Report - refpamjeql.top/L?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755

Report Overview

Submitted URL
refpamjeql.top/L?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder&site=34142&ad=22583
IP
45.135.120.31
ASN
#56630 Melbikomas UAB
Submitted
2024-04-25 23:56:20
Access
public
Website Title
1xBet ᐉ Online sports betting ᐉ 1xBet online bookmaker log in ᐉ 1xlite-660473.top
Final URL
1xlite-660473.top/en?tag=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
102

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
refpamjeql.top	73932	2019-08-22	2019-08-22	2024-03-03	574 B	908 kB	45.135.120.31
v3.traincdn.com	unknown	2022-11-10	2022-11-25	2024-04-14	93 kB	7.7 MB	185.244.209.62
widget.suphelper.top	unknown	2023-08-02	2023-10-04	2024-04-18	7.3 kB	1.4 MB	104.18.39.72
radar.cedexis.com	3035	2009-01-07	2013-11-27	2024-04-23	822 B	1.1 kB	45.54.49.5
region1.analytics.google.com	unknown	1997-09-15	2022-03-17	2024-04-24	1.0 kB	448 B	216.239.32.36
www.google.no	25607	2001-02-26	2016-04-05	2024-04-25	584 B	580 B	142.250.74.163
1xlite-660473.top	unknown	2023-08-11	2024-02-06	2024-03-26	72 kB	510 kB	178.253.29.47
www.googletagmanager.com	75	2011-11-11	2013-05-22	2024-04-25	849 B	382 kB	142.250.74.72
pp23vi1.com	unknown	2023-03-09	2023-04-06	2024-04-14	439 B	387 B	178.253.14.123

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-25	medium	1xlite-660473.top	Sinkholed
2024-04-25	medium	1xlite-660473.top	Sinkholed
2024-04-25	medium	1xlite-660473.top	Sinkholed
2024-04-25	medium	1xlite-660473.top	Sinkholed
2024-04-25	medium	1xlite-660473.top	Sinkholed
2024-04-25	medium	1xlite-660473.top	Sinkholed
2024-04-25	medium	1xlite-660473.top	Sinkholed
2024-04-25	medium	1xlite-660473.top	Sinkholed
2024-04-25	medium	1xlite-660473.top	Sinkholed
2024-04-25	medium	1xlite-660473.top	Sinkholed
2024-04-25	medium	1xlite-660473.top	Sinkholed
2024-04-25	medium	1xlite-660473.top	Sinkholed
2024-04-25	medium	1xlite-660473.top	Sinkholed
2024-04-25	medium	1xlite-660473.top	Sinkholed
2024-04-25	medium	1xlite-660473.top	Sinkholed
2024-04-25	medium	1xlite-660473.top	Sinkholed
2024-04-25	medium	1xlite-660473.top	Sinkholed
2024-04-25	medium	1xlite-660473.top	Sinkholed
2024-04-25	medium	1xlite-660473.top	Sinkholed
2024-04-25	medium	1xlite-660473.top	Sinkholed
2024-04-25	medium	1xlite-660473.top	Sinkholed
2024-04-25	medium	1xlite-660473.top	Sinkholed
2024-04-25	medium	1xlite-660473.top	Sinkholed
2024-04-25	medium	1xlite-660473.top	Sinkholed
2024-04-25	medium	1xlite-660473.top	Sinkholed
2024-04-25	medium	1xlite-660473.top	Sinkholed
2024-04-25	medium	1xlite-660473.top	Sinkholed
2024-04-25	medium	1xlite-660473.top	Sinkholed
2024-04-25	medium	1xlite-660473.top	Sinkholed
2024-04-25	medium	1xlite-660473.top	Sinkholed
2024-04-25	medium	1xlite-660473.top	Sinkholed
2024-04-25	medium	1xlite-660473.top	Sinkholed
2024-04-25	medium	1xlite-660473.top	Sinkholed
2024-04-25	medium	1xlite-660473.top	Sinkholed
2024-04-25	medium	1xlite-660473.top	Sinkholed
2024-04-25	medium	1xlite-660473.top	Sinkholed
2024-04-25	medium	1xlite-660473.top	Sinkholed
2024-04-25	medium	1xlite-660473.top	Sinkholed
2024-04-25	medium	1xlite-660473.top	Sinkholed
2024-04-25	medium	1xlite-660473.top	Sinkholed
2024-04-25	medium	1xlite-660473.top	Sinkholed
2024-04-25	medium	1xlite-660473.top	Sinkholed
2024-04-25	medium	1xlite-660473.top	Sinkholed
2024-04-25	medium	1xlite-660473.top	Sinkholed
2024-04-25	medium	1xlite-660473.top	Sinkholed
2024-04-25	medium	1xlite-660473.top	Sinkholed
2024-04-25	medium	1xlite-660473.top	Sinkholed
2024-04-25	medium	1xlite-660473.top	Sinkholed
2024-04-25	medium	1xlite-660473.top	Sinkholed
2024-04-25	medium	1xlite-660473.top	Sinkholed
2024-04-25	medium	1xlite-660473.top	Sinkholed

ThreatFox

No alerts detected

JavaScript (115)

	URL	Size	First Seen	Last Seen
	widget.suphelper.top/_next/static/chunks/main-fa1d3b21fd97b583.js	108 kB	2023-11-02	2024-05-05
Pretty URL widget.suphelper.top/_next/static/chunks/main-fa1d3b21fd97b583.js IP 104.18.39.72 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-02 21:20:57 Last Seen2024-05-05 05:13:54 Times Seen2366 Hash 83680ce862de40c43fc92e04b1ad0a3d 67eb6762545f4e1fee446794f4738d0f0577b6b4 e70f39978f08895aef6849daf891af65bff03e476eb9b1384dfb36cd4ac9fe75 Loading...

	widget.suphelper.top/_next/static/chunks/1743016e-d00d67a74426f155.js	481 kB	2024-01-20	2024-05-05
Pretty URL widget.suphelper.top/_next/static/chunks/1743016e-d00d67a74426f155.js IP 104.18.39.72 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-20 01:21:34 Last Seen2024-05-05 05:13:54 Times Seen438 Hash 46260bb46d51262abee818c0c3bcf1c6 fe3be222aec74704fad1fa2559788b1fa287094a 20700e65659e04d422580d9c792ba811b7b76de4ec1b3163c284af83bd5a7d6c Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/01023f59e318.js	372 B	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/01023f59e318.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-24 06:33:06 Last Seen2024-04-26 16:29:56 Times Seen6 Hash 95f43fd089613a8f57a2ddcbce517853 ae316accba7d55342e6287aea6e3282314e054e7 61dda30ecb2fd311698e84921bd8b28615c96fe7bd39fae2f3bbef3cb61e2b03 Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/034cd6868126.js	188 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/034cd6868126.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:10 Last Seen2024-04-26 16:29:53 Times Seen5 Hash a2bb3a4f84cc4e6bfba45a8e4c3932e1 57bf2f515613e238a1764722cc33c0047f967df9 bb68af41c9da35a2304660ed2f598a9e188a5be99c6e4cef32f52af904300a54 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/conversion-c1b13bbc.js	199 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/conversion-c1b13bbc.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:07 Last Seen2024-04-26 10:36:30 Times Seen8 Hash 770cae056135fc518ad14933ba614b1f 210efe80b13338caa77279c4f9f89359f5537baa a42fa9336cfcae84bf3d7e45164a21b51b754fcdb2ed97824d183698b3d7ed20 Loading...

	widget.suphelper.top/_next/static/chunks/framework-49f1e091cbf6b261.js	141 kB	2023-03-08	2024-05-05
Pretty URL widget.suphelper.top/_next/static/chunks/framework-49f1e091cbf6b261.js IP 104.18.39.72 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 08:26:33 Last Seen2024-05-05 05:14:03 Times Seen2362 Hash 896d1930437c1ab92b8a359c1d6fdaae 71e0e23d1af9722f356eb5d1c497d100ec8b0f7a 8c508636d885890bfb5c56bcd6dad1b8b64c498781d351b588a8de7f686774d4 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/betting.HomeSliderComponent-74faad26.js	28 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/betting.HomeSliderComponent-74faad26.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:05 Last Seen2024-04-26 10:36:34 Times Seen6 Hash 36a40a25b745631e0e28cac4083cbeac 76ad3820c008567577fec994bf3e1e7440e2e77e af4793dd4927863c6ac8d66b033d5d7efb7bfa65a967208fc1c12a07bdc64436 Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/093330da9752.js	2.6 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/093330da9752.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-24 06:33:05 Last Seen2024-04-26 16:29:53 Times Seen4 Hash e99039abd8dac007c9c64df5cbb76091 5260a25ca027038a17c24880a3b000c25ec52442 b9f8ee4db6e9c2b89249aae1c9cb0d37d536e5ee62fe36c412e7aa151ae3943f Loading...

	v3.traincdn.com/_nuxt/desktop/default/Layout.FooterComponent.Lazy/Page.Game.Project-27024645.js	20 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Layout.FooterComponent.Lazy/Page.Game.Project-27024645.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:06 Last Seen2024-04-26 10:36:34 Times Seen8 Hash b69735a0304bc0ac21b40573ee550f0b 96f237bfaac6dab3ce2595e9961762984ae1545b 5defbae69d8affe7aa3e1eda4b2f1759900c2ce35985b69928b65cdfabfc78e3 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/betting.media-969fa6be.js	56 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/betting.media-969fa6be.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:08 Last Seen2024-04-26 10:36:34 Times Seen10 Hash ed1aa306ac0483a61e03d12f0cf0c683 3688fabf92067a4cc58d87aec282cddc6a7e33f0 fdc6326914576f6b064f1b56dc5e153e8f601d12932d28cda623ea1c6670ffff Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/88071a5d390d.js	2.1 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/88071a5d390d.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-24 06:33:05 Last Seen2024-04-26 16:29:52 Times Seen4 Hash 3084b8e581d711a9e12b5519b6d0d789 fcd042cbe3059407b08d1d0eaa713633baf4b2e3 7f3f18ecfefc927e97ae5320f180c89cf2d38cdd7453b958b4d68aa77fd69e87 Loading...

	v3.traincdn.com/_nuxt/desktop/default/app-019fd1f8.js	852 kB	2024-04-25	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/app-019fd1f8.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 18:56:14 Last Seen2024-04-26 10:36:33 Times Seen8 Hash d43b77608bc8d96538ae9c273040c05f 976870970f803da08317c877884507f74612dcb0 6d2939523f88a6d4cce3fb00a10e7b0bd1a2733ba36d72ce608bdb19a287f109 Loading...

	v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.Homepage/Page.NewCyber.Cyber/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamp/Page./8c362243-c8580d37.js	20 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.Homepage/Page.NewCyber.Cyber/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamp/Page./8c362243-c8580d37.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:07 Last Seen2024-04-26 10:36:34 Times Seen6 Hash 68b0e7b36aaabe3fc4c55b9b7a99b204 8e30dc11ce9406793473bdff9aac0101f562655e 2bdec28d6e101619011e495111f672ccba2334d2f089a5a87fca2512d86d7f0c Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/betting.SportMenuApp-c04577b2.js	21 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/betting.SportMenuApp-c04577b2.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:04 Last Seen2024-04-26 10:36:34 Times Seen6 Hash 92f2228f7f2d8ea17cc1bbd2946c5235 79c8609806d6d5d95cc518023baecc8d1952e6e2 e097b717e3ae34e2ff062ec780fb4b9513f743f41ca1e0528f07361bb5dc3f48 Loading...

	www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66	318 kB	2024-04-26	2024-04-26
Pretty URL www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66 IP 142.250.74.72 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 01:56:27 Last Seen2024-04-26 01:56:27 Times Seen1 Hash b9454cd0158cd11d518239777bb56047 26d9cf033656364fc0a76fa2cb2c18b5fb0c6b55 346e360c4e73bf891792cd16ece5f938bf1d6bf0dfb9fa38c759ff99e42e65bd Loading...

	unknown	96 B	2023-12-06	2024-05-04
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-12-06 14:32:27 Last Seen2024-05-04 07:42:12 Times Seen881 Hash 94361ed86ab9b2fbb8d805c2025df46a 3f428332f7a1c7196a85c93a373a966d75708c19 eee4d228a49a86625f29410cf9a23d145e821a09cbb1f7a4d7557d206872715a Loading...

	v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main-09271208.js	235 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main-09271208.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:09 Last Seen2024-04-26 10:36:33 Times Seen6 Hash 510ed48f64189337e8de2946d86f628b c31579baef67dbaf7cc2f17bed8e2335223e3f8e a236c2dd075d9f3fb5ba4ef3dec0efe9a6e60c79520bcc589a0f233dc96e54d2 Loading...

	v3.traincdn.com/_nuxt/desktop/default/betting.media-91c67102.js	17 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/betting.media-91c67102.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:10 Last Seen2024-04-26 10:36:34 Times Seen10 Hash 9edd02014a4812685d800389066bc94b c89f400bb9b8ab7af4e7461a2d2ec002aea83bb8 23e9fe0dac6ac461e53781b9d407e7e3595eeea010fb4d6236eaa6b7699928ee Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/cae4f1b8545c.js	1.0 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/cae4f1b8545c.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-24 06:33:06 Last Seen2024-04-26 16:29:52 Times Seen4 Hash 719cfbcc9fea351eaa8e09773949ae73 4b42ab6a61b19a178b40fbda071baa8e0f95326b 9187ded9e6474f6c8dd3119814a738c1e93028800cfa81ec5e09f249150f7e55 Loading...

	unknown	34 B	2023-04-14	2024-05-05
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26:15 Last Seen2024-05-05 05:13:54 Times Seen851 Hash 7bcdb973ab8af8e24ab11cb554a1ba6e 24e8a10f240f2b06f81d7c173cd0a90606641fc1 916ec4eb9b485eb47f43a17fe212e84e4b72600b45eb6d4588599ad495a57fcd Loading...

	v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main/Page.Betting.Main.BettingLeftAside/Page.Betting.TeamGames/betting.GamesSliderApp/b/e7e00398-9123e772.js	7.6 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main/Page.Betting.Main.BettingLeftAside/Page.Betting.TeamGames/betting.GamesSliderApp/b/e7e00398-9123e772.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:08 Last Seen2024-04-26 10:36:34 Times Seen6 Hash 6799557112e6479f4840348196eed7a5 046037566d79a018ad198bef462fa51c74bbb5a4 40caffbe2d55fa120e702fc464aac54e941c61b3031f22f5792205a572ff5ac7 Loading...

	v3.traincdn.com/_nuxt/desktop/default/runtime-429a9b40.js	47 kB	2024-04-25	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/runtime-429a9b40.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 18:56:14 Last Seen2024-04-26 10:36:34 Times Seen8 Hash 98255763f3f394149bb9d0b5f43f0cf7 9f9956c07034407cf605d11bc57b37c8a928c01f 664cac2629ba11af02afaabf5b06ef2bfab319d36efdb7c6b81ade6edcffd217 Loading...

	widget.suphelper.top/injector.js	208 kB	2023-12-17	2024-05-05
Pretty URL widget.suphelper.top/injector.js IP 104.18.39.72 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-17 15:23:16 Last Seen2024-05-05 05:13:50 Times Seen929 Hash faa1c0b5a845868ac1a8071b6b87d458 71034e9bb2726a20b2afa197ff4e1b52c2ab976b d7585c13a4abd3b295a15b2bce2b2d7121a697f42ea85f89f40624ac26b075d0 Loading...

	widget.suphelper.top/_next/static/724286ac/_middlewareManifest.js	92 B	2023-03-07	2024-05-05
Pretty URL widget.suphelper.top/_next/static/724286ac/_middlewareManifest.js IP 104.18.39.72 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:01 Last Seen2024-05-05 05:13:46 Times Seen7779 Hash 7c3f7e060745668041278118c0bb3d6d e639f56695b3cc30d78dce7a0084aa8299a1311a de5341313a4dc5d982ca50ae4a491e84bc5e80b0f439d87f05fc3973c1b7e59a Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_vue_final_modal_XPPMTKII.js	25 kB	2024-04-24	2024-05-03
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_vue_final_modal_XPPMTKII.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-24 06:33:06 Last Seen2024-05-03 05:52:31 Times Seen24 Hash 701ad5a22b8ea7213a53e334d0898349 87749d947f6aa40eb671447b58261d710ec5479b 07669c2ea7c29dd69e47f5518ba73b76389f3479e19f7362b461ef0fff96c1f0 Loading...

	1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder	2.0 kB	2024-04-26	2024-04-26
Pretty URL 1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder IP 178.253.29.47 ASN #202492 Silverhill Group Holding Ltd Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-26 01:56:27 Last Seen2024-04-26 10:36:30 Times Seen2 Hash 3136cb5cf3ba8ef8c085628e19e09569 74f089819d95a5450a895bace8f4e940f24d38ee 9a94ede92564e5b5598319a71e104deebcabe6b7e354f3aaa159f3d996086104 Loading...

	v3.traincdn.com/_nuxt/desktop/default/date-fns-locale-21-1bddb75a.js	7.0 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/date-fns-locale-21-1bddb75a.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:10 Last Seen2024-04-26 10:36:34 Times Seen10 Hash 646a2b32c35fc60e6fe759e25b80b680 4bffb554df5ebcd3f96154047e39cc1efe9d4658 b8339391f1719293f8987d960120957904d99c0e4d634e48f6f16f3e2c25e812 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Cyber.Game/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboar/ff3e75d4-3bf76071.js	32 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Cyber.Game/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboar/ff3e75d4-3bf76071.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:06 Last Seen2024-04-26 10:36:34 Times Seen7 Hash 73045dab5a0f1892f4ecaa63deac81c4 53f582f313d660bcb8bc204d4b9930878f667271 3da8040fa2cbba713382129ac29b73bbd06c920cd0086fd10edad8b85c413e23 Loading...

	widget.suphelper.top/_next/static/chunks/webpack-fb94d2f19425a3e3.js	3.8 kB	2023-10-05	2024-05-05
Pretty URL widget.suphelper.top/_next/static/chunks/webpack-fb94d2f19425a3e3.js IP 104.18.39.72 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-05 09:17:37 Last Seen2024-05-05 05:13:49 Times Seen1970 Hash ba1681cca05ff7b4f8698587da76ab26 7113520b461dfcbdcbc1725a1acc6e05547bf20e bcfc83f65454f29634e61503e84d77f3fe8bc06451b90927bf842e9ad352ac64 Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_vue_deps_OVKZGHR6.js	81 kB	2024-04-25	2024-05-03
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_vue_deps_OVKZGHR6.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-25 18:56:15 Last Seen2024-05-03 05:52:32 Times Seen11 Hash 67267513246705d46a0bb83e1f8efd2a d1af6d9ad50f110bbb4bb4d75965dd939a14e15d 35acb34c3273056ead66f9ae7dc11b3c2e3bd1a4c46dc22daaa6900c150c2b2c Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/Layout.FooterComponent.Lazy-627abef7.js	30 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/Layout.FooterComponent.Lazy-627abef7.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:04 Last Seen2024-04-26 10:36:34 Times Seen8 Hash 4d2f484f3465b217acb7bc2c93924f01 f6274c5c70d187c221e04edacdc4e73bc90bae28 57931838efa5e848ac1467518ce0d43b9a11e44f53f41d0b48a8fc321ecebb7f Loading...

	widget.suphelper.top/_next/static/724286ac/_ssgManifest.js	77 B	2023-03-07	2024-05-05
Pretty URL widget.suphelper.top/_next/static/724286ac/_ssgManifest.js IP 104.18.39.72 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:02 Last Seen2024-05-05 21:08:30 Times Seen85819 Hash b6652df95db52feb4daf4eca35380933 65451d110137761b318c82d9071c042db80c4036 6f5b4aa00d2f8d6aed9935b471806bf7acef464d0c1d390260e5fe27f800c67e Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_popper_js_MO5RLEN3.js	21 kB	2024-03-23	2024-05-03
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_popper_js_MO5RLEN3.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-03-23 16:35:33 Last Seen2024-05-03 05:52:36 Times Seen30 Hash 598d5481ac96b9bf8013b0eb1413b8e5 cc7e3384da379a215ac43b2385e901e22ceb6327 1488ecc35389c72a3aa26d468420069f6b719db456ea82605762311da663b65f Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/Auth.Forms/RegistrationWidgetApp/components/userControl.auth_form_extended/registration.Main/da7322db-4c41d619.js	26 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/Auth.Forms/RegistrationWidgetApp/components/userControl.auth_form_extended/registration.Main/da7322db-4c41d619.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:04 Last Seen2024-04-26 10:36:34 Times Seen8 Hash 83575afda287eafafb4102f4463ea9a7 241502bfcd1fdaf75068e1f6497e65642ec7981d 6c7258871472c35e8d3f7f4c71550a079165d95f913297204b6746faf5f31f33 Loading...

	widget.suphelper.top/_next/static/chunks/7413e8b9-8adee4b5b5407a55.js	78 kB	2024-01-20	2024-05-05
Pretty URL widget.suphelper.top/_next/static/chunks/7413e8b9-8adee4b5b5407a55.js IP 104.18.39.72 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-20 01:21:34 Last Seen2024-05-05 05:13:46 Times Seen444 Hash dc6852529f28802d37affa5953d07260 4edd220fe8df4b009a1775ebe57f19d40999659f 4aefb18221e4fb46818b0f52302b7c7717e45701e26990726cce645d8c80ed84 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/DownloadAppWidget/modal.IplWorldInstallModal/modal.office.TwoFactorAuthEnableModal-fc97ad68.js	16 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/DownloadAppWidget/modal.IplWorldInstallModal/modal.office.TwoFactorAuthEnableModal-fc97ad68.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:04 Last Seen2024-04-26 10:36:38 Times Seen6 Hash 12c0a8a167063fa1743b27ac4e537460 a51e99cf826d86a23bf7e166f833b46b517ccdbb a49ece220afcdcf483c4b1a36e0813329c879079080cd81008709687811d1125 Loading...

	v3.traincdn.com/_nuxt/desktop/default/DownloadAppWidgetAnalytics-0a5e307c.js	416 B	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/DownloadAppWidgetAnalytics-0a5e307c.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:07 Last Seen2024-04-26 10:36:34 Times Seen5 Hash bda5f679331e3f3a71a5ab33a44cfc03 4aed09967637f2771aa64524e3b2a5a4279466f9 dce768bc7197479f989e5b23944b49c774309864a2d42f9ce0e6da3ffd54a262 Loading...

	v3.traincdn.com/_nuxt/desktop/default/betting.HomeSliderComponent-888df66d.js	24 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/betting.HomeSliderComponent-888df66d.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:05 Last Seen2024-04-26 10:36:34 Times Seen6 Hash 54be88936d941a65bd59d27f8bf96657 47a93d65c60bc45add632fcf288afff7ba6fe257 ee1dc1579a781b5d03318e39af446dfe8d2fd2c1cd6878a61882c21414d24a06 Loading...

	v3.traincdn.com/_nuxt/desktop/default/betting.CentralMenuApp-fcf94262.js	65 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/betting.CentralMenuApp-fcf94262.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:07 Last Seen2024-04-26 10:36:34 Times Seen6 Hash 0b750d1eb8ed980568c3b2783bc73abe 2f4cbcbc29cf5174e2490d0723dffd13919391a4 36844a337b242c366f594f7cd16f1505aefa8c2c38dccaf97b78eec261021312 Loading...

	v3.traincdn.com/_nuxt/desktop/default/betting.SportMenuApp-82ce6195.js	110 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/betting.SportMenuApp-82ce6195.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:09 Last Seen2024-04-26 10:36:34 Times Seen6 Hash cb65d148da616bc7624597ec1f9802da 51d8d278e180f09b548c0b123e3627840bce9244 2e27352090f3824edb7a7849a5daf063288ad34f11c710525c99b0bf1486b66f Loading...

	v3.traincdn.com/_nuxt/desktop/default/betting.SportsMenuCompact-942b40c1.js	7.8 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/betting.SportsMenuCompact-942b40c1.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:04 Last Seen2024-04-26 10:36:35 Times Seen6 Hash 232ecfa8f26b49fb3480baefeb590279 833cd5b10a0705d28a970a8bc3a3ab5c66553a84 fca603603d836bc26b0b016e308ef7a897c3109b0a2b25b9c7c87ae0c7e160a1 Loading...

	www.googletagmanager.com/gtm.js?id=GTM-KFGPRJ2V	173 kB	2024-04-26	2024-04-26
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-KFGPRJ2V IP 142.250.74.72 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 01:56:27 Last Seen2024-04-26 01:56:32 Times Seen2 Hash b891b1487647a7b5c543d54519250248 0758ea8a890cbba449c147efa2ef401928febe38 d74b699e5dae5536c155bf215c383fa22dd7ca007b2d9b87c1e302a33fc7bcc9 Loading...

	radar.cedexis.com/1/23802/radar.js	390 B	2024-02-13	2024-05-04
Pretty URL radar.cedexis.com/1/23802/radar.js IP 45.54.49.5 ASN #63911 NetActuate, Inc Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-13 14:23:26 Last Seen2024-05-04 07:42:13 Times Seen129 Hash 82dec77fd0353c7c71ce053b8601387e fbbca95419e1d0c042e0a5fdf10f380aca66188c 39f2b7b0fa78d37d0c84d2d6618bd635d86fd683d9bcdd5729850cb2a62522f7 Loading...

	v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.Homepage/Page.Betting.Main/Page.Betting.Main.Asian/Page.Betting.TeamGames/Page.New/a4ad9f6b-09f13029.js	15 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.Homepage/Page.Betting.Main/Page.Betting.Main.Asian/Page.Betting.TeamGames/Page.New/a4ad9f6b-09f13029.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:06 Last Seen2024-04-26 10:36:34 Times Seen6 Hash 73f82bd11055f942d7fdc91daeeeffe3 b105ad08a4eace9e06c2dccad185cffd174b2abb 599ee13f2007b11321a9bfaeee0b82ce9fceb73545b010019bedd35d2bdf491a Loading...

	v3.traincdn.com/_nuxt/desktop/default/Layout.FooterComponent.Lazy-9abe035a.js	28 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Layout.FooterComponent.Lazy-9abe035a.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:04 Last Seen2024-04-26 10:36:34 Times Seen8 Hash c790413a6f4ea0dbbb7278d4ba07c8e2 aeea4548ef2d3820699053c3c6b7f653703688ec a85e58d257f382c639e0f17995d19e6e55271ee366813029aa709f067bbef4a2 Loading...

	v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.Homepage-da45acc1.js	134 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.Homepage-da45acc1.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:05 Last Seen2024-04-26 10:36:34 Times Seen6 Hash cbf2424a84930767b46aa8d32382630e 237dc0de3c9db7b080424eeb69e2feb2a6d7805e 4a2f536eada6636b0d6d1747962d8aa508c88405865199c32f05cd95605bdfbb Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/d63b25015d05.js	504 B	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/d63b25015d05.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-24 06:33:06 Last Seen2024-04-26 16:29:56 Times Seen7 Hash cdd39c58f3e34ab3b3329f45f9e6199e ec9449f5d9bcf93d4353bec1ba69d01e9d36bf7a ace508d846e5384ef8bab277ab6b1ebfa8cdb6d273c9c06a507a84531fe1a7eb Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/28a6402a2a0b.js	1.5 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/28a6402a2a0b.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-24 06:33:04 Last Seen2024-04-26 16:29:52 Times Seen4 Hash 24906b7dbc572ec6dd8117e9bd9939e3 27989b50dbf07c7f51ccec91e4a4e10d00636911 225102331acf9caab141423d88edaeb0d928e8cdda1d0e521fabcccf2eca61bd Loading...

	unknown	47 B	2023-04-14	2024-05-05
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26:15 Last Seen2024-05-05 05:13:52 Times Seen840 Hash a01893d8e129ad16c1e0fc5c7537f411 0e46d1bf2718f848d9d596fa269eaedb31204772 cbe7b89533bcd75b69f3e54807308551d68242ec1761e63bee1a99fc6e560175 Loading...

	v3.traincdn.com/_nuxt/check-ob.js	211 B	2024-04-24	2024-05-04
Pretty URL v3.traincdn.com/_nuxt/check-ob.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:10 Last Seen2024-05-04 07:42:13 Times Seen88 Hash ced67278c38d1ce1297c121af69fff8a df6e1531fd84d956263b04254e6f94f5356623f4 2958134c3c00f7c6320858dd66e454c2856e4842821d3523c4cc5e44e1ec8616 Loading...

	v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside/betting.SportMenuApp-f5f00544.js	42 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside/betting.SportMenuApp-f5f00544.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:04 Last Seen2024-04-26 10:36:34 Times Seen6 Hash 09f939cf46957d82e821f8807e05968a 5e1ec26d95f29042bb2f78c902b37c44817cc109 771bb7992371b7c701a37d462456fc4529bc477b52a334c8667762ca4e5a306b Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/7bd3bc288fd4.js	450 B	2024-01-25	2024-05-03
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/7bd3bc288fd4.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-01-25 11:06:32 Last Seen2024-05-03 04:24:11 Times Seen103 Hash 056ce527a12544a37f984ac598be2344 6946b65cf1c68960e5f9ac0900a0df66a13e7e85 cd7cdf53c803ca43a37171180d14c2374e45ab347d309f9b83a107b9ad9b4ed1 Loading...

	v3.traincdn.com/_nuxt/desktop/default/Layout.SeoModule.Lazy-133d5539.js	8.0 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Layout.SeoModule.Lazy-133d5539.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:07 Last Seen2024-04-26 10:36:34 Times Seen10 Hash ceb24e94d87d9c04b6685d611e9050c1 781d9f7fb4ff0e09fa74cdcdc5b1e707a57b4539 bfc675160863b2fdb50b84830a53646a8c762836217ffc99ea6a8b5dc16cd734 Loading...

	v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.Asian-cb1300f7.js	122 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.Asian-cb1300f7.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:07 Last Seen2024-04-26 10:36:34 Times Seen6 Hash 07824180288a9c6a3276f486612df7d7 ec83f284a957114b2bf1e709b574c8bab032bf19 b89df0b5e3c1a25a67b84e7fb42719fd512dbc49a8c3dda0e7dfe786f6ee573a Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_chunk_Y7BFQXXC.js	1.0 kB	2024-03-23	2024-05-03
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_chunk_Y7BFQXXC.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-03-23 16:35:38 Last Seen2024-05-03 05:52:33 Times Seen21 Hash 8fecd56fc5520134f3c39b17431fe0c2 e0cedac030a1fcf68779a592ed9e0775beb45123 3e01dfddf1e68faa32769d615eeb0e838a29241d18a57090040c595ee05f0ba8 Loading...

	v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside-500bea4e.js	66 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside-500bea4e.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:06 Last Seen2024-04-26 10:36:34 Times Seen6 Hash 85aa5ed6fedc499534bfeb8eee571fb6 b751e2adaae96f130072f0e7eab069e15d196ec1 e5e627bc912c4a35155dec18e77f6d9bf9c211c970530570975b82c4409828f9 Loading...

	data:text/javascript,export const meta = import.meta;	32 B	2023-12-06	2024-05-04
Pretty URL data:text/javascript,export const meta = import.meta; IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-06 14:32:28 Last Seen2024-05-04 07:42:12 Times Seen881 Hash 6d772b7d405b447ecee54ab61cdd5108 dd65fb9cd5a7cb94a40fe161f4f72303a61eb3b7 b90ff694e492935b6036fb7e878d365dab51aafa46f0afb1e33414e7ecc3307b Loading...

	v3.traincdn.com/_nuxt/desktop/default/Betting.Core-3d5acad8.js	2.3 kB	2024-04-25	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Betting.Core-3d5acad8.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 18:56:14 Last Seen2024-04-26 10:36:34 Times Seen8 Hash 20dfbfd0b527a3400141072543ab8d14 8b18103124ebcc40d3817e5b0897403dd79a777d 60ad198390a8936e848b2beeb25fb8f57fdb8a9a44cae0a2b22b731e38242d95 Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/e4f5a237b491.js	41 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/e4f5a237b491.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:07 Last Seen2024-04-26 16:29:58 Times Seen6 Hash 827336e53d45532bf8abee174a7db24c 9e22ae96319fe168ee654d0b13b0ab8ee0389c9c 5d8ad0aaff4e86121999a5653478d797eb03810c582f5198c1f1ec61ccb8659a Loading...

	v3.traincdn.com/_nuxt/desktop/default/DC-5812449e.js	2.3 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/DC-5812449e.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:10 Last Seen2024-04-26 10:36:34 Times Seen10 Hash 5fd92d5e19084953d42f6435bf43dbc3 1605b683a815f82e1439bedd7f7acc9bef1d75c1 ad5547e0059467c7711c34a6627570759b87ea738c7659a3f169fe1871eb2dda Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_sweetalert2_X3CQ7PJQ.js	69 kB	2024-03-23	2024-05-03
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_sweetalert2_X3CQ7PJQ.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-03-23 16:35:38 Last Seen2024-05-03 05:52:36 Times Seen29 Hash 138de5d55ee831195dd90bbf5c557926 4413082980942643803d8d4567df2f8395c0e868 55a6d9d38b0c68a21367ae7ae43333bfa61e2eddd38b2376eb5b192f0a0383cd Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/4efc36d7a3c7.js	6.7 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/4efc36d7a3c7.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-24 06:33:05 Last Seen2024-04-26 16:29:53 Times Seen4 Hash d6054001e832a4dbc81c272445edf992 4b6a4b8581e9b4c9788ae47f6550fb107351cf21 51b421978e9f8cebb5c683e65d8987b7b8e4d6ce08180e0ea4b4eddae24a6011 Loading...

	unknown	44 B	2023-04-14	2024-05-05
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26:15 Last Seen2024-05-05 05:13:51 Times Seen840 Hash 00beb9884d0391b342eadd30744b539a 3124c0bd593822379d22f13d3e08e70a1bf5ea14 92394eec5690449a4f6cfc9a7f97497a69e926b2365cb9a9aad3507a844f835c Loading...

	v3.traincdn.com/_nuxt/desktop/default/betting.coupon2-1ecfb74c.js	1.0 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/betting.coupon2-1ecfb74c.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:07 Last Seen2024-04-26 10:36:34 Times Seen6 Hash 14565039f0ad5d77219bca259af6c150 e4a754546968a83c871aa2a5f4d88ba141a15fc6 6558d81c13b54927cf40265b22f5c1c9184571e740da752071d574092556fc90 Loading...

	widget.suphelper.top/_next/static/chunks/0c294a17-329dda05de2a378d.js	10 kB	2024-01-20	2024-05-05
Pretty URL widget.suphelper.top/_next/static/chunks/0c294a17-329dda05de2a378d.js IP 104.18.39.72 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-20 01:21:35 Last Seen2024-05-05 05:14:03 Times Seen440 Hash 54b2d4e92e16d2ea51898124107af46a ab4225b696e63c9040de1511fa229cf65b4d3750 e17ccea95df87c35add9994b01ef7bb6e8b5c2ebea282c461199a140a5675662 Loading...

	widget.suphelper.top/_next/static/chunks/pages/index-ed7cd77912c6e3a9.js	107 kB	2024-04-25	2024-05-05
Pretty URL widget.suphelper.top/_next/static/chunks/pages/index-ed7cd77912c6e3a9.js IP 104.18.39.72 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 18:56:15 Last Seen2024-05-05 05:13:47 Times Seen75 Hash d0a7ecc59065580118a9ea8880c58962 21573546ac5011592094ef6aea0696ccdeb2164d e1b09efa81ca44cda394e366b64fbf2b3f0725eab9ad24782839cbb8f66842b5 Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_chunk_M4D4AAJL.js	101 kB	2024-04-24	2024-05-03
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_chunk_M4D4AAJL.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-24 06:33:08 Last Seen2024-05-03 05:52:36 Times Seen29 Hash 51ddc52774f4e5bd6a6f1c22e9d19674 374c2fbb2b68ad9c28898dfe60da3fd828ccf7c4 642e66ee14ca90b6ff8f91fbfdce400c6834a037dee18a60a72922ea727bb442 Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/344e644612ea.js	1.2 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/344e644612ea.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-24 06:33:07 Last Seen2024-04-26 16:29:52 Times Seen4 Hash e3860273696b2c2385615d1b02860059 f0e4d48268e48ecec11b95490d17fc6886e57c03 6abc62b8f71a23064894476369e1d95d6efe0b5def6678a5b02a143541aaafc9 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/RegistrationWidgetApp-41260109.js	76 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/RegistrationWidgetApp-41260109.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:04 Last Seen2024-04-26 10:36:34 Times Seen6 Hash 21a835136b8ae33cd00097879bb168a6 0be03e28575e2d36f43af705a84d6696e07717d1 cb12d647211b4890761ff8ece8e9fb9b0de34219e200e7a2c8dcc123c3417632 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.v-tooltip-de9cbf4c.js	77 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.v-tooltip-de9cbf4c.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:05 Last Seen2024-04-26 10:36:34 Times Seen10 Hash e0798c11c128dde9a2f8cb7010b4f2ac b501199439c816e3ce7b4db9343be18c7176393f f4d06de3e82b9e4717168f7368574bd7878368633d05b5b2136645e9f0f41fcb Loading...

	v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.BettingLeftAside-79ad2f0e.js	37 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.BettingLeftAside-79ad2f0e.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:09 Last Seen2024-04-26 10:36:34 Times Seen6 Hash 70a856ece2dd02e933e2fef3414ed184 1934275e14664f9ae568d5c584cf0d7bc405eb80 2436484f2b0d5cf261d2b340beb9d9d93998a13162919864119ac0cc0c13a8d6 Loading...

	widget.suphelper.top/_next/static/chunks/81.9c6562bba5669b47.js	37 kB	2023-10-13	2024-05-05
Pretty URL widget.suphelper.top/_next/static/chunks/81.9c6562bba5669b47.js IP 104.18.39.72 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-13 06:04:09 Last Seen2024-05-05 05:13:49 Times Seen3067 Hash 6782c8abf3d14391f6ed5c805a973cf5 a08b255c0084e14d74199f5af64522ffaba14486 88331f3bf38157ecb0e64f22c08a582384dc74c8bae09d9f78b9eab5fe82cfa3 Loading...

	widget.suphelper.top/_next/static/724286ac/_buildManifest.js	519 B	2024-04-25	2024-05-05
Pretty URL widget.suphelper.top/_next/static/724286ac/_buildManifest.js IP 104.18.39.72 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 18:56:14 Last Seen2024-05-05 05:13:53 Times Seen46 Hash 06c1d20d74764a4f7dea57ebb09df4d8 d6592eaad86ec7b7bc373774bf911385ea7cf07d 46185c722db3b74c04c371b445abb1da2fa2592059437ee508a23e96c1fdf169 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/Registration.Fields-3ce6506f.js	40 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/Registration.Fields-3ce6506f.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:09 Last Seen2024-04-26 10:36:38 Times Seen8 Hash 681145f0441284174ef426e56941290b 6e6844a39c0a7b28cd162391753ac6429a576728 a9b554dc85ad806c70c5a650600b4c39ea900812543992e8aa761b779600c3bb Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/0b23288bd734.js	5.0 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/0b23288bd734.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-24 06:33:10 Last Seen2024-04-26 16:29:52 Times Seen4 Hash ac462273a8335f158ccd0812c8d96cca ec97b28ed11a223b61173238fbff4ce8c28b1eb9 eeb96f45a00607fc87bc0fbc72edbcc26ed8981bac17cae3f3d1e10ce1c3b482 Loading...

	v3.traincdn.com/_nuxt/desktop/default/DownloadAppWidget-23d987ff.js	12 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/DownloadAppWidget-23d987ff.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:08 Last Seen2024-04-26 10:36:34 Times Seen6 Hash 8404462012316144032423ce8fbb64eb 5c746a0ed3594abdc7d43a410293e265dd3b2fca b1f58b41aa6480dc6df0ae7a62b0726e2cb0b3e5623513aa8e954c87450f7aca Loading...

	widget.suphelper.top/_next/static/chunks/663-81a4add2f1c95639.js	373 kB	2024-04-24	2024-05-05
Pretty URL widget.suphelper.top/_next/static/chunks/663-81a4add2f1c95639.js IP 104.18.39.72 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:05 Last Seen2024-05-05 05:14:03 Times Seen81 Hash 36e4e2c2a2498b008514f1f0250c8018 cfa53d1c8533fb5941d9ff4f1e45e8c831658693 42cd70d177e33b23f4982b671f4bb7f03a966053874a320af3f3ea7b7b7ca1f0 Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/694da3a9483f.js	424 B	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/694da3a9483f.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-24 06:33:08 Last Seen2024-04-26 16:29:56 Times Seen7 Hash 784714dbdeff946febf2eb88c77d6340 5da79cae3317a05b281ff8c256686a1a772b2352 1ba04d68c320b81d0d06784ac28bd95743cb6ef9ba02f34a3e733beca5e23c11 Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/9b1085266c45.js	435 B	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/9b1085266c45.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-24 06:33:09 Last Seen2024-04-26 16:29:53 Times Seen5 Hash b075575bc06525b491d4fd8da21e93ff e62563ac20cfdd6b44cc0c3e86aacaf1358e48af a5080ee6ff8f42eb65b4a7efea6d14b91d954e2db650bf7027e85ebf2041dae6 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-notification-be432464.js	12 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-notification-be432464.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:09 Last Seen2024-04-26 10:36:34 Times Seen10 Hash 1f560cda98016a758f23b98bb6451629 601e2074c0bac9c95a4cde3a1b0c8b2c46fc4157 e56d555d970e127bfcc5baf5da80649f7db6e3b9b09795af851020ca565644cd Loading...

	unknown	47 B	2023-04-14	2024-05-05
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26:15 Last Seen2024-05-05 05:13:49 Times Seen838 Hash 580b3e56fc9ab6e8b4655f43ee057cc1 5dfce565e446f4a167195de9a1a5dd26163c711c 446f07b6e56de61d2c2d5b6ba408cc580b492a6d1ede8fc51cfde4ef75a2b382 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.TeamGames-212b3d8d.js	30 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.TeamGames-212b3d8d.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:08 Last Seen2024-04-26 10:36:34 Times Seen6 Hash 361fe5a6001442cf39008a4c1116f2e4 81884dd80c15438223e8d8d3e6c1ac1593d3e99a a75467a41371ace952fbdb97273852b0d3bde6c06e2f2405808601693201d89d Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_localforage_PLMWICWN.js	30 kB	2024-03-23	2024-05-03
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_localforage_PLMWICWN.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-03-23 16:35:38 Last Seen2024-05-03 05:52:36 Times Seen31 Hash dfa127e93d125d4f6c566203eaf225f2 32c1fd89c4eeed7ac2a942582b3786659b15cd43 cf5077d1cff62ce76807408ebc2203563b7a221ddf1cf38339c6d54289bff390 Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/5e0dc9f15b39.js	53 B	2024-04-24	2024-05-03
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/5e0dc9f15b39.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-24 06:33:07 Last Seen2024-05-03 04:24:11 Times Seen20 Hash bb7e15ec1662efa164ad912bd1c65e19 bdd420a5f5bf96a8a4f85abbbe3b0cd2ad547f52 a9378fb3de73c35f466dfae4d2956a63b95813d4eaf88ae7f4ce820d0992cc01 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main.BettingLeftAside-cff7ad48.js	21 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main.BettingLeftAside-cff7ad48.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:10 Last Seen2024-04-26 10:36:33 Times Seen6 Hash 3f56cba5378467ab13f9b0306595ae53 2750c16fab16b27a053e7e98aac5e8f0208172d4 2401f7c429a40b5ff67fcbb6b78a804167da3d50d936c45b30e6fdcc990c04cb Loading...

	1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder	924 B	2024-02-25	2024-05-04
Pretty URL 1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder IP 178.253.29.47 ASN #202492 Silverhill Group Holding Ltd Introduced by scriptElement Embedded in HTML true Observations First Seen2024-02-25 06:56:59 Last Seen2024-05-04 07:42:12 Times Seen56 Hash 92bf20f2f922cc746bec8fe320b23ed3 768e5dbe711e1b62cad807b11ded99ef85001483 b81f4c4f575092cb52a07f89a96291f8e258b3f6bf61e51df0fec3bcc3132fea Loading...

	1xlite-660473.top/polyfills.js	0 B	2023-03-07	2024-05-05
Pretty URL 1xlite-660473.top/polyfills.js IP 178.253.29.47 ASN #202492 Silverhill Group Holding Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-05 21:50:50 Times Seen37370699 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-js-modal-b4e5c536.js	27 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-js-modal-b4e5c536.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:09 Last Seen2024-04-26 10:36:34 Times Seen10 Hash d6c0749abfe6ac3fa12439f8c5280965 9f433c690b68983f71225293938bfbea88e432f1 fe95732bdaefa78507800cbdf5e127902eec74eef86bee6a9bf1eeafc915c26c Loading...

	unknown	39 B	2023-04-14	2024-05-05
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26:15 Last Seen2024-05-05 05:13:49 Times Seen843 Hash bc51ed8c76553717f10d58b2df60fd76 e2d03a8fd8d280074b226c288880f9df299c7cb1 bee994eaf88453f6343ba57571a069054c12c9b4e42f8cbad4f2ad75c7fb264c Loading...

	v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.BettingContent-e046fd95.js	1.2 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.BettingContent-e046fd95.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:07 Last Seen2024-04-26 10:36:34 Times Seen6 Hash 9e3ac47608f356bc1dc1a9e6416bb442 ee016384b8a9bd54bb3d9acb0e692fdf935eca37 363d977ed612005685ed3c836a5add69b008d52a94e3da92b0ee2dcbe92ac486 Loading...

	v3.traincdn.com/_nuxt/desktop/default/commons/app-52fe5dc2.js	138 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/commons/app-52fe5dc2.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:07 Last Seen2024-04-26 10:36:34 Times Seen10 Hash 67738af5bf23b478a572a381a2acc716 dd7280b456a511724f02c36bc432472d28897aef 38d639b8059f8649a3afd6bae7727428d389d106ba7f5f58abe27ef6d5a59183 Loading...

	v3.traincdn.com/_nuxt/desktop/default/ioc.dependencies.18-6c0bd0e4.js	3.1 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/ioc.dependencies.18-6c0bd0e4.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:07 Last Seen2024-04-26 10:36:34 Times Seen6 Hash 8de2f812def30650dc849a6c4ad1d711 cb603fde42ac77caf6f5432c710cfe271dda3cef 537262d05d61223f1d34cb2ec7ec7240f6b49c1189d0b7d7cff0384a4292f150 Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/994284d39ca5.js	1.4 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/994284d39ca5.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-24 06:33:10 Last Seen2024-04-26 16:29:51 Times Seen4 Hash 901f57b165b23c191081c0d0112a5eda ac44c8ceab89512fad0470589198b0e453c49442 c9cef598b387cf4767593b47e7850b9feb99bb187d976744aaf651bd47000c2b Loading...

	v3.traincdn.com/_nuxt/desktop/default/analytics-c706fc54.js	6.4 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/analytics-c706fc54.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:08 Last Seen2024-04-26 10:36:36 Times Seen10 Hash 14c0a5b475850d7da7e8459bf9df5766 f4cbfa40f0f3e3781d23a8a2e3715bf8252a2402 a6a30f6358ba3aea4d315b8838587ef81df7d171d0f84e2aa6d6faaadad614fd Loading...

	1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder	714 kB	2024-04-26	2024-04-26
Pretty URL 1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder IP 178.253.29.47 ASN #202492 Silverhill Group Holding Ltd Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-26 01:56:28 Last Seen2024-04-26 01:56:28 Times Seen1 Hash b111a2088ad37f0c9e91049e2c8e6a1f 23c52382d704c4413366b6fe0209e34803f0f255 23c24b9fe351acdec19a6feb8a0ec69aaccc7a99ee74fa92cf82c1a08559a0dc Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/app-3a0481ca.js	966 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/app-3a0481ca.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:06 Last Seen2024-04-26 10:36:34 Times Seen9 Hash 47ed64bc46475959fb808f6ad315b17a 6458a90607fec951440547e5da3ece80345a79b3 6e6e1c838342b6cc15d98b2024a13f8f1e39dec2338a15bf9b04c1d73c9650c4 Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/entry-372f5fe6.js	2.3 MB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/entry-372f5fe6.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:04 Last Seen2024-04-26 16:29:51 Times Seen4 Hash e0292fb628a2f149f222bae2c2246200 c90fdda7fefa70a45a180c7e19ecb24be54c5a8b 4a1feaa3be631481f1474103c567df7c2cecf3cd2f6eda56e69b6def42d8728e Loading...

	v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingContent-2d71b204.js	1.3 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingContent-2d71b204.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:08 Last Seen2024-04-26 10:36:34 Times Seen6 Hash 195337917bfce628357a5db2aee5432f 154d69e35c36bd6e01d05b4045badf4872f9ebc3 c605b7891079605ad4b90aa944b0557202c0df060c4cfff972d413db0170fad3 Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_accept_language_parser_QKZ6ULEV.js	1.3 kB	2024-03-23	2024-05-03
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_accept_language_parser_QKZ6ULEV.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-03-23 16:35:35 Last Seen2024-05-03 05:52:30 Times Seen21 Hash 518e0ae196483ada8b528a1f2b7df0a1 50e66030d9aca44adb3bd7893ef3c42593e26be4 529ca09688eb85183a34a43651cad1e8fabae2a02924753d54786f3de5e85693 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/GameProvider/Page.Betting.Asia.Homepage/Page.Betting.MultiLive/Page.CricketWorldCupPage/Page/17c2374e-ae524f2a.js	144 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/GameProvider/Page.Betting.Asia.Homepage/Page.Betting.MultiLive/Page.CricketWorldCupPage/Page/17c2374e-ae524f2a.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:09 Last Seen2024-04-26 10:36:34 Times Seen6 Hash 886694940b166ad79a7c4b5a30eedb58 7ed534a6ed7b235ce25bc5376476ef84138432bc b0bc120f4a78e08b3d2765eb6da792d0d2232427317decb665bd6aac2fdc431e Loading...

	widget.suphelper.top/_next/static/chunks/pages/_app-a10a22844227e6a6.js	1.0 MB	2024-04-25	2024-05-02
Pretty URL widget.suphelper.top/_next/static/chunks/pages/_app-a10a22844227e6a6.js IP 104.18.39.72 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 18:56:13 Last Seen2024-05-02 04:19:28 Times Seen40 Hash 0a8ec60f8885a9417bae7ec2a3981f82 ef0fa91cda49946611fe1cd09819cfdaf8a1c6f5 15d73072cdad0ee70bdc75731a1c2d81326b0b1391b668cd36c639a321105259 Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/6684c66fedf3.js	715 B	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/6684c66fedf3.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:09 Last Seen2024-04-26 16:29:56 Times Seen5 Hash 363cae3f1a92357379ce31b700f431ee 9efb3994d1f63ab3f780139f0b5aed96e4d50c1c 2fcf183d8381d7ea36ec6f5302a14441c53621240cc1992dc218f01258832345 Loading...

	widget.suphelper.top/	196 B	2023-07-20	2024-05-05
Pretty URL widget.suphelper.top/ IP 104.18.39.72 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-07-20 14:42:12 Last Seen2024-05-05 05:13:54 Times Seen2019 Hash aa729c2ec64b60ce3b2052cc8edaa329 0f673deff4bffdd337a6220feb0b7b5b5ff666c4 9693391d461678be59d683100b1442f4ee65d2cf5bda3904fbf6232a7eb921ca Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.Main.Asian/registration.Main/user.userRegistration-61022f43.js	32 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.Main.Asian/registration.Main/user.userRegistration-61022f43.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:06 Last Seen2024-04-26 10:36:34 Times Seen8 Hash e56eb405b1675cee62515df2dd269796 9c9c94e310d2895822831bd3face015b1cbf6b06 d2dbde0611294046d74c6cfb5ef4fb9b3559df984253e2e490fe238b59303a54 Loading...

	v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.BettingLeftAside/Page.Betting.Main.Asian/betting.CentralMenuApp/betting.SportsMenuCompact-4ac47a98.js	15 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.BettingLeftAside/Page.Betting.Main.Asian/betting.CentralMenuApp/betting.SportsMenuCompact-4ac47a98.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:05 Last Seen2024-04-26 10:36:34 Times Seen6 Hash c57084469422f881a05ddd74499c60ff 739fdc06fcdfbcd15f86b58445fa17026fa33dc5 7abe74e474edb41787c9e7b7a653a3660adaab357d4544c631adc41b6241dcb5 Loading...

	v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Asia.Homepage-997209ca.js	37 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Asia.Homepage-997209ca.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:09 Last Seen2024-04-26 10:36:34 Times Seen6 Hash 65e245bd372dea1e58738d756283e8f6 8f6563d4b9b19f66c4e537ab793c123599168d26 38c3961b371948346f708b3bf23d6f20b83e76f5b0b4102154c84bb50fe7ee5c Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/3e98905ff0ef.js	4.2 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/3e98905ff0ef.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-24 06:33:08 Last Seen2024-04-26 16:29:53 Times Seen4 Hash ea85164f3c2c7d7e126e0e8be39d1ce0 c08ded6dfcbfdc6412de36c452f1cbe04ecf374b 5a3925b964a8e6883a0905ccb7dc1324c10f9653a54ba61b6ce2019c5f8855f0 Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/9a596f911770.js	1.5 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/9a596f911770.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-24 06:33:09 Last Seen2024-04-26 16:29:52 Times Seen4 Hash 37522b6a3d761c89809cb6f794ead60e 2ef6b91fabef8e2001adda71c5592cebbd1caf61 751c6dd1170a34ec54f5d58da1ea9d4ed72ad5e542906321c3726c4a8b627fbd Loading...

	1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder	15 kB	2024-04-26	2024-04-27
Pretty URL 1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder IP 178.253.29.47 ASN #202492 Silverhill Group Holding Ltd Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-26 01:56:29 Last Seen2024-04-27 18:35:59 Times Seen6 Hash 1861e0cd3bf864e276de73dd8df48b59 e862f67f8c5080248bb8410c56a7b7ad0dba62a8 d53f198b428a962cd2d85618c139e053ae638f93af65d796a1d632392059c3c4 Loading...

	v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboard/Page.NewCy/adc1b632-d5668a78.js	14 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboard/Page.NewCy/adc1b632-d5668a78.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:10 Last Seen2024-04-26 10:36:33 Times Seen6 Hash fdb7a93a6ddb45c5aa62038f2425f285 a4836eee77f925e40da1e670590dd08faf87b992 4a0463cc93f9ab8a16261880e0ac51d30932b1d07553817879a0addb00af38e0 Loading...

	v3.traincdn.com/_nuxt/desktop/default/consultant.supHelperV2-56fa9b09.js	3.2 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/consultant.supHelperV2-56fa9b09.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:09 Last Seen2024-04-26 10:36:34 Times Seen9 Hash 31dddc1647801a3327fdbc35796cc728 be143b7b082c2e26d4f5888795cdfbae3ee7fe30 5e182646aa4ce68aad3d97501ada00313a7dd51a5883b713c27803bb51e0a7ca Loading...

	v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/93ec59abc015.js	731 B	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/93ec59abc015.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-24 06:33:10 Last Seen2024-04-26 16:29:56 Times Seen6 Hash 7d7870ff5bec46f886d9df91c47f1bd0 ef32d1ab97e139ebf8d154c12b9feadcb7bab591 2b948582d897b0b58d607b573884d441ab2f9320770a69bf3a4b24a92fc3778e Loading...

	v3.traincdn.com/_nuxt/desktop/default/Layout.Betting.ExpressDay-1d2478b0.js	10 kB	2024-04-24	2024-04-26
Pretty URL v3.traincdn.com/_nuxt/desktop/default/Layout.Betting.ExpressDay-1d2478b0.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 06:33:10 Last Seen2024-04-26 10:36:34 Times Seen6 Hash badfd1b5440c69f594132dab6b8ece6f e1320ef520529473fd5de690b92bd42dd41eac81 12fc9f116dac766e665d2fd70f408cccc5497e8f6f25cc3c0ce3df667d43d693 Loading...

		Size	First Seen	Last Seen
	#1 Eval - c0b3d36699c80e2440da0c59cc1837b2	86 kB	2024-04-26	2024-04-26
Pretty Observations First Seen2024-04-26 01:56:29 Last Seen2024-04-26 01:56:29 Times Seen1 Hash c0b3d36699c80e2440da0c59cc1837b2 bc37817044054dfef207f9b4b47019268cce13a1 9ad9212cbcdd650e3ef75031dbb802f15103df8e2df6e56c6dc11a6c7a0b075c Loading...

	#2 Eval - c31a652e5b999cd833bdbfd242812925	30 kB	2024-04-26	2024-04-26
Pretty Observations First Seen2024-04-26 01:56:29 Last Seen2024-04-26 01:56:29 Times Seen1 Hash c31a652e5b999cd833bdbfd242812925 28331d32e34b3a06241ef995876fc7e335f235b1 8d8f25bd70917d7024490037264c48d680f3d1eb110ddf36ac3c09e51aa945ab Loading...

HTTP Transactions (269)

URL IP Response Size

1xlite-660473.top/polyfills.js

178.253.29.47

200 OK

0 B

URL GET HTTP/2
1xlite-660473.top/polyfills.js
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /polyfills.js HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder; postback_watcher=; platform_type=desktop; auid=sv0dL2Yq7Xxr7e+7AxAFAg==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:40 GMT
content-type: text/javascript; charset=utf-8
content-length: 0
vary: user-agent
cache-control: public, max-age=2678400, s-maxage=2678400
etag: W/"0-2jmj7l5rSw0yVb/vlWAYkK/YBwk"
x-time-ng: 0.024
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.032
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/runtime-429a9b40.js

185.244.209.62

200 OK

15 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/runtime-429a9b40.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (47028), with no line terminators
Size
15 kB (14721 bytes)
Hash
98255763f3f394149bb9d0b5f43f0cf7
9f9956c07034407cf605d11bc57b37c8a928c01f
664cac2629ba11af02afaabf5b06ef2bfab319d36efdb7c6b81ade6edcffd217

HTTP Headers

GET /_nuxt/desktop/default/runtime-429a9b40.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:40 GMT
content-type: application/javascript; charset=utf-8
content-length: 14721
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-3981"
content-encoding: gzip
expires: Fri, 26 Apr 2024 12:56:44 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-fd49ce82e2f57a57406a655bff0c3643-6f68fc052ec83379-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T12:56:44+00:00, 2024-04-25T12:58:31+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/1c94b87d.css

185.244.209.62

200 OK

7.3 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/1c94b87d.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (53523), with no line terminators
Size
7.3 kB (7300 bytes)
Hash
09f5d4ef76cd62ba561edcd01f6b5c5f
270b17bb922c6e3559a71fb9530ec41bd1b54f95
7e1af9add1d57b07ff5cdab9ee1af0b09253f3de94d42a4333a4f1603bce46bb

HTTP Headers

GET /_nuxt/desktop/default/css/1c94b87d.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:40 GMT
content-type: text/css
content-length: 7300
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-1c84"
content-encoding: gzip
expires: Fri, 26 Apr 2024 12:54:23 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-78bd13f3d70b69e491e16c2de2077924-1c020f4ff4c03262-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T12:54:23+00:00, 2024-04-25T13:06:02+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main-09271208.js

185.244.209.62

200 OK

58 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main-09271208.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (64940), with no line terminators
Size
58 kB (57868 bytes)
Hash
510ed48f64189337e8de2946d86f628b
c31579baef67dbaf7cc2f17bed8e2335223e3f8e
a236c2dd075d9f3fb5ba4ef3dec0efe9a6e60c79520bcc589a0f233dc96e54d2

HTTP Headers

GET /_nuxt/desktop/default/Page.Betting.Main-09271208.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:40 GMT
content-type: application/javascript; charset=utf-8
content-length: 57868
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-e20c"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:25:32 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-5c3a800ecdd540f17e7fcce21fe1e19b-7c5baf73a44aa5e2-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:32+00:00, 2024-04-25T14:32:54+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.Main.Asian/registration.Main/user.userRegistration-61022f43.js

185.244.209.62

200 OK

9.2 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.Main.Asian/registration.Main/user.userRegistration-61022f43.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (31451), with no line terminators
Size
9.2 kB (9167 bytes)
Hash
e56eb405b1675cee62515df2dd269796
9c9c94e310d2895822831bd3face015b1cbf6b06
d2dbde0611294046d74c6cfb5ef4fb9b3559df984253e2e490fe238b59303a54

HTTP Headers

GET /_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.Main.Asian/registration.Main/user.userRegistration-61022f43.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:40 GMT
content-type: application/javascript; charset=utf-8
content-length: 9167
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-23cf"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:25:09 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-cd68dfe5604bf6c15e877a84881f642e-a7288cfb18dfb35e-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:32+00:00, 2024-04-25T14:32:54+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.Homepage/Page.Betting.Main/Page.Betting.Main.Asian/Page.Betting.TeamGames/Page.New/a4ad9f6b-09f13029.js

185.244.209.62

200 OK

4.2 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.Homepage/Page.Betting.Main/Page.Betting.Main.Asian/Page.Betting.TeamGames/Page.New/a4ad9f6b-09f13029.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (14590), with no line terminators
Size
4.2 kB (4207 bytes)
Hash
73f82bd11055f942d7fdc91daeeeffe3
b105ad08a4eace9e06c2dccad185cffd174b2abb
599ee13f2007b11321a9bfaeee0b82ce9fceb73545b010019bedd35d2bdf491a

HTTP Headers

GET /_nuxt/desktop/default/Page.Betting.Asia.Homepage/Page.Betting.Main/Page.Betting.Main.Asian/Page.Betting.TeamGames/Page.New/a4ad9f6b-09f13029.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:40 GMT
content-type: application/javascript; charset=utf-8
content-length: 4207
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-106f"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:28:32 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-cec571914f1708dbf053485d936174a2-c81f47cc5ec916e9-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:32+00:00, 2024-04-25T14:32:54+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.TeamGames-212b3d8d.js

185.244.209.62

200 OK

7.6 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.TeamGames-212b3d8d.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (29993), with no line terminators
Size
7.6 kB (7632 bytes)
Hash
361fe5a6001442cf39008a4c1116f2e4
81884dd80c15438223e8d8d3e6c1ac1593d3e99a
a75467a41371ace952fbdb97273852b0d3bde6c06e2f2405808601693201d89d

HTTP Headers

GET /_nuxt/desktop/default/vendors/Page.Betting.Main/Page.Betting.TeamGames-212b3d8d.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:40 GMT
content-type: application/javascript; charset=utf-8
content-length: 7632
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-1dd0"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:28:32 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-9e3a9cd1ef2867644dff339981c90f04-2498e248551a7ece-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:32+00:00, 2024-04-25T14:32:54+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/98ce2926.css

185.244.209.62

200 OK

1.5 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/98ce2926.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (8509), with no line terminators
Size
1.5 kB (1491 bytes)
Hash
b0cd3891fe08ec67c50bbdfd9f7e9181
205511f8e55a0498e8129c290759a26ba4a4db31
75c619e9cabd7b2c1939e6837909e12c51fb3e68888ba20d650cb1939f983f6e

HTTP Headers

GET /_nuxt/desktop/default/css/98ce2926.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:40 GMT
content-type: text/css
content-length: 1491
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-5d3"
content-encoding: gzip
expires: Fri, 26 Apr 2024 12:26:51 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-79877cc153e91e004b4f137542c612f3-c0d2943ccbbdae77-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T12:26:51+00:00, 2024-04-25T12:57:32+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/6cc025d5.css

185.244.209.62

200 OK

1.3 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/6cc025d5.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (6716), with no line terminators
Size
1.3 kB (1324 bytes)
Hash
be35c859b4087d52ff863e02472b7438
acce1097a331dc2ec0669d17db06c679e7c81be6
af7c9af6bda4b329f14b870f4df09e1b11e87d8dba17c30eed496dc5d27dfc1f

HTTP Headers

GET /_nuxt/desktop/default/css/6cc025d5.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:40 GMT
content-type: text/css
content-length: 1324
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-52c"
content-encoding: gzip
expires: Fri, 26 Apr 2024 12:26:51 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-0a1d4665011c4567f601549fd09a1ef9-3f698857d37f4e83-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T12:26:51+00:00, 2024-04-25T12:57:32+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/a7906856.css

185.244.209.62

200 OK

336 B

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/a7906856.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (1099), with no line terminators
Size
336 B (336 bytes)
Hash
6921418ff9395c44037498a4cf17ee66
31879049279e2cb5bc06b249d80d1735ef112b19
e6de221b29f3b4e47505c877067f28565ab5e1b419dc5003aca29c49596e73ab

HTTP Headers

GET /_nuxt/desktop/default/css/a7906856.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:40 GMT
content-type: text/css
content-length: 336
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-150"
content-encoding: gzip
expires: Fri, 26 Apr 2024 12:26:51 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-4c20cd6d7178423c98e9cbf862d5b75e-13f8aefd63c194e0-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T12:26:51+00:00, 2024-04-25T12:57:32+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/version.json

185.244.209.62

200 OK

44 B

URL GET HTTP/2
v3.traincdn.com/version.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text
Size
44 B (44 bytes)
Hash
4dda53dbeb340a5129b07e1702aa8dad
614a638c883bf28d94af0918fc794d5d275cfc20
eeb319ca820c70f7b63d4ff6a64bb4852647c066b7cd0245601964722306e983

HTTP Headers

GET /version.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:40 GMT
content-type: application/json
content-length: 44
last-modified: Thu, 25 Apr 2024 10:41:36 GMT
etag: "662a3360-2c"
content-encoding: gzip
expires: Thu, 25 Apr 2024 11:27:56 GMT
cache-control: max-age=60, max-age=60, s-maxage=60
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-47bb9a1c45e2723777da347285d8aa0d-e9159b1800441525-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T11:26:56+00:00, 2024-04-25T23:55:20+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside-500bea4e.js

185.244.209.62

200 OK

17 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside-500bea4e.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65113), with no line terminators
Size
17 kB (17005 bytes)
Hash
85aa5ed6fedc499534bfeb8eee571fb6
b751e2adaae96f130072f0e7eab069e15d196ec1
e5e627bc912c4a35155dec18e77f6d9bf9c211c970530570975b82c4409828f9

HTTP Headers

GET /_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside-500bea4e.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:40 GMT
content-type: application/javascript; charset=utf-8
content-length: 17005
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-426d"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:25:31 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-fbc99866ae1216a5c0ef857ac31def8e-154830e20213c932-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:32+00:00, 2024-04-25T14:32:54+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main.BettingLeftAside-cff7ad48.js

185.244.209.62

200 OK

5.9 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Main.BettingLeftAside-cff7ad48.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (21263), with no line terminators
Size
5.9 kB (5867 bytes)
Hash
3f56cba5378467ab13f9b0306595ae53
2750c16fab16b27a053e7e98aac5e8f0208172d4
2401f7c429a40b5ff67fcbb6b78a804167da3d50d936c45b30e6fdcc990c04cb

HTTP Headers

GET /_nuxt/desktop/default/vendors/Page.Betting.Main.BettingLeftAside-cff7ad48.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:40 GMT
content-type: application/javascript; charset=utf-8
content-length: 5867
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-16eb"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:25:33 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-51dbf87405951b100ba970fb3efdc21d-3ace8d75ae2658a7-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:32+00:00, 2024-04-25T14:32:54+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main/Page.Betting.Main.BettingLeftAside/Page.Betting.TeamGames/betting.GamesSliderApp/b/e7e00398-9123e772.js

185.244.209.62

200 OK

2.2 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main/Page.Betting.Main.BettingLeftAside/Page.Betting.TeamGames/betting.GamesSliderApp/b/e7e00398-9123e772.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (7613), with no line terminators
Size
2.2 kB (2212 bytes)
Hash
6799557112e6479f4840348196eed7a5
046037566d79a018ad198bef462fa51c74bbb5a4
40caffbe2d55fa120e702fc464aac54e941c61b3031f22f5792205a572ff5ac7

HTTP Headers

GET /_nuxt/desktop/default/Page.Betting.Main/Page.Betting.Main.BettingLeftAside/Page.Betting.TeamGames/betting.GamesSliderApp/b/e7e00398-9123e772.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:40 GMT
content-type: application/javascript; charset=utf-8
content-length: 2212
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-8a4"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:25:33 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-652bdbdaaf07da135cf57d74631ae52a-65a2de7743d2f023-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:32+00:00, 2024-04-25T14:32:54+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboard/Page.NewCy/adc1b632-d5668a78.js

185.244.209.62

200 OK

3.5 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboard/Page.NewCy/adc1b632-d5668a78.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (13913), with no line terminators
Size
3.5 kB (3531 bytes)
Hash
fdb7a93a6ddb45c5aa62038f2425f285
a4836eee77f925e40da1e670590dd08faf87b992
4a0463cc93f9ab8a16261880e0ac51d30932b1d07553817879a0addb00af38e0

HTTP Headers

GET /_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboard/Page.NewCy/adc1b632-d5668a78.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:40 GMT
content-type: application/javascript; charset=utf-8
content-length: 3531
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-dcb"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:25:32 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-6b83fc9d28b435be550ae1dfeb8ffa07-f78c47916ad5cd9f-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:32+00:00, 2024-04-25T14:32:54+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/c3d37cc4.css

185.244.209.62

200 OK

194 B

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/c3d37cc4.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (395), with no line terminators
Size
194 B (194 bytes)
Hash
7f1ee7f9ec47159043591789124ec7cc
bb021131214d4b70b327355a5a947b974f2eccbd
4041bafac614e354c03b647dc8d226e140460381c4816a65528e4ba428b0a0ad

HTTP Headers

GET /_nuxt/desktop/default/css/c3d37cc4.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:40 GMT
content-type: text/css
content-length: 194
last-modified: Wed, 24 Apr 2024 11:16:25 GMT
etag: "6628ea09-c2"
content-encoding: gzip
expires: Fri, 26 Apr 2024 09:22:48 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-fde37f9f9041dfc8e5a38f59159ff812-74fbfd3f2a832015-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T09:22:48+00:00, 2024-04-25T13:58:48+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside/betting.SportMenuApp-f5f00544.js

185.244.209.62

200 OK

10 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside/betting.SportMenuApp-f5f00544.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (41616), with no line terminators
Size
10 kB (10291 bytes)
Hash
09f939cf46957d82e821f8807e05968a
5e1ec26d95f29042bb2f78c902b37c44817cc109
771bb7992371b7c701a37d462456fc4529bc477b52a334c8667762ca4e5a306b

HTTP Headers

GET /_nuxt/desktop/default/Page.Betting.Main.BettingLeftAside/betting.SportMenuApp-f5f00544.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:40 GMT
content-type: application/javascript; charset=utf-8
content-length: 10291
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-2833"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:25:32 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-294467916c85561f97d06973f8349634-aada906bb3e3a852-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:33+00:00, 2024-04-25T14:32:54+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/9eb4939a.css

185.244.209.62

200 OK

2.8 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/9eb4939a.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (20960), with no line terminators
Size
2.8 kB (2763 bytes)
Hash
6cae6098e169876c305ca92f82fe3cde
d27c18f05738795d575c8ce370ed83cf07da0a5a
7095d096e88dd0a09d84d063de1e0eedd406b032150a5af99e796c2ac63bcfe5

HTTP Headers

GET /_nuxt/desktop/default/css/9eb4939a.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:40 GMT
content-type: text/css
content-length: 2763
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-acb"
content-encoding: gzip
expires: Fri, 26 Apr 2024 12:26:51 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-bb01ebbb19f95af1a527b885665e26d5-96bf3161ed726075-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T12:26:51+00:00, 2024-04-25T12:57:32+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingContent-2d71b204.js

185.244.209.62

200 OK

646 B

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.BettingContent-2d71b204.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (1333), with no line terminators
Size
646 B (646 bytes)
Hash
195337917bfce628357a5db2aee5432f
154d69e35c36bd6e01d05b4045badf4872f9ebc3
c605b7891079605ad4b90aa944b0557202c0df060c4cfff972d413db0170fad3

HTTP Headers

GET /_nuxt/desktop/default/Page.Betting.Main.BettingContent-2d71b204.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:40 GMT
content-type: application/javascript; charset=utf-8
content-length: 646
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-286"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:24:42 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-6ef0a744bb99905c24d4d01aba475535-ce1c4c536e6ad9f1-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:34+00:00, 2024-04-25T14:32:54+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/885d64fc.css

185.244.209.62

200 OK

332 B

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/885d64fc.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (975), with no line terminators
Size
332 B (332 bytes)
Hash
31aa50dcbc858f61bf3ed903493b8431
abf67e7f02256d2d5c5e2054b2930aa9b5ece999
18337e3b3c6f57695afaca43e471c075fd711e0485b4e7f1fdc1b6fe4e8703d7

HTTP Headers

GET /_nuxt/desktop/default/css/885d64fc.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:40 GMT
content-type: text/css
content-length: 332
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-14c"
content-encoding: gzip
expires: Fri, 26 Apr 2024 12:16:17 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-39026420866ce1de90b926290383d848-1807213cb93b894e-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T12:16:17+00:00, 2024-04-25T19:20:22+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Layout.Betting.ExpressDay-1d2478b0.js

185.244.209.62

200 OK

3.4 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/Layout.Betting.ExpressDay-1d2478b0.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (10178), with no line terminators
Size
3.4 kB (3362 bytes)
Hash
badfd1b5440c69f594132dab6b8ece6f
e1320ef520529473fd5de690b92bd42dd41eac81
12fc9f116dac766e665d2fd70f408cccc5497e8f6f25cc3c0ce3df667d43d693

HTTP Headers

GET /_nuxt/desktop/default/Layout.Betting.ExpressDay-1d2478b0.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:40 GMT
content-type: application/javascript; charset=utf-8
content-length: 3362
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-d22"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:25:33 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-4b0285f1cac0b3a97b53d939d674e204-e46a2268757cd0c4-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:33+00:00, 2024-04-25T14:32:54+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/6c310293.css

185.244.209.62

200 OK

3.2 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/6c310293.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (31339), with no line terminators
Size
3.2 kB (3225 bytes)
Hash
3cc47f5bfd7fb2ef96257df775a1b810
bbb36b671dd4a1f6e24cce1a48368724994b3913
18aeb0ed76dd6ce1471582770244ed6c55b69fef2e84ffabdabdbf7f32600326

HTTP Headers

GET /_nuxt/desktop/default/css/6c310293.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:40 GMT
content-type: text/css
content-length: 3225
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-c99"
content-encoding: gzip
expires: Fri, 26 Apr 2024 12:26:51 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-d4c323e9b034003496556f9cbc282348-0c3f1bf97100bed0-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T12:26:51+00:00, 2024-04-25T12:57:32+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Layout.SeoModule.Lazy-133d5539.js

185.244.209.62

200 OK

2.3 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/Layout.SeoModule.Lazy-133d5539.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (8037), with no line terminators
Size
2.3 kB (2257 bytes)
Hash
ceb24e94d87d9c04b6685d611e9050c1
781d9f7fb4ff0e09fa74cdcdc5b1e707a57b4539
bfc675160863b2fdb50b84830a53646a8c762836217ffc99ea6a8b5dc16cd734

HTTP Headers

GET /_nuxt/desktop/default/Layout.SeoModule.Lazy-133d5539.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:40 GMT
content-type: application/javascript; charset=utf-8
content-length: 2257
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-8d1"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:28:33 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-d7b5f4af4163d65e156cc4d410f14fa8-362d8d33465ab1a1-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:33+00:00, 2024-04-25T14:32:54+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/85148a0b.css

185.244.209.62

200 OK

4.0 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/85148a0b.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (32277), with no line terminators
Size
4.0 kB (3964 bytes)
Hash
eeaf257a8645b90669a2ea93b8fb534e
d81289258b7a5c126dd860232760852cc8ad865e
3a170c88ab694ad7552f7a84baa04ddb248c32b7f8ffe16d55dd73685de87aa6

HTTP Headers

GET /_nuxt/desktop/default/css/85148a0b.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:40 GMT
content-type: text/css
content-length: 3964
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-f7c"
content-encoding: gzip
expires: Fri, 26 Apr 2024 12:54:24 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-62f3f0c568d979693fccf2cc731ccebe-62bccd46a6933168-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T12:54:24+00:00, 2024-04-25T13:05:38+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Layout.FooterComponent.Lazy-9abe035a.js

185.244.209.62

200 OK

7.8 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/Layout.FooterComponent.Lazy-9abe035a.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (28143), with no line terminators
Size
7.8 kB (7783 bytes)
Hash
c790413a6f4ea0dbbb7278d4ba07c8e2
aeea4548ef2d3820699053c3c6b7f653703688ec
a85e58d257f382c639e0f17995d19e6e55271ee366813029aa709f067bbef4a2

HTTP Headers

GET /_nuxt/desktop/default/Layout.FooterComponent.Lazy-9abe035a.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:40 GMT
content-type: application/javascript; charset=utf-8
content-length: 7783
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-1e67"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:28:34 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-0ae8e73f152dad5c58d3cbba48ac03a7-7735f466e7cfa142-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:34+00:00, 2024-04-25T14:32:54+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/Layout.FooterComponent.Lazy-627abef7.js

185.244.209.62

200 OK

8.3 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/Layout.FooterComponent.Lazy-627abef7.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (29805), with no line terminators
Size
8.3 kB (8274 bytes)
Hash
4d2f484f3465b217acb7bc2c93924f01
f6274c5c70d187c221e04edacdc4e73bc90bae28
57931838efa5e848ac1467518ce0d43b9a11e44f53f41d0b48a8fc321ecebb7f

HTTP Headers

GET /_nuxt/desktop/default/vendors/Layout.FooterComponent.Lazy-627abef7.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:40 GMT
content-type: application/javascript; charset=utf-8
content-length: 8274
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-2052"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:28:34 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-62cf1f8eea8ee39bc4b939d0529a340d-7463e12cec9b13b2-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:34+00:00, 2024-04-25T14:32:54+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/5cfdf959.css

185.244.209.62

200 OK

1.1 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/5cfdf959.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (4632), with no line terminators
Size
1.1 kB (1113 bytes)
Hash
f74d8b7e31b6ab236a9577348874385d
87091e6542649037a05fc137fa449b713c85225d
b33d72295f1edbfc13da30236c4b811cffe4ba8ef758a515914cd69cf02edbf8

HTTP Headers

GET /_nuxt/desktop/default/css/5cfdf959.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:40 GMT
content-type: text/css
content-length: 1113
last-modified: Wed, 24 Apr 2024 11:16:25 GMT
etag: "6628ea09-459"
content-encoding: gzip
expires: Fri, 26 Apr 2024 06:45:01 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-e2a96b5c44927682487514ed2bac9240-8712f649868bcc8e-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T06:45:01+00:00, 2024-04-25T07:56:22+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Layout.FooterComponent.Lazy/Page.Game.Project-27024645.js

185.244.209.62

200 OK

6.3 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/Layout.FooterComponent.Lazy/Page.Game.Project-27024645.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (20014), with no line terminators
Size
6.3 kB (6262 bytes)
Hash
b69735a0304bc0ac21b40573ee550f0b
96f237bfaac6dab3ce2595e9961762984ae1545b
5defbae69d8affe7aa3e1eda4b2f1759900c2ce35985b69928b65cdfabfc78e3

HTTP Headers

GET /_nuxt/desktop/default/Layout.FooterComponent.Lazy/Page.Game.Project-27024645.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:40 GMT
content-type: application/javascript; charset=utf-8
content-length: 6262
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-1876"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:28:34 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-ce8d7da9caddad209f7611ad57346611-b0ed87b168e6b8cc-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:34+00:00, 2024-04-25T14:32:54+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/b31cf88f.css

185.244.209.62

200 OK

2.2 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/b31cf88f.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (9498), with no line terminators
Size
2.2 kB (2186 bytes)
Hash
96a29f0004392655cc9593713581f6bc
9e217c48ea7052b0df22bd29aa1b62afd807ef2d
f38f8cbcdd652cad7465c60c1eff068b6d104e97f4603f1499cb790f81b17cff

HTTP Headers

GET /_nuxt/desktop/default/css/b31cf88f.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:40 GMT
content-type: text/css
content-length: 2186
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-88a"
content-encoding: gzip
expires: Fri, 26 Apr 2024 12:33:29 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-39715d4fc5cb4b9792e11e37c4e9aee3-7b682ec6e2365b04-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T12:33:29+00:00, 2024-04-25T12:57:32+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/e74c776d.css

185.244.209.62

200 OK

14 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/e74c776d.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
14 kB (13767 bytes)
Hash
46c8f0c05f1b041270e8e142c7ce5d70
2b14a5ef8669fe0e73a40a816b894a50c829219f
eed5933b3a22f8155625627d59bf536ceda18acc679a4019833a890e75b07ba7

HTTP Headers

GET /_nuxt/desktop/default/css/e74c776d.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:40 GMT
content-type: text/css
content-length: 13767
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-35c7"
content-encoding: gzip
expires: Fri, 26 Apr 2024 12:54:14 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-cc5f1743f41a23b6d340236bd70dc769-14ee5c1b934d4866-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T12:54:14+00:00, 2024-04-25T13:04:37+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/app-3a0481ca.js

185.244.209.62

200 OK

270 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/app-3a0481ca.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (61101)
Size
270 kB (270073 bytes)
Hash
47ed64bc46475959fb808f6ad315b17a
6458a90607fec951440547e5da3ece80345a79b3
6e6e1c838342b6cc15d98b2024a13f8f1e39dec2338a15bf9b04c1d73c9650c4

HTTP Headers

GET /_nuxt/desktop/default/vendors/app-3a0481ca.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:40 GMT
content-type: application/javascript; charset=utf-8
content-length: 270073
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-41ef9"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:28:31 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-5d0e46af5fa57463ce8f6562c750a6c7-a0a9d9ba4390a33c-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:31+00:00, 2024-04-25T14:32:54+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/app-019fd1f8.js

185.244.209.62

200 OK

225 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/app-019fd1f8.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (64966), with no line terminators
Size
225 kB (224677 bytes)
Hash
d43b77608bc8d96538ae9c273040c05f
976870970f803da08317c877884507f74612dcb0
6d2939523f88a6d4cce3fb00a10e7b0bd1a2733ba36d72ce608bdb19a287f109

HTTP Headers

GET /_nuxt/desktop/default/app-019fd1f8.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:40 GMT
content-type: application/javascript; charset=utf-8
content-length: 224677
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-36da5"
content-encoding: gzip
expires: Fri, 26 Apr 2024 12:56:44 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-5dd448dec7a6365925de95200c7275a4-f54b61d08f78d2a7-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T12:56:44+00:00, 2024-04-25T12:58:31+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/commons/app-52fe5dc2.js

185.244.209.62

200 OK

47 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/commons/app-52fe5dc2.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65476)
Size
47 kB (46792 bytes)
Hash
67738af5bf23b478a572a381a2acc716
dd7280b456a511724f02c36bc432472d28897aef
38d639b8059f8649a3afd6bae7727428d389d106ba7f5f58abe27ef6d5a59183

HTTP Headers

GET /_nuxt/desktop/default/commons/app-52fe5dc2.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:40 GMT
content-type: application/javascript; charset=utf-8
content-length: 46792
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-b6c8"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:28:31 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-d697d0524f0af0869c068128e26ae85c-b98fa271aaae5a0f-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:31+00:00, 2024-04-25T14:32:54+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2

185.244.209.62

200 OK

64 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 63748, version 1.0
Size
64 kB (63748 bytes)
Hash
6887b6f24414dbc612dbf42ccdc76b70
8068d3abfbc6cbf35b55919da45b1f4d2d136238
fc5c015fc32518f1ed810fa84ca28941eb9d5a3c81acc8df69a4dbbeedef7b0c

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:41 GMT
content-type: font/woff2
content-length: 63748
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "6887b6f24414dbc612dbf42ccdc76b70"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-3f7d72299a5a788e88914c006ebe8d64-398a15af0ba8c3f6-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:13:59+00:00, 2024-04-25T23:07:49+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Medium.woff2

185.244.209.62

200 OK

65 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Medium.woff2
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 64732, version 1.0
Size
65 kB (64732 bytes)
Hash
3ac5d40d1b3966fc5eb09ecca74d9cbf
a69f32357765dd321519889aeacba5e9ca893bb0
3310766b8f58538d07abded74a2babe1acbe1a3ee820d5b8c8265da666f4fb0c

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Medium.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:41 GMT
content-type: font/woff2
content-length: 64732
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "3ac5d40d1b3966fc5eb09ecca74d9cbf"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-e3490eb78e2ed546e2feb163982d83d2-d863aa7b2bb07038-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:56:30+00:00, 2024-04-25T23:29:35+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2

185.244.209.62

200 OK

64 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 63920, version 1.0
Size
64 kB (63920 bytes)
Hash
a65527fcb58f66a7cfbc0e6b160538b4
45d260e7fa343401b5bb0df982a014f53e2d253b
fb13c3a1cbac60649b76f7d7f85c1645d35ac69b85ce5f4eb0692505ecc2cd45

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:41 GMT
content-type: font/woff2
content-length: 63920
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "a65527fcb58f66a7cfbc0e6b160538b4"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-24bc14f8d64129b42d361ca55f4a7dc3-3fd3b3269ee320e0-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:54:39+00:00, 2024-04-25T23:10:28+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/check-ob.js

185.244.209.62

200 OK

187 B

URL GET HTTP/2
v3.traincdn.com/_nuxt/check-ob.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text
Size
187 B (187 bytes)
Hash
ced67278c38d1ce1297c121af69fff8a
df6e1531fd84d956263b04254e6f94f5356623f4
2958134c3c00f7c6320858dd66e454c2856e4842821d3523c4cc5e44e1ec8616

HTTP Headers

GET /_nuxt/check-ob.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:41 GMT
content-type: application/javascript; charset=utf-8
content-length: 187
last-modified: Wed, 24 Apr 2024 11:16:59 GMT
etag: "6628ea2b-bb"
content-encoding: gzip
expires: Thu, 25 Apr 2024 12:52:17 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-bbd7b099b5387bf6211357a8d2f8f418-15c907ba10e8917f-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-24T12:52:17+00:00, 2024-04-25T11:36:14+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/1da51baa342984a84ca1ac8dd900998b.png

185.244.209.62

200 OK

653 B

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/1da51baa342984a84ca1ac8dd900998b.png
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
PNG image data, 32 x 32, 8-bit colormap, non-interlaced
Size
653 B (653 bytes)
Hash
e6f0766cbd95db33da44e7a9140648f2
5f196b1bfe8c3f92bd2ebcd67124e72e81ae6aaf
c0399d478788d5d483f104a2e8cb7c32f41cb40e9df0c22e831b2bfa2db63ec0

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/1da51baa342984a84ca1ac8dd900998b.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:41 GMT
content-type: image/png
content-length: 653
last-modified: Tue, 25 Apr 2023 13:43:56 GMT
etag: "e6f0766cbd95db33da44e7a9140648f2"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2023-12-18T07:12:59+00:00
traceparent: 00-ef1dc1054950bc93f65fd1fb07858af3-c995889923cf55e7-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/f5105820.css

185.244.209.62

200 OK

194 B

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/f5105820.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (395), with no line terminators
Size
194 B (194 bytes)
Hash
2818ab9c6ece35261fbf658165189623
f01f8175a7a89449a1dad5f2a7df06c5866c10af
b4f0b619b6f6ece6589df376a16eae022b084640348887d3c557e20a37207583

HTTP Headers

GET /_nuxt/desktop/default/css/f5105820.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:41 GMT
content-type: text/css
content-length: 194
last-modified: Wed, 24 Apr 2024 11:16:25 GMT
etag: "6628ea09-c2"
content-encoding: gzip
expires: Fri, 26 Apr 2024 09:23:37 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-b0a9900c096d65782f97f87e210b39cb-c528e7a83959a676-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T09:23:37+00:00, 2024-04-25T16:08:49+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.BettingContent-e046fd95.js

185.244.209.62

200 OK

636 B

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.BettingContent-e046fd95.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (1235), with no line terminators
Size
636 B (636 bytes)
Hash
9e3ac47608f356bc1dc1a9e6416bb442
ee016384b8a9bd54bb3d9acb0e692fdf935eca37
363d977ed612005685ed3c836a5add69b008d52a94e3da92b0ee2dcbe92ac486

HTTP Headers

GET /_nuxt/desktop/default/Page.Betting.Asia.BettingContent-e046fd95.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:41 GMT
content-type: application/javascript; charset=utf-8
content-length: 636
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-27c"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:28:35 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-5dedc860332a29de1f295263b10bcee4-c5844c37a5440f68-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:35+00:00, 2024-04-25T14:32:55+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.BettingLeftAside/Page.Betting.Main.Asian/betting.CentralMenuApp/betting.SportsMenuCompact-4ac47a98.js

185.244.209.62

200 OK

4.2 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.BettingLeftAside/Page.Betting.Main.Asian/betting.CentralMenuApp/betting.SportsMenuCompact-4ac47a98.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (14574), with no line terminators
Size
4.2 kB (4186 bytes)
Hash
c57084469422f881a05ddd74499c60ff
739fdc06fcdfbcd15f86b58445fa17026fa33dc5
7abe74e474edb41787c9e7b7a653a3660adaab357d4544c631adc41b6241dcb5

HTTP Headers

GET /_nuxt/desktop/default/Page.Betting.Asia.BettingLeftAside/Page.Betting.Main.Asian/betting.CentralMenuApp/betting.SportsMenuCompact-4ac47a98.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:41 GMT
content-type: application/javascript; charset=utf-8
content-length: 4186
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-105a"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:28:37 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-8ba57e1938028861322a371cd2a11c3d-ebe9c3e87cc423d3-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:37+00:00, 2024-04-25T14:32:55+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/2a37879e.css

185.244.209.62

200 OK

1.3 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/2a37879e.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (6872), with no line terminators
Size
1.3 kB (1331 bytes)
Hash
7727cc93d85a2459297f9b1237fc6a92
f37f7a3ec3d30df2513a38dd2c67fefaf038edec
e4559060670fd8cf92ad4e830ae9237d2bbc735470f4597ad5d943388d9248d2

HTTP Headers

GET /_nuxt/desktop/default/css/2a37879e.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:41 GMT
content-type: text/css
content-length: 1331
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-533"
content-encoding: gzip
expires: Fri, 26 Apr 2024 12:27:19 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-8a70604d16d2372c47affb6d1065cb3e-fc48de5ebdebc537-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T12:27:19+00:00, 2024-04-25T13:42:35+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.BettingLeftAside-79ad2f0e.js

185.244.209.62

200 OK

10 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.BettingLeftAside-79ad2f0e.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (37195), with no line terminators
Size
10 kB (10215 bytes)
Hash
70a856ece2dd02e933e2fef3414ed184
1934275e14664f9ae568d5c584cf0d7bc405eb80
2436484f2b0d5cf261d2b340beb9d9d93998a13162919864119ac0cc0c13a8d6

HTTP Headers

GET /_nuxt/desktop/default/Page.Betting.Asia.BettingLeftAside-79ad2f0e.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:41 GMT
content-type: application/javascript; charset=utf-8
content-length: 10215
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-27e7"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:28:35 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-b9cc2d02f8125dd2e4f10045c348f7a5-6db909f984e673f6-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:35+00:00, 2024-04-25T14:32:56+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/GameProvider/Page.Betting.Asia.Homepage/Page.Betting.MultiLive/Page.CricketWorldCupPage/Page/17c2374e-ae524f2a.js

185.244.209.62

200 OK

37 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/GameProvider/Page.Betting.Asia.Homepage/Page.Betting.MultiLive/Page.CricketWorldCupPage/Page/17c2374e-ae524f2a.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65461)
Size
37 kB (37175 bytes)
Hash
886694940b166ad79a7c4b5a30eedb58
7ed534a6ed7b235ce25bc5376476ef84138432bc
b0bc120f4a78e08b3d2765eb6da792d0d2232427317decb665bd6aac2fdc431e

HTTP Headers

GET /_nuxt/desktop/default/vendors/GameProvider/Page.Betting.Asia.Homepage/Page.Betting.MultiLive/Page.CricketWorldCupPage/Page/17c2374e-ae524f2a.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:41 GMT
content-type: application/javascript; charset=utf-8
content-length: 37175
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-9137"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:28:35 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-9cdef399ad21dea9d341fb943dad0883-e2294db98c7b50cd-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:35+00:00, 2024-04-25T14:32:56+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.Homepage/Page.NewCyber.Cyber/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamp/Page./8c362243-c8580d37.js

185.244.209.62

200 OK

5.6 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.Homepage/Page.NewCyber.Cyber/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamp/Page./8c362243-c8580d37.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (19536), with no line terminators
Size
5.6 kB (5568 bytes)
Hash
68b0e7b36aaabe3fc4c55b9b7a99b204
8e30dc11ce9406793473bdff9aac0101f562655e
2bdec28d6e101619011e495111f672ccba2334d2f089a5a87fca2512d86d7f0c

HTTP Headers

GET /_nuxt/desktop/default/Page.Betting.Asia.Homepage/Page.NewCyber.Cyber/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamp/Page./8c362243-c8580d37.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:41 GMT
content-type: application/javascript; charset=utf-8
content-length: 5568
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-15c0"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:28:35 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-05a6db6e2a8249beb8c21b663f55b12e-6251ee63721753b8-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:35+00:00, 2024-04-25T14:32:55+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Asia.Homepage-997209ca.js

185.244.209.62

200 OK

10 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Betting.Asia.Homepage-997209ca.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (36639), with no line terminators
Size
10 kB (10111 bytes)
Hash
65e245bd372dea1e58738d756283e8f6
8f6563d4b9b19f66c4e537ab793c123599168d26
38c3961b371948346f708b3bf23d6f20b83e76f5b0b4102154c84bb50fe7ee5c

HTTP Headers

GET /_nuxt/desktop/default/vendors/Page.Betting.Asia.Homepage-997209ca.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:41 GMT
content-type: application/javascript; charset=utf-8
content-length: 10111
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-277f"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:28:35 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-6eb86c372517eee21bf0456d15114535-1d3307a96dfaf1ec-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:35+00:00, 2024-04-25T14:32:55+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/4b5c6c89.css

185.244.209.62

200 OK

6.7 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/4b5c6c89.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (53058), with no line terminators
Size
6.7 kB (6667 bytes)
Hash
173f5247c95e1b42bb3b77ed0a8eb44d
5b4b32ac3c6b995e254b7e8e1ecdf00ef4882aa9
f20b6d24581afe4c6af83abbc14b11194385c8e5f15a27e972724f61891c6dd0

HTTP Headers

GET /_nuxt/desktop/default/css/4b5c6c89.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:41 GMT
content-type: text/css
content-length: 6667
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-1a0b"
content-encoding: gzip
expires: Fri, 26 Apr 2024 12:54:25 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-4f55d43662b9da0959466357fad8befe-6d7b7e0834d971c9-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T12:54:25+00:00, 2024-04-25T13:42:35+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.Homepage-da45acc1.js

185.244.209.62

200 OK

32 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Asia.Homepage-da45acc1.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (64912), with no line terminators
Size
32 kB (32515 bytes)
Hash
cbf2424a84930767b46aa8d32382630e
237dc0de3c9db7b080424eeb69e2feb2a6d7805e
4a2f536eada6636b0d6d1747962d8aa508c88405865199c32f05cd95605bdfbb

HTTP Headers

GET /_nuxt/desktop/default/Page.Betting.Asia.Homepage-da45acc1.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:41 GMT
content-type: application/javascript; charset=utf-8
content-length: 32515
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-7f03"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:28:37 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-e858253e7671a6fe14791f82d0199799-5c60e0c9e0240e97-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:37+00:00, 2024-04-25T14:32:56+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/f72f2b10.css

185.244.209.62

200 OK

4.8 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/f72f2b10.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (38649), with no line terminators
Size
4.8 kB (4780 bytes)
Hash
8ab5f1e804e2a4565dea164054ff0907
7ee2bea2c9dcb6424f707c35588a316a249270fa
ce3424802faaac382a0efe23fbc285123fae95d0461ecf26e4881e1907acd9ec

HTTP Headers

GET /_nuxt/desktop/default/css/f72f2b10.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:41 GMT
content-type: text/css
content-length: 4780
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-12ac"
content-encoding: gzip
expires: Fri, 26 Apr 2024 12:27:19 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-f6144c313a984eb3309b41967b712f7b-6df55adecb2099b8-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T12:27:19+00:00, 2024-04-25T13:42:36+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.Asian-cb1300f7.js

185.244.209.62

200 OK

29 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/Page.Betting.Main.Asian-cb1300f7.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (64788), with no line terminators
Size
29 kB (28909 bytes)
Hash
07824180288a9c6a3276f486612df7d7
ec83f284a957114b2bf1e709b574c8bab032bf19
b89df0b5e3c1a25a67b84e7fb42719fd512dbc49a8c3dda0e7dfe786f6ee573a

HTTP Headers

GET /_nuxt/desktop/default/Page.Betting.Main.Asian-cb1300f7.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:41 GMT
content-type: application/javascript; charset=utf-8
content-length: 28909
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-70ed"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:28:35 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-7fd70b02f41ada8bad1f2e2b9784c280-3034c30ceb266b60-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:35+00:00, 2024-04-25T14:32:56+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.v-tooltip-de9cbf4c.js

185.244.209.62

200 OK

22 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.v-tooltip-de9cbf4c.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65476)
Size
22 kB (21881 bytes)
Hash
e0798c11c128dde9a2f8cb7010b4f2ac
b501199439c816e3ce7b4db9343be18c7176393f
f4d06de3e82b9e4717168f7368574bd7878368633d05b5b2136645e9f0f41fcb

HTTP Headers

GET /_nuxt/desktop/default/vendors/plugins.v-tooltip-de9cbf4c.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:42 GMT
content-type: application/javascript; charset=utf-8
content-length: 21881
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-5579"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:28:36 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-885c034e0910a5055a60f4234a526d13-e37c5c74a32248b6-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:36+00:00, 2024-04-25T14:32:56+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-notification-be432464.js

185.244.209.62

200 OK

4.6 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-notification-be432464.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (12527), with no line terminators
Size
4.6 kB (4556 bytes)
Hash
1f560cda98016a758f23b98bb6451629
601e2074c0bac9c95a4cde3a1b0c8b2c46fc4157
e56d555d970e127bfcc5baf5da80649f7db6e3b9b09795af851020ca565644cd

HTTP Headers

GET /_nuxt/desktop/default/vendors/plugins.vue-notification-be432464.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:42 GMT
content-type: application/javascript; charset=utf-8
content-length: 4556
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-11cc"
content-encoding: gzip
expires: Fri, 26 Apr 2024 12:54:19 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-624b033b33d88f8992f2d9c7142917b7-ae31966b28992baf-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T12:54:19+00:00, 2024-04-25T13:05:44+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/e5c0e314.css

185.244.209.62

200 OK

953 B

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/e5c0e314.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (3352), with no line terminators
Size
953 B (953 bytes)
Hash
748da80084597d87b4ff5e98b017b07b
db6ad2ec24bfcbe751a23061d935403e1163f471
4eaf4071f43aaa0243a4c6948131b7a3e03fe6ab1f4228da38e8588c15e01f24

HTTP Headers

GET /_nuxt/desktop/default/css/e5c0e314.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:42 GMT
content-type: text/css
content-length: 953
last-modified: Wed, 24 Apr 2024 11:16:26 GMT
etag: "6628ea0a-3b9"
content-encoding: gzip
expires: Fri, 26 Apr 2024 11:04:50 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-dbbd752c5eb1067bfbb49ebe12237ea2-c56b94c67fa3cbd8-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T11:04:50+00:00, 2024-04-25T14:51:46+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-js-modal-b4e5c536.js

185.244.209.62

200 OK

8.1 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-js-modal-b4e5c536.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (26717), with no line terminators
Size
8.1 kB (8056 bytes)
Hash
d6c0749abfe6ac3fa12439f8c5280965
9f433c690b68983f71225293938bfbea88e432f1
fe95732bdaefa78507800cbdf5e127902eec74eef86bee6a9bf1eeafc915c26c

HTTP Headers

GET /_nuxt/desktop/default/vendors/plugins.vue-js-modal-b4e5c536.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:42 GMT
content-type: application/javascript; charset=utf-8
content-length: 8056
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-1f78"
content-encoding: gzip
expires: Fri, 26 Apr 2024 12:54:19 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-64db905d442edc382caf5b3339750d59-a1567eaa82555448-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T12:54:19+00:00, 2024-04-25T13:05:44+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/date-fns-locale-21-1bddb75a.js

185.244.209.62

200 OK

2.1 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/date-fns-locale-21-1bddb75a.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (6960), with no line terminators
Size
2.1 kB (2118 bytes)
Hash
646a2b32c35fc60e6fe759e25b80b680
4bffb554df5ebcd3f96154047e39cc1efe9d4658
b8339391f1719293f8987d960120957904d99c0e4d634e48f6f16f3e2c25e812

HTTP Headers

GET /_nuxt/desktop/default/date-fns-locale-21-1bddb75a.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:42 GMT
content-type: application/javascript; charset=utf-8
content-length: 2118
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-846"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:28:37 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-79d7ea99356730a62a8467abc8c0267b-8a08baea28f8593b-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:37+00:00, 2024-04-25T14:51:46+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/DC-5812449e.js

185.244.209.62

200 OK

1.0 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/DC-5812449e.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (2336), with no line terminators
Size
1.0 kB (1000 bytes)
Hash
5fd92d5e19084953d42f6435bf43dbc3
1605b683a815f82e1439bedd7f7acc9bef1d75c1
ad5547e0059467c7711c34a6627570759b87ea738c7659a3f169fe1871eb2dda

HTTP Headers

GET /_nuxt/desktop/default/DC-5812449e.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:42 GMT
content-type: application/javascript; charset=utf-8
content-length: 1000
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-3e8"
content-encoding: gzip
expires: Fri, 26 Apr 2024 12:54:22 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-405194b75a898f1b713a55a6a270cd02-fc1778cb79f395d2-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T12:54:22+00:00, 2024-04-25T13:05:48+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/Betting.Core-3d5acad8.js

185.244.209.62

200 OK

1.5 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/Betting.Core-3d5acad8.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (2341), with no line terminators
Size
1.5 kB (1504 bytes)
Hash
20dfbfd0b527a3400141072543ab8d14
8b18103124ebcc40d3817e5b0897403dd79a777d
60ad198390a8936e848b2beeb25fb8f57fdb8a9a44cae0a2b22b731e38242d95

HTTP Headers

GET /_nuxt/desktop/default/Betting.Core-3d5acad8.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:42 GMT
content-type: application/javascript; charset=utf-8
content-length: 1504
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-5e0"
content-encoding: gzip
expires: Fri, 26 Apr 2024 12:56:51 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-dd9263deff991b6e2fbee5603f0c3bf3-8e9333ef206f0977-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T12:56:51+00:00, 2024-04-25T12:58:32+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-660473.top/seo-module-api/api/public/v1/analytics-counters?url=https:%2F%2F1xlite-660473.top&projectId=285

178.253.29.47

200 OK

141 B

URL GET HTTP/2
1xlite-660473.top/seo-module-api/api/public/v1/analytics-counters?url=https:%2F%2F1xlite-660473.top&projectId=285
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
141 B (141 bytes)
Hash
bd9be2fa89d26e9e6f1b2e08ffcd0ed6
90eae25ee792254c7ca97e98c5782078f9bdc37f
c11510c5556799ec6bf918684e80903d08cf6237d3c4f94d32a8ebf35d067a1d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /seo-module-api/api/public/v1/analytics-counters?url=https:%2F%2F1xlite-660473.top&projectId=285 HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder; platform_type=desktop; auid=sv0dL2Yq7Xxr7e+7AxAFAg==; SESSION=587ba088a1b8608459f8108426e49de1; window_width=1920
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:42 GMT
content-type: application/json
content-length: 141
cache-control: max-age=1200, must-revalidate, public, s-maxage=1800, stale-if-error=86400, stale-while-revalidate=300
x-content-digest: enebf83560af95b198ca2d2caf127b1151
age: 995
x-request-id: d8247a16e65b4124fbdf7e2b0af64966
x-request-guid: d8247a16e65b4124fbdf7e2b0af64966
x-time-ng: 0.002
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: p;dur=1.478910446167, wf-uht;dur=
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/consultant.supHelperV2-56fa9b09.js

185.244.209.62

200 OK

1.5 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/consultant.supHelperV2-56fa9b09.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (3229), with no line terminators
Size
1.5 kB (1451 bytes)
Hash
31dddc1647801a3327fdbc35796cc728
be143b7b082c2e26d4f5888795cdfbae3ee7fe30
5e182646aa4ce68aad3d97501ada00313a7dd51a5883b713c27803bb51e0a7ca

HTTP Headers

GET /_nuxt/desktop/default/consultant.supHelperV2-56fa9b09.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:42 GMT
content-type: application/javascript; charset=utf-8
content-length: 1451
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-5ab"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:28:37 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-b56f9721cceabf464a6669d51039897f-80218ef05df9eaec-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:37+00:00, 2024-04-25T14:32:56+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-660473.top/version.json?timestamp=1714089342225

178.253.29.47

200 OK

44 B

URL GET HTTP/2
1xlite-660473.top/version.json?timestamp=1714089342225
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
ASCII text
Size
44 B (44 bytes)
Hash
4dda53dbeb340a5129b07e1702aa8dad
614a638c883bf28d94af0918fc794d5d275cfc20
eeb319ca820c70f7b63d4ff6a64bb4852647c066b7cd0245601964722306e983

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /version.json?timestamp=1714089342225 HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder; platform_type=desktop; auid=sv0dL2Yq7Xxr7e+7AxAFAg==; SESSION=587ba088a1b8608459f8108426e49de1; window_width=1920
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:42 GMT
content-type: application/json
content-length: 44
last-modified: Thu, 25 Apr 2024 10:41:36 GMT
vary: Accept-Encoding
etag: "662a3360-2c"
content-encoding: gzip
expires: Thu, 25 Apr 2024 23:56:42 GMT
access-control-allow-origin: *
cache-control: max-age=60, max-age=60, s-maxage=60
accept-ranges: bytes
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.008
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/ioc.dependencies.18-6c0bd0e4.js

185.244.209.62

200 OK

1.3 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/ioc.dependencies.18-6c0bd0e4.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (3073), with no line terminators
Size
1.3 kB (1321 bytes)
Hash
8de2f812def30650dc849a6c4ad1d711
cb603fde42ac77caf6f5432c710cfe271dda3cef
537262d05d61223f1d34cb2ec7ec7240f6b49c1189d0b7d7cff0384a4292f150

HTTP Headers

GET /_nuxt/desktop/default/ioc.dependencies.18-6c0bd0e4.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:42 GMT
content-type: application/javascript; charset=utf-8
content-length: 1321
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-529"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:28:37 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-92111d4b2e289855e3c4e3ea98d486e0-c57c59c5516077e6-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:37+00:00, 2024-04-25T14:32:56+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Cyber.Game/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboar/ff3e75d4-3bf76071.js

185.244.209.62

200 OK

7.4 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/Page.Cyber.Game/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboar/ff3e75d4-3bf76071.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (32231), with no line terminators
Size
7.4 kB (7382 bytes)
Hash
73045dab5a0f1892f4ecaa63deac81c4
53f582f313d660bcb8bc204d4b9930878f667271
3da8040fa2cbba713382129ac29b73bbd06c920cd0086fd10edad8b85c413e23

HTTP Headers

GET /_nuxt/desktop/default/vendors/Page.Cyber.Game/Page.NewCyber.CyberApp/Page.NewCyber.CyberChamps/Page.NewCyber.CyberDashboar/ff3e75d4-3bf76071.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:42 GMT
content-type: application/javascript; charset=utf-8
content-length: 7382
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-1cd6"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:28:39 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-c34db0720929aabbf4d4dc45680f5fcf-7b7008c3c08c4ad9-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:39+00:00, 2024-04-25T14:32:56+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/betting.SportMenuApp-c04577b2.js

185.244.209.62

200 OK

5.3 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/betting.SportMenuApp-c04577b2.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (20674), with no line terminators
Size
5.3 kB (5347 bytes)
Hash
92f2228f7f2d8ea17cc1bbd2946c5235
79c8609806d6d5d95cc518023baecc8d1952e6e2
e097b717e3ae34e2ff062ec780fb4b9513f743f41ca1e0528f07361bb5dc3f48

HTTP Headers

GET /_nuxt/desktop/default/vendors/betting.SportMenuApp-c04577b2.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:42 GMT
content-type: application/javascript; charset=utf-8
content-length: 5347
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-14e3"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:28:39 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-3528f606c3273e0624ee32451ec52315-7e3e34fc346f6e58-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:39+00:00, 2024-04-25T14:32:56+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/ad481252.css

185.244.209.62

200 OK

3.0 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/ad481252.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (22886), with no line terminators
Size
3.0 kB (3004 bytes)
Hash
c7f34a5d51920cc71c1de5650e93ba9f
c8e496bab9ced71a3160f0d30d5f061e9b9845b1
5768f888a21a23426a5ba6c204d97b7fc73ba52a24d503676206036ec84a1265

HTTP Headers

GET /_nuxt/desktop/default/css/ad481252.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:42 GMT
content-type: text/css
content-length: 3004
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-bbc"
content-encoding: gzip
expires: Fri, 26 Apr 2024 12:27:40 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-d152a055f82760626627871403c9fe43-76f5772e52fe1b3f-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T12:27:40+00:00, 2024-04-25T14:32:56+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/betting.SportMenuApp-82ce6195.js

185.244.209.62

200 OK

25 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/betting.SportMenuApp-82ce6195.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65483), with no line terminators
Size
25 kB (24915 bytes)
Hash
cb65d148da616bc7624597ec1f9802da
51d8d278e180f09b548c0b123e3627840bce9244
2e27352090f3824edb7a7849a5daf063288ad34f11c710525c99b0bf1486b66f

HTTP Headers

GET /_nuxt/desktop/default/betting.SportMenuApp-82ce6195.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:42 GMT
content-type: application/javascript; charset=utf-8
content-length: 24915
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-6153"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:28:39 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-e5a214a725ae93578ad687e460e223c8-84e9bc7e3ccae208-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:39+00:00, 2024-04-25T14:32:56+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/betting.HomeSliderComponent-74faad26.js

185.244.209.62

200 OK

7.4 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/betting.HomeSliderComponent-74faad26.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (27479), with no line terminators
Size
7.4 kB (7383 bytes)
Hash
36a40a25b745631e0e28cac4083cbeac
76ad3820c008567577fec994bf3e1e7440e2e77e
af4793dd4927863c6ac8d66b033d5d7efb7bfa65a967208fc1c12a07bdc64436

HTTP Headers

GET /_nuxt/desktop/default/vendors/betting.HomeSliderComponent-74faad26.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:42 GMT
content-type: application/javascript; charset=utf-8
content-length: 7383
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-1cd7"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:28:39 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-74e0d9dd6b5f7e7aecf2e10e858f6f81-0338e087b9c5b5e3-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:39+00:00, 2024-04-25T14:32:56+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/85022173.css

185.244.209.62

200 OK

1.7 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/85022173.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (9757), with no line terminators
Size
1.7 kB (1731 bytes)
Hash
d9ff2bf37891da2be05d7fd5442113f5
419f63a7b47f983139a1cdc040707ab4b90bc255
05d90d1e2368c45cf52f0796d76035b98b8ab02ff57d218005ddffbfc20963c5

HTTP Headers

GET /_nuxt/desktop/default/css/85022173.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:42 GMT
content-type: text/css
content-length: 1731
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-6c3"
content-encoding: gzip
expires: Fri, 26 Apr 2024 12:54:33 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-f9a41f159f9f70673a3bddbcb14b5fd2-8febc4396d83cef6-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T12:54:33+00:00, 2024-04-25T13:05:48+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/betting.HomeSliderComponent-888df66d.js

185.244.209.62

200 OK

7.6 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/betting.HomeSliderComponent-888df66d.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (24523), with no line terminators
Size
7.6 kB (7601 bytes)
Hash
54be88936d941a65bd59d27f8bf96657
47a93d65c60bc45add632fcf288afff7ba6fe257
ee1dc1579a781b5d03318e39af446dfe8d2fd2c1cd6878a61882c21414d24a06

HTTP Headers

GET /_nuxt/desktop/default/betting.HomeSliderComponent-888df66d.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:42 GMT
content-type: application/javascript; charset=utf-8
content-length: 7601
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-1db1"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:28:39 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-2b904872e7aea31ed7273373bc65592c-813f774365bb2109-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:39+00:00, 2024-04-25T14:32:56+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/9f2746da.css

185.244.209.62

200 OK

1.3 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/9f2746da.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (6439), with no line terminators
Size
1.3 kB (1305 bytes)
Hash
cdd7464b2b178b37ed8a1368b6383203
0a13fc4908d91476649bb51e33d690b460a5a89c
aeacff8e3f578ea2842f067e3f42d53e72a4f668cf526c60dc659bd89f5a3c6b

HTTP Headers

GET /_nuxt/desktop/default/css/9f2746da.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:42 GMT
content-type: text/css
content-length: 1305
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-519"
content-encoding: gzip
expires: Fri, 26 Apr 2024 12:27:40 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-f9d8afdcd970d9fe32e49ef299f1ea06-0f18175c2a0343cc-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T12:27:40+00:00, 2024-04-25T14:32:56+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/betting.CentralMenuApp-fcf94262.js

185.244.209.62

200 OK

16 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/betting.CentralMenuApp-fcf94262.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (64597), with no line terminators
Size
16 kB (16497 bytes)
Hash
0b750d1eb8ed980568c3b2783bc73abe
2f4cbcbc29cf5174e2490d0723dffd13919391a4
36844a337b242c366f594f7cd16f1505aefa8c2c38dccaf97b78eec261021312

HTTP Headers

GET /_nuxt/desktop/default/betting.CentralMenuApp-fcf94262.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:42 GMT
content-type: application/javascript; charset=utf-8
content-length: 16497
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-4071"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:28:39 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-32706086b15b9d92f6772a8225409287-39c8a0a8996576cc-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:39+00:00, 2024-04-25T14:32:56+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/526e44d9.css

185.244.209.62

200 OK

459 B

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/526e44d9.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (1526), with no line terminators
Size
459 B (459 bytes)
Hash
97fdf5b6e7dfddf6ab251e984133b2c3
bb552fe685c52c34e0ed91e4dfaa9df2675ad086
92fcdb73c544b1f2befe78685340fd3371e920187a2232f8e4bffd73985d40e3

HTTP Headers

GET /_nuxt/desktop/default/css/526e44d9.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:42 GMT
content-type: text/css
content-length: 459
last-modified: Wed, 24 Apr 2024 11:16:26 GMT
etag: "6628ea0a-1cb"
content-encoding: gzip
expires: Fri, 26 Apr 2024 11:05:14 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-d78c19ae99be7969882cc3fd75fbbeb0-199067dcb25d1d07-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T11:05:14+00:00, 2024-04-25T14:54:44+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/betting.media-969fa6be.js

185.244.209.62

200 OK

17 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/betting.media-969fa6be.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (41022), with NEL line terminators
Size
17 kB (16831 bytes)
Hash
ed1aa306ac0483a61e03d12f0cf0c683
3688fabf92067a4cc58d87aec282cddc6a7e33f0
fdc6326914576f6b064f1b56dc5e153e8f601d12932d28cda623ea1c6670ffff

HTTP Headers

GET /_nuxt/desktop/default/vendors/betting.media-969fa6be.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:42 GMT
content-type: application/javascript; charset=utf-8
content-length: 16831
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-41bf"
content-encoding: gzip
expires: Fri, 26 Apr 2024 12:54:31 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-7a0b59549707ebb8d034ec9316aa7f1c-3ee651575351b467-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T12:54:31+00:00, 2024-04-25T13:05:52+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/ff267c5c.css

185.244.209.62

200 OK

1.5 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/ff267c5c.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (7000), with no line terminators
Size
1.5 kB (1486 bytes)
Hash
f379bc6f4b94f34d96f6fe51159bee63
f4c0d4dbef1e1e734e84e05d75e4ff950d06eb60
b2a5bd6495250a19500dd5a6ca62f045c8b70226a668dc63ef40c78883bdae11

HTTP Headers

GET /_nuxt/desktop/default/css/ff267c5c.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:42 GMT
content-type: text/css
content-length: 1486
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-5ce"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:33:18 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-6938d90c812be71b63475f2308cd0c8a-c5dde3a9402cf780-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:33:18+00:00, 2024-04-25T16:12:56+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/betting.media-91c67102.js

185.244.209.62

200 OK

4.7 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/betting.media-91c67102.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (16761), with no line terminators
Size
4.7 kB (4731 bytes)
Hash
9edd02014a4812685d800389066bc94b
c89f400bb9b8ab7af4e7461a2d2ec002aea83bb8
23e9fe0dac6ac461e53781b9d407e7e3595eeea010fb4d6236eaa6b7699928ee

HTTP Headers

GET /_nuxt/desktop/default/betting.media-91c67102.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:42 GMT
content-type: application/javascript; charset=utf-8
content-length: 4731
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-127b"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:28:39 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-f4f24a9292b5f044cd96b4f77bd08d89-6140ee3aec48c225-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:39+00:00, 2024-04-25T14:32:56+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-660473.top/service-api/gamespreview/getbanner?whence=55&ref=1&gr=285&lng=en&fCountry=137

178.253.29.47

200 OK

155 B

URL GET HTTP/2
1xlite-660473.top/service-api/gamespreview/getbanner?whence=55&ref=1&gr=285&lng=en&fCountry=137
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
155 B (155 bytes)
Hash
d9c4e764d0719887a701a2fd57d2ed20
dd9132eb122454d6202e18dc89cf3f813bd28eea
bfb3eb33d14d3606f7ef2f2ebf7194a6eba1837022e2cce1a5adaebff4226d10

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/gamespreview/getbanner?whence=55&ref=1&gr=285&lng=en&fCountry=137 HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en?tag=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder; platform_type=desktop; auid=sv0dL2Yq7Xxr7e+7AxAFAg==; SESSION=587ba088a1b8608459f8108426e49de1; window_width=1280
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:42 GMT
content-type: application/json; charset=utf-8
content-length: 155
x-time-ng: 0.003
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.012
X-Firefox-Spdy: h2

1xlite-660473.top/session-api/sessions/user

178.253.29.47

200 OK

16 B

URL GET HTTP/2
1xlite-660473.top/session-api/sessions/user
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
16 B (16 bytes)
Hash
646b2e82b65602d35f7aa6283c387e3a
b163a70c5df8e4b0861a23a04f8a6f78393747f4
b68bf12405ee2cb5b76764df21dbc2df0953ddff4072ddc5281d1aab05e8c4ab

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /session-api/sessions/user HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en?tag=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder; platform_type=desktop; auid=sv0dL2Yq7Xxr7e+7AxAFAg==; SESSION=587ba088a1b8608459f8108426e49de1; window_width=1280
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:42 GMT
content-type: application/json
content-length: 16
cache-control: no-cache, private
x-time-ng: 0.003
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: p;dur=1.4321804046631, wf-uht;dur=0.010
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/88cfac66.css

185.244.209.62

200 OK

97 B

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/88cfac66.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
97 B (97 bytes)
Hash
9deb70dd3fbdc7061ed21c5632fbc55b
22ae1cadf75b3fdd5e3e3762842b1b7a6f6e7ed8
be8196057ac43ab3882caf30239c364e1ef4ceda087e92ca87187ce239f022f9

HTTP Headers

GET /_nuxt/desktop/default/css/88cfac66.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:42 GMT
content-type: text/css
content-length: 97
last-modified: Wed, 24 Apr 2024 11:16:25 GMT
etag: "6628ea09-61"
content-encoding: gzip
expires: Thu, 25 Apr 2024 14:35:41 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-7d3d5189b68d2f107e2594929681380f-5f30a28e7578c99c-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-24T14:35:41+00:00, 2024-04-25T11:57:25+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/Auth.Forms/RegistrationWidgetApp/components/userControl.auth_form_extended/registration.Main/da7322db-4c41d619.js

185.244.209.62

200 OK

8.5 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/Auth.Forms/RegistrationWidgetApp/components/userControl.auth_form_extended/registration.Main/da7322db-4c41d619.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (25972)
Size
8.5 kB (8517 bytes)
Hash
83575afda287eafafb4102f4463ea9a7
241502bfcd1fdaf75068e1f6497e65642ec7981d
6c7258871472c35e8d3f7f4c71550a079165d95f913297204b6746faf5f31f33

HTTP Headers

GET /_nuxt/desktop/default/vendors/Auth.Forms/RegistrationWidgetApp/components/userControl.auth_form_extended/registration.Main/da7322db-4c41d619.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:42 GMT
content-type: application/javascript; charset=utf-8
content-length: 8517
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-2145"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:28:38 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-d78a14370cdc6d38b568a5f6d8e3667b-e7fe996672434252-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:38+00:00, 2024-04-25T14:32:56+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/25e24e18.css

185.244.209.62

200 OK

1.5 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/25e24e18.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (6262), with no line terminators
Size
1.5 kB (1505 bytes)
Hash
09f1bd90913ad83743065cc13ee3e0c6
0f1d49d4ddfccf474d882839c1ac901a8c1d91e6
b0222e16baaccc20a1143166da7715bbab586f1d8d8bebf26f91e98738a55a92

HTTP Headers

GET /_nuxt/desktop/default/css/25e24e18.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:42 GMT
content-type: text/css
content-length: 1505
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-5e1"
content-encoding: gzip
expires: Fri, 26 Apr 2024 12:27:51 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-3151d465996f8865fa9e16b674a2fa41-0460722363afc990-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T12:27:51+00:00, 2024-04-25T14:32:56+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/RegistrationWidgetApp-41260109.js

185.244.209.62

200 OK

21 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/RegistrationWidgetApp-41260109.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
21 kB (20723 bytes)
Hash
21a835136b8ae33cd00097879bb168a6
0be03e28575e2d36f43af705a84d6696e07717d1
cb12d647211b4890761ff8ece8e9fb9b0de34219e200e7a2c8dcc123c3417632

HTTP Headers

GET /_nuxt/desktop/default/vendors/RegistrationWidgetApp-41260109.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:43 GMT
content-type: application/javascript; charset=utf-8
content-length: 20723
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-50f3"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:28:39 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-665f34d06f14a1e618130c314a633b13-18b33d3d40f5168b-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:39+00:00, 2024-04-25T14:32:56+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/betting.coupon2-1ecfb74c.js

185.244.209.62

200 OK

580 B

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/betting.coupon2-1ecfb74c.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (1003), with no line terminators
Size
580 B (580 bytes)
Hash
14565039f0ad5d77219bca259af6c150
e4a754546968a83c871aa2a5f4d88ba141a15fc6
6558d81c13b54927cf40265b22f5c1c9184571e740da752071d574092556fc90

HTTP Headers

GET /_nuxt/desktop/default/betting.coupon2-1ecfb74c.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:43 GMT
content-type: application/javascript; charset=utf-8
content-length: 580
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-244"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:28:39 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-aa7bd336752820742fb353e75c1e204d-4f954838b037648a-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:39+00:00, 2024-04-25T14:32:56+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-660473.top/service-api/LiveFeed/WebGetTopChampsZip?lng=en&gr=285&country=137

178.253.29.47

200 OK

266 B

URL GET HTTP/2
1xlite-660473.top/service-api/LiveFeed/WebGetTopChampsZip?lng=en&gr=285&country=137
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
266 B (266 bytes)
Hash
16f9e35434c6dde662de2d55fd60af24
6583a4b9d596ad7c64ea58ed28fb412379995775
8922f3ebca99234ff6ee7bf29422b552064351447ec708213c6c3d823b5fb189

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/WebGetTopChampsZip?lng=en&gr=285&country=137 HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en?tag=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder; platform_type=desktop; auid=sv0dL2Yq7Xxr7e+7AxAFAg==; SESSION=587ba088a1b8608459f8108426e49de1; window_width=1280
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:43 GMT
content-type: application/json; charset=utf-8
content-length: 266
cache-control: no-cache
content-encoding: br
last-modified: Thu, 25 Apr 2024 23:55:43 GMT
vary: Accept-Encoding
x-time-ng: 0.004
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.013
X-Firefox-Spdy: h2

1xlite-660473.top/service-api/LiveFeed/GetTopGamesStatZip?lng=en&antisports=66

178.253.29.47

200 OK

2.2 kB

URL GET HTTP/2
1xlite-660473.top/service-api/LiveFeed/GetTopGamesStatZip?lng=en&antisports=66
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
2.2 kB (2195 bytes)
Hash
d225d93bd4473b2b70cda0101a79fb18
d806571cc58c5d5476273ef9edce09e9cfd7b41a
eeb5d6936a84de98ccd4638703cd7308a7c48a32ec32d2ffa07e0864b4bd6bf0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/GetTopGamesStatZip?lng=en&antisports=66 HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en?tag=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder; platform_type=desktop; auid=sv0dL2Yq7Xxr7e+7AxAFAg==; SESSION=587ba088a1b8608459f8108426e49de1; window_width=1280
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:43 GMT
content-type: application/json; charset=utf-8
content-length: 2195
cache-control: public, max-age=5
content-encoding: br
last-modified: Thu, 25 Apr 2024 23:55:43 GMT
vary: Accept-Encoding
x-time-ng: 0.005
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.012
X-Firefox-Spdy: h2

1xlite-660473.top/bff-api/event-logo/v2/suitable.json?lang=en

178.253.29.47

200 OK

2 B

URL GET HTTP/2
1xlite-660473.top/bff-api/event-logo/v2/suitable.json?lang=en
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
2 B (2 bytes)
Hash
d751713988987e9331980363e24189ce
97d170e1550eee4afc0af065b78cda302a97674c
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bff-api/event-logo/v2/suitable.json?lang=en HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en?tag=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder; platform_type=desktop; auid=sv0dL2Yq7Xxr7e+7AxAFAg==; SESSION=587ba088a1b8608459f8108426e49de1; window_width=1280
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:43 GMT
content-type: application/json
content-length: 2
cache-control: no-cache, private
server-timing: bff;dur=11.92, dt_total;dur=91.239, wf-uht;dur=0.100
traceparent: 00-4c15d24f2030ff8533c680947de4a33c-156a58e14ed6bcc6-01
x-dt: 285
x-time-ng: 0.091
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

1xlite-660473.top/genfiles/cms/desktop/contact/86f18367ce2829388dcdabccb99b1740.svg

178.253.29.47

200 OK

263 B

URL GET HTTP/2
1xlite-660473.top/genfiles/cms/desktop/contact/86f18367ce2829388dcdabccb99b1740.svg
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
SVG Scalable Vector Graphics image
Size
263 B (263 bytes)
Hash
28e2c161800b61b985a163f5c492ae51
8845ea940210b4ccb195cca855a598e6aaa58ed0
77c93c24e4eb0f8815a7526d405818c9a38ba6e4317f1fee588fffbc00cb17de

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/desktop/contact/86f18367ce2829388dcdabccb99b1740.svg HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/en?tag=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder; platform_type=desktop; auid=sv0dL2Yq7Xxr7e+7AxAFAg==; SESSION=587ba088a1b8608459f8108426e49de1; window_width=1280
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:43 GMT
content-type: image/svg+xml
content-length: 263
last-modified: Fri, 23 Feb 2024 10:01:24 GMT
etag: "28e2c161800b61b985a163f5c492ae51"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
accept-ranges: bytes
X-Firefox-Spdy: h2

1xlite-660473.top/genfiles/cms/desktop/contact/dbc1950bbcc8e27b5dbec1f42635e8d0.svg

178.253.29.47

200 OK

296 B

URL GET HTTP/2
1xlite-660473.top/genfiles/cms/desktop/contact/dbc1950bbcc8e27b5dbec1f42635e8d0.svg
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
SVG Scalable Vector Graphics image
Size
296 B (296 bytes)
Hash
b1bf63d00887bb0354e9d89c7d790a01
2d64ab25c9afff682abd6732f62ba62a197e972b
a6a4fbbd99a0a82de03f05da827ccd9d019574bf3450727530403c2b5ce92df0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/desktop/contact/dbc1950bbcc8e27b5dbec1f42635e8d0.svg HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/en?tag=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder; platform_type=desktop; auid=sv0dL2Yq7Xxr7e+7AxAFAg==; SESSION=587ba088a1b8608459f8108426e49de1; window_width=1280
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:43 GMT
content-type: image/svg+xml
content-length: 296
last-modified: Fri, 23 Feb 2024 10:03:47 GMT
etag: "b1bf63d00887bb0354e9d89c7d790a01"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
accept-ranges: bytes
X-Firefox-Spdy: h2

1xlite-660473.top/genfiles/cms/desktop/contact/6726b16cfb4e516989153ce398d4a0e4.svg

178.253.29.47

200 OK

506 B

URL GET HTTP/2
1xlite-660473.top/genfiles/cms/desktop/contact/6726b16cfb4e516989153ce398d4a0e4.svg
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
SVG Scalable Vector Graphics image
Size
506 B (506 bytes)
Hash
9c340eae608db0c25657b4a73d769afe
988fbf333a2e9290211cd9e6b7c98c59719012b0
b92e969acd8a1e0f9cfd1f84080ca5ccb8cb49b105299434c275a8813faf841e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/desktop/contact/6726b16cfb4e516989153ce398d4a0e4.svg HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/en?tag=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder; platform_type=desktop; auid=sv0dL2Yq7Xxr7e+7AxAFAg==; SESSION=587ba088a1b8608459f8108426e49de1; window_width=1280
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:43 GMT
content-type: image/svg+xml
content-length: 506
last-modified: Fri, 23 Feb 2024 10:03:36 GMT
etag: "9c340eae608db0c25657b4a73d769afe"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
accept-ranges: bytes
X-Firefox-Spdy: h2

v3.traincdn.com/sys-icons/1.0.328/285/logos.svg

185.244.209.62

200 OK

19 kB

URL GET HTTP/2
v3.traincdn.com/sys-icons/1.0.328/285/logos.svg
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
19 kB (18950 bytes)
Hash
c3fd6300f4f1eb9dd631e08c90c1ce0c
0b982ec6589377bfa6bcd07b22dc8169efa7fd9f
4f855a10192e6d15311f4b69079cab201f00ffabdeb66e187e22fbb4d403dc78

HTTP Headers

GET /sys-icons/1.0.328/285/logos.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:43 GMT
content-type: image/svg+xml
last-modified: Mon, 15 Apr 2024 07:13:32 GMT
etag: W/"c45fb3adb3e47bdbd03c88fc4c4309aa"
x-amz-meta-mtime: 1713165210.217888091
content-encoding: gzip
expires: Tue, 23 Apr 2024 10:38:05 GMT
cache-control: max-age=86400
x-time-ng: 0.003
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-2db5fb1572870ea357bb168bf9174c39-b8d1b706193ce141-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-22T10:38:05+00:00, 2024-04-25T11:15:13+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-660473.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json

178.253.29.47

200 OK

23 B

URL POST HTTP/2
1xlite-660473.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
23 B (23 bytes)
Hash
0666c2e0e460e70cbe2047fde25d1d7d
8942b0454d9caaf0139b8579b483b0c42653b691
31ee6723eb98d27ce2f3953e159cf3c8413a2c69713052832a929d02f65be8fb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en?tag=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder
Content-Type: application/json
X-Lang: en
X-Uuid: 1cdba155-2a89-4500-9606-648141a6028a
Content-Length: 81
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder; platform_type=desktop; auid=sv0dL2Yq7Xxr7e+7AxAFAg==; SESSION=587ba088a1b8608459f8108426e49de1; window_width=1280; _glhf=1714107119
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:43 GMT
content-type: application/json
content-length: 23
x-time-ng: 0.001
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.030
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/DownloadAppWidget/modal.IplWorldInstallModal/modal.office.TwoFactorAuthEnableModal-fc97ad68.js

185.244.209.62

200 OK

5.6 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/DownloadAppWidget/modal.IplWorldInstallModal/modal.office.TwoFactorAuthEnableModal-fc97ad68.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (15997)
Size
5.6 kB (5562 bytes)
Hash
12c0a8a167063fa1743b27ac4e537460
a51e99cf826d86a23bf7e166f833b46b517ccdbb
a49ece220afcdcf483c4b1a36e0813329c879079080cd81008709687811d1125

HTTP Headers

GET /_nuxt/desktop/default/vendors/DownloadAppWidget/modal.IplWorldInstallModal/modal.office.TwoFactorAuthEnableModal-fc97ad68.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:43 GMT
content-type: application/javascript; charset=utf-8
content-length: 5562
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-15ba"
content-encoding: gzip
expires: Fri, 26 Apr 2024 12:54:38 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-33abbaca9530718660e982be1de8e5fd-9e51dcf4112387ff-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T12:54:38+00:00, 2024-04-25T13:06:01+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/0e3e1e8d.css

185.244.209.62

200 OK

1.2 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/0e3e1e8d.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (5638), with no line terminators
Size
1.2 kB (1193 bytes)
Hash
be85f100312ee4f9396b6e89cbcb0fef
3934783d38d182ddcaccfdedbbe4fb65c266864c
06a9b859f60f7872c7beaa8286d3c1f45708dd0e1dee20f4c0d55c8719cc2983

HTTP Headers

GET /_nuxt/desktop/default/css/0e3e1e8d.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:43 GMT
content-type: text/css
content-length: 1193
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-4a9"
content-encoding: gzip
expires: Fri, 26 Apr 2024 12:27:52 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-88f5f9427cacd4c425abfef98fb3a715-8225236468e29bb4-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T12:27:52+00:00, 2024-04-25T14:20:29+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder

178.253.29.47

200 OK

186 kB

URL User Request GET HTTP/2
1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (14339)
Size
186 kB (186020 bytes)
Hash
d66bbe444458b5591f8ad205ffebe1bd
744f2b671780f2effbc7c7d48eb1d7456b2bfd07
01ecb551db21990254a368ccd6d652dcfc2a38754ce5a7e51ca283807ef38c69

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:40 GMT
content-type: text/html; charset=utf-8
content-encoding: br
server-timing: total;dur=1323;desc="Nuxt Server Time", dt_total;dur=1756.594, wf-uht;dur=1.791
set-cookie: lng=en; Path=/
cookies_agree_type=3; Path=/
tzo=2; Path=/
is12h=0; Path=/
referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; Path=/; Expires=Mon, 24 Jun 2024 23:55:38 GMT
reflinkid=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder; Path=/; Expires=Fri, 26 Apr 2024 00:55:38 GMT
postback_watcher=; Path=/; Expires=Thu, 25 Apr 2024 23:55:42 GMT
platform_type=desktop; Path=/; Expires=Sun, 28 Apr 2024 23:55:40 GMT; Secure; SameSite=None; Partitioned
auid=sv0dL2Yq7Xxr7e+7AxAFAg==; path=/; secure; httponly; samesite=lax
traceparent: 00-4d88a654e38b5ba07db4f27315e3def7-1db0fefff3c21976-01
vary: Accept-Encoding
x-dt: 285
x-frame-options: SAMEORIGIN
x-time-ng: 1.756
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

v3.traincdn.com/sfiles/logo-champ/fb87599cd1236423aaeb35a23a706e18.webp

185.244.209.62

200 OK

2.0 kB

URL GET HTTP/2
v3.traincdn.com/sfiles/logo-champ/fb87599cd1236423aaeb35a23a706e18.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
2.0 kB (1982 bytes)
Hash
870d4e81d1d5e1b0bc23e9cbd4407760
34818a0fc0f536005e182e7cfcbc54cd08bface8
195fa94124acd96f6e3b973b5adb6245c2962c244a765b3e399afea7e60faab5

HTTP Headers

GET /sfiles/logo-champ/fb87599cd1236423aaeb35a23a706e18.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:43 GMT
content-type: image/webp
content-length: 1982
last-modified: Wed, 04 Jan 2023 08:10:48 GMT
etag: "870d4e81d1d5e1b0bc23e9cbd4407760"
cache-control: public, max-age=86400, public
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-233e5256938db8a37303081fe60d8189-5dca47a96ccc36d7-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-03-19T22:39:48+00:00, 2024-04-25T02:23:53+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/5754.webp

185.244.209.62

200 OK

816 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/5754.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
816 B (816 bytes)
Hash
bb626faf67460a45315e851801ee39da
fbf5c940fc640177530d0533e38df76302b813f8
5f4c1061778ea9c6196d744276f120de35eabccbe55af89a34ab415296fcf9b8

HTTP Headers

GET /resized/size16/sfiles/logo_teams/5754.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:43 GMT
content-type: image/webp
content-length: 816
cache-control: max-age=94608000
content-disposition: inline; filename="5754.webp"
content-security-policy: script-src 'none'
expires: Mon, 22 Feb 2027 03:14:13 GMT
x-request-id: a4747bd72e7df8d32a90953f8d76affe
strict-transport-security: max-age=15724800; includeSubDomains
x-time-ng: 0.042
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-56636d608fa3a66cb822926de329c891-1340f80f8b5f3420-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-02-23T03:14:13+00:00, 2024-03-02T17:06:35+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/fad2e54836f893fa5bb1fb6e6180720c.webp

185.244.209.62

200 OK

718 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/fad2e54836f893fa5bb1fb6e6180720c.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
718 B (718 bytes)
Hash
ea680d302f174363a8328d6c71136c19
4f69f942d4aa23adf85f763e994c8fb0d8f4de57
484769bd75ab4957f099350b44fb580b90277915e66b05b422f0b0a874cb74cc

HTTP Headers

GET /resized/size16/sfiles/logo_teams/fad2e54836f893fa5bb1fb6e6180720c.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:43 GMT
content-type: image/webp
content-length: 718
cache-control: max-age=94608000
content-disposition: inline; filename="fad2e54836f893fa5bb1fb6e6180720c.webp"
content-security-policy: script-src 'none'
expires: Fri, 19 Mar 2027 16:33:52 GMT
x-request-id: fc68504335478075ca13ff137115d1ac
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-1e3cfb7f12cbf0c791805f60f2eca049-73cb11ba52e62f0e-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-03-19T16:33:52+00:00, 2024-03-31T14:20:58+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-660473.top/sys-betting-app-front/en?tag=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder

178.253.29.47

200 OK

21 kB

URL GET HTTP/2
1xlite-660473.top/sys-betting-app-front/en?tag=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
21 kB (21027 bytes)
Hash
77f69536b89114fdd36897fd1e6f82c6
ffbcbd34f89149ca879ce4c8e7709ac5f0d27151
8eedceeea14420905d686845b7aac9e55b76224242049cc1d798a30238d89c26

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sys-betting-app-front/en?tag=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en?tag=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder
content-type: application/json
x-requested-with: XMLHttpRequest
mf-render-mode: json
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder; platform_type=desktop; auid=sv0dL2Yq7Xxr7e+7AxAFAg==; SESSION=587ba088a1b8608459f8108426e49de1; window_width=1280
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:43 GMT
content-type: application/json
content-encoding: br
server-timing: total;dur=493;desc="Total __BETTING_APP__", dt_total;dur=509.240, wf-uht;dur=0.528
set-cookie: tzo=3; Path=/
traceparent: 00-bae92f379463f02ef7decbd70d1b822c-c369ddc383db6dc4-01
vary: Accept-Encoding, Accept-Encoding
x-dt: 285
x-time-ng: 0.508, 0.510
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/14641.webp

185.244.209.62

200 OK

718 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/14641.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
718 B (718 bytes)
Hash
3e57084ac27a7ca95e336a06014b0b1c
50fc65441fe64dde5e83173fbc4f3477a3dddf83
705862f1e3e0c727d64e3a4020deb8e74c2fa9371a6bdbeecd6b524cfb2909cc

HTTP Headers

GET /resized/size16/sfiles/logo_teams/14641.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:43 GMT
content-type: image/webp
content-length: 718
cache-control: max-age=94608000
content-disposition: inline; filename="14641.webp"
content-security-policy: script-src 'none'
expires: Tue, 09 Mar 2027 09:51:05 GMT
x-request-id: ffa7e6e92e5a81da0974a7157606f098
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-a8446e61468ed314e6999e3d0005b194-3cf9f12137c91b09-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-03-09T09:51:05+00:00, 2024-03-09T22:06:09+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/5590.webp

185.244.209.62

200 OK

770 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/5590.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
770 B (770 bytes)
Hash
a01aee016aae96795d90462e5b60549c
900642a9f1fe5e517c4fae797ce25f38ff5395bd
3f88a7909654cd1a187ae69c8f6e8ea529997f1d3e9ab0fe0a5cd6d2e4f30ff5

HTTP Headers

GET /resized/size16/sfiles/logo_teams/5590.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:43 GMT
content-type: image/webp
content-length: 770
cache-control: max-age=94608000
content-disposition: inline; filename="5590.webp"
content-security-policy: script-src 'none'
expires: Tue, 06 Apr 2027 17:52:59 GMT
x-request-id: d1049c229304afa5e833acb00130644b
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-b06e42095acb88b8c4a8b5c089fa3fb8-68219bef21306835-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-06T17:52:59+00:00, 2024-04-07T06:43:31+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/3842.webp

185.244.209.62

200 OK

756 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/3842.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
756 B (756 bytes)
Hash
32ee6335d6aa4b053d734c63c57a0107
5d056c5376602082ba1ddcab49feffe8d391e952
6049827a74de40c8d99fa19da70e50635c62c8c5e41a2e57eabb0617cc1e8416

HTTP Headers

GET /resized/size16/sfiles/logo_teams/3842.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:43 GMT
content-type: image/webp
content-length: 756
cache-control: max-age=94608000
content-disposition: inline; filename="3842.webp"
content-security-policy: script-src 'none'
expires: Fri, 19 Mar 2027 15:26:45 GMT
x-request-id: 8b78e8c50486381f18397efba1cfb9a9
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-5707c820a466238b1b1bdc30f46877de-442c22024f0cc988-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-03-19T15:26:45+00:00, 2024-03-19T17:50:41+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/6876.webp

185.244.209.62

200 OK

696 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/6876.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
696 B (696 bytes)
Hash
5684d78523ea6e9ade48eaebdb912810
508fdabf312282535c1673b946ea2c23d312783c
6d52c56ca0649eea72c76bedfdc3f4eca41e693a4aaffdd99f1bb9de747d25e0

HTTP Headers

GET /resized/size16/sfiles/logo_teams/6876.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:43 GMT
content-type: image/webp
content-length: 696
cache-control: max-age=94608000
content-disposition: inline; filename="6876.webp"
content-security-policy: script-src 'none'
expires: Fri, 04 Dec 2026 09:37:25 GMT
x-request-id: c179aa6df0a30635afc681fe224b596b
strict-transport-security: max-age=15724800; includeSubDomains
x-time-ng: 0.000
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-98313fa914aa9becbb7f48eaf395ac87-c38a5a11372010bd-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-05T09:37:25+00:00, 2023-12-18T09:27:40+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/8d555a2cacdac3e3cc957971dba3114a.webp

185.244.209.62

200 OK

754 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/8d555a2cacdac3e3cc957971dba3114a.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
754 B (754 bytes)
Hash
016ba99c1fb65c78e5301b046ab87a6b
07bd5d79eea6dac883e823bb8e6e5f652cfae520
025703937b373e2bcac264c1a96597aa0495caeec504123c912a93056317c46b

HTTP Headers

GET /resized/size16/sfiles/logo_teams/8d555a2cacdac3e3cc957971dba3114a.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:43 GMT
content-type: image/webp
content-length: 754
cache-control: max-age=94608000
content-disposition: inline; filename="8d555a2cacdac3e3cc957971dba3114a.webp"
content-security-policy: script-src 'none'
expires: Tue, 06 Apr 2027 01:04:53 GMT
x-request-id: 9b4f11531a889294007866ae07bb074d
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-8f823b88871d5420878519a6483547ef-cd71540408b01cd8-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-06T01:04:53+00:00, 2024-04-10T00:16:19+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/6856.webp

185.244.209.62

200 OK

786 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/6856.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
786 B (786 bytes)
Hash
a6ce1875e3e6738a8448b17948554967
c6dc2ffb9cacd4743ba570c6db7d065b811d3a2c
2bda0c62d4862b47806b83c3e69b89634240ea80e6207d35becdae8765a740a1

HTTP Headers

GET /resized/size16/sfiles/logo_teams/6856.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:43 GMT
content-type: image/webp
content-length: 786
cache-control: max-age=94608000
content-disposition: inline; filename="6856.webp"
content-security-policy: script-src 'none'
expires: Wed, 24 Feb 2027 12:45:31 GMT
x-request-id: 8647d02f90571121715389b75ca171d1
strict-transport-security: max-age=15724800; includeSubDomains
x-time-ng: 0.000
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-f9b2c0d421b1774b48079a03dd4d6642-420c139b70d89a8d-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-02-25T12:45:31+00:00, 2024-02-29T22:05:51+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/6850.webp

185.244.209.62

200 OK

722 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/6850.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
722 B (722 bytes)
Hash
423e87d6457b04112b0699f71126959b
28a2bef21222c94f6375423573e86d9ce23e490c
02a1ab41987f4509efa56e3dd4650e74df063830c9ad02698f062a932d8c7f4a

HTTP Headers

GET /resized/size16/sfiles/logo_teams/6850.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:43 GMT
content-type: image/webp
content-length: 722
cache-control: max-age=94608000
content-disposition: inline; filename="6850.webp"
content-security-policy: script-src 'none'
expires: Fri, 16 Apr 2027 18:59:10 GMT
x-request-id: a293c545707b15017ef5321dc86fb237
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-0fddcd078af910c0e2915f7d475dc417-5725fa2ad33b4a53-01
x-id: osix-hw-edge-gc4
cache: MISS, HIT
x-cached-since: 2024-04-16T18:59:10+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sfiles/logo-champ/246a944858d7a07393dd4f6739f94bf9.webp

185.244.209.62

200 OK

7.1 kB

URL GET HTTP/2
v3.traincdn.com/sfiles/logo-champ/246a944858d7a07393dd4f6739f94bf9.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
7.1 kB (7066 bytes)
Hash
14b81bb2a70130c395b98ba4cb1f4a3a
378094090781a2d412f234bff2bb311adf0a22d0
11128b17e044b6dfe4d716c11854e95486c9e942a942064c82968f6a34c777bb

HTTP Headers

GET /sfiles/logo-champ/246a944858d7a07393dd4f6739f94bf9.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:43 GMT
content-type: image/webp
content-length: 7066
last-modified: Wed, 04 Jan 2023 07:42:08 GMT
etag: "14b81bb2a70130c395b98ba4cb1f4a3a"
cache-control: public, max-age=86400, public
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-a5eae002fc382b044deb83dfd25253aa-2c8b4a52733511ed-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T00:05:10+00:00, 2024-04-25T20:22:04+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/8492.webp

185.244.209.62

200 OK

780 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/8492.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
780 B (780 bytes)
Hash
3dd44cf69df412685847cf56636b62df
101b3a5e2faf781150b3fec57f0d0292f244f079
6ae5ae16dd41a9f2715dd42ef0d073e77ad272958c3af03d8a9996a7cf5fe292

HTTP Headers

GET /resized/size16/sfiles/logo_teams/8492.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:43 GMT
content-type: image/webp
content-length: 780
cache-control: max-age=94608000
content-disposition: inline; filename="8492.webp"
content-security-policy: script-src 'none'
expires: Thu, 04 Mar 2027 13:59:34 GMT
x-request-id: aebcabbfbe9ed8212e10ee0d6880d363
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-32fef98be654bcd50a6ae6a94ae39bca-df2340191a29f819-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-03-04T13:59:34+00:00, 2024-03-05T09:49:32+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/8470.webp

185.244.209.62

200 OK

764 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/8470.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
764 B (764 bytes)
Hash
98f64072aeb1bcc5fb26df0739a544ee
4be5f3e3d5854c485891a0c58c2cff1b74e9f0d4
eaa93e8db54dc341acf14c4e20c4698d263924b0a6181760a501dfc80b094e7c

HTTP Headers

GET /resized/size16/sfiles/logo_teams/8470.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:43 GMT
content-type: image/webp
content-length: 764
cache-control: max-age=94608000
content-disposition: inline; filename="8470.webp"
content-security-policy: script-src 'none'
expires: Mon, 18 Jan 2027 00:30:02 GMT
x-request-id: bd0916415ed84b0b801478937b875ea8
strict-transport-security: max-age=15724800; includeSubDomains
x-time-ng: 0.000
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-5f32fa2c719e6fb8e35bdf507a1927e4-573bfa76c616531d-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-01-19T00:30:02+00:00, 2024-01-31T15:53:56+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/8496.webp

185.244.209.62

200 OK

784 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/8496.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
784 B (784 bytes)
Hash
c9d33666d25dff319c27373084867a83
af0b72d3aeb8d4ff078bae69d198658b6a6740bb
b2d13aacda397122d423f5bb0cc90b1eb7ddb254a94df895324c99717ce72d1c

HTTP Headers

GET /resized/size16/sfiles/logo_teams/8496.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:43 GMT
content-type: image/webp
content-length: 784
cache-control: max-age=94608000
content-disposition: inline; filename="8496.webp"
content-security-policy: script-src 'none'
expires: Thu, 18 Mar 2027 22:09:42 GMT
x-request-id: 9b380898a6c9eb9f2aecbe92e10025b0
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-07840f13d4923e5ea2c8dcc4a2184755-ece658dbf4ceaf9c-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-03-18T22:09:42+00:00, 2024-03-19T17:00:51+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/8494.webp

185.244.209.62

200 OK

680 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/8494.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
680 B (680 bytes)
Hash
8686002d44d2007edd700837fa5bc659
cf20851e144bb3cc669a1e7081fdb7b348884c79
3ba32b44295dd22b2a33e4683e79b8e86ac1c5d85c6532a38d74c32ccb60938b

HTTP Headers

GET /resized/size16/sfiles/logo_teams/8494.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:43 GMT
content-type: image/webp
content-length: 680
cache-control: max-age=94608000
content-disposition: inline; filename="8494.webp"
content-security-policy: script-src 'none'
expires: Thu, 11 Mar 2027 14:15:17 GMT
x-request-id: 673dc6dd9df4cf7a63a41c28d39af83d
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-5deac2fbbe4eb4d18cef919facc8e2c1-05681258267ae51e-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-03-11T14:15:17+00:00, 2024-03-12T09:11:15+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-660473.top/service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true

178.253.29.47

200 OK

9.9 kB

URL GET HTTP/2
1xlite-660473.top/service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
9.9 kB (9942 bytes)
Hash
333979e7e2825a71892bfe67c9d52b9e
f94b21f4a14469c8bfca08f1ce99069e934d5bae
fd122846741d81ef08899851235115e5586990f6f73fa871d900fff78c279d5d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en?tag=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder; platform_type=desktop; auid=sv0dL2Yq7Xxr7e+7AxAFAg==; SESSION=587ba088a1b8608459f8108426e49de1; window_width=1280; _glhf=1714107119; che_g=237c3e42-bb07-1392-9107-2863f3373895; application_locale=en
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:44 GMT
content-type: application/json; charset=utf-8
content-length: 9942
cache-control: public, max-age=5
content-encoding: br
last-modified: Thu, 25 Apr 2024 23:55:44 GMT
vary: Accept-Encoding
x-time-ng: 0.017
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.031
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/ff09be90.css

185.244.209.62

200 OK

705 B

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/ff09be90.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (4705), with no line terminators
Size
705 B (705 bytes)
Hash
2b6cccff5325f6e14ccd6ec354319cd6
f4ec05fc468d3daddec1a3d825c29a55ce4b2050
a153e31a0350b58aad71597632348e14c954738845b58f05ca04b8212dbaca38

HTTP Headers

GET /_nuxt/desktop/default/css/ff09be90.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:44 GMT
content-type: text/css
content-length: 705
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-2c1"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:36:33 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-5334cbac505028a19962bc10d5adf9ba-0bfc8b51a96deb99-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:36:33+00:00, 2024-04-25T19:32:09+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/betting.SportsMenuCompact-942b40c1.js

185.244.209.62

200 OK

2.3 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/betting.SportsMenuCompact-942b40c1.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (7751), with no line terminators
Size
2.3 kB (2297 bytes)
Hash
232ecfa8f26b49fb3480baefeb590279
833cd5b10a0705d28a970a8bc3a3ab5c66553a84
fca603603d836bc26b0b016e308ef7a897c3109b0a2b25b9c7c87ae0c7e160a1

HTTP Headers

GET /_nuxt/desktop/default/betting.SportsMenuCompact-942b40c1.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:44 GMT
content-type: application/javascript; charset=utf-8
content-length: 2297
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-8f9"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:28:40 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-2976a58718aa5973895f155b7a8edeaa-91872c009d32c48e-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:40+00:00, 2024-04-25T14:54:45+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-660473.top/service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true

178.253.29.47

200 OK

2.7 kB

URL GET HTTP/2
1xlite-660473.top/service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
2.7 kB (2670 bytes)
Hash
333b7518b1caa1b100e8a90017ca613a
de1aa300b4dfa9311bdabbe4f2da5969d4ee9a98
ccfa97efaae476575a9eecc6ecd575059f158675602ad5af306da7e7e59f7d48

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en?tag=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder; platform_type=desktop; auid=sv0dL2Yq7Xxr7e+7AxAFAg==; SESSION=587ba088a1b8608459f8108426e49de1; window_width=1280; _glhf=1714107119; che_g=237c3e42-bb07-1392-9107-2863f3373895; application_locale=en
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:44 GMT
content-type: application/json; charset=utf-8
content-length: 2670
cache-control: public, max-age=5
content-encoding: br
last-modified: Thu, 25 Apr 2024 23:55:44 GMT
vary: Accept-Encoding
x-time-ng: 0.007
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.021
X-Firefox-Spdy: h2

v3.traincdn.com/sfiles/games-images/game-previews/190x102/games-no-faceless.webp

185.244.209.62

200 OK

6.9 kB

URL GET HTTP/2
v3.traincdn.com/sfiles/games-images/game-previews/190x102/games-no-faceless.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 380x204, Scaling: [none]x[none], YUV color, decoders should clamp
Size
6.9 kB (6884 bytes)
Hash
b7304b532dca88cc708b1c81edf7e051
d9ca9db864badb40bcab6d846ba7110413a339d3
324b9021e7fa1a227b418f5b0707e174d86aa20decea945eab3cea41aac8d2ca

HTTP Headers

GET /sfiles/games-images/game-previews/190x102/games-no-faceless.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:44 GMT
content-type: application/octet-stream
content-length: 6884
last-modified: Thu, 31 Aug 2023 08:11:01 GMT
etag: "b7304b532dca88cc708b1c81edf7e051"
x-amz-meta-origin-date-iso8601: 2023-08-31T08:04:10.000Z
expires: Tue, 14 Nov 2023 18:21:42 GMT
cache-control: max-age=86400, public
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-e0da9686f3b879b4b09851c51818acea-340c4e37c13ad24e-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-17T18:59:15+00:00, 2024-04-25T20:28:43+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sfiles/games-images/game-previews/190x102/game-58.webp

185.244.209.62

200 OK

8.9 kB

URL GET HTTP/2
v3.traincdn.com/sfiles/games-images/game-previews/190x102/game-58.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 380x204, Scaling: [none]x[none], YUV color, decoders should clamp
Size
8.9 kB (8880 bytes)
Hash
7a49dad906575c61dd636edbe1201479
d4bf0fbfadca8c6d3a7ec8f3d34d08fced98a21d
0e0cd085244f6272acfa6794d90e32685fa203973e85c62fa96f02cddf7172c6

HTTP Headers

GET /sfiles/games-images/game-previews/190x102/game-58.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:44 GMT
content-type: application/octet-stream
content-length: 8880
last-modified: Thu, 31 Aug 2023 08:11:00 GMT
etag: "7a49dad906575c61dd636edbe1201479"
x-amz-meta-origin-date-iso8601: 2023-08-31T08:03:42.000Z
expires: Tue, 14 Nov 2023 18:21:44 GMT
cache-control: max-age=86400, public
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-281f1d2dc0f6df52451d10b48301f50b-b73bc3e8fa4d1a04-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-17T19:17:28+00:00, 2024-04-25T20:28:43+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sfiles/games-images/game-previews/190x102/game-371.webp

185.244.209.62

200 OK

6.2 kB

URL GET HTTP/2
v3.traincdn.com/sfiles/games-images/game-previews/190x102/game-371.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 380x204, Scaling: [none]x[none], YUV color, decoders should clamp
Size
6.2 kB (6158 bytes)
Hash
64ff358fd3a82358542d29d53649dd85
0a15b0731a9468fe49e3b512febe91d951ef6156
a9ae35f930c0bf59e407a0c082347049ae11738d330df4e32f4b2b1129d1470c

HTTP Headers

GET /sfiles/games-images/game-previews/190x102/game-371.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:44 GMT
content-type: application/octet-stream
content-length: 6158
last-modified: Thu, 31 Aug 2023 08:10:58 GMT
etag: "64ff358fd3a82358542d29d53649dd85"
x-amz-meta-origin-date-iso8601: 2023-08-31T08:04:04.000Z
expires: Tue, 14 Nov 2023 18:22:10 GMT
cache-control: max-age=86400, public
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-6de0bafb2e450adc03a349ce2dbff8e0-ac3d238f3e612a08-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-17T19:17:28+00:00, 2024-04-25T20:28:43+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sfiles/games-images/game-previews/190x102/game-249.webp

185.244.209.62

200 OK

20 kB

URL GET HTTP/2
v3.traincdn.com/sfiles/games-images/game-previews/190x102/game-249.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 380x204, Scaling: [none]x[none], YUV color, decoders should clamp
Size
20 kB (19770 bytes)
Hash
2c02d34e261b48da9db2682ad433c5e8
e6b9618ac0040910f755a6f24dcb2f5500bb9aca
d8db064ea1623849ccee86b27bdb7825aa0dc452293576de352f9269af60ecfe

HTTP Headers

GET /sfiles/games-images/game-previews/190x102/game-249.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:44 GMT
content-type: application/octet-stream
content-length: 19770
last-modified: Thu, 31 Aug 2023 08:10:56 GMT
etag: "2c02d34e261b48da9db2682ad433c5e8"
x-amz-meta-origin-date-iso8601: 2023-08-31T08:04:00.000Z
expires: Tue, 14 Nov 2023 18:22:10 GMT
cache-control: max-age=86400, public
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-29fac6253d1611e1fda658800a82a2ba-a47846a2792aa21a-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-17T19:17:28+00:00, 2024-04-25T20:28:43+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sfiles/games-images/game-previews/190x102/game-69.webp

185.244.209.62

200 OK

4.3 kB

URL GET HTTP/2
v3.traincdn.com/sfiles/games-images/game-previews/190x102/game-69.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 380x204, Scaling: [none]x[none], YUV color, decoders should clamp
Size
4.3 kB (4256 bytes)
Hash
8c2b80027d3818f6bc91227418589ee6
c6d3c4595860bd3d685e4ddea5d4610a6f642a9b
cec387d33e94b8222d71031dbda50143a7ea2e1470d2c96c9e147aa4c4a43960

HTTP Headers

GET /sfiles/games-images/game-previews/190x102/game-69.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:44 GMT
content-type: application/octet-stream
content-length: 4256
last-modified: Thu, 31 Aug 2023 08:11:01 GMT
etag: "8c2b80027d3818f6bc91227418589ee6"
x-amz-meta-origin-date-iso8601: 2023-08-31T08:03:42.000Z
expires: Tue, 14 Nov 2023 18:22:10 GMT
cache-control: max-age=86400, public
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-df76b61612a062ba454640a81904c80c-5140e0df4f2d2a25-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-17T19:23:21+00:00, 2024-04-25T05:32:51+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-660473.top/service-api/LineFeed/GetSportsShortZip?lng=en&country=137&virtualSports=true&gr=285&groupChamps=true

178.253.29.47

200 OK

2.0 kB

URL GET HTTP/2
1xlite-660473.top/service-api/LineFeed/GetSportsShortZip?lng=en&country=137&virtualSports=true&gr=285&groupChamps=true
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
2.0 kB (2021 bytes)
Hash
945777af058bf9d43e194bb93cbd01ed
bc8a34cea40dc06877db40e401e7486c410a344a
794cc9ee16128a52ccc9355d9ed6447f0ee123b4dcb3886c25b97332a47d38fb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LineFeed/GetSportsShortZip?lng=en&country=137&virtualSports=true&gr=285&groupChamps=true HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en?tag=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder; platform_type=desktop; auid=sv0dL2Yq7Xxr7e+7AxAFAg==; SESSION=587ba088a1b8608459f8108426e49de1; window_width=1280; _glhf=1714107119; che_g=237c3e42-bb07-1392-9107-2863f3373895; application_locale=en
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:44 GMT
content-type: application/json; charset=utf-8
content-length: 2021
cache-control: public, max-age=5
content-encoding: br
last-modified: Thu, 25 Apr 2024 23:55:44 GMT
vary: Accept-Encoding
x-time-ng: 0.066
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.074
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/betstemplates/bets_model_full_en_0.json

185.244.209.62

200 OK

4.7 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/betstemplates/bets_model_full_en_0.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
4.7 kB (4675 bytes)
Hash
5c02302349824946e02c1d97f7c90b9a
dcf5f1300ccf5e6223be865bfc2b3bc39d68f278
9894068f7da645e43d807b8f424e5f5707c570d2b8acd2b4c7c3304eb64b98e5

HTTP Headers

GET /genfiles/cms/betstemplates/bets_model_full_en_0.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:45 GMT
content-type: application/json
last-modified: Thu, 25 Apr 2024 14:05:02 GMT
etag: W/"65c4f8441dea9f78c50a9fc7029f9193"
content-encoding: gzip
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-295d638a3652966c4a2d2d05c9653091-4dff5502880b3e37-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T15:36:27+00:00, 2024-04-25T23:02:29+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/pages/_app-a10a22844227e6a6.js

104.18.39.72

200 OK

288 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/chunks/pages/_app-a10a22844227e6a6.js
IP
104.18.39.72:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
gzip compressed data, from Unix
Size
288 kB (288407 bytes)
Hash
cd308c42112892dff5f6ac352ad2e777
d80927e549483b31baebd39b2855b3b4655ddd8c
9280ab89439f7f2db6a54827d86a6188ef59d71226b04d8619749dcc2cabafd4

HTTP Headers

GET /_next/static/chunks/pages/_app-a10a22844227e6a6.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 25 Apr 2024 23:55:45 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Wed, 24 Apr 2024 22:20:24 GMT
etag: W/"f8027-18f12321a97"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 63484
expires: Fri, 25 Apr 2025 23:55:45 GMT
server: cloudflare
cf-ray: 87a244070df056ae-OSL
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/webpack-fb94d2f19425a3e3.js

104.18.39.72

200 OK

32 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/chunks/webpack-fb94d2f19425a3e3.js
IP
104.18.39.72:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
gzip compressed data, from Unix
Size
32 kB (31772 bytes)
Hash
dba944e5cd7abb288ff3b7ce59811837
6d83188682b80fffa23269758b324b19002428e0
cb7924e2ac4a1723af9a7860eef718b64438a2240d4fb01e802ce5173baaeb6e

HTTP Headers

GET /_next/static/chunks/webpack-fb94d2f19425a3e3.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 25 Apr 2024 23:55:45 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://file-hosting-api-stage.kube.prod.cons.lan https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 09 Nov 2023 06:03:45 GMT
etag: W/"ed0-18bb2adf0eb"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 13463934
expires: Fri, 25 Apr 2025 23:55:45 GMT
server: cloudflare
cf-ray: 87a24406fdeb56ae-OSL
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/banner/d94c9b1508a286d270c77946ff0972fa.webp

185.244.209.62

200 OK

15 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1/desktop/banner/d94c9b1508a286d270c77946ff0972fa.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1380x248, Scaling: [none]x[none], YUV color, decoders should clamp
Size
15 kB (14610 bytes)
Hash
2ccdf625b855ce93bc9b56a671accd6e
bc8f3a791f6251b714bafad614d15c477ba428e4
c5012a832581da604a5c57e8f822008f749fe484c6d24127ca91232af71169cd

HTTP Headers

GET /genfiles/cms/1/desktop/banner/d94c9b1508a286d270c77946ff0972fa.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:47 GMT
content-type: image/webp
content-length: 14610
last-modified: Thu, 08 Jun 2023 09:20:03 GMT
etag: "2ccdf625b855ce93bc9b56a671accd6e"
x-time-ng: 0.002
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2024-02-27T14:22:50+00:00
traceparent: 00-4d532c6b23803f1eb60be076a2a5b8c8-87be0f2da2fca1df-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/banner/bf26d696b76130d9781b16f89f1de4cc.webp

185.244.209.62

200 OK

20 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1/desktop/banner/bf26d696b76130d9781b16f89f1de4cc.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1380x248, Scaling: [none]x[none], YUV color, decoders should clamp
Size
20 kB (20522 bytes)
Hash
95767496ab1dce71f394c97620666756
127389c7327fec508549222dd477edbd524e33dd
fca493b566204dfff5ef8b8cd6c74c40659c812ac6665696dd5c66c664a31c7e

HTTP Headers

GET /genfiles/cms/1/desktop/banner/bf26d696b76130d9781b16f89f1de4cc.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:47 GMT
content-type: image/webp
content-length: 20522
last-modified: Thu, 08 Jun 2023 18:05:27 GMT
etag: "95767496ab1dce71f394c97620666756"
x-time-ng: 0.006
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2024-02-27T14:22:50+00:00
traceparent: 00-323cd7ac5251ffe315e8b6cfd2a70056-f4afb89b9d66af7e-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/banner/8c83a62ae8afe0aa371618f02b8e4a01.webp

185.244.209.62

200 OK

28 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1/desktop/banner/8c83a62ae8afe0aa371618f02b8e4a01.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1380x248, Scaling: [none]x[none], YUV color, decoders should clamp
Size
28 kB (27922 bytes)
Hash
77673f5b9062ff0a3565cba49941a954
f1c6d769ad6f256677c8558f06c4ee98d8e403d3
e78791dcbada0412db798159d9e781f2a50c12f04be4d0a4ecf96a617ec8b33b

HTTP Headers

GET /genfiles/cms/1/desktop/banner/8c83a62ae8afe0aa371618f02b8e4a01.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:47 GMT
content-type: image/webp
content-length: 27922
last-modified: Thu, 05 Oct 2023 10:29:56 GMT
etag: "77673f5b9062ff0a3565cba49941a954"
x-time-ng: 0.002
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2024-02-27T14:22:50+00:00
traceparent: 00-a5d91b6ec6f44d19318b0ddf92e52103-a98e3bca1dd5c6b4-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/entry-372f5fe6.js

185.244.209.62

200 OK

719 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/entry-372f5fe6.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
719 kB (718650 bytes)
Hash
41950c0a8ea0b59b670e32ddef687b93
4f3fcf259056cd11d7302ce42357bfbf0ed533e5
134d10319f02026dcff34bc039829aace92aace82f6b3304fb145ff66e5e7641

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/entry-372f5fe6.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:46 GMT
content-type: text/javascript; charset=utf-8
last-modified: Tue, 23 Apr 2024 12:34:23 GMT
etag: W/"e0292fb628a2f149f222bae2c2246200"
x-amz-meta-mtime: 1713875281.745615589
content-encoding: gzip
expires: Wed, 24 Apr 2024 12:55:06 GMT
cache-control: max-age=86400
x-time-ng: 0.010
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-87167117af1eb026bf9c4f462177b2a4-cf203a35075e2713-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-23T12:55:06+00:00, 2024-04-25T13:42:39+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/banner/0cd280af89b0819825587a2cf75e33d0.webp

185.244.209.62

200 OK

21 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1/desktop/banner/0cd280af89b0819825587a2cf75e33d0.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1380x248, Scaling: [none]x[none], YUV color, decoders should clamp
Size
21 kB (21412 bytes)
Hash
1e9191583a9bca6627e85945c6c5d3f1
f2d4d5e76e448d1dd986c9616a660ae6c7806dde
733d49aa25dab77ba7fe51a0a831f51e988d3201c5cfc6fbc808c3b2c59b48c1

HTTP Headers

GET /genfiles/cms/1/desktop/banner/0cd280af89b0819825587a2cf75e33d0.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:47 GMT
content-type: image/webp
content-length: 21412
last-modified: Fri, 12 Apr 2024 09:23:52 GMT
etag: "1e9191583a9bca6627e85945c6c5d3f1"
x-time-ng: 0.002
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2024-04-12T09:33:12+00:00
traceparent: 00-551f97d26604a70d34236cf7db672ebf-0059dfb3c9d79aad-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size14/sfiles/logo_teams/1714cc610522ad7c9eb91db91120f28c.webp

185.244.209.62

200 OK

682 B

URL GET HTTP/2
v3.traincdn.com/resized/size14/sfiles/logo_teams/1714cc610522ad7c9eb91db91120f28c.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
682 B (682 bytes)
Hash
36d619e63eec0784959cfe787c1edb9c
8fc48feffede36316fa3ac0d157f23c4dc9b3f9e
18baa938de666468c436403b85e4d4577148644bef342b87ee6ae5f867306250

HTTP Headers

GET /resized/size14/sfiles/logo_teams/1714cc610522ad7c9eb91db91120f28c.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:47 GMT
content-type: image/webp
content-length: 682
cache-control: max-age=94608000
content-disposition: inline; filename="1714cc610522ad7c9eb91db91120f28c.webp"
content-security-policy: script-src 'none'
expires: Mon, 05 Apr 2027 23:15:40 GMT
x-request-id: bc3f8c4336504c29f69eab367e968974
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-1093e139b2b9029c2fec6fe15fa2995a-987461f43b43874c-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-05T23:15:40+00:00, 2024-04-23T13:06:21+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size14/sfiles/logo_teams/2608.webp

185.244.209.62

200 OK

722 B

URL GET HTTP/2
v3.traincdn.com/resized/size14/sfiles/logo_teams/2608.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
722 B (722 bytes)
Hash
db9cb80ea9a3121d58c3a2197daf7443
f7d7692dde5ea2c9c8ffc42dda588bafa7dcda39
e997f8e86e69885bf786b58b0bbd9f88b54d89ee393d0c3631fc9650fe6b1148

HTTP Headers

GET /resized/size14/sfiles/logo_teams/2608.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:47 GMT
content-type: image/webp
content-length: 722
cache-control: max-age=94608000
content-disposition: inline; filename="2608.webp"
content-security-policy: script-src 'none'
expires: Mon, 19 Apr 2027 03:36:55 GMT
x-request-id: cd27f27bd64a1ebca120d0885a65807f
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-a477ce25c665b5e5987ff525e1a927a9-388e9c11506024d8-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-19T03:36:55+00:00, 2024-04-20T18:36:25+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-660473.top/web-api/registration/fields

178.253.29.47

200 OK

7.4 kB

URL POST HTTP/2
1xlite-660473.top/web-api/registration/fields
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
7.4 kB (7413 bytes)
Hash
3b5fc74c6bee5ffbc649f663e5f6c1a3
0f00adb4eb180726ecd2abcc2317a29beceb13bd
fe1005c8a0940ff6384b2b89aa744d692b9aed79f1d72cecfa11d1bb11fa7294

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /web-api/registration/fields HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en?tag=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder
content-type: application/json
x-requested-with: XMLHttpRequest
Content-Length: 19
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder; platform_type=desktop; auid=sv0dL2Yq7Xxr7e+7AxAFAg==; SESSION=587ba088a1b8608459f8108426e49de1; window_width=1280; _glhf=1714107119; che_g=237c3e42-bb07-1392-9107-2863f3373895; application_locale=en; sh.session.id=36771331-bf5d-48a8-8829-8a3074d48db3; ggru=167
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:47 GMT
content-type: application/json
cache-control: no-cache, private
content-encoding: br
server-timing: p;dur=84, dt_total;dur=89.895, wf-uht;dur=0.102
traceparent: 00-efd6a3dd122bcde1d3baafb9256a0bba-b6ab692aae5fad5e-01
vary: Accept-Encoding
x-dt: 285
x-time-ng: 0.087
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/754697.webp

185.244.209.62

200 OK

732 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/754697.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
732 B (732 bytes)
Hash
03f0fe30582acfe52c878bbca64e325f
a09a52d91ff9b0f661711328e879b606fafb342e
ba0ca684624a1b8a5be4e47d829a286b76867ba31ad05e2687fbecb9f38f93f8

HTTP Headers

GET /resized/size16/sfiles/logo_teams/754697.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:48 GMT
content-type: image/webp
content-length: 732
cache-control: max-age=94608000
content-disposition: inline; filename="754697.webp"
content-security-policy: script-src 'none'
expires: Fri, 16 Apr 2027 08:04:13 GMT
x-request-id: c68113ab600c371970867e97abe9724c
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-cff3563036f94b701dea495e9525d297-8ca6626e127eccb4-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-16T08:04:13+00:00, 2024-04-18T23:40:22+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/8550.webp

185.244.209.62

200 OK

812 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/8550.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
812 B (812 bytes)
Hash
af8778836d33a3c821fe6dee2e246a7f
f4d1c72bee238f35c6bdc8c368a0a2d22acc8934
e29a107b9504bd57328ef926c90607d363232ad526b0cc6fee3728c0cf0da809

HTTP Headers

GET /resized/size16/sfiles/logo_teams/8550.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:48 GMT
content-type: image/webp
content-length: 812
cache-control: max-age=94608000
content-disposition: inline; filename="8550.webp"
content-security-policy: script-src 'none'
expires: Fri, 23 Apr 2027 17:09:25 GMT
x-request-id: fa9f931ee6fc8aa2ff7fa66f6c2f8453
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-07e2d3064b874894dcfa01e3f1f09e69-393bbe8f6a874075-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-23T17:09:25+00:00, 2024-04-25T05:14:13+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/33977.webp

185.244.209.62

200 OK

796 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/33977.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
796 B (796 bytes)
Hash
11f3e38d404bd10410d12e147593bb8d
da1682ee85dae549dc5a5a1b14e1c65fb9bb1173
a01617ee09fbb951732884c003ef665f00ce282ccf1bd89de64fae3f285258c0

HTTP Headers

GET /resized/size16/sfiles/logo_teams/33977.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:48 GMT
content-type: image/webp
content-length: 796
cache-control: max-age=94608000
content-disposition: inline; filename="33977.webp"
content-security-policy: script-src 'none'
expires: Fri, 23 Apr 2027 17:09:25 GMT
x-request-id: a6190cbe1d7f8b0f7cc1cd35f7585890
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-afbb608d17855d950ab145363dfe3f33-90b7e96a90f71d27-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-23T17:09:25+00:00, 2024-04-25T05:14:13+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/73d66fd62491e88a75a3bbd195ef0fbc.webp

185.244.209.62

200 OK

506 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/73d66fd62491e88a75a3bbd195ef0fbc.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
506 B (506 bytes)
Hash
549038eea28128ac02ac213409973e84
a9c46aa67dace21602c38f3948bf10af90d3f41b
c0646a671a99f612a7e975d78a23ffa783c421ec1f411d2850f83f7d2fe35082

HTTP Headers

GET /resized/size16/sfiles/logo_teams/73d66fd62491e88a75a3bbd195ef0fbc.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:48 GMT
content-type: image/webp
content-length: 506
cache-control: max-age=94608000
content-disposition: inline; filename="73d66fd62491e88a75a3bbd195ef0fbc.webp"
content-security-policy: script-src 'none'
expires: Sun, 25 Apr 2027 12:34:35 GMT
x-request-id: fab07df1dc2c378c4df9903cf0c4aa3d
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-6b3dd74511f55d796c103bc82ac5356d-2e97a8642cef453a-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T12:34:35+00:00, 2024-04-25T23:32:12+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/9ce7383ea65e873a4aa67c1d64c7b524.webp

185.244.209.62

200 OK

768 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/9ce7383ea65e873a4aa67c1d64c7b524.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
768 B (768 bytes)
Hash
feebf2988ff92e142f408eeea6dd1cee
594581192c8299325f11c419e559837e28cccf84
ba65c58ce48c1a38bb00a55e438b86ca5248d09952db07fc162a122246e75c81

HTTP Headers

GET /resized/size16/sfiles/logo_teams/9ce7383ea65e873a4aa67c1d64c7b524.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:48 GMT
content-type: image/webp
content-length: 768
cache-control: max-age=94608000
content-disposition: inline; filename="9ce7383ea65e873a4aa67c1d64c7b524.webp"
content-security-policy: script-src 'none'
expires: Wed, 21 Apr 2027 01:25:44 GMT
x-request-id: 23513e7533a55586c647e22d403217ea
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-dba3fbfd5adb2c1233109c8dd9b35bf2-b49988c21b8566c9-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-21T01:25:44+00:00, 2024-04-25T23:32:12+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/009e3b23e9b62bde4aa259622c7444e3.webp

185.244.209.62

200 OK

840 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/009e3b23e9b62bde4aa259622c7444e3.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
840 B (840 bytes)
Hash
55ef7cbcced5affbd363d971d45cdc53
24bd8b23714155cd8f73792b1a64c668fab0bf98
dae46d8786431678d1a1e5b23f9f2f7ea0f68d770a640e010b1394ef3f56e9eb

HTTP Headers

GET /resized/size16/sfiles/logo_teams/009e3b23e9b62bde4aa259622c7444e3.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:48 GMT
content-type: image/webp
content-length: 840
cache-control: max-age=94608000
content-disposition: inline; filename="009e3b23e9b62bde4aa259622c7444e3.webp"
content-security-policy: script-src 'none'
expires: Sat, 17 Apr 2027 16:18:07 GMT
x-request-id: 34f59f84c7ab6883d4081182251fbf95
x-time-ng: 0.038
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-b804f256c4b29413de62d97d6c3bf696-47c1b528232c51f6-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-17T16:18:07+00:00, 2024-04-25T18:48:21+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/2830.webp

185.244.209.62

200 OK

760 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/2830.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
760 B (760 bytes)
Hash
670fe56cb92d1777d560019dffa0108f
529d0b0d4599803f21de695380de868bf2f5c059
e37fef63682d67f2e00f762a07730a6c3e962b7f41b9c358125010ca9e80905d

HTTP Headers

GET /resized/size16/sfiles/logo_teams/2830.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:48 GMT
content-type: image/webp
content-length: 760
cache-control: max-age=94608000
content-disposition: inline; filename="2830.webp"
content-security-policy: script-src 'none'
expires: Fri, 16 Apr 2027 19:29:33 GMT
x-request-id: 99c6f3c960f0dbb3486b9a62fa9339e1
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-4c597f340d784c7d22fc0c89d9262847-ce8e84020ae1e10c-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-16T19:29:33+00:00, 2024-04-25T18:48:21+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/3862.webp

185.244.209.62

200 OK

796 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/3862.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
796 B (796 bytes)
Hash
95aa75bf7a1a5737fd6c2c5df144ee75
3638c4d7e56d2649d174c9aec29c55297caa302a
135a0deeeae779298ddb7df5fcc1688d23d207bb5bd0775e8dd401d5334b43be

HTTP Headers

GET /resized/size16/sfiles/logo_teams/3862.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:48 GMT
content-type: image/webp
content-length: 796
cache-control: max-age=94608000
content-disposition: inline; filename="3862.webp"
content-security-policy: script-src 'none'
expires: Mon, 19 Apr 2027 00:03:27 GMT
x-request-id: 9fd4fd73a1c9de66c27c112531f72aac
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-bb2d5eaec18f005817dba92a2bcea443-2ba662d43c5c2c6b-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-19T00:03:27+00:00, 2024-04-25T18:48:20+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/3feec248b0e9c9bd524f2342977e5993.webp

185.244.209.62

200 OK

786 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/3feec248b0e9c9bd524f2342977e5993.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
786 B (786 bytes)
Hash
7b00bc13d38705f6abe22720396e5e4d
44791dd20ebb4dcf3ac8a6584fb15bf3f89c51a6
b423ab6fb9ad6da6426945b19c4b1a9ff46835feed3a23d2b231d14d009675cd

HTTP Headers

GET /resized/size16/sfiles/logo_teams/3feec248b0e9c9bd524f2342977e5993.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:48 GMT
content-type: image/webp
content-length: 786
cache-control: max-age=94608000
content-disposition: inline; filename="3feec248b0e9c9bd524f2342977e5993.webp"
content-security-policy: script-src 'none'
expires: Wed, 07 Apr 2027 10:51:13 GMT
x-request-id: 9a1f9d22e6582cce5d3a07bdbc395de0
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-df71c6249844f079277b258798818836-a0c1668c5bc07eee-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-07T10:51:13+00:00, 2024-04-25T18:48:20+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/415199.webp

185.244.209.62

200 OK

738 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/415199.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
738 B (738 bytes)
Hash
fc517e3068950383a7372b743db99e82
aff8c6e613afbb43832998827d89e3441c25861b
90aa7e95ef212186d65e007a0b1391088a327507b9aa193a3db55c7bb1fa3280

HTTP Headers

GET /resized/size16/sfiles/logo_teams/415199.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:48 GMT
content-type: image/webp
content-length: 738
cache-control: max-age=94608000
content-disposition: inline; filename="415199.webp"
content-security-policy: script-src 'none'
expires: Fri, 23 Apr 2027 23:57:23 GMT
x-request-id: f877a2e9c0081cdb51feeb3b42e0c5fa
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-546a4a7e42e0e78cb28d2bc39ad2689c-a342460e2656ddeb-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-23T23:57:23+00:00, 2024-04-25T19:02:24+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/765ff1cec6a94be3f6748dc588420e16.webp

185.244.209.62

200 OK

778 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/765ff1cec6a94be3f6748dc588420e16.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
778 B (778 bytes)
Hash
8929c9c703612cd73c370de6ff8286e6
e81efe3b98abf72dba0d77c9224d1da39c5e75e3
cd9a33b9232b3eaefdaead7e62f57ff7b5981a069551c5ab18933165aa2560b6

HTTP Headers

GET /resized/size16/sfiles/logo_teams/765ff1cec6a94be3f6748dc588420e16.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:48 GMT
content-type: image/webp
content-length: 778
cache-control: max-age=94608000
content-disposition: inline; filename="765ff1cec6a94be3f6748dc588420e16.webp"
content-security-policy: script-src 'none'
expires: Wed, 21 Apr 2027 15:11:47 GMT
x-request-id: b6ae4c11c566e956ee6a29d488d4a4c2
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-92be3f7ba78a63501c61dfaafa465327-12d0a95c07aeea04-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-21T15:11:47+00:00, 2024-04-25T18:48:20+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/2470141.webp

185.244.209.62

200 OK

730 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/2470141.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
730 B (730 bytes)
Hash
aa6c816e3ea92c355a0e4cd52a31af71
6de3e4d7f84c0c8543dc1ccebb6071880967b516
dc4c4704c0fa7fb0fe0c245c4b8560d787ea6b87dc780e22b3030c29e1acea16

HTTP Headers

GET /resized/size16/sfiles/logo_teams/2470141.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:48 GMT
content-type: image/webp
content-length: 730
cache-control: max-age=94608000
content-disposition: inline; filename="2470141.webp"
content-security-policy: script-src 'none'
expires: Thu, 22 Apr 2027 23:03:03 GMT
x-request-id: 740bee6e373ad901654d4e2817d96c6c
x-time-ng: 0.054
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-e5f02ad7e8b2b1645499160a94ce6eca-0def79f9a15f8220-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-22T23:03:03+00:00, 2024-04-23T12:28:32+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/1743016e-d00d67a74426f155.js

104.18.39.72

200 OK

83 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/chunks/1743016e-d00d67a74426f155.js
IP
104.18.39.72:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
gzip compressed data, from Unix
Size
83 kB (83098 bytes)
Hash
96f87b9212406126b47f4af7f2e0b33f
06eae80706dffd2c4757eec570a9ccbbdf622d63
4ce899c13450f0a2377ec80a03fbaad68874481d1751fbae030e9060189d993b

HTTP Headers

GET /_next/static/chunks/1743016e-d00d67a74426f155.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 25 Apr 2024 23:55:45 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Wed, 17 Jan 2024 06:19:55 GMT
etag: W/"75543-18d161388b8"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 8614293
expires: Fri, 25 Apr 2025 23:55:45 GMT
server: cloudflare
cf-ray: 87a244070df156ae-OSL
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/5516317147efb14ac1ae2a0382fe67b1.webp

185.244.209.62

200 OK

828 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/5516317147efb14ac1ae2a0382fe67b1.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
828 B (828 bytes)
Hash
68381c7d913ba640d321bb4c5aaea615
6908011112e78d66179200e1e916a9221efe1274
17b0661088ef1e66731949112ded332960798d15b8187c6956ccb3a996822642

HTTP Headers

GET /resized/size16/sfiles/logo_teams/5516317147efb14ac1ae2a0382fe67b1.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:48 GMT
content-type: image/webp
content-length: 828
cache-control: max-age=94608000
content-disposition: inline; filename="5516317147efb14ac1ae2a0382fe67b1.webp"
content-security-policy: script-src 'none'
expires: Sat, 24 Apr 2027 11:07:55 GMT
x-request-id: 99c1727932dfafef2d7f9b7e99e230e6
x-time-ng: 0.038
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-e24d89cef6d4067a71244b41ff0ae3fb-d48ae0cbf34272d8-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-24T11:07:55+00:00, 2024-04-25T13:47:24+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/73d325a732f65d1d2f65e39ea1a0f395.webp

185.244.209.62

200 OK

822 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/73d325a732f65d1d2f65e39ea1a0f395.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
822 B (822 bytes)
Hash
ad3f977a33d8a151b1b2255cea2ba69d
b48578afdf064a9ce9484b875f4207ee38623bbb
32b5c3c73a3b5147a3d3841e16d052de0ace6cf70bcbd687ba52eb093dafcabe

HTTP Headers

GET /resized/size16/sfiles/logo_teams/73d325a732f65d1d2f65e39ea1a0f395.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:48 GMT
content-type: image/webp
content-length: 822
cache-control: max-age=94608000
content-disposition: inline; filename="73d325a732f65d1d2f65e39ea1a0f395.webp"
content-security-policy: script-src 'none'
expires: Sat, 24 Apr 2027 11:07:55 GMT
x-request-id: b4d597fd0af512ed4504eabda87d0c94
x-time-ng: 0.033
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-748b9245360b4e85653f98090813cf32-7d5fa5d14dddb95d-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-24T11:07:55+00:00, 2024-04-25T13:47:24+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sfiles/logo-champ/f2f3ed4ab91179f4cc5768ec644dc694.webp

185.244.209.62

200 OK

1.9 kB

URL GET HTTP/2
v3.traincdn.com/sfiles/logo-champ/f2f3ed4ab91179f4cc5768ec644dc694.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
1.9 kB (1900 bytes)
Hash
5a1d610f426207daf7d841e0620ebaee
2e59d96cd5092ab8deca98bdb3e6849b35f35fa2
8df8ca48cf06f0009bd1a02597dd420e04d6dea038a68aef5d6df35f707e7fea

HTTP Headers

GET /sfiles/logo-champ/f2f3ed4ab91179f4cc5768ec644dc694.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:48 GMT
content-type: image/webp
content-length: 1900
last-modified: Sat, 05 Aug 2023 05:40:20 GMT
etag: "5a1d610f426207daf7d841e0620ebaee"
cache-control: public, max-age=86400, public
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-d012c9404db09e8426cdc115c69f7b07-0f8857a0abadc093-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-03-30T17:41:20+00:00, 2024-04-25T21:35:28+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

widget.suphelper.top/

104.18.39.72

200 OK

136 kB

URL GET HTTP/2
widget.suphelper.top/
IP
104.18.39.72:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
gzip compressed data, from Unix
Size
136 kB (135506 bytes)
Hash
a2098043ff5dd1534a33d8dc916df01e
397debd8bf91a125b0daba958f3c3d1b16ce5ec9
dcfc5cbe74ca2e9ccb7fe4fd2e261984f9e732ca63d0f8c97067678f93b1e99d

HTTP Headers

GET / HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 25 Apr 2024 23:55:45 GMT
content-type: text/html; charset=utf-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=60, stale-while-revalidate=30
vary: Accept-Encoding
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 87a244061da056ae-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/main-fa1d3b21fd97b583.js

104.18.39.72

200 OK

34 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/chunks/main-fa1d3b21fd97b583.js
IP
104.18.39.72:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
gzip compressed data, from Unix
Size
34 kB (34513 bytes)
Hash
0c7454a3036673f4797a753f0a5ac398
b1d2aa86cd1e81ae3bf8a2444523a34b30f81d74
eef51314347120e6d6e1af0e4b6359a689cbbca583e47173439e8fcd7de7d168

HTTP Headers

GET /_next/static/chunks/main-fa1d3b21fd97b583.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 25 Apr 2024 23:55:45 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://file-hosting-api-stage.kube.prod.cons.lan https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 09 Nov 2023 06:03:45 GMT
etag: W/"1a544-18bb2adf0eb"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 13372812
expires: Fri, 25 Apr 2025 23:55:45 GMT
server: cloudflare
cf-ray: 87a244070dee56ae-OSL
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/shared-assets/__shared_accept_language_parser_QKZ6ULEV.js

185.244.209.62

200 OK

47 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/shared-assets/__shared_accept_language_parser_QKZ6ULEV.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (35828)
Size
47 kB (46611 bytes)
Hash
230b4c60023e43a65fc4806b1083d095
02d18ebffd1037f0931859191c145dc2fa9b109f
0ca816457c3aa38d8dcc542dc3064715230ae5252a9e9b1e1c658d15cf161bae

HTTP Headers

GET /sys-static/shared-assets/__shared_accept_language_parser_QKZ6ULEV.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:48 GMT
content-type: text/javascript; charset=utf-8
last-modified: Thu, 25 Apr 2024 13:43:42 GMT
etag: W/"518e0ae196483ada8b528a1f2b7df0a1"
x-amz-meta-mtime: 1714052428.630038208
content-encoding: gzip
expires: Fri, 26 Apr 2024 15:18:00 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-ac61ec6ecbeb81e32ce6f8fe2f78b81b-d130df98854f49f4-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T15:18:00+00:00, 2024-04-25T15:47:48+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/vendors/Registration.Fields-3ce6506f.js

185.244.209.62

200 OK

8.9 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/Registration.Fields-3ce6506f.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (39925), with no line terminators
Size
8.9 kB (8875 bytes)
Hash
681145f0441284174ef426e56941290b
6e6844a39c0a7b28cd162391753ac6429a576728
a9b554dc85ad806c70c5a650600b4c39ea900812543992e8aa761b779600c3bb

HTTP Headers

GET /_nuxt/desktop/default/vendors/Registration.Fields-3ce6506f.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:48 GMT
content-type: application/javascript; charset=utf-8
content-length: 8875
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-22ab"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:28:43 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-1bf89eb638bf57c1d420a8863c6c40ea-9a2aebadd210285f-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:43+00:00, 2024-04-25T14:51:48+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-660473.top/bff-api/config/all.json?lang=en

178.253.29.47

200 OK

28 kB

URL GET HTTP/2
1xlite-660473.top/bff-api/config/all.json?lang=en
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
28 kB (28402 bytes)
Hash
d3369a35ebaf485ef2c65676ccdab2b2
51a6a8a687655144d18971b0197c777294986e23
bd8df5e777d22a5c3010f0293146a8102bf672b2a16c7c60e8909e71286bf7e5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bff-api/config/all.json?lang=en HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en?tag=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder
content-type: application/json
x-requested-with: XMLHttpRequest
is-srv: false
x-geoip2-country-code: ru
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder; platform_type=desktop; auid=sv0dL2Yq7Xxr7e+7AxAFAg==; SESSION=587ba088a1b8608459f8108426e49de1; window_width=1280; _glhf=1714107119; che_g=237c3e42-bb07-1392-9107-2863f3373895; application_locale=en; sh.session.id=36771331-bf5d-48a8-8829-8a3074d48db3; ggru=167
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:49 GMT
content-type: application/json
cache-control: no-cache, private
content-encoding: br
server-timing: bff;dur=114.00, dt_total;dur=121.121, wf-uht;dur=0.136
traceparent: 00-4c3a5c3465fab205c306b3ee69dcd303-78ab0e9b4714b7b2-01
vary: Accept-Encoding
x-dt: 285
x-time-ng: 0.114
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/e4f5a237b491.js

185.244.209.62

200 OK

14 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/e4f5a237b491.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
14 kB (13930 bytes)
Hash
39ccd3abf820b48b552e48920172f7bb
c59c94132bb60fba5409378eff05f19406da6ff5
257f9b72f129069bd138c8a8137bcc39f733b5d7887f3dc32d50e6a6260a81af

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/e4f5a237b491.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:49 GMT
content-type: text/javascript; charset=utf-8
last-modified: Tue, 23 Apr 2024 12:34:23 GMT
etag: W/"827336e53d45532bf8abee174a7db24c"
x-amz-meta-mtime: 1713875281.745615589
content-encoding: gzip
expires: Wed, 24 Apr 2024 12:55:13 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-1e6f9893da9f34c5722ab4e3da2241e2-49c36b0220a83cb2-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-23T12:55:13+00:00, 2024-04-25T13:05:55+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-icons/1.0.328/285/country.svg

185.244.209.62

200 OK

63 kB

URL GET HTTP/2
v3.traincdn.com/sys-icons/1.0.328/285/country.svg
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
63 kB (63166 bytes)
Hash
878dc111463822972958c8b0cb814ca4
50f30da8eb359ef153340a5f3f1c196f808680d9
95492e801a450ae01d38fe007cdf5a1978380b6ce4187fe3ede6ae12f0db7f75

HTTP Headers

GET /sys-icons/1.0.328/285/country.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:48 GMT
content-type: image/svg+xml
last-modified: Mon, 15 Apr 2024 07:13:32 GMT
etag: W/"60caf0d666af828706b3d83c428a31e4"
x-amz-meta-mtime: 1713165210.217888091
content-encoding: gzip
expires: Tue, 23 Apr 2024 10:38:03 GMT
cache-control: max-age=86400
x-time-ng: 0.003
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-60db75f9f6af36d321eb7834fe4533d2-5e19e46cc203f6cb-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-22T10:38:03+00:00, 2024-04-25T11:01:26+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/5e0dc9f15b39.js

185.244.209.62

200 OK

53 B

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/5e0dc9f15b39.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text
Size
53 B (53 bytes)
Hash
bb7e15ec1662efa164ad912bd1c65e19
bdd420a5f5bf96a8a4f85abbbe3b0cd2ad547f52
a9378fb3de73c35f466dfae4d2956a63b95813d4eaf88ae7f4ce820d0992cc01

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/5e0dc9f15b39.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:49 GMT
content-type: text/javascript; charset=utf-8
content-length: 53
last-modified: Tue, 23 Apr 2024 12:34:11 GMT
etag: "bb7e15ec1662efa164ad912bd1c65e19"
x-amz-meta-mtime: 1713875281.761615713
expires: Wed, 24 Apr 2024 20:51:53 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-708d25ce5e478baff6a4a6e54b99cf8e-c5947be93ae2cef0-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-23T20:51:53+00:00, 2024-04-25T14:20:37+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/shared-assets/__shared_popper_js_MO5RLEN3.js

185.244.209.62

200 OK

8.8 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/shared-assets/__shared_popper_js_MO5RLEN3.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
8.8 kB (8776 bytes)
Hash
da845574307410bfeb3c7e758acba008
a785a593c9d9c1001a9fd83e2b4c9da88576d213
02b58ac50393eedf9ac7f9c61064084a3d52ccadb8fb7ae7985cfb05c8b669e0

HTTP Headers

GET /sys-static/shared-assets/__shared_popper_js_MO5RLEN3.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:48 GMT
content-type: text/javascript; charset=utf-8
last-modified: Wed, 24 Apr 2024 11:42:21 GMT
etag: W/"598d5481ac96b9bf8013b0eb1413b8e5"
x-amz-meta-mtime: 1713958799.496295842
content-encoding: gzip
expires: Thu, 25 Apr 2024 15:31:25 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-ba7b99ca2730c114e39b3e39aea5ca6b-6b694655df5c3b8c-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-24T15:31:25+00:00, 2024-04-25T12:27:14+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/694da3a9483f.js

185.244.209.62

200 OK

424 B

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/694da3a9483f.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
Java source, ASCII text, with very long lines (423)
Size
424 B (424 bytes)
Hash
784714dbdeff946febf2eb88c77d6340
5da79cae3317a05b281ff8c256686a1a772b2352
1ba04d68c320b81d0d06784ac28bd95743cb6ef9ba02f34a3e733beca5e23c11

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/694da3a9483f.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:49 GMT
content-type: text/javascript; charset=utf-8
content-length: 424
last-modified: Tue, 23 Apr 2024 12:34:23 GMT
etag: "784714dbdeff946febf2eb88c77d6340"
x-amz-meta-mtime: 1713875281.713615339
expires: Wed, 24 Apr 2024 12:55:17 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-984a442f2fea42b92a18ff6719bd4e44-49dcd37d79c21fac-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-23T12:55:17+00:00, 2024-04-25T13:53:27+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-660473.top/web-api/mobile

178.253.29.47

200 OK

34 kB

URL POST HTTP/2
1xlite-660473.top/web-api/mobile
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
34 kB (33922 bytes)
Hash
9cab5bd9648e50acfe75043982631c0d
12f5df8e5a59e6bac0a4cd074b7a0ec8fb713365
db492ee90d48d737bfbd6ddf1c25483d10e0877e75b6ee0a63950a9767f676e9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /web-api/mobile HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en?tag=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder
content-type: application/json
x-requested-with: XMLHttpRequest
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder; platform_type=desktop; auid=sv0dL2Yq7Xxr7e+7AxAFAg==; SESSION=587ba088a1b8608459f8108426e49de1; window_width=1280; _glhf=1714107119; che_g=237c3e42-bb07-1392-9107-2863f3373895; application_locale=en; sh.session.id=36771331-bf5d-48a8-8829-8a3074d48db3
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:45 GMT
content-type: application/json
cache-control: no-cache, private
content-encoding: br
server-timing: p;dur=21, dt_total;dur=22.661, wf-uht;dur=0.033
traceparent: 00-5d477cefdb4c6ab47fcc175f75396199-530bc12e23dafe32-01
vary: Accept-Encoding
x-dt: 285
x-time-ng: 0.022
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

1xlite-660473.top/web-api/api/v3/bonuses/welcome-bonuses

178.253.29.47

200 OK

711 B

URL GET HTTP/2
1xlite-660473.top/web-api/api/v3/bonuses/welcome-bonuses
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
711 B (711 bytes)
Hash
3b95c708633bddc9e7e22d49dad5fc0f
a8df6625dbc748880d5d8c7848cf596f3745b87c
e23bcc0d393deacc52f246838faf46a23d0bf4cfe70079980e20a4d0a2a80e53

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /web-api/api/v3/bonuses/welcome-bonuses HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en?tag=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder; platform_type=desktop; auid=sv0dL2Yq7Xxr7e+7AxAFAg==; SESSION=587ba088a1b8608459f8108426e49de1; window_width=1280; _glhf=1714107119; che_g=237c3e42-bb07-1392-9107-2863f3373895; application_locale=en
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:44 GMT
content-type: application/vnd.api+json
vary: Accept-Encoding
cache-control: no-cache, private
server-timing: p;dur=22, dt_total;dur=61.891, wf-uht;dur=0.070
traceparent: 00-1f8c96c08991f8daff1d1c619acde886-dcccc96c8b9e50e5-01
x-dt: 285
x-time-ng: 0.036
content-encoding: br
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/344e644612ea.js

185.244.209.62

200 OK

13 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/344e644612ea.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
13 kB (12676 bytes)
Hash
fcd78bbc0c1abc8fe1d157e409212dd5
8707d489e63fe9f8f27eb313f8fd276e5c4bd70a
8fbdf6e5ffa0d5359d0c6a13ee3248f244af3410d49df586a54b461cdd3d701b

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/344e644612ea.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:49 GMT
content-type: text/javascript; charset=utf-8
last-modified: Tue, 23 Apr 2024 12:34:22 GMT
etag: W/"e3860273696b2c2385615d1b02860059"
x-amz-meta-mtime: 1713875281.701615245
content-encoding: gzip
expires: Wed, 24 Apr 2024 12:55:17 GMT
cache-control: max-age=86400
x-time-ng: 0.001
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-18674c31d749990aa602da5e212d014b-495787e9a4c891ba-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-23T12:55:17+00:00, 2024-04-25T13:05:56+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/00526da4cdf3.css

185.244.209.62

200 OK

21 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/00526da4cdf3.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
21 kB (20993 bytes)
Hash
373ee26f9b1e1c751e620dc1c915df6e
bce3a7adf3539d912f99b8b5e1721e615acc2f2e
2438ff82cf5b964a6ed7ec517503416ee00a06256a1d286a5df688c1a8c941ab

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/00526da4cdf3.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:49 GMT
content-type: text/css; charset=utf-8
last-modified: Tue, 23 Apr 2024 12:34:11 GMT
etag: W/"6aa11e1c24ebb592cd2fe02d36340453"
x-amz-meta-mtime: 1713875281.633614714
content-encoding: gzip
expires: Thu, 25 Apr 2024 12:27:42 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-2fc9eba6837fd4d10fa5099354dae73f-4b11cf300ee3d727-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-24T12:27:42+00:00, 2024-04-25T14:20:35+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/3e98905ff0ef.js

185.244.209.62

200 OK

4.4 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/3e98905ff0ef.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
4.4 kB (4373 bytes)
Hash
5a20ec504900d1e0c5e10ad37a6e1998
4a95fcff7d7d26950e082dab85f55a139070965f
be734ef4821e192958172e699d1b84ee6d85d0f548f1a4ee18b1ca80d6dd180e

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/3e98905ff0ef.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:49 GMT
content-type: text/javascript; charset=utf-8
last-modified: Tue, 23 Apr 2024 12:34:22 GMT
etag: W/"ea85164f3c2c7d7e126e0e8be39d1ce0"
x-amz-meta-mtime: 1713875281.701615245
content-encoding: gzip
expires: Wed, 24 Apr 2024 12:55:18 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-dee2798c15470e3f52aeb335346dd596-16bb3fd20949caf6-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-23T12:55:18+00:00, 2024-04-25T13:05:56+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/034cd6868126.js

185.244.209.62

200 OK

62 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/034cd6868126.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (38187)
Size
62 kB (62017 bytes)
Hash
a2bb3a4f84cc4e6bfba45a8e4c3932e1
57bf2f515613e238a1764722cc33c0047f967df9
bb68af41c9da35a2304660ed2f598a9e188a5be99c6e4cef32f52af904300a54

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/034cd6868126.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:49 GMT
content-type: text/javascript; charset=utf-8
last-modified: Tue, 23 Apr 2024 12:34:22 GMT
etag: W/"a2bb3a4f84cc4e6bfba45a8e4c3932e1"
x-amz-meta-mtime: 1713875281.673615027
content-encoding: gzip
expires: Wed, 24 Apr 2024 12:55:16 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-990a0cb54b9e1a54dd06e8523def5a05-5dc536e0d909b873-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-23T12:55:16+00:00, 2024-04-25T13:05:56+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/4efc36d7a3c7.js

185.244.209.62

200 OK

70 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/4efc36d7a3c7.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (58867)
Size
70 kB (69655 bytes)
Hash
69c80009bab45e7bf538a3f587429990
77d1b7143adef2354e7cbf0febac790e3cbe446f
1d462fb93af65ca431e28a0a659d794ade9cdd4635543e72ca614d9a123cf784

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/4efc36d7a3c7.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:49 GMT
content-type: text/javascript; charset=utf-8
last-modified: Tue, 23 Apr 2024 12:34:22 GMT
etag: W/"d6054001e832a4dbc81c272445edf992"
x-amz-meta-mtime: 1713875281.705615276
content-encoding: gzip
expires: Wed, 24 Apr 2024 12:55:17 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-88ef36741865962b5f2b3a54266e055a-3c37c2bbb764a237-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-23T12:55:17+00:00, 2024-04-25T13:53:25+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/093330da9752.js

185.244.209.62

200 OK

65 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/093330da9752.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
65 kB (65031 bytes)
Hash
c6e052ab68e51e8c08d2894bb9ba31d0
b9f35cd7ffcdc13cb574d1da98ff224e2ab7f4fe
9fa52b857fc27cf352b1d7c4d96ef78043186a12152510c881ba61484f089410

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/093330da9752.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:49 GMT
content-type: text/javascript; charset=utf-8
last-modified: Tue, 23 Apr 2024 12:34:22 GMT
etag: W/"e99039abd8dac007c9c64df5cbb76091"
x-amz-meta-mtime: 1713875281.673615027
content-encoding: gzip
expires: Wed, 24 Apr 2024 12:55:16 GMT
cache-control: max-age=86400
x-time-ng: 0.001
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-869f03c18122f6c4dd96ef6ba6fb4bdc-7ce60f55f579b3eb-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-23T12:55:16+00:00, 2024-04-25T13:53:25+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/betstemplates/bets_model_short_en_0.json

185.244.209.62

200 OK

68 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/betstemplates/bets_model_short_en_0.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
68 kB (67582 bytes)
Hash
bd597cd7898ec7c92077c78226258411
6cbb2513f68acdd4bf6df6c763fb22ff3a473759
9f4017cabb33aeb17a2363f55260e2a1f7dddf2eccdf87ac446ae405fec3df5b

HTTP Headers

GET /genfiles/cms/betstemplates/bets_model_short_en_0.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:47 GMT
content-type: application/json
last-modified: Thu, 25 Apr 2024 14:04:55 GMT
etag: W/"d3e39abc76f19e176765d21ac9e70c5c"
content-encoding: gzip
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-9ed09d5aca431a458a2d8ba779b5f9af-9ad809fadd68dce7-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T15:42:47+00:00, 2024-04-25T23:34:29+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/0b23288bd734.js

185.244.209.62

200 OK

67 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/0b23288bd734.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
67 kB (66923 bytes)
Hash
bf8733731fa46cc9f8b5c02a9f627ed3
ceda6259762a31a3bc5d0a59a3aa3ec7d4b77832
d0d6075c6dff69e6ac52d03977fcf5d19bad7000a81272af10e8922f3ea29945

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/0b23288bd734.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:49 GMT
content-type: text/javascript; charset=utf-8
last-modified: Tue, 23 Apr 2024 12:34:22 GMT
etag: W/"ac462273a8335f158ccd0812c8d96cca"
x-amz-meta-mtime: 1713875281.673615027
content-encoding: gzip
expires: Wed, 24 Apr 2024 12:55:17 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-e097a7872b396fe96bfd7d24b6af4c23-8c0b88a80758114b-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-23T12:55:17+00:00, 2024-04-25T13:05:56+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2

185.244.209.62

200 OK

64 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 63920, version 1.0
Size
64 kB (63920 bytes)
Hash
a65527fcb58f66a7cfbc0e6b160538b4
45d260e7fa343401b5bb0df982a014f53e2d253b
fb13c3a1cbac60649b76f7d7f85c1645d35ac69b85ce5f4eb0692505ecc2cd45

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:51 GMT
content-type: font/woff2
content-length: 63920
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "a65527fcb58f66a7cfbc0e6b160538b4"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-f26d222482e2258b3dfa52361c4ba17c-7ac4d9700d8b457e-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:54:39+00:00, 2024-04-25T23:10:28+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2

185.244.209.62

200 OK

64 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 63748, version 1.0
Size
64 kB (63748 bytes)
Hash
6887b6f24414dbc612dbf42ccdc76b70
8068d3abfbc6cbf35b55919da45b1f4d2d136238
fc5c015fc32518f1ed810fa84ca28941eb9d5a3c81acc8df69a4dbbeedef7b0c

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:52 GMT
content-type: font/woff2
content-length: 63748
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "6887b6f24414dbc612dbf42ccdc76b70"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-7b8e04d4854672d5ae5806ae91b210cc-7777ce545e226be1-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:13:59+00:00, 2024-04-25T23:07:49+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2

185.244.209.62

200 OK

64 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 63920, version 1.0
Size
64 kB (63920 bytes)
Hash
a65527fcb58f66a7cfbc0e6b160538b4
45d260e7fa343401b5bb0df982a014f53e2d253b
fb13c3a1cbac60649b76f7d7f85c1645d35ac69b85ce5f4eb0692505ecc2cd45

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:52 GMT
content-type: font/woff2
content-length: 63920
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "a65527fcb58f66a7cfbc0e6b160538b4"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-f581cb9fab4ecfcc4caa389f4d2e6d36-da783dc27b21301c-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:54:39+00:00, 2024-04-25T23:10:28+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/28a6402a2a0b.js

185.244.209.62

200 OK

66 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/28a6402a2a0b.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
66 kB (65530 bytes)
Hash
bc08e0814497bc5c2f495219ca9c25bc
949d397b7ed43cd2e39c0e5ca398ec806bb37b1e
83d40d68a77cd4b8c85b40e840a38a315a72f5336080c08fe5dcff24fd8991d3

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/28a6402a2a0b.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:49 GMT
content-type: text/javascript; charset=utf-8
last-modified: Tue, 23 Apr 2024 12:34:22 GMT
etag: W/"24906b7dbc572ec6dd8117e9bd9939e3"
x-amz-meta-mtime: 1713875281.693615182
content-encoding: gzip
expires: Wed, 24 Apr 2024 12:55:17 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-e60dfacfa00272422c9578510a5c3d1f-db8c06d88025fbc4-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-23T12:55:17+00:00, 2024-04-25T13:53:25+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-660473.top/service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true

178.253.29.47

200 OK

10 kB

URL GET HTTP/2
1xlite-660473.top/service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
10 kB (10007 bytes)
Hash
78d42b7e64cc3bdfe8bb7a4e04cf7790
05a3af4b42cea796f03cff80073353fc8e0ffc72
4c72616ca293f2219b34d798e9623cd82b3ee35b2af846eedbd0e6dd94080ea9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en?tag=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder; platform_type=desktop; auid=sv0dL2Yq7Xxr7e+7AxAFAg==; SESSION=587ba088a1b8608459f8108426e49de1; window_width=1280; _glhf=1714107119; che_g=237c3e42-bb07-1392-9107-2863f3373895; application_locale=en; sh.session.id=36771331-bf5d-48a8-8829-8a3074d48db3; ggru=167
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:53 GMT
content-type: application/json; charset=utf-8
content-length: 10007
cache-control: public, max-age=5
content-encoding: br
last-modified: Thu, 25 Apr 2024 23:55:53 GMT
vary: Accept-Encoding
x-time-ng: 0.055
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.063
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/663-81a4add2f1c95639.js

104.18.39.72

200 OK

190 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/chunks/663-81a4add2f1c95639.js
IP
104.18.39.72:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
gzip compressed data, from Unix
Size
190 kB (189741 bytes)
Hash
9756268c753213d9d29adb860aeae69f
68cbfa42020dfd73da3f6e008a4f321460fdc887
b9513e312cd82a89d1fe53b5037931ccdf0ebddcc6f7d2fb425603962c38770c

HTTP Headers

GET /_next/static/chunks/663-81a4add2f1c95639.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 25 Apr 2024 23:55:45 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 28 Mar 2024 06:56:31 GMT
etag: W/"5b0da-18e83d890e3"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 2476439
expires: Fri, 25 Apr 2025 23:55:45 GMT
server: cloudflare
cf-ray: 87a244071df656ae-OSL
X-Firefox-Spdy: h2

1xlite-660473.top/hd-api/external/api/web/v1/j/ed1m7i903i7d9g85516bf5e5bfc53d0fdc592771c9911bd5f19b

178.253.29.47

200 OK

515 B

URL POST HTTP/2
1xlite-660473.top/hd-api/external/api/web/v1/j/ed1m7i903i7d9g85516bf5e5bfc53d0fdc592771c9911bd5f19b
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
515 B (515 bytes)
Hash
ecdbd38be34966d6993d0aaa27d566ce
f3d3fbf448c205fac6c605d4bc95fcc37ca24e9f
ecea03189d4fa5ace1b24aef4dbd48700d01d48d62ce4f5994260da4b058cff3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /hd-api/external/api/web/v1/j/ed1m7i903i7d9g85516bf5e5bfc53d0fdc592771c9911bd5f19b HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en?tag=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder
X-Requested-With: XMLHttpRequest
Content-Type: application/json
Content-Length: 105936
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder; platform_type=desktop; auid=sv0dL2Yq7Xxr7e+7AxAFAg==; SESSION=587ba088a1b8608459f8108426e49de1; window_width=1280; _glhf=1714107119; che_g=237c3e42-bb07-1392-9107-2863f3373895; application_locale=en; sh.session.id=36771331-bf5d-48a8-8829-8a3074d48db3; ggru=167
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:54 GMT
content-type: application/json
content-length: 515
content-encoding: gzip
traceparent: 00-dc398955a57bebd5c2a7699cd3890855-610fc3cd973c832a-01
vary: Accept-Encoding
x-dt: 285
x-request-guid: c2731ee3f18e72b14dde802eede8eb5a
x-time-ng: 0.006
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=5.381, wf-uht;dur=0.028
X-Firefox-Spdy: h2

1xlite-660473.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json

178.253.29.47

200 OK

23 B

URL POST HTTP/2
1xlite-660473.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
23 B (23 bytes)
Hash
54c57e18e840f765d7e6bd34c8568af1
2ede0c1ef4f02f6121704c26d6bd39cb775adda6
e1ab381146d68bfe920b972f3ae77e1a71f0ccf28839f0834ddf2539a05069b4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en?tag=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder
Content-Type: application/json
X-Lang: en
X-Uuid: 1cdba155-2a89-4500-9606-648141a6028a
Content-Length: 99
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder; platform_type=desktop; auid=sv0dL2Yq7Xxr7e+7AxAFAg==; SESSION=587ba088a1b8608459f8108426e49de1; window_width=1280; _glhf=1714107119; che_g=237c3e42-bb07-1392-9107-2863f3373895; application_locale=en; sh.session.id=36771331-bf5d-48a8-8829-8a3074d48db3; ggru=167
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:54 GMT
content-type: application/json
content-length: 23
x-time-ng: 0.000
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.009
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/analytics-c706fc54.js

185.244.209.62

200 OK

2.4 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/analytics-c706fc54.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (6444), with no line terminators
Size
2.4 kB (2434 bytes)
Hash
14c0a5b475850d7da7e8459bf9df5766
f4cbfa40f0f3e3781d23a8a2e3715bf8252a2402
a6a30f6358ba3aea4d315b8838587ef81df7d171d0f84e2aa6d6faaadad614fd

HTTP Headers

GET /_nuxt/desktop/default/analytics-c706fc54.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:55 GMT
content-type: application/javascript; charset=utf-8
content-length: 2434
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-982"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:28:50 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-6687f95da26376bf4d7a229ffe53da57-e31da6c000c68407-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:50+00:00, 2024-04-25T14:33:07+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-660473.top/service-api/LiveFeed/WebGetTopChampsZip?lng=en&gr=285&country=137

178.253.29.47

200 OK

266 B

URL GET HTTP/2
1xlite-660473.top/service-api/LiveFeed/WebGetTopChampsZip?lng=en&gr=285&country=137
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
266 B (266 bytes)
Hash
f8ff37b50397222b6b0fc5254695b78c
246172bd71b85ecac94c7cbe5a4d35b0e17d3e2f
8729571270ff6fca33ba3564cda631a6133387c9a2cb7ec221ec73d91fa6d829

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/WebGetTopChampsZip?lng=en&gr=285&country=137 HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en?tag=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiYi90Njcza1Z3Umd0Sm03WnV6WlQ3VkEvcG9sRU80UVhMNURtVnZMcG1kR0dmb3NDUFJScEpwcTJQeDltUk40SjkwTXFZYmU4WlBFR2xGTGVkLzhDMWxMWHZ0VHp5M09oU1FWMlFCUTVoSjFQdHVEYjg3RzhZbWJNTjFDcHpCYStuaE52VFkraUpHMmk0R3QwNlU2bFJTK0RsdENFclFiaVNTei9LZ0pNbzBEYnQzUzA1Qmc5Qmt0eXJQcXc4b2szcW9hemsxT01Sdk9IcEdlaTdQYUJnbFNabURCR3JXRUhvaDlURUtlczVaR3RBa1pDWHFyaFlDSWFHOTFDVS80SlJYaW5hYllFWTE5cEVRUlpWcG1SODM0VDJXa053dmI4MmdjMmdmWmlnMHVJIiwiZXhwIjoxNzE0MTAzNzU0LCJpYXQiOjE3MTQwODkzNTR9.Z4EP5s3-UKiwZNTlLOxwbjstRxZs5xeVZBGYYiixu6-I32n2n_sVDzxKHUH4FQLD2T37TUUa_bd3AQHZ-ALn_A
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder; platform_type=desktop; auid=sv0dL2Yq7Xxr7e+7AxAFAg==; SESSION=587ba088a1b8608459f8108426e49de1; window_width=1280; _glhf=1714107119; che_g=237c3e42-bb07-1392-9107-2863f3373895; application_locale=en; sh.session.id=36771331-bf5d-48a8-8829-8a3074d48db3; ggru=167
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:55 GMT
content-type: application/json; charset=utf-8
content-length: 266
cache-control: no-cache
content-encoding: br
last-modified: Thu, 25 Apr 2024 23:55:55 GMT
vary: Accept-Encoding
x-time-ng: 0.006
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.014
X-Firefox-Spdy: h2

v3.traincdn.com/sys-icons/1.0.328/285/coloredSvg.svg

185.244.209.62

200 OK

132 kB

URL GET HTTP/2
v3.traincdn.com/sys-icons/1.0.328/285/coloredSvg.svg
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
132 kB (132366 bytes)
Hash
9ee98971bf9f107179f9ccfbf3940224
53e326c2bf2fa253a946aa458540a224ee89a816
4ea052dedae48178b9d65be34c8f2515e409fb283edccff2ec6fa89eac04cf99

HTTP Headers

GET /sys-icons/1.0.328/285/coloredSvg.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:45 GMT
content-type: image/svg+xml
last-modified: Mon, 15 Apr 2024 07:13:32 GMT
etag: W/"fd241a06afa4bae60c4bbab7fa1a9a5b"
x-amz-meta-mtime: 1713165210.217888091
content-encoding: gzip
expires: Tue, 23 Apr 2024 10:38:11 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-3ea08d77817726a583315ad4cb1ba44f-131b7767dcd35481-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-22T10:38:11+00:00, 2024-04-25T11:15:25+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

www.googletagmanager.com/gtm.js?id=GTM-KFGPRJ2V

142.250.74.72

200 OK

63 kB

URL GET HTTP/2
www.googletagmanager.com/gtm.js?id=GTM-KFGPRJ2V
IP
142.250.74.72:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint1E:33:2E:4B:C3:51:05:B7:73:DC:21:BF:3E:02:B3:16:D8:0B:AB:BB
ValidityMon, 18 Mar 2024 19:37:14 GMT - Mon, 10 Jun 2024 19:37:13 GMT

File type
JavaScript source, ASCII text, with very long lines (1763)
Size
63 kB (62928 bytes)
Hash
b891b1487647a7b5c543d54519250248
0758ea8a890cbba449c147efa2ef401928febe38
d74b699e5dae5536c155bf215c383fa22dd7ca007b2d9b87c1e302a33fc7bcc9

HTTP Headers

GET /gtm.js?id=GTM-KFGPRJ2V HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 25 Apr 2024 23:55:55 GMT
expires: Thu, 25 Apr 2024 23:55:55 GMT
cache-control: private, max-age=900
last-modified: Thu, 25 Apr 2024 21:56:34 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 62928
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

radar.cedexis.com/1/23802/radar.js

45.54.49.5

302 Moved Temporarily

154 B

URL GET HTTP/1.1
radar.cedexis.com/1/23802/radar.js
IP
45.54.49.5:443
ASN
#63911 NetActuate, Inc

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerDigiCert Inc
Subjectradar.cedexis.com
Fingerprint33:58:79:8E:87:A5:C3:05:CA:E2:82:50:61:CF:72:83:BD:64:80:C1
ValidityFri, 29 Mar 2024 00:00:00 GMT - Fri, 28 Mar 2025 23:59:59 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
154 B (154 bytes)
Hash
cfbeaf604823f038b8b46f0ac862b98c
7b9eb1dac48e74fa5f418bc456cb410f88b81d98
20c1ab602462b7fc0d5b4cbd555cacf127b69a07a737579598ebcbc0f5b21319

HTTP Headers

GET /1/23802/radar.js HTTP/1.1
Host: radar.cedexis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Thu, 25 Apr 2024 23:55:55 GMT
Content-Type: text/html
Content-Length: 154
Connection: keep-alive
Location: /1707728419/stub.js
Expires: Fri, 26 Apr 2024 00:05:55 GMT
Cache-Control: max-age=600
Vary: User-Agent,DNT

radar.cedexis.com/1707728419/stub.js

45.54.49.5

200 OK

271 B

URL GET HTTP/1.1
radar.cedexis.com/1707728419/stub.js
IP
45.54.49.5:443
ASN
#63911 NetActuate, Inc

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerDigiCert Inc
Subjectradar.cedexis.com
Fingerprint33:58:79:8E:87:A5:C3:05:CA:E2:82:50:61:CF:72:83:BD:64:80:C1
ValidityFri, 29 Mar 2024 00:00:00 GMT - Fri, 28 Mar 2025 23:59:59 GMT

File type
JavaScript source, ASCII text
Size
271 B (271 bytes)
Hash
82dec77fd0353c7c71ce053b8601387e
fbbca95419e1d0c042e0a5fdf10f380aca66188c
39f2b7b0fa78d37d0c84d2d6618bd635d86fd683d9bcdd5729850cb2a62522f7

HTTP Headers

GET /1707728419/stub.js HTTP/1.1
Host: radar.cedexis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 25 Apr 2024 23:55:55 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 12 Feb 2024 09:50:42 GMT
Vary: Accept-Encoding
ETag: W/"65c9e9f2-186"
Expires: Thu, 09 May 2024 23:55:55 GMT
Cache-Control: max-age=1209600, public
Content-Encoding: gzip

widget.suphelper.top/_next/static/chunks/81.9c6562bba5669b47.js

104.18.39.72

200 OK

9.8 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/chunks/81.9c6562bba5669b47.js
IP
104.18.39.72:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
gzip compressed data, from Unix
Size
9.8 kB (9775 bytes)
Hash
a246fca424f22ccc9dcd93dcfa4c30b5
b7a1703cdcc41cbf3955839273f4238e0bad62c4
ebecf4fafc2a5f451b7b0c05d337f08602943f47bb21775f225abb5ab7376427

HTTP Headers

GET /_next/static/chunks/81.9c6562bba5669b47.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 25 Apr 2024 23:55:46 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://file-hosting-api-stage.kube.prod.cons.lan https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 09 Nov 2023 06:03:45 GMT
etag: W/"8f42-18bb2adf0eb"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 13462088
expires: Fri, 25 Apr 2025 23:55:46 GMT
server: cloudflare
cf-ray: 87a24410190556ae-OSL
X-Firefox-Spdy: h2

1xlite-660473.top/service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true

178.253.29.47

200 OK

2.7 kB

URL GET HTTP/2
1xlite-660473.top/service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
2.7 kB (2665 bytes)
Hash
fe0e1dd8585aea7a1e7c01a8bbc98efb
c3b0caad8de9beba1be043264d776c16590ac7f2
5c86acd1f9acaa15f0ad3af0c4d7a806d7bde4eca9813724ccccb45d74e59474

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en?tag=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiYi90Njcza1Z3Umd0Sm03WnV6WlQ3VkEvcG9sRU80UVhMNURtVnZMcG1kR0dmb3NDUFJScEpwcTJQeDltUk40SjkwTXFZYmU4WlBFR2xGTGVkLzhDMWxMWHZ0VHp5M09oU1FWMlFCUTVoSjFQdHVEYjg3RzhZbWJNTjFDcHpCYStuaE52VFkraUpHMmk0R3QwNlU2bFJTK0RsdENFclFiaVNTei9LZ0pNbzBEYnQzUzA1Qmc5Qmt0eXJQcXc4b2szcW9hemsxT01Sdk9IcEdlaTdQYUJnbFNabURCR3JXRUhvaDlURUtlczVaR3RBa1pDWHFyaFlDSWFHOTFDVS80SlJYaW5hYllFWTE5cEVRUlpWcG1SODM0VDJXa053dmI4MmdjMmdmWmlnMHVJIiwiZXhwIjoxNzE0MTAzNzU0LCJpYXQiOjE3MTQwODkzNTR9.Z4EP5s3-UKiwZNTlLOxwbjstRxZs5xeVZBGYYiixu6-I32n2n_sVDzxKHUH4FQLD2T37TUUa_bd3AQHZ-ALn_A
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder; platform_type=desktop; auid=sv0dL2Yq7Xxr7e+7AxAFAg==; SESSION=587ba088a1b8608459f8108426e49de1; window_width=1280; _glhf=1714107119; che_g=237c3e42-bb07-1392-9107-2863f3373895; application_locale=en; sh.session.id=36771331-bf5d-48a8-8829-8a3074d48db3; ggru=167; _ga_7JGWL9SV66=GS1.1.1714089355.1.0.1714089355.60.0.0; _ga=GA1.1.2128929782.1714089356
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:55 GMT
content-type: application/json; charset=utf-8
content-length: 2665
cache-control: public, max-age=5
content-encoding: br
last-modified: Thu, 25 Apr 2024 23:55:50 GMT
vary: Accept-Encoding
x-time-ng: 0.010
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2

1xlite-660473.top/service-api/LineFeed/GetSportsShortZip?lng=en&country=137&virtualSports=true&gr=285&groupChamps=true

178.253.29.47

200 OK

2.0 kB

URL GET HTTP/2
1xlite-660473.top/service-api/LineFeed/GetSportsShortZip?lng=en&country=137&virtualSports=true&gr=285&groupChamps=true
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
2.0 kB (2021 bytes)
Hash
945777af058bf9d43e194bb93cbd01ed
bc8a34cea40dc06877db40e401e7486c410a344a
794cc9ee16128a52ccc9355d9ed6447f0ee123b4dcb3886c25b97332a47d38fb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LineFeed/GetSportsShortZip?lng=en&country=137&virtualSports=true&gr=285&groupChamps=true HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en?tag=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiYi90Njcza1Z3Umd0Sm03WnV6WlQ3VkEvcG9sRU80UVhMNURtVnZMcG1kR0dmb3NDUFJScEpwcTJQeDltUk40SjkwTXFZYmU4WlBFR2xGTGVkLzhDMWxMWHZ0VHp5M09oU1FWMlFCUTVoSjFQdHVEYjg3RzhZbWJNTjFDcHpCYStuaE52VFkraUpHMmk0R3QwNlU2bFJTK0RsdENFclFiaVNTei9LZ0pNbzBEYnQzUzA1Qmc5Qmt0eXJQcXc4b2szcW9hemsxT01Sdk9IcEdlaTdQYUJnbFNabURCR3JXRUhvaDlURUtlczVaR3RBa1pDWHFyaFlDSWFHOTFDVS80SlJYaW5hYllFWTE5cEVRUlpWcG1SODM0VDJXa053dmI4MmdjMmdmWmlnMHVJIiwiZXhwIjoxNzE0MTAzNzU0LCJpYXQiOjE3MTQwODkzNTR9.Z4EP5s3-UKiwZNTlLOxwbjstRxZs5xeVZBGYYiixu6-I32n2n_sVDzxKHUH4FQLD2T37TUUa_bd3AQHZ-ALn_A
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder; platform_type=desktop; auid=sv0dL2Yq7Xxr7e+7AxAFAg==; SESSION=587ba088a1b8608459f8108426e49de1; window_width=1280; _glhf=1714107119; che_g=237c3e42-bb07-1392-9107-2863f3373895; application_locale=en; sh.session.id=36771331-bf5d-48a8-8829-8a3074d48db3; ggru=167; _ga_7JGWL9SV66=GS1.1.1714089355.1.0.1714089355.60.0.0; _ga=GA1.1.2128929782.1714089356
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:56 GMT
content-type: application/json; charset=utf-8
content-length: 2021
cache-control: public, max-age=5
content-encoding: br
last-modified: Thu, 25 Apr 2024 23:55:56 GMT
vary: Accept-Encoding
x-time-ng: 0.067
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.075
X-Firefox-Spdy: h2

region1.analytics.google.com/g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je44o0v897130004za200&_p=1714089355324&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=2128929782.1714089356&ul=en-us&sr=1280x1024&pscdl=noapi&_s=1&sid=1714089355&sct=1&seg=0&dl=https%3A%2F%2F1xlite-660473.top%2Fen%3Ftag%3Dd_34142m_22583c_%255B%255DMS%255B%255Dnull%255B%255Dnull%255B%255Dgeneral%255B%255D%257Bsite_id%257D_d22490_l30755_clickunder&dt=1xBet%20%E1%90%89%20Online%20sports%20betting%20%E1%90%89%201xBet%20online%20bookmaker%20log%20in%20%E1%90%89%201xlite-660473.top&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.optimize_id=GTM-5R4MT54&tfd=17836

216.239.32.36

204 No Content

0 B

URL POST HTTP/2
region1.analytics.google.com/g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je44o0v897130004za200&_p=1714089355324&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=2128929782.1714089356&ul=en-us&sr=1280x1024&pscdl=noapi&_s=1&sid=1714089355&sct=1&seg=0&dl=https%3A%2F%2F1xlite-660473.top%2Fen%3Ftag%3Dd_34142m_22583c_%255B%255DMS%255B%255Dnull%255B%255Dnull%255B%255Dgeneral%255B%255D%257Bsite_id%257D_d22490_l30755_clickunder&dt=1xBet%20%E1%90%89%20Online%20sports%20betting%20%E1%90%89%201xBet%20online%20bookmaker%20log%20in%20%E1%90%89%201xlite-660473.top&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.optimize_id=GTM-5R4MT54&tfd=17836
IP
216.239.32.36:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint1E:33:2E:4B:C3:51:05:B7:73:DC:21:BF:3E:02:B3:16:D8:0B:AB:BB
ValidityMon, 18 Mar 2024 19:37:14 GMT - Mon, 10 Jun 2024 19:37:13 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je44o0v897130004za200&_p=1714089355324&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=2128929782.1714089356&ul=en-us&sr=1280x1024&pscdl=noapi&_s=1&sid=1714089355&sct=1&seg=0&dl=https%3A%2F%2F1xlite-660473.top%2Fen%3Ftag%3Dd_34142m_22583c_%255B%255DMS%255B%255Dnull%255B%255Dnull%255B%255Dgeneral%255B%255D%257Bsite_id%257D_d22490_l30755_clickunder&dt=1xBet%20%E1%90%89%20Online%20sports%20betting%20%E1%90%89%201xBet%20online%20bookmaker%20log%20in%20%E1%90%89%201xlite-660473.top&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.optimize_id=GTM-5R4MT54&tfd=17836 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: https://1xlite-660473.top
date: Thu, 25 Apr 2024 23:55:56 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

1xlite-660473.top/web-api/default/img/icons/pixels2.svg?v=1714089344

178.253.29.47

200 OK

2.3 kB

URL GET HTTP/2
1xlite-660473.top/web-api/default/img/icons/pixels2.svg?v=1714089344
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
PNG image data, 1 x 1, 8-bit/color RGB, non-interlaced
Size
2.3 kB (2285 bytes)
Hash
fcd54e6a5b01c8146fba917de39b09b9
ce8e81a1ba4a5e22c0fa1d1d6e73407c77b40049
de2daa46446b57d0b50272b46fd06c5f44fb3eb04441dd0c60d3cc8d02f7ebc4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /web-api/default/img/icons/pixels2.svg?v=1714089344 HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/en?tag=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder; platform_type=desktop; auid=sv0dL2Yq7Xxr7e+7AxAFAg==; SESSION=587ba088a1b8608459f8108426e49de1; window_width=1280; _glhf=1714107119; che_g=237c3e42-bb07-1392-9107-2863f3373895; application_locale=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:44 GMT
content-type: image/png
cache-control: no-cache, private
server-timing: p;dur=12, dt_total;dur=13.784, wf-uht;dur=0.025
traceparent: 00-6faf3446f3548a4306bbda8b265c849d-dad8b832decb3ee3-01
x-dt: 285
x-time-ng: 0.013
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/banner/0cd280af89b0819825587a2cf75e33d0.jpg

185.244.209.62

200 OK

39 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1/desktop/banner/0cd280af89b0819825587a2cf75e33d0.jpg
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1380x248, components 3
Size
39 kB (39085 bytes)
Hash
b40d0e8304343f7070eff5ee310d7a98
db6c62254d55d3c26384345945ba84b4bafbf65e
484c8af4bfd7677b00a2d5d1dc26ab05990dc674585f71f9e8b21a79d95deff9

HTTP Headers

GET /genfiles/cms/1/desktop/banner/0cd280af89b0819825587a2cf75e33d0.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:58 GMT
content-type: image/jpeg
content-length: 39085
last-modified: Fri, 12 Apr 2024 09:23:30 GMT
etag: "b40d0e8304343f7070eff5ee310d7a98"
x-time-ng: 0.038
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-058c7d975a79a96c1d5d028bd3cf9399-f45abb03f34183fb-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-12T10:33:38+00:00, 2024-04-25T23:55:47+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-660473.top/service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true

178.253.29.47

200 OK

9.9 kB

URL GET HTTP/2
1xlite-660473.top/service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
9.9 kB (9938 bytes)
Hash
64792e9974b2c121aac9a5e27c4c2aab
f2263fad03c9c280809fdc3d252b75b45a298016
20478a6b67162d2048b6cc2b218960ebda4f099e1663d43a4b73ab303b3e7619

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en?tag=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiYi90Njcza1Z3Umd0Sm03WnV6WlQ3VkEvcG9sRU80UVhMNURtVnZMcG1kR0dmb3NDUFJScEpwcTJQeDltUk40SjkwTXFZYmU4WlBFR2xGTGVkLzhDMWxMWHZ0VHp5M09oU1FWMlFCUTVoSjFQdHVEYjg3RzhZbWJNTjFDcHpCYStuaE52VFkraUpHMmk0R3QwNlU2bFJTK0RsdENFclFiaVNTei9LZ0pNbzBEYnQzUzA1Qmc5Qmt0eXJQcXc4b2szcW9hemsxT01Sdk9IcEdlaTdQYUJnbFNabURCR3JXRUhvaDlURUtlczVaR3RBa1pDWHFyaFlDSWFHOTFDVS80SlJYaW5hYllFWTE5cEVRUlpWcG1SODM0VDJXa053dmI4MmdjMmdmWmlnMHVJIiwiZXhwIjoxNzE0MTAzNzU0LCJpYXQiOjE3MTQwODkzNTR9.Z4EP5s3-UKiwZNTlLOxwbjstRxZs5xeVZBGYYiixu6-I32n2n_sVDzxKHUH4FQLD2T37TUUa_bd3AQHZ-ALn_A
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder; platform_type=desktop; auid=sv0dL2Yq7Xxr7e+7AxAFAg==; SESSION=587ba088a1b8608459f8108426e49de1; window_width=1280; _glhf=1714107119; che_g=237c3e42-bb07-1392-9107-2863f3373895; application_locale=en; sh.session.id=36771331-bf5d-48a8-8829-8a3074d48db3; ggru=167; _ga_7JGWL9SV66=GS1.1.1714089355.1.0.1714089355.60.0.0; _ga=GA1.1.2128929782.1714089356
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:59 GMT
content-type: application/json; charset=utf-8
content-length: 9938
cache-control: public, max-age=5
content-encoding: br
last-modified: Thu, 25 Apr 2024 23:55:59 GMT
vary: Accept-Encoding
x-time-ng: 0.018
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.028
X-Firefox-Spdy: h2

1xlite-660473.top/service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true

178.253.29.47

200 OK

2.7 kB

URL GET HTTP/2
1xlite-660473.top/service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
2.7 kB (2682 bytes)
Hash
12ca3b10d1a07b72156d74bd13bb4374
b541c4883447422d7b35331bd37148a6376881f0
e7bb7e43d13b683aa9c3989444edc4ae574a315a79064f328d80318b77e41f4f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en?tag=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiYi90Njcza1Z3Umd0Sm03WnV6WlQ3VkEvcG9sRU80UVhMNURtVnZMcG1kR0dmb3NDUFJScEpwcTJQeDltUk40SjkwTXFZYmU4WlBFR2xGTGVkLzhDMWxMWHZ0VHp5M09oU1FWMlFCUTVoSjFQdHVEYjg3RzhZbWJNTjFDcHpCYStuaE52VFkraUpHMmk0R3QwNlU2bFJTK0RsdENFclFiaVNTei9LZ0pNbzBEYnQzUzA1Qmc5Qmt0eXJQcXc4b2szcW9hemsxT01Sdk9IcEdlaTdQYUJnbFNabURCR3JXRUhvaDlURUtlczVaR3RBa1pDWHFyaFlDSWFHOTFDVS80SlJYaW5hYllFWTE5cEVRUlpWcG1SODM0VDJXa053dmI4MmdjMmdmWmlnMHVJIiwiZXhwIjoxNzE0MTAzNzU0LCJpYXQiOjE3MTQwODkzNTR9.Z4EP5s3-UKiwZNTlLOxwbjstRxZs5xeVZBGYYiixu6-I32n2n_sVDzxKHUH4FQLD2T37TUUa_bd3AQHZ-ALn_A
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder; platform_type=desktop; auid=sv0dL2Yq7Xxr7e+7AxAFAg==; SESSION=587ba088a1b8608459f8108426e49de1; window_width=1280; _glhf=1714107119; che_g=237c3e42-bb07-1392-9107-2863f3373895; application_locale=en; sh.session.id=36771331-bf5d-48a8-8829-8a3074d48db3; ggru=167; _ga_7JGWL9SV66=GS1.1.1714089355.1.0.1714089355.60.0.0; _ga=GA1.1.2128929782.1714089356
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:56:01 GMT
content-type: application/json; charset=utf-8
content-length: 2682
cache-control: public, max-age=5
content-encoding: br
last-modified: Thu, 25 Apr 2024 23:56:01 GMT
vary: Accept-Encoding
x-time-ng: 0.020
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.031
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/banner/48c55a46abd5ab116e797f7903d61d9a.webp

185.244.209.62

22 kB

URL
v3.traincdn.com/genfiles/cms/1/desktop/banner/48c55a46abd5ab116e797f7903d61d9a.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1380x248, Scaling: [none]x[none], YUV color, decoders should clamp
Size
22 kB (22384 bytes)
Hash
223959ab229c22ef60216e9c780ef376
03fef16fe4253987b207ebd4f5ab77da8262cad7
07dc1d52de65dc11175476efd14081c77cec2379f6b78879bca4c079c2675a3e

HTTP Headers

GET /genfiles/cms/1/desktop/banner/48c55a46abd5ab116e797f7903d61d9a.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:56:03 GMT
content-type: image/webp
content-length: 22384
last-modified: Wed, 06 Sep 2023 13:14:07 GMT
etag: "223959ab229c22ef60216e9c780ef376"
x-time-ng: 0.001
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2024-02-27T14:23:29+00:00
traceparent: 00-a5f270335d2972bba1386d62fb8b8702-bcddba90c6e35dc3-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-660473.top/service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true

178.253.29.47

200 OK

9.9 kB

URL GET HTTP/2
1xlite-660473.top/service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
9.9 kB (9938 bytes)
Hash
64792e9974b2c121aac9a5e27c4c2aab
f2263fad03c9c280809fdc3d252b75b45a298016
20478a6b67162d2048b6cc2b218960ebda4f099e1663d43a4b73ab303b3e7619

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en?tag=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiYi90Njcza1Z3Umd0Sm03WnV6WlQ3VkEvcG9sRU80UVhMNURtVnZMcG1kR0dmb3NDUFJScEpwcTJQeDltUk40SjkwTXFZYmU4WlBFR2xGTGVkLzhDMWxMWHZ0VHp5M09oU1FWMlFCUTVoSjFQdHVEYjg3RzhZbWJNTjFDcHpCYStuaE52VFkraUpHMmk0R3QwNlU2bFJTK0RsdENFclFiaVNTei9LZ0pNbzBEYnQzUzA1Qmc5Qmt0eXJQcXc4b2szcW9hemsxT01Sdk9IcEdlaTdQYUJnbFNabURCR3JXRUhvaDlURUtlczVaR3RBa1pDWHFyaFlDSWFHOTFDVS80SlJYaW5hYllFWTE5cEVRUlpWcG1SODM0VDJXa053dmI4MmdjMmdmWmlnMHVJIiwiZXhwIjoxNzE0MTAzNzU0LCJpYXQiOjE3MTQwODkzNTR9.Z4EP5s3-UKiwZNTlLOxwbjstRxZs5xeVZBGYYiixu6-I32n2n_sVDzxKHUH4FQLD2T37TUUa_bd3AQHZ-ALn_A
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder; platform_type=desktop; auid=sv0dL2Yq7Xxr7e+7AxAFAg==; SESSION=587ba088a1b8608459f8108426e49de1; window_width=1280; _glhf=1714107119; che_g=237c3e42-bb07-1392-9107-2863f3373895; application_locale=en; sh.session.id=36771331-bf5d-48a8-8829-8a3074d48db3; ggru=167; _ga_7JGWL9SV66=GS1.1.1714089355.1.0.1714089355.60.0.0; _ga=GA1.1.2128929782.1714089356
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:56:04 GMT
content-type: application/json; charset=utf-8
content-length: 9938
cache-control: public, max-age=5
content-encoding: br
last-modified: Thu, 25 Apr 2024 23:55:59 GMT
vary: Accept-Encoding
x-time-ng: 0.018
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2

1xlite-660473.top/service-api/LiveFeed/WebGetTopChampsZip?lng=en&gr=285&country=137

178.253.29.47

200 OK

266 B

URL GET HTTP/2
1xlite-660473.top/service-api/LiveFeed/WebGetTopChampsZip?lng=en&gr=285&country=137
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
266 B (266 bytes)
Hash
f8ff37b50397222b6b0fc5254695b78c
246172bd71b85ecac94c7cbe5a4d35b0e17d3e2f
8729571270ff6fca33ba3564cda631a6133387c9a2cb7ec221ec73d91fa6d829

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/WebGetTopChampsZip?lng=en&gr=285&country=137 HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en?tag=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiYi90Njcza1Z3Umd0Sm03WnV6WlQ3VkEvcG9sRU80UVhMNURtVnZMcG1kR0dmb3NDUFJScEpwcTJQeDltUk40SjkwTXFZYmU4WlBFR2xGTGVkLzhDMWxMWHZ0VHp5M09oU1FWMlFCUTVoSjFQdHVEYjg3RzhZbWJNTjFDcHpCYStuaE52VFkraUpHMmk0R3QwNlU2bFJTK0RsdENFclFiaVNTei9LZ0pNbzBEYnQzUzA1Qmc5Qmt0eXJQcXc4b2szcW9hemsxT01Sdk9IcEdlaTdQYUJnbFNabURCR3JXRUhvaDlURUtlczVaR3RBa1pDWHFyaFlDSWFHOTFDVS80SlJYaW5hYllFWTE5cEVRUlpWcG1SODM0VDJXa053dmI4MmdjMmdmWmlnMHVJIiwiZXhwIjoxNzE0MTAzNzU0LCJpYXQiOjE3MTQwODkzNTR9.Z4EP5s3-UKiwZNTlLOxwbjstRxZs5xeVZBGYYiixu6-I32n2n_sVDzxKHUH4FQLD2T37TUUa_bd3AQHZ-ALn_A
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder; platform_type=desktop; auid=sv0dL2Yq7Xxr7e+7AxAFAg==; SESSION=587ba088a1b8608459f8108426e49de1; window_width=1280; _glhf=1714107119; che_g=237c3e42-bb07-1392-9107-2863f3373895; application_locale=en; sh.session.id=36771331-bf5d-48a8-8829-8a3074d48db3; ggru=167; _ga_7JGWL9SV66=GS1.1.1714089355.1.0.1714089355.60.0.0; _ga=GA1.1.2128929782.1714089356
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:56:05 GMT
content-type: application/json; charset=utf-8
content-length: 266
cache-control: no-cache
content-encoding: br
last-modified: Thu, 25 Apr 2024 23:56:05 GMT
vary: Accept-Encoding
x-time-ng: 0.004
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.012
X-Firefox-Spdy: h2

1xlite-660473.top/service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true

178.253.29.47

200 OK

2.7 kB

URL GET HTTP/2
1xlite-660473.top/service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
2.7 kB (2682 bytes)
Hash
12ca3b10d1a07b72156d74bd13bb4374
b541c4883447422d7b35331bd37148a6376881f0
e7bb7e43d13b683aa9c3989444edc4ae574a315a79064f328d80318b77e41f4f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en?tag=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiYi90Njcza1Z3Umd0Sm03WnV6WlQ3VkEvcG9sRU80UVhMNURtVnZMcG1kR0dmb3NDUFJScEpwcTJQeDltUk40SjkwTXFZYmU4WlBFR2xGTGVkLzhDMWxMWHZ0VHp5M09oU1FWMlFCUTVoSjFQdHVEYjg3RzhZbWJNTjFDcHpCYStuaE52VFkraUpHMmk0R3QwNlU2bFJTK0RsdENFclFiaVNTei9LZ0pNbzBEYnQzUzA1Qmc5Qmt0eXJQcXc4b2szcW9hemsxT01Sdk9IcEdlaTdQYUJnbFNabURCR3JXRUhvaDlURUtlczVaR3RBa1pDWHFyaFlDSWFHOTFDVS80SlJYaW5hYllFWTE5cEVRUlpWcG1SODM0VDJXa053dmI4MmdjMmdmWmlnMHVJIiwiZXhwIjoxNzE0MTAzNzU0LCJpYXQiOjE3MTQwODkzNTR9.Z4EP5s3-UKiwZNTlLOxwbjstRxZs5xeVZBGYYiixu6-I32n2n_sVDzxKHUH4FQLD2T37TUUa_bd3AQHZ-ALn_A
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder; platform_type=desktop; auid=sv0dL2Yq7Xxr7e+7AxAFAg==; SESSION=587ba088a1b8608459f8108426e49de1; window_width=1280; _glhf=1714107119; che_g=237c3e42-bb07-1392-9107-2863f3373895; application_locale=en; sh.session.id=36771331-bf5d-48a8-8829-8a3074d48db3; ggru=167; _ga_7JGWL9SV66=GS1.1.1714089355.1.0.1714089355.60.0.0; _ga=GA1.1.2128929782.1714089356
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:56:06 GMT
content-type: application/json; charset=utf-8
content-length: 2682
cache-control: public, max-age=5
content-encoding: br
last-modified: Thu, 25 Apr 2024 23:56:01 GMT
vary: Accept-Encoding
x-time-ng: 0.020
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2

1xlite-660473.top/service-api/LineFeed/GetSportsShortZip?lng=en&country=137&virtualSports=true&gr=285&groupChamps=true

178.253.29.47

200 OK

2.0 kB

URL GET HTTP/2
1xlite-660473.top/service-api/LineFeed/GetSportsShortZip?lng=en&country=137&virtualSports=true&gr=285&groupChamps=true
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
2.0 kB (2021 bytes)
Hash
945777af058bf9d43e194bb93cbd01ed
bc8a34cea40dc06877db40e401e7486c410a344a
794cc9ee16128a52ccc9355d9ed6447f0ee123b4dcb3886c25b97332a47d38fb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LineFeed/GetSportsShortZip?lng=en&country=137&virtualSports=true&gr=285&groupChamps=true HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en?tag=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiYi90Njcza1Z3Umd0Sm03WnV6WlQ3VkEvcG9sRU80UVhMNURtVnZMcG1kR0dmb3NDUFJScEpwcTJQeDltUk40SjkwTXFZYmU4WlBFR2xGTGVkLzhDMWxMWHZ0VHp5M09oU1FWMlFCUTVoSjFQdHVEYjg3RzhZbWJNTjFDcHpCYStuaE52VFkraUpHMmk0R3QwNlU2bFJTK0RsdENFclFiaVNTei9LZ0pNbzBEYnQzUzA1Qmc5Qmt0eXJQcXc4b2szcW9hemsxT01Sdk9IcEdlaTdQYUJnbFNabURCR3JXRUhvaDlURUtlczVaR3RBa1pDWHFyaFlDSWFHOTFDVS80SlJYaW5hYllFWTE5cEVRUlpWcG1SODM0VDJXa053dmI4MmdjMmdmWmlnMHVJIiwiZXhwIjoxNzE0MTAzNzU0LCJpYXQiOjE3MTQwODkzNTR9.Z4EP5s3-UKiwZNTlLOxwbjstRxZs5xeVZBGYYiixu6-I32n2n_sVDzxKHUH4FQLD2T37TUUa_bd3AQHZ-ALn_A
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder; platform_type=desktop; auid=sv0dL2Yq7Xxr7e+7AxAFAg==; SESSION=587ba088a1b8608459f8108426e49de1; window_width=1280; _glhf=1714107119; che_g=237c3e42-bb07-1392-9107-2863f3373895; application_locale=en; sh.session.id=36771331-bf5d-48a8-8829-8a3074d48db3; ggru=167; _ga_7JGWL9SV66=GS1.1.1714089355.1.0.1714089355.60.0.0; _ga=GA1.1.2128929782.1714089356
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:56:06 GMT
content-type: application/json; charset=utf-8
content-length: 2021
cache-control: public, max-age=5
content-encoding: br
last-modified: Thu, 25 Apr 2024 23:56:06 GMT
vary: Accept-Encoding
x-time-ng: 0.075
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.082
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/3083a20a3f73c30fce38710d7ada9cbb.svg

185.244.209.62

200 OK

30 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/3083a20a3f73c30fce38710d7ada9cbb.svg
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
30 kB (30110 bytes)
Hash
bc17c99b94c74514265b2e39b2dd1599
50d711503c99c142882d7117174afbbdb9a9e2bf
cf5d4bb7bcab5b6506f4817f919e909b9b9c5eecae72b32c04c53dac15c03a20

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/3083a20a3f73c30fce38710d7ada9cbb.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:45 GMT
content-type: image/svg+xml
last-modified: Wed, 19 Apr 2023 11:51:30 GMT
etag: W/"3ae81b002dca46d3b732ce3e03ae35c6"
content-encoding: gzip
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-5dff9705a0aa4a1df4407c63d98e4638-c46b57c57150eb02-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T08:36:11+00:00, 2024-04-25T23:21:47+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/banner/ae180f15a3d5b627f628afdca3fa6bdd.webp

185.244.209.62

37 kB

URL
v3.traincdn.com/genfiles/cms/1/desktop/banner/ae180f15a3d5b627f628afdca3fa6bdd.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1380x248, Scaling: [none]x[none], YUV color, decoders should clamp
Size
37 kB (37416 bytes)
Hash
75deadbff841341315c61275cb663d23
83f7a4805c1fe1e50c30ffe9372a2a4125a829e1
5535616e6979cbfeb494b91c37ac03dde69a30469e78ac0c6e80a778cb34393b

HTTP Headers

GET /genfiles/cms/1/desktop/banner/ae180f15a3d5b627f628afdca3fa6bdd.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:56:08 GMT
content-type: image/webp
content-length: 37416
last-modified: Wed, 20 Mar 2024 13:47:46 GMT
etag: "75deadbff841341315c61275cb663d23"
x-time-ng: 0.003
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2024-04-01T08:00:53+00:00
traceparent: 00-678cdeab092cb2f38f11d41eace62af7-acddb390cc739ebe-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-660473.top/service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true

178.253.29.47

200 OK

10 kB

URL GET HTTP/2
1xlite-660473.top/service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
10 kB (9954 bytes)
Hash
5b5c98c25be4e9538c90a2e56e6932f0
457fea00a7f3d0e3481960ac09d16ab88c394db7
942ef44e24c4ab013fe7dcab088ca333dfac937069b7a9433074909a370a6be8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en?tag=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiYi90Njcza1Z3Umd0Sm03WnV6WlQ3VkEvcG9sRU80UVhMNURtVnZMcG1kR0dmb3NDUFJScEpwcTJQeDltUk40SjkwTXFZYmU4WlBFR2xGTGVkLzhDMWxMWHZ0VHp5M09oU1FWMlFCUTVoSjFQdHVEYjg3RzhZbWJNTjFDcHpCYStuaE52VFkraUpHMmk0R3QwNlU2bFJTK0RsdENFclFiaVNTei9LZ0pNbzBEYnQzUzA1Qmc5Qmt0eXJQcXc4b2szcW9hemsxT01Sdk9IcEdlaTdQYUJnbFNabURCR3JXRUhvaDlURUtlczVaR3RBa1pDWHFyaFlDSWFHOTFDVS80SlJYaW5hYllFWTE5cEVRUlpWcG1SODM0VDJXa053dmI4MmdjMmdmWmlnMHVJIiwiZXhwIjoxNzE0MTAzNzU0LCJpYXQiOjE3MTQwODkzNTR9.Z4EP5s3-UKiwZNTlLOxwbjstRxZs5xeVZBGYYiixu6-I32n2n_sVDzxKHUH4FQLD2T37TUUa_bd3AQHZ-ALn_A
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder; platform_type=desktop; auid=sv0dL2Yq7Xxr7e+7AxAFAg==; SESSION=587ba088a1b8608459f8108426e49de1; window_width=1280; _glhf=1714107119; che_g=237c3e42-bb07-1392-9107-2863f3373895; application_locale=en; sh.session.id=36771331-bf5d-48a8-8829-8a3074d48db3; ggru=167; _ga_7JGWL9SV66=GS1.1.1714089355.1.0.1714089355.60.0.0; _ga=GA1.1.2128929782.1714089356
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:56:09 GMT
content-type: application/json; charset=utf-8
content-length: 9954
cache-control: public, max-age=5
content-encoding: br
last-modified: Thu, 25 Apr 2024 23:56:09 GMT
vary: Accept-Encoding
x-time-ng: 0.018
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.030
X-Firefox-Spdy: h2

pp23vi1.com/static/pixel.gif?1714089371374

178.253.14.123

43 B

URL
pp23vi1.com/static/pixel.gif?1714089371374
IP
178.253.14.123:0
ASN
#202492 Silverhill Group Holding Ltd

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

HTTP Headers

GET /static/pixel.gif?1714089371374 HTTP/1.1
Host: pp23vi1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:56:11 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: no-cache
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2

1xlite-660473.top/service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true

178.253.29.47

200 OK

2.7 kB

URL GET HTTP/2
1xlite-660473.top/service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
2.7 kB (2695 bytes)
Hash
dac8639f4b777e5322f8b24a65330da2
0ac37945f4a6b61107bac44c0eadabdb6839d5d1
6a5b89a73266f1f3ec39be96021fac7fc8689a9edba3184f1464d2766d35542d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/GetSportsShortZip?lng=en&gr=285&country=137&virtualSports=true&groupChamps=true HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en?tag=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiYi90Njcza1Z3Umd0Sm03WnV6WlQ3VkEvcG9sRU80UVhMNURtVnZMcG1kR0dmb3NDUFJScEpwcTJQeDltUk40SjkwTXFZYmU4WlBFR2xGTGVkLzhDMWxMWHZ0VHp5M09oU1FWMlFCUTVoSjFQdHVEYjg3RzhZbWJNTjFDcHpCYStuaE52VFkraUpHMmk0R3QwNlU2bFJTK0RsdENFclFiaVNTei9LZ0pNbzBEYnQzUzA1Qmc5Qmt0eXJQcXc4b2szcW9hemsxT01Sdk9IcEdlaTdQYUJnbFNabURCR3JXRUhvaDlURUtlczVaR3RBa1pDWHFyaFlDSWFHOTFDVS80SlJYaW5hYllFWTE5cEVRUlpWcG1SODM0VDJXa053dmI4MmdjMmdmWmlnMHVJIiwiZXhwIjoxNzE0MTAzNzU0LCJpYXQiOjE3MTQwODkzNTR9.Z4EP5s3-UKiwZNTlLOxwbjstRxZs5xeVZBGYYiixu6-I32n2n_sVDzxKHUH4FQLD2T37TUUa_bd3AQHZ-ALn_A
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder; platform_type=desktop; auid=sv0dL2Yq7Xxr7e+7AxAFAg==; SESSION=587ba088a1b8608459f8108426e49de1; window_width=1280; _glhf=1714107119; che_g=237c3e42-bb07-1392-9107-2863f3373895; application_locale=en; sh.session.id=36771331-bf5d-48a8-8829-8a3074d48db3; ggru=167; _ga_7JGWL9SV66=GS1.1.1714089355.1.0.1714089355.60.0.0; _ga=GA1.1.2128929782.1714089356
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:56:11 GMT
content-type: application/json; charset=utf-8
content-length: 2695
cache-control: public, max-age=5
content-encoding: br
last-modified: Thu, 25 Apr 2024 23:56:11 GMT
vary: Accept-Encoding
x-time-ng: 0.011
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.019
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/banner/02ba76589565792069601ad523578b27.webp

185.244.209.62

23 kB

URL
v3.traincdn.com/genfiles/cms/1/desktop/banner/02ba76589565792069601ad523578b27.webp
IP
185.244.209.62:0
ASN
#199524 G-Core Labs S.A.

Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1380x248, Scaling: [none]x[none], YUV color, decoders should clamp
Size
23 kB (22774 bytes)
Hash
94f24dc02426e0d7baf117e11bd3fd36
2482ed081abe85f9470a290ca0d362f0c9dd94a3
c4c5ae9f997b5aaa309494bcba42b17504a76daf7f0da2674df6314d8a9841fb

HTTP Headers

GET /genfiles/cms/1/desktop/banner/02ba76589565792069601ad523578b27.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:56:13 GMT
content-type: image/webp
content-length: 22774
last-modified: Thu, 07 Mar 2024 08:40:40 GMT
etag: "94f24dc02426e0d7baf117e11bd3fd36"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2024-04-22T22:00:55+00:00
traceparent: 00-6ae144cf00dc2d1f40ee8b9844a96375-66b11b7367c8ca93-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-660473.top/service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true

178.253.29.47

200 OK

10 kB

URL GET HTTP/2
1xlite-660473.top/service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
10 kB (9954 bytes)
Hash
5b5c98c25be4e9538c90a2e56e6932f0
457fea00a7f3d0e3481960ac09d16ab88c394db7
942ef44e24c4ab013fe7dcab088ca333dfac937069b7a9433074909a370a6be8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/Get1x2_VZip?count=20&lng=en&gr=285&mode=4&country=137&virtualSports=true&noFilterBlockEvent=true HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en?tag=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiYi90Njcza1Z3Umd0Sm03WnV6WlQ3VkEvcG9sRU80UVhMNURtVnZMcG1kR0dmb3NDUFJScEpwcTJQeDltUk40SjkwTXFZYmU4WlBFR2xGTGVkLzhDMWxMWHZ0VHp5M09oU1FWMlFCUTVoSjFQdHVEYjg3RzhZbWJNTjFDcHpCYStuaE52VFkraUpHMmk0R3QwNlU2bFJTK0RsdENFclFiaVNTei9LZ0pNbzBEYnQzUzA1Qmc5Qmt0eXJQcXc4b2szcW9hemsxT01Sdk9IcEdlaTdQYUJnbFNabURCR3JXRUhvaDlURUtlczVaR3RBa1pDWHFyaFlDSWFHOTFDVS80SlJYaW5hYllFWTE5cEVRUlpWcG1SODM0VDJXa053dmI4MmdjMmdmWmlnMHVJIiwiZXhwIjoxNzE0MTAzNzU0LCJpYXQiOjE3MTQwODkzNTR9.Z4EP5s3-UKiwZNTlLOxwbjstRxZs5xeVZBGYYiixu6-I32n2n_sVDzxKHUH4FQLD2T37TUUa_bd3AQHZ-ALn_A
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder; platform_type=desktop; auid=sv0dL2Yq7Xxr7e+7AxAFAg==; SESSION=587ba088a1b8608459f8108426e49de1; window_width=1280; _glhf=1714107119; che_g=237c3e42-bb07-1392-9107-2863f3373895; application_locale=en; sh.session.id=36771331-bf5d-48a8-8829-8a3074d48db3; ggru=167; _ga_7JGWL9SV66=GS1.1.1714089355.1.0.1714089355.60.0.0; _ga=GA1.1.2128929782.1714089356; che_i=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:56:14 GMT
content-type: application/json; charset=utf-8
content-length: 9954
cache-control: public, max-age=5
content-encoding: br
last-modified: Thu, 25 Apr 2024 23:56:09 GMT
vary: Accept-Encoding
x-time-ng: 0.018
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2

1xlite-660473.top/service-api/LiveFeed/WebGetTopChampsZip?lng=en&gr=285&country=137

178.253.29.47

200 OK

329 B

URL GET HTTP/2
1xlite-660473.top/service-api/LiveFeed/WebGetTopChampsZip?lng=en&gr=285&country=137
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
329 B (329 bytes)
Hash
f8ff37b50397222b6b0fc5254695b78c
246172bd71b85ecac94c7cbe5a4d35b0e17d3e2f
8729571270ff6fca33ba3564cda631a6133387c9a2cb7ec221ec73d91fa6d829

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /service-api/LiveFeed/WebGetTopChampsZip?lng=en&gr=285&country=137 HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en?tag=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder
content-type: application/json
x-requested-with: XMLHttpRequest
x-hd: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJndWlkIjoiYi90Njcza1Z3Umd0Sm03WnV6WlQ3VkEvcG9sRU80UVhMNURtVnZMcG1kR0dmb3NDUFJScEpwcTJQeDltUk40SjkwTXFZYmU4WlBFR2xGTGVkLzhDMWxMWHZ0VHp5M09oU1FWMlFCUTVoSjFQdHVEYjg3RzhZbWJNTjFDcHpCYStuaE52VFkraUpHMmk0R3QwNlU2bFJTK0RsdENFclFiaVNTei9LZ0pNbzBEYnQzUzA1Qmc5Qmt0eXJQcXc4b2szcW9hemsxT01Sdk9IcEdlaTdQYUJnbFNabURCR3JXRUhvaDlURUtlczVaR3RBa1pDWHFyaFlDSWFHOTFDVS80SlJYaW5hYllFWTE5cEVRUlpWcG1SODM0VDJXa053dmI4MmdjMmdmWmlnMHVJIiwiZXhwIjoxNzE0MTAzNzU0LCJpYXQiOjE3MTQwODkzNTR9.Z4EP5s3-UKiwZNTlLOxwbjstRxZs5xeVZBGYYiixu6-I32n2n_sVDzxKHUH4FQLD2T37TUUa_bd3AQHZ-ALn_A
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder; platform_type=desktop; auid=sv0dL2Yq7Xxr7e+7AxAFAg==; SESSION=587ba088a1b8608459f8108426e49de1; window_width=1280; _glhf=1714107119; che_g=237c3e42-bb07-1392-9107-2863f3373895; application_locale=en; sh.session.id=36771331-bf5d-48a8-8829-8a3074d48db3; ggru=167; _ga_7JGWL9SV66=GS1.1.1714089355.1.0.1714089355.60.0.0; _ga=GA1.1.2128929782.1714089356; che_i=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:56:15 GMT
content-type: application/json; charset=utf-8
content-length: 329
cache-control: no-cache
last-modified: Thu, 25 Apr 2024 23:56:15 GMT
x-time-ng: 0.004
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.012
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/7bd3bc288fd4.js

185.244.209.62

200 OK

450 B

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/7bd3bc288fd4.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (461), with no line terminators
Size
450 B (450 bytes)
Hash
94396d27c4d9bbfc299a901902e1f11d
b3d5fb445111c1b6b783db81a899a548488ebf13
33fc76fe427142c306a281e02daec062575fe489c63851cb55b487e1b058699e

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/7bd3bc288fd4.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:49 GMT
content-type: text/javascript; charset=utf-8
content-length: 450
last-modified: Tue, 23 Apr 2024 12:34:12 GMT
etag: "056ce527a12544a37f984ac598be2344"
x-amz-meta-mtime: 1713875281.717615371
expires: Thu, 25 Apr 2024 08:42:34 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-bea1201da70e6bf63a95b56fdf11da1b-e354a6d1c6d83711-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-24T08:42:34+00:00, 2024-04-25T15:38:02+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/64dfdd8b8c9a.css

185.244.209.62

200 OK

289 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/64dfdd8b8c9a.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
289 kB (289227 bytes)
Hash
2605377ca9d2798b33fd07bc8da267d2
eed73cfda60c9543e553820f2ad6e5595ab536dd
64dfdd8b8c9aac073358493bac418554f2e14624ba26bbd98d328ed23e80a58f

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/64dfdd8b8c9a.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:45 GMT
content-type: text/css; charset=utf-8
last-modified: Tue, 23 Apr 2024 12:34:23 GMT
etag: W/"2605377ca9d2798b33fd07bc8da267d2"
x-amz-meta-mtime: 1713875281.709615308
content-encoding: gzip
expires: Wed, 24 Apr 2024 12:55:05 GMT
cache-control: max-age=86400
x-time-ng: 0.003
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-47e4ae6a5238ce73a2219aaec9eb98aa-e189eda9db48e9e1-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-23T12:55:05+00:00, 2024-04-25T13:05:49+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/93ec59abc015.js

185.244.209.62

200 OK

731 B

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/93ec59abc015.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (754), with no line terminators
Size
731 B (731 bytes)
Hash
d4e7ea71a87b1f1c120557c0645d517a
16245d27e56477993925754ded67747f4a22457a
55a7929fe0360afd2ceea901f484065432f5cbd00d12ce1bc4773407272d005f

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/93ec59abc015.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:49 GMT
content-type: text/javascript; charset=utf-8
content-length: 731
last-modified: Tue, 23 Apr 2024 12:34:23 GMT
etag: "7d7870ff5bec46f886d9df91c47f1bd0"
x-amz-meta-mtime: 1713875281.725615432
expires: Wed, 24 Apr 2024 12:55:15 GMT
cache-control: max-age=86400
x-time-ng: 0.004
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-9bb9fd87adddbaf9289a3b7105957e9e-41ec61d918ceb709-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-23T12:55:15+00:00, 2024-04-25T13:05:55+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/2e7e82ef0fd8.css

185.244.209.62

200 OK

67 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/2e7e82ef0fd8.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
67 kB (67103 bytes)
Hash
86bbeccf1800ba74e6c228c6ac503cef
d4313d9e6192f09b3fb3a6271878833647ac4076
2e7e82ef0fd81f87d43846e9c6bf605560206cc4ec9689695447f786d43448b8

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/2e7e82ef0fd8.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:49 GMT
content-type: text/css; charset=utf-8
last-modified: Tue, 23 Apr 2024 12:34:22 GMT
etag: W/"86bbeccf1800ba74e6c228c6ac503cef"
x-amz-meta-mtime: 1713875281.697615214
content-encoding: gzip
expires: Wed, 24 Apr 2024 12:55:15 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-10d257b6125b9d46636f81053d26af48-dc0652f87a0c48ff-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-23T12:55:15+00:00, 2024-04-25T13:05:55+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/shared-assets/__shared_sweetalert2_X3CQ7PJQ.js

185.244.209.62

200 OK

69 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/shared-assets/__shared_sweetalert2_X3CQ7PJQ.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (32238)
Size
69 kB (68856 bytes)
Hash
138de5d55ee831195dd90bbf5c557926
4413082980942643803d8d4567df2f8395c0e868
55a6d9d38b0c68a21367ae7ae43333bfa61e2eddd38b2376eb5b192f0a0383cd

HTTP Headers

GET /sys-static/shared-assets/__shared_sweetalert2_X3CQ7PJQ.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:48 GMT
content-type: text/javascript; charset=utf-8
last-modified: Thu, 25 Apr 2024 14:15:00 GMT
etag: W/"138de5d55ee831195dd90bbf5c557926"
x-amz-meta-mtime: 1714054361.504148121
content-encoding: gzip
expires: Fri, 26 Apr 2024 15:18:02 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-01fa2cf9a0e7052df8fda6a31d1a16e3-d03d78e9cd11dbf2-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T15:18:02+00:00, 2024-04-25T15:52:17+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/6684c66fedf3.js

185.244.209.62

200 OK

715 B

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/6684c66fedf3.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (734), with no line terminators
Size
715 B (715 bytes)
Hash
2efb888dbb9343ee6d683e8d796d82f4
1e1e489141485affbc1919d379cf88f7d65d23e2
e019ff00da941f85d11e34442751266d09e627a7191f2b2177018c625ffe346c

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/6684c66fedf3.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:49 GMT
content-type: text/javascript; charset=utf-8
content-length: 715
last-modified: Tue, 23 Apr 2024 12:34:23 GMT
etag: "363cae3f1a92357379ce31b700f431ee"
x-amz-meta-mtime: 1713875281.713615339
expires: Wed, 24 Apr 2024 12:55:16 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-5ff11906bdeeee4cb076fa8a4b26d575-ec38475d326d9548-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-23T12:55:16+00:00, 2024-04-25T14:33:03+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/banner/8c83a62ae8afe0aa371618f02b8e4a01.jpg

0.0.0.0

0 B

URL GET
v3.traincdn.com/genfiles/cms/1/desktop/banner/8c83a62ae8afe0aa371618f02b8e4a01.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /genfiles/cms/1/desktop/banner/8c83a62ae8afe0aa371618f02b8e4a01.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

v3.traincdn.com/_nuxt/desktop/default/vendors/conversion-c1b13bbc.js

185.244.209.62

200 OK

199 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/vendors/conversion-c1b13bbc.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type

Size
199 kB (198582 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /_nuxt/desktop/default/vendors/conversion-c1b13bbc.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:50 GMT
content-type: application/javascript; charset=utf-8
content-length: 66631
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-10447"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:28:46 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-d4d1a2d7ac2ed7be2e941d8ee61c36ba-30b03acae09b774e-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:46+00:00, 2024-04-25T14:33:04+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-660473.top/paysystems/information/systems?lang=en&ref_id=1&geo=NO

178.253.29.47

200 OK

27 kB

URL GET HTTP/2
1xlite-660473.top/paysystems/information/systems?lang=en&ref_id=1&geo=NO
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
27 kB (27142 bytes)
Hash
812c2f39676a30e71127d858e88c0d15
f0e169da1feb9f5dc5171e5c703e87c3789212f2
e44186c360b880fbdfb7d84c89156a688e94f55c2a7f7a58bb176e8024eb1ebf

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /paysystems/information/systems?lang=en&ref_id=1&geo=NO HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en?tag=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder; platform_type=desktop; auid=sv0dL2Yq7Xxr7e+7AxAFAg==; SESSION=587ba088a1b8608459f8108426e49de1; window_width=1280
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:43 GMT
content-type: application/json
cache-control: max-age=0, must-revalidate, private
content-encoding: br
expires: Thu, 25 Apr 2024 23:55:43 GMT
set-cookie: application_locale=en; expires=Sat, 25-May-2024 23:55:43 GMT; Max-Age=2592000; path=/; secure; samesite=lax
traceparent: 00-d632e514207306fec43599e25be8dd4f-979653aabe3fe1a1-01
vary: Accept-Encoding
x-dt: 285
x-time-ng: 0.212, 0.215
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=223.967, wf-uht;dur=0.232
X-Firefox-Spdy: h2

v3.traincdn.com/sys-ui/3.2.2/Desktop/Default/client.css

185.244.209.62

200 OK

1.0 MB

URL GET HTTP/2
v3.traincdn.com/sys-ui/3.2.2/Desktop/Default/client.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type

Size
1.0 MB (1048646 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /sys-ui/3.2.2/Desktop/Default/client.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:45 GMT
content-type: text/css; charset=utf-8
last-modified: Fri, 19 Apr 2024 10:16:19 GMT
etag: W/"e4b8405071f7ea0e1aa13cd501543a44"
x-amz-meta-mtime: 1713521458.745453226
content-encoding: gzip
expires: Sat, 20 Apr 2024 11:51:17 GMT
cache-control: max-age=86400
x-time-ng: 0.010
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-eccfd51a0f04f1787b9ce53304ad068b-1b400331ad4a7cea-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-19T11:51:17+00:00, 2024-04-25T13:42:38+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/framework-49f1e091cbf6b261.js

104.18.39.72

200 OK

141 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/chunks/framework-49f1e091cbf6b261.js
IP
104.18.39.72:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
141 kB (140949 bytes)
Hash
896d1930437c1ab92b8a359c1d6fdaae
71e0e23d1af9722f356eb5d1c497d100ec8b0f7a
8c508636d885890bfb5c56bcd6dad1b8b64c498781d351b588a8de7f686774d4

HTTP Headers

GET /_next/static/chunks/framework-49f1e091cbf6b261.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 25 Apr 2024 23:55:45 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 02 Nov 2023 12:45:49 GMT
etag: W/"22695-18b9011853a"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 13463934
expires: Fri, 25 Apr 2025 23:55:45 GMT
server: cloudflare
cf-ray: 87a244070ded56ae-OSL
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66

142.250.74.72

200 OK

318 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66
IP
142.250.74.72:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint1E:33:2E:4B:C3:51:05:B7:73:DC:21:BF:3E:02:B3:16:D8:0B:AB:BB
ValidityMon, 18 Mar 2024 19:37:14 GMT - Mon, 10 Jun 2024 19:37:13 GMT

File type

Size
318 kB (318168 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /gtag/js?id=G-7JGWL9SV66 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 25 Apr 2024 23:55:55 GMT
expires: Thu, 25 Apr 2024 23:55:55 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 104917
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/banner/d94c9b1508a286d270c77946ff0972fa.jpg

0.0.0.0

0 B

URL GET
v3.traincdn.com/genfiles/cms/1/desktop/banner/d94c9b1508a286d270c77946ff0972fa.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /genfiles/cms/1/desktop/banner/d94c9b1508a286d270c77946ff0972fa.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

widget.suphelper.top/injector.js

104.18.39.72

200 OK

208 kB

URL GET HTTP/2
widget.suphelper.top/injector.js
IP
104.18.39.72:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type

Size
208 kB (208506 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /injector.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 25 Apr 2024 23:55:43 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=14400
last-modified: Wed, 24 Apr 2024 22:20:24 GMT
etag: W/"32e7a-18f123218ef"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 59
expires: Fri, 26 Apr 2024 03:55:43 GMT
server: cloudflare
cf-ray: 87a243fb9a9156ae-OSL
X-Firefox-Spdy: h2

1xlite-660473.top/checker/redirect/stat/run/

178.253.29.47

200 OK

39 B

URL GET HTTP/2
1xlite-660473.top/checker/redirect/stat/run/
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
39 B (39 bytes)
Hash
764f7f12d724bf2514249c83bbcad27d
56a72117a1ad467989abfd5a60c97ccdf72b4ea1
94a127746162790d75a0d6a79416bb428db3ed8dbf7997f097c4e10cb132a6df

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /checker/redirect/stat/run/ HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en?tag=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder; platform_type=desktop; auid=sv0dL2Yq7Xxr7e+7AxAFAg==; SESSION=587ba088a1b8608459f8108426e49de1; window_width=1280; _glhf=1714107119; che_g=237c3e42-bb07-1392-9107-2863f3373895
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:43 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
x-time-ng: 0.001
content-encoding: br
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.008
X-Firefox-Spdy: h2

1xlite-660473.top/web-api/external-api/config/getVideoAccessConfig

178.253.29.47

200 OK

24 kB

URL GET HTTP/2
1xlite-660473.top/web-api/external-api/config/getVideoAccessConfig
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
24 kB (24122 bytes)
Hash
cb0bc8eedc642fc591c0eef57e6c67e5
6c62aeececef0a5ff474bb21bf569ad8d48f6bd0
c57136f602923fc19534e58f7da5a483616d80031222372e19a29fd6f22b0a0e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /web-api/external-api/config/getVideoAccessConfig HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en?tag=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder; platform_type=desktop; auid=sv0dL2Yq7Xxr7e+7AxAFAg==; SESSION=587ba088a1b8608459f8108426e49de1; window_width=1280; _glhf=1714107119; che_g=237c3e42-bb07-1392-9107-2863f3373895
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:43 GMT
content-type: application/json
cache-control: no-cache, private
content-encoding: br
server-timing: p;dur=19, dt_total;dur=27.065, wf-uht;dur=0.038
traceparent: 00-917282ae35048faaa7cb8539939ff249-7e3c8b3501148bb4-01
vary: Accept-Encoding
x-dt: 285
x-time-ng: 0.021
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/9b1085266c45.js

185.244.209.62

200 OK

435 B

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/9b1085266c45.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (442), with no line terminators
Size
435 B (435 bytes)
Hash
d69836398bd4895f9ed08b64602707fb
7728053840070d0fd29aecd5bed68b05e3c88ed9
3fdb4c2cb36694d071a78552a86fe769ce9ccaef08da172fb2b7158c96d0c69c

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/9b1085266c45.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:49 GMT
content-type: text/javascript; charset=utf-8
content-length: 435
last-modified: Tue, 23 Apr 2024 12:34:23 GMT
etag: "b075575bc06525b491d4fd8da21e93ff"
x-amz-meta-mtime: 1713875281.729615464
expires: Wed, 24 Apr 2024 12:55:17 GMT
cache-control: max-age=86400
x-time-ng: 0.001
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-fea2c9d9eace20761bc4622fc2bd8fa7-bd32fb0474014431-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-23T12:55:17+00:00, 2024-04-25T13:05:57+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/724286ac/_ssgManifest.js

104.18.39.72

200 OK

77 B

URL GET HTTP/2
widget.suphelper.top/_next/static/724286ac/_ssgManifest.js
IP
104.18.39.72:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
ASCII text, with no line terminators
Size
77 B (77 bytes)
Hash
b6652df95db52feb4daf4eca35380933
65451d110137761b318c82d9071c042db80c4036
6f5b4aa00d2f8d6aed9935b471806bf7acef464d0c1d390260e5fe27f800c67e

HTTP Headers

GET /_next/static/724286ac/_ssgManifest.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 25 Apr 2024 23:55:45 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Wed, 24 Apr 2024 22:20:24 GMT
etag: W/"4d-18f12321a93"
vary: Accept-Encoding
cf-cache-status: HIT
age: 63475
expires: Fri, 25 Apr 2025 23:55:45 GMT
server: cloudflare
cf-ray: 87a244072dfa56ae-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

1xlite-660473.top/web-api/session

178.253.29.47

204 No Content

0 B

URL GET HTTP/2
1xlite-660473.top/web-api/session
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /web-api/session HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en?tag=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder; platform_type=desktop; auid=sv0dL2Yq7Xxr7e+7AxAFAg==; SESSION=587ba088a1b8608459f8108426e49de1; window_width=1280; _glhf=1714107119; che_g=237c3e42-bb07-1392-9107-2863f3373895; application_locale=en; sh.session.id=36771331-bf5d-48a8-8829-8a3074d48db3; ggru=167
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
server: nginx
date: Thu, 25 Apr 2024 23:55:50 GMT
cache-control: no-cache, private
server-timing: p;dur=13, dt_total;dur=19.378, wf-uht;dur=0.027
traceparent: 00-bf831033c58d97b6c9c21de3df63f48e-b60e26cde5fec5cb-01
x-dt: 285
x-time-ng: 0.019
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

1xlite-660473.top/web-api/registration

178.253.29.47

200 OK

3.5 kB

URL POST HTTP/2
1xlite-660473.top/web-api/registration
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
Unicode text, UTF-8 text, with very long lines (3790), with no line terminators
Size
3.5 kB (3538 bytes)
Hash
6404887dd8d444876d728785f6314374
0cddac90bc90d8d1e52211d25ea728b96441efb8
783ced4de55511848ae604cd1f938fb701451edc082773f2b0b90cf5e84e3b22

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /web-api/registration HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en?tag=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder
content-type: application/json
x-requested-with: XMLHttpRequest
Content-Length: 17
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder; platform_type=desktop; auid=sv0dL2Yq7Xxr7e+7AxAFAg==; SESSION=587ba088a1b8608459f8108426e49de1; window_width=1280; _glhf=1714107119; che_g=237c3e42-bb07-1392-9107-2863f3373895; application_locale=en; sh.session.id=36771331-bf5d-48a8-8829-8a3074d48db3; ggru=167
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:46 GMT
content-type: application/vnd.api+json
vary: Accept-Encoding
cache-control: no-cache, private
server-timing: p;dur=31, dt_total;dur=32.522, wf-uht;dur=0.043
traceparent: 00-f5b6c4b539dabf5cd7c5ef516a0a0bcd-f310ddcb1c8a684d-01
x-dt: 285
x-time-ng: 0.032
content-encoding: br
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/DownloadAppWidget-23d987ff.js

185.244.209.62

200 OK

12 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/DownloadAppWidget-23d987ff.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (11892), with no line terminators
Size
12 kB (11892 bytes)
Hash
8404462012316144032423ce8fbb64eb
5c746a0ed3594abdc7d43a410293e265dd3b2fca
b1f58b41aa6480dc6df0ae7a62b0726e2cb0b3e5623513aa8e954c87450f7aca

HTTP Headers

GET /_nuxt/desktop/default/DownloadAppWidget-23d987ff.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:43 GMT
content-type: application/javascript; charset=utf-8
content-length: 4082
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-ff2"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:28:40 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-b11dbb40e7f259eaab135649cee18d1c-505e961058accca8-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:40+00:00, 2024-04-25T14:32:58+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/88071a5d390d.js

185.244.209.62

200 OK

2.1 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/88071a5d390d.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (2253), with no line terminators
Size
2.1 kB (2136 bytes)
Hash
1b344ec76dcafdf426afeeba25def135
9aa097a8abb0c275f9f3023d158937df65a7db61
c32914362b1e86de0ac03e17e47c0eb1b30f266ab539b33b6f69fa336135564c

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/88071a5d390d.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:49 GMT
content-type: text/javascript; charset=utf-8
last-modified: Tue, 23 Apr 2024 12:34:23 GMT
etag: W/"3084b8e581d711a9e12b5519b6d0d789"
x-amz-meta-mtime: 1713875281.721615401
content-encoding: gzip
expires: Wed, 24 Apr 2024 12:55:17 GMT
cache-control: max-age=86400
x-time-ng: 0.001
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-8b9ae9ddb8f4753e0f3910bc6694a4e0-e63e96c0f8e45b34-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-23T12:55:17+00:00, 2024-04-25T13:05:56+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/5ba22d89fb5e0baa9f42d6e8dff46f80.webp

185.244.209.62

200 OK

654 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/5ba22d89fb5e0baa9f42d6e8dff46f80.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
654 B (654 bytes)
Hash
0e815673664d700b931039a728d3621e
29136c5e24aa131b094a0acd4f91d7f04db8f389
60e235f40ebb0418332930e01b6c1a40b86ef50fad6067e6200d686740d252b9

HTTP Headers

GET /resized/size16/sfiles/logo_teams/5ba22d89fb5e0baa9f42d6e8dff46f80.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:48 GMT
content-type: image/webp
content-length: 654
cache-control: max-age=94608000
content-disposition: inline; filename="5ba22d89fb5e0baa9f42d6e8dff46f80.webp"
content-security-policy: script-src 'none'
expires: Fri, 16 Apr 2027 19:07:42 GMT
x-request-id: 11fdceed62985e23dab6c5b3fbfb1b1e
x-time-ng: 0.087
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-9892920b790ce38f518b1d328bc20b9f-74bf29552e0168c3-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-16T19:07:42+00:00, 2024-04-19T17:37:05+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/pages/index-ed7cd77912c6e3a9.js

104.18.39.72

200 OK

107 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/chunks/pages/index-ed7cd77912c6e3a9.js
IP
104.18.39.72:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
107 kB (107186 bytes)
Hash
d0a7ecc59065580118a9ea8880c58962
21573546ac5011592094ef6aea0696ccdeb2164d
e1b09efa81ca44cda394e366b64fbf2b3f0725eab9ad24782839cbb8f66842b5

HTTP Headers

GET /_next/static/chunks/pages/index-ed7cd77912c6e3a9.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 25 Apr 2024 23:55:45 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Wed, 24 Apr 2024 22:20:24 GMT
etag: W/"1a2b2-18f12321a97"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 63484
expires: Fri, 25 Apr 2025 23:55:45 GMT
server: cloudflare
cf-ray: 87a244071df856ae-OSL
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/shared-assets/__shared_chunk_Y7BFQXXC.js

185.244.209.62

200 OK

1.0 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/shared-assets/__shared_chunk_Y7BFQXXC.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (1036), with no line terminators
Size
1.0 kB (1025 bytes)
Hash
305de1535e3f2a45efa2f1dd096f496e
9fd79178b39d8a196f9f3640758cc5285f5914fd
9b0fc84933536e9c4ca4b8013f656f393c6073e746901340133cbc11059aec46

HTTP Headers

GET /sys-static/shared-assets/__shared_chunk_Y7BFQXXC.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:48 GMT
content-type: text/javascript; charset=utf-8
last-modified: Thu, 25 Apr 2024 13:13:28 GMT
etag: W/"8fecd56fc5520134f3c39b17431fe0c2"
x-amz-meta-mtime: 1714050698.034158118
content-encoding: gzip
expires: Fri, 26 Apr 2024 15:17:53 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-c0927159c74b71f6331ad20b99704732-ba3c4215c9535e8d-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T15:17:53+00:00, 2024-04-25T15:53:11+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-icons/1.0.328/285/sports.svg

185.244.209.62

200 OK

378 kB

URL GET HTTP/2
v3.traincdn.com/sys-icons/1.0.328/285/sports.svg
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
378 kB (378005 bytes)
Hash
0c52e0c32f8f2667a72e0d57b63e02a3
a0fb81e89f2510e228c1298f2d107f5672c0a03d
ed4dcc337364c73f4382c79e759156e064823c54a2f78d2747bafd87d41abe73

HTTP Headers

GET /sys-icons/1.0.328/285/sports.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:44 GMT
content-type: image/svg+xml
last-modified: Mon, 15 Apr 2024 07:13:32 GMT
etag: W/"0c52e0c32f8f2667a72e0d57b63e02a3"
x-amz-meta-mtime: 1713165210.217888091
content-encoding: gzip
expires: Tue, 23 Apr 2024 10:38:02 GMT
cache-control: max-age=86400
x-time-ng: 0.004
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-5e7b05ca03d3d1d40a07359dabe30c06-f5f7e9332b3601e9-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-22T10:38:02+00:00, 2024-04-25T11:15:17+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/5b9788e0e69d648065053fce46822a34.webp

185.244.209.62

200 OK

770 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/5b9788e0e69d648065053fce46822a34.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
770 B (770 bytes)
Hash
70c4fc7f19c6abec9c4cb4615a961b15
69811696f0c5012e6a9dcfcc0d81d746346926d9
c290eb12c099be673ffbb55665f241c4330b8c6876ffcbe4faacebc06b1aa64d

HTTP Headers

GET /resized/size16/sfiles/logo_teams/5b9788e0e69d648065053fce46822a34.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:48 GMT
content-type: image/webp
content-length: 770
cache-control: max-age=94608000
content-disposition: inline; filename="5b9788e0e69d648065053fce46822a34.webp"
content-security-policy: script-src 'none'
expires: Sun, 18 Apr 2027 20:38:39 GMT
x-request-id: c55461a932f10c00efdaa6f6dbb3de52
x-time-ng: 0.052
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-5cf26b807773df460c0aacd7ff3a14ee-bef57708b1fda985-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-18T20:38:38+00:00, 2024-04-21T21:31:32+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/a322b86594c618f37757a299bd9428d8.webp

185.244.209.62

200 OK

494 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/a322b86594c618f37757a299bd9428d8.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
494 B (494 bytes)
Hash
f5f039d2fc4997bb5f5b1c2cbf24ea59
0e073e9e843ba0a5ac0e4c47f163c24ddc86a46d
421c2a6e321ec1dcfa0a1fffde5804f7ea83c67618a98c9e9d374d1ec9da27f6

HTTP Headers

GET /resized/size16/sfiles/logo_teams/a322b86594c618f37757a299bd9428d8.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:48 GMT
content-type: image/webp
content-length: 494
cache-control: max-age=94608000
content-disposition: inline; filename="a322b86594c618f37757a299bd9428d8.webp"
content-security-policy: script-src 'none'
expires: Thu, 22 Apr 2027 14:32:54 GMT
x-request-id: 48b8147c8d0e1ce061f8e7259e2184de
x-time-ng: 0.068
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-dadd2900135f4e87257a1417330c91ae-3795158afc96eab9-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-22T14:32:54+00:00, 2024-04-23T12:28:32+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/724286ac/_middlewareManifest.js

104.18.39.72

200 OK

92 B

URL GET HTTP/2
widget.suphelper.top/_next/static/724286ac/_middlewareManifest.js
IP
104.18.39.72:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
ASCII text, with no line terminators
Size
92 B (92 bytes)
Hash
7c3f7e060745668041278118c0bb3d6d
e639f56695b3cc30d78dce7a0084aa8299a1311a
de5341313a4dc5d982ca50ae4a491e84bc5e80b0f439d87f05fc3973c1b7e59a

HTTP Headers

GET /_next/static/724286ac/_middlewareManifest.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 25 Apr 2024 23:55:45 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Wed, 24 Apr 2024 22:20:24 GMT
etag: W/"5c-18f12321a93"
vary: Accept-Encoding
cf-cache-status: HIT
age: 63484
expires: Fri, 25 Apr 2025 23:55:45 GMT
server: cloudflare
cf-ray: 87a244072dfd56ae-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

v3.traincdn.com/sfiles/games-images/game-animations/game-85-animation.svg

185.244.209.62

200 OK

14 kB

URL GET HTTP/2
v3.traincdn.com/sfiles/games-images/game-animations/game-85-animation.svg
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
14 kB (14308 bytes)
Hash
9e7af5cc8f19e556b8696b1f616368bb
5dfc0391d0b038c0a854280a40cd89a6e5ed970e
bfb06010ec5c7f94e57ce0ee75b270c76559d76e8e49e8085866bc11408345fb

HTTP Headers

GET /sfiles/games-images/game-animations/game-85-animation.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:45 GMT
content-type: image/svg+xml
last-modified: Wed, 24 Jan 2024 13:34:39 GMT
etag: W/"9e7af5cc8f19e556b8696b1f616368bb"
x-amz-meta-origin-date-iso8601: 2024-01-24T13:05:40.000Z
expires: Fri, 19 Apr 2024 00:06:27 GMT
cache-control: max-age=86400, public
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-2b906cd8e6f53042504f33aac8be9713-67c10aff3f2a1ad1-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-23T03:23:59+00:00, 2024-04-25T00:19:56+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/shared-assets/__shared_chunk_M4D4AAJL.js

185.244.209.62

200 OK

101 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/shared-assets/__shared_chunk_M4D4AAJL.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (35828)
Size
101 kB (100701 bytes)
Hash
51ddc52774f4e5bd6a6f1c22e9d19674
374c2fbb2b68ad9c28898dfe60da3fd828ccf7c4
642e66ee14ca90b6ff8f91fbfdce400c6834a037dee18a60a72922ea727bb442

HTTP Headers

GET /sys-static/shared-assets/__shared_chunk_M4D4AAJL.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:48 GMT
content-type: text/javascript; charset=utf-8
last-modified: Thu, 25 Apr 2024 10:33:48 GMT
etag: W/"51ddc52774f4e5bd6a6f1c22e9d19674"
x-amz-meta-mtime: 1714041104.905613859
content-encoding: gzip
expires: Fri, 26 Apr 2024 12:41:55 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-adef34315d7cdf3500fc47ef1091b2c6-f574e9998e5c4df0-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T12:41:55+00:00, 2024-04-25T12:44:06+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/site-admin/colors/13f2420925687a194e4c38472ae71214.css

185.244.209.62

200 OK

36 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/site-admin/colors/13f2420925687a194e4c38472ae71214.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (36299), with no line terminators
Size
36 kB (36299 bytes)
Hash
4610c92e7697e57d1149e233ef5edab2
534bce5791c8a3f342e7fa8552458f3b45c60ab1
92fefebfb7788539968fe67373e000ba5cdfa9d19b041f3849d38f098b49d222

HTTP Headers

GET /genfiles/site-admin/colors/13f2420925687a194e4c38472ae71214.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:40 GMT
content-type: text/css
last-modified: Fri, 05 Apr 2024 07:40:06 GMT
etag: W/"4610c92e7697e57d1149e233ef5edab2"
content-encoding: gzip
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-6b0fc59e52a8aa4157353ff333f68b6c-ce902125266c3eaf-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-05T09:04:13+00:00, 2024-04-25T23:02:17+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-660473.top/web-api/api/v3/bonuses/first-deposit

178.253.29.47

200 OK

426 B

URL GET HTTP/2
1xlite-660473.top/web-api/api/v3/bonuses/first-deposit
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (464), with no line terminators
Size
426 B (426 bytes)
Hash
2d9b04c0ee3ec015e9094ce942ed9139
eebc58e94d15401f9c6737a4908018fd833d94ee
dea4bd3b63fac017709162cd44048f725c21396da41d2cfdc235812fcf2eb6fc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /web-api/api/v3/bonuses/first-deposit HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en?tag=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder; platform_type=desktop; auid=sv0dL2Yq7Xxr7e+7AxAFAg==; SESSION=587ba088a1b8608459f8108426e49de1; window_width=1280
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:43 GMT
content-type: application/json
cache-control: no-cache, private
content-encoding: br
server-timing: p;dur=37, dt_total;dur=74.195, wf-uht;dur=0.083
traceparent: 00-eca69a6c1d5bc6e58edca47c0411febd-8405c746be6b7d45-01
vary: Accept-Encoding
x-dt: 285
x-time-ng: 0.057
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/724286ac/_buildManifest.js

104.18.39.72

200 OK

519 B

URL GET HTTP/2
widget.suphelper.top/_next/static/724286ac/_buildManifest.js
IP
104.18.39.72:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
ASCII text, with very long lines (547), with no line terminators
Size
519 B (519 bytes)
Hash
063abc9f05b28326f5878dcd728ca1f7
321099ea5d4fa6792974fd44503ffb3e75e5c5b0
73109b74c039aec5fc1e3f4e3c2e15585b1ba094f3e8291b0cd67f51b4b830c4

HTTP Headers

GET /_next/static/724286ac/_buildManifest.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 25 Apr 2024 23:55:45 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Wed, 24 Apr 2024 22:20:24 GMT
etag: W/"207-18f12321a93"
vary: Accept-Encoding
cf-cache-status: HIT
age: 63484
expires: Fri, 25 Apr 2025 23:55:45 GMT
server: cloudflare
cf-ray: 87a244071df956ae-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/DownloadAppWidgetAnalytics-0a5e307c.js

185.244.209.62

200 OK

416 B

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/DownloadAppWidgetAnalytics-0a5e307c.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (420), with no line terminators
Size
416 B (416 bytes)
Hash
906c35276e85e8939b3fe5f91bc0dfb1
ce272bd1eed5bc052fa85f16807175cb33f9dbf3
93b4a34950a8d5a5d811f657dc58467ed4c96d56e25ab0142c438253f3157717

HTTP Headers

GET /_nuxt/desktop/default/DownloadAppWidgetAnalytics-0a5e307c.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:43 GMT
content-type: application/javascript; charset=utf-8
content-length: 365
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-16d"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:28:40 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-d80bb22868c7bc96f31a63c470142b2b-8ef50ae533de7db5-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:28:40+00:00, 2024-04-25T14:32:57+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-660473.top/hd-api/external/api/web/v1/converslon/load

178.253.29.47

200 OK

31 kB

URL GET HTTP/2
1xlite-660473.top/hd-api/external/api/web/v1/converslon/load
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
JSON text data
Size
31 kB (30629 bytes)
Hash
77ed326a1dccf0bc8146ce556ef2613c
8e55b81ba65c5a251965f4ccde24068938f84be3
f42362b49d4af70aafd1afcb193b9609536645ddffc5b21a5091ac41d8d4e43b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hd-api/external/api/web/v1/converslon/load HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en?tag=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder; platform_type=desktop; auid=sv0dL2Yq7Xxr7e+7AxAFAg==; SESSION=587ba088a1b8608459f8108426e49de1; window_width=1280; _glhf=1714107119; che_g=237c3e42-bb07-1392-9107-2863f3373895; application_locale=en; sh.session.id=36771331-bf5d-48a8-8829-8a3074d48db3; ggru=167
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:50 GMT
content-type: application/json
content-encoding: gzip
traceparent: 00-e5ed80e4eb3c5abc277b63258ad4de6f-0d393d8844b0533f-01
vary: Accept-Encoding
x-dt: 285
x-request-guid: 18436f8543dbdef413e219dbc80f343a
x-time-ng: 0.006
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=5.679, wf-uht;dur=0.014
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/banner/bf26d696b76130d9781b16f89f1de4cc.jpg

0.0.0.0

0 B

URL GET
v3.traincdn.com/genfiles/cms/1/desktop/banner/bf26d696b76130d9781b16f89f1de4cc.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /genfiles/cms/1/desktop/banner/bf26d696b76130d9781b16f89f1de4cc.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

v3.traincdn.com/genfiles/cms/1/desktop/banner/29dd2b5a09fe4e96a7b713787183f597.webp

185.244.209.62

200 OK

27 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1/desktop/banner/29dd2b5a09fe4e96a7b713787183f597.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1380x248, Scaling: [none]x[none], YUV color, decoders should clamp
Size
27 kB (27204 bytes)
Hash
234b7215576d30793d525b847dd54694
a67893fb91daefe0d5576d0596387e5b89b70700
9b8287a313e05df6ef1244173a34cc1e93c8345432d481919296df8731383aef

HTTP Headers

GET /genfiles/cms/1/desktop/banner/29dd2b5a09fe4e96a7b713787183f597.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:47 GMT
content-type: image/webp
content-length: 27204
last-modified: Mon, 15 Apr 2024 10:22:26 GMT
etag: "234b7215576d30793d525b847dd54694"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2024-04-22T09:00:01+00:00
traceparent: 00-0cc969a95a9543109e5075ae01d7a547-c8aab4b917837321-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-7JGWL9SV66&cid=2128929782.1714089356&gtm=45je44o0v897130004za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&z=2142336007

142.250.74.163

200 OK

42 B

URL GET HTTP/2
www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-7JGWL9SV66&cid=2128929782.1714089356&gtm=45je44o0v897130004za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&z=2142336007
IP
142.250.74.163:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.no
Fingerprint4E:BD:F9:72:97:67:A2:4B:EE:E4:B0:03:CD:C8:F3:30:53:27:53:1D
ValidityMon, 18 Mar 2024 20:50:06 GMT - Mon, 10 Jun 2024 20:50:05 GMT

File type
GIF image data, version 89a, 1 x 1
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-7JGWL9SV66&cid=2128929782.1714089356&gtm=45je44o0v897130004za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&z=2142336007 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 25 Apr 2024 23:55:55 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/9a596f911770.js

185.244.209.62

200 OK

1.5 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/9a596f911770.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (1556), with no line terminators
Size
1.5 kB (1523 bytes)
Hash
21fc96d5cf58a7e83ad9c39e081b4926
8f3b38a3743cc5c7f6898e91c784611381de092e
42818bd31d84c24a7f003f9fdeb7ebe7e6d37125de6ca4c4daab8cdd134e494f

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/9a596f911770.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:49 GMT
content-type: text/javascript; charset=utf-8
last-modified: Tue, 23 Apr 2024 12:34:23 GMT
etag: W/"37522b6a3d761c89809cb6f794ead60e"
x-amz-meta-mtime: 1713875281.725615432
content-encoding: gzip
expires: Wed, 24 Apr 2024 12:55:17 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-80c41addf8a0c300dc043c15b1889515-03926b82d8150d92-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-23T12:55:17+00:00, 2024-04-25T13:05:57+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/7413e8b9-8adee4b5b5407a55.js

104.18.39.72

200 OK

78 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/chunks/7413e8b9-8adee4b5b5407a55.js
IP
104.18.39.72:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
78 kB (77801 bytes)
Hash
dc6852529f28802d37affa5953d07260
4edd220fe8df4b009a1775ebe57f19d40999659f
4aefb18221e4fb46818b0f52302b7c7717e45701e26990726cce645d8c80ed84

HTTP Headers

GET /_next/static/chunks/7413e8b9-8adee4b5b5407a55.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 25 Apr 2024 23:55:45 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Wed, 17 Jan 2024 06:19:55 GMT
etag: W/"12fe9-18d161388b8"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 8616748
expires: Fri, 25 Apr 2025 23:55:45 GMT
server: cloudflare
cf-ray: 87a244070df356ae-OSL
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/d63b25015d05.js

185.244.209.62

200 OK

504 B

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/d63b25015d05.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (537), with no line terminators
Size
504 B (504 bytes)
Hash
73729d39c1243a5d7b02bb3653e93e61
5891166a06770aaba16353b147ae4a2f2e806a4b
ac924b7509e7beb2d38f242ba4b6a81bc7dc3b76909133c4c1d3b7d26d30a89d

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/d63b25015d05.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:49 GMT
content-type: text/javascript; charset=utf-8
content-length: 504
last-modified: Tue, 23 Apr 2024 12:34:23 GMT
etag: "cdd39c58f3e34ab3b3329f45f9e6199e"
x-amz-meta-mtime: 1713875281.741615558
expires: Wed, 24 Apr 2024 12:55:16 GMT
cache-control: max-age=86400
x-time-ng: 0.001
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-60d056cdf8d7c4db3697e5111dd89bec-f71eac14c445ea50-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-23T12:55:16+00:00, 2024-04-25T14:33:03+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/shared-assets/__shared_vue_deps_OVKZGHR6.js

185.244.209.62

200 OK

81 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/shared-assets/__shared_vue_deps_OVKZGHR6.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type

Size
81 kB (81096 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /sys-static/shared-assets/__shared_vue_deps_OVKZGHR6.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:48 GMT
content-type: text/javascript; charset=utf-8
last-modified: Thu, 25 Apr 2024 10:33:48 GMT
etag: W/"67267513246705d46a0bb83e1f8efd2a"
x-amz-meta-mtime: 1714041104.905613859
content-encoding: gzip
expires: Fri, 26 Apr 2024 12:41:55 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-6a435e97663658ba467a5885a1e8cc32-d6887b18e5e3f601-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T12:41:55+00:00, 2024-04-25T12:44:06+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/_nuxt/desktop/default/css/e5eb737e.css

185.244.209.62

200 OK

5.2 kB

URL GET HTTP/2
v3.traincdn.com/_nuxt/desktop/default/css/e5eb737e.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (5171), with no line terminators
Size
5.2 kB (5171 bytes)
Hash
5d231bea9b7df6bc1e9e74e3c0a231e1
2ef607f0c766fff1b4b1e90a2d98e7094c81721e
c43fd428fe6e9d25ddf385a1cf03891194126ebf9e83d086af655272e815445b

HTTP Headers

GET /_nuxt/desktop/default/css/e5eb737e.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:48 GMT
content-type: text/css
content-length: 1050
last-modified: Wed, 24 Apr 2024 11:16:26 GMT
etag: "6628ea0a-41a"
content-encoding: gzip
expires: Fri, 26 Apr 2024 08:08:31 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-7c81179d5e720680d534dd2158dafc1c-167d36ce1f414a28-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T08:08:31+00:00, 2024-04-25T10:16:10+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

widget.suphelper.top/sounds/new-message.mp3

104.18.39.72

200 OK

30 kB

URL GET HTTP/2
widget.suphelper.top/sounds/new-message.mp3
IP
104.18.39.72:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
MPEG ADTS, layer III, v1, 192 kbps, 48 kHz, JntStereo
Size
30 kB (29952 bytes)
Hash
ef9af24dc7dbd24ffd99c832e1300351
f78744a5013038446c468de14f205f2d52373fd6
5049d7fe87a7327a291441181d1a328a15f46a21081b970502c540406011c9b9

HTTP Headers

GET /sounds/new-message.mp3 HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 25 Apr 2024 23:55:46 GMT
content-type: audio/mpeg
content-length: 29952
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=14400
last-modified: Wed, 24 Apr 2024 22:20:24 GMT
etag: W/"7500-18f123218ff"
cf-cache-status: HIT
age: 558
expires: Fri, 26 Apr 2024 03:55:46 GMT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a24410892256ae-OSL
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/7c43e6fa10d0665cf556d13ff2a1906d.svg

185.244.209.62

200 OK

1.2 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/7c43e6fa10d0665cf556d13ff2a1906d.svg
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
1.2 kB (1232 bytes)
Hash
a436db0af736498349f0127d8e7fab1e
b07e2c449cf16ddb052ce40d881db13a0c890b9b
93261a519c1cea62e2c934496d5e0cbd1cbc8f65b4961811316e55d9e7c96ede

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/7c43e6fa10d0665cf556d13ff2a1906d.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:40 GMT
content-type: image/svg+xml
last-modified: Tue, 02 May 2023 10:06:49 GMT
etag: W/"7cca3986f7a5c4c164144ff11df71073"
content-encoding: gzip
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2024-01-11T08:32:05+00:00
traceparent: 00-90371f4fc02d670d2876a216e2e2dd25-b6b90a139bbfcb9a-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-icons/1.0.328/285/common.svg

185.244.209.62

200 OK

147 kB

URL GET HTTP/2
v3.traincdn.com/sys-icons/1.0.328/285/common.svg
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
147 kB (146981 bytes)
Hash
7bf3e9e7d79beac942f5e7748a3af2e6
7c6896ef647506806f2cdbe998d8c9eb845a1754
663e2fc5004af9c6c1969fc5827d7ffdbfeec8d4753efd831208cb179f0a488f

HTTP Headers

GET /sys-icons/1.0.328/285/common.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:42 GMT
content-type: image/svg+xml
last-modified: Mon, 15 Apr 2024 07:13:32 GMT
etag: W/"7bf3e9e7d79beac942f5e7748a3af2e6"
x-amz-meta-mtime: 1713165210.217888091
content-encoding: gzip
expires: Tue, 23 Apr 2024 10:38:01 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-568024bea33793c284a3fc695a92c7d1-dfba0a09dd903fdf-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-22T10:38:01+00:00, 2024-04-25T11:15:14+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/shared-assets/__shared_vue_final_modal_XPPMTKII.js

185.244.209.62

200 OK

25 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/shared-assets/__shared_vue_final_modal_XPPMTKII.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (17403)
Size
25 kB (25139 bytes)
Hash
701ad5a22b8ea7213a53e334d0898349
87749d947f6aa40eb671447b58261d710ec5479b
07669c2ea7c29dd69e47f5518ba73b76389f3479e19f7362b461ef0fff96c1f0

HTTP Headers

GET /sys-static/shared-assets/__shared_vue_final_modal_XPPMTKII.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:48 GMT
content-type: text/javascript; charset=utf-8
last-modified: Thu, 25 Apr 2024 10:33:48 GMT
etag: W/"701ad5a22b8ea7213a53e334d0898349"
x-amz-meta-mtime: 1714041104.909613795
content-encoding: gzip
expires: Fri, 26 Apr 2024 12:41:55 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-2abe67bb393ec3d3e344c46226e6d17a-fd7fb689063a3915-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T12:41:55+00:00, 2024-04-25T12:44:11+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/site-admin/css_vars/f506188b04c16eaa9c664ed23f7ce58e.css

185.244.209.62

200 OK

46 B

URL GET HTTP/2
v3.traincdn.com/genfiles/site-admin/css_vars/f506188b04c16eaa9c664ed23f7ce58e.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
46 B (46 bytes)
Hash
f506188b04c16eaa9c664ed23f7ce58e
08d068d7fa5a84beb06ba924a35d84d6bfdab30a
b9bfda0e940104e190b19543b94a10d120643bd1516d3ca2d266a0af6c0966e9

HTTP Headers

GET /genfiles/site-admin/css_vars/f506188b04c16eaa9c664ed23f7ce58e.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:45 GMT
content-type: text/css
content-length: 46
last-modified: Fri, 12 Apr 2024 13:46:52 GMT
etag: "f506188b04c16eaa9c664ed23f7ce58e"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2024-04-18T12:47:35+00:00
traceparent: 00-9572c7c22e943ef5f484cd4ab89cb53c-6005c746ce15f4b7-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-660473.top/bff-api/config/contacts.json?type=2&lang=en

178.253.29.47

200 OK

3.8 kB

URL GET HTTP/2
1xlite-660473.top/bff-api/config/contacts.json?type=2&lang=en
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (4380), with no line terminators
Size
3.8 kB (3756 bytes)
Hash
35b15ddc8b3ddba2cdb3bfc72981faf5
4a827b334a2c3d01ebda12287e001ff2342b1ed8
b73cc38f83e92cafd70e238deb6face9210af5603208057dd1a2077fdec6b3cc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bff-api/config/contacts.json?type=2&lang=en HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en?tag=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder; platform_type=desktop; auid=sv0dL2Yq7Xxr7e+7AxAFAg==; SESSION=587ba088a1b8608459f8108426e49de1; window_width=1280
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:43 GMT
content-type: application/json
cache-control: no-cache, private
content-encoding: br
server-timing: bff;dur=35.09, dt_total;dur=36.377, wf-uht;dur=0.044
traceparent: 00-d5a1d44b703ecd7671c39560bad5f3ad-7caf2aeac46cd87e-01
vary: Accept-Encoding
x-dt: 285
x-time-ng: 0.035
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

1xlite-660473.top/web-api/api/web/v1/config/actualDomain

178.253.29.47

200 OK

269 B

URL GET HTTP/2
1xlite-660473.top/web-api/api/web/v1/config/actualDomain
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
ASCII text, with very long lines (309), with no line terminators
Size
269 B (269 bytes)
Hash
6469b5c07a262f60f11e004ac72262b1
978ec0042baae49cb3bc8a7882055ec9a053e522
459c4cead3579c67475b231f8d8e21e599e27ecf8108d8ba29dd10a558b43f53

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /web-api/api/web/v1/config/actualDomain HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder; platform_type=desktop; auid=sv0dL2Yq7Xxr7e+7AxAFAg==
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:42 GMT
content-type: application/vnd.api+json
vary: Accept-Encoding
cache-control: no-cache, private
server-timing: p;dur=17, dt_total;dur=25.701, wf-uht;dur=0.033
set-cookie: SESSION=587ba088a1b8608459f8108426e49de1; path=/; secure; HttpOnly; SameSite=Lax
ua=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
traceparent: 00-8954d02792d7eef347491699ed2be249-bd2ab45f692a2731-01
x-dt: 285
x-time-ng: 0.026
content-encoding: br
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/banner/8c83a62ae8afe0aa371618f02b8e4a01.jpg

185.244.209.62

200 OK

82 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1/desktop/banner/8c83a62ae8afe0aa371618f02b8e4a01.jpg
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JPEG image data, progressive, precision 8, 1380x248, components 3
Size
82 kB (81954 bytes)
Hash
ad5f0025317357d48209be53322c4854
c95715c6077d270ab0d901fa43184565216d6177
e7d3aa1ad1cf16bb24ada1e8ab541fbd94aa6196e7f98e50b244c70b0d9b2204

HTTP Headers

GET /genfiles/cms/1/desktop/banner/8c83a62ae8afe0aa371618f02b8e4a01.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:54 GMT
content-type: image/jpeg
content-length: 81954
last-modified: Thu, 05 Oct 2023 10:29:43 GMT
etag: "ad5f0025317357d48209be53322c4854"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-0a6689ae2afb6af0cdca015b6d2f81f7-f522e624dbded173-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T09:26:31+00:00, 2024-04-25T23:55:47+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

refpamjeql.top/L?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder&site=34142&ad=22583

45.135.120.31

303 See Other

908 kB

URL User Request GET HTTP/2
refpamjeql.top/L?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder&site=34142&ad=22583
IP
45.135.120.31:443
ASN
#56630 Melbikomas UAB

Certificate
IssuerLet's Encrypt
Subjectrefpamjeql.top
FingerprintFC:88:DE:71:6D:05:6E:E3:EE:1A:CD:0C:3E:A8:AE:CF:14:81:D1:40
ValidityMon, 25 Mar 2024 05:16:41 GMT - Sun, 23 Jun 2024 05:16:40 GMT

File type

Size
908 kB (907894 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /L?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder&site=34142&ad=22583 HTTP/1.1
Host: refpamjeql.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 303 See Other
server: nginx
date: Thu, 25 Apr 2024 23:55:38 GMT
cache-control: private
location: https://1xlite-660473.top:443/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
x-aspnetmvc-version: 5.0
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.003
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/994284d39ca5.js

185.244.209.62

200 OK

1.4 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/994284d39ca5.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (1424), with no line terminators
Size
1.4 kB (1413 bytes)
Hash
c237470fa514edfe57b71d2e46e2b412
5e6dd202fcf52b92dd87afeb312b05f8581194ab
6268819bfc8850bad3c1d34f8b89ef0bc372e2b83703654c4e1c98f3ee425127

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/994284d39ca5.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:49 GMT
content-type: text/javascript; charset=utf-8
last-modified: Tue, 23 Apr 2024 12:34:23 GMT
etag: W/"901f57b165b23c191081c0d0112a5eda"
x-amz-meta-mtime: 1713875281.725615432
content-encoding: gzip
expires: Wed, 24 Apr 2024 12:55:17 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-73df0b9285e7d26b41904f3adcb8887e-acb9aa1287ae35c4-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-23T12:55:17+00:00, 2024-04-25T13:05:56+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-660473.top/web-api/default/img/icons/pixels2.svg?v=1714089348

178.253.29.47

200 OK

90 B

URL GET HTTP/2
1xlite-660473.top/web-api/default/img/icons/pixels2.svg?v=1714089348
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
PNG image data, 1 x 1, 8-bit/color RGB, non-interlaced
Size
90 B (90 bytes)
Hash
e45f90dcbe718dea3476c4b69b501a4e
e9af26a93c467a77e4733ec537f4f5ce7a4ba089
a439dd8761d9fd4ff88e82e83200877703594491065880dbd4e59ddf4ce1b204

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /web-api/default/img/icons/pixels2.svg?v=1714089348 HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/en?tag=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder; platform_type=desktop; auid=sv0dL2Yq7Xxr7e+7AxAFAg==; SESSION=587ba088a1b8608459f8108426e49de1; window_width=1280; _glhf=1714107119; che_g=237c3e42-bb07-1392-9107-2863f3373895; application_locale=en; sh.session.id=36771331-bf5d-48a8-8829-8a3074d48db3; ggru=167
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:48 GMT
content-type: image/png
cache-control: no-cache, private
server-timing: p;dur=13, dt_total;dur=14.274, wf-uht;dur=0.026
traceparent: 00-a9d091a04c699c779646e4b0496c4637-180b3c8cad175a87-01
x-dt: 285
x-time-ng: 0.014
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

1xlite-660473.top/web-api/user/secure

178.253.29.47

200 OK

59 B

URL POST HTTP/2
1xlite-660473.top/web-api/user/secure
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
59 B (59 bytes)
Hash
c92b24765355b10d6b3891b988e27e30
44bf3aff85f16de7f831adf0135e4c33d503df31
ea260f1e7ab371523dea520bd13b1007273d6f93e2f50ceb307f5344258da5e7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /web-api/user/secure HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en?tag=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder
content-type: application/json
x-requested-with: XMLHttpRequest
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder; platform_type=desktop; auid=sv0dL2Yq7Xxr7e+7AxAFAg==; SESSION=587ba088a1b8608459f8108426e49de1; window_width=1280
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:43 GMT
content-type: application/json
cache-control: no-cache, private
content-encoding: br
server-timing: p;dur=16, dt_total;dur=35.642, wf-uht;dur=0.048
set-cookie: _glhf=1714107119; expires=Fri, 26-Apr-2024 00:55:43 GMT; Max-Age=3600; path=/
traceparent: 00-02785dd16ac30d959b8009eb688f5755-ff4a274f584c72f5-01
vary: Accept-Encoding
x-dt: 285
x-time-ng: 0.033
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/shared-assets/__shared_localforage_PLMWICWN.js

185.244.209.62

200 OK

30 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/shared-assets/__shared_localforage_PLMWICWN.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (30255)
Size
30 kB (30277 bytes)
Hash
dfa127e93d125d4f6c566203eaf225f2
32c1fd89c4eeed7ac2a942582b3786659b15cd43
cf5077d1cff62ce76807408ebc2203563b7a221ddf1cf38339c6d54289bff390

HTTP Headers

GET /sys-static/shared-assets/__shared_localforage_PLMWICWN.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:48 GMT
content-type: text/javascript; charset=utf-8
last-modified: Thu, 25 Apr 2024 13:43:42 GMT
etag: W/"dfa127e93d125d4f6c566203eaf225f2"
x-amz-meta-mtime: 1714052428.630038208
content-encoding: gzip
expires: Fri, 26 Apr 2024 15:18:00 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-d5aa32920ad6eb96990ab3cfa07974f1-952bee1d3f0f4a17-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T15:18:00+00:00, 2024-04-25T15:50:24+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/sys-icons/1.0.330/285/common.svg

185.244.209.62

200 OK

147 kB

URL GET HTTP/2
v3.traincdn.com/sys-icons/1.0.330/285/common.svg
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
147 kB (146981 bytes)
Hash
7bf3e9e7d79beac942f5e7748a3af2e6
7c6896ef647506806f2cdbe998d8c9eb845a1754
663e2fc5004af9c6c1969fc5827d7ffdbfeec8d4753efd831208cb179f0a488f

HTTP Headers

GET /sys-icons/1.0.330/285/common.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:50 GMT
content-type: image/svg+xml
last-modified: Tue, 16 Apr 2024 09:41:01 GMT
etag: W/"7bf3e9e7d79beac942f5e7748a3af2e6"
x-amz-meta-mtime: 1713260458.134664491
content-encoding: gzip
expires: Fri, 19 Apr 2024 12:42:12 GMT
cache-control: max-age=86400
x-time-ng: 0.001
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-1d530f5d56fa95ef178149ba958f7b77-908b530c26c08fd1-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-18T12:42:12+00:00, 2024-04-25T13:53:27+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1/desktop/banner/29dd2b5a09fe4e96a7b713787183f597.png

0.0.0.0

0 B

URL GET
v3.traincdn.com/genfiles/cms/1/desktop/banner/29dd2b5a09fe4e96a7b713787183f597.png
IP
0.0.0.0:0
ASN
#0

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /genfiles/cms/1/desktop/banner/29dd2b5a09fe4e96a7b713787183f597.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/01023f59e318.js

185.244.209.62

200 OK

372 B

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/01023f59e318.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (379), with no line terminators
Size
372 B (372 bytes)
Hash
a9fb392e33230f72fecbc7435c9fbade
a958b3e0c8867d258c038b6960de42f4a14ff5ae
1cae956a6ca4b4cdcfc8944ba7b7e96c87f58a71b97ad1c064a5449638c1c527

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/01023f59e318.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:49 GMT
content-type: text/javascript; charset=utf-8
content-length: 372
last-modified: Tue, 23 Apr 2024 12:34:22 GMT
etag: "95f43fd089613a8f57a2ddcbce517853"
x-amz-meta-mtime: 1713875281.673615027
expires: Wed, 24 Apr 2024 12:55:17 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-214e98cfd200a154165a9df702c8ca98-ef1cc5fc8032e23c-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-23T12:55:17+00:00, 2024-04-25T13:05:56+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/c65c754d498ddb25accb3498c1e7540b.png

185.244.209.62

200 OK

5.2 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/c65c754d498ddb25accb3498c1e7540b.png
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
PNG image data, 514 x 514, 8-bit colormap, non-interlaced
Size
5.2 kB (5202 bytes)
Hash
b9a636eef54b2844b571fe7de49184a7
bf653690790ced40eb3189da075a275d951d1607
001bfcdd52b658d46543a1aec889d35b73b3909b47097cc011b95e96fc9e3743

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/c65c754d498ddb25accb3498c1e7540b.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:50 GMT
content-type: image/png
content-length: 5202
last-modified: Wed, 28 Feb 2024 07:52:20 GMT
etag: "b9a636eef54b2844b571fe7de49184a7"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-bcec5095b1d64316d34d27633b2744a5-818ef08fbe98fb78-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-03T07:12:40+00:00, 2024-04-25T23:47:36+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

1xlite-660473.top/web-api/external-api/v3/banners?project_id=285&country_code=NO&language=en&platform=2&section=6&is_auth=false&limit=100

178.253.29.47

200 OK

31 kB

URL GET HTTP/2
1xlite-660473.top/web-api/external-api/v3/banners?project_id=285&country_code=NO&language=en&platform=2&section=6&is_auth=false&limit=100
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type

Size
31 kB (31363 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /web-api/external-api/v3/banners?project_id=285&country_code=NO&language=en&platform=2&section=6&is_auth=false&limit=100 HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en?tag=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=3; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder; platform_type=desktop; auid=sv0dL2Yq7Xxr7e+7AxAFAg==; SESSION=587ba088a1b8608459f8108426e49de1; window_width=1280; _glhf=1714107119; che_g=237c3e42-bb07-1392-9107-2863f3373895; application_locale=en; sh.session.id=36771331-bf5d-48a8-8829-8a3074d48db3
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:45 GMT
content-type: application/vnd.api+json
vary: Accept-Encoding
cache-control: no-cache, private
server-timing: p;dur=100, dt_total;dur=104.111, wf-uht;dur=0.117
traceparent: 00-4bba5b027108fc669123956fa0ddce39-7031ca3aaace530b-01
x-dt: 285
x-time-ng: 0.101
content-encoding: br
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/6a3b01d318b759a5d8cbcd76fd908037.json

178.253.29.47

200 OK

2.1 kB

URL GET HTTP/2
1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/6a3b01d318b759a5d8cbcd76fd908037.json
IP
178.253.29.47:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerLet's Encrypt
Subject1xlite-660473.top
FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D
ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT

File type
ASCII text, with very long lines (2345), with no line terminators
Size
2.1 kB (2128 bytes)
Hash
f28a40d30a99fab8a5ccced08db52f77
063e77333797a10e097679a1e4d17269fc6d3b6b
a46ea2afe2103a473c90b17137f840e29d578a74d191daac521d45e9d3cf1d6c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/6a3b01d318b759a5d8cbcd76fd908037.json HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_34142m_22583c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l30755_clickunder; platform_type=desktop; auid=sv0dL2Yq7Xxr7e+7AxAFAg==
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:42 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Wed, 28 Feb 2024 21:42:45 GMT
etag: W/"eec4805fe0f6e17d5ade92a382f5b068"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
X-Firefox-Spdy: h2

v3.traincdn.com/sys-ui/2.2.11/Desktop/Default/client.css

185.244.209.62

200 OK

1.6 MB

URL GET HTTP/2
v3.traincdn.com/sys-ui/2.2.11/Desktop/Default/client.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type

Size
1.6 MB (1550522 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /sys-ui/2.2.11/Desktop/Default/client.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:40 GMT
content-type: text/css; charset=utf-8
last-modified: Tue, 23 Apr 2024 11:41:52 GMT
etag: W/"5be31e73f9aaf3c05331c4f0cd80e4d9"
x-amz-meta-mtime: 1713872392.088051093
content-encoding: gzip
expires: Wed, 24 Apr 2024 14:28:29 GMT
cache-control: max-age=86400
x-time-ng: 0.008
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-9d6d7d5ab1851b3f9d6a22affe3afeb1-185ab9bfbced1a8d-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-23T14:28:29+00:00, 2024-04-25T14:32:54+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/5606.webp

185.244.209.62

200 OK

856 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/5606.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
856 B (856 bytes)
Hash
39d437b8a184967202b9e950987358f9
046e69e47e85748dbf8eca45cd7cb517d137d9d5
bd7b81a9e7ade057bec9f2d7f0f17146f3370ba75fb5102c2d0e3f8a188a36f7

HTTP Headers

GET /resized/size16/sfiles/logo_teams/5606.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:43 GMT
content-type: image/webp
content-length: 856
cache-control: max-age=94608000
content-disposition: inline; filename="5606.webp"
content-security-policy: script-src 'none'
expires: Wed, 17 Mar 2027 20:32:47 GMT
x-request-id: ebf3d97846e0b0f15e411db1bfedabd9
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-a395fa260a1483b84020b0ed8a3a2c39-199343d72a93b80a-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-03-17T20:32:47+00:00, 2024-03-23T17:52:57+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

widget.suphelper.top/services/widget/v2/most-required?projectId=5b61b42ffdf00b25dc78f342&credentials=%7B%22$type%22:%22GuestCredentials%22,%22id%22:%2236771331-bf5d-48a8-8829-8a3074d48db3%22%7D

104.18.39.72

200 OK

24 B

URL GET HTTP/2
widget.suphelper.top/services/widget/v2/most-required?projectId=5b61b42ffdf00b25dc78f342&credentials=%7B%22$type%22:%22GuestCredentials%22,%22id%22:%2236771331-bf5d-48a8-8829-8a3074d48db3%22%7D
IP
104.18.39.72:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
24 B (24 bytes)
Hash
d6bacfff68d40ad2744454c2506cc0f9
85f1f094d174fd4d78bd382c7948b95e9db93215
cd0483a083f6c73e9cd006ee073b875188c49f4025f771ecbcb795d40ac980ed

HTTP Headers

GET /services/widget/v2/most-required?projectId=5b61b42ffdf00b25dc78f342&credentials=%7B%22$type%22:%22GuestCredentials%22,%22id%22:%2236771331-bf5d-48a8-8829-8a3074d48db3%22%7D HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 25 Apr 2024 23:55:46 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 87a2440ff90056ae-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/cae4f1b8545c.js

185.244.209.62

200 OK

1.0 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/cae4f1b8545c.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (1063), with no line terminators
Size
1.0 kB (1024 bytes)
Hash
a3ae3c18635c48e68ba9002fa8dd51f7
75a1a27b788148b6bd79b7f36a1b702d817bdaa4
cded0f61d0d943609f59c0531251ca195ba897ad706004622f81d0e02f35d994

HTTP Headers

GET /sys-static/sys-betting-app-static/Desktop/Default/44136fa355b3/cae4f1b8545c.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:49 GMT
content-type: text/javascript; charset=utf-8
last-modified: Tue, 23 Apr 2024 12:34:23 GMT
etag: W/"719cfbcc9fea351eaa8e09773949ae73"
x-amz-meta-mtime: 1713875281.741615558
content-encoding: gzip
expires: Wed, 24 Apr 2024 12:55:15 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-9e517180db6d0e8bfd380baf875fb8df-b5bc1cedd008beec-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-23T12:55:15+00:00, 2024-04-25T13:05:56+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

v3.traincdn.com/resized/size16/sfiles/logo_teams/140129.webp

185.244.209.62

200 OK

738 B

URL GET HTTP/2
v3.traincdn.com/resized/size16/sfiles/logo_teams/140129.webp
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-660473.top/en?tag=d_34142m_22583c_[]MS[]null[]null[]general[]{site_id}_d22490_l30755_clickunder
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73
ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
738 B (738 bytes)
Hash
b5f581e44e272d7fabd29783fc5a8e5d
3fd494c43c85b49dc98561b48f9b466b834e18dc
e1e4af292fb2f83b89e087877a331543d7a6de671319be410ce6b17df44f17c8

HTTP Headers

GET /resized/size16/sfiles/logo_teams/140129.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:55:48 GMT
content-type: image/webp
content-length: 738
cache-control: max-age=94608000
content-disposition: inline; filename="140129.webp"
content-security-policy: script-src 'none'
expires: Thu, 22 Apr 2027 23:11:45 GMT
x-request-id: d1843a1ef233a04a4e5fdcffae099da0
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-74782bfdddbf9bc2928c3dee51922d78-d797014050f92b3e-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-22T23:11:45+00:00, 2024-04-23T18:21:59+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2

widget.suphelper.top/_next/static/chunks/0c294a17-329dda05de2a378d.js

104.18.39.72

200 OK

10 kB

URL GET HTTP/2
widget.suphelper.top/_next/static/chunks/0c294a17-329dda05de2a378d.js
IP
104.18.39.72:443
ASN
#13335 CLOUDFLARENET

Requested by
https://widget.suphelper.top/
Certificate
IssuerGoogle Trust Services LLC
Subjectsuphelper.top
Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36
ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT

File type
JavaScript source, ASCII text, with very long lines (10533), with no line terminators
Size
10 kB (10533 bytes)
Hash
54b2d4e92e16d2ea51898124107af46a
ab4225b696e63c9040de1511fa229cf65b4d3750
e17ccea95df87c35add9994b01ef7bb6e8b5c2ebea282c461199a140a5675662

HTTP Headers

GET /_next/static/chunks/0c294a17-329dda05de2a378d.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 25 Apr 2024 23:55:45 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Wed, 17 Jan 2024 06:19:55 GMT
etag: W/"2925-18d161388b8"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 8616748
expires: Fri, 25 Apr 2025 23:55:45 GMT
server: cloudflare
cf-ray: 87a244071df556ae-OSL
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (115)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML