Report - 1xlite-090241.top/en?tag=d_85563m_20833c_[]MS[]null[]null[]general[]{site_id}_d22490_l46995

Report Overview

Visited public
2025-05-19 21:34:15
Tags
Submit Tags
URL
1xlite-090241.top/en?tag=d_85563m_20833c_[]MS[]null[]null[]general[]{site_id}_d22490_l46995_clickunder
Finishing URL
1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
IP / ASN
83.147.224.92
#0
Title
1xBet

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
1xlite-090241.top	unknown	2024-09-02	2025-05-16	2025-05-16	20 kB	938 kB	83.147.224.92
v3.traincdn.com	unknown	2022-11-10	2022-11-25	2025-05-15	36 kB	6.0 MB	185.244.209.62
radar.cedexis.com	3035	2009-01-07	2013-11-27	2025-05-15	850 B	1.4 kB	45.54.49.5
region1.analytics.google.com	unknown	1997-09-15	2022-03-17	2025-05-14	2.5 kB	1.7 kB	216.239.32.36
www.google.no	25607	2001-02-26	2012-06-26	2025-05-14	1.2 kB	580 B	142.250.74.131
www.googletagmanager.com	75	2011-11-11	2012-10-04	2025-05-14	2.8 kB	1.9 MB	142.250.74.168
www.google.com	7	1997-09-15	2015-05-10	2025-05-14	2.0 kB	1.2 kB	142.250.74.68

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-05-19	medium	1xlite-090241.top	Sinkholed
2025-05-19	medium	1xlite-090241.top	Sinkholed
2025-05-19	medium	1xlite-090241.top	Sinkholed
2025-05-19	medium	1xlite-090241.top	Sinkholed
2025-05-19	medium	1xlite-090241.top	Sinkholed
2025-05-19	medium	1xlite-090241.top	Sinkholed
2025-05-19	medium	1xlite-090241.top	Sinkholed
2025-05-19	medium	1xlite-090241.top	Sinkholed
2025-05-19	medium	1xlite-090241.top	Sinkholed
2025-05-19	medium	1xlite-090241.top	Sinkholed
2025-05-19	medium	1xlite-090241.top	Sinkholed
2025-05-19	medium	1xlite-090241.top	Sinkholed
2025-05-19	medium	1xlite-090241.top	Sinkholed
2025-05-19	medium	1xlite-090241.top	Sinkholed
2025-05-19	medium	1xlite-090241.top	Sinkholed
2025-05-19	medium	1xlite-090241.top	Sinkholed
2025-05-19	medium	1xlite-090241.top	Sinkholed
2025-05-19	medium	1xlite-090241.top	Sinkholed

ThreatFox

No alerts detected

JavaScript (55)

	URL	From	Size	First Seen	Last Seen
	v3.traincdn.com/main-static/27cfaced/desktop/default/runtime-2a9725f7.js	ScriptElement	20 kB	2025-05-16	2025-05-20
Pretty URL v3.traincdn.com/main-static/27cfaced/desktop/default/runtime-2a9725f7.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-16 09:49 Last Seen2025-05-20 09:12 Times Seen36 Hash 16798f46ffe9b2786707df95ce82e0f1 1524d6bc57815525a1abcf75f4adcbb3e25c9e78 ad9893ceb7d8c2cc00d978f1bf58eb5c71e4ed6fcf38b4400a95d3c4fdabfe3b Loading...

	radar.cedexis.com/1/23802/radar.js	ScriptElement	390 B	2024-02-13	2025-07-13
Pretty URL radar.cedexis.com/1/23802/radar.js IP 45.54.49.5 ASN #63911 NetActuate, Inc Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-13 14:23 Last Seen2025-07-13 03:22 Times Seen3001 Hash 82dec77fd0353c7c71ce053b8601387e fbbca95419e1d0c042e0a5fdf10f380aca66188c 39f2b7b0fa78d37d0c84d2d6618bd635d86fd683d9bcdd5729850cb2a62522f7 Loading...

	v3.traincdn.com/main-static/27cfaced/desktop/default/commons/app-ced54db2.js	ScriptElement	138 kB	2025-05-16	2025-05-20
Pretty URL v3.traincdn.com/main-static/27cfaced/desktop/default/commons/app-ced54db2.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-16 09:49 Last Seen2025-05-20 09:12 Times Seen36 Hash d06541e08a5a1dd6fc50b5f62e5b35a1 cd4f2080b5b1253ef06694361b973acf77990721 4f1ad25ec353cba3ddb97b3d025fd21a5e9f25bb76aa100d707ba79fff8cdd01 Loading...

	v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/48e48442c6.js	ImportedModule	2.4 kB	2025-05-19	2025-05-21
Pretty URL v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/48e48442c6.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-05-19 11:36 Last Seen2025-05-21 14:07 Times Seen40 Hash c9f2bb3385d31e56256121e6512c3547 7bd71f600844dd1a06d7442d1b185faa8cfccaa9 9aea802b52f05c625c31413ef2d1fad28f7e048ab9a9307ea5fcb3a3aa77f261 Loading...

	1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7	Function	287 kB	2025-05-19	2025-05-19
Pretty URL 1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7 IP 83.147.224.92 ASN #0 Introduced by Function Embedded in HTML false Observations First Seen2025-05-19 21:34 Last Seen2025-05-19 21:34 Times Seen1 Hash 01711675ccd662a5e82c712edaa94d38 eaa222e3f4e408d867cec9bb3b3f4b1a3e1457d3 a7bcc0d5991fd27d1fcf2a63cf57fef1c821dce545ea9f808edb75b87d189932 Loading...

	www.googletagmanager.com/gtm.js?id=GTM-KFGPRJ2V	ScriptElement	336 kB	2025-05-19	2025-05-19
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-KFGPRJ2V IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-19 21:34 Last Seen2025-05-19 21:34 Times Seen1 Hash fda533640daf25d60c0eacd19b5c5a7e 4da677e94933009f56498ca5233f9fd237e15ae5 515b27d319af1a1edf6435d1a31027cbc2e15f490072495a3947bb5f383b1b69 Loading...

	data:text/javascript,export const meta = import.meta;	ScriptElement	32 B	2023-12-06	2025-07-13
Pretty URL data:text/javascript,export const meta = import.meta; IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-06 14:32 Last Seen2025-07-13 03:22 Times Seen3764 Hash 6d772b7d405b447ecee54ab61cdd5108 dd65fb9cd5a7cb94a40fe161f4f72303a61eb3b7 b90ff694e492935b6036fb7e878d365dab51aafa46f0afb1e33414e7ecc3307b Loading...

	v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/414dd9cf2e.js	ImportedModule	4.1 kB	2025-05-19	2025-05-21
Pretty URL v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/414dd9cf2e.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-05-19 11:36 Last Seen2025-05-21 14:07 Times Seen40 Hash 5ded550550b8baead149725dc1797af5 ba60ea789f629179dd86e7790e14184c4985e274 fc39b5c9b1aa8a568bbb264ad84da3ece10cf78bafd7a3133de4a3d2d6034a4a Loading...

	www.googletagmanager.com/gtag/destination?id=AW-16664555628&cx=c&gtm=45He55g2v9180563600za200&tag_exp=101509157~102015666~103116025~103130498~103130500~103136993~103136995~103200001~103207802~103233427~103252644~103252646~103263073~103301114~103301116	ScriptElement	338 kB	2025-05-19	2025-05-19
Pretty URL www.googletagmanager.com/gtag/destination?id=AW-16664555628&cx=c&gtm=45He55g2v9180563600za200&tag_exp=101509157~102015666~103116025~103130498~103130500~103136993~103136995~103200001~103207802~103233427~103252644~103252646~103263073~103301114~103301116 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-19 21:34 Last Seen2025-05-19 21:34 Times Seen1 Hash a470624f7a528142cbe6c5d82ed86ec3 e3600d6563dc62431e6d237c34e758dea8b3865b 4287bd92e7d03182b73051fa59714455ef215b31c790e222595653fd81967a2d Loading...

	v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/40c2899d07.js	ImportedModule	864 B	2025-05-19	2025-05-21
Pretty URL v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/40c2899d07.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-05-19 11:36 Last Seen2025-05-21 14:07 Times Seen40 Hash f52548a903f43d0b771b5f0a3023637a 41969dcfc4ec8e6b25cc170a65cf2e5a28277fec 72daf14a746ec9def6a9d1c88409dc991e397b879a0e921e8da69375019c2efd Loading...

	v3.traincdn.com/main-static/27cfaced/desktop/default/vendors/app-d483f9b7.js	ScriptElement	1.4 MB	2025-05-16	2025-05-20
Pretty URL v3.traincdn.com/main-static/27cfaced/desktop/default/vendors/app-d483f9b7.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-16 09:49 Last Seen2025-05-20 09:12 Times Seen36 Hash 4d54c346afc73d0d2bfade2055537cbf 24cdcba45ac1ddde8b7f149a589fe580150e80b5 0bc1a5abacc70bef1c77fe8b1885f8461428a6add595c902cd1a69109cde1b40 Loading...

	v3.traincdn.com/main-static/27cfaced/desktop/default/vendors/plugins.v-tooltip-f80b21f3.js	ScriptElement	77 kB	2025-05-16	2025-05-20
Pretty URL v3.traincdn.com/main-static/27cfaced/desktop/default/vendors/plugins.v-tooltip-f80b21f3.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-16 09:49 Last Seen2025-05-20 09:12 Times Seen36 Hash 279b8172376619d3e90b7f7f5f604546 563bc17cf629d2bcff9a46af92aeaf3e982818e9 361939c02f2c42d2679eab83eae855dd6353e25b24cf995df435c89afcf09f57 Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_fast_deep_equal_XYWIEKOD.js	ImportedModule	865 B	2025-05-14	2025-07-13
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_fast_deep_equal_XYWIEKOD.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-05-14 05:06 Last Seen2025-07-13 03:22 Times Seen1070 Hash 0af3fe0c072a5bb3b6c731767187982f 55db5afb57265dc92fd121fe9ae565ffb2f53b2c 655bbe85da91e863401c6f96e24b41f5c2fe51a4245cecc2deb2b8c9600fef30 Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_chunk_7HDOEZTP.js	ImportedModule	1.2 kB	2025-05-14	2025-07-13
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_chunk_7HDOEZTP.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-05-14 05:06 Last Seen2025-07-13 03:22 Times Seen1070 Hash 7e76c08e7f16815131a5f13a10c1efba 5f800877b78a0713157fe119bc1a2d9a260f72e1 c6f29a0c7c3ed884ccffd7a529fd2fc599e2da1f31af658146f0e36a3f4c00dc Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_vue_deps_DYMTJONH.js	ImportedModule	19 kB	2025-05-14	2025-07-13
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_vue_deps_DYMTJONH.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-05-14 05:06 Last Seen2025-07-13 03:22 Times Seen1070 Hash 1580a3cfe81fd30910a49dfe64cc8e7b 314144dc49595482ba46c0b85b38d5f73ef73a7b 8989a021d20f0fc08c43966a287cbd99e43142a5a0ff42eb232756a101de6035 Loading...

	1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7	Eval	299 kB	2025-05-19	2025-05-19
Pretty URL 1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7 IP 83.147.224.92 ASN #0 Introduced by eval Embedded in HTML false Observations First Seen2025-05-19 21:34 Last Seen2025-05-19 21:34 Times Seen1 Hash db49bf2d84cd243b5cd8ca3bb9f0520b e5c08a8df8952a946d5aa99a7976538d1d0f964f 2e28e3d0a04893dc42ce46ee3c734a543004f5366608e4044ff201d9e80f248e Loading...

	1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7	Function	47 B	2023-04-14	2025-07-13
Pretty URL 1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7 IP 83.147.224.92 ASN #0 Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26 Last Seen2025-07-13 03:22 Times Seen5963 Hash a01893d8e129ad16c1e0fc5c7537f411 0e46d1bf2718f848d9d596fa269eaedb31204772 cbe7b89533bcd75b69f3e54807308551d68242ec1761e63bee1a99fc6e560175 Loading...

	www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66	ScriptElement	461 kB	2025-05-19	2025-05-20
Pretty URL www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-19 21:34 Last Seen2025-05-20 05:38 Times Seen2 Hash a67ddbf88d7d50509cd7f34679af6dff 14366bd171e3d5c4ec86c58baf150842d1702276 b7a0cf4159e7222f0d5390358babfa939f35b59de86b82aa64e790583d9e7ca4 Loading...

	v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/entry-d9a8683836.js	ScriptElement	21 kB	2025-05-19	2025-05-21
Pretty URL v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/entry-d9a8683836.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-19 11:36 Last Seen2025-05-21 14:07 Times Seen40 Hash b66c3f0c2bcb2ee8031876cbd4fe2ec8 85b28f86aa422623dee0103fb952f50036e47b48 5c24a154c0d97d0f1fdf6ac656ff60edab093e0de835b7953c9c15b8398c8205 Loading...

	1xlite-090241.top/hd-api/external/apps/c5e31d5915661de4393e3f1489b00ebc4497dd48/api.js	ScriptElement	753 B	2025-02-26	2025-05-20
Pretty URL 1xlite-090241.top/hd-api/external/apps/c5e31d5915661de4393e3f1489b00ebc4497dd48/api.js IP 83.147.224.92 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2025-02-26 21:56 Last Seen2025-05-20 22:14 Times Seen513 Hash f004562bde4d48fb0987e200eb06f3af 6ce4bb1f9a61802bc2b28d084810a6a752af30a6 ba2a7d9626d02a36d5c599c2e0f24594f47e2624d8fa93f6944056722e31f20f Loading...

	1xlite-090241.top/hd-api/external/assets/hdf.js	ScriptElement	4.1 kB	2024-11-12	2025-05-20
Pretty URL 1xlite-090241.top/hd-api/external/assets/hdf.js IP 83.147.224.92 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-11-12 02:24 Last Seen2025-05-20 22:14 Times Seen708 Hash 2f26a679e9d54a65e6578e947cc5bdf2 1b984864aa7b3e28231ac7cea3c199435dbdc6bf 1e3c4bd81a1cd9ee02e42a42802d5c18cbdb3f3a11c0b2732eb11bd12263020c Loading...

	v3.traincdn.com/main-static/27cfaced/desktop/default/analytics-55fb0de0.js	ScriptElement	7.8 kB	2025-05-16	2025-05-20
Pretty URL v3.traincdn.com/main-static/27cfaced/desktop/default/analytics-55fb0de0.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-16 09:49 Last Seen2025-05-20 09:12 Times Seen36 Hash 77aa49e6ab5e4ed8f2beb4b6015d0c92 4d8456974f03f3fb0891ccab9c4c793db75b15fa 94cd4b40b2a755b58ad4efe05df1828a8fe7eb8a50ac2506c9bd3bc6cbd9e1da Loading...

	www.googletagmanager.com/gtag/destination?id=DC-14030178&cx=c&gtm=45He55g2v9180563600za200&tag_exp=101509157~102015666~103116025~103130498~103130500~103136993~103136995~103200001~103207802~103233427~103252644~103252646~103263073~103301114~103301116	ScriptElement	293 kB	2025-05-19	2025-05-19
Pretty URL www.googletagmanager.com/gtag/destination?id=DC-14030178&cx=c&gtm=45He55g2v9180563600za200&tag_exp=101509157~102015666~103116025~103130498~103130500~103136993~103136995~103200001~103207802~103233427~103252644~103252646~103263073~103301114~103301116 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-19 21:34 Last Seen2025-05-19 21:34 Times Seen1 Hash cfbe4426f17ab2533d23bc3ff8e5a46e 191a56f9d642b993cdeafc0ef6f071ae00164095 e627854feee935af7149982bdfe70c7040df6711acd368c6fa3b13dbb5d355f3 Loading...

	www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66&cx=c&gtm=45He55g2v9180563600za200&tag_exp=101509157~102015666~103116025~103130498~103130500~103136993~103136995~103200001~103207802~103233427~103252644~103252646~103263073~103301114~103301116	ScriptElement	461 kB	2025-05-19	2025-05-19
Pretty URL www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66&cx=c&gtm=45He55g2v9180563600za200&tag_exp=101509157~102015666~103116025~103130498~103130500~103136993~103136995~103200001~103207802~103233427~103252644~103252646~103263073~103301114~103301116 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-19 21:34 Last Seen2025-05-19 21:34 Times Seen1 Hash 6c757711463014f759eefdec1f2c93bc ae19fade699b6d9a015b143d7be3d576148d6424 c5877c87291cf8706cdfb0a750cd819113da130475602dff15b3355966f98337 Loading...

	1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7	Function	96 B	2023-12-06	2025-07-13
Pretty URL 1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7 IP 83.147.224.92 ASN #0 Introduced by Function Embedded in HTML false Observations First Seen2023-12-06 14:32 Last Seen2025-07-13 03:22 Times Seen3764 Hash 94361ed86ab9b2fbb8d805c2025df46a 3f428332f7a1c7196a85c93a373a966d75708c19 eee4d228a49a86625f29410cf9a23d145e821a09cbb1f7a4d7557d206872715a Loading...

	v3.traincdn.com/main-static/27cfaced/desktop/default/vendors/plugins.vue-js-modal-ed1107e5.js	ScriptElement	27 kB	2025-05-16	2025-05-20
Pretty URL v3.traincdn.com/main-static/27cfaced/desktop/default/vendors/plugins.vue-js-modal-ed1107e5.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-16 09:49 Last Seen2025-05-20 09:12 Times Seen36 Hash 89f1aeffe75795e0b27e64806de73905 ef08aa8269a36c994a913d7aa08306992f837efe 42d2641d3fe061788f3a3252cc03bbb0ecaa48de92434d85f2ec6facfb060be6 Loading...

	v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/6b43c5b5d3.js	ImportedModule	2.0 kB	2025-05-19	2025-05-21
Pretty URL v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/6b43c5b5d3.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-05-19 11:36 Last Seen2025-05-21 14:07 Times Seen40 Hash 1e18a93aece4ef47d1ff426964e8aada 1b30aeca0f1fbd71a432cc3d93a009e83c36bbfe 40b96f95229d861b6d99a826d31db0fff5b2c09ec38590f41693a10abfd1d896 Loading...

	v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/1c93b4ed2e.js	ImportedModule	27 kB	2025-05-19	2025-05-21
Pretty URL v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/1c93b4ed2e.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-05-19 11:36 Last Seen2025-05-21 14:07 Times Seen40 Hash 860236e0b2943fed92e86a7733b71a66 ab584762c27eaed600a560a791eaf0e9276d9988 f5b989a3988434641d7c911774576a74d22a4301d065ef380c52c449a48e2e86 Loading...

	1xlite-090241.top/main-static/27cfaced/check-ob.js	ScriptElement	219 B	2024-07-17	2025-07-13
Pretty URL 1xlite-090241.top/main-static/27cfaced/check-ob.js IP 83.147.224.92 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-07-17 14:33 Last Seen2025-07-13 03:22 Times Seen2190 Hash c065700c9c8c493403359e1f2baa10d9 4630fe729e70bdf63fa7ba6c84ec277fd1f51030 1e61f0c82ae82ffcf503fcd4b4c8ae27b32c11e19b882d5d13f3c44364c893f4 Loading...

	v3.traincdn.com/main-static/27cfaced/desktop/default/vendors/plugins.vue-notification-3480bbbb.js	ScriptElement	13 kB	2025-05-16	2025-05-20
Pretty URL v3.traincdn.com/main-static/27cfaced/desktop/default/vendors/plugins.vue-notification-3480bbbb.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-16 09:49 Last Seen2025-05-20 09:12 Times Seen36 Hash 8262a405ddcbf2b8f007e45bb1ffb879 629d425c3a211b9a6a4c0e64ead1783e22964c56 33795ab29f3e0a0360208fb32ddbcf541861a0f256cbb28eae92beb0a0e6c843 Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_accept_language_parser_B6TW5FDZ.js	ImportedModule	1.3 kB	2025-05-14	2025-07-13
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_accept_language_parser_B6TW5FDZ.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-05-14 05:06 Last Seen2025-07-13 03:22 Times Seen1070 Hash e3f1c4089db6b910890e85d97a2e2066 85828920da3c3fd7856acde184e835ac314295cd 6c28afe5a52e0f9b1138fe498b254c8671058a058b555651ccae8e91e7534614 Loading...

	v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/cf4f259f8c.js	ScriptElement	3.9 kB	2025-05-19	2025-05-21
Pretty URL v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/cf4f259f8c.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-19 11:36 Last Seen2025-05-21 14:07 Times Seen40 Hash fcdca000feb4c679eb0a18653e23efc5 aa3e279662f6d8f44dc0bd2cee2c8bc8f6db713e aad3aed8bbfab0e7ff76be75ca8e2bd1b901b6f6529de701364a201036e194cd Loading...

	1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7	Function	34 B	2023-04-14	2025-07-13
Pretty URL 1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7 IP 83.147.224.92 ASN #0 Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26 Last Seen2025-07-13 03:22 Times Seen5976 Hash 7bcdb973ab8af8e24ab11cb554a1ba6e 24e8a10f240f2b06f81d7c173cd0a90606641fc1 916ec4eb9b485eb47f43a17fe212e84e4b72600b45eb6d4588599ad495a57fcd Loading...

	1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7	ScriptElement	1.7 kB	2025-05-16	2025-05-20
Pretty URL 1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7 IP 83.147.224.92 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2025-05-16 09:49 Last Seen2025-05-20 09:12 Times Seen36 Hash 8c00cc60de42878ecd4cb2c6aeac6a13 9dc1934c867e7c148a1e2316afc966de9addc4ce c700ac466e9a57c3320c2d46790dcd9ccb8517ddb6946e7d4fe4a1735368eea9 Loading...

	v3.traincdn.com/main-static/27cfaced/desktop/default/Page.Block-939b6bc3.js	ScriptElement	476 B	2025-05-16	2025-05-20
Pretty URL v3.traincdn.com/main-static/27cfaced/desktop/default/Page.Block-939b6bc3.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-16 09:49 Last Seen2025-05-20 09:12 Times Seen36 Hash 2fe07ae785374b41c72eae809cd778cd e6cc6b915f50bd0539100f17459920f655490846 8f48198c6791e142c07d1c61cc78823a6e9187b2ea0b679a9afdb534ff653613 Loading...

	1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7	Eval	2.6 kB	2025-05-14	2025-05-28
Pretty URL 1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7 IP 83.147.224.92 ASN #0 Introduced by eval Embedded in HTML false Observations First Seen2025-05-14 05:06 Last Seen2025-05-28 10:05 Times Seen136 Hash 056b2fc0921973e37a14e44dfc8894d8 3cde9b6e849ed18198aa4d8b446341e38040d27f 35484299c989b529a0d35acc5532486d979b4aa20fdc79ff07796b2ebe917053 Loading...

	v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/4b76e0d22a.js	ImportedModule	147 B	2025-05-19	2025-05-21
Pretty URL v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/4b76e0d22a.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-05-19 11:36 Last Seen2025-05-21 14:07 Times Seen40 Hash 40c2e2ef8def48ecb1921f0c3be6a218 0080b9255d95a83e46f058103b8194e179807f07 47d249ba898f4a736d4742d08c07b3bedc53d1f1a2c0ae97450fae95f79b0fc4 Loading...

	1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7	Function	44 B	2023-04-14	2025-07-13
Pretty URL 1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7 IP 83.147.224.92 ASN #0 Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26 Last Seen2025-07-13 03:22 Times Seen5966 Hash 00beb9884d0391b342eadd30744b539a 3124c0bd593822379d22f13d3e08e70a1bf5ea14 92394eec5690449a4f6cfc9a7f97497a69e926b2365cb9a9aad3507a844f835c Loading...

	1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7	ScriptElement	6.4 kB	2025-05-19	2025-05-20
Pretty URL 1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7 IP 83.147.224.92 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2025-05-19 11:36 Last Seen2025-05-20 09:12 Times Seen20 Hash 897e2379455f13b9908b05636f2862db f5b5ace47bb2fcc8701da8b4d5d5951073d2faee cfc2a0c47017daed18512bb8a5f3292af5a3c35f2d07fb2839feab6a757392da Loading...

	1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7	ScriptElement	196 kB	2025-05-19	2025-05-19
Pretty URL 1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7 IP 83.147.224.92 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2025-05-19 21:34 Last Seen2025-05-19 21:34 Times Seen1 Hash 1dc05e0113e6afbec5860aeed4dc143c d23f2a74b9ee72dbdc9fdeed044c0be2f4ed918a bb7302eee0a68fe3f90a0a9ea45b2882bb881a4d43fb01f5482f8542b58513a1 Loading...

	v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/$_$.js	ImportedModule	69 B	2025-05-14	2025-07-13
Pretty URL v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/$_$.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-05-14 05:06 Last Seen2025-07-13 03:22 Times Seen991 Hash 2cdaa92927f02e0b628f1ef4d7dd8caf 9104a2e16ed080b80a42588b8aeb52ebec47ab7a ef8101ffea52addcdcfcc3a83f96ff2d4613fb3ae6d1c16bbe4852387b73a9db Loading...

	v3.traincdn.com/sys-static/shared-assets/Desktop/__shared_base-app_114fe59c47.js	ImportedModule	789 kB	2025-05-14	2025-05-21
Pretty URL v3.traincdn.com/sys-static/shared-assets/Desktop/__shared_base-app_114fe59c47.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-05-14 05:06 Last Seen2025-05-21 14:07 Times Seen62 Hash 435056127d090da3962ec407566149c5 9313f126df39a83e81ff125106f1bf005bb38cde b285814b5de1f3b5270786c6e06277a6c250b186a9e468c3bb9ac63e93b9b490 Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_libphonenumber_js_Q6RMKWT6.js	ImportedModule	159 kB	2025-05-14	2025-07-13
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_libphonenumber_js_Q6RMKWT6.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-05-14 05:06 Last Seen2025-07-13 03:22 Times Seen1070 Hash 1da464d70e78b04b9b808e82e4ad9487 0c79e65516d1525ecb43d13cfb4ccb0631095a28 b4c72b8036ca6767ab61490178f901538646f2aa1001cb042caa134174a41595 Loading...

	v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/a4446f7d50.js	ImportedModule	1.1 kB	2025-05-14	2025-05-21
Pretty URL v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/a4446f7d50.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-05-14 05:06 Last Seen2025-05-21 14:07 Times Seen61 Hash 27394e2b9d3d63b092206c08e9a504fa 9f767f416c7e7ef9a1f210d5944c8b050404282a 337cbcca75bb6b4ce433521b154bea716e8dcce784d8424018d8437a5d5466a5 Loading...

	1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7	Function	87 kB	2025-05-15	2025-05-20
Pretty URL 1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7 IP 83.147.224.92 ASN #0 Introduced by Function Embedded in HTML false Observations First Seen2025-05-15 17:07 Last Seen2025-05-20 05:38 Times Seen42 Hash 729bd4332f40972605c189cf5db7cff6 deb085d480edd6ac4627d0a887ef2097395e9ac6 ad4b29bf971ecc3a8092d356ca78880367406d4c735d6c5a6f8b3e9274762996 Loading...

	v3.traincdn.com/main-static/27cfaced/desktop/default/app-2a26d91e.js	ScriptElement	513 kB	2025-05-16	2025-05-20
Pretty URL v3.traincdn.com/main-static/27cfaced/desktop/default/app-2a26d91e.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-16 09:49 Last Seen2025-05-20 09:12 Times Seen36 Hash d80ae0c5c2d96b989c6f2958090aa346 fc51a1b2b63841dc761fa99e631df6a20352b56c c0d16fe812015504be9c8b19ab96478b509166d6e416c9afc4744c3273b510f8 Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_localforage_FJKG5M2E.js	ImportedModule	30 kB	2025-05-14	2025-07-13
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_localforage_FJKG5M2E.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-05-14 05:06 Last Seen2025-07-13 03:22 Times Seen1070 Hash 02cf95f00794b77df34632e34a59c5be b64889fb6cbe78a141688ea761a627997ef8a8af bf78b7b3dd6ecbdea04c575edfb6022ed1b2e98c7a9cb9f02ab851ca638f1b83 Loading...

	1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7	Function	39 B	2023-04-14	2025-07-13
Pretty URL 1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7 IP 83.147.224.92 ASN #0 Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26 Last Seen2025-07-13 03:22 Times Seen5969 Hash bc51ed8c76553717f10d58b2df60fd76 e2d03a8fd8d280074b226c288880f9df299c7cb1 bee994eaf88453f6343ba57571a069054c12c9b4e42f8cbad4f2ad75c7fb264c Loading...

	v3.traincdn.com/main-static/27cfaced/desktop/default/DC-bf1f813a.js	ScriptElement	2.7 kB	2025-05-16	2025-05-20
Pretty URL v3.traincdn.com/main-static/27cfaced/desktop/default/DC-bf1f813a.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-16 09:49 Last Seen2025-05-20 09:12 Times Seen36 Hash 40b2e51982157a7ef5cf930e642f16df d83516b0e591d56b10f810c7b8dbbad061c91936 ee18720b3b99ce7cebf4429589dae59cda1c3d20af092c1fb052e921e452e81d Loading...

	1xlite-090241.top/captcha-api/assets/hunt-captcha.js	ScriptElement	89 kB	2025-05-15	2025-05-20
Pretty URL 1xlite-090241.top/captcha-api/assets/hunt-captcha.js IP 83.147.224.92 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-15 17:07 Last Seen2025-05-20 05:38 Times Seen42 Hash 65da0bf0a5d4b9a3a2a93c4386600641 46fe39217fcb8ecb0088418e2d66d6dc340f9a1b 5f4eaff44e73fc71975b97b275e08e4d55a8c2e01fdaafe14e9a44abeb47aea3 Loading...

	1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7	DomTimer	10 B	2024-09-21	2025-07-13
Pretty URL 1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7 IP 83.147.224.92 ASN #0 Introduced by domTimer Embedded in HTML false Observations First Seen2024-09-21 15:04 Last Seen2025-07-13 03:22 Times Seen1804 Hash 01f4b51b4ba7edd00ad9f0a22259f06e 00723d0eda4be61a7b1c542b0a08a94a94a60017 9fdac1c31a22f55dbb8ca225ee28c3f7e88b41cce82968af0018c9f8b3bd35ba Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_popper_js_E2H7ZPXQ.js	ImportedModule	21 kB	2025-05-14	2025-07-13
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_popper_js_E2H7ZPXQ.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-05-14 05:06 Last Seen2025-07-13 03:22 Times Seen1070 Hash 3cf0cae38afae9add22f7884e5061231 2a41037501375a439385a76a047876619683418f 322482e3beae5a985d069beea981614510fda90a5df7295b776a324d461fc43d Loading...

	1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7	Function	47 B	2023-04-14	2025-07-13
Pretty URL 1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7 IP 83.147.224.92 ASN #0 Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26 Last Seen2025-07-13 03:22 Times Seen5964 Hash 580b3e56fc9ab6e8b4655f43ee057cc1 5dfce565e446f4a167195de9a1a5dd26163c711c 446f07b6e56de61d2c2d5b6ba408cc580b492a6d1ede8fc51cfde4ef75a2b382 Loading...

	v3.traincdn.com/main-static/27cfaced/desktop/default/Betting.Core-ce15db64.js	ScriptElement	2.3 kB	2025-05-16	2025-05-20
Pretty URL v3.traincdn.com/main-static/27cfaced/desktop/default/Betting.Core-ce15db64.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-16 09:49 Last Seen2025-05-20 09:12 Times Seen36 Hash 3eeb94999b408be182e4c9d9a7464bd7 5855cfff781a9ed35bda1cb5198b37bda7d960ce 81bb08606ac13440b3ef833f872500f1d3c83baef50d4c8b7b9eb6cf1b40b992 Loading...

	v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/5921c2dece.js	ScriptElement	1.2 kB	2025-05-19	2025-05-21
Pretty URL v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/5921c2dece.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-19 11:36 Last Seen2025-05-21 14:07 Times Seen40 Hash 0e803511b278d2c1a4950ebe5bfe945d 8163aaf39fa204730cecc0531587146ce7ec7d3b 2e838b03c7c8b29199dbf6dafbd1478d7796572e3a6d2616736e2829d685f205 Loading...

HTTP Transactions (101)

URL IP Response Size

GET 1xlite-090241.top/en?tag=d_85563m_20833c_[]MS[]null[]null[]general[]{site_id}_d22490_l46995_clickunder

83.147.224.92

302 Found

268 kB

URL User Request GET
1xlite-090241.top/en?tag=d_85563m_20833c_[]MS[]null[]null[]general[]{site_id}_d22490_l46995_clickunder
IP
83.147.224.92:443
ASN
#0

Certificate
IssuerLet's Encrypt
Subject1xlite-090241.top
Fingerprint5A:67:F4:E1:45:5F:10:5B:3D:BC:4E:11:D8:DB:57:8F:9E:DE:FE:D4
ValidityMon, 21 Apr 2025 05:22:27 GMT - Sun, 20 Jul 2025 05:22:26 GMT

File type

Size
268 kB (267828 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /en?tag=d_85563m_20833c_[]MS[]null[]null[]general[]{site_id}_d22490_l46995_clickunder HTTP/1.1
Host: 1xlite-090241.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: nginx
date: Mon, 19 May 2025 21:33:50 GMT
location: https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
link: <https://v3.traincdn.com/sys-ui/2.3.183/Desktop/Default/client.css>; rel=preload; as=style; crossorigin=anonymous
server-timing: dt_total;dur=0.012, total;dur=34;desc="Nuxt Server Time", wf-uht;dur=0.045
set-cookie: platform_type=desktop; Path=/; Expires=Thu, 22 May 2025 21:33:50 GMT; Secure; SameSite=None; Partitioned
gw-mm=; Path=/; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Secure; SameSite=None; Partitioned
lng=en; Path=/
cookies_agree_type=3; Path=/
tzo=2; Path=/
is12h=0; Path=/
referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_85563m_20833c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l46995_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; Path=/; Expires=Fri, 18 Jul 2025 21:33:50 GMT
reflinkid=d_85563m_20833c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l46995_clickunder; Path=/; Expires=Mon, 19 May 2025 22:33:50 GMT
postback_watcher=; Path=/; Expires=Mon, 19 May 2025 21:33:54 GMT
auid=U5PgXGgro77CxLxMA33bAg==; path=/; secure; httponly; samesite=lax
x-dt: 285
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/shared-assets/__shared_vue_deps_DYMTJONH.js

185.244.209.62

200 OK

19 kB

URL GET
v3.traincdn.com/sys-static/shared-assets/__shared_vue_deps_DYMTJONH.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (19034)
Size
19 kB (19175 bytes)
Hash
1580a3cfe81fd30910a49dfe64cc8e7b
314144dc49595482ba46c0b85b38d5f73ef73a7b
8989a021d20f0fc08c43966a287cbd99e43142a5a0ff42eb232756a101de6035

HTTP Headers

GET /sys-static/shared-assets/__shared_vue_deps_DYMTJONH.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-090241.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 19 May 2025 21:33:52 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-d1293a0a0266569ffa0cc5baa855ba14-d7ac1dc94e3e9157-01
last-modified: Mon, 19 May 2025 08:03:51 GMT
etag: W/"1580a3cfe81fd30910a49dfe64cc8e7b"
x-amz-meta-mtime: 1747641607.873065884
content-encoding: gzip
expires: Tue, 20 May 2025 19:00:44 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 9188
cache: HIT
x-cached-since: 2025-05-19T19:00:44+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2

185.244.209.62

200 OK

64 kB

URL GET
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 63920, version 1.0
Size
64 kB (63920 bytes)
Hash
a65527fcb58f66a7cfbc0e6b160538b4
45d260e7fa343401b5bb0df982a014f53e2d253b
fb13c3a1cbac60649b76f7d7f85c1645d35ac69b85ce5f4eb0692505ecc2cd45

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-090241.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 19 May 2025 21:33:51 GMT
content-type: font/woff2
content-length: 63920
traceparent: 00-c292b506719cd37117115cba6ab7da70-a9598417ca0cda64-01
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "a65527fcb58f66a7cfbc0e6b160538b4"
expires: Thu, 16 Jan 2025 10:45:34 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 272
cache: HIT
x-cached-since: 2025-05-19T21:29:19+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_coupon/en/dictionary_7f9929f9278a5ec48677c57da7e65df4.json

185.244.209.62

200 OK

24 kB

URL GET
v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_coupon/en/dictionary_7f9929f9278a5ec48677c57da7e65df4.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
24 kB (24340 bytes)
Hash
40b55f195304c8abb24179499bb6717b
107facb64795f95ea53b05300d453bd6a2866f4f
076ac666b53dc1afdd331724c42c68cb61b4870ad64bb62986d09f6db5c32550

HTTP Headers

GET /genfiles/web-app-v2/dictionary2/v3_coupon/en/dictionary_7f9929f9278a5ec48677c57da7e65df4.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-090241.top/
Origin: https://1xlite-090241.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 19 May 2025 21:33:52 GMT
content-type: application/json; charset=utf-8
traceparent: 00-b431643392bf62ce168f2537c614a9cd-7799e4cdd88d30a6-01
last-modified: Tue, 13 May 2025 16:06:46 GMT
etag: W/"40b55f195304c8abb24179499bb6717b"
cache-control: max-age=3600
content-encoding: gzip
expires: Tue, 13 May 2025 17:17:37 GMT
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 868
cache: HIT
x-cached-since: 2025-05-19T21:19:24+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_auth/en/dictionary_8574453c9c5d65bf297be66f71423d86.json

185.244.209.62

200 OK

9.5 kB

URL GET
v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_auth/en/dictionary_8574453c9c5d65bf297be66f71423d86.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
9.5 kB (9494 bytes)
Hash
1661d1014a976ec7768c741caf194185
85e052e27184e0154a70b96a98cee5c5bf59577a
5b00e493ede0e8fc719983a4b537cc3e790a1419c5bb1a00330009d06cfb189c

HTTP Headers

GET /genfiles/web-app-v2/dictionary2/v3_auth/en/dictionary_8574453c9c5d65bf297be66f71423d86.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-090241.top/
Origin: https://1xlite-090241.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 19 May 2025 21:33:52 GMT
content-type: application/json; charset=utf-8
traceparent: 00-404766bb3e87a46733c55ac421a183f9-c140510f83f622ac-01
last-modified: Mon, 19 May 2025 16:06:34 GMT
etag: W/"1661d1014a976ec7768c741caf194185"
cache-control: max-age=3600
content-encoding: gzip
expires: Mon, 19 May 2025 17:20:32 GMT
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 711
cache: HIT
x-cached-since: 2025-05-19T21:22:01+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_express_day/en/dictionary_1971e4038469f37ec9a819d99d5b8f4a.json

185.244.209.62

200 OK

1.1 kB

URL GET
v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_express_day/en/dictionary_1971e4038469f37ec9a819d99d5b8f4a.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
1.1 kB (1129 bytes)
Hash
a3810b04fc93c6b4f295ceb812f9f212
6cff2c69f8e43259380952d6c0df7ba563b7da8d
c1afcca19f61498f21aab6c0ca6b1992f5c8b4baf281dfa14b780ed780035c54

HTTP Headers

GET /genfiles/web-app-v2/dictionary2/v3_express_day/en/dictionary_1971e4038469f37ec9a819d99d5b8f4a.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-090241.top/
Origin: https://1xlite-090241.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 19 May 2025 21:33:52 GMT
content-type: application/json; charset=utf-8
traceparent: 00-d161dc4993646ed9905015a243eb3614-7b4da2d38906f580-01
last-modified: Fri, 09 May 2025 16:06:27 GMT
etag: W/"a3810b04fc93c6b4f295ceb812f9f212"
cache-control: max-age=3600
content-encoding: gzip
expires: Fri, 09 May 2025 17:11:01 GMT
x-time-ng: 0.001
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 204
cache: HIT
x-cached-since: 2025-05-19T21:30:28+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/shared-assets/__shared_fast_deep_equal_XYWIEKOD.js

185.244.209.62

200 OK

865 B

URL GET
v3.traincdn.com/sys-static/shared-assets/__shared_fast_deep_equal_XYWIEKOD.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (840)
Size
865 B (865 bytes)
Hash
0af3fe0c072a5bb3b6c731767187982f
55db5afb57265dc92fd121fe9ae565ffb2f53b2c
655bbe85da91e863401c6f96e24b41f5c2fe51a4245cecc2deb2b8c9600fef30

HTTP Headers

GET /sys-static/shared-assets/__shared_fast_deep_equal_XYWIEKOD.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-090241.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 19 May 2025 21:33:52 GMT
content-type: text/javascript; charset=utf-8
content-length: 865
traceparent: 00-c24b9282cef2773acaa3cf5de1534d9b-4f184e2a22e614a6-01
last-modified: Fri, 16 May 2025 08:41:48 GMT
etag: "0af3fe0c072a5bb3b6c731767187982f"
x-amz-meta-mtime: 1747384874.006142004
expires: Sun, 18 May 2025 08:08:30 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 48210
cache: HIT
x-cached-since: 2025-05-19T08:10:22+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/60608cbba85ee2e8946c25b55281a0bc.json

185.244.209.62

200 OK

328 B

URL GET
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/60608cbba85ee2e8946c25b55281a0bc.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
328 B (328 bytes)
Hash
4347fc050ebe622e30a7bf78a213b5a0
c05b3b571980b01ff9f07e6adc1c29c58be70bd1
ed1b1193a248bf273141c31b7f74dd1224416b3757e5a71f2e7d579c50d65d57

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/60608cbba85ee2e8946c25b55281a0bc.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-090241.top/
Origin: https://1xlite-090241.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 19 May 2025 21:33:53 GMT
content-type: application/json
content-length: 328
traceparent: 00-64c7874d71e2aa265f65ff4e8d0f5e9d-bb08efcb240a1df7-01
last-modified: Thu, 27 Feb 2025 10:51:50 GMT
etag: "4347fc050ebe622e30a7bf78a213b5a0"
expires: Thu, 27 Feb 2025 12:17:56 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 1012
cache: HIT
x-cached-since: 2025-05-19T21:17:01+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET radar.cedexis.com/1707728419/stub.js

45.54.49.5

200 OK

390 B

URL GET
radar.cedexis.com/1707728419/stub.js
IP
45.54.49.5:443
ASN
#63911 NetActuate, Inc

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerDigiCert Inc
Subjectradar.cedexis.com
FingerprintA2:3E:30:19:D5:41:3A:11:81:58:E3:B1:6F:F4:D2:78:0B:44:6F:D0
ValidityFri, 07 Mar 2025 00:00:00 GMT - Fri, 06 Mar 2026 23:59:59 GMT

File type
JavaScript source, ASCII text
Size
390 B (390 bytes)
Hash
82dec77fd0353c7c71ce053b8601387e
fbbca95419e1d0c042e0a5fdf10f380aca66188c
39f2b7b0fa78d37d0c84d2d6618bd635d86fd683d9bcdd5729850cb2a62522f7

HTTP Headers

GET /1707728419/stub.js HTTP/1.1
Host: radar.cedexis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-090241.top/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 19 May 2025 21:34:02 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 12 Feb 2024 09:50:42 GMT
Vary: Accept-Encoding
ETag: W/"65c9e9f2-186"
Expires: Mon, 02 Jun 2025 21:34:02 GMT
Cache-Control: max-age=1209600, public
Content-Encoding: gzip

GET v3.traincdn.com/main-static/27cfaced/desktop/default/app-2a26d91e.js

185.244.209.62

200 OK

513 kB

URL GET
v3.traincdn.com/main-static/27cfaced/desktop/default/app-2a26d91e.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
513 kB (512672 bytes)
Hash
d80ae0c5c2d96b989c6f2958090aa346
fc51a1b2b63841dc761fa99e631df6a20352b56c
c0d16fe812015504be9c8b19ab96478b509166d6e416c9afc4744c3273b510f8

HTTP Headers

GET /main-static/27cfaced/desktop/default/app-2a26d91e.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-090241.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 19 May 2025 21:33:51 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-d46a0dc88c6eb9b81b07b61dbf7664b5-51114c0493f688ac-01
last-modified: Fri, 16 May 2025 09:03:54 GMT
etag: W/"d80ae0c5c2d96b989c6f2958090aa346"
x-amz-meta-mtime: 1747386232.642052625
content-encoding: gzip
expires: Sat, 17 May 2025 09:15:05 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 43243
cache: HIT
x-cached-since: 2025-05-19T09:33:08+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/site-admin/colors/73c1e50506faab2d495c95d31b820a22.css

185.244.209.62

200 OK

40 kB

URL GET
v3.traincdn.com/genfiles/site-admin/colors/73c1e50506faab2d495c95d31b820a22.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with very long lines (39662), with no line terminators
Size
40 kB (39662 bytes)
Hash
73c1e50506faab2d495c95d31b820a22
c0f2744dc4b187b6667f6aa6a9b4013cf1f0dcd3
4ea05001192895400e75d7cd8c07c56ed203c40a1aed77be2534e7bd42135566

HTTP Headers

GET /genfiles/site-admin/colors/73c1e50506faab2d495c95d31b820a22.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-090241.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 19 May 2025 21:33:52 GMT
content-type: text/css
traceparent: 00-a8492c6660419b96ba7ff150028dcbc8-bd85293d4eae828b-01
last-modified: Mon, 12 May 2025 13:15:10 GMT
etag: W/"73c1e50506faab2d495c95d31b820a22"
cache-control: max-age=3600
content-encoding: gzip
expires: Mon, 12 May 2025 15:11:16 GMT
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 1864
cache: HIT
x-cached-since: 2025-05-19T21:02:48+00:00
X-Firefox-Spdy: h2

POST 1xlite-090241.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json

83.147.224.92

200 OK

23 B

URL POST
1xlite-090241.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json
IP
83.147.224.92:443
ASN
#0

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerLet's Encrypt
Subject1xlite-090241.top
Fingerprint5A:67:F4:E1:45:5F:10:5B:3D:BC:4E:11:D8:DB:57:8F:9E:DE:FE:D4
ValidityMon, 21 Apr 2025 05:22:27 GMT - Sun, 20 Jul 2025 05:22:26 GMT

File type
JSON text data
Size
23 B (23 bytes)
Hash
a3e155bb18b2adfd82eac979e87a7c9f
af7cea4a7e02676114f12010efb1dab785b8e951
abf3388b107cc5da08c94417793312816eab070bd881d67bd488e13dfb16e4d1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json HTTP/1.1
Host: 1xlite-090241.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Content-Type: application/json
X-Lang: en
X-Uuid: b6e2d5d9-eb11-47c3-9845-ccdd307d66a3
Content-Length: 88
Origin: https://1xlite-090241.top
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_85563m_20833c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l46995_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_85563m_20833c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l46995_clickunder; postback_watcher=; auid=U5PgXGgro77CxLxMA33bAg==; window_width=1280; che_g=9ed6e970-d155-3adb-ff0c-07b78d764b8b
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 19 May 2025 21:33:52 GMT
content-type: application/json
content-length: 23
x-dt: 285
x-time-ng: 0.001
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.094, wf-uht;dur=0.014
X-Firefox-Spdy: h2

GET 1xlite-090241.top/checker/redirect/stat/run/

83.147.224.92

200 OK

14 B

URL GET
1xlite-090241.top/checker/redirect/stat/run/
IP
83.147.224.92:443
ASN
#0

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerLet's Encrypt
Subject1xlite-090241.top
Fingerprint5A:67:F4:E1:45:5F:10:5B:3D:BC:4E:11:D8:DB:57:8F:9E:DE:FE:D4
ValidityMon, 21 Apr 2025 05:22:27 GMT - Sun, 20 Jul 2025 05:22:26 GMT

File type
JSON text data
Size
14 B (14 bytes)
Hash
2de0d0acfd684235f066bd0ec0c9e3df
68d0cb64805a42d7e40f43e8e198986b43dd6b69
9682f312f23e078bb135f23ea5a178b178e75c02d33672f20044d18c6d258928

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /checker/redirect/stat/run/ HTTP/1.1
Host: 1xlite-090241.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
content-type: application/json
x-requested-with: XMLHttpRequest
x-app-n: v3-nuxt2
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_85563m_20833c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l46995_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_85563m_20833c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l46995_clickunder; postback_watcher=; auid=U5PgXGgro77CxLxMA33bAg==; window_width=1280; che_g=9ed6e970-d155-3adb-ff0c-07b78d764b8b
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 19 May 2025 21:33:52 GMT
content-type: application/json
content-length: 14
x-time-ng: 0.001
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.010
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-ui/3.3.207/Desktop/Default/merged.css

185.244.209.62

200 OK

754 kB

URL GET
v3.traincdn.com/sys-ui/3.3.207/Desktop/Default/merged.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
754 kB (753517 bytes)
Hash
2cb88f43868d42165b805457c3fa7a84
0446468fb9d7ea1fc0cd8f7e4f61495eee84735b
6a7566c4ab4ecfe7ad2f22d558b6a36b0efd47f83cf5404ee37e519626dd87fa

HTTP Headers

GET /sys-ui/3.3.207/Desktop/Default/merged.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-090241.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 19 May 2025 21:33:50 GMT
content-type: text/css; charset=utf-8
traceparent: 00-ce154d9f6e75f9c275d166b6fbe632e8-1da8f251bc73e36a-01
last-modified: Mon, 19 May 2025 14:21:32 GMT
etag: W/"2cb88f43868d42165b805457c3fa7a84"
x-amz-meta-mtime: 1747664457.919528396
content-encoding: gzip
expires: Tue, 20 May 2025 14:30:45 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 25092
cache: HIT
x-cached-since: 2025-05-19T14:35:38+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/ca0b35c4fc049f15180d875f935913b8.json

185.244.209.62

200 OK

9.3 kB

URL GET
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/ca0b35c4fc049f15180d875f935913b8.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
9.3 kB (9330 bytes)
Hash
ca7f8dc261bfa0bedbe26c6196957093
201939c20640df2ad6fbe79bc165b2e2d19bc65b
9d7da7f9fd8b6eb344298507d3e2afd038623c0e46dee2a018c0e3ecd667f203

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/ca0b35c4fc049f15180d875f935913b8.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-090241.top/
Origin: https://1xlite-090241.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 19 May 2025 21:33:52 GMT
content-type: application/json
traceparent: 00-d7b0106f61911aba85c9c55290a24073-78f2055eaa8894c3-01
last-modified: Wed, 20 Nov 2024 09:20:07 GMT
etag: W/"ca7f8dc261bfa0bedbe26c6196957093"
content-encoding: gzip
expires: Thu, 16 Jan 2025 10:57:42 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 2414
cache: HIT
x-cached-since: 2025-05-19T20:53:38+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/version.json

185.244.209.62

200 OK

11 B

URL GET
v3.traincdn.com/version.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text
Size
11 B (11 bytes)
Hash
e81cd807b96f456abddb2bf92923c19e
416dd20bb3710e86fd2538be6fdb45a9e3528cf4
fe261962b9585cd5d51df1f91d32ad683aa5dff2fa873bb45efe8dd8536f8f03

HTTP Headers

GET /version.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-090241.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-090241.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 19 May 2025 21:33:51 GMT
content-type: application/json
content-length: 11
traceparent: 00-f37e3bc5b42faa8a3a193e64a1ab0b0a-4994824e310d6fa8-01
last-modified: Fri, 16 May 2025 12:28:11 GMT
etag: "e81cd807b96f456abddb2bf92923c19e"
x-amz-meta-mtime: 1747398491.742833867
expires: Fri, 16 May 2025 12:30:31 GMT
cache-control: max-age=60
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 52
cache: HIT
x-cached-since: 2025-05-19T21:32:59+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/27cfaced/desktop/default/Betting.Core-ce15db64.js

185.244.209.62

200 OK

2.3 kB

URL GET
v3.traincdn.com/main-static/27cfaced/desktop/default/Betting.Core-ce15db64.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (2287), with no line terminators
Size
2.3 kB (2287 bytes)
Hash
3eeb94999b408be182e4c9d9a7464bd7
5855cfff781a9ed35bda1cb5198b37bda7d960ce
81bb08606ac13440b3ef833f872500f1d3c83baef50d4c8b7b9eb6cf1b40b992

HTTP Headers

GET /main-static/27cfaced/desktop/default/Betting.Core-ce15db64.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-090241.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 19 May 2025 21:33:52 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-368a8263ea83833efdd7b0e00b7b10d0-2100fc2071c971d8-01
last-modified: Fri, 16 May 2025 09:03:54 GMT
etag: W/"3eeb94999b408be182e4c9d9a7464bd7"
x-amz-meta-mtime: 1747386232.634052553
content-encoding: gzip
expires: Sat, 17 May 2025 09:15:07 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 43241
cache: HIT
x-cached-since: 2025-05-19T09:33:11+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/shared-assets/__shared_libphonenumber_js_Q6RMKWT6.js

185.244.209.62

200 OK

159 kB

URL GET
v3.traincdn.com/sys-static/shared-assets/__shared_libphonenumber_js_Q6RMKWT6.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with very long lines (65509)
Size
159 kB (158815 bytes)
Hash
1da464d70e78b04b9b808e82e4ad9487
0c79e65516d1525ecb43d13cfb4ccb0631095a28
b4c72b8036ca6767ab61490178f901538646f2aa1001cb042caa134174a41595

HTTP Headers

GET /sys-static/shared-assets/__shared_libphonenumber_js_Q6RMKWT6.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-090241.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 19 May 2025 21:33:52 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-e3d59acdfa1a1a3842b25091c57ce275-11b463e05522af22-01
last-modified: Fri, 16 May 2025 08:41:48 GMT
etag: W/"1da464d70e78b04b9b808e82e4ad9487"
x-amz-meta-mtime: 1747384874.006142004
content-encoding: gzip
expires: Sun, 18 May 2025 08:02:24 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 48211
cache: HIT
x-cached-since: 2025-05-19T08:10:21+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/27cfaced/desktop/default/commons/app-ced54db2.js

185.244.209.62

200 OK

138 kB

URL GET
v3.traincdn.com/main-static/27cfaced/desktop/default/commons/app-ced54db2.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65476)
Size
138 kB (138079 bytes)
Hash
d06541e08a5a1dd6fc50b5f62e5b35a1
cd4f2080b5b1253ef06694361b973acf77990721
4f1ad25ec353cba3ddb97b3d025fd21a5e9f25bb76aa100d707ba79fff8cdd01

HTTP Headers

GET /main-static/27cfaced/desktop/default/commons/app-ced54db2.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-090241.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 19 May 2025 21:33:51 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-ea84342b4cb981d279bd21c17bf07de5-47ab3cab0322b37c-01
last-modified: Fri, 16 May 2025 09:03:54 GMT
etag: W/"d06541e08a5a1dd6fc50b5f62e5b35a1"
x-amz-meta-mtime: 1747386232.642052625
content-encoding: gzip
expires: Sat, 17 May 2025 09:15:04 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 43243
cache: HIT
x-cached-since: 2025-05-19T09:33:08+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_forgot_password/en/dictionary_a283422a038610ab4274ca72b1d186f3.json

185.244.209.62

200 OK

3.7 kB

URL GET
v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_forgot_password/en/dictionary_a283422a038610ab4274ca72b1d186f3.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
3.7 kB (3694 bytes)
Hash
9cfc6588906fe300a92ca0e3e9f8b5b4
8bd064ce5952ff5ba5fed0304c13c284b1fbb454
4fed70b04c6b265e526aab2ea5192bbfc5ecaf528c817832721c44dccef89e6f

HTTP Headers

GET /genfiles/web-app-v2/dictionary2/v3_forgot_password/en/dictionary_a283422a038610ab4274ca72b1d186f3.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-090241.top/
Origin: https://1xlite-090241.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 19 May 2025 21:33:52 GMT
content-type: application/json; charset=utf-8
traceparent: 00-8d2bca312df1a5a54521f773de430b7e-44e0b3cc9622bf13-01
last-modified: Mon, 19 May 2025 16:06:34 GMT
etag: W/"9cfc6588906fe300a92ca0e3e9f8b5b4"
cache-control: max-age=3600
content-encoding: gzip
expires: Mon, 19 May 2025 17:20:32 GMT
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 630
cache: HIT
x-cached-since: 2025-05-19T21:23:22+00:00
X-Firefox-Spdy: h2

POST region1.analytics.google.com/g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je55g2v897130004za200zb9180563600&_p=1747690442398&gcd=13l3lPl2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101509157~103116026~103130498~103130500~103136993~103136995~103200004~103207802~103233427~103252644~103252646~103263073~103301114~103301116&ptag_exp=101509157~102015666~103116025~103130498~103130500~103136993~103136995~103200001~103207802~103233427~103252644~103252646~103263073~103301114~103301116&cid=1067522767.1747690443&ecid=246654015&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_eu=AEAAAAQ&_s=1&sid=1747690442&sct=1&seg=0&dl=https%3A%2F%2F1xlite-090241.top%2Fen%2Fblock%3FredirectedFrom%3D717b49e2606e7d6b9cf0e1ef95631ca7&dt=1xBet&en=scroll&ep.optimize_id=GTM-5R4MT54&epn.percent_scrolled=90&upn.ref_id=1&tfd=13229

216.239.32.36

204 No Content

0 B

URL POST
region1.analytics.google.com/g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je55g2v897130004za200zb9180563600&_p=1747690442398&gcd=13l3lPl2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101509157~103116026~103130498~103130500~103136993~103136995~103200004~103207802~103233427~103252644~103252646~103263073~103301114~103301116&ptag_exp=101509157~102015666~103116025~103130498~103130500~103136993~103136995~103200001~103207802~103233427~103252644~103252646~103263073~103301114~103301116&cid=1067522767.1747690443&ecid=246654015&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_eu=AEAAAAQ&_s=1&sid=1747690442&sct=1&seg=0&dl=https%3A%2F%2F1xlite-090241.top%2Fen%2Fblock%3FredirectedFrom%3D717b49e2606e7d6b9cf0e1ef95631ca7&dt=1xBet&en=scroll&ep.optimize_id=GTM-5R4MT54&epn.percent_scrolled=90&upn.ref_id=1&tfd=13229
IP
216.239.32.36:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint02:7D:56:C0:B9:20:0C:27:A4:AC:B9:8F:9D:45:1D:85:2A:30:50:AD
ValidityMon, 21 Apr 2025 08:40:41 GMT - Mon, 14 Jul 2025 08:40:40 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je55g2v897130004za200zb9180563600&_p=1747690442398&gcd=13l3lPl2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101509157~103116026~103130498~103130500~103136993~103136995~103200004~103207802~103233427~103252644~103252646~103263073~103301114~103301116&ptag_exp=101509157~102015666~103116025~103130498~103130500~103136993~103136995~103200001~103207802~103233427~103252644~103252646~103263073~103301114~103301116&cid=1067522767.1747690443&ecid=246654015&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_eu=AEAAAAQ&_s=1&sid=1747690442&sct=1&seg=0&dl=https%3A%2F%2F1xlite-090241.top%2Fen%2Fblock%3FredirectedFrom%3D717b49e2606e7d6b9cf0e1ef95631ca7&dt=1xBet&en=scroll&ep.optimize_id=GTM-5R4MT54&epn.percent_scrolled=90&upn.ref_id=1&tfd=13229 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-090241.top/
Origin: https://1xlite-090241.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: https://1xlite-090241.top
date: Mon, 19 May 2025 21:34:03 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:153:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsggc:153:0
report-to: {"group":"ascnsrsggc:153:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:153:0"}],}
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_main/en/dictionary_e6eda41d4ff0d55710b5c86d20535a0c.json

185.244.209.62

200 OK

136 kB

URL GET
v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_main/en/dictionary_e6eda41d4ff0d55710b5c86d20535a0c.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
136 kB (136305 bytes)
Hash
7cdd423feea846e530f1a51c77718909
0b2aed634e291d2146697605dc0c4d650c3823e5
751498e18d6b5271bac87fadf0362cc18279944ebbaa5786b0f31b1b9ca77538

HTTP Headers

GET /genfiles/web-app-v2/dictionary2/v3_main/en/dictionary_e6eda41d4ff0d55710b5c86d20535a0c.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-090241.top/
Origin: https://1xlite-090241.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 19 May 2025 21:33:52 GMT
content-type: application/json; charset=utf-8
traceparent: 00-c7ae87da2ed3863e65987cc9bbfddb49-66bf858a9bf48e48-01
last-modified: Mon, 19 May 2025 16:06:34 GMT
etag: W/"7cdd423feea846e530f1a51c77718909"
cache-control: max-age=3600
content-encoding: gzip
expires: Mon, 19 May 2025 17:20:32 GMT
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 711
cache: HIT
x-cached-since: 2025-05-19T21:22:01+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/ac02f639a86763a884adc5615fe65e72.json

185.244.209.62

200 OK

14 kB

URL GET
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/ac02f639a86763a884adc5615fe65e72.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
14 kB (14232 bytes)
Hash
811ce3b7877d19901e45430cb6523d62
16a905115a678fdef3923f91c6f76cbab613e84d
10fbb74dbac63abfe9c4f5a77abc03757ef3527a479d4ae70dc977b515eec8cb

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/ac02f639a86763a884adc5615fe65e72.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-090241.top/
Origin: https://1xlite-090241.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 19 May 2025 21:33:52 GMT
content-type: application/json
traceparent: 00-3e2cc9beed32e668aa1b13b929a639c8-abc907578feb0125-01
last-modified: Thu, 27 Feb 2025 09:04:01 GMT
etag: W/"811ce3b7877d19901e45430cb6523d62"
content-encoding: gzip
expires: Thu, 27 Feb 2025 10:17:13 GMT
cache-control: max-age=3600
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 2414
cache: HIT
x-cached-since: 2025-05-19T20:53:38+00:00
X-Firefox-Spdy: h2

GET 1xlite-090241.top/bff-api/config/group/get?groups=d.technical&lang=en

83.147.224.92

200 OK

730 B

URL GET
1xlite-090241.top/bff-api/config/group/get?groups=d.technical&lang=en
IP
83.147.224.92:443
ASN
#0

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerLet's Encrypt
Subject1xlite-090241.top
Fingerprint5A:67:F4:E1:45:5F:10:5B:3D:BC:4E:11:D8:DB:57:8F:9E:DE:FE:D4
ValidityMon, 21 Apr 2025 05:22:27 GMT - Sun, 20 Jul 2025 05:22:26 GMT

File type
JSON text data
Size
730 B (730 bytes)
Hash
11002f1dbd8a9420fc8b8ea06ac26f67
68a8d4e1b90e7b598155d29c2a534c6a48d53883
5fba5a83c66c58ff7790c8157f9ed3bb4a24de81d9b7f2dd8d0b2421c4c80ccf

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bff-api/config/group/get?groups=d.technical&lang=en HTTP/1.1
Host: 1xlite-090241.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
content-type: application/json
x-requested-with: XMLHttpRequest
is-srv: false
x-svc-source: __TECHNICAL_PAGES_APP__
x-app-n: __TECHNICAL_PAGES_APP__
x-geoip2-country-code: ru
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_85563m_20833c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l46995_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_85563m_20833c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l46995_clickunder; postback_watcher=; auid=U5PgXGgro77CxLxMA33bAg==; window_width=1920; che_g=9ed6e970-d155-3adb-ff0c-07b78d764b8b
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 19 May 2025 21:33:52 GMT
content-type: application/json
content-length: 730
cache-control: no-cache, private
server-timing: dt_total;dur=0.092, bff;dur=91.68, wf-uht;dur=0.122
x-dt: 285
x-pod: R-5bskc
x-time-ng: 0.108
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/6b43c5b5d3.js

185.244.209.62

200 OK

2.0 kB

URL GET
v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/6b43c5b5d3.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (1967)
Size
2.0 kB (1968 bytes)
Hash
1e18a93aece4ef47d1ff426964e8aada
1b30aeca0f1fbd71a432cc3d93a009e83c36bbfe
40b96f95229d861b6d99a826d31db0fff5b2c09ec38590f41693a10abfd1d896

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/6b43c5b5d3.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-090241.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 19 May 2025 21:33:53 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-b87111bb1eeb1efc8d5a4debad620dd9-b4132a13f63a7b16-01
last-modified: Mon, 19 May 2025 08:03:47 GMT
etag: W/"1e18a93aece4ef47d1ff426964e8aada"
x-amz-meta-mtime: 1747641608.229067291
content-encoding: gzip
expires: Tue, 20 May 2025 08:16:01 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 47872
cache: HIT
x-cached-since: 2025-05-19T08:16:01+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/cf4f259f8c.js

185.244.209.62

200 OK

3.9 kB

URL GET
v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/cf4f259f8c.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (3873)
Size
3.9 kB (3874 bytes)
Hash
fcdca000feb4c679eb0a18653e23efc5
aa3e279662f6d8f44dc0bd2cee2c8bc8f6db713e
aad3aed8bbfab0e7ff76be75ca8e2bd1b901b6f6529de701364a201036e194cd

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/cf4f259f8c.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-090241.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 19 May 2025 21:33:53 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-c99aec4b761abfdf6b31acc9de9b2d8f-8675e6c90a824c27-01
last-modified: Mon, 19 May 2025 08:03:47 GMT
etag: W/"fcdca000feb4c679eb0a18653e23efc5"
x-amz-meta-mtime: 1747641608.229067291
content-encoding: gzip
expires: Tue, 20 May 2025 08:16:01 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 47872
cache: HIT
x-cached-since: 2025-05-19T08:16:01+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/d9842b87b9dabdc4cdc248c062355299.json

185.244.209.62

200 OK

7.3 kB

URL GET
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/d9842b87b9dabdc4cdc248c062355299.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
7.3 kB (7321 bytes)
Hash
0614058b667e6dfa1cdecc6e0e53131c
4f20f88c436fb5cbd82cf1dcfeaa14e52195a369
be16474b0f19b7536ebdd3d0f8867b151eaa4638411ddb46845f887a5d51a653

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/d9842b87b9dabdc4cdc248c062355299.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-090241.top/
Origin: https://1xlite-090241.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 19 May 2025 21:33:52 GMT
content-type: application/json
traceparent: 00-38d5ebd0513facc5edc6b7b18f92d10d-3ddf5c5e2b37899c-01
last-modified: Thu, 23 Jan 2025 13:19:10 GMT
etag: W/"0614058b667e6dfa1cdecc6e0e53131c"
content-encoding: gzip
expires: Thu, 23 Jan 2025 14:50:28 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 2414
cache: HIT
x-cached-since: 2025-05-19T20:53:38+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_registration/en/dictionary_c6cf710fc8d4e6c31c457e7676fe2b47.json

185.244.209.62

200 OK

21 kB

URL GET
v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_registration/en/dictionary_c6cf710fc8d4e6c31c457e7676fe2b47.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (20271), with no line terminators
Size
21 kB (20931 bytes)
Hash
d77998a7505629bbe9bb8e4055ab2df4
113ed83fc1493a56771ebe78330c0e0e145f0946
485c6b4c8fe6c796b6a56ad9fb930e6196614a0f3d3d2f7974631edf6e401236

HTTP Headers

GET /genfiles/web-app-v2/dictionary2/v3_registration/en/dictionary_c6cf710fc8d4e6c31c457e7676fe2b47.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-090241.top/
Origin: https://1xlite-090241.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 19 May 2025 21:33:52 GMT
content-type: application/json; charset=utf-8
traceparent: 00-f1cdbc7f5fc2f3c2f5d9b26379ce4c9d-7f9c24d9108f408c-01
last-modified: Mon, 19 May 2025 16:06:34 GMT
etag: W/"e0da8998470daf3dd47856c8ca0e67d6"
cache-control: max-age=3600
content-encoding: gzip
expires: Mon, 19 May 2025 17:20:32 GMT
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 711
cache: HIT
x-cached-since: 2025-05-19T21:22:01+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/a4446f7d50.js

185.244.209.62

200 OK

1.1 kB

URL GET
v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/a4446f7d50.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (1128)
Size
1.1 kB (1129 bytes)
Hash
27394e2b9d3d63b092206c08e9a504fa
9f767f416c7e7ef9a1f210d5944c8b050404282a
337cbcca75bb6b4ce433521b154bea716e8dcce784d8424018d8437a5d5466a5

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/a4446f7d50.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-090241.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 19 May 2025 21:33:53 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-39470841efbeb791a30cbb947a1b8556-8cb4ded7e6006daf-01
last-modified: Mon, 19 May 2025 08:03:47 GMT
etag: W/"27394e2b9d3d63b092206c08e9a504fa"
x-amz-meta-mtime: 1747641608.229067291
content-encoding: gzip
expires: Tue, 20 May 2025 08:55:47 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 45486
cache: HIT
x-cached-since: 2025-05-19T08:55:47+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/4b76e0d22a.js

185.244.209.62

200 OK

147 B

URL GET
v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/4b76e0d22a.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
Java source, ASCII text
Size
147 B (147 bytes)
Hash
40c2e2ef8def48ecb1921f0c3be6a218
0080b9255d95a83e46f058103b8194e179807f07
47d249ba898f4a736d4742d08c07b3bedc53d1f1a2c0ae97450fae95f79b0fc4

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/4b76e0d22a.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-090241.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 19 May 2025 21:33:53 GMT
content-type: text/javascript; charset=utf-8
content-length: 147
traceparent: 00-258069bef26d1d0e5bf466448596be9c-dcf777be37eb6f97-01
last-modified: Mon, 19 May 2025 08:03:47 GMT
etag: "40c2e2ef8def48ecb1921f0c3be6a218"
x-amz-meta-mtime: 1747641608.229067291
expires: Tue, 20 May 2025 08:16:01 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 47872
cache: HIT
x-cached-since: 2025-05-19T08:16:01+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-7JGWL9SV66&cid=1067522767.1747690443&gtm=45je55g2v897130004za200zb9180563600&aip=1&dma=1&dma_cps=syphamo&gcd=13l3lPl2l1l1&npa=1&frm=0&tag_exp=101509157~103116026~103130498~103130500~103136993~103136995~103200004~103207802~103233427~103252644~103252646~103263073~103301114~103301116&ptag_exp=101509157~102015666~103116025~103130498~103130500~103136993~103136995~103200001~103207802~103233427~103252644~103252646~103263073~103301114~103301116&tag_exp=101509157~103116026~103130498~103130500~103136993~103136995~103200004~103207802~103233427~103252644~103252646~103263073~103301114~103301116&ptag_exp=101509157~102015666~103116025~103130498~103130500~103136993~103136995~103200001~103207802~103233427~103252644~103252646~103263073~103301114~103301116&z=648120258

142.250.74.131

200 OK

42 B

URL GET
www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-7JGWL9SV66&cid=1067522767.1747690443&gtm=45je55g2v897130004za200zb9180563600&aip=1&dma=1&dma_cps=syphamo&gcd=13l3lPl2l1l1&npa=1&frm=0&tag_exp=101509157~103116026~103130498~103130500~103136993~103136995~103200004~103207802~103233427~103252644~103252646~103263073~103301114~103301116&ptag_exp=101509157~102015666~103116025~103130498~103130500~103136993~103136995~103200001~103207802~103233427~103252644~103252646~103263073~103301114~103301116&tag_exp=101509157~103116026~103130498~103130500~103136993~103136995~103200004~103207802~103233427~103252644~103252646~103263073~103301114~103301116&ptag_exp=101509157~102015666~103116025~103130498~103130500~103136993~103136995~103200001~103207802~103233427~103252644~103252646~103263073~103301114~103301116&z=648120258
IP
142.250.74.131:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerGoogle Trust Services
Subject*.google.no
Fingerprint66:A3:1A:F5:73:DE:8E:7D:0E:AA:01:69:6B:5C:DA:3F:F8:63:CD:5F
ValidityMon, 21 Apr 2025 08:43:35 GMT - Mon, 14 Jul 2025 08:43:34 GMT

File type
GIF image data, version 89a, 1 x 1
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-7JGWL9SV66&cid=1067522767.1747690443&gtm=45je55g2v897130004za200zb9180563600&aip=1&dma=1&dma_cps=syphamo&gcd=13l3lPl2l1l1&npa=1&frm=0&tag_exp=101509157~103116026~103130498~103130500~103136993~103136995~103200004~103207802~103233427~103252644~103252646~103263073~103301114~103301116&ptag_exp=101509157~102015666~103116025~103130498~103130500~103136993~103136995~103200001~103207802~103233427~103252644~103252646~103263073~103301114~103301116&tag_exp=101509157~103116026~103130498~103130500~103136993~103136995~103200004~103207802~103233427~103252644~103252646~103263073~103301114~103301116&ptag_exp=101509157~102015666~103116025~103130498~103130500~103136993~103136995~103200001~103207802~103233427~103252644~103252646~103263073~103301114~103301116&z=648120258 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-090241.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 19 May 2025 21:34:03 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET 1xlite-090241.top/main-static/27cfaced/check-ob.js

83.147.224.92

200 OK

219 B

URL GET
1xlite-090241.top/main-static/27cfaced/check-ob.js
IP
83.147.224.92:443
ASN
#0

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerLet's Encrypt
Subject1xlite-090241.top
Fingerprint5A:67:F4:E1:45:5F:10:5B:3D:BC:4E:11:D8:DB:57:8F:9E:DE:FE:D4
ValidityMon, 21 Apr 2025 05:22:27 GMT - Sun, 20 Jul 2025 05:22:26 GMT

File type
JavaScript source, ASCII text
Size
219 B (219 bytes)
Hash
c065700c9c8c493403359e1f2baa10d9
4630fe729e70bdf63fa7ba6c84ec277fd1f51030
1e61f0c82ae82ffcf503fcd4b4c8ae27b32c11e19b882d5d13f3c44364c893f4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /main-static/27cfaced/check-ob.js HTTP/1.1
Host: 1xlite-090241.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_85563m_20833c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l46995_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_85563m_20833c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l46995_clickunder; postback_watcher=; auid=U5PgXGgro77CxLxMA33bAg==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 19 May 2025 21:33:50 GMT
content-type: text/javascript; charset=utf-8
content-length: 219
last-modified: Fri, 16 May 2025 09:06:51 GMT
etag: "c065700c9c8c493403359e1f2baa10d9"
x-amz-meta-mtime: 1747386410.410597907
expires: Tue, 20 May 2025 21:32:48 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/shared-assets/Desktop/__shared_css_837b35.css

185.244.209.62

200 OK

5.0 kB

URL GET
v3.traincdn.com/sys-static/shared-assets/Desktop/__shared_css_837b35.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with very long lines (4607)
Size
5.0 kB (5030 bytes)
Hash
2dc3c5d853f65e50dfb8de84d59a18b0
a168396fa9771bc483dca1039683ca7ffa3419db
837b358c84c90e7d3c43ceb65e82cb01aa8041298e1adc175901ea487a5d1cd1

HTTP Headers

GET /sys-static/shared-assets/Desktop/__shared_css_837b35.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-090241.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 19 May 2025 21:33:50 GMT
content-type: text/css; charset=utf-8
traceparent: 00-423a77ee02d4bc941ed9c526b7ec2ae4-e890556d4db4f8dc-01
last-modified: Mon, 19 May 2025 10:18:29 GMT
etag: W/"2dc3c5d853f65e50dfb8de84d59a18b0"
x-amz-meta-mtime: 1747649796.379425275
content-encoding: gzip
expires: Tue, 20 May 2025 10:51:10 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 38446
cache: HIT
x-cached-since: 2025-05-19T10:53:04+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2

185.244.209.62

200 OK

64 kB

URL GET
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 63748, version 1.0
Size
64 kB (63748 bytes)
Hash
6887b6f24414dbc612dbf42ccdc76b70
8068d3abfbc6cbf35b55919da45b1f4d2d136238
fc5c015fc32518f1ed810fa84ca28941eb9d5a3c81acc8df69a4dbbeedef7b0c

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-090241.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 19 May 2025 21:33:51 GMT
content-type: font/woff2
content-length: 63748
traceparent: 00-0ae3d1c338f962f414b12395d39c4f4c-c81d93b230a8c38f-01
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "6887b6f24414dbc612dbf42ccdc76b70"
expires: Thu, 16 Jan 2025 10:32:14 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 1753
cache: HIT
x-cached-since: 2025-05-19T21:04:38+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/27cfaced/desktop/default/css/8c688214.css

185.244.209.62

200 OK

66 kB

URL GET
v3.traincdn.com/main-static/27cfaced/desktop/default/css/8c688214.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
66 kB (65761 bytes)
Hash
1ac35c329da569662b554b532699c454
0c3d342c4378df09c86b4ff84bc422e4e6bae57f
db353aaf9a66c38f4ac8cc8264dc91300806d05fe49cb0edcdd2f65c18b73e73

HTTP Headers

GET /main-static/27cfaced/desktop/default/css/8c688214.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-090241.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 19 May 2025 21:33:50 GMT
content-type: text/css; charset=utf-8
traceparent: 00-e245905c199acea41e5b521e2e2db071-7d1eae29f09665f8-01
last-modified: Fri, 16 May 2025 09:03:54 GMT
etag: W/"1ac35c329da569662b554b532699c454"
x-amz-meta-mtime: 1747386232.642052625
content-encoding: gzip
expires: Sat, 17 May 2025 09:15:03 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 43243
cache: HIT
x-cached-since: 2025-05-19T09:33:07+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/fc03516ae4c718991727836d377493ff.json

185.244.209.62

200 OK

13 kB

URL GET
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/fc03516ae4c718991727836d377493ff.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
13 kB (13278 bytes)
Hash
2b474bcc2f009b70e64e2b5a95dd50a4
1fd5ee2d54da7dfbf61e67efd938a89c548fc866
f86d880575f3f65ddaaf9e8a0e3746bbbefcefe7e6c0c4441e9e20ceffdca237

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/fc03516ae4c718991727836d377493ff.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-090241.top/
Origin: https://1xlite-090241.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 19 May 2025 21:33:52 GMT
content-type: application/json
traceparent: 00-41a57480f2e6a7b481d81e7f4c3e89be-e538b02bd911cc58-01
last-modified: Wed, 12 Mar 2025 09:35:22 GMT
etag: W/"2b474bcc2f009b70e64e2b5a95dd50a4"
content-encoding: gzip
expires: Wed, 12 Mar 2025 11:03:31 GMT
cache-control: max-age=3600
x-time-ng: 0.001
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 1011
cache: HIT
x-cached-since: 2025-05-19T21:17:01+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/1c93b4ed2e.js

185.244.209.62

200 OK

27 kB

URL GET
v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/1c93b4ed2e.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (27023)
Size
27 kB (27024 bytes)
Hash
860236e0b2943fed92e86a7733b71a66
ab584762c27eaed600a560a791eaf0e9276d9988
f5b989a3988434641d7c911774576a74d22a4301d065ef380c52c449a48e2e86

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/1c93b4ed2e.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-090241.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 19 May 2025 21:33:53 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-6c76d8a24e1b2f55ee5a78e9ad238e16-cddc2429780c0f98-01
last-modified: Mon, 19 May 2025 08:03:47 GMT
etag: W/"860236e0b2943fed92e86a7733b71a66"
x-amz-meta-mtime: 1747641608.229067291
content-encoding: gzip
expires: Tue, 20 May 2025 08:16:01 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 47872
cache: HIT
x-cached-since: 2025-05-19T08:16:01+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/b5cd9a5e87d930de856c92da15aa121e.png

185.244.209.62

200 OK

653 B

URL GET
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/b5cd9a5e87d930de856c92da15aa121e.png
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
PNG image data, 32 x 32, 8-bit colormap, non-interlaced
Size
653 B (653 bytes)
Hash
e6f0766cbd95db33da44e7a9140648f2
5f196b1bfe8c3f92bd2ebcd67124e72e81ae6aaf
c0399d478788d5d483f104a2e8cb7c32f41cb40e9df0c22e831b2bfa2db63ec0

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/b5cd9a5e87d930de856c92da15aa121e.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-090241.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 19 May 2025 21:33:51 GMT
content-type: image/png
content-length: 653
traceparent: 00-df51ab33d5ab76e853f01d30ff91e24a-d73dd6c62892d0ec-01
last-modified: Wed, 26 Jun 2024 08:18:02 GMT
etag: "e6f0766cbd95db33da44e7a9140648f2"
expires: Thu, 16 Jan 2025 10:46:36 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 3306
cache: HIT
x-cached-since: 2025-05-19T20:38:45+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2

185.244.209.62

200 OK

64 kB

URL GET
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 63748, version 1.0
Size
64 kB (63748 bytes)
Hash
6887b6f24414dbc612dbf42ccdc76b70
8068d3abfbc6cbf35b55919da45b1f4d2d136238
fc5c015fc32518f1ed810fa84ca28941eb9d5a3c81acc8df69a4dbbeedef7b0c

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-090241.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 19 May 2025 21:34:01 GMT
content-type: font/woff2
content-length: 63748
traceparent: 00-66a980793c3830815acdb14bc4c7b602-5d214d4d61dd8cc2-01
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "6887b6f24414dbc612dbf42ccdc76b70"
expires: Thu, 16 Jan 2025 10:32:14 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 1763
cache: HIT
x-cached-since: 2025-05-19T21:04:38+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET radar.cedexis.com/1/23802/radar.js

45.54.49.5

302 Moved Temporarily

390 B

URL GET
radar.cedexis.com/1/23802/radar.js
IP
45.54.49.5:443
ASN
#63911 NetActuate, Inc

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerDigiCert Inc
Subjectradar.cedexis.com
FingerprintA2:3E:30:19:D5:41:3A:11:81:58:E3:B1:6F:F4:D2:78:0B:44:6F:D0
ValidityFri, 07 Mar 2025 00:00:00 GMT - Fri, 06 Mar 2026 23:59:59 GMT

File type

Size
390 B (390 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /1/23802/radar.js HTTP/1.1
Host: radar.cedexis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-090241.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Mon, 19 May 2025 21:34:02 GMT
Content-Type: text/html
Content-Length: 138
Connection: keep-alive
Location: /1707728419/stub.js
Expires: Mon, 19 May 2025 21:44:02 GMT
Cache-Control: max-age=600
Vary: User-Agent,DNT

GET v3.traincdn.com/main-static/27cfaced/desktop/default/vendors/plugins.vue-js-modal-ed1107e5.js

185.244.209.62

200 OK

27 kB

URL GET
v3.traincdn.com/main-static/27cfaced/desktop/default/vendors/plugins.vue-js-modal-ed1107e5.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (26667), with no line terminators
Size
27 kB (26667 bytes)
Hash
89f1aeffe75795e0b27e64806de73905
ef08aa8269a36c994a913d7aa08306992f837efe
42d2641d3fe061788f3a3252cc03bbb0ecaa48de92434d85f2ec6facfb060be6

HTTP Headers

GET /main-static/27cfaced/desktop/default/vendors/plugins.vue-js-modal-ed1107e5.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-090241.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 19 May 2025 21:33:52 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-2c78ae05565c988f819b39aa7ee894f3-32ba5d0616a2fb2b-01
last-modified: Fri, 16 May 2025 09:03:54 GMT
etag: W/"89f1aeffe75795e0b27e64806de73905"
x-amz-meta-mtime: 1747386232.654052733
content-encoding: gzip
expires: Sat, 17 May 2025 09:15:06 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 43241
cache: HIT
x-cached-since: 2025-05-19T09:33:11+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/3e3acbc4b86e9582ad877d530c25832f.json

185.244.209.62

200 OK

22 kB

URL GET
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/3e3acbc4b86e9582ad877d530c25832f.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
22 kB (22312 bytes)
Hash
7143c943da4efc8684f01a600901f932
e0527d933de7f335af507ca2babdf6aee23436b2
99fff973220295b42c171551942fe1fc5a8c74299a59ee299dacc10834248826

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/3e3acbc4b86e9582ad877d530c25832f.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-090241.top/
Origin: https://1xlite-090241.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 19 May 2025 21:33:52 GMT
content-type: application/json
traceparent: 00-4f99d769c54a16da5760911afe8ddb5a-7dd7f615d0cb16ca-01
last-modified: Wed, 14 May 2025 15:36:36 GMT
etag: W/"7143c943da4efc8684f01a600901f932"
content-encoding: gzip
expires: Wed, 14 May 2025 16:49:44 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 2414
cache: HIT
x-cached-since: 2025-05-19T20:53:38+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/27cfaced/desktop/default/DC-bf1f813a.js

185.244.209.62

200 OK

2.7 kB

URL GET
v3.traincdn.com/main-static/27cfaced/desktop/default/DC-bf1f813a.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (2654), with no line terminators
Size
2.7 kB (2654 bytes)
Hash
40b2e51982157a7ef5cf930e642f16df
d83516b0e591d56b10f810c7b8dbbad061c91936
ee18720b3b99ce7cebf4429589dae59cda1c3d20af092c1fb052e921e452e81d

HTTP Headers

GET /main-static/27cfaced/desktop/default/DC-bf1f813a.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-090241.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 19 May 2025 21:33:52 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-0618b0c7c04a07f6fe84db8a9de381f1-726bd7d32793b75c-01
last-modified: Fri, 16 May 2025 09:03:54 GMT
etag: W/"40b2e51982157a7ef5cf930e642f16df"
x-amz-meta-mtime: 1747386232.634052553
content-encoding: gzip
expires: Sat, 17 May 2025 09:15:06 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 43241
cache: HIT
x-cached-since: 2025-05-19T09:33:11+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/e3dd2d416ede1d7659584842878349f6.json

185.244.209.62

200 OK

1.1 kB

URL GET
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/e3dd2d416ede1d7659584842878349f6.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
1.1 kB (1085 bytes)
Hash
338264fc869e8f0b86b0d6c9d92102b0
83b4d35816df0e1486b766251e74d23f28b77824
015355a44429f40dd63b566dd1e9b1b76af3dfa28dcd25a43e82820ba0847b8d

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/e3dd2d416ede1d7659584842878349f6.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-090241.top/
Origin: https://1xlite-090241.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 19 May 2025 21:33:52 GMT
content-type: application/json
traceparent: 00-d17caf827a8d0572ede4eb2ba32450e2-cade47ea51104de4-01
last-modified: Thu, 16 May 2024 19:05:13 GMT
etag: W/"338264fc869e8f0b86b0d6c9d92102b0"
content-encoding: gzip
expires: Thu, 16 Jan 2025 11:19:55 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 1011
cache: HIT
x-cached-since: 2025-05-19T21:17:01+00:00
X-Firefox-Spdy: h2

GET www.googletagmanager.com/gtag/destination?id=AW-16664555628&cx=c&gtm=45He55g2v9180563600za200&tag_exp=101509157~102015666~103116025~103130498~103130500~103136993~103136995~103200001~103207802~103233427~103252644~103252646~103263073~103301114~103301116

142.250.74.168

200 OK

338 kB

URL GET
www.googletagmanager.com/gtag/destination?id=AW-16664555628&cx=c&gtm=45He55g2v9180563600za200&tag_exp=101509157~102015666~103116025~103130498~103130500~103136993~103136995~103200001~103207802~103233427~103252644~103252646~103263073~103301114~103301116
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint02:7D:56:C0:B9:20:0C:27:A4:AC:B9:8F:9D:45:1D:85:2A:30:50:AD
ValidityMon, 21 Apr 2025 08:40:41 GMT - Mon, 14 Jul 2025 08:40:40 GMT

File type
JavaScript source, ASCII text, with very long lines (5432)
Size
338 kB (337948 bytes)
Hash
a470624f7a528142cbe6c5d82ed86ec3
e3600d6563dc62431e6d237c34e758dea8b3865b
4287bd92e7d03182b73051fa59714455ef215b31c790e222595653fd81967a2d

HTTP Headers

GET /gtag/destination?id=AW-16664555628&cx=c&gtm=45He55g2v9180563600za200&tag_exp=101509157~102015666~103116025~103130498~103130500~103136993~103136995~103200001~103207802~103233427~103252644~103252646~103263073~103301114~103301116 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-090241.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 19 May 2025 21:34:02 GMT
expires: Mon, 19 May 2025 21:34:02 GMT
cache-control: private, max-age=900
last-modified: Mon, 19 May 2025 21:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcysghrgc:42:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcysghrgc:42:0
report-to: {"group":"ascgcysghrgc:42:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcysghrgc:42:0"}],}
server: Google Tag Manager
content-length: 116840
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

POST www.google.com/ccm/collect?en=page_view&dl=https%3A%2F%2F1xlite-090241.top%2Fen%2Fblock&scrsrc=www.googletagmanager.com&frm=0&rnd=484778081.1747690443&dt=1xBet&auid=1419340243.1747690443&navt=n&npa=1&gtm=45He55g2v9180563600za200&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101509157~102015666~103116025~103130498~103130500~103136993~103136995~103200001~103207802~103233427~103252644~103252646~103263073~103301114~103301116&tft=1747690442786&tfd=12750&apve=1&apvf=sb

142.250.74.68

200 OK

0 B

URL POST
www.google.com/ccm/collect?en=page_view&dl=https%3A%2F%2F1xlite-090241.top%2Fen%2Fblock&scrsrc=www.googletagmanager.com&frm=0&rnd=484778081.1747690443&dt=1xBet&auid=1419340243.1747690443&navt=n&npa=1&gtm=45He55g2v9180563600za200&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101509157~102015666~103116025~103130498~103130500~103136993~103136995~103200001~103207802~103233427~103252644~103252646~103263073~103301114~103301116&tft=1747690442786&tfd=12750&apve=1&apvf=sb
IP
142.250.74.68:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerGoogle Trust Services
Subjectwww.google.com
FingerprintC0:9B:21:A5:10:36:7E:DC:25:8D:0B:AB:4B:D9:D7:AD:92:06:96:49
ValidityMon, 21 Apr 2025 08:42:35 GMT - Mon, 14 Jul 2025 08:42:34 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /ccm/collect?en=page_view&dl=https%3A%2F%2F1xlite-090241.top%2Fen%2Fblock&scrsrc=www.googletagmanager.com&frm=0&rnd=484778081.1747690443&dt=1xBet&auid=1419340243.1747690443&navt=n&npa=1&gtm=45He55g2v9180563600za200&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101509157~102015666~103116025~103130498~103130500~103136993~103136995~103200001~103207802~103233427~103252644~103252646~103263073~103301114~103301116&tft=1747690442786&tfd=12750&apve=1&apvf=sb HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-090241.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-090241.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 200 OK
cache-control: no-cache, no-store, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT
content-type: text/plain
date: Mon, 19 May 2025 21:34:03 GMT
pragma: no-cache
vary: Origin, X-Origin, Referer
server: scaffolding on HTTPServer2
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://1xlite-090241.top
access-control-expose-headers: date,vary,vary,vary,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

POST 1xlite-090241.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json

83.147.224.92

200 OK

23 B

URL POST
1xlite-090241.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json
IP
83.147.224.92:443
ASN
#0

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerLet's Encrypt
Subject1xlite-090241.top
Fingerprint5A:67:F4:E1:45:5F:10:5B:3D:BC:4E:11:D8:DB:57:8F:9E:DE:FE:D4
ValidityMon, 21 Apr 2025 05:22:27 GMT - Sun, 20 Jul 2025 05:22:26 GMT

File type
JSON text data
Size
23 B (23 bytes)
Hash
94ea0cc17ca98093c8dddc2e13d617b2
1bec10f05d7bc5f940a89b6c658722d6c8306665
c87cf5fff5a39d4a0148189d45b7f5a87884c88045ebcc38a5497d4311383c03

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json HTTP/1.1
Host: 1xlite-090241.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Content-Type: application/json
X-Lang: en
X-Uuid: b6e2d5d9-eb11-47c3-9845-ccdd307d66a3
Content-Length: 109
Origin: https://1xlite-090241.top
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_85563m_20833c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l46995_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_85563m_20833c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l46995_clickunder; auid=U5PgXGgro77CxLxMA33bAg==; window_width=1280; che_g=9ed6e970-d155-3adb-ff0c-07b78d764b8b; SESSION=89e55fc594fd5170634ae9164b271269; _gcl_au=1.1.1419340243.1747690443; _ga_7JGWL9SV66=GS2.1.s1747690442$o1$g0$t1747690443$j59$l0$h246654015$dr3DqjslYNoHJ4YQEfhkYSXGJJciMV79WIw; _ga=GA1.1.1067522767.1747690443
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 19 May 2025 21:34:04 GMT
content-type: application/json
content-length: 23
x-dt: 285
x-time-ng: 0.001
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.006, wf-uht;dur=0.011
X-Firefox-Spdy: h2

POST region1.analytics.google.com/g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je55g2v897130004za200zb9180563600&_p=1747690442398&em=tv.1~em.ODS1igyfeIhzOTHENqwIfH1sb8t0oxg8FT6iY2YCmeo&_gaz=1&gcd=13l3lPl2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101509157~103116026~103130498~103130500~103136993~103136995~103200004~103207802~103233427~103252644~103252646~103263073~103301114~103301116&ptag_exp=101509157~102015666~103116025~103130498~103130500~103136993~103136995~103200001~103207802~103233427~103252644~103252646~103263073~103301114~103301116&cid=1067522767.1747690443&ecid=246654015&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&ec_mode=a&_s=2&sid=1747690442&sct=1&seg=0&dl=https%3A%2F%2F1xlite-090241.top%2Fen%2Fblock%3FredirectedFrom%3D717b49e2606e7d6b9cf0e1ef95631ca7&dt=1xBet&_tu=Kg&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.optimize_id=GTM-5R4MT54&tfd=13229

216.239.32.36

204 No Content

0 B

URL POST
region1.analytics.google.com/g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je55g2v897130004za200zb9180563600&_p=1747690442398&em=tv.1~em.ODS1igyfeIhzOTHENqwIfH1sb8t0oxg8FT6iY2YCmeo&_gaz=1&gcd=13l3lPl2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101509157~103116026~103130498~103130500~103136993~103136995~103200004~103207802~103233427~103252644~103252646~103263073~103301114~103301116&ptag_exp=101509157~102015666~103116025~103130498~103130500~103136993~103136995~103200001~103207802~103233427~103252644~103252646~103263073~103301114~103301116&cid=1067522767.1747690443&ecid=246654015&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&ec_mode=a&_s=2&sid=1747690442&sct=1&seg=0&dl=https%3A%2F%2F1xlite-090241.top%2Fen%2Fblock%3FredirectedFrom%3D717b49e2606e7d6b9cf0e1ef95631ca7&dt=1xBet&_tu=Kg&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.optimize_id=GTM-5R4MT54&tfd=13229
IP
216.239.32.36:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint02:7D:56:C0:B9:20:0C:27:A4:AC:B9:8F:9D:45:1D:85:2A:30:50:AD
ValidityMon, 21 Apr 2025 08:40:41 GMT - Mon, 14 Jul 2025 08:40:40 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je55g2v897130004za200zb9180563600&_p=1747690442398&em=tv.1~em.ODS1igyfeIhzOTHENqwIfH1sb8t0oxg8FT6iY2YCmeo&_gaz=1&gcd=13l3lPl2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101509157~103116026~103130498~103130500~103136993~103136995~103200004~103207802~103233427~103252644~103252646~103263073~103301114~103301116&ptag_exp=101509157~102015666~103116025~103130498~103130500~103136993~103136995~103200001~103207802~103233427~103252644~103252646~103263073~103301114~103301116&cid=1067522767.1747690443&ecid=246654015&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&ec_mode=a&_s=2&sid=1747690442&sct=1&seg=0&dl=https%3A%2F%2F1xlite-090241.top%2Fen%2Fblock%3FredirectedFrom%3D717b49e2606e7d6b9cf0e1ef95631ca7&dt=1xBet&_tu=Kg&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.optimize_id=GTM-5R4MT54&tfd=13229 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-090241.top/
Origin: https://1xlite-090241.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: https://1xlite-090241.top
date: Mon, 19 May 2025 21:34:03 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:153:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsggc:153:0
report-to: {"group":"ascnsrsggc:153:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:153:0"}],}
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/27cfaced/desktop/default/vendors/app-d483f9b7.js

185.244.209.62

200 OK

1.4 MB

URL GET
v3.traincdn.com/main-static/27cfaced/desktop/default/vendors/app-d483f9b7.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (63296)
Size
1.4 MB (1388289 bytes)
Hash
4d54c346afc73d0d2bfade2055537cbf
24cdcba45ac1ddde8b7f149a589fe580150e80b5
0bc1a5abacc70bef1c77fe8b1885f8461428a6add595c902cd1a69109cde1b40

HTTP Headers

GET /main-static/27cfaced/desktop/default/vendors/app-d483f9b7.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-090241.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 19 May 2025 21:33:51 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-1540e9587c2b4ba96b5abcdc01df3500-199e6db09ed2af20-01
last-modified: Fri, 16 May 2025 09:03:54 GMT
etag: W/"4d54c346afc73d0d2bfade2055537cbf"
x-amz-meta-mtime: 1747386232.650052697
content-encoding: gzip
expires: Sat, 17 May 2025 09:15:04 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 43243
cache: HIT
x-cached-since: 2025-05-19T09:33:08+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/27cfaced/desktop/default/css/7fe5f71b.css

185.244.209.62

200 OK

3.3 kB

URL GET
v3.traincdn.com/main-static/27cfaced/desktop/default/css/7fe5f71b.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with very long lines (3313), with no line terminators
Size
3.3 kB (3313 bytes)
Hash
c610b8710368de3bf2f1c5bb581b6a3a
f67bc86785d434adb2e81a356a7926b8818ac567
fad7111846310042401990719146401178f22e2618abf2b058e641b6495e8eba

HTTP Headers

GET /main-static/27cfaced/desktop/default/css/7fe5f71b.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-090241.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 19 May 2025 21:33:52 GMT
content-type: text/css; charset=utf-8
traceparent: 00-50aeed359c010457985ff210b0de2d99-2f05eb3832c05c75-01
last-modified: Fri, 16 May 2025 09:03:54 GMT
etag: W/"c610b8710368de3bf2f1c5bb581b6a3a"
x-amz-meta-mtime: 1747386232.642052625
content-encoding: gzip
expires: Sat, 17 May 2025 09:15:06 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 43242
cache: HIT
x-cached-since: 2025-05-19T09:33:10+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_game/en/dictionary_633badab13286d149e2e53ba9cddcd56.json

185.244.209.62

200 OK

22 kB

URL GET
v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_game/en/dictionary_633badab13286d149e2e53ba9cddcd56.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (21943), with no line terminators
Size
22 kB (22102 bytes)
Hash
f8e38c106493e25c8d998abca3adbfad
e512c42df5c9eb5704ed7791d70b2ffe1f81a93e
6c63846ee5fc0545cad9e70c5428d69ee73bfcfe4e2670e6963002aacb911909

HTTP Headers

GET /genfiles/web-app-v2/dictionary2/v3_game/en/dictionary_633badab13286d149e2e53ba9cddcd56.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-090241.top/
Origin: https://1xlite-090241.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 19 May 2025 21:33:52 GMT
content-type: application/json; charset=utf-8
traceparent: 00-7ab334d9b5fe4a5dbbbe2e8e832dd9b8-3add67bc2eb3c095-01
last-modified: Wed, 07 May 2025 16:06:34 GMT
etag: W/"895da097d39231b34332842ef0092651"
cache-control: max-age=3600
content-encoding: gzip
expires: Wed, 07 May 2025 17:17:40 GMT
x-time-ng: 0.001
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 1216
cache: HIT
x-cached-since: 2025-05-19T21:13:36+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/8192228305b202797f207eeb6842287c.png

185.244.209.62

200 OK

5.2 kB

URL GET
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/8192228305b202797f207eeb6842287c.png
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
PNG image data, 514 x 514, 8-bit colormap, non-interlaced
Size
5.2 kB (5202 bytes)
Hash
b9a636eef54b2844b571fe7de49184a7
bf653690790ced40eb3189da075a275d951d1607
001bfcdd52b658d46543a1aec889d35b73b3909b47097cc011b95e96fc9e3743

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/8192228305b202797f207eeb6842287c.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-090241.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 19 May 2025 21:33:52 GMT
content-type: image/png
content-length: 5202
traceparent: 00-2b30affceab517e74b999aeaae2bef00-b9e7e4bc53df85c4-01
last-modified: Wed, 26 Jun 2024 08:22:59 GMT
etag: "b9a636eef54b2844b571fe7de49184a7"
expires: Thu, 16 Jan 2025 11:18:57 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
cache: REVALIDATED
accept-ranges: bytes
X-Firefox-Spdy: h2

GET 1xlite-090241.top/seo-module-api/api/public/v1/analytics-counters?project[id]=285&domain[host]=1xlite-090241.top

83.147.224.92

200 OK

105 B

URL GET
1xlite-090241.top/seo-module-api/api/public/v1/analytics-counters?project[id]=285&domain[host]=1xlite-090241.top
IP
83.147.224.92:443
ASN
#0

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerLet's Encrypt
Subject1xlite-090241.top
Fingerprint5A:67:F4:E1:45:5F:10:5B:3D:BC:4E:11:D8:DB:57:8F:9E:DE:FE:D4
ValidityMon, 21 Apr 2025 05:22:27 GMT - Sun, 20 Jul 2025 05:22:26 GMT

File type
JSON text data
Size
105 B (105 bytes)
Hash
6abfe5f6641fddde82c2ca29cf5c6a7a
958379bc84073d266358a27b3cf86b15484f5f6d
ede01772dfd8da2cc82f245e454ce360b2ceb13b7d1c330bbc1d68fe41255c19

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /seo-module-api/api/public/v1/analytics-counters?project[id]=285&domain[host]=1xlite-090241.top HTTP/1.1
Host: 1xlite-090241.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
content-type: application/json
x-requested-with: XMLHttpRequest
x-app-n: v3-nuxt2
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_85563m_20833c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l46995_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_85563m_20833c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l46995_clickunder; postback_watcher=; auid=U5PgXGgro77CxLxMA33bAg==; window_width=1920
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 19 May 2025 21:33:52 GMT
content-type: application/json
content-length: 107
cache-control: max-age=1200, must-revalidate, public, s-maxage=1800, stale-if-error=86400, stale-while-revalidate=300
x-content-digest: en6d0e5d6e0146a49c358c0eaad1d2ef38
age: 682
x-request-id: b5d44f35c38833d1a35aa0723d041d84
x-request-guid: b5d44f35c38833d1a35aa0723d041d84
content-encoding: br
x-time-ng: 0.002
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: p;dur=1.4829635620117, wf-uht;dur=0.011
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-ui/2.3.183/Desktop/Default/client.css

185.244.209.62

200 OK

618 kB

URL GET
v3.traincdn.com/sys-ui/2.3.183/Desktop/Default/client.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
618 kB (618486 bytes)
Hash
6638fab187fec8218a491f45c5644195
a9f7fb0ce2bc4a62868503e21b284af2acd9c782
66fb8837de8d19833c38f5f7a2aafabcc8245f3cd32c700ed3e4e8c36d778871

HTTP Headers

GET /sys-ui/2.3.183/Desktop/Default/client.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-090241.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 19 May 2025 21:33:51 GMT
content-type: text/css; charset=utf-8
traceparent: 00-58b9e4a31d117589bd2b95aa73dde601-282278611804e627-01
last-modified: Fri, 25 Apr 2025 08:33:58 GMT
etag: W/"6638fab187fec8218a491f45c5644195"
x-amz-meta-mtime: 1745570035.934854024
content-encoding: gzip
expires: Wed, 14 May 2025 09:16:10 GMT
cache-control: max-age=86400
x-time-ng: 0.003
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 43760
cache: HIT
x-cached-since: 2025-05-19T09:24:31+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/27cfaced/desktop/default/Page.Block-939b6bc3.js

185.244.209.62

200 OK

476 B

URL GET
v3.traincdn.com/main-static/27cfaced/desktop/default/Page.Block-939b6bc3.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (476), with no line terminators
Size
476 B (476 bytes)
Hash
2fe07ae785374b41c72eae809cd778cd
e6cc6b915f50bd0539100f17459920f655490846
8f48198c6791e142c07d1c61cc78823a6e9187b2ea0b679a9afdb534ff653613

HTTP Headers

GET /main-static/27cfaced/desktop/default/Page.Block-939b6bc3.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-090241.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 19 May 2025 21:33:51 GMT
content-type: text/javascript; charset=utf-8
content-length: 476
traceparent: 00-1e89f8bf503f5570e05617cf31df1afc-ae257849df9d8736-01
last-modified: Fri, 16 May 2025 09:03:54 GMT
etag: "2fe07ae785374b41c72eae809cd778cd"
x-amz-meta-mtime: 1747386232.634052553
expires: Sat, 17 May 2025 09:15:27 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 43243
cache: HIT
x-cached-since: 2025-05-19T09:33:08+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/entry-d9a8683836.js

185.244.209.62

200 OK

21 kB

URL GET
v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/entry-d9a8683836.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (20608)
Size
21 kB (21148 bytes)
Hash
b66c3f0c2bcb2ee8031876cbd4fe2ec8
85b28f86aa422623dee0103fb952f50036e47b48
5c24a154c0d97d0f1fdf6ac656ff60edab093e0de835b7953c9c15b8398c8205

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/entry-d9a8683836.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-090241.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-090241.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 19 May 2025 21:33:52 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-9decf2a828dd4eb3284c5a2a2745b48a-15dda02ef674a6d6-01
last-modified: Mon, 19 May 2025 08:03:47 GMT
etag: W/"b66c3f0c2bcb2ee8031876cbd4fe2ec8"
x-amz-meta-mtime: 1747641608.229067291
content-encoding: gzip
expires: Tue, 20 May 2025 08:16:00 GMT
cache-control: max-age=86400
x-time-ng: 0.001
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 47872
cache: HIT
x-cached-since: 2025-05-19T08:16:00+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/1c0cd0740fccd19a9816be06e69f0a1b.json

185.244.209.62

200 OK

473 B

URL GET
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/1c0cd0740fccd19a9816be06e69f0a1b.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
473 B (473 bytes)
Hash
e67aa19ef00fd2285c7b4ecbb6018306
5b01d4786d6fbfbd5de7901eb4359a55466f434a
135c1042c31e3674d8a1b3b9e7179f4f36868048ca6058ea458ff291b8880b5e

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/1c0cd0740fccd19a9816be06e69f0a1b.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-090241.top/
Origin: https://1xlite-090241.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 19 May 2025 21:33:52 GMT
content-type: application/json
content-length: 473
traceparent: 00-9893cd129349ff8cf5eb478efa101a7a-44e44a8f696a5df5-01
last-modified: Thu, 16 May 2024 20:41:30 GMT
etag: "e67aa19ef00fd2285c7b4ecbb6018306"
expires: Fri, 16 May 2025 19:56:49 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 1011
cache: HIT
x-cached-since: 2025-05-19T21:17:01+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_reset_password/en/dictionary_612c6e919ca15d39cc751a619a3952c7.json

185.244.209.62

200 OK

765 B

URL GET
v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_reset_password/en/dictionary_612c6e919ca15d39cc751a619a3952c7.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
765 B (765 bytes)
Hash
00f980f23f1b4c1ccee99ed49e0a8feb
4cb07094de9bffff1bf81d94446280b91013b660
bb3be3377fbb8e66a4b5a8a3866dfd865a37cb4a96482ab2f439981e03b57cea

HTTP Headers

GET /genfiles/web-app-v2/dictionary2/v3_reset_password/en/dictionary_612c6e919ca15d39cc751a619a3952c7.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-090241.top/
Origin: https://1xlite-090241.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 19 May 2025 21:33:52 GMT
content-type: application/json; charset=utf-8
content-length: 765
traceparent: 00-4561dc35003bd4ce395c10e4d3ae4c11-b521b1bab0ae8293-01
last-modified: Wed, 11 Oct 2023 12:52:53 GMT
etag: "00f980f23f1b4c1ccee99ed49e0a8feb"
cache-control: max-age=3600
expires: Thu, 16 Jan 2025 10:53:47 GMT
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 1497
cache: HIT
x-cached-since: 2025-05-19T21:08:55+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/shared-assets/__shared_localforage_FJKG5M2E.js

185.244.209.62

200 OK

30 kB

URL GET
v3.traincdn.com/sys-static/shared-assets/__shared_localforage_FJKG5M2E.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (30255)
Size
30 kB (30277 bytes)
Hash
02cf95f00794b77df34632e34a59c5be
b64889fb6cbe78a141688ea761a627997ef8a8af
bf78b7b3dd6ecbdea04c575edfb6022ed1b2e98c7a9cb9f02ab851ca638f1b83

HTTP Headers

GET /sys-static/shared-assets/__shared_localforage_FJKG5M2E.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-090241.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 19 May 2025 21:33:52 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-0eb441a6d22ca68f14ee682e7a3e6688-2f64947f8b0b8ad9-01
last-modified: Fri, 16 May 2025 08:41:48 GMT
etag: W/"02cf95f00794b77df34632e34a59c5be"
x-amz-meta-mtime: 1747384874.050142111
content-encoding: gzip
expires: Sun, 18 May 2025 08:08:29 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 48191
cache: HIT
x-cached-since: 2025-05-19T08:10:41+00:00
X-Firefox-Spdy: h2

POST 1xlite-090241.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json

83.147.224.92

200 OK

23 B

URL POST
1xlite-090241.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json
IP
83.147.224.92:443
ASN
#0

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerLet's Encrypt
Subject1xlite-090241.top
Fingerprint5A:67:F4:E1:45:5F:10:5B:3D:BC:4E:11:D8:DB:57:8F:9E:DE:FE:D4
ValidityMon, 21 Apr 2025 05:22:27 GMT - Sun, 20 Jul 2025 05:22:26 GMT

File type
JSON text data
Size
23 B (23 bytes)
Hash
120b70a5f00a06a97d13fcacc6dd65f0
39525748e8b63407a502b5b074c2a3e14d8646a1
15351bed18e8b27477f2613089c69aa763065aec64f68df02615a72e452272b4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json HTTP/1.1
Host: 1xlite-090241.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Content-Type: application/json
X-Lang: en
X-Uuid: b6e2d5d9-eb11-47c3-9845-ccdd307d66a3
Content-Length: 72
Origin: https://1xlite-090241.top
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_85563m_20833c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l46995_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_85563m_20833c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l46995_clickunder; postback_watcher=; auid=U5PgXGgro77CxLxMA33bAg==; window_width=1280; che_g=9ed6e970-d155-3adb-ff0c-07b78d764b8b
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 19 May 2025 21:33:53 GMT
content-type: application/json
content-length: 23
x-dt: 285
x-time-ng: 0.038
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.089, wf-uht;dur=0.045
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/27cfaced/desktop/default/runtime-2a9725f7.js

185.244.209.62

200 OK

20 kB

URL GET
v3.traincdn.com/main-static/27cfaced/desktop/default/runtime-2a9725f7.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (19720), with no line terminators
Size
20 kB (19720 bytes)
Hash
16798f46ffe9b2786707df95ce82e0f1
1524d6bc57815525a1abcf75f4adcbb3e25c9e78
ad9893ceb7d8c2cc00d978f1bf58eb5c71e4ed6fcf38b4400a95d3c4fdabfe3b

HTTP Headers

GET /main-static/27cfaced/desktop/default/runtime-2a9725f7.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-090241.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 19 May 2025 21:33:51 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-5714210425e36e32de301d868d49a093-f9bfadc66b65c72c-01
last-modified: Fri, 16 May 2025 09:03:54 GMT
etag: W/"16798f46ffe9b2786707df95ce82e0f1"
x-amz-meta-mtime: 1747386232.650052697
content-encoding: gzip
expires: Sat, 17 May 2025 09:15:04 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 43243
cache: HIT
x-cached-since: 2025-05-19T09:33:08+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/56f58c6d078ff0e8f698576f33bb478d.json

185.244.209.62

200 OK

3.6 kB

URL GET
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/56f58c6d078ff0e8f698576f33bb478d.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
3.6 kB (3557 bytes)
Hash
4b08975411699bcd7464f49777e866bf
2a9b0a0f3eadf5f3e1ef688bacd9560dd59c73d2
b6208d18413f8988db2e0040ff72516c0cb5e06d3d9692b5b098808ab46fc378

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/56f58c6d078ff0e8f698576f33bb478d.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-090241.top/
Origin: https://1xlite-090241.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 19 May 2025 21:33:53 GMT
content-type: application/json
traceparent: 00-975413244cdf58ea710e4a088471a17a-d429c163ae296d82-01
last-modified: Thu, 27 Feb 2025 09:06:12 GMT
etag: W/"4b08975411699bcd7464f49777e866bf"
content-encoding: gzip
expires: Thu, 27 Feb 2025 10:17:14 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 1012
cache: HIT
x-cached-since: 2025-05-19T21:17:01+00:00
X-Firefox-Spdy: h2

GET 1xlite-090241.top/hd-api/external/0196ea77-c73e-711c-858b-d20cf723b195.js

83.147.224.92

200 OK

299 kB

URL GET
1xlite-090241.top/hd-api/external/0196ea77-c73e-711c-858b-d20cf723b195.js
IP
83.147.224.92:443
ASN
#0

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerLet's Encrypt
Subject1xlite-090241.top
Fingerprint5A:67:F4:E1:45:5F:10:5B:3D:BC:4E:11:D8:DB:57:8F:9E:DE:FE:D4
ValidityMon, 21 Apr 2025 05:22:27 GMT - Sun, 20 Jul 2025 05:22:26 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
299 kB (298821 bytes)
Hash
db49bf2d84cd243b5cd8ca3bb9f0520b
e5c08a8df8952a946d5aa99a7976538d1d0f964f
2e28e3d0a04893dc42ce46ee3c734a543004f5366608e4044ff201d9e80f248e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hd-api/external/0196ea77-c73e-711c-858b-d20cf723b195.js HTTP/1.1
Host: 1xlite-090241.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_85563m_20833c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l46995_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_85563m_20833c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l46995_clickunder; auid=U5PgXGgro77CxLxMA33bAg==; window_width=1280; che_g=9ed6e970-d155-3adb-ff0c-07b78d764b8b; SESSION=89e55fc594fd5170634ae9164b271269
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 19 May 2025 21:34:00 GMT
content-type: text/javascript; charset=utf-8
cache-control: private, max-age=0, must-revalidate
content-encoding: gzip
vary: Accept-Encoding
x-dt: 285
x-hd-trace-id: 4dc047c2-e66c-456a-9c3a-9d68aa49a4a5
x-request-guid: 524a66fc75e7fc57c829cd4929febfde
x-time-ng: 0.002
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.091, wf-uht;dur=0.016
X-Firefox-Spdy: h2

GET www.googletagmanager.com/gtag/destination?id=DC-14030178&cx=c&gtm=45He55g2v9180563600za200&tag_exp=101509157~102015666~103116025~103130498~103130500~103136993~103136995~103200001~103207802~103233427~103252644~103252646~103263073~103301114~103301116

142.250.74.168

200 OK

293 kB

URL GET
www.googletagmanager.com/gtag/destination?id=DC-14030178&cx=c&gtm=45He55g2v9180563600za200&tag_exp=101509157~102015666~103116025~103130498~103130500~103136993~103136995~103200001~103207802~103233427~103252644~103252646~103263073~103301114~103301116
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint02:7D:56:C0:B9:20:0C:27:A4:AC:B9:8F:9D:45:1D:85:2A:30:50:AD
ValidityMon, 21 Apr 2025 08:40:41 GMT - Mon, 14 Jul 2025 08:40:40 GMT

File type
JavaScript source, ASCII text, with very long lines (5432)
Size
293 kB (292833 bytes)
Hash
cfbe4426f17ab2533d23bc3ff8e5a46e
191a56f9d642b993cdeafc0ef6f071ae00164095
e627854feee935af7149982bdfe70c7040df6711acd368c6fa3b13dbb5d355f3

HTTP Headers

GET /gtag/destination?id=DC-14030178&cx=c&gtm=45He55g2v9180563600za200&tag_exp=101509157~102015666~103116025~103130498~103130500~103136993~103136995~103200001~103207802~103233427~103252644~103252646~103263073~103301114~103301116 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-090241.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 19 May 2025 21:34:02 GMT
expires: Mon, 19 May 2025 21:34:02 GMT
cache-control: private, max-age=900
last-modified: Mon, 19 May 2025 21:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcysghrgc:42:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcysghrgc:42:0
report-to: {"group":"ascgcysghrgc:42:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcysghrgc:42:0"}],}
server: Google Tag Manager
content-length: 103315
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET v3.traincdn.com/sys-ui/2.3.183/Desktop/Default/client.css

185.244.209.62

200 OK

618 kB

URL GET
v3.traincdn.com/sys-ui/2.3.183/Desktop/Default/client.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
618 kB (618486 bytes)
Hash
6638fab187fec8218a491f45c5644195
a9f7fb0ce2bc4a62868503e21b284af2acd9c782
66fb8837de8d19833c38f5f7a2aafabcc8245f3cd32c700ed3e4e8c36d778871

HTTP Headers

GET /sys-ui/2.3.183/Desktop/Default/client.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-090241.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-090241.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 19 May 2025 21:33:50 GMT
content-type: text/css; charset=utf-8
traceparent: 00-8128270e4efc114ad1a79500557fe110-3fb68895b6df5171-01
last-modified: Fri, 25 Apr 2025 08:33:58 GMT
etag: W/"6638fab187fec8218a491f45c5644195"
x-amz-meta-mtime: 1745570035.934854024
content-encoding: gzip
expires: Wed, 14 May 2025 09:16:10 GMT
cache-control: max-age=86400
x-time-ng: 0.003
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 43759
cache: HIT
x-cached-since: 2025-05-19T09:24:31+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/shared-assets/Desktop/__shared_base-app_114fe59c47.js

185.244.209.62

200 OK

789 kB

URL GET
v3.traincdn.com/sys-static/shared-assets/Desktop/__shared_base-app_114fe59c47.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (22825)
Size
789 kB (789396 bytes)
Hash
435056127d090da3962ec407566149c5
9313f126df39a83e81ff125106f1bf005bb38cde
b285814b5de1f3b5270786c6e06277a6c250b186a9e468c3bb9ac63e93b9b490

HTTP Headers

GET /sys-static/shared-assets/Desktop/__shared_base-app_114fe59c47.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-090241.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 19 May 2025 21:33:52 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-1d94400baf386a80e6556e3b22c29fa2-1bfb42da200ad0a5-01
last-modified: Mon, 19 May 2025 08:03:52 GMT
etag: W/"435056127d090da3962ec407566149c5"
x-amz-meta-mtime: 1747641607.837065742
content-encoding: gzip
expires: Tue, 20 May 2025 08:47:05 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 46007
cache: HIT
x-cached-since: 2025-05-19T08:47:05+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/8b4e10c31932a559912f415b65fba92c.json

185.244.209.62

200 OK

1.3 kB

URL GET
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/8b4e10c31932a559912f415b65fba92c.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
1.3 kB (1342 bytes)
Hash
499d57f89b2bf5fed52d984d865fd72c
f3dd138886f2c1e257d3ac2214b7e3cba57e56b2
9467cf5576ce2a97d9e44e53915a9c4ae529c134cc1ea5a3c62ea304eebda0c8

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/8b4e10c31932a559912f415b65fba92c.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-090241.top/
Origin: https://1xlite-090241.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 19 May 2025 21:33:53 GMT
content-type: application/json
traceparent: 00-900c8f6b7eab19063a8a4ec8bf79c62e-17072424f65a031f-01
last-modified: Thu, 27 Feb 2025 08:17:13 GMT
etag: W/"499d57f89b2bf5fed52d984d865fd72c"
content-encoding: gzip
expires: Thu, 27 Feb 2025 11:06:29 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 1012
cache: HIT
x-cached-since: 2025-05-19T21:17:01+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/593f1a6d4223015f3145bf447897f4f2.json

185.244.209.62

200 OK

241 B

URL GET
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/593f1a6d4223015f3145bf447897f4f2.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
241 B (241 bytes)
Hash
39257fbb62736206d5245e08925d7b60
4c11e3cb6a16b884772b88acdba30a2ad98e86b8
3a3cf0f5c60899ffb49d9825516aec475fd7b78cea8ae0b5b58dfb4e658f041e

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/593f1a6d4223015f3145bf447897f4f2.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-090241.top/
Origin: https://1xlite-090241.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 19 May 2025 21:33:53 GMT
content-type: application/json
content-length: 241
traceparent: 00-29bc39220c85671586f1e7d10d68e3c1-6508f4c3e40e45e8-01
last-modified: Thu, 27 Feb 2025 13:24:25 GMT
etag: "39257fbb62736206d5245e08925d7b60"
expires: Thu, 27 Feb 2025 14:48:35 GMT
cache-control: max-age=3600
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 1012
cache: HIT
x-cached-since: 2025-05-19T21:17:01+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_block_pages/en/dictionary_bc0570f08a28537dc724f4764ecf77e4.json

185.244.209.62

200 OK

2.3 kB

URL GET
v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_block_pages/en/dictionary_bc0570f08a28537dc724f4764ecf77e4.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
2.3 kB (2308 bytes)
Hash
7c12ae6fc08684f50822b3eb56779e29
036c726b8b7b2d24f987391101f3e8d1a2a183cf
a2eac45353675c82733192916712b8876c6b038b7bdbddc24df464e38b67cbfd

HTTP Headers

GET /genfiles/web-app-v2/dictionary2/v3_block_pages/en/dictionary_bc0570f08a28537dc724f4764ecf77e4.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-090241.top/
Origin: https://1xlite-090241.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 19 May 2025 21:33:52 GMT
content-type: application/json; charset=utf-8
traceparent: 00-32fbbefc8c7684ff3caa3e36204e079a-8020746bbfc1c297-01
last-modified: Tue, 22 Apr 2025 08:06:29 GMT
etag: W/"7c12ae6fc08684f50822b3eb56779e29"
cache-control: max-age=3600
content-encoding: gzip
expires: Tue, 22 Apr 2025 09:26:34 GMT
x-time-ng: 0.001
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 2354
cache: HIT
x-cached-since: 2025-05-19T20:54:38+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/19f05ee466.css

185.244.209.62

200 OK

15 kB

URL GET
v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/19f05ee466.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with very long lines (15082)
Size
15 kB (15083 bytes)
Hash
967ea13abafaa256ab87710daeab15e3
c35d006df7e93184905785ddd0780675dbf5ea14
21a68512f65cb824cf777ebddc9aa65f5922defc4dfbc969c3c0e37f74636eda

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/19f05ee466.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-090241.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 19 May 2025 21:33:51 GMT
content-type: text/css; charset=utf-8
traceparent: 00-2e51de821283a5b6cf35abbc8c58e9e7-1dca1b8d08a7c7db-01
last-modified: Mon, 19 May 2025 08:03:47 GMT
etag: W/"967ea13abafaa256ab87710daeab15e3"
x-amz-meta-mtime: 1747641608.225067275
content-encoding: gzip
expires: Tue, 20 May 2025 11:03:10 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 37841
cache: HIT
x-cached-since: 2025-05-19T11:03:10+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/6293f1a8ca.css

185.244.209.62

200 OK

650 B

URL GET
v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/6293f1a8ca.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with very long lines (649)
Size
650 B (650 bytes)
Hash
5d70ac7829c3ae41ce5c0971c798fbcf
9996ce3a09f56d3e37d67fbe7e1efb301ea2f261
0e76b1cd191bd618caea37cb7fb6673d12c7cdff7ea47e939758eda5764a140b

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/6293f1a8ca.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-090241.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 19 May 2025 21:33:51 GMT
content-type: text/css; charset=utf-8
content-length: 650
traceparent: 00-449a010b0d826ad2260dba3bb1ec932b-c0f1e81dc0da3b48-01
last-modified: Mon, 19 May 2025 08:03:47 GMT
etag: "5d70ac7829c3ae41ce5c0971c798fbcf"
x-amz-meta-mtime: 1747641608.229067291
expires: Tue, 20 May 2025 08:15:59 GMT
cache-control: max-age=86400
x-time-ng: 0.001
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 47872
cache: HIT
x-cached-since: 2025-05-19T08:15:59+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

POST 1xlite-090241.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/ab.json

83.147.224.92

200 OK

2 B

URL POST
1xlite-090241.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/ab.json
IP
83.147.224.92:443
ASN
#0

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerLet's Encrypt
Subject1xlite-090241.top
Fingerprint5A:67:F4:E1:45:5F:10:5B:3D:BC:4E:11:D8:DB:57:8F:9E:DE:FE:D4
ValidityMon, 21 Apr 2025 05:22:27 GMT - Sun, 20 Jul 2025 05:22:26 GMT

File type
JSON text data
Size
2 B (2 bytes)
Hash
d751713988987e9331980363e24189ce
97d170e1550eee4afc0af065b78cda302a97674c
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/ab.json HTTP/1.1
Host: 1xlite-090241.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Content-Type: application/json
X-Lang: en
X-Uuid: b6e2d5d9-eb11-47c3-9845-ccdd307d66a3
Content-Length: 19
Origin: https://1xlite-090241.top
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_85563m_20833c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l46995_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_85563m_20833c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l46995_clickunder; postback_watcher=; auid=U5PgXGgro77CxLxMA33bAg==
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 19 May 2025 21:33:52 GMT
content-type: application/json
content-length: 2
x-dt: 285
x-time-ng: 0.001
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.095, wf-uht;dur=0.013
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/27cfaced/desktop/default/vendors/plugins.vue-notification-3480bbbb.js

185.244.209.62

200 OK

13 kB

URL GET
v3.traincdn.com/main-static/27cfaced/desktop/default/vendors/plugins.vue-notification-3480bbbb.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (12563), with no line terminators
Size
13 kB (12563 bytes)
Hash
8262a405ddcbf2b8f007e45bb1ffb879
629d425c3a211b9a6a4c0e64ead1783e22964c56
33795ab29f3e0a0360208fb32ddbcf541861a0f256cbb28eae92beb0a0e6c843

HTTP Headers

GET /main-static/27cfaced/desktop/default/vendors/plugins.vue-notification-3480bbbb.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-090241.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 19 May 2025 21:33:52 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-0a6d8f1050dc052a1b5b790cd288561f-50f3cdd4f19417d0-01
last-modified: Fri, 16 May 2025 09:03:54 GMT
etag: W/"8262a405ddcbf2b8f007e45bb1ffb879"
x-amz-meta-mtime: 1747386232.654052733
content-encoding: gzip
expires: Sat, 17 May 2025 09:15:06 GMT
cache-control: max-age=86400
x-time-ng: 0.001
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 43242
cache: HIT
x-cached-since: 2025-05-19T09:33:10+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/27cfaced/desktop/default/css/684d7545.css

185.244.209.62

200 OK

14 kB

URL GET
v3.traincdn.com/main-static/27cfaced/desktop/default/css/684d7545.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with very long lines (14391), with no line terminators
Size
14 kB (14391 bytes)
Hash
a552d5db890b7f16e370b33cc587e807
a9dc47737b3e1d8ef6fcbb48c7c0b026c6fda545
0d7e00204297499711ae1da574d4635b31d8238ab4a663b382c44d850d24f3ec

HTTP Headers

GET /main-static/27cfaced/desktop/default/css/684d7545.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-090241.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 19 May 2025 21:33:51 GMT
content-type: text/css; charset=utf-8
traceparent: 00-8e635153aa40fd421107dbfb1221fbea-ec457920ad3750f8-01
last-modified: Fri, 16 May 2025 09:03:54 GMT
etag: W/"a552d5db890b7f16e370b33cc587e807"
x-amz-meta-mtime: 1747386232.642052625
content-encoding: gzip
expires: Sat, 17 May 2025 09:15:03 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 43244
cache: HIT
x-cached-since: 2025-05-19T09:33:07+00:00
X-Firefox-Spdy: h2

GET www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66

142.250.74.168

200 OK

461 kB

URL GET
www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint02:7D:56:C0:B9:20:0C:27:A4:AC:B9:8F:9D:45:1D:85:2A:30:50:AD
ValidityMon, 21 Apr 2025 08:40:41 GMT - Mon, 14 Jul 2025 08:40:40 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (12571)
Size
461 kB (461090 bytes)
Hash
a67ddbf88d7d50509cd7f34679af6dff
14366bd171e3d5c4ec86c58baf150842d1702276
b7a0cf4159e7222f0d5390358babfa939f35b59de86b82aa64e790583d9e7ca4

HTTP Headers

GET /gtag/js?id=G-7JGWL9SV66 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-090241.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 19 May 2025 21:34:02 GMT
expires: Mon, 19 May 2025 21:34:02 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1075:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1075:0
report-to: {"group":"ascgcycc:1075:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1075:0"}],}
server: Google Tag Manager
content-length: 148451
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/5921c2dece.js

185.244.209.62

200 OK

1.2 kB

URL GET
v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/5921c2dece.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (833)
Size
1.2 kB (1206 bytes)
Hash
0e803511b278d2c1a4950ebe5bfe945d
8163aaf39fa204730cecc0531587146ce7ec7d3b
2e838b03c7c8b29199dbf6dafbd1478d7796572e3a6d2616736e2829d685f205

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/5921c2dece.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-090241.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 19 May 2025 21:33:52 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-2bf6a1d58ed44a181947a7876fd94a22-95e57039425cc42b-01
last-modified: Mon, 19 May 2025 08:03:47 GMT
etag: W/"0e803511b278d2c1a4950ebe5bfe945d"
x-amz-meta-mtime: 1747641608.229067291
content-encoding: gzip
expires: Tue, 20 May 2025 08:16:00 GMT
cache-control: max-age=86400
x-time-ng: 0.003
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 47872
cache: HIT
x-cached-since: 2025-05-19T08:16:00+00:00
X-Firefox-Spdy: h2

GET www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66&cx=c&gtm=45He55g2v9180563600za200&tag_exp=101509157~102015666~103116025~103130498~103130500~103136993~103136995~103200001~103207802~103233427~103252644~103252646~103263073~103301114~103301116

142.250.74.168

200 OK

461 kB

URL GET
www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66&cx=c&gtm=45He55g2v9180563600za200&tag_exp=101509157~102015666~103116025~103130498~103130500~103136993~103136995~103200001~103207802~103233427~103252644~103252646~103263073~103301114~103301116
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint02:7D:56:C0:B9:20:0C:27:A4:AC:B9:8F:9D:45:1D:85:2A:30:50:AD
ValidityMon, 21 Apr 2025 08:40:41 GMT - Mon, 14 Jul 2025 08:40:40 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (12571)
Size
461 kB (461094 bytes)
Hash
6c757711463014f759eefdec1f2c93bc
ae19fade699b6d9a015b143d7be3d576148d6424
c5877c87291cf8706cdfb0a750cd819113da130475602dff15b3355966f98337

HTTP Headers

GET /gtag/js?id=G-7JGWL9SV66&cx=c&gtm=45He55g2v9180563600za200&tag_exp=101509157~102015666~103116025~103130498~103130500~103136993~103136995~103200001~103207802~103233427~103252644~103252646~103263073~103301114~103301116 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-090241.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 19 May 2025 21:34:02 GMT
expires: Mon, 19 May 2025 21:34:02 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1075:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1075:0
report-to: {"group":"ascgcycc:1075:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1075:0"}],}
server: Google Tag Manager
content-length: 148433
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET 1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7

83.147.224.92

203 Non Authoritative

268 kB

URL User Request GET
1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
IP
83.147.224.92:443
ASN
#0

Certificate
IssuerLet's Encrypt
Subject1xlite-090241.top
Fingerprint5A:67:F4:E1:45:5F:10:5B:3D:BC:4E:11:D8:DB:57:8F:9E:DE:FE:D4
ValidityMon, 21 Apr 2025 05:22:27 GMT - Sun, 20 Jul 2025 05:22:26 GMT

File type
HTML document, ASCII text, with very long lines (57799)
Size
268 kB (267828 bytes)
Hash
9cbf50dba5b2f02862c282e973f4b884
aed6c28001dcb5ed323e096ac4064e549d5f8d97
8057edf01ac305246df4fc8726f6c444fc1b1c76dd5d0f608d01bba95004a8e4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7 HTTP/1.1
Host: 1xlite-090241.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_85563m_20833c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l46995_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_85563m_20833c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l46995_clickunder; postback_watcher=; auid=U5PgXGgro77CxLxMA33bAg==
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 203 Non Authoritative
server: nginx
date: Mon, 19 May 2025 21:33:50 GMT
content-type: text/html; charset=utf-8
content-length: 267828
accept-ranges: none
link: <https://v3.traincdn.com/sys-ui/2.3.183/Desktop/Default/client.css>; rel=preload; as=style; crossorigin=anonymous
server-timing: dt_total;dur=0.005, total;dur=55;desc="Nuxt Server Time"
set-cookie: gw-mm=; Path=/; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Secure; SameSite=None; Partitioned
lng=en; Path=/
cookies_agree_type=3; Path=/
tzo=2; Path=/
is12h=0; Path=/
x-dt: 285
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/bfa3e9fd30e7d63c0906602f42c13468.json

185.244.209.62

200 OK

182 B

URL GET
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/bfa3e9fd30e7d63c0906602f42c13468.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
182 B (182 bytes)
Hash
0a64a07e9a34e8a5b5e97e80a10888c5
82545cbc39b7dcc031dd10dea841a0b3698243d6
7201497e7e8cdf9d35bf6998e43dcde5feea535f9828ce3ee98785781016126c

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/bfa3e9fd30e7d63c0906602f42c13468.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-090241.top/
Origin: https://1xlite-090241.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 19 May 2025 21:33:52 GMT
content-type: application/json
content-length: 182
traceparent: 00-86374106b8947c473ea6704efa2c1ad1-bfaa5fac5fa8ed53-01
last-modified: Thu, 27 Feb 2025 08:55:26 GMT
etag: "0a64a07e9a34e8a5b5e97e80a10888c5"
expires: Thu, 27 Feb 2025 10:17:13 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 2414
cache: HIT
x-cached-since: 2025-05-19T20:53:38+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/shared-assets/__shared_chunk_7HDOEZTP.js

185.244.209.62

200 OK

1.2 kB

URL GET
v3.traincdn.com/sys-static/shared-assets/__shared_chunk_7HDOEZTP.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (1193)
Size
1.2 kB (1194 bytes)
Hash
7e76c08e7f16815131a5f13a10c1efba
5f800877b78a0713157fe119bc1a2d9a260f72e1
c6f29a0c7c3ed884ccffd7a529fd2fc599e2da1f31af658146f0e36a3f4c00dc

HTTP Headers

GET /sys-static/shared-assets/__shared_chunk_7HDOEZTP.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-090241.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 19 May 2025 21:33:52 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-c74d1f9089f08ad5ac3d079312933831-6bfac39b5ec6f853-01
last-modified: Fri, 16 May 2025 08:41:48 GMT
etag: W/"7e76c08e7f16815131a5f13a10c1efba"
x-amz-meta-mtime: 1747384874.006142004
content-encoding: gzip
expires: Sun, 18 May 2025 08:05:27 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 48190
cache: HIT
x-cached-since: 2025-05-19T08:10:42+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/shared-assets/__shared_accept_language_parser_B6TW5FDZ.js

185.244.209.62

200 OK

1.3 kB

URL GET
v3.traincdn.com/sys-static/shared-assets/__shared_accept_language_parser_B6TW5FDZ.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (1265)
Size
1.3 kB (1297 bytes)
Hash
e3f1c4089db6b910890e85d97a2e2066
85828920da3c3fd7856acde184e835ac314295cd
6c28afe5a52e0f9b1138fe498b254c8671058a058b555651ccae8e91e7534614

HTTP Headers

GET /sys-static/shared-assets/__shared_accept_language_parser_B6TW5FDZ.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-090241.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 19 May 2025 21:33:52 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-2597c2a74d477ad386a648914d91a69d-4e6be7ae0edf3540-01
last-modified: Mon, 19 May 2025 07:56:01 GMT
etag: W/"e3f1c4089db6b910890e85d97a2e2066"
x-amz-meta-mtime: 1747641007.626539659
content-encoding: gzip
expires: Tue, 20 May 2025 08:08:06 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 48190
cache: HIT
x-cached-since: 2025-05-19T08:10:42+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/27cfaced/desktop/default/vendors/plugins.v-tooltip-f80b21f3.js

185.244.209.62

200 OK

77 kB

URL GET
v3.traincdn.com/main-static/27cfaced/desktop/default/vendors/plugins.v-tooltip-f80b21f3.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65476)
Size
77 kB (76622 bytes)
Hash
279b8172376619d3e90b7f7f5f604546
563bc17cf629d2bcff9a46af92aeaf3e982818e9
361939c02f2c42d2679eab83eae855dd6353e25b24cf995df435c89afcf09f57

HTTP Headers

GET /main-static/27cfaced/desktop/default/vendors/plugins.v-tooltip-f80b21f3.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-090241.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 19 May 2025 21:33:51 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-2fbc31a0fb1eab4d7cfa0210384ae606-54848962a206e6b2-01
last-modified: Fri, 16 May 2025 09:03:54 GMT
etag: W/"279b8172376619d3e90b7f7f5f604546"
x-amz-meta-mtime: 1747386232.654052733
content-encoding: gzip
expires: Sat, 17 May 2025 09:15:06 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 43241
cache: HIT
x-cached-since: 2025-05-19T09:33:10+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2

185.244.209.62

200 OK

64 kB

URL GET
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 63920, version 1.0
Size
64 kB (63920 bytes)
Hash
a65527fcb58f66a7cfbc0e6b160538b4
45d260e7fa343401b5bb0df982a014f53e2d253b
fb13c3a1cbac60649b76f7d7f85c1645d35ac69b85ce5f4eb0692505ecc2cd45

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-090241.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 19 May 2025 21:34:01 GMT
content-type: font/woff2
content-length: 63920
traceparent: 00-c342b01e48974fb5ff2b367b3960ce80-1a4ac9ea576da184-01
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "a65527fcb58f66a7cfbc0e6b160538b4"
expires: Thu, 16 Jan 2025 10:45:34 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 282
cache: HIT
x-cached-since: 2025-05-19T21:29:19+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET 1xlite-090241.top/hd-api/external/assets/hdf.js

83.147.224.92

200 OK

4.1 kB

URL GET
1xlite-090241.top/hd-api/external/assets/hdf.js
IP
83.147.224.92:443
ASN
#0

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerLet's Encrypt
Subject1xlite-090241.top
Fingerprint5A:67:F4:E1:45:5F:10:5B:3D:BC:4E:11:D8:DB:57:8F:9E:DE:FE:D4
ValidityMon, 21 Apr 2025 05:22:27 GMT - Sun, 20 Jul 2025 05:22:26 GMT

File type
C++ source, ASCII text, with very long lines (874)
Size
4.1 kB (4078 bytes)
Hash
2f26a679e9d54a65e6578e947cc5bdf2
1b984864aa7b3e28231ac7cea3c199435dbdc6bf
1e3c4bd81a1cd9ee02e42a42802d5c18cbdb3f3a11c0b2732eb11bd12263020c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hd-api/external/assets/hdf.js HTTP/1.1
Host: 1xlite-090241.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_85563m_20833c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l46995_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_85563m_20833c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l46995_clickunder; auid=U5PgXGgro77CxLxMA33bAg==; window_width=1280; che_g=9ed6e970-d155-3adb-ff0c-07b78d764b8b; SESSION=89e55fc594fd5170634ae9164b271269
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 19 May 2025 21:34:00 GMT
content-type: text/javascript; charset=utf-8
content-length: 1622
cache-control: public, max-age=300
content-encoding: gzip
etag: 2f26a679e9d54a65e6578e947cc5bdf2
vary: Accept-Encoding
x-dt: 455
x-request-guid: bf22639b55f626bf3b51fc09674961b9
x-time-ng: 0.000
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.005, wf-uht;dur=
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/27cfaced/desktop/default/analytics-55fb0de0.js

185.244.209.62

200 OK

7.8 kB

URL GET
v3.traincdn.com/main-static/27cfaced/desktop/default/analytics-55fb0de0.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (7765), with no line terminators
Size
7.8 kB (7765 bytes)
Hash
77aa49e6ab5e4ed8f2beb4b6015d0c92
4d8456974f03f3fb0891ccab9c4c793db75b15fa
94cd4b40b2a755b58ad4efe05df1828a8fe7eb8a50ac2506c9bd3bc6cbd9e1da

HTTP Headers

GET /main-static/27cfaced/desktop/default/analytics-55fb0de0.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-090241.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 19 May 2025 21:34:02 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-30cf392a4a19b96c17ce6f1aeeeb6010-22c79bcc1d11d8c5-01
last-modified: Fri, 16 May 2025 09:03:54 GMT
etag: W/"77aa49e6ab5e4ed8f2beb4b6015d0c92"
x-amz-meta-mtime: 1747386232.638052588
content-encoding: gzip
expires: Sat, 17 May 2025 09:15:17 GMT
cache-control: max-age=86400
x-time-ng: 0.001
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 43170
cache: HIT
x-cached-since: 2025-05-19T09:34:32+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/414dd9cf2e.js

185.244.209.62

200 OK

4.1 kB

URL GET
v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/414dd9cf2e.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (4047)
Size
4.1 kB (4050 bytes)
Hash
5ded550550b8baead149725dc1797af5
ba60ea789f629179dd86e7790e14184c4985e274
fc39b5c9b1aa8a568bbb264ad84da3ece10cf78bafd7a3133de4a3d2d6034a4a

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/414dd9cf2e.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-090241.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 19 May 2025 21:33:53 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-d929d6d26d28152681d83b97251efebc-655a69182de68ace-01
last-modified: Mon, 19 May 2025 08:03:47 GMT
etag: W/"5ded550550b8baead149725dc1797af5"
x-amz-meta-mtime: 1747641608.229067291
content-encoding: gzip
expires: Tue, 20 May 2025 08:16:01 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 47872
cache: HIT
x-cached-since: 2025-05-19T08:16:01+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/40c2899d07.js

185.244.209.62

200 OK

864 B

URL GET
v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/40c2899d07.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (863)
Size
864 B (864 bytes)
Hash
f52548a903f43d0b771b5f0a3023637a
41969dcfc4ec8e6b25cc170a65cf2e5a28277fec
72daf14a746ec9def6a9d1c88409dc991e397b879a0e921e8da69375019c2efd

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/40c2899d07.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-090241.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 19 May 2025 21:33:53 GMT
content-type: text/javascript; charset=utf-8
content-length: 864
traceparent: 00-ac40abe15c3f88e09623042556a04e03-b4aa888625f52999-01
last-modified: Mon, 19 May 2025 08:03:47 GMT
etag: "f52548a903f43d0b771b5f0a3023637a"
x-amz-meta-mtime: 1747641608.225067275
expires: Tue, 20 May 2025 08:16:01 GMT
cache-control: max-age=86400
x-time-ng: 0.001
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 47872
cache: HIT
x-cached-since: 2025-05-19T08:16:01+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET 1xlite-090241.top/web-api/session

83.147.224.92

204 No Content

0 B

URL GET
1xlite-090241.top/web-api/session
IP
83.147.224.92:443
ASN
#0

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerLet's Encrypt
Subject1xlite-090241.top
Fingerprint5A:67:F4:E1:45:5F:10:5B:3D:BC:4E:11:D8:DB:57:8F:9E:DE:FE:D4
ValidityMon, 21 Apr 2025 05:22:27 GMT - Sun, 20 Jul 2025 05:22:26 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /web-api/session HTTP/1.1
Host: 1xlite-090241.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
content-type: application/json
x-requested-with: XMLHttpRequest
x-app-n: v3-nuxt2
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_85563m_20833c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l46995_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_85563m_20833c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l46995_clickunder; auid=U5PgXGgro77CxLxMA33bAg==; window_width=1280; che_g=9ed6e970-d155-3adb-ff0c-07b78d764b8b
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
server: nginx
date: Mon, 19 May 2025 21:34:00 GMT
cache-control: no-cache, private
server-timing: dt_total;dur=0.125, p;dur=20.102, wf-uht;dur=0.036
set-cookie: ua=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
SESSION=89e55fc594fd5170634ae9164b271269; path=/; secure; httponly; samesite=lax
x-dt: 285
x-time-ng: 0.021, 0.023
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

GET 1xlite-090241.top/hd-api/external/apps/c5e31d5915661de4393e3f1489b00ebc4497dd48/api.js

83.147.224.92

200 OK

753 B

URL GET
1xlite-090241.top/hd-api/external/apps/c5e31d5915661de4393e3f1489b00ebc4497dd48/api.js
IP
83.147.224.92:443
ASN
#0

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerLet's Encrypt
Subject1xlite-090241.top
Fingerprint5A:67:F4:E1:45:5F:10:5B:3D:BC:4E:11:D8:DB:57:8F:9E:DE:FE:D4
ValidityMon, 21 Apr 2025 05:22:27 GMT - Sun, 20 Jul 2025 05:22:26 GMT

File type
JavaScript source, ASCII text, with very long lines (752)
Size
753 B (753 bytes)
Hash
f004562bde4d48fb0987e200eb06f3af
6ce4bb1f9a61802bc2b28d084810a6a752af30a6
ba2a7d9626d02a36d5c599c2e0f24594f47e2624d8fa93f6944056722e31f20f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hd-api/external/apps/c5e31d5915661de4393e3f1489b00ebc4497dd48/api.js HTTP/1.1
Host: 1xlite-090241.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_85563m_20833c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l46995_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_85563m_20833c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l46995_clickunder; auid=U5PgXGgro77CxLxMA33bAg==; window_width=1280; che_g=9ed6e970-d155-3adb-ff0c-07b78d764b8b; SESSION=89e55fc594fd5170634ae9164b271269
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 19 May 2025 21:34:00 GMT
content-type: text/javascript; charset=utf-8
content-length: 490
cache-control: public, max-age=300
content-encoding: gzip
etag: f004562bde4d48fb0987e200eb06f3af
vary: Accept-Encoding
x-dt: 455
x-request-guid: 528985f39707a097eb33eb9e7786609f
x-time-ng: 0.000
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.007, wf-uht;dur=
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/$_$.js

185.244.209.62

200 OK

69 B

URL GET
v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/$_$.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
69 B (69 bytes)
Hash
2cdaa92927f02e0b628f1ef4d7dd8caf
9104a2e16ed080b80a42588b8aeb52ebec47ab7a
ef8101ffea52addcdcfcc3a83f96ff2d4613fb3ae6d1c16bbe4852387b73a9db

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/$_$.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-090241.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 19 May 2025 21:33:52 GMT
content-type: text/javascript; charset=utf-8
content-length: 69
traceparent: 00-34f8d015a337ffb162f24a5e7b27146e-9f328ce6a39a2b3f-01
last-modified: Tue, 13 May 2025 07:58:07 GMT
etag: "2cdaa92927f02e0b628f1ef4d7dd8caf"
x-amz-meta-mtime: 1747122891.009052251
expires: Wed, 14 May 2025 08:27:27 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 45486
cache: HIT
x-cached-since: 2025-05-19T08:55:46+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/shared-assets/__shared_popper_js_E2H7ZPXQ.js

185.244.209.62

200 OK

21 kB

URL GET
v3.traincdn.com/sys-static/shared-assets/__shared_popper_js_E2H7ZPXQ.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (21232)
Size
21 kB (21252 bytes)
Hash
3cf0cae38afae9add22f7884e5061231
2a41037501375a439385a76a047876619683418f
322482e3beae5a985d069beea981614510fda90a5df7295b776a324d461fc43d

HTTP Headers

GET /sys-static/shared-assets/__shared_popper_js_E2H7ZPXQ.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-090241.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 19 May 2025 21:33:52 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-a144d855d381ca41182f37b2eb8e81e0-ac6ab40e134aa3d0-01
last-modified: Fri, 16 May 2025 08:41:48 GMT
etag: W/"3cf0cae38afae9add22f7884e5061231"
x-amz-meta-mtime: 1747384874.030142063
content-encoding: gzip
expires: Sun, 18 May 2025 08:28:36 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 46910
cache: HIT
x-cached-since: 2025-05-19T08:32:02+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/48e48442c6.js

185.244.209.62

200 OK

2.4 kB

URL GET
v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/48e48442c6.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (2401)
Size
2.4 kB (2402 bytes)
Hash
c9f2bb3385d31e56256121e6512c3547
7bd71f600844dd1a06d7442d1b185faa8cfccaa9
9aea802b52f05c625c31413ef2d1fad28f7e048ab9a9307ea5fcb3a3aa77f261

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/48e48442c6.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-090241.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 19 May 2025 21:33:53 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-fbe5bc1f6d803b338ecb9e8bd9e4f2b0-7bcfab5c838729e9-01
last-modified: Mon, 19 May 2025 08:03:47 GMT
etag: W/"c9f2bb3385d31e56256121e6512c3547"
x-amz-meta-mtime: 1747641608.229067291
content-encoding: gzip
expires: Tue, 20 May 2025 08:16:01 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 47872
cache: HIT
x-cached-since: 2025-05-19T08:16:01+00:00
X-Firefox-Spdy: h2

POST www.google.com/gmp/conversion;src=14030178;type=xbet;cat=uniqu0;ord=1;num=1243878263405;npa=1;auiddc=1419340243.1747690443;pscdl=noapi;frm=0;_tu=KpA;gtm=45fe55g2v9190735530z89180563600za200zb9180563600;gcd=13l3l3l2l1l1;dma_cps=syphamo;dma=1;dc_fmt=4;tag_exp=101509157~103116026~103130498~103130500~103136993~103136995~103200004~103207802~103233427~103252644~103252646~103263073~103301114~103301116;ptag_exp=101509157~102015666~103116025~103130498~103130500~103136993~103136995~103200001~103207802~103233427~103252644~103252646~103263073~103301114~103301116;epver=2;dc_random=1747690443213;~oref=https%3A%2F%2F1xlite-090241.top%2Fen%2Fblock%3FredirectedFrom%3D717b49e2606e7d6b9cf0e1ef95631ca7?

142.250.74.68

200 OK

42 B

URL POST
www.google.com/gmp/conversion;src=14030178;type=xbet;cat=uniqu0;ord=1;num=1243878263405;npa=1;auiddc=1419340243.1747690443;pscdl=noapi;frm=0;_tu=KpA;gtm=45fe55g2v9190735530z89180563600za200zb9180563600;gcd=13l3l3l2l1l1;dma_cps=syphamo;dma=1;dc_fmt=4;tag_exp=101509157~103116026~103130498~103130500~103136993~103136995~103200004~103207802~103233427~103252644~103252646~103263073~103301114~103301116;ptag_exp=101509157~102015666~103116025~103130498~103130500~103136993~103136995~103200001~103207802~103233427~103252644~103252646~103263073~103301114~103301116;epver=2;dc_random=1747690443213;~oref=https%3A%2F%2F1xlite-090241.top%2Fen%2Fblock%3FredirectedFrom%3D717b49e2606e7d6b9cf0e1ef95631ca7?
IP
142.250.74.68:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerGoogle Trust Services
Subjectwww.google.com
FingerprintC0:9B:21:A5:10:36:7E:DC:25:8D:0B:AB:4B:D9:D7:AD:92:06:96:49
ValidityMon, 21 Apr 2025 08:42:35 GMT - Mon, 14 Jul 2025 08:42:34 GMT

File type
GIF image data, version 89a, 1 x 1
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

POST /gmp/conversion;src=14030178;type=xbet;cat=uniqu0;ord=1;num=1243878263405;npa=1;auiddc=1419340243.1747690443;pscdl=noapi;frm=0;_tu=KpA;gtm=45fe55g2v9190735530z89180563600za200zb9180563600;gcd=13l3l3l2l1l1;dma_cps=syphamo;dma=1;dc_fmt=4;tag_exp=101509157~103116026~103130498~103130500~103136993~103136995~103200004~103207802~103233427~103252644~103252646~103263073~103301114~103301116;ptag_exp=101509157~102015666~103116025~103130498~103130500~103136993~103136995~103200001~103207802~103233427~103252644~103252646~103263073~103301114~103301116;epver=2;dc_random=1747690443213;~oref=https%3A%2F%2F1xlite-090241.top%2Fen%2Fblock%3FredirectedFrom%3D717b49e2606e7d6b9cf0e1ef95631ca7? HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-090241.top/
Origin: https://1xlite-090241.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 19 May 2025 21:34:03 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
access-control-allow-origin: https://1xlite-090241.top
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/site-admin/css_vars/29b5cda95fa390c124de39b6aeca6d24.css

185.244.209.62

200 OK

46 B

URL GET
v3.traincdn.com/genfiles/site-admin/css_vars/29b5cda95fa390c124de39b6aeca6d24.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
46 B (46 bytes)
Hash
29b5cda95fa390c124de39b6aeca6d24
46f68f69533c1fdc737eb36e8e7af7672178e610
6021ec0aede22eadcb8401fe945d345202320437c7be01b157f0cb282ebe7c88

HTTP Headers

GET /genfiles/site-admin/css_vars/29b5cda95fa390c124de39b6aeca6d24.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-090241.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 19 May 2025 21:33:52 GMT
content-type: text/css
content-length: 46
traceparent: 00-72f68d08caeb95e1343d916bedf7a32a-5b16c49bf5cad128-01
last-modified: Thu, 20 Mar 2025 13:29:31 GMT
etag: "29b5cda95fa390c124de39b6aeca6d24"
cache-control: max-age=3600
expires: Thu, 20 Mar 2025 14:32:37 GMT
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 2604
cache: HIT
x-cached-since: 2025-05-19T20:50:28+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/46fe3f96f4140750e81ded48911f3e30.json

185.244.209.62

200 OK

747 B

URL GET
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/46fe3f96f4140750e81ded48911f3e30.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
747 B (747 bytes)
Hash
f4e90636ec9cff061c4301b3cefdd0d6
c506efe9c3672c58434ea10021dab0ad81b1ad98
30666f138ccc12735e2f8a6405ddce4a3d8756b9445e3b2732fa2970f14dbcea

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/46fe3f96f4140750e81ded48911f3e30.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-090241.top/
Origin: https://1xlite-090241.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 19 May 2025 21:33:52 GMT
content-type: application/json
content-length: 747
traceparent: 00-466dd4d4802fa04968bede5cc76c7a99-6aca9c48baaae1b6-01
last-modified: Thu, 27 Feb 2025 13:26:35 GMT
etag: "f4e90636ec9cff061c4301b3cefdd0d6"
expires: Thu, 27 Feb 2025 15:00:05 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 1519
cache: HIT
x-cached-since: 2025-05-19T21:08:33+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET 1xlite-090241.top/captcha-api/assets/hunt-captcha.js

83.147.224.92

200 OK

89 kB

URL GET
1xlite-090241.top/captcha-api/assets/hunt-captcha.js
IP
83.147.224.92:443
ASN
#0

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerLet's Encrypt
Subject1xlite-090241.top
Fingerprint5A:67:F4:E1:45:5F:10:5B:3D:BC:4E:11:D8:DB:57:8F:9E:DE:FE:D4
ValidityMon, 21 Apr 2025 05:22:27 GMT - Sun, 20 Jul 2025 05:22:26 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
89 kB (88805 bytes)
Hash
65da0bf0a5d4b9a3a2a93c4386600641
46fe39217fcb8ecb0088418e2d66d6dc340f9a1b
5f4eaff44e73fc71975b97b275e08e4d55a8c2e01fdaafe14e9a44abeb47aea3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /captcha-api/assets/hunt-captcha.js HTTP/1.1
Host: 1xlite-090241.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_85563m_20833c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l46995_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_85563m_20833c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l46995_clickunder; auid=U5PgXGgro77CxLxMA33bAg==; window_width=1280; che_g=9ed6e970-d155-3adb-ff0c-07b78d764b8b; SESSION=89e55fc594fd5170634ae9164b271269
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 19 May 2025 21:34:00 GMT
content-type: text/javascript; charset=utf-8
cache-control: public, max-age=300
content-encoding: br
vary: Accept-Encoding
x-dt: 455
x-request-id: 194fb37f53978d7fa6894dfa4b65dfeb
x-time-ng: 0.001
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.010, wf-uht;dur=
X-Firefox-Spdy: h2

GET www.googletagmanager.com/gtm.js?id=GTM-KFGPRJ2V

142.250.74.168

200 OK

336 kB

URL GET
www.googletagmanager.com/gtm.js?id=GTM-KFGPRJ2V
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint02:7D:56:C0:B9:20:0C:27:A4:AC:B9:8F:9D:45:1D:85:2A:30:50:AD
ValidityMon, 21 Apr 2025 08:40:41 GMT - Mon, 14 Jul 2025 08:40:40 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (4828)
Size
336 kB (335973 bytes)
Hash
fda533640daf25d60c0eacd19b5c5a7e
4da677e94933009f56498ca5233f9fd237e15ae5
515b27d319af1a1edf6435d1a31027cbc2e15f490072495a3947bb5f383b1b69

HTTP Headers

GET /gtm.js?id=GTM-KFGPRJ2V HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-090241.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 19 May 2025 21:34:02 GMT
expires: Mon, 19 May 2025 21:34:02 GMT
cache-control: private, max-age=900
last-modified: Mon, 19 May 2025 21:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1317:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1317:0
report-to: {"group":"ascgcycc:1317:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1317:0"}],}
server: Google Tag Manager
content-length: 117046
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/283b76f48d045151d369ffabf3fbf49f.json

185.244.209.62

200 OK

2.9 kB

URL GET
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/283b76f48d045151d369ffabf3fbf49f.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
2.9 kB (2853 bytes)
Hash
c163e08f04217198adf89b6af95e8ff6
4f45163b22f2cb4d66d287eb4acc54345ee814f8
d5af82911b446075abf5a86e262c5d8210894f80f8e6140d771e6d3effe7c7a1

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/283b76f48d045151d369ffabf3fbf49f.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-090241.top/
Origin: https://1xlite-090241.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 19 May 2025 21:33:53 GMT
content-type: application/json
traceparent: 00-0dd3efece5a6d395b6aacd44230f9b9f-01629dad4456b647-01
last-modified: Thu, 08 May 2025 12:53:06 GMT
etag: W/"c163e08f04217198adf89b6af95e8ff6"
content-encoding: gzip
expires: Thu, 08 May 2025 14:19:48 GMT
cache-control: max-age=3600
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 1012
cache: HIT
x-cached-since: 2025-05-19T21:17:01+00:00
X-Firefox-Spdy: h2

POST 1xlite-090241.top/hd-api/external/verify

83.147.224.92

200 OK

715 B

URL POST
1xlite-090241.top/hd-api/external/verify
IP
83.147.224.92:443
ASN
#0

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerLet's Encrypt
Subject1xlite-090241.top
Fingerprint5A:67:F4:E1:45:5F:10:5B:3D:BC:4E:11:D8:DB:57:8F:9E:DE:FE:D4
ValidityMon, 21 Apr 2025 05:22:27 GMT - Sun, 20 Jul 2025 05:22:26 GMT

File type
JSON text data
Size
715 B (715 bytes)
Hash
bebe8bef3252671826e0810170aa5802
1779c261c8dc0adf852e8a6337072f0556f98b96
cc253f08fc8722858e4ad0fd5780519bb8e9fa3198694b34eb8a727ab26d5844

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /hd-api/external/verify HTTP/1.1
Host: 1xlite-090241.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Content-Type: text/plain;charset=UTF-8
Content-Length: 108717
Origin: https://1xlite-090241.top
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_85563m_20833c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l46995_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_85563m_20833c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l46995_clickunder; auid=U5PgXGgro77CxLxMA33bAg==; window_width=1280; che_g=9ed6e970-d155-3adb-ff0c-07b78d764b8b; SESSION=89e55fc594fd5170634ae9164b271269
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 19 May 2025 21:34:02 GMT
content-type: application/json
content-length: 586
content-encoding: gzip
vary: Accept-Encoding
x-dt: 285
x-request-guid: 035ed3c69e37b79a31d6af013c61b608
x-time-ng: 0.012
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.098, wf-uht;dur=0.047
X-Firefox-Spdy: h2

POST 1xlite-090241.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json

83.147.224.92

200 OK

23 B

URL POST
1xlite-090241.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json
IP
83.147.224.92:443
ASN
#0

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerLet's Encrypt
Subject1xlite-090241.top
Fingerprint5A:67:F4:E1:45:5F:10:5B:3D:BC:4E:11:D8:DB:57:8F:9E:DE:FE:D4
ValidityMon, 21 Apr 2025 05:22:27 GMT - Sun, 20 Jul 2025 05:22:26 GMT

File type
JSON text data
Size
23 B (23 bytes)
Hash
3bd58570712d4927664f9295be9320df
45e74eb83b33f51a348b257e58538c4bfbdd940a
9625f7082800a3d5c6f736531d4edb896cbbb118d329a4479c418a88c3ec400a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json HTTP/1.1
Host: 1xlite-090241.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Content-Type: application/json
X-Lang: en
X-Uuid: b6e2d5d9-eb11-47c3-9845-ccdd307d66a3
Content-Length: 48
Origin: https://1xlite-090241.top
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_85563m_20833c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l46995_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_85563m_20833c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l46995_clickunder; postback_watcher=; auid=U5PgXGgro77CxLxMA33bAg==
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 19 May 2025 21:33:52 GMT
content-type: application/json
content-length: 23
x-dt: 285
x-time-ng: 0.000
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.140, wf-uht;dur=0.013
X-Firefox-Spdy: h2

POST 1xlite-090241.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/ab.json

83.147.224.92

200 OK

2 B

URL POST
1xlite-090241.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/ab.json
IP
83.147.224.92:443
ASN
#0

Requested by
https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Certificate
IssuerLet's Encrypt
Subject1xlite-090241.top
Fingerprint5A:67:F4:E1:45:5F:10:5B:3D:BC:4E:11:D8:DB:57:8F:9E:DE:FE:D4
ValidityMon, 21 Apr 2025 05:22:27 GMT - Sun, 20 Jul 2025 05:22:26 GMT

File type
JSON text data
Size
2 B (2 bytes)
Hash
d751713988987e9331980363e24189ce
97d170e1550eee4afc0af065b78cda302a97674c
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/ab.json HTTP/1.1
Host: 1xlite-090241.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-090241.top/en/block?redirectedFrom=717b49e2606e7d6b9cf0e1ef95631ca7
Content-Type: application/json
X-Lang: en
X-Uuid: b6e2d5d9-eb11-47c3-9845-ccdd307d66a3
Content-Length: 19
Origin: https://1xlite-090241.top
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_85563m_20833c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l46995_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_85563m_20833c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D%7Bsite_id%7D_d22490_l46995_clickunder; postback_watcher=; auid=U5PgXGgro77CxLxMA33bAg==; window_width=1280; che_g=9ed6e970-d155-3adb-ff0c-07b78d764b8b
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 19 May 2025 21:33:53 GMT
content-type: application/json
content-length: 2
x-dt: 285
x-time-ng: 0.001
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.096, wf-uht;dur=0.008
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (55)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML