:35:26+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/fd9a7c0864d0e15c06b03f73bf92c260.webp

185.244.209.62

802 B

URL
v3.traincdn.com/resized/size16/sfiles/logo_teams/fd9a7c0864d0e15c06b03f73bf92c260.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

File type
RIFF (little-endian) data, Web/P image
Size
802 B (802 bytes)
Hash
1dcb158d85eea42c1396c3a711646e63
fc5763bd4e05318db0682d45bc2a02255c1e0eb7
dcd93e0009282398634e1f107c30cd13ee0adbc1914642f14c7b7d6f75284d69

HTTP Headers

GET /resized/size16/sfiles/logo_teams/fd9a7c0864d0e15c06b03f73bf92c260.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:14 GMT
content-type: image/webp
content-length: 802
cache-control: max-age=94608000
content-disposition: inline; filename="fd9a7c0864d0e15c06b03f73bf92c260.webp"
content-security-policy: script-src 'none'
expires: Wed, 05 May 2027 14:20:09 GMT
x-request-id: 7eefcfc6f2e3d3d0eeedb6d4740ee3e9
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-5e1f275dd22800c0b6af41ce8730f0fa-9042bdf72726805a-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-05T14:20:09+00:00, 2024-05-06T19:04:43+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/6044.webp

185.244.209.62

200 OK

724 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/6044.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
724 B (724 bytes)
Hash
2a3a4d5877ed776f4071349afb070a8e
d3e751f7a44410944fbbab7cff67ab365b66fd0f
79b12ae5adf58c0a352d15bdf1db053f3231e200e1f0251bbc191017ecda8de5

HTTP Headers

GET /resized/size16/sfiles/logo_teams/6044.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:14 GMT
content-type: image/webp
content-length: 724
cache-control: max-age=94608000
content-disposition: inline; filename="6044.webp"
content-security-policy: script-src 'none'
expires: Wed, 05 May 2027 14:20:09 GMT
x-request-id: 0d1117496e39a8c49ba4fd2e053950f7
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-3912c76b3aef2fc7c8d98de28f090bd6-8865e80fbb0f8731-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-05T14:20:09+00:00, 2024-05-06T19:04:43+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sfiles/logo-champ/496ef9da94656b1c011e21210c8bd2b2.webp

185.244.209.62

2.0 kB

URL
v3.traincdn.com/sfiles/logo-champ/496ef9da94656b1c011e21210c8bd2b2.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

File type
RIFF (little-endian) data, Web/P image
Size
2.0 kB (1982 bytes)
Hash
870d4e81d1d5e1b0bc23e9cbd4407760
34818a0fc0f536005e182e7cfcbc54cd08bface8
195fa94124acd96f6e3b973b5adb6245c2962c244a765b3e399afea7e60faab5

HTTP Headers

GET /sfiles/logo-champ/496ef9da94656b1c011e21210c8bd2b2.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:14 GMT
content-type: image/webp
content-length: 1982
last-modified: Wed, 04 Jan 2023 08:06:43 GMT
etag: "870d4e81d1d5e1b0bc23e9cbd4407760"
cache-control: public, max-age=86400, public
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-d2e962c06ee81b53308687af6b70b17b-e6d183b399b6ac9f-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-28T22:22:18+00:00, 2024-05-07T18:06:25+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/13869.webp

185.244.209.62

810 B

URL
v3.traincdn.com/resized/size16/sfiles/logo_teams/13869.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

File type
RIFF (little-endian) data, Web/P image
Size
810 B (810 bytes)
Hash
7fabfc495c9d7178fed3b0eb3aaa0601
663057526ed62c1fb7fa82bd60576ce48ed5290c
825070b0e21943950338ab03dc78ca1dc505a0ba0f1c7394e29935fba34b4825

HTTP Headers

GET /resized/size16/sfiles/logo_teams/13869.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:14 GMT
content-type: image/webp
content-length: 810
cache-control: max-age=94608000
content-disposition: inline; filename="13869.webp"
content-security-policy: script-src 'none'
expires: Fri, 30 Apr 2027 15:52:47 GMT
x-request-id: da08e0f937c994693ff8b96726636e7e
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-7d2874a55afd6322726acad97a70c1bd-2e1d334c58d89b9f-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-30T15:52:47+00:00, 2024-05-02T05:59:25+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/c07b847b1f7ed93db6678a77ff6d5c85.webp

185.244.209.62

844 B

URL
v3.traincdn.com/resized/size16/sfiles/logo_teams/c07b847b1f7ed93db6678a77ff6d5c85.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

File type
RIFF (little-endian) data, Web/P image
Size
844 B (844 bytes)
Hash
77af0769ae25634a1ac44514de404dc6
b00cbe768ada358bc5cd61be5fa02f7353eacb2f
a5f02620069191472009d70b66446fe631931e1216411acb03c7702c62f6c1c9

HTTP Headers

GET /resized/size16/sfiles/logo_teams/c07b847b1f7ed93db6678a77ff6d5c85.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:14 GMT
content-type: image/webp
content-length: 844
cache-control: max-age=94608000
content-disposition: inline; filename="c07b847b1f7ed93db6678a77ff6d5c85.webp"
content-security-policy: script-src 'none'
expires: Mon, 15 Feb 2027 12:50:44 GMT
x-request-id: 10e67bb01182879226366493cafcf10b
strict-transport-security: max-age=15724800; includeSubDomains
x-time-ng: 0.000
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-341568a86e64c1f69d4b360be43555cf-56238fc8694a46b4-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-02-16T12:50:44+00:00, 2024-02-21T17:57:12+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/fa43184e72ec88d783f697aac28b7a39.webp

185.244.209.62

696 B

URL
v3.traincdn.com/resized/size16/sfiles/logo_teams/fa43184e72ec88d783f697aac28b7a39.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

File type
RIFF (little-endian) data, Web/P image
Size
696 B (696 bytes)
Hash
4e287ab2914ca4d3c0ec942db75f71d6
84a1ab209815b7f2495b3b9cf220e2f4a912fc50
0f1574264632a2e9b655eae36496e7d11f6145e726cfef503a6c399b8c4950df

HTTP Headers

GET /resized/size16/sfiles/logo_teams/fa43184e72ec88d783f697aac28b7a39.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:14 GMT
content-type: image/webp
content-length: 696
cache-control: max-age=94608000
content-disposition: inline; filename="fa43184e72ec88d783f697aac28b7a39.webp"
content-security-policy: script-src 'none'
expires: Sat, 01 May 2027 09:56:38 GMT
x-request-id: 8769bbf1d3686640f50d41c87e441876
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-9ca3f5e9da0f3fd5b4ea18c9caa780ab-ab7ea62679ee8f36-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-01T09:56:38+00:00, 2024-05-02T05:59:25+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/2364.webp

185.244.209.62

200 OK

808 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/2364.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
808 B (808 bytes)
Hash
ab4ea6aaea98b70cf40a0c2288427ebf
fd15291553ff26b593ec21c30b8a211bdf47ccc2
410ebdc3f7e30c0bca7b4693dd182d5a37f0a989e7a0d7dc72f3e9fe65a4cbcf

HTTP Headers

GET /resized/size16/sfiles/logo_teams/2364.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:14 GMT
content-type: image/webp
content-length: 808
cache-control: max-age=94608000
content-disposition: inline; filename="2364.webp"
content-security-policy: script-src 'none'
expires: Fri, 30 Apr 2027 09:07:55 GMT
x-request-id: 187ad21f3585ea5125ac64b48692b195
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-f73542fc26f045b03ee671f456aeda40-b9a53068d45d7fde-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-30T09:07:55+00:00, 2024-05-02T05:59:25+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true

178.253.29.51

200 OK

11 kB

URL GET HTTP/2
1xlite-461430.top/service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
11 kB (10673 bytes)
Hash
0e0e019faf6b136bcbcc2d5f8027b704
2d62b6968bd87a9f500a64adf5ff2924fe2fda0f
442953367b48d1208c7a9a63227fd998c1b256ae2a6b33406fe2a41cbf76f776

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2235918160-0cca-11ef-945a-6dc9d9560782%22%7D; platform_type=desktop; auid=sv0dM2Y6uuqIW4v/AxdSAg==; SESSION=3de462c77cef1cdd4d60e050e4c5d13b; window_width=1280; _glhf=1715142750; che_g=e38fa854-3b8f-5cec-67b0-279293bd9acd; application_locale=en
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:15 GMT
content-type: application/json; charset=utf-8
content-length: 10673
cache-control: public, max-age=5
content-encoding: br
last-modified: Tue, 07 May 2024 23:36:15 GMT
vary: Accept-Encoding
x-time-ng: 0.018
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.026
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/ff09be90.css

185.244.209.62

705 B

URL
v3.traincdn.com/_nuxt/desktop/default/css/ff09be90.css
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

File type
ASCII text, with very long lines (4705), with no line terminators
Size
705 B (705 bytes)
Hash
2b6cccff5325f6e14ccd6ec354319cd6
f4ec05fc468d3daddec1a3d825c29a55ce4b2050
a153e31a0350b58aad71597632348e14c954738845b58f05ca04b8212dbaca38

HTTP Headers

GET /_nuxt/desktop/default/css/ff09be90.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:15 GMT
content-type: text/css
content-length: 705
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-2c1"
content-encoding: gzip
expires: Tue, 07 May 2024 14:41:31 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-737bd5bf504be47490609a70ff674989-e957a5f3c09c6bc3-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:41:31+00:00, 2024-05-07T06:06:35+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/betting.SportsMenuCompact-e547fa93.js

185.244.209.62

2.3 kB

URL
v3.traincdn.com/_nuxt/desktop/default/betting.SportsMenuCompact-e547fa93.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

File type
JavaScript source, ASCII text, with very long lines (7751), with no line terminators
Size
2.3 kB (2295 bytes)
Hash
3078429361b9801527b7f4deb1ff2633
c0bf69639f54697d7fcf5ee8ed06072a629b3fff
3042f5f56a8fae2d232bd88071179a50133e8d90fd11ec2f52259b23d8e0cb5a

HTTP Headers

GET /_nuxt/desktop/default/betting.SportsMenuCompact-e547fa93.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:15 GMT
content-type: application/javascript; charset=utf-8
content-length: 2295
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-8f7"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:43 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-6088880835e646c8fb6b764defe15d84-c976a2eecd717da7-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:43+00:00, 2024-05-07T16:33:57+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sfiles/games-images/game-previews/190x102/games-no-faceless.webp

185.244.209.62

200 OK

6.9 kB

URL GET HTTP/2
v3.traincdn.com/sfiles/games-images/game-previews/190x102/games-no-faceless.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 380x204, Scaling: [none]x[none], YUV color, decoders should clamp
Size
6.9 kB (6884 bytes)
Hash
b7304b532dca88cc708b1c81edf7e051
d9ca9db864badb40bcab6d846ba7110413a339d3
324b9021e7fa1a227b418f5b0707e174d86aa20decea945eab3cea41aac8d2ca

HTTP Headers

GET /sfiles/games-images/game-previews/190x102/games-no-faceless.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:15 GMT
content-type: application/octet-stream
content-length: 6884
last-modified: Thu, 31 Aug 2023 08:11:01 GMT
etag: "b7304b532dca88cc708b1c81edf7e051"
x-amz-meta-origin-date-iso8601: 2023-08-31T08:04:10.000Z
expires: Tue, 14 Nov 2023 18:21:42 GMT
cache-control: max-age=86400, public
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-f02a9d2ba3eb4aaaa0a7005f88a5a9c6-7309db9e0da7c1a7-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-17T18:59:15+00:00, 2024-05-07T07:17:16+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sfiles/games-images/game-previews/190x102/game-58.webp

185.244.209.62

8.9 kB

URL
v3.traincdn.com/sfiles/games-images/game-previews/190x102/game-58.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 380x204, Scaling: [none]x[none], YUV color, decoders should clamp
Size
8.9 kB (8880 bytes)
Hash
7a49dad906575c61dd636edbe1201479
d4bf0fbfadca8c6d3a7ec8f3d34d08fced98a21d
0e0cd085244f6272acfa6794d90e32685fa203973e85c62fa96f02cddf7172c6

HTTP Headers

GET /sfiles/games-images/game-previews/190x102/game-58.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:15 GMT
content-type: application/octet-stream
content-length: 8880
last-modified: Thu, 31 Aug 2023 08:11:00 GMT
etag: "7a49dad906575c61dd636edbe1201479"
x-amz-meta-origin-date-iso8601: 2023-08-31T08:03:42.000Z
expires: Tue, 14 Nov 2023 18:21:44 GMT
cache-control: max-age=86400, public
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-d69c0e5edc5dbeb0d4df579be07fca78-069df02537f94ae8-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-17T19:17:28+00:00, 2024-05-07T07:17:16+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sfiles/games-images/game-previews/190x102/game-371.webp

185.244.209.62

200 OK

6.2 kB

URL GET HTTP/2
v3.traincdn.com/sfiles/games-images/game-previews/190x102/game-371.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 380x204, Scaling: [none]x[none], YUV color, decoders should clamp
Size
6.2 kB (6158 bytes)
Hash
64ff358fd3a82358542d29d53649dd85
0a15b0731a9468fe49e3b512febe91d951ef6156
a9ae35f930c0bf59e407a0c082347049ae11738d330df4e32f4b2b1129d1470c

HTTP Headers

GET /sfiles/games-images/game-previews/190x102/game-371.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:15 GMT
content-type: application/octet-stream
content-length: 6158
last-modified: Thu, 31 Aug 2023 08:10:58 GMT
etag: "64ff358fd3a82358542d29d53649dd85"
x-amz-meta-origin-date-iso8601: 2023-08-31T08:04:04.000Z
expires: Tue, 14 Nov 2023 18:22:10 GMT
cache-control: max-age=86400, public
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-2330a65bcbbe91564c73fe7adc893bb1-be0c0893b0e10afe-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-17T19:17:28+00:00, 2024-05-07T07:17:16+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sfiles/games-images/game-previews/190x102/game-249.webp

185.244.209.62

20 kB

URL
v3.traincdn.com/sfiles/games-images/game-previews/190x102/game-249.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 380x204, Scaling: [none]x[none], YUV color, decoders should clamp
Size
20 kB (19770 bytes)
Hash
2c02d34e261b48da9db2682ad433c5e8
e6b9618ac0040910f755a6f24dcb2f5500bb9aca
d8db064ea1623849ccee86b27bdb7825aa0dc452293576de352f9269af60ecfe

HTTP Headers

GET /sfiles/games-images/game-previews/190x102/game-249.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:15 GMT
content-type: application/octet-stream
content-length: 19770
last-modified: Thu, 31 Aug 2023 08:10:56 GMT
etag: "2c02d34e261b48da9db2682ad433c5e8"
x-amz-meta-origin-date-iso8601: 2023-08-31T08:04:00.000Z
expires: Tue, 14 Nov 2023 18:22:10 GMT
cache-control: max-age=86400, public
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-92551a4250cf34c5beae6fc55be85f6e-a86f77152303ae71-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-17T19:17:28+00:00, 2024-05-07T07:17:16+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sfiles/games-images/game-previews/190x102/game-69.webp

185.244.209.62

200 OK

4.3 kB

URL GET HTTP/2
v3.traincdn.com/sfiles/games-images/game-previews/190x102/game-69.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 380x204, Scaling: [none]x[none], YUV color, decoders should clamp
Size
4.3 kB (4256 bytes)
Hash
8c2b80027d3818f6bc91227418589ee6
c6d3c4595860bd3d685e4ddea5d4610a6f642a9b
cec387d33e94b8222d71031dbda50143a7ea2e1470d2c96c9e147aa4c4a43960

HTTP Headers

GET /sfiles/games-images/game-previews/190x102/game-69.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:15 GMT
content-type: application/octet-stream
content-length: 4256
last-modified: Thu, 31 Aug 2023 08:11:01 GMT
etag: "8c2b80027d3818f6bc91227418589ee6"
x-amz-meta-origin-date-iso8601: 2023-08-31T08:03:42.000Z
expires: Tue, 14 Nov 2023 18:22:10 GMT
cache-control: max-age=86400, public
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-0dda489d37e47174bd0c00ceccce51e3-74ce06b9395de2bf-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-17T19:23:21+00:00, 2024-05-07T12:30:21+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true

178.253.29.51

200 OK

2.6 kB

URL GET HTTP/2
1xlite-461430.top/service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
2.6 kB (2647 bytes)
Hash
a1159db27a76376efd1cfdd16b13cde1
bdcd46198018d03ed5372288436a78fe0d9b5a68
e4a7478f8fe2718f20eff9864770f97f391cfc3c04a464ed41c0cf18fd183fc3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2235918160-0cca-11ef-945a-6dc9d9560782%22%7D; platform_type=desktop; auid=sv0dM2Y6uuqIW4v/AxdSAg==; SESSION=3de462c77cef1cdd4d60e050e4c5d13b; window_width=1280; _glhf=1715142750; che_g=e38fa854-3b8f-5cec-67b0-279293bd9acd; application_locale=en
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:15 GMT
content-type: application/json; charset=utf-8
content-length: 2647
cache-control: public, max-age=5
content-encoding: br
last-modified: Tue, 07 May 2024 23:36:15 GMT
vary: Accept-Encoding
x-time-ng: 0.010
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.018
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LineFeed/GetSportsShortZip?lng=en&country=137&virtualSports=true&gr=285&groupChamps=true

178.253.29.51

200 OK

2.0 kB

URL GET HTTP/2
1xlite-461430.top/service-api/LineFeed/GetSportsShortZip?lng=en&country=137&virtualSports=true&gr=285&groupChamps=true
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
2.0 kB (2000 bytes)
Hash
483a2532947872684dd5fde0afe57805
d142bfbf0857ed4da46b58a497b4fe75ad189687
3133eab2726a6ad67afc2700f5711d4a81022ce4ec963c5fea22bdc58470f5be

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LineFeed/GetSportsShortZip?lng=en&country=137&virtualSports=true&gr=285&groupChamps=true HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2235918160-0cca-11ef-945a-6dc9d9560782%22%7D; platform_type=desktop; auid=sv0dM2Y6uuqIW4v/AxdSAg==; SESSION=3de462c77cef1cdd4d60e050e4c5d13b; window_width=1280; _glhf=1715142750; che_g=e38fa854-3b8f-5cec-67b0-279293bd9acd; application_locale=en
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:15 GMT
content-type: application/json; charset=utf-8
content-length: 2000
cache-control: public, max-age=5
content-encoding: br
last-modified: Tue, 07 May 2024 23:36:15 GMT
vary: Accept-Encoding
x-time-ng: 0.052
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.060
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/site-admin/css_vars/f506188b04c16eaa9c664ed23f7ce58e.css

185.244.209.62

200 OK

46 B

URL GET HTTP/2
v3.traincdn.com/genfiles/site-admin/css_vars/f506188b04c16eaa9c664ed23f7ce58e.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
46 B (46 bytes)
Hash
f506188b04c16eaa9c664ed23f7ce58e
08d068d7fa5a84beb06ba924a35d84d6bfdab30a
b9bfda0e940104e190b19543b94a10d120643bd1516d3ca2d266a0af6c0966e9

HTTP Headers

GET /genfiles/site-admin/css_vars/f506188b04c16eaa9c664ed23f7ce58e.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:16 GMT
content-type: text/css
content-length: 46
last-modified: Fri, 12 Apr 2024 13:46:52 GMT
etag: "f506188b04c16eaa9c664ed23f7ce58e"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-4a03624a0931383c720fa2dfd915e238-b2562ab596b1d3ee-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-18T12:47:35+00:00, 2024-05-07T22:53:26+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

widget.suphelper.top/services/widget/v2/most-required?projectId=5b61b42ffdf00b25dc78f342&credentials=%7B%22$type%22:%22GuestCredentials%22,%22id%22:%2242399254-5fbc-45c3-bc41-9ac675e965b8%22%7D

172.64.148.184

30 kB

URL
widget.suphelper.top/services/widget/v2/most-required?projectId=5b61b42ffdf00b25dc78f342&credentials=%7B%22$type%22:%22GuestCredentials%22,%22id%22:%2242399254-5fbc-45c3-bc41-9ac675e965b8%22%7D
IP
172.64.148.184:0
ASN
#13335 CLOUDFLARENET

File type
gzip compressed data, from Unix
Size
30 kB (30002 bytes)
Hash
862441d562db0d1ed7f463e42c8e4f9e
5ab8cc39df5126f91fd29d1cf15a581e95df5f29
c3799e3edf81554bd8c0f497a0af366a3f409705d76d7806e4c3d75582107363

HTTP Headers

GET /services/widget/v2/most-required?projectId=5b61b42ffdf00b25dc78f342&credentials=%7B%22$type%22:%22GuestCredentials%22,%22id%22:%2242399254-5fbc-45c3-bc41-9ac675e965b8%22%7D HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 23:36:18 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 8805080b4d88b50c-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/f385e6db/_middlewareManifest.js

172.64.148.184

10 kB

URL
widget.suphelper.top/_next/static/f385e6db/_middlewareManifest.js
IP
172.64.148.184:0
ASN
#13335 CLOUDFLARENET

File type
gzip compressed data, from Unix
Size
10 kB (10523 bytes)
Hash
e8233cd7cc3160c10be082fcdefe64ad
47efa4d0c3923adbb026b3d5f580e2ccf1ee609b
ca834b75ca8802a5432401d3e8f2bf512893f3aba73864bd7612668f6d797553

HTTP Headers

GET /_next/static/f385e6db/_middlewareManifest.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 23:36:16 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 02 May 2024 07:01:48 GMT
etag: W/"5c-18f381bf92a"
vary: Accept-Encoding
cf-cache-status: HIT
age: 491326
expires: Wed, 07 May 2025 23:36:16 GMT
server: cloudflare
cf-ray: 880507fe7de1b50c-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

v3.traincdn.com/sfiles/games-images/game-animations/game-316-animation.svg

185.244.209.62

200 OK

86 kB

URL GET HTTP/2
v3.traincdn.com/sfiles/games-images/game-animations/game-316-animation.svg
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
86 kB (85930 bytes)
Hash
2bd53612fd59f23f50e7f831260b988b
6e58de85ddca172f6ad0b31f2d1de972416839e1
1780f5c7d89a8171b157bde0babc8379784ca4f2add29a7548d93e5136c6f2cd

HTTP Headers

GET /sfiles/games-images/game-animations/game-316-animation.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:16 GMT
content-type: image/svg+xml
last-modified: Tue, 16 Jan 2024 08:41:20 GMT
etag: W/"0db44d13e7a50cd2da8dd47ff024f1cd"
x-amz-meta-origin-date-iso8601: 2024-01-12T15:48:06.000Z
expires: Tue, 07 May 2024 00:00:59 GMT
cache-control: max-age=86400, public
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-fdd9fc12d2f00b8f6fcd8548f85fcf60-817eb7448d53da50-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T00:00:59+00:00, 2024-05-07T00:43:06+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/webpack-fb94d2f19425a3e3.js

172.64.148.184

10 kB

URL
widget.suphelper.top/_next/static/chunks/webpack-fb94d2f19425a3e3.js
IP
172.64.148.184:0
ASN
#13335 CLOUDFLARENET

File type
gzip compressed data, from Unix
Size
10 kB (10107 bytes)
Hash
895653e8e45e6a1022e08db10812d3a6
d11b77c8c95957eef543b7a216445f7272854e51
3a9f0f4b67c399274e590bd2392b325716632405dc43df265f1fb34489787240

HTTP Headers

GET /_next/static/chunks/webpack-fb94d2f19425a3e3.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 23:36:16 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://file-hosting-api-stage.kube.prod.cons.lan https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 09 Nov 2023 06:03:45 GMT
etag: W/"ed0-18bb2adf0eb"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 622621
expires: Wed, 07 May 2025 23:36:16 GMT
server: cloudflare
cf-ray: 880507fe3dbfb50c-OSL
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/shared-assets/__shared_accept_language_parser_QKZ6ULEV.js

185.244.209.62

200 OK

1.9 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/shared-assets/__shared_accept_language_parser_QKZ6ULEV.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
1.9 kB (1944 bytes)
Hash
ccb1e919f284cc1044b36907568218bc
bd415f7d9e30ea2a7549aa8ee9b9a9f5fb4e0c0f
146a35942852e47951877f1a6732a7ebb581d54fb74fff47d1fc5823233f41c5

HTTP Headers

GET /sys-static/shared-assets/__shared_accept_language_parser_QKZ6ULEV.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:19 GMT
content-type: text/javascript; charset=utf-8
last-modified: Tue, 07 May 2024 09:11:40 GMT
etag: W/"518e0ae196483ada8b528a1f2b7df0a1"
x-amz-meta-mtime: 1715072814.257664589
content-encoding: gzip
expires: Wed, 08 May 2024 15:18:12 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-18e0e46ffde33e3d1cea088184d51940-4e9cc231ae0b0c00-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T15:18:12+00:00, 2024-05-07T15:53:31+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/shared-assets/__shared_vue_deps_OVKZGHR6.js

185.244.209.62

200 OK

42 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/shared-assets/__shared_vue_deps_OVKZGHR6.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
42 kB (42353 bytes)
Hash
394fb7e39457f4ce2f7658577f4f9b9d
e37c3f7acef0f2c8d2200cd84289ed6bb63a208b
a18c11fb4624dd83cdbcfdfd5e07495fbc97f84493dc299c9ed445a8f92a7871

HTTP Headers

GET /sys-static/shared-assets/__shared_vue_deps_OVKZGHR6.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:19 GMT
content-type: text/javascript; charset=utf-8
last-modified: Mon, 06 May 2024 13:05:33 GMT
etag: W/"67267513246705d46a0bb83e1f8efd2a"
x-amz-meta-mtime: 1715000580.880463816
content-encoding: gzip
expires: Wed, 08 May 2024 12:42:07 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-95af59e6733661c657a3ed29d6711587-75fb61a191ec79c6-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T12:42:07+00:00, 2024-05-07T12:51:04+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/ca27d370fbd01a675d0196366f930440.webp

185.244.209.62

752 B

URL
v3.traincdn.com/resized/size16/sfiles/logo_teams/ca27d370fbd01a675d0196366f930440.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

File type
RIFF (little-endian) data, Web/P image
Size
752 B (752 bytes)
Hash
68c0166586665925e782f733f2fb9579
4c88df87a076ca4f473064d3838099db4b15df0c
4969e80a2065e95e8f696a03cbbd1a2cbc86a9de8e59f3dd698680f2fb4e019f

HTTP Headers

GET /resized/size16/sfiles/logo_teams/ca27d370fbd01a675d0196366f930440.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:19 GMT
content-type: image/webp
content-length: 752
cache-control: max-age=94608000
content-disposition: inline; filename="ca27d370fbd01a675d0196366f930440.webp"
content-security-policy: script-src 'none'
expires: Fri, 30 Apr 2027 21:51:50 GMT
x-request-id: eeb718a24a423af3e56d1f24db186079
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-ceb552cdc27f799e37ee5cfaaf156676-ad5772fcfef45b79-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-30T21:51:50+00:00, 2024-05-03T14:00:06+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/web-api/registration

178.253.29.51

8.4 kB

URL
1xlite-461430.top/web-api/registration
IP
178.253.29.51:0
ASN
#202492 Silverhill Group Holding Ltd

File type
JSON text data
Size
8.4 kB (8434 bytes)
Hash
ceea7fd7e6148fd9dc744fc633e1d416
494d9ec66e794c953a589aee249e25f6d24bfaa0
3e421090d52ac8e0ec38a9f4295b85469b8dc3edbadc39f16aa0bc26c158c285

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /web-api/registration HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
content-type: application/json
x-requested-with: XMLHttpRequest
Content-Length: 17
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2235918160-0cca-11ef-945a-6dc9d9560782%22%7D; platform_type=desktop; auid=sv0dM2Y6uuqIW4v/AxdSAg==; SESSION=3de462c77cef1cdd4d60e050e4c5d13b; window_width=1280; _glhf=1715142750; che_g=e38fa854-3b8f-5cec-67b0-279293bd9acd; application_locale=en; sh.session.id=42399254-5fbc-45c3-bc41-9ac675e965b8; ggru=167
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:17 GMT
content-type: application/vnd.api+json
vary: Accept-Encoding
cache-control: no-cache, private
server-timing: p;dur=30, dt_total;dur=30.795, wf-uht;dur=0.044
traceparent: 00-0978a5c67a811f37f550cbfe9f1d87dd-e3d90e6a20211466-01
x-dt: 285
x-time-ng: 0.031
content-encoding: br
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/161d81149d5bab60bedd4a7d2808c1c0.webp

185.244.209.62

790 B

URL
v3.traincdn.com/resized/size16/sfiles/logo_teams/161d81149d5bab60bedd4a7d2808c1c0.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

File type
RIFF (little-endian) data, Web/P image
Size
790 B (790 bytes)
Hash
0a095b2b2b27a9f6e7f11cd5c57810e3
841ca6b52279924d8cab9ca0bc3d9bd08087aa3a
b9789378c20beb98a438ddfb1a11e9fdf6ce8d8bc280a1ece60d844cad5c06e1

HTTP Headers

GET /resized/size16/sfiles/logo_teams/161d81149d5bab60bedd4a7d2808c1c0.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:20 GMT
content-type: image/webp
content-length: 790
cache-control: max-age=94608000
content-disposition: inline; filename="161d81149d5bab60bedd4a7d2808c1c0.webp"
content-security-policy: script-src 'none'
expires: Fri, 07 May 2027 10:43:22 GMT
x-request-id: d35d33eed327649252a0569915bb4e03
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-626dffb77d8e657a2747c88104cb9294-82255338c227f9f5-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T10:43:22+00:00, 2024-05-07T21:38:43+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/web-api/api/v3/bonuses/welcome-bonuses

178.253.29.51

1.1 kB

URL
1xlite-461430.top/web-api/api/v3/bonuses/welcome-bonuses
IP
178.253.29.51:0
ASN
#202492 Silverhill Group Holding Ltd

File type
JSON text data
Size
1.1 kB (1110 bytes)
Hash
3b95c708633bddc9e7e22d49dad5fc0f
a8df6625dbc748880d5d8c7848cf596f3745b87c
e23bcc0d393deacc52f246838faf46a23d0bf4cfe70079980e20a4d0a2a80e53

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /web-api/api/v3/bonuses/welcome-bonuses HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2235918160-0cca-11ef-945a-6dc9d9560782%22%7D; platform_type=desktop; auid=sv0dM2Y6uuqIW4v/AxdSAg==; SESSION=3de462c77cef1cdd4d60e050e4c5d13b; window_width=1280; _glhf=1715142750; che_g=e38fa854-3b8f-5cec-67b0-279293bd9acd; application_locale=en
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:15 GMT
content-type: application/vnd.api+json
vary: Accept-Encoding
cache-control: no-cache, private
server-timing: p;dur=20, dt_total;dur=21.056, wf-uht;dur=0.032
traceparent: 00-f12faf8c6ffe0bd514c844a77fbba470-5e46d0fed30a6363-01
x-dt: 285
x-time-ng: 0.021
content-encoding: br
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/3c4f0010476aeddd27af5cd24756c964.webp

185.244.209.62

200 OK

746 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/3c4f0010476aeddd27af5cd24756c964.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
746 B (746 bytes)
Hash
df7206bfe901db0fdbd512ad1cc203de
b98b6e1f28bde5064798d38dc590b2df9e19376f
38e59138865a1286b41ee34ce49a48449c4580d376477321a63947bac92e0b29

HTTP Headers

GET /resized/size16/sfiles/logo_teams/3c4f0010476aeddd27af5cd24756c964.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:20 GMT
content-type: image/webp
content-length: 746
cache-control: max-age=94608000
content-disposition: inline; filename="3c4f0010476aeddd27af5cd24756c964.webp"
content-security-policy: script-src 'none'
expires: Fri, 07 May 2027 10:33:56 GMT
x-request-id: af6611a5bcaad3a45585e66329941a15
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-7a73ea7f1f5c8e7325a986f33dbedd63-e8fd906ff956fafc-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T10:33:56+00:00, 2024-05-07T11:13:01+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/8bdf6691a47bebe2ef896e5290738a29.webp

185.244.209.62

756 B

URL
v3.traincdn.com/resized/size16/sfiles/logo_teams/8bdf6691a47bebe2ef896e5290738a29.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

File type
RIFF (little-endian) data, Web/P image
Size
756 B (756 bytes)
Hash
67231834a3e647c33868a83b62ad50d9
6352a087e1c87cc153a0089a62fbc5177e17cbf5
2f691d0e38be8622ee6fdbba8192921b75d8b4687ef1fa2e23375696f5e7fc9b

HTTP Headers

GET /resized/size16/sfiles/logo_teams/8bdf6691a47bebe2ef896e5290738a29.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:20 GMT
content-type: image/webp
content-length: 756
cache-control: max-age=94608000
content-disposition: inline; filename="8bdf6691a47bebe2ef896e5290738a29.webp"
content-security-policy: script-src 'none'
expires: Fri, 07 May 2027 10:33:56 GMT
x-request-id: 84900206aef263ad0984aa11c5b44665
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-6daaa56579bb01362d269db2fa3d943b-76498d9e2cc4202c-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T10:33:56+00:00, 2024-05-07T11:13:01+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/0c294a17-329dda05de2a378d.js

172.64.148.184

12 kB

URL
widget.suphelper.top/_next/static/chunks/0c294a17-329dda05de2a378d.js
IP
172.64.148.184:0
ASN
#13335 CLOUDFLARENET

File type
gzip compressed data, from Unix
Size
12 kB (11783 bytes)
Hash
97124bcf4ddd83d21f713b2254774e3f
646cbe6d633e52f64c1c39bcaca8e1c1b27e5464
a47e3a1e7d19dea5ee25f233fc804259f828097d784d45516fbf301e7ebc489f

HTTP Headers

GET /_next/static/chunks/0c294a17-329dda05de2a378d.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 23:36:16 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Wed, 17 Jan 2024 06:19:55 GMT
etag: W/"2925-18d161388b8"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 626902
expires: Wed, 07 May 2025 23:36:16 GMT
server: cloudflare
cf-ray: 880507fe4dcbb50c-OSL
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/9cac1bb66ad84a33f696c24b921c22d2.webp

185.244.209.62

200 OK

626 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/9cac1bb66ad84a33f696c24b921c22d2.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
626 B (626 bytes)
Hash
87821a6022d960733a8f227030808a29
27fc83c2409f3825f512c35fb6eca7671c8a0e8f
69654c60f0d849e8a624a8d74019c79916e7f4eb6e6d6e26f819761e0a74f0c6

HTTP Headers

GET /resized/size16/sfiles/logo_teams/9cac1bb66ad84a33f696c24b921c22d2.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:20 GMT
content-type: image/webp
content-length: 626
cache-control: max-age=94608000
content-disposition: inline; filename="9cac1bb66ad84a33f696c24b921c22d2.webp"
content-security-policy: script-src 'none'
expires: Fri, 07 May 2027 10:33:57 GMT
x-request-id: 3ac5e79f0f2c64f8b1febc93f99c90b0
x-time-ng: 0.045
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-9bbab802d94ff3d5fad1266b26405981-895cb94f0378105d-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T10:33:57+00:00, 2024-05-07T21:39:19+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/87286d36c124166c495fca4cdc2769d4.webp

185.244.209.62

200 OK

780 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/87286d36c124166c495fca4cdc2769d4.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
780 B (780 bytes)
Hash
b0eb16712999d3a9a6a8f7615857daf3
568a3c4d0b6a8334e199ccc9f19f38aedc00423d
72ae3502d8a728e2be928a4e4d4e6d63f52ba0ac90c8a2d3c2aacddd162cb019

HTTP Headers

GET /resized/size16/sfiles/logo_teams/87286d36c124166c495fca4cdc2769d4.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:20 GMT
content-type: image/webp
content-length: 780
cache-control: max-age=94608000
content-disposition: inline; filename="87286d36c124166c495fca4cdc2769d4.webp"
content-security-policy: script-src 'none'
expires: Fri, 07 May 2027 10:33:57 GMT
x-request-id: ddaf93016ae5c90b110dfacb68d64f10
x-time-ng: 0.063
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-a64900fdba5ae83b0ed4f9d83516bed4-47bfc6d2eeb426b1-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T10:33:57+00:00, 2024-05-07T21:39:19+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

widget.suphelper.top/

172.64.148.184

92 kB

URL
widget.suphelper.top/
IP
172.64.148.184:0
ASN
#13335 CLOUDFLARENET

File type
gzip compressed data, from Unix
Size
92 kB (91841 bytes)
Hash
b75542fbd50a85b4b480288dd8bfef68
7d53384c3329dfcaab167c985ca8b4a6366ac64a
f841620b131bb52784a7e9cb9c5ad96778f8c76a62b24f2c1fcd05b3624c36cf

HTTP Headers

GET / HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 23:36:16 GMT
content-type: text/html; charset=utf-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=60, stale-while-revalidate=30
vary: Accept-Encoding
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 880507fcfd3bb50c-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/6106.webp

185.244.209.62

714 B

URL
v3.traincdn.com/resized/size16/sfiles/logo_teams/6106.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

File type
RIFF (little-endian) data, Web/P image
Size
714 B (714 bytes)
Hash
16fe9482d5b70913ca3699e3ecae2b2d
7e837e8c8acbb32556a77c15c6024d4eb09e44db
63012e4e58fa19b946c852c5c9fec222826349a240c20639dcf18b6e3954611a

HTTP Headers

GET /resized/size16/sfiles/logo_teams/6106.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:20 GMT
content-type: image/webp
content-length: 714
cache-control: max-age=94608000
content-disposition: inline; filename="6106.webp"
content-security-policy: script-src 'none'
expires: Fri, 07 May 2027 12:28:26 GMT
x-request-id: 5a7ab76d85eb640fc99b70ebe4576bbb
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-044e5f15aac1a99d47d459dd7b4f0053-cdd9b1bd4c026601-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T12:28:26+00:00, 2024-05-07T21:38:43+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/ee33b7eb7449644944f8d9122e2977ca.webp

185.244.209.62

766 B

URL
v3.traincdn.com/resized/size16/sfiles/logo_teams/ee33b7eb7449644944f8d9122e2977ca.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

File type
RIFF (little-endian) data, Web/P image
Size
766 B (766 bytes)
Hash
57b7eb9f1c852683b4cfc827526f126c
4feb01a7c56a5cca78cb2542088ac7937cea6525
b5f4a072472808a6c86b459389c1d3daec2e87791600577fc78d2e4fba35243e

HTTP Headers

GET /resized/size16/sfiles/logo_teams/ee33b7eb7449644944f8d9122e2977ca.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:20 GMT
content-type: image/webp
content-length: 766
cache-control: max-age=94608000
content-disposition: inline; filename="ee33b7eb7449644944f8d9122e2977ca.webp"
content-security-policy: script-src 'none'
expires: Wed, 05 May 2027 01:30:56 GMT
x-request-id: 7bed5a9bde3251396a356fc37b477dcd
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-37c71c86e97ce7bef056b1773fda30f6-c81022842e3d746c-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-05T01:30:56+00:00, 2024-05-06T18:52:52+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/7f426f6a2b4e0e8812a997cc8d5c0344.webp

185.244.209.62

792 B

URL
v3.traincdn.com/resized/size16/sfiles/logo_teams/7f426f6a2b4e0e8812a997cc8d5c0344.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

File type
RIFF (little-endian) data, Web/P image
Size
792 B (792 bytes)
Hash
b6754db3b268037000841deef4d0d5d9
69bca6acbde365b649b1861997d671fd0fcc12ad
11aca629e5096fa3a4c4a3ff3925ff6b10c072acb399726ececb62945ad6e8dd

HTTP Headers

GET /resized/size16/sfiles/logo_teams/7f426f6a2b4e0e8812a997cc8d5c0344.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:20 GMT
content-type: image/webp
content-length: 792
cache-control: max-age=94608000
content-disposition: inline; filename="7f426f6a2b4e0e8812a997cc8d5c0344.webp"
content-security-policy: script-src 'none'
expires: Fri, 07 May 2027 10:33:57 GMT
x-request-id: cb48aa20895a246ad3f33f58a606965c
x-time-ng: 0.050
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-24d4526698b7419e28db443412b77d0a-f25a406f552cea7e-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T10:33:57+00:00, 2024-05-07T11:13:01+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/663-81a4add2f1c95639.js

172.64.148.184

200 OK

108 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/chunks/663-81a4add2f1c95639.js
IP
172.64.148.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
gzip compressed data, from Unix
Size
108 kB (108513 bytes)
Hash
6e592b73569cc65f925459fbcaba87c4
2453ce08cb031c0d786269bd20909caefe8d6ce5
272371043dc9fe9f155038b3b20a3e83e7c562b9f2ecdc4dbafb3c9d5c1029f1

HTTP Headers

GET /_next/static/chunks/663-81a4add2f1c95639.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 23:36:16 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 28 Mar 2024 06:56:31 GMT
etag: W/"5b0da-18e83d890e3"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 626902
expires: Wed, 07 May 2025 23:36:16 GMT
server: cloudflare
cf-ray: 880507fe5dd0b50c-OSL
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/2aa1b05b6c59d0bca43a4983dd31d33a.webp

185.244.209.62

200 OK

744 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/2aa1b05b6c59d0bca43a4983dd31d33a.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
744 B (744 bytes)
Hash
04873481a3893be64e0a8e4775227848
e27efeebb69e7ee64c2b2bf3e3d16354f9b21230
fe9a6dbfb2868f914053d011e4359a5cd58f1407d832caa55874066279dfce06

HTTP Headers

GET /resized/size16/sfiles/logo_teams/2aa1b05b6c59d0bca43a4983dd31d33a.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:20 GMT
content-type: image/webp
content-length: 744
cache-control: max-age=94608000
content-disposition: inline; filename="2aa1b05b6c59d0bca43a4983dd31d33a.webp"
content-security-policy: script-src 'none'
expires: Mon, 03 May 2027 10:10:24 GMT
x-request-id: 6d86889e07ce70b752d28866a0720797
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-a48b5f9de6f6687b0bb4ab178e96ad4d-38d9a22b1efbf935-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-03T10:10:24+00:00, 2024-05-07T10:40:05+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/10483.webp

185.244.209.62

200 OK

806 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/10483.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
806 B (806 bytes)
Hash
2c102cdb5fec335632490db5e922be94
5271cf61e403d75cf86fb1f0c20f30551097f1c7
3d2d34b1eda01534553ae0724201c1a347e672d7a11763e5935051e156ffd37f

HTTP Headers

GET /resized/size16/sfiles/logo_teams/10483.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:20 GMT
content-type: image/webp
content-length: 806
cache-control: max-age=94608000
content-disposition: inline; filename="10483.webp"
content-security-policy: script-src 'none'
expires: Fri, 30 Apr 2027 22:26:35 GMT
x-request-id: 583b213c19cea4d6dbcc020c51727001
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-fa5bcba9fd156cdf6e63e7ad40e6ccee-6382f98f8bcf5a8b-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-30T22:26:35+00:00, 2024-05-07T10:45:05+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/5da0e161227a6721713cb46490f5274b.webp

185.244.209.62

200 OK

704 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/5da0e161227a6721713cb46490f5274b.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
704 B (704 bytes)
Hash
e8a456aa072855666ca4b284f927d267
2a9f0b97e1c2529302a9092d1411da0a915c03c8
a25c443c5f67bc1c8552b6e8e7aafbc3a69862df1517e79896ab4cf1499fdb9b

HTTP Headers

GET /resized/size16/sfiles/logo_teams/5da0e161227a6721713cb46490f5274b.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:20 GMT
content-type: image/webp
content-length: 704
cache-control: max-age=94608000
content-disposition: inline; filename="5da0e161227a6721713cb46490f5274b.webp"
content-security-policy: script-src 'none'
expires: Fri, 07 May 2027 10:08:50 GMT
x-request-id: c704408a0925f464e9a1b6679c148e32
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-e9396ea414481e2f868dc71f7e289c0f-9abc23a598289bb3-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T10:08:50+00:00, 2024-05-07T10:45:05+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/10485.webp

185.244.209.62

200 OK

770 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/10485.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
770 B (770 bytes)
Hash
9acdb81b15df44d3976792edb8f6cc05
de7a19725557e6532b6aaf214cb8701b657b5f99
bd57c51a8e5cfea65163624cce484445b460e811edf176a2294854af8066a566

HTTP Headers

GET /resized/size16/sfiles/logo_teams/10485.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:20 GMT
content-type: image/webp
content-length: 770
cache-control: max-age=94608000
content-disposition: inline; filename="10485.webp"
content-security-policy: script-src 'none'
expires: Mon, 22 Feb 2027 18:00:39 GMT
x-request-id: ca3a862a687cf2373846d399eba069d8
strict-transport-security: max-age=15724800; includeSubDomains
x-time-ng: 0.027
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-ded1dc462c8ed9809cf2f7f0614b00d9-4aa2ca8162149f2e-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-02-23T18:00:39+00:00, 2024-03-02T14:32:30+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/pages/_app-9c47c295eecaa68a.js

172.64.148.184

200 OK

290 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/chunks/pages/_app-9c47c295eecaa68a.js
IP
172.64.148.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
gzip compressed data, from Unix
Size
290 kB (290362 bytes)
Hash
af4d95ec91635dbfed187d2225e2b23b
9237c2e771be87743b7409dc6a056f11052ec9a8
7d68b7174f6feef73de37c27189b7cdb7d07a5fb95b780e8471ab6c6edb23092

HTTP Headers

GET /_next/static/chunks/pages/_app-9c47c295eecaa68a.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 23:36:16 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 02 May 2024 07:01:48 GMT
etag: W/"f8027-18f381bf92a"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 491326
expires: Wed, 07 May 2025 23:36:16 GMT
server: cloudflare
cf-ray: 880507fe4dc5b50c-OSL
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/e5eb737e.css

185.244.209.62

200 OK

1.1 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/e5eb737e.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (5171), with no line terminators
Size
1.1 kB (1050 bytes)
Hash
5d231bea9b7df6bc1e9e74e3c0a231e1
2ef607f0c766fff1b4b1e90a2d98e7094c81721e
c43fd428fe6e9d25ddf385a1cf03891194126ebf9e83d086af655272e815445b

HTTP Headers

GET /_nuxt/desktop/default/css/e5eb737e.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:20 GMT
content-type: text/css
content-length: 1050
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-41a"
content-encoding: gzip
expires: Wed, 08 May 2024 08:09:31 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-a5d4c2951b73cb28d6d99f27fad67718-b5de61da55b7e69f-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T08:09:31+00:00, 2024-05-07T12:50:10+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/framework-49f1e091cbf6b261.js

172.64.148.184

200 OK

54 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/chunks/framework-49f1e091cbf6b261.js
IP
172.64.148.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
54 kB (54222 bytes)
Hash
8ceda5e79df278694d169dfd1a2a44f3
7685a09c9a667a5947c7731fa1cbf74c06566e42
b1c7139d6878e70bddadf09ad0ba18a18dd1fed959d52e55cb449e31507b7d2b

HTTP Headers

GET /_next/static/chunks/framework-49f1e091cbf6b261.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 23:36:16 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Mon, 11 Mar 2024 06:37:37 GMT
etag: W/"22695-18e2c3b24d9"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 622621
expires: Wed, 07 May 2025 23:36:16 GMT
server: cloudflare
cf-ray: 880507fe3dc2b50c-OSL
X-Firefox-Spdy: h2

v3.traincdn.com/sys-icons/1.0.328/285/country.svg

185.244.209.62

63 kB

URL
v3.traincdn.com/sys-icons/1.0.328/285/country.svg
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

File type
gzip compressed data, max speed, from Unix
Size
63 kB (63275 bytes)
Hash
55696b4f64ae3208a579c415bbfcdd51
50c0a90b57c8c0229515d3df0027e4a3c1f162d1
335763ab14a92c6b48023d683dc49fe0a7aee0cc1995d009f74a8aed7b1ba12b

HTTP Headers

GET /sys-icons/1.0.328/285/country.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:20 GMT
content-type: image/svg+xml
last-modified: Mon, 15 Apr 2024 07:13:32 GMT
etag: W/"60caf0d666af828706b3d83c428a31e4"
x-amz-meta-mtime: 1713165210.217888091
content-encoding: gzip
expires: Tue, 23 Apr 2024 10:38:03 GMT
cache-control: max-age=86400
x-time-ng: 0.003
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-25e4918ba934b4848ce884ddb35829aa-3f3031f1c742ea17-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-22T10:38:03+00:00, 2024-05-07T12:42:30+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/betstemplates/bets_model_short_en_3.json

185.244.209.62

200 OK

16 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/betstemplates/bets_model_short_en_3.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
16 kB (16496 bytes)
Hash
91e69fb601f1da0e84d2c70c21e07ee7
b056da20d1c7291f68c85a43f2f12d6ddc40cc2c
8449fab8452faf1ea5d0a634b586d7564a1db72149c3b345bb13c8e4a29b1e38

HTTP Headers

GET /genfiles/cms/betstemplates/bets_model_short_en_3.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:20 GMT
content-type: application/json
last-modified: Thu, 02 May 2024 09:18:51 GMT
etag: W/"d4f82c6941872614b6a2c18008e217be"
content-encoding: gzip
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-8c693c5a48ca89f9261ccaa533715e22-fbe7ad16e56b54bf-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-02T10:05:37+00:00, 2024-05-07T23:36:17+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/bff-api/config/all.json?lang=en

178.253.29.51

200 OK

31 kB

URL GET HTTP/2
1xlite-461430.top/bff-api/config/all.json?lang=en
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
31 kB (30988 bytes)
Hash
006ba656d061fce3da507745acc7823f
c2b0dcf7d5442da5ee9be875d0475ad01fbb2ee7
e6e8714b290345727af06fb1d15322b2aaa4fdaa0699c7539d70149644f07af5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bff-api/config/all.json?lang=en HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
content-type: application/json
x-requested-with: XMLHttpRequest
is-srv: false
x-geoip2-country-code: ru
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2235918160-0cca-11ef-945a-6dc9d9560782%22%7D; platform_type=desktop; auid=sv0dM2Y6uuqIW4v/AxdSAg==; SESSION=3de462c77cef1cdd4d60e050e4c5d13b; window_width=1280; _glhf=1715142750; che_g=e38fa854-3b8f-5cec-67b0-279293bd9acd; application_locale=en; sh.session.id=42399254-5fbc-45c3-bc41-9ac675e965b8; ggru=167
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:21 GMT
content-type: application/json
cache-control: no-cache, private
content-encoding: br
server-timing: bff;dur=3.21, dt_total;dur=15.446, wf-uht;dur=0.032
traceparent: 00-468baf5e9c63eb2b9af881cc07a4bfeb-e7b519af61ca24ce-01
vary: Accept-Encoding
x-cache-expire: 590
x-cache-hit: 1
x-dt: 285
x-time-ng: 0.010
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/shared-assets/__shared_localforage_PLMWICWN.js

185.244.209.62

200 OK

12 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/shared-assets/__shared_localforage_PLMWICWN.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
12 kB (11749 bytes)
Hash
6b225dee8df6b81f421804dcd19ddc30
3aaa74f539706f6cbc2ad54300c8632d6fa5af22
a92ccf5e5322774f1c22ee318b8365787e20a8c52e9c4264410bb802f6f2f268

HTTP Headers

GET /sys-static/shared-assets/__shared_localforage_PLMWICWN.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:19 GMT
content-type: text/javascript; charset=utf-8
last-modified: Tue, 07 May 2024 09:11:40 GMT
etag: W/"dfa127e93d125d4f6c566203eaf225f2"
x-amz-meta-mtime: 1715072814.257664589
content-encoding: gzip
expires: Wed, 08 May 2024 15:18:12 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-96b01eef448d8251c46be5ee4abb82ba-68d573e0488aef8b-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T15:18:12+00:00, 2024-05-07T16:01:01+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/e8b8c79f9b52.js

185.244.209.62

200 OK

504 B

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/e8b8c79f9b52.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
Java source, ASCII text, with very long lines (503)
Size
504 B (504 bytes)
Hash
5387051085dcc459e7077d5d8000b85d
d22afab6c65228f0056f66e4f150783f6014e36b
34377c13fd72112cac96fba3642f084661361aea701a70ba3702c82c9bb42790

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/e8b8c79f9b52.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:21 GMT
content-type: text/javascript; charset=utf-8
content-length: 504
last-modified: Wed, 01 May 2024 08:21:42 GMT
etag: "5387051085dcc459e7077d5d8000b85d"
x-amz-meta-mtime: 1714551564.675873475
expires: Thu, 02 May 2024 15:20:53 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-d77bf00388690994bea407c9334c4f1b-cafbffa2e3b26267-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-01T15:20:53+00:00, 2024-05-07T19:42:49+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/web-api/session

178.253.29.51

0 B

URL
1xlite-461430.top/web-api/session
IP
178.253.29.51:0
ASN
#202492 Silverhill Group Holding Ltd

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /web-api/session HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2235918160-0cca-11ef-945a-6dc9d9560782%22%7D; platform_type=desktop; auid=sv0dM2Y6uuqIW4v/AxdSAg==; SESSION=3de462c77cef1cdd4d60e050e4c5d13b; window_width=1280; _glhf=1715142750; che_g=e38fa854-3b8f-5cec-67b0-279293bd9acd; application_locale=en; sh.session.id=42399254-5fbc-45c3-bc41-9ac675e965b8; ggru=167
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Tue, 07 May 2024 23:36:21 GMT
cache-control: no-cache, private
server-timing: p;dur=12, dt_total;dur=28.213, wf-uht;dur=0.037
traceparent: 00-a4badd58d2963d1aa9c871e7c336e5d6-733ae7cc8565c61d-01
x-dt: 285
x-time-ng: 0.023
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/cb22691ee4d9.js

185.244.209.62

200 OK

731 B

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/cb22691ee4d9.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
Java source, ASCII text, with very long lines (730)
Size
731 B (731 bytes)
Hash
bd6d9e7b07e097eb950f4b8bd6ada2b4
d332a4f5771e4f6d2cd47cd94ff85c5eb5847418
ea2bfc78a76204b704ee4ff215cfd6be3c7edb98b6c6e77501c5dbb88f261ea5

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/cb22691ee4d9.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:21 GMT
content-type: text/javascript; charset=utf-8
content-length: 731
last-modified: Wed, 01 May 2024 08:21:42 GMT
etag: "bd6d9e7b07e097eb950f4b8bd6ada2b4"
x-amz-meta-mtime: 1714551564.675873475
expires: Thu, 02 May 2024 15:20:53 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-c99d2f4ae846929d655f7ca93ca71791-fcab4896ee67f739-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-01T15:20:53+00:00, 2024-05-07T17:01:36+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-ui/3.2.2/Desktop/Default/client.css

185.244.209.62

200 OK

135 kB

URL GET HTTP/2
v3.traincdn.com/sys-ui/3.2.2/Desktop/Default/client.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
135 kB (134686 bytes)
Hash
81de68cf5928ad305138a7f9005060c8
db5bad13104ec0d228b444667734a0b3436cc562
668700669b2123698ee3cd0ea1807a517c0e00658cf25a4a657511468ce45ecf

HTTP Headers

GET /sys-ui/3.2.2/Desktop/Default/client.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:16 GMT
content-type: text/css; charset=utf-8
last-modified: Fri, 19 Apr 2024 10:16:19 GMT
etag: W/"e4b8405071f7ea0e1aa13cd501543a44"
x-amz-meta-mtime: 1713521458.745453226
content-encoding: gzip
expires: Sat, 20 Apr 2024 11:51:17 GMT
cache-control: max-age=86400
x-time-ng: 0.010
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-f4634d4881a51d7fbca6c8ad755666dc-921ccee93a9a394b-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-19T11:51:17+00:00, 2024-05-07T14:34:20+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/banner/1ef232ab28e984c65ad109ade8b650ed.jpg

185.244.209.62

33 kB

URL
v3.traincdn.com/genfiles/cms/1/desktop/banner/1ef232ab28e984c65ad109ade8b650ed.jpg
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1380x248, components 3
Size
33 kB (32867 bytes)
Hash
590bf4dea9eca01477197273e697a2f2
48626617ea6e7e6dc8d78421d4bbe4775dab89c6
36c0fc192afc11c3ebd5d841732212db3903757fd382cbfdbbddbf74ddb4a1d5

HTTP Headers

GET /genfiles/cms/1/desktop/banner/1ef232ab28e984c65ad109ade8b650ed.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:22 GMT
content-type: image/jpeg
content-length: 32867
last-modified: Fri, 26 Apr 2024 11:44:33 GMT
etag: "590bf4dea9eca01477197273e697a2f2"
x-time-ng: 0.027
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-c740a1a9fe5064f07a45c86688a96c5c-a929a1b1e9c0825f-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T12:46:26+00:00, 2024-05-07T23:36:19+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/260/desktop/banner/ef11271d6cef34c1fdb99b2ddff4bdb1.jpg

185.244.209.62

200 OK

28 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/260/desktop/banner/ef11271d6cef34c1fdb99b2ddff4bdb1.jpg
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1380x248, components 3
Size
28 kB (27999 bytes)
Hash
92e7a5868a7de2dcfa53b65bbdb98923
a26cfb8240552c368422ea594211d80e2a8aac06
e192736750fa781f44c9af7064b09b5c1acd09a46405315ed61cfe1a50fa5256

HTTP Headers

GET /genfiles/cms/260/desktop/banner/ef11271d6cef34c1fdb99b2ddff4bdb1.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:22 GMT
content-type: image/jpeg
content-length: 27999
last-modified: Thu, 02 May 2024 12:00:34 GMT
etag: "92e7a5868a7de2dcfa53b65bbdb98923"
x-time-ng: 0.002
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-5249e88f5184005ea66b826ff6fb6a97-be8551be8a7a938e-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T14:41:09+00:00, 2024-05-07T23:36:19+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/0f8a3bdbdd12.js

185.244.209.62

200 OK

1.8 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/0f8a3bdbdd12.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
1.8 kB (1751 bytes)
Hash
153d10f3d28c277fb3d9cfeac1bf016e
f7780f19b93d896a382d5e21b2c579c5fefda1c5
e7a61cdfa226b6ba6bd2b119e7ef898927c23eb9df351b026bcb1027831334ac

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/0f8a3bdbdd12.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:21 GMT
content-type: text/javascript; charset=utf-8
last-modified: Wed, 01 May 2024 08:21:41 GMT
etag: W/"b49b08255ad6dd3864f907913b849ebe"
x-amz-meta-mtime: 1714551564.667873602
content-encoding: gzip
expires: Thu, 02 May 2024 15:20:56 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-4ae97ae216924ddfbbc9c597bb394769-892c4ffeea9da51d-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-01T15:20:56+00:00, 2024-05-07T17:01:37+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size24/sfiles/logo_teams/f5db46d24aea0f9d3d07d0be290981ee.webp

185.244.209.62

1.1 kB

URL
v3.traincdn.com/resized/size24/sfiles/logo_teams/f5db46d24aea0f9d3d07d0be290981ee.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

File type
RIFF (little-endian) data, Web/P image
Size
1.1 kB (1056 bytes)
Hash
fb306a4723886210af5f76099eeb4556
910fc4fb3c4d9407d1c536e7fadbcc85bd922880
2d60f98a12a00aaa589404f2ace0152c5dc649da9fe43b68e26d01b9f8c41319

HTTP Headers

GET /resized/size24/sfiles/logo_teams/f5db46d24aea0f9d3d07d0be290981ee.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:22 GMT
content-type: image/webp
content-length: 1056
cache-control: max-age=94608000
content-disposition: inline; filename="f5db46d24aea0f9d3d07d0be290981ee.webp"
content-security-policy: script-src 'none'
expires: Thu, 06 May 2027 03:17:14 GMT
x-request-id: f7ed644b24c1d3a82d5dc585f4496e90
x-time-ng: 0.036
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-a0d2c6326e856a520baa7296e0e1d08c-5d8eb0577f5f1fa3-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T03:17:14+00:00, 2024-05-07T14:44:43+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/00526da4cdf3.css

185.244.209.62

19 kB

URL
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/00526da4cdf3.css
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

File type
gzip compressed data, max speed, from Unix
Size
19 kB (19118 bytes)
Hash
3684e460b54458424d63817f448d5098
7990605dda4ac130524fdaa1b220b888b45ab83f
333e1ed01de9b1a7951043c2eb00443c72d13875a0d9e66488f1dd63f8b04594

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/00526da4cdf3.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:21 GMT
content-type: text/css; charset=utf-8
last-modified: Wed, 01 May 2024 08:21:40 GMT
etag: W/"6aa11e1c24ebb592cd2fe02d36340453"
x-amz-meta-mtime: 1714551564.667873602
content-encoding: gzip
expires: Thu, 02 May 2024 12:28:29 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-1f83b0e2472fab7edd25cfe78a4b2943-002b211c69da5895-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-01T12:28:29+00:00, 2024-05-07T15:30:07+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/banner/1ef232ab28e984c65ad109ade8b650ed.webp

185.244.209.62

200 OK

16 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1/desktop/banner/1ef232ab28e984c65ad109ade8b650ed.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1380x248, Scaling: [none]x[none], YUV color, decoders should clamp
Size
16 kB (15874 bytes)
Hash
99937fec94322155d99465451e84e5f4
0549b153f8e34c242f71817a038f7ebad37d27be
d35bc328538e182310574b3ff1d58134efedc49c9f3dbb43ec6df65fed624f33

HTTP Headers

GET /genfiles/cms/1/desktop/banner/1ef232ab28e984c65ad109ade8b650ed.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:22 GMT
content-type: image/webp
content-length: 15874
last-modified: Fri, 26 Apr 2024 11:44:53 GMT
etag: "99937fec94322155d99465451e84e5f4"
x-time-ng: 0.002
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-fa01701e95a606595983915ae4ee8236-67da0687880f5389-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T11:45:30+00:00, 2024-05-07T23:36:19+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/260/desktop/banner/ef11271d6cef34c1fdb99b2ddff4bdb1.webp

185.244.209.62

14 kB

URL
v3.traincdn.com/genfiles/cms/260/desktop/banner/ef11271d6cef34c1fdb99b2ddff4bdb1.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1380x248, Scaling: [none]x[none], YUV color, decoders should clamp
Size
14 kB (13702 bytes)
Hash
317ab8a5b92752fd051ac254b8366dcb
3c30f1345378eaf9833e470a1b7c050d6ccf8b48
4ced6a24abe27da06f568a4d837f11b21462458779d624bd6916163b189222f9

HTTP Headers

GET /genfiles/cms/260/desktop/banner/ef11271d6cef34c1fdb99b2ddff4bdb1.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:22 GMT
content-type: image/webp
content-length: 13702
last-modified: Thu, 02 May 2024 12:00:34 GMT
etag: "317ab8a5b92752fd051ac254b8366dcb"
x-time-ng: 0.003
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-6aa9a563b01736f223d7c3330f3a0647-8f433969cc9bb3e3-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T14:40:55+00:00, 2024-05-07T23:36:19+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/banner/43b37bcd63883963ab5ca6707fd4ca45.jpg

185.244.209.62

17 kB

URL
v3.traincdn.com/genfiles/cms/1/desktop/banner/43b37bcd63883963ab5ca6707fd4ca45.jpg
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1380x248, components 3
Size
17 kB (16730 bytes)
Hash
ebce475967e6d85db5bdbde23e85eff7
496e2c75b549fe82d3f6dfbb3976096e0cae2ae7
6a1892ac412355576c6427f173d8b26757bdf0c8ec3aa149b6d1cfbc97408b9f

HTTP Headers

GET /genfiles/cms/1/desktop/banner/43b37bcd63883963ab5ca6707fd4ca45.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:22 GMT
content-type: image/jpeg
content-length: 16730
last-modified: Mon, 06 May 2024 09:11:06 GMT
etag: "ebce475967e6d85db5bdbde23e85eff7"
x-time-ng: 0.002
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-bf40c65ca35b4bdaf738d98ffb237b8e-112f40816de304bf-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T14:51:53+00:00, 2024-05-07T23:36:19+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size24/sfiles/logo_teams/1705962ffbc1e568500d02753d414082.webp

185.244.209.62

200 OK

1.1 kB

URL GET HTTP/2
v3.traincdn.com/resized/size24/sfiles/logo_teams/1705962ffbc1e568500d02753d414082.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
1.1 kB (1094 bytes)
Hash
6bd1a4bfa55aad56422400c489942897
17b4372b5ac8430ca744684686cea67969a15cfe
9f4ff586f0724b113f76a8bb64339eedabfc637511a2529e7194248d0554da4c

HTTP Headers

GET /resized/size24/sfiles/logo_teams/1705962ffbc1e568500d02753d414082.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:22 GMT
content-type: image/webp
content-length: 1094
cache-control: max-age=94608000
content-disposition: inline; filename="1705962ffbc1e568500d02753d414082.webp"
content-security-policy: script-src 'none'
expires: Fri, 07 May 2027 14:51:53 GMT
x-request-id: 1092693db696d60f31712e8ba12deb0c
x-time-ng: 0.062
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-cf6bf35a7bee18ddaa55c78aa5ab6908-e3fb860f0103cbf2-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T14:51:53+00:00, 2024-05-07T14:54:46+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size24/sfiles/logo_teams/167095.webp

185.244.209.62

200 OK

1.1 kB

URL GET HTTP/2
v3.traincdn.com/resized/size24/sfiles/logo_teams/167095.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
1.1 kB (1142 bytes)
Hash
3d0ce9ce8b6dec70e6e0f31effa9f219
018de590437492f15fc3647997bfbaa759f16da9
f4395f007bd01851a93ccf6842c69c3f4cc1c39e4d5c3b71c881c674e85cccc8

HTTP Headers

GET /resized/size24/sfiles/logo_teams/167095.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:22 GMT
content-type: image/webp
content-length: 1142
cache-control: max-age=94608000
content-disposition: inline; filename="167095.webp"
content-security-policy: script-src 'none'
expires: Fri, 07 May 2027 14:51:53 GMT
x-request-id: e27ef69f33230d500def92477b09e641
x-time-ng: 0.067
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-3f256ebc2b64f0a0de604484933297dc-52bb1ab4af3bdcb5-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T14:51:53+00:00, 2024-05-07T14:54:46+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/banner/37725dd3160e2621f084de11d4417228.png

185.244.209.62

18 kB

URL
v3.traincdn.com/genfiles/cms/1/desktop/banner/37725dd3160e2621f084de11d4417228.png
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1380x248, Scaling: [none]x[none], YUV color, decoders should clamp
Size
18 kB (17490 bytes)
Hash
b7e3857cdc8cbde71f63af81a61f5cfb
deeb62ea6e9b702bb9e3f395483c3c00445adcf8
786e67817e82780aaeb0d2bca1e57e06fff5ae9fa89b2747b1af57913886e25f

HTTP Headers

GET /genfiles/cms/1/desktop/banner/37725dd3160e2621f084de11d4417228.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:22 GMT
content-type: image/png
content-length: 231413
last-modified: Wed, 21 Jun 2023 09:54:48 GMT
etag: "5f92240dea2753875e3104a6704f93e6"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-6f99189601b82b404db7620431c4b62d-890aaa19a6507b27-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-30T12:28:11+00:00, 2024-05-07T23:36:19+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/banner/43b37bcd63883963ab5ca6707fd4ca45.webp

185.244.209.62

8.8 kB

URL
v3.traincdn.com/genfiles/cms/1/desktop/banner/43b37bcd63883963ab5ca6707fd4ca45.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1380x248, Scaling: [none]x[none], YUV color, decoders should clamp
Size
8.8 kB (8798 bytes)
Hash
f7820c059ddb01f4b4e68e42a5e460a1
195804c0235c39f4262f97fe2761100319ed9595
cf0d38ba0dc4de44a0fc90d2592209998ac959644b187014ec028a4c0fddd3ab

HTTP Headers

GET /genfiles/cms/1/desktop/banner/43b37bcd63883963ab5ca6707fd4ca45.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:22 GMT
content-type: image/webp
content-length: 8798
last-modified: Mon, 06 May 2024 09:11:30 GMT
etag: "f7820c059ddb01f4b4e68e42a5e460a1"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-55a358317872e0c7aa956270f25694dd-9d89e752b77ff705-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T14:50:36+00:00, 2024-05-07T23:36:19+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/web-api/external-api/v3/banners?project_id=285&country_code=NO&language=en&platform=2&section=6&is_auth=false&limit=100

178.253.29.51

200 OK

4.1 kB

URL GET HTTP/2
1xlite-461430.top/web-api/external-api/v3/banners?project_id=285&country_code=NO&language=en&platform=2&section=6&is_auth=false&limit=100
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
4.1 kB (4096 bytes)
Hash
3ca5015f447b9df73ff904df8a4bcd97
0ec60edec325a0320e5a978022ffaf9342aea3ad
a228e5fec71ea06d2c73a44ed26fb1a1434c96239f7a41a254fc0093557da746

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /web-api/external-api/v3/banners?project_id=285&country_code=NO&language=en&platform=2&section=6&is_auth=false&limit=100 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2235918160-0cca-11ef-945a-6dc9d9560782%22%7D; platform_type=desktop; auid=sv0dM2Y6uuqIW4v/AxdSAg==; SESSION=3de462c77cef1cdd4d60e050e4c5d13b; window_width=1280; _glhf=1715142750; che_g=e38fa854-3b8f-5cec-67b0-279293bd9acd; application_locale=en
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:16 GMT
content-type: application/vnd.api+json
vary: Accept-Encoding
cache-control: no-cache, private
server-timing: p;dur=23, dt_total;dur=24.186, wf-uht;dur=0.037
traceparent: 00-f04a7d3361c7545b40235ae3c7bc8461-5df9d376d98ec28e-01
x-dt: 285
x-time-ng: 0.024
content-encoding: br
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true

178.253.29.51

200 OK

2.7 kB

URL GET HTTP/2
1xlite-461430.top/service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
2.7 kB (2653 bytes)
Hash
9ba2e0895c95d01fef75c2ce39299ad1
4d3a0a2f889b75f840ba31c8fee04dfab05f5635
28ddb90dbcb4f792a8c8e9d372d86d7dc532086e095e7c917f2b9a2c8c52c64a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2235918160-0cca-11ef-945a-6dc9d9560782%22%7D; platform_type=desktop; auid=sv0dM2Y6uuqIW4v/AxdSAg==; SESSION=3de462c77cef1cdd4d60e050e4c5d13b; window_width=1280; _glhf=1715142750; che_g=e38fa854-3b8f-5cec-67b0-279293bd9acd; application_locale=en; sh.session.id=42399254-5fbc-45c3-bc41-9ac675e965b8; ggru=167
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:22 GMT
content-type: application/json; charset=utf-8
content-length: 2653
cache-control: public, max-age=5
content-encoding: br
last-modified: Tue, 07 May 2024 23:36:22 GMT
vary: Accept-Encoding
x-time-ng: 0.010
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.018
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/7413e8b9-8adee4b5b5407a55.js

172.64.148.184

200 OK

28 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/chunks/7413e8b9-8adee4b5b5407a55.js
IP
172.64.148.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
gzip compressed data, from Unix
Size
28 kB (27590 bytes)
Hash
627b1044da9287df4df9d2caf60cfb68
c81e97c43ff9854ab35cd54f2ab17faa1aec43d7
6b8ccc218b583219bc6033dc80befd0dff97f519cc2f53d11bb9bd5789376015

HTTP Headers

GET /_next/static/chunks/7413e8b9-8adee4b5b5407a55.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 23:36:16 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Mon, 22 Jan 2024 07:49:06 GMT
etag: W/"12fe9-18d3024f9c4"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 622621
expires: Wed, 07 May 2025 23:36:16 GMT
server: cloudflare
cf-ray: 880507fe4dc9b50c-OSL
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/7bd3bc288fd4.js

185.244.209.62

450 B

URL
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/7bd3bc288fd4.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

File type
ASCII text, with very long lines (449)
Size
450 B (450 bytes)
Hash
056ce527a12544a37f984ac598be2344
6946b65cf1c68960e5f9ac0900a0df66a13e7e85
cd7cdf53c803ca43a37171180d14c2374e45ab347d309f9b83a107b9ad9b4ed1

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/7bd3bc288fd4.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:22 GMT
content-type: text/javascript; charset=utf-8
content-length: 450
last-modified: Wed, 01 May 2024 08:21:41 GMT
etag: "056ce527a12544a37f984ac598be2344"
x-amz-meta-mtime: 1714551564.671873539
expires: Fri, 03 May 2024 08:43:57 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-3e29fcdf54970544f31b63f66f6b5cfb-e194c0bd0b99e025-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-02T08:43:57+00:00, 2024-05-07T18:09:19+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/635ff2d38c89.js

185.244.209.62

435 B

URL
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/635ff2d38c89.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

File type
Java source, ASCII text, with very long lines (434)
Size
435 B (435 bytes)
Hash
213bb33769eecf49a9d71c164b83a3d6
2caacec15b0665fc36759a6bdf499512788dd7f3
75e86ca16a3f828026bc32b7aab627175289750ac184bd505d531c591d2bf011

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/635ff2d38c89.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:22 GMT
content-type: text/javascript; charset=utf-8
content-length: 435
last-modified: Wed, 01 May 2024 08:21:41 GMT
etag: "213bb33769eecf49a9d71c164b83a3d6"
x-amz-meta-mtime: 1714551564.671873539
expires: Thu, 02 May 2024 15:20:56 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-759474f2615310718c9d0ff1231bb599-2d33aeddf2d50d4b-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-01T15:20:56+00:00, 2024-05-07T17:01:39+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/conversion-f0624fc4.js

185.244.209.62

200 OK

66 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/conversion-f0624fc4.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Size
66 kB (66479 bytes)
Hash
191ff223860f458112e0be2a63bd9857
850dd681d5b31321f00b8df955a455aa9478e44e
40e1fe6d194776c5fa845dda1dbebda9c2bc3154d8c45793ae74a2e1bf147016

HTTP Headers

GET /_nuxt/desktop/default/vendors/conversion-f0624fc4.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:22 GMT
content-type: application/javascript; charset=utf-8
content-length: 66479
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-103af"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:50 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-89ef9b9212b121bb2d8b41ee78b0a620-2c7e7da2297057ca-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:50+00:00, 2024-05-07T14:48:16+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/7f79b3bfb64b.css

185.244.209.62

170 kB

URL
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/7f79b3bfb64b.css
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

File type
gzip compressed data, max speed, from Unix
Size
170 kB (170290 bytes)
Hash
27897dea688442e94644fc39e2d2fb27
bd00aaf8096d276b293ff79646e0dfd88cd41440
d50359f168f37f78c664f6a2af629ac8080fdc448689016af75a9ee45b5a333b

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/7f79b3bfb64b.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:16 GMT
content-type: text/css; charset=utf-8
last-modified: Wed, 01 May 2024 08:21:41 GMT
etag: W/"304cc943df23445a393ae3d5b02dc1c7"
x-amz-meta-mtime: 1714551564.671873539
content-encoding: gzip
expires: Thu, 02 May 2024 15:20:45 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-3ab4253d8c0f65c370849b98a40b3407-853d5fb9178e450e-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-01T15:20:45+00:00, 2024-05-07T17:01:25+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Medium.woff2

185.244.209.62

200 OK

65 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Medium.woff2
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 64732, version 1.0
Size
65 kB (64732 bytes)
Hash
3ac5d40d1b3966fc5eb09ecca74d9cbf
a69f32357765dd321519889aeacba5e9ca893bb0
3310766b8f58538d07abded74a2babe1acbe1a3ee820d5b8c8265da666f4fb0c

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Medium.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:24 GMT
content-type: font/woff2
content-length: 64732
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "3ac5d40d1b3966fc5eb09ecca74d9cbf"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-12479765b4edb5b64f52ff455b908164-833b192bb49c28b2-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:56:30+00:00, 2024-05-07T22:46:51+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2

185.244.209.62

200 OK

64 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 63920, version 1.0
Size
64 kB (63920 bytes)
Hash
a65527fcb58f66a7cfbc0e6b160538b4
45d260e7fa343401b5bb0df982a014f53e2d253b
fb13c3a1cbac60649b76f7d7f85c1645d35ac69b85ce5f4eb0692505ecc2cd45

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:24 GMT
content-type: font/woff2
content-length: 63920
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "a65527fcb58f66a7cfbc0e6b160538b4"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-38889725edde7bdd38d5ce8c1e87596b-6f0cfee1609b4d2c-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:54:39+00:00, 2024-05-07T22:37:28+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true

178.253.29.51

200 OK

11 kB

URL GET HTTP/2
1xlite-461430.top/service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
11 kB (10696 bytes)
Hash
4d838fea414364edfa39bbe9c9c6cf84
e6015d47c8e7f6513874b81d4f12def3b3ee4f7c
30a68c19902a0624e5d19070af74e437ce188df892e649a246aafa1c28ea7ff2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2235918160-0cca-11ef-945a-6dc9d9560782%22%7D; platform_type=desktop; auid=sv0dM2Y6uuqIW4v/AxdSAg==; SESSION=3de462c77cef1cdd4d60e050e4c5d13b; window_width=1280; _glhf=1715142750; che_g=e38fa854-3b8f-5cec-67b0-279293bd9acd; application_locale=en; sh.session.id=42399254-5fbc-45c3-bc41-9ac675e965b8; ggru=167
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:25 GMT
content-type: application/json; charset=utf-8
content-length: 10696
cache-control: public, max-age=5
content-encoding: br
last-modified: Tue, 07 May 2024 23:36:22 GMT
vary: Accept-Encoding
x-time-ng: 0.018
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/49e90f3b8dc2.js

185.244.209.62

1.1 kB

URL
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/49e90f3b8dc2.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

File type
gzip compressed data, max speed, from Unix
Size
1.1 kB (1110 bytes)
Hash
3fa5a8c7a83d70fc6f0e9c822d0bd561
4734e18db22dfdb588c8379da20a3efb1ffeb952
5e6f348476c95ddfd010391ac677341337900f796e4aba7723659d4d6357b45e

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/49e90f3b8dc2.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:22 GMT
content-type: text/javascript; charset=utf-8
last-modified: Wed, 01 May 2024 08:21:41 GMT
etag: W/"e4a5e0e3cafb59fadf6c400cfd363b1a"
x-amz-meta-mtime: 1714551564.671873539
content-encoding: gzip
expires: Thu, 02 May 2024 15:20:56 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-41ef41f70e67395b91da1606e3c78b8f-758ac01c4fe90003-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-01T15:20:56+00:00, 2024-05-07T17:01:38+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/analytics-a8ae3276.js

185.244.209.62

2.4 kB

URL
v3.traincdn.com/_nuxt/desktop/default/analytics-a8ae3276.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

File type
JavaScript source, ASCII text, with very long lines (6444), with no line terminators
Size
2.4 kB (2434 bytes)
Hash
60f915b0daad3af04303726381897e81
133c20a7f58c18758483c23f595d5a4f22ba9371
320b5a7d25c926dc55eb7a53f4348bf7c34bd7f5bc6ad3bcd1d16029239dc3a1

HTTP Headers

GET /_nuxt/desktop/default/analytics-a8ae3276.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:26 GMT
content-type: application/javascript; charset=utf-8
content-length: 2434
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-982"
content-encoding: gzip
expires: Wed, 08 May 2024 08:41:52 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-e753a2afbbf0e082b0984aae29c7acdb-e3ea4c3fdb7d606d-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T08:41:52+00:00, 2024-05-07T09:24:02+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LiveFeed/WebGetTopChampsZip?lng=en&gr=285&country=137

178.253.29.51

698 B

URL
1xlite-461430.top/service-api/LiveFeed/WebGetTopChampsZip?lng=en&gr=285&country=137
IP
178.253.29.51:0
ASN
#202492 Silverhill Group Holding Ltd

File type
JSON text data
Size
698 B (698 bytes)
Hash
75993569645a5b2513536e3fb0c622ac
4b3a639c259658d2d1b6f09382694a908d60a1d8
715537f3f2a0ef2675ce3e13d350d8a44c64aa9306d0b1b137c63f184da7c501

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/WebGetTopChampsZip?lng=en&gr=285&country=137 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2235918160-0cca-11ef-945a-6dc9d9560782%22%7D; platform_type=desktop; auid=sv0dM2Y6uuqIW4v/AxdSAg==; SESSION=3de462c77cef1cdd4d60e050e4c5d13b; window_width=1280; _glhf=1715142750; che_g=e38fa854-3b8f-5cec-67b0-279293bd9acd; application_locale=en; sh.session.id=42399254-5fbc-45c3-bc41-9ac675e965b8; ggru=167
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:26 GMT
content-type: application/json; charset=utf-8
content-length: 698
cache-control: no-cache
last-modified: Tue, 07 May 2024 23:36:26 GMT
x-time-ng: 0.015
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.023
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2

185.244.209.62

200 OK

64 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 63748, version 1.0
Size
64 kB (63748 bytes)
Hash
6887b6f24414dbc612dbf42ccdc76b70
8068d3abfbc6cbf35b55919da45b1f4d2d136238
fc5c015fc32518f1ed810fa84ca28941eb9d5a3c81acc8df69a4dbbeedef7b0c

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:26 GMT
content-type: font/woff2
content-length: 63748
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "6887b6f24414dbc612dbf42ccdc76b70"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-122df6818882b4348ce63c9880a8cc4c-807ffecd86e514bc-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:13:59+00:00, 2024-05-07T23:15:21+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Medium.woff2

185.244.209.62

200 OK

65 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Medium.woff2
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 64732, version 1.0
Size
65 kB (64732 bytes)
Hash
3ac5d40d1b3966fc5eb09ecca74d9cbf
a69f32357765dd321519889aeacba5e9ca893bb0
3310766b8f58538d07abded74a2babe1acbe1a3ee820d5b8c8265da666f4fb0c

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Medium.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:26 GMT
content-type: font/woff2
content-length: 64732
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "3ac5d40d1b3966fc5eb09ecca74d9cbf"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-ebfcc9b84b03e73a17fd5d2781d9deaf-a174c62b085f4cee-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:56:30+00:00, 2024-05-07T22:46:51+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2

185.244.209.62

200 OK

64 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 63920, version 1.0
Size
64 kB (63920 bytes)
Hash
a65527fcb58f66a7cfbc0e6b160538b4
45d260e7fa343401b5bb0df982a014f53e2d253b
fb13c3a1cbac60649b76f7d7f85c1645d35ac69b85ce5f4eb0692505ecc2cd45

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:26 GMT
content-type: font/woff2
content-length: 63920
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "a65527fcb58f66a7cfbc0e6b160538b4"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-f6366f8507c3a7528a5478584cff2392-1740cb0562a99d2b-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:54:39+00:00, 2024-05-07T22:37:28+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66

142.250.74.168

106 kB

URL
www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66
IP
142.250.74.168:0
ASN
#15169 GOOGLE

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (10899)
Size
106 kB (105863 bytes)
Hash
75c5905aa52b7bdf460628ed44eca228
64c96da4830341e4c1a06910d9fcd81efda837c3
3ac1b9f8ca981e8b6be302eb6b8f75f73d56e94d1edb57f5e44a7ae1e576159f

HTTP Headers

GET /gtag/js?id=G-7JGWL9SV66 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 07 May 2024 23:36:27 GMT
expires: Tue, 07 May 2024 23:36:27 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 105863
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.googletagmanager.com/gtm.js?id=GTM-KFGPRJ2V

142.250.74.168

64 kB

URL
www.googletagmanager.com/gtm.js?id=GTM-KFGPRJ2V
IP
142.250.74.168:0
ASN
#15169 GOOGLE

File type
JavaScript source, ASCII text, with very long lines (1822)
Size
64 kB (64406 bytes)
Hash
6e2ea79cb562c29cf1cd3178bb0022d2
84daa2a3216c5baecdc810e25e4ea602c8870f22
75a9127a2a992de9547cab4069bf5a4bcd0fd872aaf4276fcde3f991a574ab83

HTTP Headers

GET /gtm.js?id=GTM-KFGPRJ2V HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 07 May 2024 23:36:27 GMT
expires: Tue, 07 May 2024 23:36:27 GMT
cache-control: private, max-age=900
last-modified: Tue, 07 May 2024 22:54:12 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 64406
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/entry-414928da.js

185.244.209.62

200 OK

692 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/entry-414928da.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
692 kB (691493 bytes)
Hash
9f9ec6cbfb9d964532d01512cae4de45
7805a353bae20d3ea976370c9fc632f7019158eb
d66477be3f8a597e95aeb9aa9fe5e126529b0d3aa16bf9d2e827ba9a506d5a84

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/entry-414928da.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:17 GMT
content-type: text/javascript; charset=utf-8
last-modified: Wed, 01 May 2024 08:21:42 GMT
etag: W/"2ff74ba461966e9ef07ec952168d3783"
x-amz-meta-mtime: 1714551564.679873411
content-encoding: gzip
expires: Thu, 02 May 2024 15:20:40 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-105b2af296904873e6bc73dfa1aada20-0a0cd61cfcba1068-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-01T15:20:40+00:00, 2024-05-07T17:01:27+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/5f591efad77b.js

185.244.209.62

29 kB

URL
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/5f591efad77b.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

File type
gzip compressed data, max speed, from Unix
Size
29 kB (28798 bytes)
Hash
76dbf16e441d645e33386428064e9811
b7a4760f1b122001d398ca4579ed577179a55247
c005241cc5085e41cdc47e30c8f12ca736f4ed01eb263c65e35a06262eda5afe

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/5f591efad77b.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:22 GMT
content-type: text/javascript; charset=utf-8
last-modified: Wed, 01 May 2024 08:21:41 GMT
etag: W/"7def1ae39ae3ec1a1a1d626c24e5a7f2"
x-amz-meta-mtime: 1714551564.671873539
content-encoding: gzip
expires: Thu, 02 May 2024 15:20:56 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-69d09c216e1ec4790f181022e985c427-ad1f251ae3ac35f6-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-01T15:20:56+00:00, 2024-05-07T17:01:39+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true

178.253.29.51

200 OK

2.7 kB

URL GET HTTP/2
1xlite-461430.top/service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
2.7 kB (2653 bytes)
Hash
9ba2e0895c95d01fef75c2ce39299ad1
4d3a0a2f889b75f840ba31c8fee04dfab05f5635
28ddb90dbcb4f792a8c8e9d372d86d7dc532086e095e7c917f2b9a2c8c52c64a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2235918160-0cca-11ef-945a-6dc9d9560782%22%7D; platform_type=desktop; auid=sv0dM2Y6uuqIW4v/AxdSAg==; SESSION=3de462c77cef1cdd4d60e050e4c5d13b; window_width=1280; _glhf=1715142750; che_g=e38fa854-3b8f-5cec-67b0-279293bd9acd; application_locale=en; sh.session.id=42399254-5fbc-45c3-bc41-9ac675e965b8; ggru=167
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:27 GMT
content-type: application/json; charset=utf-8
content-length: 2653
cache-control: public, max-age=5
content-encoding: br
last-modified: Tue, 07 May 2024 23:36:22 GMT
vary: Accept-Encoding
x-time-ng: 0.010
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/main-fa1d3b21fd97b583.js

172.64.148.184

200 OK

31 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/chunks/main-fa1d3b21fd97b583.js
IP
172.64.148.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
31 kB (30740 bytes)
Hash
c6186862c521bf41629b8be9ce74be1c
66afb61a030a3155869197b174d7b93342f466f6
1eba331712c3a74c839210579a28d7d9f93500d8c376bb042a33db189b2211e2

HTTP Headers

GET /_next/static/chunks/main-fa1d3b21fd97b583.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 23:36:16 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://file-hosting-api-stage.kube.prod.cons.lan https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 09 Nov 2023 06:03:45 GMT
etag: W/"1a544-18bb2adf0eb"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 617061
expires: Wed, 07 May 2025 23:36:16 GMT
server: cloudflare
cf-ray: 880507fe3dc4b50c-OSL
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LineFeed/GetSportsShortZip?lng=en&country=137&virtualSports=true&gr=285&groupChamps=true

178.253.29.51

200 OK

2.0 kB

URL GET HTTP/2
1xlite-461430.top/service-api/LineFeed/GetSportsShortZip?lng=en&country=137&virtualSports=true&gr=285&groupChamps=true
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
2.0 kB (2000 bytes)
Hash
3b03c54a744a847f7326bb83df9c0ec7
eea7efc621a979c0ec49073ec08dde37cbf6bfb9
8aad7198122c0ba2d09129b11dd751e8459e914709f3c0b4f00086a70310fbaa

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LineFeed/GetSportsShortZip?lng=en&country=137&virtualSports=true&gr=285&groupChamps=true HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2235918160-0cca-11ef-945a-6dc9d9560782%22%7D; platform_type=desktop; auid=sv0dM2Y6uuqIW4v/AxdSAg==; SESSION=3de462c77cef1cdd4d60e050e4c5d13b; window_width=1280; _glhf=1715142750; che_g=e38fa854-3b8f-5cec-67b0-279293bd9acd; application_locale=en; sh.session.id=42399254-5fbc-45c3-bc41-9ac675e965b8; ggru=167
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:28 GMT
content-type: application/json; charset=utf-8
content-length: 2000
cache-control: public, max-age=5
content-encoding: br
last-modified: Tue, 07 May 2024 23:36:25 GMT
vary: Accept-Encoding
x-time-ng: 0.051
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LineFeed/GetGameZip?id=528450883&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1

178.253.29.51

200 OK

1.6 kB

URL GET HTTP/2
1xlite-461430.top/service-api/LineFeed/GetGameZip?id=528450883&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
1.6 kB (1561 bytes)
Hash
0865394d0dfa07f725419a5a250ca330
9254a7423d7a92523b52b586bf49d7d338f431fc
3be543e192eb0fa1dd84a8aa723df650010a131c161638ea983202ccc413644a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LineFeed/GetGameZip?id=528450883&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2235918160-0cca-11ef-945a-6dc9d9560782%22%7D; platform_type=desktop; auid=sv0dM2Y6uuqIW4v/AxdSAg==; SESSION=3de462c77cef1cdd4d60e050e4c5d13b; window_width=1280; _glhf=1715142750; che_g=e38fa854-3b8f-5cec-67b0-279293bd9acd; application_locale=en; sh.session.id=42399254-5fbc-45c3-bc41-9ac675e965b8; ggru=167
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:28 GMT
content-type: application/json; charset=utf-8
content-length: 1561
cache-control: public, max-age=5
content-encoding: br
last-modified: Tue, 07 May 2024 23:36:24 GMT
vary: Accept-Encoding
x-time-ng: 0.014
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LineFeed/GetGameZip?id=528915807&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1

178.253.29.51

1.5 kB

URL GET
1xlite-461430.top/service-api/LineFeed/GetGameZip?id=528915807&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1
IP
178.253.29.51:0
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
1.5 kB (1474 bytes)
Hash
6dc008b300bb6102ba17dc8afd9ebd52
1840924145acce58d63fdd8d80c957ba6e2e1d4f
ccf8bfc426f0f0e02991a54c3cb7545b15c421ebc858729f5250c6f96c7debfb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LineFeed/GetGameZip?id=528915807&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2235918160-0cca-11ef-945a-6dc9d9560782%22%7D; platform_type=desktop; auid=sv0dM2Y6uuqIW4v/AxdSAg==; SESSION=3de462c77cef1cdd4d60e050e4c5d13b; window_width=1280; _glhf=1715142750; che_g=e38fa854-3b8f-5cec-67b0-279293bd9acd; application_locale=en; sh.session.id=42399254-5fbc-45c3-bc41-9ac675e965b8; ggru=167; _ga_7JGWL9SV66=GS1.1.1715124988.1.0.1715124988.60.0.0; _ga=GA1.1.1102082266.1715124988
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:28 GMT
content-type: application/json; charset=utf-8
content-length: 1474
cache-control: public, max-age=5
content-encoding: br
last-modified: Tue, 07 May 2024 23:36:28 GMT
vary: Accept-Encoding
x-time-ng: 0.011
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.018
X-Firefox-Spdy: h2

www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-7JGWL9SV66&cid=1102082266.1715124988&gtm=45je4510v897130004za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&frm=0&z=568088998

142.250.74.163

42 B

URL
www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-7JGWL9SV66&cid=1102082266.1715124988&gtm=45je4510v897130004za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&frm=0&z=568088998
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-7JGWL9SV66&cid=1102082266.1715124988&gtm=45je4510v897130004za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&frm=0&z=568088998 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 07 May 2024 23:36:28 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LineFeed/GetGameZip?id=529224955&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1

178.253.29.51

1.5 kB

URL
1xlite-461430.top/service-api/LineFeed/GetGameZip?id=529224955&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1
IP
178.253.29.51:0
ASN
#202492 Silverhill Group Holding Ltd

File type
JSON text data
Size
1.5 kB (1458 bytes)
Hash
68a661740aa4a2787d2aa1dca0e1b24e
8304e3aa45777b7f0a6d8b2e7a29d64488df5280
b02ad197e931f0e3b4d6ebbc9c27df8d9eafb30e6c96d95cbfc2232271520d3f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LineFeed/GetGameZip?id=529224955&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2235918160-0cca-11ef-945a-6dc9d9560782%22%7D; platform_type=desktop; auid=sv0dM2Y6uuqIW4v/AxdSAg==; SESSION=3de462c77cef1cdd4d60e050e4c5d13b; window_width=1280; _glhf=1715142750; che_g=e38fa854-3b8f-5cec-67b0-279293bd9acd; application_locale=en; sh.session.id=42399254-5fbc-45c3-bc41-9ac675e965b8; ggru=167; _ga_7JGWL9SV66=GS1.1.1715124988.1.0.1715124988.60.0.0; _ga=GA1.1.1102082266.1715124988
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:28 GMT
content-type: application/json; charset=utf-8
content-length: 1458
cache-control: public, max-age=5
content-encoding: br
last-modified: Tue, 07 May 2024 23:36:28 GMT
vary: Accept-Encoding
x-time-ng: 0.005
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.016
X-Firefox-Spdy: h2

1xlite-461430.top/hd-api/external/api/web/v1/j/30al55982l2l9i4859a8bb4fafbaa6d80b5db959b9effab3ff68

178.253.29.51

200 OK

516 B

URL POST HTTP/2
1xlite-461430.top/hd-api/external/api/web/v1/j/30al55982l2l9i4859a8bb4fafbaa6d80b5db959b9effab3ff68
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
516 B (516 bytes)
Hash
b6f183bde264a895a4f036bbad29c352
5d25172b10826c9d4ffc41a83cc1368e057fae7f
10f85dee86c14fab14a0b97d944d609351d2b464ff563e23bc275b279eab3d72

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /hd-api/external/api/web/v1/j/30al55982l2l9i4859a8bb4fafbaa6d80b5db959b9effab3ff68 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
X-Requested-With: XMLHttpRequest
Content-Type: application/json
Content-Length: 105916
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2235918160-0cca-11ef-945a-6dc9d9560782%22%7D; platform_type=desktop; auid=sv0dM2Y6uuqIW4v/AxdSAg==; SESSION=3de462c77cef1cdd4d60e050e4c5d13b; window_width=1280; _glhf=1715142750; che_g=e38fa854-3b8f-5cec-67b0-279293bd9acd; application_locale=en; sh.session.id=42399254-5fbc-45c3-bc41-9ac675e965b8; ggru=167; _ga_7JGWL9SV66=GS1.1.1715124988.1.0.1715124988.60.0.0; _ga=GA1.1.1102082266.1715124988
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:28 GMT
content-type: application/json
content-length: 516
content-encoding: gzip
traceparent: 00-9b71f090bc839b790b515da8ce278452-36e9b2f06bb79fba-01
vary: Accept-Encoding
x-dt: 285
x-request-guid: dcf1a99d6eb44775415d5650c74ff71d
x-time-ng: 0.007
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=6.818, wf-uht;dur=0.029
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/c65c754d498ddb25accb3498c1e7540b.png

185.244.209.62

5.2 kB

URL
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/c65c754d498ddb25accb3498c1e7540b.png
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

File type
PNG image data, 514 x 514, 8-bit colormap, non-interlaced
Size
5.2 kB (5202 bytes)
Hash
b9a636eef54b2844b571fe7de49184a7
bf653690790ced40eb3189da075a275d951d1607
001bfcdd52b658d46543a1aec889d35b73b3909b47097cc011b95e96fc9e3743

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/c65c754d498ddb25accb3498c1e7540b.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:28 GMT
content-type: image/png
content-length: 5202
last-modified: Wed, 28 Feb 2024 07:52:20 GMT
etag: "b9a636eef54b2844b571fe7de49184a7"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-173301474a678fce59af36c755a47d6a-077b9f9ed919ba66-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-03T07:12:40+00:00, 2024-05-07T23:36:19+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

region1.analytics.google.com/g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je4510v897130004za200&_p=1715124986991&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=1102082266.1715124988&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_s=1&sid=1715124988&sct=1&seg=0&dl=https%3A%2F%2F1xlite-461430.top%2Fen%3Ftag%3Ds_42282m_355c_%255B%255DMS%255B%255Dnull%255B%255Dnull%255B%255Dgeneral%255B%255Digetp25b33b2e8d_d27775_l109266_clickunder%26pb%3Dfaaf2011d3a14c35b9037a1c1a40940b%26click_id%3D35918160-0cca-11ef-945a-6dc9d9560782&dt=1xBet%20%E1%90%89%20Online%20sports%20betting%20%E1%90%89%201xBet%20online%20bookmaker%20log%20in%20%E1%90%89%201xlite-461430.top&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.optimize_id=GTM-5R4MT54&tfd=19267

216.239.34.36

204 No Content

0 B

URL POST HTTP/2
region1.analytics.google.com/g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je4510v897130004za200&_p=1715124986991&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=1102082266.1715124988&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_s=1&sid=1715124988&sct=1&seg=0&dl=https%3A%2F%2F1xlite-461430.top%2Fen%3Ftag%3Ds_42282m_355c_%255B%255DMS%255B%255Dnull%255B%255Dnull%255B%255Dgeneral%255B%255Digetp25b33b2e8d_d27775_l109266_clickunder%26pb%3Dfaaf2011d3a14c35b9037a1c1a40940b%26click_id%3D35918160-0cca-11ef-945a-6dc9d9560782&dt=1xBet%20%E1%90%89%20Online%20sports%20betting%20%E1%90%89%201xBet%20online%20bookmaker%20log%20in%20%E1%90%89%201xlite-461430.top&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.optimize_id=GTM-5R4MT54&tfd=19267
IP
216.239.34.36:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE
ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je4510v897130004za200&_p=1715124986991&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=1102082266.1715124988&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_s=1&sid=1715124988&sct=1&seg=0&dl=https%3A%2F%2F1xlite-461430.top%2Fen%3Ftag%3Ds_42282m_355c_%255B%255DMS%255B%255Dnull%255B%255Dnull%255B%255Dgeneral%255B%255Digetp25b33b2e8d_d27775_l109266_clickunder%26pb%3Dfaaf2011d3a14c35b9037a1c1a40940b%26click_id%3D35918160-0cca-11ef-945a-6dc9d9560782&dt=1xBet%20%E1%90%89%20Online%20sports%20betting%20%E1%90%89%201xBet%20online%20bookmaker%20log%20in%20%E1%90%89%201xlite-461430.top&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.optimize_id=GTM-5R4MT54&tfd=19267 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: https://1xlite-461430.top
date: Tue, 07 May 2024 23:36:28 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/shared-assets/__shared_sweetalert2_X3CQ7PJQ.js

185.244.209.62

200 OK

77 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/shared-assets/__shared_sweetalert2_X3CQ7PJQ.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
77 kB (76799 bytes)
Hash
4a47545c05a457fa0c8e8b3863ad2f7a
1fde3851bb2f2d47d6e7b5e5da1c1c58e3421134
bc089a16ee945c9642677837cc25c197b8a1b8a91578eade187366f48ee38613

HTTP Headers

GET /sys-static/shared-assets/__shared_sweetalert2_X3CQ7PJQ.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:19 GMT
content-type: text/javascript; charset=utf-8
last-modified: Tue, 07 May 2024 09:11:40 GMT
etag: W/"138de5d55ee831195dd90bbf5c557926"
x-amz-meta-mtime: 1715072814.261664647
content-encoding: gzip
expires: Wed, 08 May 2024 15:18:14 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-9b329615557da878cc37dfc84adc227d-f17e362125e7dc86-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T15:18:14+00:00, 2024-05-07T15:56:16+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/banner/43b37bcd63883963ab5ca6707fd4ca45.jpg

185.244.209.62

17 kB

URL
v3.traincdn.com/genfiles/cms/1/desktop/banner/43b37bcd63883963ab5ca6707fd4ca45.jpg
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1380x248, components 3
Size
17 kB (16730 bytes)
Hash
ebce475967e6d85db5bdbde23e85eff7
496e2c75b549fe82d3f6dfbb3976096e0cae2ae7
6a1892ac412355576c6427f173d8b26757bdf0c8ec3aa149b6d1cfbc97408b9f

HTTP Headers

GET /genfiles/cms/1/desktop/banner/43b37bcd63883963ab5ca6707fd4ca45.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:32 GMT
content-type: image/jpeg
content-length: 16730
last-modified: Mon, 06 May 2024 09:11:06 GMT
etag: "ebce475967e6d85db5bdbde23e85eff7"
x-time-ng: 0.002
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-fc4972c19b9e3d0e64c930edce1bc1cb-d097739467405dc0-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T14:51:53+00:00, 2024-05-07T23:36:19+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true

178.253.29.51

200 OK

2.7 kB

URL GET HTTP/2
1xlite-461430.top/service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
2.7 kB (2650 bytes)
Hash
9a23994fd18a7482579a2e3761cad56a
4940f5d87235e9a676db4d01c03259083880f6fc
81ad2aefa90da0ceb0649b5ed40fc4f1089c15de7d57f8d7c13162d9af664b14

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiUXVPajcvVWVWWXBiTXNPNHZhb05ERnJuQnp6ZEx4T2FpbW8vTk1oazQ3eHRQMkwvU2k4NHkvM1pLK1kwWDhYd2Y2THY2Wkg3T1psaWhWOHo5d29wWjN2cXA1TXRTdWQ3NC91bkZLeTBlMWJiV1RXQndZS2RUMjNvSFp5K1E0ZThQRWZ1L2I2WmQ5bjcvcnpvazJkRzJVZlYrSERBM080K1RkSEc3dHF2NFV2VGNxTGFpcC9HMEFISTBUOWJLK1hPVURMSE9LZllDTHl6Ykd3L1dEc01tQUx0VjVTVUNJUENqaldVb2M0OTF3b3pmUmdrWXdiVUx2eXhrcytHZXZqUktubWc2ZlYwTFhJeWcwbW5CSXBpR0tLck4rcEY1T3JwV09VYisvc2w5eE9MIiwiZXhwIjoxNzE1MTM5Mzg4LCJpYXQiOjE3MTUxMjQ5ODh9.3XysJBBAptuWIa5DamCIF_RjiwSgET8iIKS4BcVWbmNj30tQ3ZEkpGxzi6ITIiwOFV_7hP2adweJWNdMIKknAw
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2235918160-0cca-11ef-945a-6dc9d9560782%22%7D; platform_type=desktop; auid=sv0dM2Y6uuqIW4v/AxdSAg==; SESSION=3de462c77cef1cdd4d60e050e4c5d13b; window_width=1280; _glhf=1715142750; che_g=e38fa854-3b8f-5cec-67b0-279293bd9acd; application_locale=en; sh.session.id=42399254-5fbc-45c3-bc41-9ac675e965b8; ggru=167; _ga_7JGWL9SV66=GS1.1.1715124988.1.0.1715124988.60.0.0; _ga=GA1.1.1102082266.1715124988
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:33 GMT
content-type: application/json; charset=utf-8
content-length: 2650
cache-control: public, max-age=5
content-encoding: br
last-modified: Tue, 07 May 2024 23:36:29 GMT
vary: Accept-Encoding
x-time-ng: 0.008
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LineFeed/GetGameZip?id=528915807&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1

178.253.29.51

1.5 kB

URL GET
1xlite-461430.top/service-api/LineFeed/GetGameZip?id=528915807&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1
IP
178.253.29.51:0
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
1.5 kB (1474 bytes)
Hash
6dc008b300bb6102ba17dc8afd9ebd52
1840924145acce58d63fdd8d80c957ba6e2e1d4f
ccf8bfc426f0f0e02991a54c3cb7545b15c421ebc858729f5250c6f96c7debfb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LineFeed/GetGameZip?id=528915807&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiUXVPajcvVWVWWXBiTXNPNHZhb05ERnJuQnp6ZEx4T2FpbW8vTk1oazQ3eHRQMkwvU2k4NHkvM1pLK1kwWDhYd2Y2THY2Wkg3T1psaWhWOHo5d29wWjN2cXA1TXRTdWQ3NC91bkZLeTBlMWJiV1RXQndZS2RUMjNvSFp5K1E0ZThQRWZ1L2I2WmQ5bjcvcnpvazJkRzJVZlYrSERBM080K1RkSEc3dHF2NFV2VGNxTGFpcC9HMEFISTBUOWJLK1hPVURMSE9LZllDTHl6Ykd3L1dEc01tQUx0VjVTVUNJUENqaldVb2M0OTF3b3pmUmdrWXdiVUx2eXhrcytHZXZqUktubWc2ZlYwTFhJeWcwbW5CSXBpR0tLck4rcEY1T3JwV09VYisvc2w5eE9MIiwiZXhwIjoxNzE1MTM5Mzg4LCJpYXQiOjE3MTUxMjQ5ODh9.3XysJBBAptuWIa5DamCIF_RjiwSgET8iIKS4BcVWbmNj30tQ3ZEkpGxzi6ITIiwOFV_7hP2adweJWNdMIKknAw
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2235918160-0cca-11ef-945a-6dc9d9560782%22%7D; platform_type=desktop; auid=sv0dM2Y6uuqIW4v/AxdSAg==; SESSION=3de462c77cef1cdd4d60e050e4c5d13b; window_width=1280; _glhf=1715142750; che_g=e38fa854-3b8f-5cec-67b0-279293bd9acd; application_locale=en; sh.session.id=42399254-5fbc-45c3-bc41-9ac675e965b8; ggru=167; _ga_7JGWL9SV66=GS1.1.1715124988.1.0.1715124988.60.0.0; _ga=GA1.1.1102082266.1715124988
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:33 GMT
content-type: application/json; charset=utf-8
content-length: 1474
cache-control: public, max-age=5
content-encoding: br
last-modified: Tue, 07 May 2024 23:36:28 GMT
vary: Accept-Encoding
x-time-ng: 0.011
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LineFeed/GetGameZip?id=528450883&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1

178.253.29.51

200 OK

2.9 kB

URL GET HTTP/2
1xlite-461430.top/service-api/LineFeed/GetGameZip?id=528450883&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
2.9 kB (2931 bytes)
Hash
e630c61234e78de680bef284a632ebba
a1f81296fd731254383307038a2ed561902394ae
96fed176321b1e3ec6954364c548cf04beddaf50681e945573ef29aaa7111251

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LineFeed/GetGameZip?id=528450883&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiUXVPajcvVWVWWXBiTXNPNHZhb05ERnJuQnp6ZEx4T2FpbW8vTk1oazQ3eHRQMkwvU2k4NHkvM1pLK1kwWDhYd2Y2THY2Wkg3T1psaWhWOHo5d29wWjN2cXA1TXRTdWQ3NC91bkZLeTBlMWJiV1RXQndZS2RUMjNvSFp5K1E0ZThQRWZ1L2I2WmQ5bjcvcnpvazJkRzJVZlYrSERBM080K1RkSEc3dHF2NFV2VGNxTGFpcC9HMEFISTBUOWJLK1hPVURMSE9LZllDTHl6Ykd3L1dEc01tQUx0VjVTVUNJUENqaldVb2M0OTF3b3pmUmdrWXdiVUx2eXhrcytHZXZqUktubWc2ZlYwTFhJeWcwbW5CSXBpR0tLck4rcEY1T3JwV09VYisvc2w5eE9MIiwiZXhwIjoxNzE1MTM5Mzg4LCJpYXQiOjE3MTUxMjQ5ODh9.3XysJBBAptuWIa5DamCIF_RjiwSgET8iIKS4BcVWbmNj30tQ3ZEkpGxzi6ITIiwOFV_7hP2adweJWNdMIKknAw
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2235918160-0cca-11ef-945a-6dc9d9560782%22%7D; platform_type=desktop; auid=sv0dM2Y6uuqIW4v/AxdSAg==; SESSION=3de462c77cef1cdd4d60e050e4c5d13b; window_width=1280; _glhf=1715142750; che_g=e38fa854-3b8f-5cec-67b0-279293bd9acd; application_locale=en; sh.session.id=42399254-5fbc-45c3-bc41-9ac675e965b8; ggru=167; _ga_7JGWL9SV66=GS1.1.1715124988.1.0.1715124988.60.0.0; _ga=GA1.1.1102082266.1715124988
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:33 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=5
last-modified: Tue, 07 May 2024 23:36:30 GMT
x-time-ng: 0.012
content-encoding: br
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true

178.253.29.51

200 OK

11 kB

URL GET HTTP/2
1xlite-461430.top/service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
11 kB (10735 bytes)
Hash
364b1c73bff79232d6b1f01686a8b40f
cf5d80339dfe4f0dfccd4d9fa67525b7c0145a24
b4536149a576dbcd682b4edfe7bcac30f0711b85ceca5cee67db8424641f785d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiUXVPajcvVWVWWXBiTXNPNHZhb05ERnJuQnp6ZEx4T2FpbW8vTk1oazQ3eHRQMkwvU2k4NHkvM1pLK1kwWDhYd2Y2THY2Wkg3T1psaWhWOHo5d29wWjN2cXA1TXRTdWQ3NC91bkZLeTBlMWJiV1RXQndZS2RUMjNvSFp5K1E0ZThQRWZ1L2I2WmQ5bjcvcnpvazJkRzJVZlYrSERBM080K1RkSEc3dHF2NFV2VGNxTGFpcC9HMEFISTBUOWJLK1hPVURMSE9LZllDTHl6Ykd3L1dEc01tQUx0VjVTVUNJUENqaldVb2M0OTF3b3pmUmdrWXdiVUx2eXhrcytHZXZqUktubWc2ZlYwTFhJeWcwbW5CSXBpR0tLck4rcEY1T3JwV09VYisvc2w5eE9MIiwiZXhwIjoxNzE1MTM5Mzg4LCJpYXQiOjE3MTUxMjQ5ODh9.3XysJBBAptuWIa5DamCIF_RjiwSgET8iIKS4BcVWbmNj30tQ3ZEkpGxzi6ITIiwOFV_7hP2adweJWNdMIKknAw
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2235918160-0cca-11ef-945a-6dc9d9560782%22%7D; platform_type=desktop; auid=sv0dM2Y6uuqIW4v/AxdSAg==; SESSION=3de462c77cef1cdd4d60e050e4c5d13b; window_width=1280; _glhf=1715142750; che_g=e38fa854-3b8f-5cec-67b0-279293bd9acd; application_locale=en; sh.session.id=42399254-5fbc-45c3-bc41-9ac675e965b8; ggru=167; _ga_7JGWL9SV66=GS1.1.1715124988.1.0.1715124988.60.0.0; _ga=GA1.1.1102082266.1715124988
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:36 GMT
content-type: application/json; charset=utf-8
content-length: 10735
cache-control: public, max-age=5
content-encoding: br
last-modified: Tue, 07 May 2024 23:36:36 GMT
vary: Accept-Encoding
x-time-ng: 0.017
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.025
X-Firefox-Spdy: h2

services.addons.mozilla.org/api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-search-detection%40mozilla.com%2Cgoogle%40search.mozilla.org%2Cwikipedia%40search.mozilla.org%2Cbing%40search.mozilla.org%2Cddg%40search.mozilla.org%2Cfirefox-compact-light%40mozilla.org%2Cfirefox-compact-dark%40mozilla.org%2Cfirefox-alpenglow%40mozilla.org%2Camazon%40search.mozilla.org&lang=en-US

54.230.111.21

82 B

URL
services.addons.mozilla.org/api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-search-detection%40mozilla.com%2Cgoogle%40search.mozilla.org%2Cwikipedia%40search.mozilla.org%2Cbing%40search.mozilla.org%2Cddg%40search.mozilla.org%2Cfirefox-compact-light%40mozilla.org%2Cfirefox-compact-dark%40mozilla.org%2Cfirefox-alpenglow%40mozilla.org%2Camazon%40search.mozilla.org&lang=en-US
IP
54.230.111.21:0
ASN
#16509 AMAZON-02

File type
JSON text data
Size
82 B (82 bytes)
Hash
4f822d39c269d2c47e3174b6c6bad3b7
d56bd07959c766e9c18faa9cf1070548f9236b65
cda00e555c758b1c13b6cbd17049ca8471057d16c60f08f551dbc331308eecf3

HTTP Headers

GET /api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-search-detection%40mozilla.com%2Cgoogle%40search.mozilla.org%2Cwikipedia%40search.mozilla.org%2Cbing%40search.mozilla.org%2Cddg%40search.mozilla.org%2Cfirefox-compact-light%40mozilla.org%2Cfirefox-compact-dark%40mozilla.org%2Cfirefox-alpenglow%40mozilla.org%2Camazon%40search.mozilla.org&lang=en-US HTTP/1.1
Host: services.addons.mozilla.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/json
content-length: 82
server: openresty
date: Tue, 07 May 2024 23:31:09 GMT
allow: GET, HEAD, OPTIONS
x-amo-request-id: bee97b78178049aaa0b5c343864f0622
content-security-policy: media-src https://videos.cdn.mozilla.net; default-src 'none'; connect-src 'self' https://*.google-analytics.com; child-src https://www.recaptcha.net/recaptcha/; frame-src https://www.recaptcha.net/recaptcha/; script-src https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js https://www.recaptcha.net/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://addons.mozilla.org/static-server/; style-src 'unsafe-inline' https://addons.mozilla.org/static-server/; img-src 'self' blob: data: https://addons.mozilla.org/static-server/ https://addons.mozilla.org/user-media/; object-src 'none'; font-src 'self' https://addons.mozilla.org/static-server/; form-action 'self'; report-uri /__cspreport__
x-frame-options: DENY
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: same-origin
cross-origin-opener-policy: same-origin
cache-control: max-age=3600
public-key-pins: max-age=5184000; includeSubDomains; pin-sha256="WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; pin-sha256="r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E="
via: 1.1 google, 1.1 ee04daa979e7a02cc5ca472521bc18a6.cloudfront.net (CloudFront)
etag: "4f822d39c269d2c47e3174b6c6bad3b7"
vary: origin,X-Country-Code,Accept-Language
x-cache: Hit from cloudfront
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: LEkkooRjFjCveK7-I80NF46krCeYRvJRHhsFJbaNlY5YUDjyGwDM_w==
age: 328
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/f385e6db/_ssgManifest.js

172.64.148.184

3.9 kB

URL
widget.suphelper.top/_next/static/f385e6db/_ssgManifest.js
IP
172.64.148.184:0
ASN
#13335 CLOUDFLARENET

File type
gzip compressed data, from Unix
Size
3.9 kB (3857 bytes)
Hash
ee4541933f19f3fc7f26685499d278d3
424580b32ad4d6206c5094ba6ff9482f4c9fa936
e859539ed2786a90c33bb5298aad37a84126b115921847aa4e498b1efda6d695

HTTP Headers

GET /_next/static/f385e6db/_ssgManifest.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 23:36:16 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 02 May 2024 07:01:48 GMT
etag: W/"4d-18f381bf92a"
vary: Accept-Encoding
cf-cache-status: HIT
age: 491326
expires: Wed, 07 May 2025 23:36:16 GMT
server: cloudflare
cf-ray: 880507fe6dddb50c-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

aus5.mozilla.org/update/3/SystemAddons/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml

35.244.181.201

42 B

URL
aus5.mozilla.org/update/3/SystemAddons/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml
IP
35.244.181.201:0
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type
XML 1.0 document, ASCII text
Size
42 B (42 bytes)
Hash
f8f24fa0c857d8f2ee493e131b85ab62
cb6049f830a54d14a19d4104fc0bb5ab5fdedbe6
e0dadbc9cd1f1bd8ce3118cc3383e0d0f6d147f055265d498d99deea956ba00f

HTTP Headers

GET /update/3/SystemAddons/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1
Host: aus5.mozilla.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Cache-Control: no-cache
Pragma: no-cache
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:37 GMT
content-type: text/xml; charset=utf-8
content-length: 42
rule-id: unknown
rule-data-version: unknown
strict-transport-security: max-age=31536000;
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'
x-proxy-cache-status: MISS
via: 1.1 google
cache-control: public,max-age=90
alt-svc: clear
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size24/sfiles/logo_teams/6884.webp

185.244.209.62

1.4 kB

URL
v3.traincdn.com/resized/size24/sfiles/logo_teams/6884.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

File type
RIFF (little-endian) data, Web/P image
Size
1.4 kB (1356 bytes)
Hash
4675aff241583e92737ecf4fe2df1c49
79858a163ff9fb5a92473132c67a0d542b2dcdf6
7c6075e3d19715fa0c8bfad733c180f63d564fff020e9a52a1de6d06cef1891e

HTTP Headers

GET /resized/size24/sfiles/logo_teams/6884.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:38 GMT
content-type: image/webp
content-length: 1356
cache-control: max-age=94608000
content-disposition: inline; filename="6884.webp"
content-security-policy: script-src 'none'
expires: Fri, 07 May 2027 14:47:01 GMT
x-request-id: d562c44e30a229e977dc42ddbfecfbaf
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-b7f78b85d86b1a56bd900518f4ffcdae-82870779298a8c6a-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T14:47:01+00:00, 2024-05-07T14:48:33+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size24/sfiles/logo_teams/3878bf2552540f58b96e9bd1ad4c5048.webp

185.244.209.62

1.3 kB

URL
v3.traincdn.com/resized/size24/sfiles/logo_teams/3878bf2552540f58b96e9bd1ad4c5048.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

File type
RIFF (little-endian) data, Web/P image
Size
1.3 kB (1306 bytes)
Hash
8949b6110d1b5e7d822b11baad2d310f
573124a7802f9de17572de3a996b0b7fc412afb1
5afc0ed272674a365e88564117066ce54cbb8c297b2c4520e2604be8c09008c4

HTTP Headers

GET /resized/size24/sfiles/logo_teams/3878bf2552540f58b96e9bd1ad4c5048.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:38 GMT
content-type: image/webp
content-length: 1306
cache-control: max-age=94608000
content-disposition: inline; filename="3878bf2552540f58b96e9bd1ad4c5048.webp"
content-security-policy: script-src 'none'
expires: Fri, 07 May 2027 14:47:01 GMT
x-request-id: 62476a6d7fc86e7d0e77b714976f0c84
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-a0b97c32f24c78aed128e447bd3e2518-3d2139580f442d37-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T14:47:01+00:00, 2024-05-07T14:48:33+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/web-api/api/web/v1/config/actualDomain

178.253.29.51

200 OK

31 kB

URL GET HTTP/2
1xlite-461430.top/web-api/api/web/v1/config/actualDomain
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
31 kB (31366 bytes)
Hash
e90508cca101d9cb990de4c1ac272162
f2eff8d50f5d46fb966acd5ce6eae0e6928698f5
11d2a39f89bd0f2c2d4bce0007c223e73a00e54ac7423b3eff9ceec40b477e99

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /web-api/api/web/v1/config/actualDomain HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2235918160-0cca-11ef-945a-6dc9d9560782%22%7D; platform_type=desktop; auid=sv0dM2Y6uuqIW4v/AxdSAg==
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:12 GMT
content-type: application/vnd.api+json
vary: Accept-Encoding
cache-control: no-cache, private
server-timing: p;dur=47, dt_total;dur=48.633, wf-uht;dur=0.060
set-cookie: SESSION=3de462c77cef1cdd4d60e050e4c5d13b; path=/; secure; HttpOnly; SameSite=Lax
ua=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
traceparent: 00-ea1e8d7e506cf76333aefd353793cd92-88e35e6327f71547-01
x-dt: 285
x-time-ng: 0.048
content-encoding: br
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LineFeed/GetSportsShortZip?lng=en&country=137&virtualSports=true&gr=285&groupChamps=true

178.253.29.51

200 OK

2.0 kB

URL GET HTTP/2
1xlite-461430.top/service-api/LineFeed/GetSportsShortZip?lng=en&country=137&virtualSports=true&gr=285&groupChamps=true
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
2.0 kB (2000 bytes)
Hash
3b03c54a744a847f7326bb83df9c0ec7
eea7efc621a979c0ec49073ec08dde37cbf6bfb9
8aad7198122c0ba2d09129b11dd751e8459e914709f3c0b4f00086a70310fbaa

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LineFeed/GetSportsShortZip?lng=en&country=137&virtualSports=true&gr=285&groupChamps=true HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiUXVPajcvVWVWWXBiTXNPNHZhb05ERnJuQnp6ZEx4T2FpbW8vTk1oazQ3eHRQMkwvU2k4NHkvM1pLK1kwWDhYd2Y2THY2Wkg3T1psaWhWOHo5d29wWjN2cXA1TXRTdWQ3NC91bkZLeTBlMWJiV1RXQndZS2RUMjNvSFp5K1E0ZThQRWZ1L2I2WmQ5bjcvcnpvazJkRzJVZlYrSERBM080K1RkSEc3dHF2NFV2VGNxTGFpcC9HMEFISTBUOWJLK1hPVURMSE9LZllDTHl6Ykd3L1dEc01tQUx0VjVTVUNJUENqaldVb2M0OTF3b3pmUmdrWXdiVUx2eXhrcytHZXZqUktubWc2ZlYwTFhJeWcwbW5CSXBpR0tLck4rcEY1T3JwV09VYisvc2w5eE9MIiwiZXhwIjoxNzE1MTM5Mzg4LCJpYXQiOjE3MTUxMjQ5ODh9.3XysJBBAptuWIa5DamCIF_RjiwSgET8iIKS4BcVWbmNj30tQ3ZEkpGxzi6ITIiwOFV_7hP2adweJWNdMIKknAw
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2235918160-0cca-11ef-945a-6dc9d9560782%22%7D; platform_type=desktop; auid=sv0dM2Y6uuqIW4v/AxdSAg==; SESSION=3de462c77cef1cdd4d60e050e4c5d13b; window_width=1280; _glhf=1715142750; che_g=e38fa854-3b8f-5cec-67b0-279293bd9acd; application_locale=en; sh.session.id=42399254-5fbc-45c3-bc41-9ac675e965b8; ggru=167; _ga_7JGWL9SV66=GS1.1.1715124988.1.0.1715124988.60.0.0; _ga=GA1.1.1102082266.1715124988
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:38 GMT
content-type: application/json; charset=utf-8
content-length: 2000
cache-control: public, max-age=5
content-encoding: br
last-modified: Tue, 07 May 2024 23:36:35 GMT
vary: Accept-Encoding
x-time-ng: 0.076
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true

178.253.29.51

200 OK

2.6 kB

URL GET HTTP/2
1xlite-461430.top/service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
2.6 kB (2622 bytes)
Hash
cbdba63808ea93ac59cb984ba8d22561
ea9991dd6810663487855291aebe30a803571c53
05575fe90df5584731c69cf2e60bac35f96af339892df36e6c1dd14284f82a81

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiUXVPajcvVWVWWXBiTXNPNHZhb05ERnJuQnp6ZEx4T2FpbW8vTk1oazQ3eHRQMkwvU2k4NHkvM1pLK1kwWDhYd2Y2THY2Wkg3T1psaWhWOHo5d29wWjN2cXA1TXRTdWQ3NC91bkZLeTBlMWJiV1RXQndZS2RUMjNvSFp5K1E0ZThQRWZ1L2I2WmQ5bjcvcnpvazJkRzJVZlYrSERBM080K1RkSEc3dHF2NFV2VGNxTGFpcC9HMEFISTBUOWJLK1hPVURMSE9LZllDTHl6Ykd3L1dEc01tQUx0VjVTVUNJUENqaldVb2M0OTF3b3pmUmdrWXdiVUx2eXhrcytHZXZqUktubWc2ZlYwTFhJeWcwbW5CSXBpR0tLck4rcEY1T3JwV09VYisvc2w5eE9MIiwiZXhwIjoxNzE1MTM5Mzg4LCJpYXQiOjE3MTUxMjQ5ODh9.3XysJBBAptuWIa5DamCIF_RjiwSgET8iIKS4BcVWbmNj30tQ3ZEkpGxzi6ITIiwOFV_7hP2adweJWNdMIKknAw
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2235918160-0cca-11ef-945a-6dc9d9560782%22%7D; platform_type=desktop; auid=sv0dM2Y6uuqIW4v/AxdSAg==; SESSION=3de462c77cef1cdd4d60e050e4c5d13b; window_width=1280; _glhf=1715142750; che_g=e38fa854-3b8f-5cec-67b0-279293bd9acd; application_locale=en; sh.session.id=42399254-5fbc-45c3-bc41-9ac675e965b8; ggru=167; _ga_7JGWL9SV66=GS1.1.1715124988.1.0.1715124988.60.0.0; _ga=GA1.1.1102082266.1715124988
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:38 GMT
content-type: application/json; charset=utf-8
content-length: 2622
cache-control: public, max-age=5
content-encoding: br
last-modified: Tue, 07 May 2024 23:36:35 GMT
vary: Accept-Encoding
x-time-ng: 0.009
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LiveFeed/GetTopGamesStatZip?lng=en&antisports=66

178.253.29.51

200 OK

2.5 kB

URL GET HTTP/2
1xlite-461430.top/service-api/LiveFeed/GetTopGamesStatZip?lng=en&antisports=66
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
2.5 kB (2455 bytes)
Hash
d133213626cf5ee6201d68c733b9de23
a0bbfe1a83cf2b61aba21882c91f9274c9c031cc
4ca897ac5cffc901b3d93683df728d131a1bc53c5360c57918ce618041f6c847

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/GetTopGamesStatZip?lng=en&antisports=66 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiUXVPajcvVWVWWXBiTXNPNHZhb05ERnJuQnp6ZEx4T2FpbW8vTk1oazQ3eHRQMkwvU2k4NHkvM1pLK1kwWDhYd2Y2THY2Wkg3T1psaWhWOHo5d29wWjN2cXA1TXRTdWQ3NC91bkZLeTBlMWJiV1RXQndZS2RUMjNvSFp5K1E0ZThQRWZ1L2I2WmQ5bjcvcnpvazJkRzJVZlYrSERBM080K1RkSEc3dHF2NFV2VGNxTGFpcC9HMEFISTBUOWJLK1hPVURMSE9LZllDTHl6Ykd3L1dEc01tQUx0VjVTVUNJUENqaldVb2M0OTF3b3pmUmdrWXdiVUx2eXhrcytHZXZqUktubWc2ZlYwTFhJeWcwbW5CSXBpR0tLck4rcEY1T3JwV09VYisvc2w5eE9MIiwiZXhwIjoxNzE1MTM5Mzg4LCJpYXQiOjE3MTUxMjQ5ODh9.3XysJBBAptuWIa5DamCIF_RjiwSgET8iIKS4BcVWbmNj30tQ3ZEkpGxzi6ITIiwOFV_7hP2adweJWNdMIKknAw
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2235918160-0cca-11ef-945a-6dc9d9560782%22%7D; platform_type=desktop; auid=sv0dM2Y6uuqIW4v/AxdSAg==; SESSION=3de462c77cef1cdd4d60e050e4c5d13b; window_width=1280; _glhf=1715142750; che_g=e38fa854-3b8f-5cec-67b0-279293bd9acd; application_locale=en; sh.session.id=42399254-5fbc-45c3-bc41-9ac675e965b8; ggru=167; _ga_7JGWL9SV66=GS1.1.1715124988.1.0.1715124988.60.0.0; _ga=GA1.1.1102082266.1715124988
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:39 GMT
content-type: application/json; charset=utf-8
content-length: 2455
cache-control: public, max-age=5
content-encoding: br
last-modified: Tue, 07 May 2024 23:36:36 GMT
vary: Accept-Encoding
x-time-ng: 0.004
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LineFeed/GetGameZip?id=528450883&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1

178.253.29.51

200 OK

1.6 kB

URL GET HTTP/2
1xlite-461430.top/service-api/LineFeed/GetGameZip?id=528450883&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
1.6 kB (1561 bytes)
Hash
f728232a00d2015b9c9224de1c6a4812
262f4242fe14831d37643438622cfcce92d65559
3856f909f93daee5ec43d93ffafebee8c5d8ecd063cf80d23bf297a86a692707

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LineFeed/GetGameZip?id=528450883&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiUXVPajcvVWVWWXBiTXNPNHZhb05ERnJuQnp6ZEx4T2FpbW8vTk1oazQ3eHRQMkwvU2k4NHkvM1pLK1kwWDhYd2Y2THY2Wkg3T1psaWhWOHo5d29wWjN2cXA1TXRTdWQ3NC91bkZLeTBlMWJiV1RXQndZS2RUMjNvSFp5K1E0ZThQRWZ1L2I2WmQ5bjcvcnpvazJkRzJVZlYrSERBM080K1RkSEc3dHF2NFV2VGNxTGFpcC9HMEFISTBUOWJLK1hPVURMSE9LZllDTHl6Ykd3L1dEc01tQUx0VjVTVUNJUENqaldVb2M0OTF3b3pmUmdrWXdiVUx2eXhrcytHZXZqUktubWc2ZlYwTFhJeWcwbW5CSXBpR0tLck4rcEY1T3JwV09VYisvc2w5eE9MIiwiZXhwIjoxNzE1MTM5Mzg4LCJpYXQiOjE3MTUxMjQ5ODh9.3XysJBBAptuWIa5DamCIF_RjiwSgET8iIKS4BcVWbmNj30tQ3ZEkpGxzi6ITIiwOFV_7hP2adweJWNdMIKknAw
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2235918160-0cca-11ef-945a-6dc9d9560782%22%7D; platform_type=desktop; auid=sv0dM2Y6uuqIW4v/AxdSAg==; SESSION=3de462c77cef1cdd4d60e050e4c5d13b; window_width=1280; _glhf=1715142750; che_g=e38fa854-3b8f-5cec-67b0-279293bd9acd; application_locale=en; sh.session.id=42399254-5fbc-45c3-bc41-9ac675e965b8; ggru=167; _ga_7JGWL9SV66=GS1.1.1715124988.1.0.1715124988.60.0.0; _ga=GA1.1.1102082266.1715124988
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:39 GMT
content-type: application/json; charset=utf-8
content-length: 1561
cache-control: public, max-age=5
content-encoding: br
last-modified: Tue, 07 May 2024 23:36:36 GMT
vary: Accept-Encoding
x-time-ng: 0.033
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/ea5e649383e3.js

185.244.209.62

9.4 kB

URL
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/ea5e649383e3.js
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

File type
gzip compressed data, max speed, from Unix
Size
9.4 kB (9399 bytes)
Hash
d5cea111cdaf6eb3cde5f2edd728ce8f
0785031be4d899a205d026c37c312bfba8a604f3
7e64ec765f61f6f219c3661a9999d2df1409e2ad090eae0bef60bb716a39bc35

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/ea5e649383e3.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:22 GMT
content-type: text/javascript; charset=utf-8
last-modified: Wed, 01 May 2024 08:21:42 GMT
etag: W/"feb5d0c05443398468224d2944536b10"
x-amz-meta-mtime: 1714551564.675873475
content-encoding: gzip
expires: Thu, 02 May 2024 15:20:56 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-df38f3cda3f205612265ee867a305820-4ed3ac8ed0f74f5b-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-01T15:20:56+00:00, 2024-05-07T17:01:38+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LineFeed/GetGameZip?id=529224955&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1

178.253.29.51

1.5 kB

URL
1xlite-461430.top/service-api/LineFeed/GetGameZip?id=529224955&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1
IP
178.253.29.51:0
ASN
#202492 Silverhill Group Holding Ltd

File type
JSON text data
Size
1.5 kB (1458 bytes)
Hash
abff3dc5d6f55a02dac768b322df2991
52cd7bba37deac446c459f6dd297d65c6dfb1d1c
3fca3910c87a24821faa8e99c72c7ed76e88f7e14fda028d6e3f282da0f41b2e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LineFeed/GetGameZip?id=529224955&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiUXVPajcvVWVWWXBiTXNPNHZhb05ERnJuQnp6ZEx4T2FpbW8vTk1oazQ3eHRQMkwvU2k4NHkvM1pLK1kwWDhYd2Y2THY2Wkg3T1psaWhWOHo5d29wWjN2cXA1TXRTdWQ3NC91bkZLeTBlMWJiV1RXQndZS2RUMjNvSFp5K1E0ZThQRWZ1L2I2WmQ5bjcvcnpvazJkRzJVZlYrSERBM080K1RkSEc3dHF2NFV2VGNxTGFpcC9HMEFISTBUOWJLK1hPVURMSE9LZllDTHl6Ykd3L1dEc01tQUx0VjVTVUNJUENqaldVb2M0OTF3b3pmUmdrWXdiVUx2eXhrcytHZXZqUktubWc2ZlYwTFhJeWcwbW5CSXBpR0tLck4rcEY1T3JwV09VYisvc2w5eE9MIiwiZXhwIjoxNzE1MTM5Mzg4LCJpYXQiOjE3MTUxMjQ5ODh9.3XysJBBAptuWIa5DamCIF_RjiwSgET8iIKS4BcVWbmNj30tQ3ZEkpGxzi6ITIiwOFV_7hP2adweJWNdMIKknAw
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2235918160-0cca-11ef-945a-6dc9d9560782%22%7D; platform_type=desktop; auid=sv0dM2Y6uuqIW4v/AxdSAg==; SESSION=3de462c77cef1cdd4d60e050e4c5d13b; window_width=1280; _glhf=1715142750; che_g=e38fa854-3b8f-5cec-67b0-279293bd9acd; application_locale=en; sh.session.id=42399254-5fbc-45c3-bc41-9ac675e965b8; ggru=167; _ga_7JGWL9SV66=GS1.1.1715124988.1.0.1715124988.60.0.0; _ga=GA1.1.1102082266.1715124988
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:39 GMT
content-type: application/json; charset=utf-8
content-length: 1458
cache-control: public, max-age=5
content-encoding: br
last-modified: Tue, 07 May 2024 23:36:34 GMT
vary: Accept-Encoding
x-time-ng: 0.022
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true

178.253.29.51

200 OK

11 kB

URL GET HTTP/2
1xlite-461430.top/service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
11 kB (10735 bytes)
Hash
ae74cc9d473d31ecb084f3ef2a1c77da
3c05a9fa38859636ff25a7b31933c99b79a148cd
c3065dddb5d0d857d838b1d02b9978998da72669a8c2e7b9bef7e282d78fcda6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiUXVPajcvVWVWWXBiTXNPNHZhb05ERnJuQnp6ZEx4T2FpbW8vTk1oazQ3eHRQMkwvU2k4NHkvM1pLK1kwWDhYd2Y2THY2Wkg3T1psaWhWOHo5d29wWjN2cXA1TXRTdWQ3NC91bkZLeTBlMWJiV1RXQndZS2RUMjNvSFp5K1E0ZThQRWZ1L2I2WmQ5bjcvcnpvazJkRzJVZlYrSERBM080K1RkSEc3dHF2NFV2VGNxTGFpcC9HMEFISTBUOWJLK1hPVURMSE9LZllDTHl6Ykd3L1dEc01tQUx0VjVTVUNJUENqaldVb2M0OTF3b3pmUmdrWXdiVUx2eXhrcytHZXZqUktubWc2ZlYwTFhJeWcwbW5CSXBpR0tLck4rcEY1T3JwV09VYisvc2w5eE9MIiwiZXhwIjoxNzE1MTM5Mzg4LCJpYXQiOjE3MTUxMjQ5ODh9.3XysJBBAptuWIa5DamCIF_RjiwSgET8iIKS4BcVWbmNj30tQ3ZEkpGxzi6ITIiwOFV_7hP2adweJWNdMIKknAw
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2235918160-0cca-11ef-945a-6dc9d9560782%22%7D; platform_type=desktop; auid=sv0dM2Y6uuqIW4v/AxdSAg==; SESSION=3de462c77cef1cdd4d60e050e4c5d13b; window_width=1280; _glhf=1715142750; che_g=e38fa854-3b8f-5cec-67b0-279293bd9acd; application_locale=en; sh.session.id=42399254-5fbc-45c3-bc41-9ac675e965b8; ggru=167; _ga_7JGWL9SV66=GS1.1.1715124988.1.0.1715124988.60.0.0; _ga=GA1.1.1102082266.1715124988
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:42 GMT
content-type: application/json; charset=utf-8
content-length: 10735
cache-control: public, max-age=5
content-encoding: br
last-modified: Tue, 07 May 2024 23:36:42 GMT
vary: Accept-Encoding
x-time-ng: 0.018
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.026
X-Firefox-Spdy: h2

pp23vi1.com/static/pixel.gif?1715125002752

178.253.14.123

43 B

URL
pp23vi1.com/static/pixel.gif?1715125002752
IP
178.253.14.123:0
ASN
#202492 Silverhill Group Holding Ltd

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

HTTP Headers

GET /static/pixel.gif?1715125002752 HTTP/1.1
Host: pp23vi1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:42 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: no-cache
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/banner/bf26d696b76130d9781b16f89f1de4cc.jpg

185.244.209.62

147 kB

URL
v3.traincdn.com/genfiles/cms/1/desktop/banner/bf26d696b76130d9781b16f89f1de4cc.jpg
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, progressive, precision 8, 1380x248, components 3
Size
147 kB (147402 bytes)
Hash
9d1ab102184100544b4a72fcc6a8c458
79a64d17a182311cf4f856e39c83e3d9c5b1e55b
0fd0800599423b6bc4c2fe90c96f0025f4dd0d13d0c4b535e9421e21049a0903

HTTP Headers

GET /genfiles/cms/1/desktop/banner/bf26d696b76130d9781b16f89f1de4cc.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:43 GMT
content-type: image/jpeg
content-length: 147402
last-modified: Tue, 11 Apr 2023 18:15:17 GMT
etag: "9d1ab102184100544b4a72fcc6a8c458"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-f89c24351b43c4648fc6ed32c0c563e1-f78e9405b87e4411-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T09:06:31+00:00, 2024-05-07T23:36:40+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/betstemplates/bets_model_short_en_0.json

185.244.209.62

200 OK

98 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/betstemplates/bets_model_short_en_0.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
98 kB (98207 bytes)
Hash
5c777a54b4e7c6f20f1d3958763dabd4
ef4d04ce10be888adacd7c90d9e692a2341e09e2
f15e82f88e726d135071d725abcc1d0d51ec3fb022ba3544414757266e90c54c

HTTP Headers

GET /genfiles/cms/betstemplates/bets_model_short_en_0.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:18 GMT
content-type: application/json
last-modified: Thu, 02 May 2024 09:18:51 GMT
etag: W/"d3e39abc76f19e176765d21ac9e70c5c"
content-encoding: gzip
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-f605afc6a7162750a6613e52332b5f71-fcc1479c7e05cb10-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-02T10:49:13+00:00, 2024-05-07T23:34:56+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true

178.253.29.51

200 OK

2.6 kB

URL GET HTTP/2
1xlite-461430.top/service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
2.6 kB (2610 bytes)
Hash
8957a664ca5df944763ae2bf6e445f44
83d7a92739192f5b498b81204b0ee174911a59b3
080cf15faeba3f626d4a22bae3517174e75e7ae8c88dc3ddd05f1fdef1489928

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiUXVPajcvVWVWWXBiTXNPNHZhb05ERnJuQnp6ZEx4T2FpbW8vTk1oazQ3eHRQMkwvU2k4NHkvM1pLK1kwWDhYd2Y2THY2Wkg3T1psaWhWOHo5d29wWjN2cXA1TXRTdWQ3NC91bkZLeTBlMWJiV1RXQndZS2RUMjNvSFp5K1E0ZThQRWZ1L2I2WmQ5bjcvcnpvazJkRzJVZlYrSERBM080K1RkSEc3dHF2NFV2VGNxTGFpcC9HMEFISTBUOWJLK1hPVURMSE9LZllDTHl6Ykd3L1dEc01tQUx0VjVTVUNJUENqaldVb2M0OTF3b3pmUmdrWXdiVUx2eXhrcytHZXZqUktubWc2ZlYwTFhJeWcwbW5CSXBpR0tLck4rcEY1T3JwV09VYisvc2w5eE9MIiwiZXhwIjoxNzE1MTM5Mzg4LCJpYXQiOjE3MTUxMjQ5ODh9.3XysJBBAptuWIa5DamCIF_RjiwSgET8iIKS4BcVWbmNj30tQ3ZEkpGxzi6ITIiwOFV_7hP2adweJWNdMIKknAw
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2235918160-0cca-11ef-945a-6dc9d9560782%22%7D; platform_type=desktop; auid=sv0dM2Y6uuqIW4v/AxdSAg==; SESSION=3de462c77cef1cdd4d60e050e4c5d13b; window_width=1280; _glhf=1715142750; che_g=e38fa854-3b8f-5cec-67b0-279293bd9acd; application_locale=en; sh.session.id=42399254-5fbc-45c3-bc41-9ac675e965b8; ggru=167; _ga_7JGWL9SV66=GS1.1.1715124988.1.0.1715124988.60.0.0; _ga=GA1.1.1102082266.1715124988; che_i=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:43 GMT
content-type: application/json; charset=utf-8
content-length: 2610
cache-control: public, max-age=5
content-encoding: br
last-modified: Tue, 07 May 2024 23:36:43 GMT
vary: Accept-Encoding
x-time-ng: 0.009
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.017
X-Firefox-Spdy: h2

1xlite-461430.top/web-api/external-api/v3/banners?project_id=285&country_code=NO&language=en&platform=2&section=6&is_auth=false&limit=100

178.253.29.51

200 OK

5.0 kB

URL GET HTTP/2
1xlite-461430.top/web-api/external-api/v3/banners?project_id=285&country_code=NO&language=en&platform=2&section=6&is_auth=false&limit=100
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
5.0 kB (4962 bytes)
Hash
3ca5015f447b9df73ff904df8a4bcd97
0ec60edec325a0320e5a978022ffaf9342aea3ad
a228e5fec71ea06d2c73a44ed26fb1a1434c96239f7a41a254fc0093557da746

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /web-api/external-api/v3/banners?project_id=285&country_code=NO&language=en&platform=2&section=6&is_auth=false&limit=100 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiUXVPajcvVWVWWXBiTXNPNHZhb05ERnJuQnp6ZEx4T2FpbW8vTk1oazQ3eHRQMkwvU2k4NHkvM1pLK1kwWDhYd2Y2THY2Wkg3T1psaWhWOHo5d29wWjN2cXA1TXRTdWQ3NC91bkZLeTBlMWJiV1RXQndZS2RUMjNvSFp5K1E0ZThQRWZ1L2I2WmQ5bjcvcnpvazJkRzJVZlYrSERBM080K1RkSEc3dHF2NFV2VGNxTGFpcC9HMEFISTBUOWJLK1hPVURMSE9LZllDTHl6Ykd3L1dEc01tQUx0VjVTVUNJUENqaldVb2M0OTF3b3pmUmdrWXdiVUx2eXhrcytHZXZqUktubWc2ZlYwTFhJeWcwbW5CSXBpR0tLck4rcEY1T3JwV09VYisvc2w5eE9MIiwiZXhwIjoxNzE1MTM5Mzg4LCJpYXQiOjE3MTUxMjQ5ODh9.3XysJBBAptuWIa5DamCIF_RjiwSgET8iIKS4BcVWbmNj30tQ3ZEkpGxzi6ITIiwOFV_7hP2adweJWNdMIKknAw
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2235918160-0cca-11ef-945a-6dc9d9560782%22%7D; platform_type=desktop; auid=sv0dM2Y6uuqIW4v/AxdSAg==; SESSION=3de462c77cef1cdd4d60e050e4c5d13b; window_width=1280; _glhf=1715142750; che_g=e38fa854-3b8f-5cec-67b0-279293bd9acd; application_locale=en; sh.session.id=42399254-5fbc-45c3-bc41-9ac675e965b8; ggru=167; _ga_7JGWL9SV66=GS1.1.1715124988.1.0.1715124988.60.0.0; _ga=GA1.1.1102082266.1715124988; che_i=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:45 GMT
content-type: application/vnd.api+json
vary: Accept-Encoding
cache-control: no-cache, private
server-timing: p;dur=24, dt_total;dur=25.883, wf-uht;dur=0.039
traceparent: 00-25f5a6dc348af60ad8be097794fbb290-56fc7c96d2f2ab6c-01
x-dt: 285
x-time-ng: 0.025
content-encoding: br
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LineFeed/GetGameZip?id=528915807&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1

178.253.29.51

1.5 kB

URL GET
1xlite-461430.top/service-api/LineFeed/GetGameZip?id=528915807&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1
IP
178.253.29.51:0
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
1.5 kB (1473 bytes)
Hash
5125a0e18620300b371fed05632fc637
88346aac3e128c20ed07e03dab11c5f895157ada
e70ec75b53afdddac94999a39c5addbad0ce875c79c04f13eded502733767ee3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LineFeed/GetGameZip?id=528915807&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiUXVPajcvVWVWWXBiTXNPNHZhb05ERnJuQnp6ZEx4T2FpbW8vTk1oazQ3eHRQMkwvU2k4NHkvM1pLK1kwWDhYd2Y2THY2Wkg3T1psaWhWOHo5d29wWjN2cXA1TXRTdWQ3NC91bkZLeTBlMWJiV1RXQndZS2RUMjNvSFp5K1E0ZThQRWZ1L2I2WmQ5bjcvcnpvazJkRzJVZlYrSERBM080K1RkSEc3dHF2NFV2VGNxTGFpcC9HMEFISTBUOWJLK1hPVURMSE9LZllDTHl6Ykd3L1dEc01tQUx0VjVTVUNJUENqaldVb2M0OTF3b3pmUmdrWXdiVUx2eXhrcytHZXZqUktubWc2ZlYwTFhJeWcwbW5CSXBpR0tLck4rcEY1T3JwV09VYisvc2w5eE9MIiwiZXhwIjoxNzE1MTM5Mzg4LCJpYXQiOjE3MTUxMjQ5ODh9.3XysJBBAptuWIa5DamCIF_RjiwSgET8iIKS4BcVWbmNj30tQ3ZEkpGxzi6ITIiwOFV_7hP2adweJWNdMIKknAw
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2235918160-0cca-11ef-945a-6dc9d9560782%22%7D; platform_type=desktop; auid=sv0dM2Y6uuqIW4v/AxdSAg==; SESSION=3de462c77cef1cdd4d60e050e4c5d13b; window_width=1280; _glhf=1715142750; che_g=e38fa854-3b8f-5cec-67b0-279293bd9acd; application_locale=en; sh.session.id=42399254-5fbc-45c3-bc41-9ac675e965b8; ggru=167; _ga_7JGWL9SV66=GS1.1.1715124988.1.0.1715124988.60.0.0; _ga=GA1.1.1102082266.1715124988; che_i=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:45 GMT
content-type: application/json; charset=utf-8
content-length: 1473
cache-control: public, max-age=5
content-encoding: br
last-modified: Tue, 07 May 2024 23:36:45 GMT
vary: Accept-Encoding
x-time-ng: 0.021
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.029
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LiveFeed/WebGetTopChampsZip?lng=en&gr=285&country=137

178.253.29.51

395 B

URL
1xlite-461430.top/service-api/LiveFeed/WebGetTopChampsZip?lng=en&gr=285&country=137
IP
178.253.29.51:0
ASN
#202492 Silverhill Group Holding Ltd

File type
JSON text data
Size
395 B (395 bytes)
Hash
75993569645a5b2513536e3fb0c622ac
4b3a639c259658d2d1b6f09382694a908d60a1d8
715537f3f2a0ef2675ce3e13d350d8a44c64aa9306d0b1b137c63f184da7c501

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/WebGetTopChampsZip?lng=en&gr=285&country=137 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiUXVPajcvVWVWWXBiTXNPNHZhb05ERnJuQnp6ZEx4T2FpbW8vTk1oazQ3eHRQMkwvU2k4NHkvM1pLK1kwWDhYd2Y2THY2Wkg3T1psaWhWOHo5d29wWjN2cXA1TXRTdWQ3NC91bkZLeTBlMWJiV1RXQndZS2RUMjNvSFp5K1E0ZThQRWZ1L2I2WmQ5bjcvcnpvazJkRzJVZlYrSERBM080K1RkSEc3dHF2NFV2VGNxTGFpcC9HMEFISTBUOWJLK1hPVURMSE9LZllDTHl6Ykd3L1dEc01tQUx0VjVTVUNJUENqaldVb2M0OTF3b3pmUmdrWXdiVUx2eXhrcytHZXZqUktubWc2ZlYwTFhJeWcwbW5CSXBpR0tLck4rcEY1T3JwV09VYisvc2w5eE9MIiwiZXhwIjoxNzE1MTM5Mzg4LCJpYXQiOjE3MTUxMjQ5ODh9.3XysJBBAptuWIa5DamCIF_RjiwSgET8iIKS4BcVWbmNj30tQ3ZEkpGxzi6ITIiwOFV_7hP2adweJWNdMIKknAw
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2235918160-0cca-11ef-945a-6dc9d9560782%22%7D; platform_type=desktop; auid=sv0dM2Y6uuqIW4v/AxdSAg==; SESSION=3de462c77cef1cdd4d60e050e4c5d13b; window_width=1280; _glhf=1715142750; che_g=e38fa854-3b8f-5cec-67b0-279293bd9acd; application_locale=en; sh.session.id=42399254-5fbc-45c3-bc41-9ac675e965b8; ggru=167; _ga_7JGWL9SV66=GS1.1.1715124988.1.0.1715124988.60.0.0; _ga=GA1.1.1102082266.1715124988; che_i=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:47 GMT
content-type: application/json; charset=utf-8
content-length: 395
cache-control: no-cache
content-encoding: br
last-modified: Tue, 07 May 2024 23:36:47 GMT
vary: Accept-Encoding
x-time-ng: 0.006
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.014
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LineFeed/GetGameZip?id=529224955&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1

178.253.29.51

12 kB

URL
1xlite-461430.top/service-api/LineFeed/GetGameZip?id=529224955&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1
IP
178.253.29.51:0
ASN
#202492 Silverhill Group Holding Ltd

File type
JSON text data
Size
12 kB (12155 bytes)
Hash
5e6811c3c35ab4ca2a2b2f95f96f3711
39579bb773472c5c3dd11b6e7d087a3b5625876c
cb7622cd39f01b9c609b4af8de168650b99656e816d98cc8567ce27be88146ae

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LineFeed/GetGameZip?id=529224955&lng=en&GroupEvents=true&countevents=50&grMode=4&marketType=1 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiUXVPajcvVWVWWXBiTXNPNHZhb05ERnJuQnp6ZEx4T2FpbW8vTk1oazQ3eHRQMkwvU2k4NHkvM1pLK1kwWDhYd2Y2THY2Wkg3T1psaWhWOHo5d29wWjN2cXA1TXRTdWQ3NC91bkZLeTBlMWJiV1RXQndZS2RUMjNvSFp5K1E0ZThQRWZ1L2I2WmQ5bjcvcnpvazJkRzJVZlYrSERBM080K1RkSEc3dHF2NFV2VGNxTGFpcC9HMEFISTBUOWJLK1hPVURMSE9LZllDTHl6Ykd3L1dEc01tQUx0VjVTVUNJUENqaldVb2M0OTF3b3pmUmdrWXdiVUx2eXhrcytHZXZqUktubWc2ZlYwTFhJeWcwbW5CSXBpR0tLck4rcEY1T3JwV09VYisvc2w5eE9MIiwiZXhwIjoxNzE1MTM5Mzg4LCJpYXQiOjE3MTUxMjQ5ODh9.3XysJBBAptuWIa5DamCIF_RjiwSgET8iIKS4BcVWbmNj30tQ3ZEkpGxzi6ITIiwOFV_7hP2adweJWNdMIKknAw
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2235918160-0cca-11ef-945a-6dc9d9560782%22%7D; platform_type=desktop; auid=sv0dM2Y6uuqIW4v/AxdSAg==; SESSION=3de462c77cef1cdd4d60e050e4c5d13b; window_width=1280; _glhf=1715142750; che_g=e38fa854-3b8f-5cec-67b0-279293bd9acd; application_locale=en; sh.session.id=42399254-5fbc-45c3-bc41-9ac675e965b8; ggru=167; _ga_7JGWL9SV66=GS1.1.1715124988.1.0.1715124988.60.0.0; _ga=GA1.1.1102082266.1715124988; che_i=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:45 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=5
last-modified: Tue, 07 May 2024 23:36:41 GMT
x-time-ng: 0.004
content-encoding: br
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/banner/8c83a62ae8afe0aa371618f02b8e4a01.jpg

185.244.209.62

82 kB

URL
v3.traincdn.com/genfiles/cms/1/desktop/banner/8c83a62ae8afe0aa371618f02b8e4a01.jpg
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

File type
JPEG image data, progressive, precision 8, 1380x248, components 3
Size
82 kB (81954 bytes)
Hash
ad5f0025317357d48209be53322c4854
c95715c6077d270ab0d901fa43184565216d6177
e7d3aa1ad1cf16bb24ada1e8ab541fbd94aa6196e7f98e50b244c70b0d9b2204

HTTP Headers

GET /genfiles/cms/1/desktop/banner/8c83a62ae8afe0aa371618f02b8e4a01.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:48 GMT
content-type: image/jpeg
content-length: 81954
last-modified: Thu, 05 Oct 2023 10:29:43 GMT
etag: "ad5f0025317357d48209be53322c4854"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-cfcac531e55ae8eb8fe9c0ca144f27b2-4f77c175feb7378e-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T09:26:31+00:00, 2024-05-07T23:36:45+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/banner/8c83a62ae8afe0aa371618f02b8e4a01.webp

185.244.209.62

28 kB

URL
v3.traincdn.com/genfiles/cms/1/desktop/banner/8c83a62ae8afe0aa371618f02b8e4a01.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1380x248, Scaling: [none]x[none], YUV color, decoders should clamp
Size
28 kB (27922 bytes)
Hash
77673f5b9062ff0a3565cba49941a954
f1c6d769ad6f256677c8558f06c4ee98d8e403d3
e78791dcbada0412db798159d9e781f2a50c12f04be4d0a4ecf96a617ec8b33b

HTTP Headers

GET /genfiles/cms/1/desktop/banner/8c83a62ae8afe0aa371618f02b8e4a01.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:48 GMT
content-type: image/webp
content-length: 27922
last-modified: Thu, 05 Oct 2023 10:29:56 GMT
etag: "77673f5b9062ff0a3565cba49941a954"
x-time-ng: 0.002
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2024-02-27T14:22:50+00:00
traceparent: 00-249470314baadbac734d8b0d35d9b485-2626048318bcd2e6-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LineFeed/GetSportsShortZip?lng=en&country=137&virtualSports=true&gr=285&groupChamps=true

178.253.29.51

200 OK

2.0 kB

URL GET HTTP/2
1xlite-461430.top/service-api/LineFeed/GetSportsShortZip?lng=en&country=137&virtualSports=true&gr=285&groupChamps=true
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
2.0 kB (2000 bytes)
Hash
3b03c54a744a847f7326bb83df9c0ec7
eea7efc621a979c0ec49073ec08dde37cbf6bfb9
8aad7198122c0ba2d09129b11dd751e8459e914709f3c0b4f00086a70310fbaa

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LineFeed/GetSportsShortZip?lng=en&country=137&virtualSports=true&gr=285&groupChamps=true HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiUXVPajcvVWVWWXBiTXNPNHZhb05ERnJuQnp6ZEx4T2FpbW8vTk1oazQ3eHRQMkwvU2k4NHkvM1pLK1kwWDhYd2Y2THY2Wkg3T1psaWhWOHo5d29wWjN2cXA1TXRTdWQ3NC91bkZLeTBlMWJiV1RXQndZS2RUMjNvSFp5K1E0ZThQRWZ1L2I2WmQ5bjcvcnpvazJkRzJVZlYrSERBM080K1RkSEc3dHF2NFV2VGNxTGFpcC9HMEFISTBUOWJLK1hPVURMSE9LZllDTHl6Ykd3L1dEc01tQUx0VjVTVUNJUENqaldVb2M0OTF3b3pmUmdrWXdiVUx2eXhrcytHZXZqUktubWc2ZlYwTFhJeWcwbW5CSXBpR0tLck4rcEY1T3JwV09VYisvc2w5eE9MIiwiZXhwIjoxNzE1MTM5Mzg4LCJpYXQiOjE3MTUxMjQ5ODh9.3XysJBBAptuWIa5DamCIF_RjiwSgET8iIKS4BcVWbmNj30tQ3ZEkpGxzi6ITIiwOFV_7hP2adweJWNdMIKknAw
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2235918160-0cca-11ef-945a-6dc9d9560782%22%7D; platform_type=desktop; auid=sv0dM2Y6uuqIW4v/AxdSAg==; SESSION=3de462c77cef1cdd4d60e050e4c5d13b; window_width=1280; _glhf=1715142750; che_g=e38fa854-3b8f-5cec-67b0-279293bd9acd; application_locale=en; sh.session.id=42399254-5fbc-45c3-bc41-9ac675e965b8; ggru=167; _ga_7JGWL9SV66=GS1.1.1715124988.1.0.1715124988.60.0.0; _ga=GA1.1.1102082266.1715124988; che_i=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:48 GMT
content-type: application/json; charset=utf-8
content-length: 2000
cache-control: public, max-age=5
content-encoding: br
last-modified: Tue, 07 May 2024 23:36:48 GMT
vary: Accept-Encoding
x-time-ng: 0.066
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.074
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true

178.253.29.51

200 OK

2.6 kB

URL GET HTTP/2
1xlite-461430.top/service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
2.6 kB (2610 bytes)
Hash
8957a664ca5df944763ae2bf6e445f44
83d7a92739192f5b498b81204b0ee174911a59b3
080cf15faeba3f626d4a22bae3517174e75e7ae8c88dc3ddd05f1fdef1489928

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiUXVPajcvVWVWWXBiTXNPNHZhb05ERnJuQnp6ZEx4T2FpbW8vTk1oazQ3eHRQMkwvU2k4NHkvM1pLK1kwWDhYd2Y2THY2Wkg3T1psaWhWOHo5d29wWjN2cXA1TXRTdWQ3NC91bkZLeTBlMWJiV1RXQndZS2RUMjNvSFp5K1E0ZThQRWZ1L2I2WmQ5bjcvcnpvazJkRzJVZlYrSERBM080K1RkSEc3dHF2NFV2VGNxTGFpcC9HMEFISTBUOWJLK1hPVURMSE9LZllDTHl6Ykd3L1dEc01tQUx0VjVTVUNJUENqaldVb2M0OTF3b3pmUmdrWXdiVUx2eXhrcytHZXZqUktubWc2ZlYwTFhJeWcwbW5CSXBpR0tLck4rcEY1T3JwV09VYisvc2w5eE9MIiwiZXhwIjoxNzE1MTM5Mzg4LCJpYXQiOjE3MTUxMjQ5ODh9.3XysJBBAptuWIa5DamCIF_RjiwSgET8iIKS4BcVWbmNj30tQ3ZEkpGxzi6ITIiwOFV_7hP2adweJWNdMIKknAw
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2235918160-0cca-11ef-945a-6dc9d9560782%22%7D; platform_type=desktop; auid=sv0dM2Y6uuqIW4v/AxdSAg==; SESSION=3de462c77cef1cdd4d60e050e4c5d13b; window_width=1280; _glhf=1715142750; che_g=e38fa854-3b8f-5cec-67b0-279293bd9acd; application_locale=en; sh.session.id=42399254-5fbc-45c3-bc41-9ac675e965b8; ggru=167; _ga_7JGWL9SV66=GS1.1.1715124988.1.0.1715124988.60.0.0; _ga=GA1.1.1102082266.1715124988; che_i=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:48 GMT
content-type: application/json; charset=utf-8
content-length: 2610
cache-control: public, max-age=5
content-encoding: br
last-modified: Tue, 07 May 2024 23:36:43 GMT
vary: Accept-Encoding
x-time-ng: 0.009
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2

1xlite-461430.top/service-api/LiveFeed/GetTopGamesStatZip?lng=en&antisports=66

178.253.29.51

200 OK

2.5 kB

URL GET HTTP/2
1xlite-461430.top/service-api/LiveFeed/GetTopGamesStatZip?lng=en&antisports=66
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
2.5 kB (2517 bytes)
Hash
344d0c75510b3555b7ae13332833a13b
08637ba7fe8e762aff7014f4c3543e57012e3fd0
8918d952b66581da7d9aee2339a1c18ca9a209614c02924234a7c61cd367a573

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/GetTopGamesStatZip?lng=en&antisports=66 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiUXVPajcvVWVWWXBiTXNPNHZhb05ERnJuQnp6ZEx4T2FpbW8vTk1oazQ3eHRQMkwvU2k4NHkvM1pLK1kwWDhYd2Y2THY2Wkg3T1psaWhWOHo5d29wWjN2cXA1TXRTdWQ3NC91bkZLeTBlMWJiV1RXQndZS2RUMjNvSFp5K1E0ZThQRWZ1L2I2WmQ5bjcvcnpvazJkRzJVZlYrSERBM080K1RkSEc3dHF2NFV2VGNxTGFpcC9HMEFISTBUOWJLK1hPVURMSE9LZllDTHl6Ykd3L1dEc01tQUx0VjVTVUNJUENqaldVb2M0OTF3b3pmUmdrWXdiVUx2eXhrcytHZXZqUktubWc2ZlYwTFhJeWcwbW5CSXBpR0tLck4rcEY1T3JwV09VYisvc2w5eE9MIiwiZXhwIjoxNzE1MTM5Mzg4LCJpYXQiOjE3MTUxMjQ5ODh9.3XysJBBAptuWIa5DamCIF_RjiwSgET8iIKS4BcVWbmNj30tQ3ZEkpGxzi6ITIiwOFV_7hP2adweJWNdMIKknAw
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2235918160-0cca-11ef-945a-6dc9d9560782%22%7D; platform_type=desktop; auid=sv0dM2Y6uuqIW4v/AxdSAg==; SESSION=3de462c77cef1cdd4d60e050e4c5d13b; window_width=1280; _glhf=1715142750; che_g=e38fa854-3b8f-5cec-67b0-279293bd9acd; application_locale=en; sh.session.id=42399254-5fbc-45c3-bc41-9ac675e965b8; ggru=167; _ga_7JGWL9SV66=GS1.1.1715124988.1.0.1715124988.60.0.0; _ga=GA1.1.1102082266.1715124988; che_i=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:49 GMT
content-type: application/json; charset=utf-8
content-length: 2517
cache-control: public, max-age=5
content-encoding: br
last-modified: Tue, 07 May 2024 23:36:49 GMT
vary: Accept-Encoding
x-time-ng: 0.004
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.012
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/RegistrationWidgetApp-4b1f6e54.js

185.244.209.62

200 OK

76 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/RegistrationWidgetApp-4b1f6e54.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
76 kB (76464 bytes)
Hash
05e740893c07a5cc45b5f0f2d787dbf5
28c364157e02ce207609bca53064a4b513e8bda7
a2af38a1cec7178448ce8d1aee99190b643f50894d3d05cac2e5234caeac8e5e

HTTP Headers

GET /_nuxt/desktop/default/vendors/RegistrationWidgetApp-4b1f6e54.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:13 GMT
content-type: application/javascript; charset=utf-8
content-length: 20768
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-5120"
content-encoding: gzip
expires: Tue, 07 May 2024 14:32:16 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-301fc01d4e2d1118cf2e0e8147fd2a99-8efbb26c557e78de-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T14:32:16+00:00, 2024-05-07T16:46:08+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/betstemplates/bets_model_full_en_0.json

185.244.209.62

200 OK

22 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/betstemplates/bets_model_full_en_0.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type

Size
22 kB (22195 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /genfiles/cms/betstemplates/bets_model_full_en_0.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:16 GMT
content-type: application/json
last-modified: Thu, 02 May 2024 09:18:58 GMT
etag: W/"65c4f8441dea9f78c50a9fc7029f9193"
content-encoding: gzip
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-2293f817932e5ac6ba834a38e2b908fe-76f5c03ef78ff727-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-02T10:43:17+00:00, 2024-05-07T23:08:00+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/10523.webp

185.244.209.62

200 OK

726 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/10523.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
726 B (726 bytes)
Hash
f8f5bf05740247e593baa14017f0a51d
fe6e82da280c54b2209b6f90f0ed9d74de747fdb
113acc78e59be0a662bd8b609d02f968fbb1abba91700d357240e45aeb4a78b7

HTTP Headers

GET /resized/size16/sfiles/logo_teams/10523.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:20 GMT
content-type: image/webp
content-length: 726
cache-control: max-age=94608000
content-disposition: inline; filename="10523.webp"
content-security-policy: script-src 'none'
expires: Fri, 07 May 2027 10:40:01 GMT
x-request-id: 21262f12af727955d198abc25ee9ebbe
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-7f0ceb8178f9298d5c92dd94ceabc7e8-716d4fa6db461039-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T10:40:01+00:00, 2024-05-07T10:40:07+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/web-api/default/img/icons/pixels2.svg?v=1715124980

178.253.29.51

200 OK

90 B

URL GET HTTP/2
1xlite-461430.top/web-api/default/img/icons/pixels2.svg?v=1715124980
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
PNG image data, 1 x 1, 8-bit/color RGB, non-interlaced
Size
90 B (90 bytes)
Hash
e45f90dcbe718dea3476c4b69b501a4e
e9af26a93c467a77e4733ec537f4f5ce7a4ba089
a439dd8761d9fd4ff88e82e83200877703594491065880dbd4e59ddf4ce1b204

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /web-api/default/img/icons/pixels2.svg?v=1715124980 HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2235918160-0cca-11ef-945a-6dc9d9560782%22%7D; platform_type=desktop; auid=sv0dM2Y6uuqIW4v/AxdSAg==; SESSION=3de462c77cef1cdd4d60e050e4c5d13b; window_width=1280; _glhf=1715142750; che_g=e38fa854-3b8f-5cec-67b0-279293bd9acd; application_locale=en; sh.session.id=42399254-5fbc-45c3-bc41-9ac675e965b8; ggru=167
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:20 GMT
content-type: image/png
cache-control: no-cache, private
server-timing: p;dur=14, dt_total;dur=15.086, wf-uht;dur=0.027
traceparent: 00-d798bbcacb1afb1c0bf74403d08188b7-aee6b15797dd7604-01
x-dt: 285
x-time-ng: 0.015
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/banner/37725dd3160e2621f084de11d4417228.webp

185.244.209.62

200 OK

18 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1/desktop/banner/37725dd3160e2621f084de11d4417228.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1380x248, Scaling: [none]x[none], YUV color, decoders should clamp
Size
18 kB (17490 bytes)
Hash
b7e3857cdc8cbde71f63af81a61f5cfb
deeb62ea6e9b702bb9e3f395483c3c00445adcf8
786e67817e82780aaeb0d2bca1e57e06fff5ae9fa89b2747b1af57913886e25f

HTTP Headers

GET /genfiles/cms/1/desktop/banner/37725dd3160e2621f084de11d4417228.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:22 GMT
content-type: image/webp
content-length: 17490
last-modified: Wed, 21 Jun 2023 09:54:55 GMT
etag: "b7e3857cdc8cbde71f63af81a61f5cfb"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-6a0dfdeaa815fcde0f247d7c04991ead-7aec8ea7f18f1c5f-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-02-27T15:26:35+00:00, 2024-05-07T23:36:19+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/d492f4568b81.js

185.244.209.62

200 OK

1.4 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/d492f4568b81.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (1424), with no line terminators
Size
1.4 kB (1413 bytes)
Hash
7d1f3b129b89a981300b50d0cef52e44
d7e0c099325d4b1dd8e1bd56a05807c312c52633
77040a8b5997e69f1b5794f46817b3354099cb3e0d19548a53e1e25e2773cb2e

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/d492f4568b81.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:22 GMT
content-type: text/javascript; charset=utf-8
last-modified: Wed, 01 May 2024 08:21:42 GMT
etag: W/"1ca49088b69c49762c2b4dab10ebe060"
x-amz-meta-mtime: 1714551564.675873475
content-encoding: gzip
expires: Thu, 02 May 2024 15:20:56 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-a4b8ad5c0222b1c5f7817eb49cfad275-23bfe8ebd6d5783d-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-01T15:20:56+00:00, 2024-05-07T17:01:38+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/170573.webp

185.244.209.62

200 OK

806 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/170573.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
806 B (806 bytes)
Hash
7f6fd1973cd26ad7dae14e18868fb987
3af2ffd6cbe8128021c37a9fef32e5eefe496768
9665116f2fc2fc1e749381d49a9c104aa5bdc5d2713954de4e140dc066cc3331

HTTP Headers

GET /resized/size16/sfiles/logo_teams/170573.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:19 GMT
content-type: image/webp
content-length: 806
cache-control: max-age=94608000
content-disposition: inline; filename="170573.webp"
content-security-policy: script-src 'none'
expires: Thu, 06 May 2027 05:42:32 GMT
x-request-id: 771e9befa646812621b726e8c76b8718
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-ca40699f23ca6dbf69866381271fdc17-d2cf58358d1703a8-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T05:42:32+00:00, 2024-05-06T16:53:40+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

widget.suphelper.top/injector.js

172.64.148.184

200 OK

208 kB

URL GET HTTP/2
widget.suphelper.top/injector.js
IP
172.64.148.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type

Size
208 kB (208506 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /injector.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 23:36:14 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=14400
last-modified: Thu, 02 May 2024 07:01:48 GMT
etag: W/"32e7a-18f381bf77a"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 3
expires: Wed, 08 May 2024 03:36:14 GMT
server: cloudflare
cf-ray: 880507f0cec3b50c-OSL
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/5e0dc9f15b39.js

185.244.209.62

200 OK

53 B

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/5e0dc9f15b39.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
53 B (53 bytes)
Hash
c10595a768ce387c9ffc91fe3b1603fa
2d2c108cbf39742e7e56d98cda09d86f244b66c5
12989c5be25b32ca465df0ea9b73f585ce80a006b8c34973f3c1159697b24692

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/5e0dc9f15b39.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:21 GMT
content-type: text/javascript; charset=utf-8
content-length: 53
last-modified: Wed, 01 May 2024 08:21:41 GMT
etag: "bb7e15ec1662efa164ad912bd1c65e19"
x-amz-meta-mtime: 1714551564.671873539
expires: Thu, 02 May 2024 21:01:37 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-ef22a8b778e356a6b1c11f6269cd4070-3263c245db938bfc-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-01T21:01:37+00:00, 2024-05-07T15:30:07+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/hd-api/external/api/web/v1/converslon/load

178.253.29.51

200 OK

36 kB

URL GET HTTP/2
1xlite-461430.top/hd-api/external/api/web/v1/converslon/load
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
36 kB (35729 bytes)
Hash
d00a97856d4c31f8ad549d75aea63a7d
1a949fedfda666492048ed7a6ce8b3af57a22982
3b22673200f103724448e4503d683d81d701a8d9a9deb79a447d1cf31ea49835

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hd-api/external/api/web/v1/converslon/load HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2235918160-0cca-11ef-945a-6dc9d9560782%22%7D; platform_type=desktop; auid=sv0dM2Y6uuqIW4v/AxdSAg==; SESSION=3de462c77cef1cdd4d60e050e4c5d13b; window_width=1280; _glhf=1715142750; che_g=e38fa854-3b8f-5cec-67b0-279293bd9acd; application_locale=en; sh.session.id=42399254-5fbc-45c3-bc41-9ac675e965b8; ggru=167
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:22 GMT
content-type: application/json
content-encoding: gzip
traceparent: 00-c1e20dc11c2814c8ee0e636037351750-584ec21e019de379-01
vary: Accept-Encoding
x-dt: 285
x-request-guid: 8dd959d6af5b3c3a9a2a362bdf444a07
x-time-ng: 0.007
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=7.277, wf-uht;dur=0.016
X-Firefox-Spdy: h2

v3.traincdn.com/sys-icons/1.0.328/285/sports.svg

185.244.209.62

200 OK

378 kB

URL GET HTTP/2
v3.traincdn.com/sys-icons/1.0.328/285/sports.svg
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
378 kB (378005 bytes)
Hash
0c52e0c32f8f2667a72e0d57b63e02a3
a0fb81e89f2510e228c1298f2d107f5672c0a03d
ed4dcc337364c73f4382c79e759156e064823c54a2f78d2747bafd87d41abe73

HTTP Headers

GET /sys-icons/1.0.328/285/sports.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:15 GMT
content-type: image/svg+xml
last-modified: Mon, 15 Apr 2024 07:13:32 GMT
etag: W/"0c52e0c32f8f2667a72e0d57b63e02a3"
x-amz-meta-mtime: 1713165210.217888091
content-encoding: gzip
expires: Tue, 23 Apr 2024 10:38:02 GMT
cache-control: max-age=86400
x-time-ng: 0.004
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-24cf761dcbd42cd9e54b9ffb8a05c73d-b84d336d744f4950-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-22T10:38:02+00:00, 2024-05-07T14:01:00+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/81.9c6562bba5669b47.js

172.64.148.184

200 OK

37 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/chunks/81.9c6562bba5669b47.js
IP
172.64.148.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
JavaScript source, ASCII text, with very long lines (36674), with no line terminators
Size
37 kB (36674 bytes)
Hash
6782c8abf3d14391f6ed5c805a973cf5
a08b255c0084e14d74199f5af64522ffaba14486
88331f3bf38157ecb0e64f22c08a582384dc74c8bae09d9f78b9eab5fe82cfa3

HTTP Headers

GET /_next/static/chunks/81.9c6562bba5669b47.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 23:36:18 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Mon, 22 Jan 2024 07:49:06 GMT
etag: W/"8f42-18d3024f9c4"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 630966
expires: Wed, 07 May 2025 23:36:18 GMT
server: cloudflare
cf-ray: 8805080b5d9cb50c-OSL
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/shared-assets/__shared_chunk_Y7BFQXXC.js

185.244.209.62

200 OK

1.0 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/shared-assets/__shared_chunk_Y7BFQXXC.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (1036), with no line terminators
Size
1.0 kB (1025 bytes)
Hash
305de1535e3f2a45efa2f1dd096f496e
9fd79178b39d8a196f9f3640758cc5285f5914fd
9b0fc84933536e9c4ca4b8013f656f393c6073e746901340133cbc11059aec46

HTTP Headers

GET /sys-static/shared-assets/__shared_chunk_Y7BFQXXC.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:19 GMT
content-type: text/javascript; charset=utf-8
last-modified: Tue, 07 May 2024 09:11:40 GMT
etag: W/"8fecd56fc5520134f3c39b17431fe0c2"
x-amz-meta-mtime: 1715072814.257664589
content-encoding: gzip
expires: Wed, 08 May 2024 15:18:05 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-7be291e2a3b6228bdb111ec6636adcbc-9f50da3e6648f6d4-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T15:18:05+00:00, 2024-05-07T15:58:34+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/bb0b3a3a3b37f8d7628aea1b819e56b7.webp

185.244.209.62

200 OK

834 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/bb0b3a3a3b37f8d7628aea1b819e56b7.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
834 B (834 bytes)
Hash
8d9248d789757f05d46dd9f5409ba82c
507fa9b5390b5b6656909684668862bce2c3243b
bae288987ced01dfe4db43704d821eb82bfbd5e9018414d69ceecae2dc8a73f0

HTTP Headers

GET /resized/size16/sfiles/logo_teams/bb0b3a3a3b37f8d7628aea1b819e56b7.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:20 GMT
content-type: image/webp
content-length: 834
cache-control: max-age=94608000
content-disposition: inline; filename="bb0b3a3a3b37f8d7628aea1b819e56b7.webp"
content-security-policy: script-src 'none'
expires: Fri, 07 May 2027 10:33:57 GMT
x-request-id: 6d7d0d06c78b07315227660f43dc52ee
x-time-ng: 0.081
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-e6f1b599859e39f0e0d6290475cb8574-f5d55d0abb29a9c7-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T10:33:57+00:00, 2024-05-07T21:38:43+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/03e03ebafcdc.js

185.244.209.62

200 OK

372 B

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/03e03ebafcdc.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (379), with no line terminators
Size
372 B (372 bytes)
Hash
b0cb2446d2b33b4a84e6120d6557698d
0bf847d57b404438c15ebc88937375f2b91e7784
54a1297bd1f016a3ec3c2487e61b2eeefde2baf2cb8969362a8a610c134b7f04

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/03e03ebafcdc.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:22 GMT
content-type: text/javascript; charset=utf-8
content-length: 372
last-modified: Wed, 01 May 2024 08:21:41 GMT
etag: "441a6448f5a4242779baf6fc1399b13e"
x-amz-meta-mtime: 1714551564.667873602
expires: Thu, 02 May 2024 15:20:56 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-c84306db02904b2a5d6eb648ab8c5641-5da23b5c20a822fd-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-01T15:20:56+00:00, 2024-05-07T17:01:38+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/genfiles/cms/desktop/contact/86f18367ce2829388dcdabccb99b1740.svg

178.253.29.51

200 OK

263 B

URL GET HTTP/2
1xlite-461430.top/genfiles/cms/desktop/contact/86f18367ce2829388dcdabccb99b1740.svg
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
SVG Scalable Vector Graphics image
Size
263 B (263 bytes)
Hash
dbc38523726c88d79a0dcc19839a6905
5244c0aeaf9bbffb286ca9156844c4a509a5585a
6711e073efb320b48b648ac5e2e30e88c93829d80ed571b4d3c92cf4e56e4fa4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/desktop/contact/86f18367ce2829388dcdabccb99b1740.svg HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2235918160-0cca-11ef-945a-6dc9d9560782%22%7D; platform_type=desktop; auid=sv0dM2Y6uuqIW4v/AxdSAg==; SESSION=3de462c77cef1cdd4d60e050e4c5d13b; window_width=1280
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:14 GMT
content-type: image/svg+xml
content-length: 263
last-modified: Fri, 23 Feb 2024 10:01:24 GMT
etag: "28e2c161800b61b985a163f5c492ae51"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
accept-ranges: bytes
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/1dd26dd38397e49c19599aa888332970.webp

185.244.209.62

200 OK

770 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/1dd26dd38397e49c19599aa888332970.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
770 B (770 bytes)
Hash
78fe613825c4d46b9949b854d411a142
b6ca2eb698fb733c1b68c69d482b26dd3cb81d0f
713cddb4072d5b34affd81ea2d0147201d0b10e03cd155394733f764c14509a4

HTTP Headers

GET /resized/size16/sfiles/logo_teams/1dd26dd38397e49c19599aa888332970.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:20 GMT
content-type: image/webp
content-length: 770
cache-control: max-age=94608000
content-disposition: inline; filename="1dd26dd38397e49c19599aa888332970.webp"
content-security-policy: script-src 'none'
expires: Fri, 07 May 2027 12:28:15 GMT
x-request-id: 919e6c4628814ae9a1a7adad1f67de3b
x-time-ng: 0.042
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-b224dca1d3c203c9d380b0020a4b13f0-7c5e886786105a60-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T12:28:15+00:00, 2024-05-07T21:38:43+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/517959.webp

185.244.209.62

200 OK

714 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/517959.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
714 B (714 bytes)
Hash
84496409511a0d89101f63050ad2b9a5
1f7eaf5a3c3143aa3de417af2afcdd2d636c6eea
834f5b5e93aa11791674bdefe6b6876003d19f1855148e62ac2eeb4e6656219c

HTTP Headers

GET /resized/size16/sfiles/logo_teams/517959.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:19 GMT
content-type: image/webp
content-length: 714
cache-control: max-age=94608000
content-disposition: inline; filename="517959.webp"
content-security-policy: script-src 'none'
expires: Thu, 25 Mar 2027 13:45:45 GMT
x-request-id: 3cfb88715f31d0889c78c85b5546b9e3
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-c1de719c9158e10e6428c5d2cf784386-ce227d09d83ea011-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-03-25T13:45:45+00:00, 2024-04-06T11:11:46+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/banner/d94c9b1508a286d270c77946ff0972fa.webp

185.244.209.62

200 OK

15 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1/desktop/banner/d94c9b1508a286d270c77946ff0972fa.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1380x248, Scaling: [none]x[none], YUV color, decoders should clamp
Size
15 kB (14610 bytes)
Hash
2ccdf625b855ce93bc9b56a671accd6e
bc8f3a791f6251b714bafad614d15c477ba428e4
c5012a832581da604a5c57e8f822008f749fe484c6d24127ca91232af71169cd

HTTP Headers

GET /genfiles/cms/1/desktop/banner/d94c9b1508a286d270c77946ff0972fa.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:22 GMT
content-type: image/webp
content-length: 14610
last-modified: Thu, 08 Jun 2023 09:20:03 GMT
etag: "2ccdf625b855ce93bc9b56a671accd6e"
x-time-ng: 0.002
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-3fe648bd0255c90afaee2fa235df4e61-d46d0eb993cc6282-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-02-27T14:22:50+00:00, 2024-05-07T23:36:19+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/c7de6303dfb7.js

185.244.209.62

200 OK

424 B

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/c7de6303dfb7.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (441), with no line terminators
Size
424 B (424 bytes)
Hash
f911ee0234277e327d2c022f302a7c00
8bb8735151af34da1b8b5535d8edba40ef651880
8d6afd5d1b2268065bd9d67a99b954636dc4fb05939280c2a32738040f8fb0e5

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/c7de6303dfb7.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:22 GMT
content-type: text/javascript; charset=utf-8
content-length: 424
last-modified: Wed, 01 May 2024 08:21:42 GMT
etag: "33e7498a57ccd45d4321735d481a7313"
x-amz-meta-mtime: 1714551564.675873475
expires: Thu, 02 May 2024 15:20:56 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-40cb481cb82f7c98050acb2728e468e8-52a2b3e0f306abbd-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-01T15:20:56+00:00, 2024-05-07T17:01:39+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/cd57c0a6e95b.js

185.244.209.62

200 OK

1.5 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/cd57c0a6e95b.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (1556), with no line terminators
Size
1.5 kB (1523 bytes)
Hash
f529b1afc14b34e1b3b812eb2fd441b9
672dcf7de24cf68221a7f5f06b1b1f5bb26103a1
1c2c2b40817ddff58ba225714952c7db06b82037f53fac6053b1732f808a38d4

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/cd57c0a6e95b.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:22 GMT
content-type: text/javascript; charset=utf-8
last-modified: Wed, 01 May 2024 08:21:42 GMT
etag: W/"76cb7b38bd7dd009e525ca10453839cd"
x-amz-meta-mtime: 1714551564.675873475
content-encoding: gzip
expires: Thu, 02 May 2024 15:20:56 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-65c4383139eca8f5a1905b2a6eeb6d85-bde273f90b3b93eb-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-01T15:20:56+00:00, 2024-05-07T17:01:39+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/0e3e1e8d.css

185.244.209.62

200 OK

5.6 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/0e3e1e8d.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (5638), with no line terminators
Size
5.6 kB (5638 bytes)
Hash
be85f100312ee4f9396b6e89cbcb0fef
3934783d38d182ddcaccfdedbbe4fb65c266864c
06a9b859f60f7872c7beaa8286d3c1f45708dd0e1dee20f4c0d55c8719cc2983

HTTP Headers

GET /_nuxt/desktop/default/css/0e3e1e8d.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:14 GMT
content-type: text/css
content-length: 1193
last-modified: Mon, 06 May 2024 10:23:05 GMT
etag: "6638af89-4a9"
content-encoding: gzip
expires: Tue, 07 May 2024 12:28:47 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-e0407645a91a91f9a5a724e428d54ea4-563c5ff1bf9fdf99-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-06T12:28:47+00:00, 2024-05-07T15:29:48+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

radar.cedexis.com/1/23802/radar.js

45.54.49.5

302 Moved Temporarily

390 B

URL GET HTTP/1.1
radar.cedexis.com/1/23802/radar.js
IP
45.54.49.5:443
ASN
#63911 NetActuate, Inc

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerDigiCert Inc
Subjectradar.cedexis.com
Fingerprint33:58:79:8E:87:A5:C3:05:CA:E2:82:50:61:CF:72:83:BD:64:80:C1
ValidityFri, 29 Mar 2024 00:00:00 GMT - Fri, 28 Mar 2025 23:59:59 GMT

File type

Size
390 B (390 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /1/23802/radar.js HTTP/1.1
Host: radar.cedexis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Tue, 07 May 2024 23:36:27 GMT
Content-Type: text/html
Content-Length: 154
Connection: keep-alive
Location: /1707728419/stub.js
Expires: Tue, 07 May 2024 23:46:27 GMT
Cache-Control: max-age=600
Vary: User-Agent,DNT

v3.traincdn.com/sys-icons/1.0.328/285/logos.svg

185.244.209.62

200 OK

43 kB

URL GET HTTP/2
v3.traincdn.com/sys-icons/1.0.328/285/logos.svg
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
43 kB (42787 bytes)
Hash
c45fb3adb3e47bdbd03c88fc4c4309aa
9ce991739a2879970ba12baf56108c8fcdefefb1
61d5aead50750c6e8a7bfde801abbf6f4ab75e387fdcc748ec6784e219e4d727

HTTP Headers

GET /sys-icons/1.0.328/285/logos.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:14 GMT
content-type: image/svg+xml
last-modified: Mon, 15 Apr 2024 07:13:32 GMT
etag: W/"c45fb3adb3e47bdbd03c88fc4c4309aa"
x-amz-meta-mtime: 1713165210.217888091
content-encoding: gzip
expires: Tue, 23 Apr 2024 10:38:05 GMT
cache-control: max-age=86400
x-time-ng: 0.003
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-7d40a59f81dbc39b74e790190614940f-9e6b57186d7b1010-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-22T10:38:05+00:00, 2024-05-07T12:12:51+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/2c4bdd620ac9.js

185.244.209.62

200 OK

6.7 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/2c4bdd620ac9.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (6727), with no line terminators
Size
6.7 kB (6662 bytes)
Hash
ed2a8d5d1ad99dc79beac3c3a26c21fd
a3befe6e70a97754d0feba8b38fe61aef19e5c2a
402c810bef353caeea78ee1634c4e20d3bba8aba317c29f69d856d3e326ee628

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/2c4bdd620ac9.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:22 GMT
content-type: text/javascript; charset=utf-8
last-modified: Wed, 01 May 2024 08:21:41 GMT
etag: W/"db345f9ab9f4b60494ed02dd78f38d79"
x-amz-meta-mtime: 1714551564.667873602
content-encoding: gzip
expires: Thu, 02 May 2024 15:20:56 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-8b604a0b8b2dfe504760d981ca2b5b0b-1b2a08de4c43a2b1-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-01T15:20:56+00:00, 2024-05-07T17:01:38+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

widget.suphelper.top/sounds/new-message.mp3

172.64.148.184

200 OK

30 kB

URL GET HTTP/2
widget.suphelper.top/sounds/new-message.mp3
IP
172.64.148.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
MPEG ADTS, layer III, v1, 192 kbps, 48 kHz, JntStereo
Size
30 kB (29952 bytes)
Hash
ef9af24dc7dbd24ffd99c832e1300351
f78744a5013038446c468de14f205f2d52373fd6
5049d7fe87a7327a291441181d1a328a15f46a21081b970502c540406011c9b9

HTTP Headers

GET /sounds/new-message.mp3 HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 23:36:18 GMT
content-type: audio/mpeg
content-length: 29952
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=14400
last-modified: Thu, 02 May 2024 07:01:48 GMT
etag: W/"7500-18f381bf786"
cf-cache-status: HIT
age: 2633
expires: Wed, 08 May 2024 03:36:18 GMT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8805080bee04b50c-OSL
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size14/sfiles/logo_teams/237d7df8d263bc2787c001ed1c4152b8.webp

185.244.209.62

200 OK

692 B

URL GET HTTP/2
v3.traincdn.com/resized/size14/sfiles/logo_teams/237d7df8d263bc2787c001ed1c4152b8.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
692 B (692 bytes)
Hash
72bb8b000e207646bf5a5347889a0959
ead5d9b37c70bba75c3fe7ea1139e0013ce8667e
ff09222d9e52d71fdca07ff53969c83df7c3f87fec9e25d5e4bc907ef4903236

HTTP Headers

GET /resized/size14/sfiles/logo_teams/237d7df8d263bc2787c001ed1c4152b8.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:18 GMT
content-type: image/webp
content-length: 692
cache-control: max-age=94608000
content-disposition: inline; filename="237d7df8d263bc2787c001ed1c4152b8.webp"
content-security-policy: script-src 'none'
expires: Thu, 11 Mar 2027 12:58:35 GMT
x-request-id: ff57feb23cd885d4c4cda58a20cd0cd0
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-a8396fef60cefa51935bfd008332944f-f78366e1698f1f39-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-03-11T12:58:35+00:00, 2024-05-06T20:25:19+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/shared-assets/__shared_chunk_M4D4AAJL.js

185.244.209.62

200 OK

101 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/shared-assets/__shared_chunk_M4D4AAJL.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (35828)
Size
101 kB (100701 bytes)
Hash
51ddc52774f4e5bd6a6f1c22e9d19674
374c2fbb2b68ad9c28898dfe60da3fd828ccf7c4
642e66ee14ca90b6ff8f91fbfdce400c6834a037dee18a60a72922ea727bb442

HTTP Headers

GET /sys-static/shared-assets/__shared_chunk_M4D4AAJL.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:20 GMT
content-type: text/javascript; charset=utf-8
last-modified: Mon, 06 May 2024 13:05:33 GMT
etag: W/"51ddc52774f4e5bd6a6f1c22e9d19674"
x-amz-meta-mtime: 1715000580.87646382
content-encoding: gzip
expires: Wed, 08 May 2024 12:42:07 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-c2e8c408d0f677b28d3a6dd2abbc2725-61de7f37337b1974-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-07T12:42:07+00:00, 2024-05-07T12:51:04+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size24/sfiles/logo_teams/65e3e972954419765c3ce21698edf6cb.webp

185.244.209.62

200 OK

1.2 kB

URL GET HTTP/2
v3.traincdn.com/resized/size24/sfiles/logo_teams/65e3e972954419765c3ce21698edf6cb.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
1.2 kB (1196 bytes)
Hash
49db5443e120a9653d4ee999dc9686df
57bc47853935972be400e9c1acc85b314bb161d0
d8fcbb9d7583b0932233a931a67a727a86e117defb0269cdbd59a9d91e45d5ca

HTTP Headers

GET /resized/size24/sfiles/logo_teams/65e3e972954419765c3ce21698edf6cb.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:22 GMT
content-type: image/webp
content-length: 1196
cache-control: max-age=94608000
content-disposition: inline; filename="65e3e972954419765c3ce21698edf6cb.webp"
content-security-policy: script-src 'none'
expires: Wed, 05 May 2027 12:37:08 GMT
x-request-id: a4c1423183e5856b35fd59765a3567e5
x-time-ng: 0.040
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-f9549a8a1f0149cef8bcf797f513a6f9-ed88b1d3aee5710d-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-05T12:37:08+00:00, 2024-05-07T14:44:43+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-461430.top/paysystems/information/systems?lang=en&ref_id=1&geo=NO

178.253.29.51

200 OK

27 kB

URL GET HTTP/2
1xlite-461430.top/paysystems/information/systems?lang=en&ref_id=1&geo=NO
IP
178.253.29.51:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerLet's Encrypt
Subject1xlite-461430.top
FingerprintF3:86:6D:55:32:E5:0A:B1:0E:8B:AB:CE:2B:67:CF:DF:92:2D:F2:91
ValidityTue, 26 Mar 2024 09:15:23 GMT - Mon, 24 Jun 2024 09:15:22 GMT

File type
JSON text data
Size
27 kB (26865 bytes)
Hash
b37f7c2a19f7e14b5b834ec5532af277
473d039dc440744109c049a49da67a08e7157cbe
269006ae20bef66e40b26843e6e400dab00f45c297ea9a50ce467a2b9d3694bb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /paysystems/information/systems?lang=en&ref_id=1&geo=NO HTTP/1.1
Host: 1xlite-461430.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-461430.top/en?tag=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder; postback_watcher=%7B%22tag%22%3A%22s_42282m_355c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5Digetp25b33b2e8d_d27775_l109266_clickunder%22%2C%22pb%22%3A%22faaf2011d3a14c35b9037a1c1a40940b%22%2C%22click_id%22%3A%2235918160-0cca-11ef-945a-6dc9d9560782%22%7D; platform_type=desktop; auid=sv0dM2Y6uuqIW4v/AxdSAg==; SESSION=3de462c77cef1cdd4d60e050e4c5d13b; window_width=1280
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:14 GMT
content-type: application/json
cache-control: max-age=0, must-revalidate, private
content-encoding: br
expires: Tue, 07 May 2024 23:36:14 GMT
set-cookie: application_locale=en; expires=Thu, 06 Jun 2024 23:36:14 GMT; Max-Age=2592000; path=/; secure; samesite=lax
traceparent: 00-8ac0997c77d7cd5801c4a0172acd2708-08e325a284328c03-01
vary: Accept-Encoding
x-dt: 285
x-time-ng: 0.244, 0.246
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=246.765, wf-uht;dur=0.254
X-Firefox-Spdy: h2

v3.traincdn.com/sys-icons/1.0.328/285/coloredSvg.svg

185.244.209.62

200 OK

75 kB

URL GET HTTP/2
v3.traincdn.com/sys-icons/1.0.328/285/coloredSvg.svg
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
75 kB (74830 bytes)
Hash
fd241a06afa4bae60c4bbab7fa1a9a5b
1716e53300c5e6d6863927d2a2bac373c89a35bd
713fe337ae15db05269c2db25a6f3045800c812320eb439b2000558041df2bcc

HTTP Headers

GET /sys-icons/1.0.328/285/coloredSvg.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:16 GMT
content-type: image/svg+xml
last-modified: Mon, 15 Apr 2024 07:13:32 GMT
etag: W/"fd241a06afa4bae60c4bbab7fa1a9a5b"
x-amz-meta-mtime: 1713165210.217888091
content-encoding: gzip
expires: Tue, 23 Apr 2024 10:38:11 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-bc636dbd777d221ff54c6db98ef0a96e-065b48f4c434f252-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-22T10:38:11+00:00, 2024-05-07T13:24:34+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/92745f711024.js

185.244.209.62

200 OK

188 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/92745f711024.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type

Size
188 kB (187646 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/92745f711024.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:21 GMT
content-type: text/javascript; charset=utf-8
last-modified: Wed, 01 May 2024 08:21:41 GMT
etag: W/"fdfc9ec2fb0c6c09b91f4d7afd8b013e"
x-amz-meta-mtime: 1714551564.671873539
content-encoding: gzip
expires: Thu, 02 May 2024 15:20:56 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-6a23b23f39e4726d47603b2801e8c494-09fa760aeb027b68-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-01T15:20:56+00:00, 2024-05-07T16:34:02+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/7c43e6fa10d0665cf556d13ff2a1906d.svg

185.244.209.62

200 OK

1.2 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/7c43e6fa10d0665cf556d13ff2a1906d.svg
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
1.2 kB (1232 bytes)
Hash
a436db0af736498349f0127d8e7fab1e
b07e2c449cf16ddb052ce40d881db13a0c890b9b
93261a519c1cea62e2c934496d5e0cbd1cbc8f65b4961811316e55d9e7c96ede

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/7c43e6fa10d0665cf556d13ff2a1906d.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-461430.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:11 GMT
content-type: image/svg+xml
last-modified: Tue, 02 May 2023 10:06:49 GMT
etag: W/"7cca3986f7a5c4c164144ff11df71073"
content-encoding: gzip
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-0f55b15a4ae5416abd45b91363734172-37f4ebc4d125b1fe-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-01-11T08:32:05+00:00, 2024-05-07T22:53:25+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/f385e6db/_buildManifest.js

172.64.148.184

200 OK

519 B

URL GET HTTP/2
widget.suphelper.top/_next/static/f385e6db/_buildManifest.js
IP
172.64.148.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
ASCII text, with very long lines (547), with no line terminators
Size
519 B (519 bytes)
Hash
063abc9f05b28326f5878dcd728ca1f7
321099ea5d4fa6792974fd44503ffb3e75e5c5b0
73109b74c039aec5fc1e3f4e3c2e15585b1ba094f3e8291b0cd67f51b4b830c4

HTTP Headers

GET /_next/static/f385e6db/_buildManifest.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 23:36:16 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 02 May 2024 07:01:48 GMT
etag: W/"207-18f381bf92a"
vary: Accept-Encoding
cf-cache-status: HIT
age: 491320
expires: Wed, 07 May 2025 23:36:16 GMT
server: cloudflare
cf-ray: 880507fe6dd8b50c-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/7b53ac9cad2f.js

185.244.209.62

200 OK

41 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/7b53ac9cad2f.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-461430.top/en?tag=s_42282m_355c_[]MS[]null[]null[]general[]igetp25b33b2e8d_d27775_l109266_clickunder&pb=faaf2011d3a14c35b9037a1c1a40940b&click_id=35918160-0cca-11ef-945a-6dc9d9560782
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (41364)
Size
41 kB (41365 bytes)
Hash
de79bf6739658de7bc537d692f3638fe
1e7a3af0be67bc48ac8f184324daff5f1422ac26
35f8f183f2c85dfafed1127ec3f72da678b9eea861b4083672ae4580ff6a0af0

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/7b53ac9cad2f.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-461430.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 23:36:21 GMT
content-type: text/javascript; charset=utf-8
last-modified: Wed, 01 May 2024 08:21:41 GMT
etag: W/"de79bf6739658de7bc537d692f3638fe"
x-amz-meta-mtime: 1714551564.671873539
content-encoding: gzip
expires: Thu, 02 May 2024 15:20:51 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-e2fdb76594d21b1712b74d2f745da061-3a6a64a1d97bbe8e-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-05-01T15:20:51+00:00, 2024-05-07T17:01:36+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (115)

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by