Report - 1xlite-032472.top/en/slots?tag=d_87653m_16307c_[]MS[]null[]null[]general[]3098980_d26691_l109169

Report Overview

Visited public
2025-01-26 04:33:51
Tags
Submit Tags
URL
1xlite-032472.top/en/slots?tag=d_87653m_16307c_[]MS[]null[]null[]general[]3098980_d26691_l109169_clickunder
Finishing URL
1xlite-032472.top/en/block
IP / ASN
46.32.182.119
#202492 Silverhill Group Holding Ltd
Title
1xBet

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.google.no	25607	2001-02-26	2012-06-26	2025-01-22	685 B	578 B	142.250.74.131
www.google.com	7	1997-09-15	2015-05-10	2025-01-22	738 B	566 B	142.250.74.100
aus5.mozilla.org	2548	1998-01-24	2015-10-27	2025-01-22	512 B	1.2 kB	35.244.181.201
1xlite-032472.top	unknown	2024-10-10	2025-01-17	2025-01-24	14 kB	858 kB	46.32.182.119
v3.traincdn.com	unknown	2022-11-10	2022-11-25	2025-01-20	31 kB	4.8 MB	185.244.209.62
radar.cedexis.com	3035	2009-01-07	2013-11-27	2025-01-25	824 B	1.2 kB	45.54.49.5
www.googletagmanager.com	75	2011-11-11	2012-10-04	2025-01-22	1.8 kB	942 kB	142.250.74.168
region1.analytics.google.com	unknown	1997-09-15	2022-03-17	2025-01-22	1.8 kB	1.7 kB	216.239.32.36

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2025-01-26 04:33:27	medium	Client IP	192.169.69.26	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2025-01-26 04:33:28	medium	Client IP	192.169.69.26	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2025-01-26 04:33:30	medium	Client IP	192.169.69.26	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2025-01-26 04:33:34	medium	Client IP	192.169.69.26	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-01-26	medium	1xlite-032472.top	Sinkholed
2025-01-26	medium	1xlite-032472.top	Sinkholed
2025-01-26	medium	1xlite-032472.top	Sinkholed
2025-01-26	medium	1xlite-032472.top	Sinkholed
2025-01-26	medium	1xlite-032472.top	Sinkholed
2025-01-26	medium	1xlite-032472.top	Sinkholed
2025-01-26	medium	1xlite-032472.top	Sinkholed
2025-01-26	medium	1xlite-032472.top	Sinkholed
2025-01-26	medium	1xlite-032472.top	Sinkholed
2025-01-26	medium	1xlite-032472.top	Sinkholed
2025-01-26	medium	1xlite-032472.top	Sinkholed
2025-01-26	medium	1xlite-032472.top	Sinkholed
2025-01-26	medium	1xlite-032472.top	Sinkholed
2025-01-26	medium	1xlite-032472.top	Sinkholed

ThreatFox

No alerts detected

JavaScript (44)

	URL	From	Size	First Seen	Last Seen
	unknown	Function	96 B	2023-12-06	2025-07-16
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-12-06 14:32 Last Seen2025-07-16 07:17 Times Seen3856 Hash 94361ed86ab9b2fbb8d805c2025df46a 3f428332f7a1c7196a85c93a373a966d75708c19 eee4d228a49a86625f29410cf9a23d145e821a09cbb1f7a4d7557d206872715a Loading...

	v3.traincdn.com/main-static/47b9c1da/desktop/default/Page.Block-dc060fb4.js	ScriptElement	476 B	2025-01-24	2025-01-27
Pretty URL v3.traincdn.com/main-static/47b9c1da/desktop/default/Page.Block-dc060fb4.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-24 08:48 Last Seen2025-01-27 05:54 Times Seen20 Hash acfefbeecf242eb38145fcaf86a902dd bfa392f147e417cb67d7d27f005131c9acfcd126 e5e87499ec0a931c9b9600ff0cc6d637b5c3f570b32341412704ed4bf24344c6 Loading...

	v3.traincdn.com/main-static/47b9c1da/desktop/default/app-b474c513.js	ScriptElement	618 kB	2025-01-25	2025-01-27
Pretty URL v3.traincdn.com/main-static/47b9c1da/desktop/default/app-b474c513.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-25 04:25 Last Seen2025-01-27 05:54 Times Seen14 Hash d7f96e2daed89d493fe8878414e444df 8288d83078399108984c975e7c47bb5519996fb0 8e8bc8cbe2ffbc5f70ea7070e76c2be9fed2719b23d9fe0a55585613c3c3cad5 Loading...

	v3.traincdn.com/main-static/47b9c1da/desktop/default/Betting.Core-32ad8e8f.js	ScriptElement	2.0 kB	2025-01-25	2025-01-27
Pretty URL v3.traincdn.com/main-static/47b9c1da/desktop/default/Betting.Core-32ad8e8f.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-25 04:25 Last Seen2025-01-27 05:54 Times Seen14 Hash 50857a08b29e5f846a815aae5d54fd57 c36b820e60e774f429bfe0a9419b712c5053bb53 45a166025cd11edea7ebc917a17106bebf277df68c6905ac6d802a8edf88b946 Loading...

	unknown	Function	44 B	2023-04-14	2025-07-16
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26 Last Seen2025-07-16 07:17 Times Seen6084 Hash 00beb9884d0391b342eadd30744b539a 3124c0bd593822379d22f13d3e08e70a1bf5ea14 92394eec5690449a4f6cfc9a7f97497a69e926b2365cb9a9aad3507a844f835c Loading...

	v3.traincdn.com/main-static/47b9c1da/desktop/default/vendors/plugins.vue-js-modal-5cca31b7.js	ScriptElement	27 kB	2025-01-24	2025-01-27
Pretty URL v3.traincdn.com/main-static/47b9c1da/desktop/default/vendors/plugins.vue-js-modal-5cca31b7.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-24 08:48 Last Seen2025-01-27 05:54 Times Seen20 Hash 3db44d2bf30809af2dcd3357d3514079 b7527b6cc5c8dcc7c0729e17f0bfca7dcf4d9c56 58a11607e8fa92823701b78dc8bcb8ff5f8e36c8ef9250666e5112c7c95c066b Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_libphonenumber_js_62MR2OUM.js	ImportedModule	159 kB	2024-12-07	2025-04-01
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_libphonenumber_js_62MR2OUM.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-12-07 20:25 Last Seen2025-04-01 10:53 Times Seen349 Hash 382948808b1330a7a717d99dfd278acb e43ecb337e5dfe4613663cf0bb2b2d91ff3db39e 294b1df36207fcdeda2857f2e53154d5c383045cb70bf70d9fbaf47ff7db5cf8 Loading...

	1xlite-032472.top/hd-api/external/apps/c5e31d5915661de4393e3f1489b00ebc4497dd48/api.js	ScriptElement	595 B	2024-08-21	2025-02-23
Pretty URL 1xlite-032472.top/hd-api/external/apps/c5e31d5915661de4393e3f1489b00ebc4497dd48/api.js IP 46.32.182.119 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-21 18:09 Last Seen2025-02-23 03:19 Times Seen345 Hash bd2e3553032ba63e3b6b3200a743bc8d a15c755742b456440614377121fadba24bd3e220 66103e021ac66e5ac2a26dfa09c44b567a455096dd77bfd809295cae281e2046 Loading...

	unknown	Function	34 B	2023-04-14	2025-07-16
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26 Last Seen2025-07-16 07:17 Times Seen6094 Hash 7bcdb973ab8af8e24ab11cb554a1ba6e 24e8a10f240f2b06f81d7c173cd0a90606641fc1 916ec4eb9b485eb47f43a17fe212e84e4b72600b45eb6d4588599ad495a57fcd Loading...

	unknown	Function	47 B	2023-04-14	2025-07-16
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26 Last Seen2025-07-16 07:17 Times Seen6081 Hash a01893d8e129ad16c1e0fc5c7537f411 0e46d1bf2718f848d9d596fa269eaedb31204772 cbe7b89533bcd75b69f3e54807308551d68242ec1761e63bee1a99fc6e560175 Loading...

	www.googletagmanager.com/gtag/destination?id=AW-16664555628&l=dataLayer&cx=c&gtm=45He51n0v9180563600za200	ScriptElement	301 kB	2025-01-26	2025-01-26
Pretty URL www.googletagmanager.com/gtag/destination?id=AW-16664555628&l=dataLayer&cx=c&gtm=45He51n0v9180563600za200 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-26 04:33 Last Seen2025-01-26 04:33 Times Seen1 Hash 435556d796e594644f3c4c3cebf1aa60 8f10a41ee8c84d1b0169944beeb62dfec5193703 8bbc607ed80e2ef62a6af4ca5de799740a43ed8fead5c91183861f3116b05de9 Loading...

	radar.cedexis.com/1/23802/radar.js	ScriptElement	390 B	2024-02-13	2025-07-16
Pretty URL radar.cedexis.com/1/23802/radar.js IP 45.54.49.5 ASN #63911 NetActuate, Inc Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-13 14:23 Last Seen2025-07-16 07:17 Times Seen3093 Hash 82dec77fd0353c7c71ce053b8601387e fbbca95419e1d0c042e0a5fdf10f380aca66188c 39f2b7b0fa78d37d0c84d2d6618bd635d86fd683d9bcdd5729850cb2a62522f7 Loading...

	1xlite-032472.top/en/block	ScriptElement	1.7 kB	2025-01-25	2025-01-27
Pretty URL 1xlite-032472.top/en/block IP 46.32.182.119 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2025-01-25 04:25 Last Seen2025-01-27 05:54 Times Seen14 Hash f8759f9406c3d45008dc974d8c8816e9 1563d3c9a0df930e1871c1a382c77de77489a7ca 05f97880ddb84b8a9a8b78246a6a12eda2c531effdc694f20ac31267951ab9e8 Loading...

	1xlite-032472.top/en/block	ScriptElement	4.8 kB	2025-01-25	2025-01-27
Pretty URL 1xlite-032472.top/en/block IP 46.32.182.119 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2025-01-25 04:25 Last Seen2025-01-27 05:54 Times Seen14 Hash 5a12d4e0bb02a1315c17bb71722f1400 1046f244f35b5864901b9a36cbee07bc937a99f5 8fafa8ed6f3357671b2fe6210a678428e8356b0d29d097358fb8cf97e7bf2cc0 Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_accept_language_parser_F4H4E7NH.js	ImportedModule	1.3 kB	2024-12-07	2025-04-01
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_accept_language_parser_F4H4E7NH.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-12-07 20:25 Last Seen2025-04-01 10:53 Times Seen350 Hash 268c88e3fff4b1ae77e5109cba692e17 24c1b85897ed42dc18d9fd0df1c6fd31494dc184 3e2f76fc7558357fcdec6f1ef4964f031737098953dac4a16bf8d8286f87ae2b Loading...

	v3.traincdn.com/sys-static/shared-assets/Desktop/__shared_base-app_lUiBTGbP.js	ImportedModule	779 kB	2025-01-24	2025-02-02
Pretty URL v3.traincdn.com/sys-static/shared-assets/Desktop/__shared_base-app_lUiBTGbP.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-01-24 08:48 Last Seen2025-02-02 15:56 Times Seen31 Hash e6dbde9f88defcc7c52d0f625309c0e2 3805f3f0033cea3b6e63a6d3de0a468b159990ab 6c9cd6ef577095fa380f89414868992c674fe4ff9e039aabd47d7701572fdbb4 Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_chunk_6EO4CXC4.js	ImportedModule	610 B	2024-12-07	2025-05-20
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_chunk_6EO4CXC4.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-12-07 20:25 Last Seen2025-05-20 22:14 Times Seen572 Hash 464c50409850b3095783d5b3b9a1b00d 7d5c3f49bd0689d72dddceee68afd229f4168ed5 71cbc8847b4abb3782fe515be3e9e1f3fb639f801b337a2a3612616151ec250d Loading...

	www.googletagmanager.com/gtm.js?id=GTM-KFGPRJ2V	ScriptElement	304 kB	2025-01-25	2025-01-26
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-KFGPRJ2V IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-25 10:01 Last Seen2025-01-26 06:10 Times Seen4 Hash 7ee485f9699b13be0b34433a7512609f d5c1b1b67f91d86c718db2025c2ac90d99a0e3ae 6256fcd312207d4957c250f01f2440974226e2b9376164f05fd584b87a6d7f67 Loading...

	1xlite-032472.top/en/block	ScriptElement	181 kB	2025-01-26	2025-01-26
Pretty URL 1xlite-032472.top/en/block IP 46.32.182.119 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2025-01-26 04:33 Last Seen2025-01-26 04:33 Times Seen1 Hash ca8bb9af3ff3bc4ef1bd3792f754884d d006001da6a6b9919bfc30f4f52a57c4668efc64 29d4377530b1f1f1b5ec055fe8c30dfe67bff7d804f3c4536567d08ee0a7784c Loading...

	data:text/javascript,export const meta = import.meta;	ScriptElement	32 B	2023-12-06	2025-07-16
Pretty URL data:text/javascript,export const meta = import.meta; IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-06 14:32 Last Seen2025-07-16 07:17 Times Seen3856 Hash 6d772b7d405b447ecee54ab61cdd5108 dd65fb9cd5a7cb94a40fe161f4f72303a61eb3b7 b90ff694e492935b6036fb7e878d365dab51aafa46f0afb1e33414e7ecc3307b Loading...

	unknown	DomTimer	10 B	2024-09-21	2025-07-16
Pretty Introduced by domTimer Embedded in HTML false Observations First Seen2024-09-21 15:04 Last Seen2025-07-16 07:17 Times Seen1893 Hash 01f4b51b4ba7edd00ad9f0a22259f06e 00723d0eda4be61a7b1c542b0a08a94a94a60017 9fdac1c31a22f55dbb8ca225ee28c3f7e88b41cce82968af0018c9f8b3bd35ba Loading...

	v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/ywYu240b.js	ImportedModule	5.5 kB	2025-01-24	2025-02-02
Pretty URL v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/ywYu240b.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-01-24 08:48 Last Seen2025-02-02 15:56 Times Seen30 Hash 29317f40f64ddd062ced9e94b607702e ae6a3cdcfa58c241ac7dcaeb8660ff1ffa7e6a95 18e87f99b3dbc5451dd0c14e7c8e1e51df43d08b82c2f4b11447e09ad2a4a6bb Loading...

	1xlite-032472.top/hd-api/external/assets/hdf.js	ScriptElement	4.1 kB	2024-11-12	2025-05-20
Pretty URL 1xlite-032472.top/hd-api/external/assets/hdf.js IP 46.32.182.119 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-11-12 02:24 Last Seen2025-05-20 22:14 Times Seen708 Hash 2f26a679e9d54a65e6578e947cc5bdf2 1b984864aa7b3e28231ac7cea3c199435dbdc6bf 1e3c4bd81a1cd9ee02e42a42802d5c18cbdb3f3a11c0b2732eb11bd12263020c Loading...

	www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66	ScriptElement	443 kB	2025-01-26	2025-01-26
Pretty URL www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-26 04:33 Last Seen2025-01-26 04:33 Times Seen1 Hash 85b07366e6e5c09f5e0b88192b191289 2f349fd8ea28ae5663bcb534b7d10bf08bd88633 5bb1304d4203246c902dd4d8caca26e698b2b19550f6c70989de380473bea697 Loading...

	www.googletagmanager.com/gtag/destination?id=DC-14030178&l=dataLayer&cx=c&gtm=45He51n0v9180563600za200	ScriptElement	245 kB	2025-01-26	2025-01-26
Pretty URL www.googletagmanager.com/gtag/destination?id=DC-14030178&l=dataLayer&cx=c&gtm=45He51n0v9180563600za200 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-26 04:33 Last Seen2025-01-26 04:33 Times Seen1 Hash 3dd0bb028a8583162e62070bd6c2b6f6 11b60ddc443640c142095596a6456d30e6abb85d 20c3708fb3c2cb167fb5a191dad777212d050d9cd9cb0e42a6b2bc5d5c62a7f3 Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_vue_deps_PATB7KR4.js	ImportedModule	20 kB	2024-12-07	2025-02-21
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_vue_deps_PATB7KR4.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-12-07 20:25 Last Seen2025-02-21 05:56 Times Seen60 Hash 219b2bf4ebab7fe0b8a06850fb28e8b3 b7fd22c6f47773c84e0535a50fd8319a0fe4537b 56f8d7d20941578cfaddddc4b0c104a165595b68a73dfcc92e4e6304f830bce7 Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_fast_deep_equal_ORMYJPSV.js	ImportedModule	865 B	2024-12-07	2025-04-01
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_fast_deep_equal_ORMYJPSV.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-12-07 20:25 Last Seen2025-04-01 10:53 Times Seen350 Hash e42d2bda0bda350e6cb507a391561910 fd6785beb70e406347acd6af79b73a609a65abb7 59e1f2ebd2ec588a043cdfb338403916451f301c50c7ace4549c0171c9659e88 Loading...

	v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/PKQRX_b5.js	ImportedModule	270 B	2025-01-24	2025-02-24
Pretty URL v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/PKQRX_b5.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-01-24 08:48 Last Seen2025-02-24 05:54 Times Seen60 Hash 21545c1b5163b1aff8e5b501a8bf0e26 8ee6a12b94c9b4081215ebab87d79677b3dd2fcd 816379d9aa04c4d364a0c0f72e985074e154d6ff6f3956acdcde97d9a3e166b4 Loading...

	unknown	Function	39 B	2023-04-14	2025-07-16
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26 Last Seen2025-07-16 07:17 Times Seen6087 Hash bc51ed8c76553717f10d58b2df60fd76 e2d03a8fd8d280074b226c288880f9df299c7cb1 bee994eaf88453f6343ba57571a069054c12c9b4e42f8cbad4f2ad75c7fb264c Loading...

	1xlite-032472.top/main-static/47b9c1da/check-ob.js	ScriptElement	219 B	2024-07-17	2025-07-16
Pretty URL 1xlite-032472.top/main-static/47b9c1da/check-ob.js IP 46.32.182.119 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-07-17 14:33 Last Seen2025-07-16 07:17 Times Seen2282 Hash c065700c9c8c493403359e1f2baa10d9 4630fe729e70bdf63fa7ba6c84ec277fd1f51030 1e61f0c82ae82ffcf503fcd4b4c8ae27b32c11e19b882d5d13f3c44364c893f4 Loading...

	v3.traincdn.com/main-static/47b9c1da/desktop/default/runtime-c5698716.js	ScriptElement	24 kB	2025-01-25	2025-01-27
Pretty URL v3.traincdn.com/main-static/47b9c1da/desktop/default/runtime-c5698716.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-25 04:25 Last Seen2025-01-27 05:54 Times Seen14 Hash a12588b17862f55f6379f7973fc863be 1f5f3e490a644018222f70df8fe8b2f3fbc94807 e3df36f354c359873c50c2f8e32694d36d744f8cfd79c0eb9c3dd8d4f69a0518 Loading...

	v3.traincdn.com/main-static/47b9c1da/desktop/default/DC-d6ce9225.js	ScriptElement	2.7 kB	2025-01-24	2025-01-27
Pretty URL v3.traincdn.com/main-static/47b9c1da/desktop/default/DC-d6ce9225.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-24 08:48 Last Seen2025-01-27 05:54 Times Seen20 Hash eb58f903ab3f8f12f83f68befa090822 b9148ce3f6ee217de8d823f318c8693102cfdf25 14ae521b87eed63bc66aa13ff0a320332cdf401cfbe83e36c97014dc948f8f79 Loading...

	v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/entry-Bthv_Gug.js	ScriptElement	50 kB	2025-01-24	2025-02-02
Pretty URL v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/entry-Bthv_Gug.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-24 08:48 Last Seen2025-02-02 15:56 Times Seen30 Hash 92d3f6d9d171d7255db9d87594c1856b 1da40c2805e3d71d764bb0b194244b9f27cc2c1a cb993eeb6e9e8fe27cefc09ae8e634b2b6cff209c79fc29256ce3bd83fbfbf74 Loading...

	v3.traincdn.com/main-static/47b9c1da/desktop/default/vendors/app-3ab4978e.js	ScriptElement	936 kB	2025-01-24	2025-01-27
Pretty URL v3.traincdn.com/main-static/47b9c1da/desktop/default/vendors/app-3ab4978e.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-24 08:48 Last Seen2025-01-27 05:54 Times Seen20 Hash e345e1657282edab3fb12b39f05ae579 faedbca49426f54e1347ae9dfdcff1222dafb524 6b653b42dbbd05aa984f3bbc688795f84e0110378fcdb74befc2c2ca6cc7dc95 Loading...

	v3.traincdn.com/main-static/47b9c1da/desktop/default/vendors/plugins.vue-notification-2810a002.js	ScriptElement	13 kB	2025-01-24	2025-01-27
Pretty URL v3.traincdn.com/main-static/47b9c1da/desktop/default/vendors/plugins.vue-notification-2810a002.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-24 08:48 Last Seen2025-01-27 05:54 Times Seen20 Hash f6c5a202b198a4c0d45dc605993aeafd ba56ff1a95908aaffb27bfd77231740b868a1916 67fa235c7313fb686bb3eeda86b2aa35d5466c1891bb6858512bc8fcd13c2a99 Loading...

	v3.traincdn.com/main-static/47b9c1da/desktop/default/vendors/plugins.v-tooltip-fbbf9263.js	ScriptElement	77 kB	2025-01-24	2025-01-27
Pretty URL v3.traincdn.com/main-static/47b9c1da/desktop/default/vendors/plugins.v-tooltip-fbbf9263.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-24 08:48 Last Seen2025-01-27 05:54 Times Seen20 Hash a685ae00f314eb051c72a7d446634d2b 67628bf924ed53e61883e6127e4b33307e8b3f06 e967fda64ea1be14948e042fdef167c8771c49f812835f318af43cdc883f7306 Loading...

	v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/9kbgqgDA.js	ScriptElement	4.7 kB	2025-01-24	2025-02-02
Pretty URL v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/9kbgqgDA.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-24 08:48 Last Seen2025-02-02 15:56 Times Seen30 Hash 08be028667d14af0038fe725905f6727 03506f0d68352eacc6adafd73948d7191064545c 1cc826c40ba9056e8e63ca6821e4428695c54471ebd2568e5b6f69572d71126b Loading...

	v3.traincdn.com/main-static/47b9c1da/desktop/default/analytics-c4571eb0.js	ScriptElement	7.8 kB	2025-01-24	2025-02-06
Pretty URL v3.traincdn.com/main-static/47b9c1da/desktop/default/analytics-c4571eb0.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-24 08:48 Last Seen2025-02-06 06:58 Times Seen37 Hash 24a1947c1fdf79ab3fe41096d1094cb4 6579ce3e464b8bd9fcfa0b4f6dfe603295e7e460 f4ace4aa51ae690549f37af775909347b6b5555d3160c4cb09c77ca52816e52f Loading...

	v3.traincdn.com/main-static/47b9c1da/desktop/default/commons/app-0a1c36f7.js	ScriptElement	138 kB	2025-01-24	2025-01-27
Pretty URL v3.traincdn.com/main-static/47b9c1da/desktop/default/commons/app-0a1c36f7.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-24 08:48 Last Seen2025-01-27 05:54 Times Seen20 Hash 25c3542d7571a59fc23a20d6b7193a57 81cbb9f75d57e7edfb2461bc4373f0e395b1825d 946c699f4e544aef14ff983cf0712cbe31fdb63ca61e3731eae37794ae7ef685 Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_localforage_KSHPPCVF.js	ImportedModule	30 kB	2024-12-07	2025-04-01
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_localforage_KSHPPCVF.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-12-07 20:25 Last Seen2025-04-01 10:53 Times Seen350 Hash d750d8afadf936c37b83cbcafdbba18d ec95777b14c5537b0d2576363f7591cee73a9655 f7a95c0ed0b017063d1bba414ee5097f7824d34a39c33db9f289919ee47c4f12 Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_popper_js_5I5UQEBA.js	ImportedModule	21 kB	2024-12-07	2025-04-01
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_popper_js_5I5UQEBA.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-12-07 20:25 Last Seen2025-04-01 10:53 Times Seen349 Hash 6cb09f9375675899743ac6e31bcf0b0d 01383c415481291b1d4eeedff5a394215d84ecee b17f976b26b989ff50713207d307701334974c9c1e3b491f629adf197bc879ce Loading...

	unknown	Function	47 B	2023-04-14	2025-07-16
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26 Last Seen2025-07-16 07:17 Times Seen6082 Hash 580b3e56fc9ab6e8b4655f43ee057cc1 5dfce565e446f4a167195de9a1a5dd26163c711c 446f07b6e56de61d2c2d5b6ba408cc580b492a6d1ede8fc51cfde4ef75a2b382 Loading...

		Size	First Seen	Last Seen
	#1 Eval - c18d89b758ff5e05cca281f1a41bcab9	1.2 kB	2025-01-24 08:48	2025-02-02 15:56
Pretty Observations First Seen2025-01-24 08:48 Last Seen2025-02-02 15:56 Times Seen30 Hash c18d89b758ff5e05cca281f1a41bcab9 c2b3b86e9c12c1e2b5a84969d3f8813533295d3e 5f2958ee62a72c8044d14d5eb126b4905e6b9cddc0682f4da8749d7007b39aaa Loading...

	#2 Eval - 0be157225d937ab30f2da08406acd508	344 kB	2025-01-26 04:33	2025-01-26 04:33
Pretty Observations First Seen2025-01-26 04:33 Last Seen2025-01-26 04:33 Times Seen1 Hash 0be157225d937ab30f2da08406acd508 cf29a7fd12925516f4d405f622efc5fb3511d403 d378b917034f27d3edcb941349954a97d2e7e6a2c095903b24ae3cc78029d6be Loading...

HTTP Transactions (87)

URL IP Response Size

GET 1xlite-032472.top/en/block

46.32.182.119

203 Non Authoritative

252 kB

URL User Request GET HTTP/2
1xlite-032472.top/en/block
IP
46.32.182.119:443
ASN
#0

Certificate
IssuerLet's Encrypt
Subject1xlite-032472.top
Fingerprint67:A5:DB:FC:AB:A3:CB:3D:16:5D:64:68:CE:5C:77:27:83:DD:D9:57
ValidityWed, 25 Dec 2024 09:21:50 GMT - Tue, 25 Mar 2025 09:21:49 GMT

File type
HTML document, ASCII text, with very long lines (58509)
Size
252 kB (252363 bytes)
Hash
b411362eb2c1fde901472448c3214948
15886cce3bd213c0a13ce1733c35e88460adde46
afef5978fd2a992af0266ac8f048485ac4232cbb3d0c9357c3bd7cd212d1ded7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /en/block HTTP/1.1
Host: 1xlite-032472.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=1; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_87653m_16307c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D3098980_d26691_l109169_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_87653m_16307c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D3098980_d26691_l109169_clickunder; postback_watcher=; auid=LiC2d2eVuxJ3VRokA5DeAg==
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 203 Non Authoritative
server: nginx
date: Sun, 26 Jan 2025 04:33:22 GMT
content-type: text/html; charset=utf-8
content-length: 252363
accept-ranges: none
link: <https://v3.traincdn.com/sys-ui/2.3.48/Desktop/Default/client.css>; rel=preload; as=style; crossorigin=anonymous
server-timing: dt_total;dur=0.004, total;dur=59;desc="Nuxt Server Time"
set-cookie: lng=en; Path=/
cookies_agree_type=3; Path=/
tzo=1; Path=/
is12h=0; Path=/
x-dt: 285
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

GET 1xlite-032472.top/main-static/47b9c1da/check-ob.js

46.32.182.119

200 OK

219 B

URL GET HTTP/2
1xlite-032472.top/main-static/47b9c1da/check-ob.js
IP
46.32.182.119:443
ASN
#0

Requested by
https://1xlite-032472.top/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-032472.top
Fingerprint67:A5:DB:FC:AB:A3:CB:3D:16:5D:64:68:CE:5C:77:27:83:DD:D9:57
ValidityWed, 25 Dec 2024 09:21:50 GMT - Tue, 25 Mar 2025 09:21:49 GMT

File type
JavaScript source, ASCII text
Size
219 B (219 bytes)
Hash
c065700c9c8c493403359e1f2baa10d9
4630fe729e70bdf63fa7ba6c84ec277fd1f51030
1e61f0c82ae82ffcf503fcd4b4c8ae27b32c11e19b882d5d13f3c44364c893f4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /main-static/47b9c1da/check-ob.js HTTP/1.1
Host: 1xlite-032472.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-032472.top/en/block
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=1; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_87653m_16307c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D3098980_d26691_l109169_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_87653m_16307c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D3098980_d26691_l109169_clickunder; postback_watcher=; auid=LiC2d2eVuxJ3VRokA5DeAg==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 26 Jan 2025 04:33:22 GMT
content-type: text/javascript; charset=utf-8
content-length: 219
last-modified: Fri, 24 Jan 2025 09:03:04 GMT
etag: "c065700c9c8c493403359e1f2baa10d9"
x-amz-meta-mtime: 1737709383.919535591
expires: Mon, 27 Jan 2025 03:23:15 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/CuImo7CT.css

185.244.209.62

200 OK

650 B

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/CuImo7CT.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-032472.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with very long lines (649)
Size
650 B (650 bytes)
Hash
2229547d50a851e3f9c39e19cdcf4751
faaf12acea401378e691df74690b6dc0eaacfa11
7cfe9ce64aa88e9db8abacc1821a7ed463e9b9aa224852291922071ea8806f47

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/CuImo7CT.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-032472.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 26 Jan 2025 04:33:23 GMT
content-type: text/css; charset=utf-8
content-length: 650
traceparent: 00-bc0b4604f4030bb782d222ae36e523b4-71a544d4ead64e4a-01
last-modified: Thu, 16 Jan 2025 12:01:29 GMT
etag: "2229547d50a851e3f9c39e19cdcf4751"
x-amz-meta-mtime: 1737028741.202096736
expires: Thu, 23 Jan 2025 12:27:12 GMT
cache-control: max-age=86400
x-time-ng: 0.003
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 57928
cache: HIT
x-cached-since: 2025-01-25T12:27:55+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/version.json

185.244.209.62

200 OK

11 B

URL GET HTTP/2
v3.traincdn.com/version.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-032472.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text
Size
11 B (11 bytes)
Hash
0c746b13eeb7506cefd57f8d03f74db2
ae7d40ed6da90275d06d5850a7f4d6c7360cf4a4
61aacc1883273b6ab0a5559d2800f603631a3ddf42807ce58e90e488c61caf00

HTTP Headers

GET /version.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-032472.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-032472.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 26 Jan 2025 04:33:23 GMT
content-type: application/json
content-length: 11
traceparent: 00-93d38b7a78d9dba05bfa4e124235de47-824534be8af1ab8d-01
last-modified: Fri, 24 Jan 2025 09:03:04 GMT
etag: "0c746b13eeb7506cefd57f8d03f74db2"
x-amz-meta-mtime: 1737709384.603537503
expires: Fri, 24 Jan 2025 09:06:26 GMT
cache-control: max-age=60
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 30
cache: HIT
x-cached-since: 2025-01-26T04:32:53+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2

185.244.209.62

200 OK

64 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-032472.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 63748, version 1.0
Size
64 kB (63748 bytes)
Hash
6887b6f24414dbc612dbf42ccdc76b70
8068d3abfbc6cbf35b55919da45b1f4d2d136238
fc5c015fc32518f1ed810fa84ca28941eb9d5a3c81acc8df69a4dbbeedef7b0c

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-032472.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 26 Jan 2025 04:33:23 GMT
content-type: font/woff2
content-length: 63748
traceparent: 00-eeab33335b687e491637c3dd883f6fdb-7b9b7ab3627c8cd3-01
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "6887b6f24414dbc612dbf42ccdc76b70"
expires: Thu, 16 Jan 2025 10:32:14 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 542
cache: HIT
x-cached-since: 2025-01-26T04:24:21+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2

185.244.209.62

200 OK

64 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-032472.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 63920, version 1.0
Size
64 kB (63920 bytes)
Hash
a65527fcb58f66a7cfbc0e6b160538b4
45d260e7fa343401b5bb0df982a014f53e2d253b
fb13c3a1cbac60649b76f7d7f85c1645d35ac69b85ce5f4eb0692505ecc2cd45

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-032472.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 26 Jan 2025 04:33:23 GMT
content-type: font/woff2
content-length: 63920
traceparent: 00-22e4718fc9304258ee684047a4ca7ea1-ed473d7e80ff6d80-01
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "a65527fcb58f66a7cfbc0e6b160538b4"
expires: Thu, 16 Jan 2025 10:45:34 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 1221
cache: HIT
x-cached-since: 2025-01-26T04:13:02+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/47b9c1da/desktop/default/Page.Block-dc060fb4.js

185.244.209.62

200 OK

476 B

URL GET HTTP/2
v3.traincdn.com/main-static/47b9c1da/desktop/default/Page.Block-dc060fb4.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-032472.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (476), with no line terminators
Size
476 B (476 bytes)
Hash
acfefbeecf242eb38145fcaf86a902dd
bfa392f147e417cb67d7d27f005131c9acfcd126
e5e87499ec0a931c9b9600ff0cc6d637b5c3f570b32341412704ed4bf24344c6

HTTP Headers

GET /main-static/47b9c1da/desktop/default/Page.Block-dc060fb4.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-032472.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 26 Jan 2025 04:33:23 GMT
content-type: text/javascript; charset=utf-8
content-length: 476
traceparent: 00-ff63a1f31f5735c734848eb4e5144ec3-d2cb761a8398e190-01
last-modified: Fri, 24 Jan 2025 09:00:19 GMT
etag: "acfefbeecf242eb38145fcaf86a902dd"
x-amz-meta-mtime: 1737709217.031067955
expires: Sat, 25 Jan 2025 09:33:25 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 68340
cache: HIT
x-cached-since: 2025-01-25T09:34:23+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/47b9c1da/desktop/default/vendors/app-3ab4978e.js

185.244.209.62

200 OK

312 kB

URL GET HTTP/2
v3.traincdn.com/main-static/47b9c1da/desktop/default/vendors/app-3ab4978e.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-032472.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
312 kB (312330 bytes)
Hash
b2a0ef8edb943961bcd3efc2a36a6517
19fd6445d80c80e225400afb588f88f0dc0bfc77
e046c91d7e2503d45d3482754fd7d30d5cae06302b1e4f814e1164c3926ff8cc

HTTP Headers

GET /main-static/47b9c1da/desktop/default/vendors/app-3ab4978e.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-032472.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 26 Jan 2025 04:33:23 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-c0242a9abbdc25e20b6a488d0d0a0139-9076bc45d6be4abb-01
last-modified: Fri, 24 Jan 2025 09:00:20 GMT
etag: W/"e345e1657282edab3fb12b39f05ae579"
x-amz-meta-mtime: 1737709217.059068033
content-encoding: gzip
expires: Sat, 25 Jan 2025 09:33:25 GMT
cache-control: max-age=86400
x-time-ng: 0.004
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 68340
cache: HIT
x-cached-since: 2025-01-25T09:34:23+00:00
X-Firefox-Spdy: h2

POST 1xlite-032472.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/ab.json

46.32.182.119

200 OK

2 B

URL POST HTTP/2
1xlite-032472.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/ab.json
IP
46.32.182.119:443
ASN
#0

Requested by
https://1xlite-032472.top/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-032472.top
Fingerprint67:A5:DB:FC:AB:A3:CB:3D:16:5D:64:68:CE:5C:77:27:83:DD:D9:57
ValidityWed, 25 Dec 2024 09:21:50 GMT - Tue, 25 Mar 2025 09:21:49 GMT

File type
JSON text data
Size
2 B (2 bytes)
Hash
d751713988987e9331980363e24189ce
97d170e1550eee4afc0af065b78cda302a97674c
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/ab.json HTTP/1.1
Host: 1xlite-032472.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-032472.top/en/block
Content-Type: application/json
X-Lang: en
X-Uuid: 6ef638fe-24d4-402e-ad67-a4cb1062f2d5
Content-Length: 19
Origin: https://1xlite-032472.top
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=1; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_87653m_16307c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D3098980_d26691_l109169_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_87653m_16307c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D3098980_d26691_l109169_clickunder; postback_watcher=; auid=LiC2d2eVuxJ3VRokA5DeAg==
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 26 Jan 2025 04:33:24 GMT
content-type: application/json
content-length: 2
x-dt: 285
x-time-ng: 0.000
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.020, wf-uht;dur=0.014
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/47b9c1da/desktop/default/vendors/plugins.vue-js-modal-5cca31b7.js

185.244.209.62

200 OK

9.2 kB

URL GET HTTP/2
v3.traincdn.com/main-static/47b9c1da/desktop/default/vendors/plugins.vue-js-modal-5cca31b7.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-032472.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
9.2 kB (9152 bytes)
Hash
c141a1d3c85c01bd2e848bac332d42f1
66d7dbe1a035327848e553479af3c1cb7e2b4d8c
57ec80f10fe17f05c9a34b394a913fe4567398500191f4cd286b0d41ab1f0841

HTTP Headers

GET /main-static/47b9c1da/desktop/default/vendors/plugins.vue-js-modal-5cca31b7.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-032472.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 26 Jan 2025 04:33:24 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-30a9f731759a6c4ed7d8f14a09bd05cf-066b80de48973f0f-01
last-modified: Fri, 24 Jan 2025 09:00:20 GMT
etag: W/"3db44d2bf30809af2dcd3357d3514079"
x-amz-meta-mtime: 1737709217.059068033
content-encoding: gzip
expires: Sat, 25 Jan 2025 09:33:25 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 68339
cache: HIT
x-cached-since: 2025-01-25T09:34:25+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-ui/2.3.48/Desktop/Default/client.css

185.244.209.62

200 OK

103 kB

URL GET HTTP/2
v3.traincdn.com/sys-ui/2.3.48/Desktop/Default/client.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-032472.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
103 kB (103430 bytes)
Hash
d8bb70b1491888b3a46cad76e658a0b1
754cf44b14842bdb787a42a23a8767c7e8372586
fab50255a65ef6742c1e0b542daac43173930c14fa3547e7942e0d8413e625aa

HTTP Headers

GET /sys-ui/2.3.48/Desktop/Default/client.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-032472.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-032472.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 26 Jan 2025 04:33:23 GMT
content-type: text/css; charset=utf-8
traceparent: 00-0d31f17e99d2a77a9437e01e73b2db84-bb08c2b41ef587ca-01
last-modified: Wed, 15 Jan 2025 09:51:46 GMT
etag: W/"d037203b6db6edbc64b162b70550a1b3"
x-amz-meta-mtime: 1736934703.897720635
content-encoding: gzip
expires: Thu, 23 Jan 2025 12:27:03 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 57928
cache: HIT
x-cached-since: 2025-01-25T12:27:55+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_reset_password/en/dictionary_612c6e919ca15d39cc751a619a3952c7.json

185.244.209.62

200 OK

765 B

URL GET HTTP/2
v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_reset_password/en/dictionary_612c6e919ca15d39cc751a619a3952c7.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-032472.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
765 B (765 bytes)
Hash
00f980f23f1b4c1ccee99ed49e0a8feb
4cb07094de9bffff1bf81d94446280b91013b660
bb3be3377fbb8e66a4b5a8a3866dfd865a37cb4a96482ab2f439981e03b57cea

HTTP Headers

GET /genfiles/web-app-v2/dictionary2/v3_reset_password/en/dictionary_612c6e919ca15d39cc751a619a3952c7.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-032472.top/
Origin: https://1xlite-032472.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 26 Jan 2025 04:33:24 GMT
content-type: application/json; charset=utf-8
content-length: 765
traceparent: 00-ad40bdc441a98312a191fe903e7e2e3f-883aba7c8342201b-01
last-modified: Wed, 11 Oct 2023 12:52:53 GMT
etag: "00f980f23f1b4c1ccee99ed49e0a8feb"
cache-control: max-age=3600
expires: Thu, 16 Jan 2025 10:53:47 GMT
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 761
cache: HIT
x-cached-since: 2025-01-26T04:20:43+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/47b9c1da/desktop/default/css/6c9b1c36.css

185.244.209.62

200 OK

9.9 kB

URL GET HTTP/2
v3.traincdn.com/main-static/47b9c1da/desktop/default/css/6c9b1c36.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-032472.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
9.9 kB (9881 bytes)
Hash
6e28238d16c5b1231f65938228928e4e
bc17c93abd61d515d66f3b7bcac277c7093ee1c1
e5bb9f2300053330d1b84e1652a7074069f1c97d4a3bac3c95c1e472c2f6c6da

HTTP Headers

GET /main-static/47b9c1da/desktop/default/css/6c9b1c36.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-032472.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 26 Jan 2025 04:33:23 GMT
content-type: text/css; charset=utf-8
traceparent: 00-8d23fbbbbfe5b04126e679960cd9129d-9d613921122af113-01
last-modified: Fri, 24 Jan 2025 09:00:20 GMT
etag: W/"341a0537f0a844b0768bdc6e58378a88"
x-amz-meta-mtime: 1737709217.039067978
content-encoding: gzip
expires: Sat, 25 Jan 2025 09:33:24 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 68340
cache: HIT
x-cached-since: 2025-01-25T09:34:23+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/77d274ae92641bcba2aa23003b9148b0.json

185.244.209.62

200 OK

673 B

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/77d274ae92641bcba2aa23003b9148b0.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-032472.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
673 B (673 bytes)
Hash
fb89b3f86b1e1fb8bcf38c14cac3ede6
211c1b3d342a27a3c939315ed8855447ec7d9f8b
eeb252831a20e08086da75a3e7bd821a3c8585d9f84be8bb7c215cd83c9a8c9f

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/77d274ae92641bcba2aa23003b9148b0.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-032472.top/
Origin: https://1xlite-032472.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 26 Jan 2025 04:33:24 GMT
content-type: application/json
content-length: 673
traceparent: 00-a9374de70f0ae60923240714b5bb3fc5-0d58303e22f92aaa-01
last-modified: Sat, 18 May 2024 04:20:46 GMT
etag: "fb89b3f86b1e1fb8bcf38c14cac3ede6"
expires: Thu, 16 Jan 2025 11:01:41 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 1363
cache: HIT
x-cached-since: 2025-01-26T04:10:41+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/d9842b87b9dabdc4cdc248c062355299.json

185.244.209.62

200 OK

1.4 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/d9842b87b9dabdc4cdc248c062355299.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-032472.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
1.4 kB (1419 bytes)
Hash
4505f046ad8f937c0be762c013260a7b
d03c1a29659cdc1d18b4f8d0f0c1e5a93d8d96e7
f3f360030122bc45032933c2811f14334eadebfe659e558f142853463916d11b

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/d9842b87b9dabdc4cdc248c062355299.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-032472.top/
Origin: https://1xlite-032472.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 26 Jan 2025 04:33:24 GMT
content-type: application/json
traceparent: 00-f232d4970e255a0487ed7185a09a1dfb-4ff4acc3e7ff2ccf-01
last-modified: Thu, 23 Jan 2025 13:19:10 GMT
etag: W/"0614058b667e6dfa1cdecc6e0e53131c"
content-encoding: gzip
expires: Thu, 23 Jan 2025 14:50:28 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 1363
cache: HIT
x-cached-since: 2025-01-26T04:10:41+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/47b9c1da/desktop/default/app-b474c513.js

185.244.209.62

200 OK

204 kB

URL GET HTTP/2
v3.traincdn.com/main-static/47b9c1da/desktop/default/app-b474c513.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-032472.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
204 kB (204462 bytes)
Hash
f644bde07011217fd8eb6a40985cfeb3
965ca207c9d8f12353dd2d214503c2c53d6b33d9
b79c96a0681679668f24a3d55e13ace84f6db112701ddac8ec42430b8aeedc1c

HTTP Headers

GET /main-static/47b9c1da/desktop/default/app-b474c513.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-032472.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 26 Jan 2025 04:33:23 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-aa759f1244a9397405bb62ef418a71c8-b0a6e13388a3b8ea-01
last-modified: Fri, 24 Jan 2025 09:00:20 GMT
etag: W/"d7f96e2daed89d493fe8878414e444df"
x-amz-meta-mtime: 1737709217.035067966
content-encoding: gzip
expires: Sat, 25 Jan 2025 09:33:25 GMT
cache-control: max-age=86400
x-time-ng: 0.003
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 68340
cache: HIT
x-cached-since: 2025-01-25T09:34:23+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/98f724b77568f44429da8babd1b679b3.json

185.244.209.62

200 OK

30 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/98f724b77568f44429da8babd1b679b3.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-032472.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
30 kB (29934 bytes)
Hash
a6a456c4704a58b7ad74391afe9134b3
330c79d89abaac6fe1d033b2f7603449c07e9a30
fe963b0e735acbf9211e4f091d5b95de88f1a7408f847bfe266a3d263cc9016f

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/98f724b77568f44429da8babd1b679b3.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-032472.top/
Origin: https://1xlite-032472.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 26 Jan 2025 04:33:24 GMT
content-type: application/json
traceparent: 00-f8ad780e2af26fb932a38a51115059fe-79ac4236e97818bc-01
last-modified: Wed, 15 Jan 2025 12:23:16 GMT
etag: W/"676ec11eff720c830185b6d21e7c7d30"
content-encoding: gzip
expires: Thu, 16 Jan 2025 11:02:51 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 1363
cache: HIT
x-cached-since: 2025-01-26T04:10:41+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_auth/en/dictionary_3302f5052cd12ca260cd946af7660ff0.json

185.244.209.62

200 OK

5.4 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_auth/en/dictionary_3302f5052cd12ca260cd946af7660ff0.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-032472.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
5.4 kB (5382 bytes)
Hash
630e7862236482585e2b58ff997071ad
3051cfe263610251e3cf6e46126094db8348d0b7
7a3673cbdbf0746d548c7596aff87fbd6ffcbd5166befaceb11c18c9dce1d06c

HTTP Headers

GET /genfiles/web-app-v2/dictionary2/v3_auth/en/dictionary_3302f5052cd12ca260cd946af7660ff0.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-032472.top/
Origin: https://1xlite-032472.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 26 Jan 2025 04:33:24 GMT
content-type: application/json; charset=utf-8
traceparent: 00-4e2ee6348bb4d9f8e04fac7c7d937d40-e164fc9437b5bacd-01
last-modified: Fri, 15 Nov 2024 12:25:26 GMT
etag: W/"c960df03c02866eb54a219e318dd1cc8"
cache-control: max-age=3600
content-encoding: gzip
expires: Thu, 16 Jan 2025 10:10:18 GMT
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 2966
cache: HIT
x-cached-since: 2025-01-26T03:43:58+00:00
X-Firefox-Spdy: h2

GET 1xlite-032472.top/checker/redirect/stat/run/

46.32.182.119

200 OK

14 B

URL GET HTTP/2
1xlite-032472.top/checker/redirect/stat/run/
IP
46.32.182.119:443
ASN
#0

Requested by
https://1xlite-032472.top/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-032472.top
Fingerprint67:A5:DB:FC:AB:A3:CB:3D:16:5D:64:68:CE:5C:77:27:83:DD:D9:57
ValidityWed, 25 Dec 2024 09:21:50 GMT - Tue, 25 Mar 2025 09:21:49 GMT

File type
JSON text data
Size
14 B (14 bytes)
Hash
2de0d0acfd684235f066bd0ec0c9e3df
68d0cb64805a42d7e40f43e8e198986b43dd6b69
9682f312f23e078bb135f23ea5a178b178e75c02d33672f20044d18c6d258928

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /checker/redirect/stat/run/ HTTP/1.1
Host: 1xlite-032472.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-032472.top/en/block
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=1; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_87653m_16307c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D3098980_d26691_l109169_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_87653m_16307c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D3098980_d26691_l109169_clickunder; postback_watcher=; auid=LiC2d2eVuxJ3VRokA5DeAg==; window_width=1280; che_g=ed4f8691-357d-986e-988b-8186689a5f4e
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 26 Jan 2025 04:33:24 GMT
content-type: application/json
content-length: 14
x-time-ng: 0.001
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.010
X-Firefox-Spdy: h2

POST 1xlite-032472.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json

46.32.182.119

200 OK

23 B

URL POST HTTP/2
1xlite-032472.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json
IP
46.32.182.119:443
ASN
#0

Requested by
https://1xlite-032472.top/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-032472.top
Fingerprint67:A5:DB:FC:AB:A3:CB:3D:16:5D:64:68:CE:5C:77:27:83:DD:D9:57
ValidityWed, 25 Dec 2024 09:21:50 GMT - Tue, 25 Mar 2025 09:21:49 GMT

File type
JSON text data
Size
23 B (23 bytes)
Hash
c395d56a81d80eee4e64532c1c4cd20c
93b4a18c782cd36bb4ce0b2a38909c39918d46b7
179bc11f98248b01fa662e8685fce3694b084735f4d69af890f3f5830ed64547

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json HTTP/1.1
Host: 1xlite-032472.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-032472.top/en/block
Content-Type: application/json
X-Lang: en
X-Uuid: 6ef638fe-24d4-402e-ad67-a4cb1062f2d5
Content-Length: 88
Origin: https://1xlite-032472.top
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=1; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_87653m_16307c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D3098980_d26691_l109169_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_87653m_16307c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D3098980_d26691_l109169_clickunder; postback_watcher=; auid=LiC2d2eVuxJ3VRokA5DeAg==; window_width=1280; che_g=ed4f8691-357d-986e-988b-8186689a5f4e
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 26 Jan 2025 04:33:24 GMT
content-type: application/json
content-length: 23
x-dt: 285
x-time-ng: 0.000
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.020, wf-uht;dur=0.013
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/shared-assets/__shared_chunk_6EO4CXC4.js

185.244.209.62

200 OK

610 B

URL GET HTTP/2
v3.traincdn.com/sys-static/shared-assets/__shared_chunk_6EO4CXC4.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-032472.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (609)
Size
610 B (610 bytes)
Hash
464c50409850b3095783d5b3b9a1b00d
7d5c3f49bd0689d72dddceee68afd229f4168ed5
71cbc8847b4abb3782fe515be3e9e1f3fb639f801b337a2a3612616151ec250d

HTTP Headers

GET /sys-static/shared-assets/__shared_chunk_6EO4CXC4.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-032472.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 26 Jan 2025 04:33:24 GMT
content-type: text/javascript; charset=utf-8
content-length: 610
traceparent: 00-4d3c3376452ddb9338591c45d1738164-0c37291dc1c489f9-01
last-modified: Fri, 24 Jan 2025 10:37:04 GMT
etag: "464c50409850b3095783d5b3b9a1b00d"
x-amz-meta-mtime: 1737714857.186199579
expires: Sun, 26 Jan 2025 09:56:30 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 67014
cache: HIT
x-cached-since: 2025-01-25T09:56:30+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/8192228305b202797f207eeb6842287c.png

185.244.209.62

200 OK

5.2 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/8192228305b202797f207eeb6842287c.png
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-032472.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
PNG image data, 514 x 514, 8-bit colormap, non-interlaced
Size
5.2 kB (5202 bytes)
Hash
b9a636eef54b2844b571fe7de49184a7
bf653690790ced40eb3189da075a275d951d1607
001bfcdd52b658d46543a1aec889d35b73b3909b47097cc011b95e96fc9e3743

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/8192228305b202797f207eeb6842287c.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-032472.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 26 Jan 2025 04:33:24 GMT
content-type: image/png
content-length: 5202
traceparent: 00-abdc620d71f7a23373fa25b3f3bfd96d-9107928a3a9b2fa2-01
last-modified: Wed, 26 Jun 2024 08:22:59 GMT
etag: "b9a636eef54b2844b571fe7de49184a7"
expires: Thu, 16 Jan 2025 11:18:57 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 2319
cache: HIT
x-cached-since: 2025-01-26T03:54:45+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/entry-Bthv_Gug.js

185.244.209.62

200 OK

32 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/entry-Bthv_Gug.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-032472.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
32 kB (31878 bytes)
Hash
f11ff712681917dc57a2a1254d1c3993
b87cf1aaf95f0788eb2f26901c71f32e49263d9f
c8f57af5584a5364cda1a8180181cc8001a1c1bbd47097eaaa0961d304d96836

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/entry-Bthv_Gug.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-032472.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-032472.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 26 Jan 2025 04:33:24 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-d6c525ab3f9bbd5259de6e18c88667f8-ff8f2e9b6c968eeb-01
last-modified: Thu, 16 Jan 2025 12:01:29 GMT
etag: W/"92d3f6d9d171d7255db9d87594c1856b"
x-amz-meta-mtime: 1737028741.203096818
content-encoding: gzip
expires: Thu, 23 Jan 2025 12:28:05 GMT
cache-control: max-age=86400
x-time-ng: 0.001
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 57894
cache: HIT
x-cached-since: 2025-01-25T12:28:30+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/47b9c1da/desktop/default/css/102861e6.css

185.244.209.62

200 OK

14 kB

URL GET HTTP/2
v3.traincdn.com/main-static/47b9c1da/desktop/default/css/102861e6.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-032472.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
14 kB (14262 bytes)
Hash
6e34da2d4132ccb30ccbea660cad3744
1d5fb505d991b65b711ae414225e31b60ca0359a
c821022f39bad952e5fc207132be720aa6e894c4d76a43b1f4d2f71e081257df

HTTP Headers

GET /main-static/47b9c1da/desktop/default/css/102861e6.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-032472.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 26 Jan 2025 04:33:23 GMT
content-type: text/css; charset=utf-8
traceparent: 00-9656cac90486dfde8e444af550854864-dcf11cbc1efab7e5-01
last-modified: Fri, 24 Jan 2025 09:00:20 GMT
etag: W/"e2ead5760ddca3c5e44ce5ac29f9803d"
x-amz-meta-mtime: 1737709217.039067978
content-encoding: gzip
expires: Sat, 25 Jan 2025 09:33:24 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 68340
cache: HIT
x-cached-since: 2025-01-25T09:34:23+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/1c0cd0740fccd19a9816be06e69f0a1b.json

185.244.209.62

200 OK

473 B

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/1c0cd0740fccd19a9816be06e69f0a1b.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-032472.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
473 B (473 bytes)
Hash
e67aa19ef00fd2285c7b4ecbb6018306
5b01d4786d6fbfbd5de7901eb4359a55466f434a
135c1042c31e3674d8a1b3b9e7179f4f36868048ca6058ea458ff291b8880b5e

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/1c0cd0740fccd19a9816be06e69f0a1b.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-032472.top/
Origin: https://1xlite-032472.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 26 Jan 2025 04:33:24 GMT
content-type: application/json
content-length: 473
traceparent: 00-73703d30b543fe19754a37a5bf48c39b-6b006d223cddffba-01
last-modified: Thu, 16 May 2024 20:41:30 GMT
etag: "e67aa19ef00fd2285c7b4ecbb6018306"
expires: Thu, 16 Jan 2025 11:19:55 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 1068
cache: HIT
x-cached-since: 2025-01-26T04:15:36+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/1b971b84fe10ebd62b918973bbbce120.json

185.244.209.62

200 OK

406 B

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/1b971b84fe10ebd62b918973bbbce120.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-032472.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
406 B (406 bytes)
Hash
39fde6a5275961cbbab7d73f1235f56e
534312eec2fc8dddb0b269908fbb28075640f0af
c8407b32fc3b929906018b21f8aec25aa56f6cf49be5e0300ca52b5a2d0e9a98

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/1b971b84fe10ebd62b918973bbbce120.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-032472.top/
Origin: https://1xlite-032472.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 26 Jan 2025 04:33:24 GMT
content-type: application/json
content-length: 406
traceparent: 00-71bdb1c2299d58cc14e5286e919cb77a-74905511cd9d99e5-01
last-modified: Wed, 05 Jun 2024 07:44:12 GMT
etag: "39fde6a5275961cbbab7d73f1235f56e"
expires: Thu, 16 Jan 2025 11:19:55 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 1067
cache: HIT
x-cached-since: 2025-01-26T04:15:37+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/437a72a65fc10ef89c2833eacb513eda.json

185.244.209.62

200 OK

245 B

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/437a72a65fc10ef89c2833eacb513eda.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-032472.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
245 B (245 bytes)
Hash
158d1271ad904e98b54f460bb5b828af
2098f50a727cd68e1f5e0fd8d40c0cfde88faf43
5f250d09be4bf35ac625fb35faae0f664de6bc43b9aa3525425b3f11895084bf

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/437a72a65fc10ef89c2833eacb513eda.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-032472.top/
Origin: https://1xlite-032472.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 26 Jan 2025 04:33:24 GMT
content-type: application/json
content-length: 245
traceparent: 00-a7c330d25db09c14355c297448ca7ec5-e0b2df9f0dc7ab74-01
last-modified: Sat, 18 May 2024 07:21:30 GMT
etag: "158d1271ad904e98b54f460bb5b828af"
expires: Thu, 16 Jan 2025 10:57:33 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 1362
cache: HIT
x-cached-since: 2025-01-26T04:10:42+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/shared-assets/Desktop/__shared_css_5be180.css

185.244.209.62

200 OK

12 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/shared-assets/Desktop/__shared_css_5be180.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-032472.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
12 kB (11488 bytes)
Hash
4e613aa522736febf7decf3e1abc5c46
c63a012c8f3b088b4ccb310ea325a0777b7da476
598687dafa2149e3c9290330db5a23f4ec20ff3517161b6edfd9fd015d4557b3

HTTP Headers

GET /sys-static/shared-assets/Desktop/__shared_css_5be180.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-032472.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 26 Jan 2025 04:33:23 GMT
content-type: text/css; charset=utf-8
traceparent: 00-6c5269aa6a3472eb19a3e0cec65d6e21-c0842d1c7ebfeea2-01
last-modified: Fri, 24 Jan 2025 10:37:04 GMT
etag: W/"7c714075eb939d26157c3cb143e39676"
x-amz-meta-mtime: 1737714857.159198658
content-encoding: gzip
expires: Sun, 26 Jan 2025 10:04:22 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 66541
cache: HIT
x-cached-since: 2025-01-25T10:04:22+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_main/en/dictionary_f6dbc6e39ff73771bf13241da3516d87.json

185.244.209.62

200 OK

308 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_main/en/dictionary_f6dbc6e39ff73771bf13241da3516d87.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-032472.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
308 kB (307772 bytes)
Hash
40f4910f2b82425d9353c5dbbd0918e6
6fabafb19f14cb37d47d8c0d80d999db47f5d505
5be9f05107986bcdda59a525012fd474ef447e1e88f487630289a97a8df7c92e

HTTP Headers

GET /genfiles/web-app-v2/dictionary2/v3_main/en/dictionary_f6dbc6e39ff73771bf13241da3516d87.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-032472.top/
Origin: https://1xlite-032472.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 26 Jan 2025 04:33:24 GMT
content-type: application/json; charset=utf-8
traceparent: 00-b0e30cdc3e6cd26fe7d03ec2122084de-925239912d14e325-01
last-modified: Wed, 22 Jan 2025 16:05:49 GMT
etag: W/"98547e622a9f87869ea92e6bfe44dfc9"
cache-control: max-age=3600
content-encoding: gzip
expires: Wed, 22 Jan 2025 17:19:12 GMT
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 3287
cache: HIT
x-cached-since: 2025-01-26T03:38:37+00:00
X-Firefox-Spdy: h2

POST 1xlite-032472.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json

46.32.182.119

200 OK

23 B

URL POST HTTP/2
1xlite-032472.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json
IP
46.32.182.119:443
ASN
#0

Requested by
https://1xlite-032472.top/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-032472.top
Fingerprint67:A5:DB:FC:AB:A3:CB:3D:16:5D:64:68:CE:5C:77:27:83:DD:D9:57
ValidityWed, 25 Dec 2024 09:21:50 GMT - Tue, 25 Mar 2025 09:21:49 GMT

File type
JSON text data
Size
23 B (23 bytes)
Hash
8c3548e70bd8fbf20fcee2227d504022
9c2eb04f6b9c695f6b89d3713da83780885a1751
c6d293cc7637924c198351aa75ea3989c13283ca0de5217936bf261ca0be3da3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json HTTP/1.1
Host: 1xlite-032472.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-032472.top/en/block
Content-Type: application/json
X-Lang: en
X-Uuid: 6ef638fe-24d4-402e-ad67-a4cb1062f2d5
Content-Length: 72
Origin: https://1xlite-032472.top
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=1; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_87653m_16307c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D3098980_d26691_l109169_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_87653m_16307c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D3098980_d26691_l109169_clickunder; postback_watcher=; auid=LiC2d2eVuxJ3VRokA5DeAg==; window_width=1280; che_g=ed4f8691-357d-986e-988b-8186689a5f4e
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 26 Jan 2025 04:33:25 GMT
content-type: application/json
content-length: 23
x-dt: 285
x-time-ng: 0.001
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.020, wf-uht;dur=0.011
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/cca369af6198d7764a276e816ecf67dd.json

185.244.209.62

200 OK

9.1 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/cca369af6198d7764a276e816ecf67dd.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-032472.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
9.1 kB (9084 bytes)
Hash
d8e2d3d44573f45cc5486d5fcb3b625e
a8177ae8a1d08778a5ca16738078c4b4d1421434
6340e5beb6bad10cb953f88f2e48a653c98b46f8bef3729d3dbffd4b2304ff2b

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/cca369af6198d7764a276e816ecf67dd.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-032472.top/
Origin: https://1xlite-032472.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 26 Jan 2025 04:33:24 GMT
content-type: application/json
traceparent: 00-a91849df4000a9cda0cd9c731c7d17b6-2a72d5c369b2877a-01
last-modified: Thu, 10 Oct 2024 12:42:28 GMT
etag: W/"6a4635ef54a2476b6606f4b98ba743d0"
content-encoding: gzip
expires: Thu, 16 Jan 2025 11:19:55 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 1068
cache: HIT
x-cached-since: 2025-01-26T04:15:36+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/e3dd2d416ede1d7659584842878349f6.json

185.244.209.62

200 OK

7.0 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/e3dd2d416ede1d7659584842878349f6.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-032472.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
7.0 kB (7012 bytes)
Hash
448fe10e8ff6b14bbab44f6572967ec5
e42aa20771798e1be52afb716ede0371b632b8fa
cd3bf02fb57bce93fa06feb47dbd60f2a2b6e94359fd6a876532c7925c20d645

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/e3dd2d416ede1d7659584842878349f6.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-032472.top/
Origin: https://1xlite-032472.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 26 Jan 2025 04:33:24 GMT
content-type: application/json
traceparent: 00-d48f10eb08a30c097962335249bb262e-0de6d727e6d51ab6-01
last-modified: Thu, 16 May 2024 19:05:13 GMT
etag: W/"338264fc869e8f0b86b0d6c9d92102b0"
content-encoding: gzip
expires: Thu, 16 Jan 2025 11:19:55 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 1100
cache: HIT
x-cached-since: 2025-01-26T04:15:04+00:00
X-Firefox-Spdy: h2

GET 1xlite-032472.top/web-api/session

46.32.182.119

204 No Content

0 B

URL GET HTTP/2
1xlite-032472.top/web-api/session
IP
46.32.182.119:443
ASN
#0

Requested by
https://1xlite-032472.top/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-032472.top
Fingerprint67:A5:DB:FC:AB:A3:CB:3D:16:5D:64:68:CE:5C:77:27:83:DD:D9:57
ValidityWed, 25 Dec 2024 09:21:50 GMT - Tue, 25 Mar 2025 09:21:49 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /web-api/session HTTP/1.1
Host: 1xlite-032472.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-032472.top/en/block
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=1; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_87653m_16307c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D3098980_d26691_l109169_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_87653m_16307c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D3098980_d26691_l109169_clickunder; auid=LiC2d2eVuxJ3VRokA5DeAg==; window_width=1280; che_g=ed4f8691-357d-986e-988b-8186689a5f4e
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Sun, 26 Jan 2025 04:33:32 GMT
cache-control: no-cache, private
server-timing: dt_total;dur=0.066, p;dur=15.969, wf-uht;dur=0.028
set-cookie: SESSION=d59da11dcb50a7180f7c61101c37c2a4; path=/; secure; httponly; samesite=lax
x-dt: 285
x-time-ng: 0.017, 0.017
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

GET 1xlite-032472.top/hd-api/external/apps/c5e31d5915661de4393e3f1489b00ebc4497dd48/api.js

46.32.182.119

200 OK

416 B

URL GET HTTP/2
1xlite-032472.top/hd-api/external/apps/c5e31d5915661de4393e3f1489b00ebc4497dd48/api.js
IP
46.32.182.119:443
ASN
#0

Requested by
https://1xlite-032472.top/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-032472.top
Fingerprint67:A5:DB:FC:AB:A3:CB:3D:16:5D:64:68:CE:5C:77:27:83:DD:D9:57
ValidityWed, 25 Dec 2024 09:21:50 GMT - Tue, 25 Mar 2025 09:21:49 GMT

File type
JavaScript source, ASCII text, with very long lines (594)
Size
416 B (416 bytes)
Hash
bd2e3553032ba63e3b6b3200a743bc8d
a15c755742b456440614377121fadba24bd3e220
66103e021ac66e5ac2a26dfa09c44b567a455096dd77bfd809295cae281e2046

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hd-api/external/apps/c5e31d5915661de4393e3f1489b00ebc4497dd48/api.js HTTP/1.1
Host: 1xlite-032472.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-032472.top/en/block
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=1; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_87653m_16307c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D3098980_d26691_l109169_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_87653m_16307c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D3098980_d26691_l109169_clickunder; auid=LiC2d2eVuxJ3VRokA5DeAg==; window_width=1280; che_g=ed4f8691-357d-986e-988b-8186689a5f4e; SESSION=d59da11dcb50a7180f7c61101c37c2a4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 26 Jan 2025 04:33:32 GMT
content-type: text/javascript; charset=utf-8
content-length: 416
cache-control: public, max-age=300
content-encoding: gzip
etag: bd2e3553032ba63e3b6b3200a743bc8d
vary: Accept-Encoding
x-dt: 455
x-request-guid: 1a533ebb822bdd5e9bfc9549e536dfb3
x-time-ng: 0.001
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.007, wf-uht;dur=
accept-ranges: bytes
X-Firefox-Spdy: h2

GET 1xlite-032472.top/hd-api/external/assets/hdf.js

46.32.182.119

200 OK

1.6 kB

URL GET HTTP/2
1xlite-032472.top/hd-api/external/assets/hdf.js
IP
46.32.182.119:443
ASN
#0

Requested by
https://1xlite-032472.top/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-032472.top
Fingerprint67:A5:DB:FC:AB:A3:CB:3D:16:5D:64:68:CE:5C:77:27:83:DD:D9:57
ValidityWed, 25 Dec 2024 09:21:50 GMT - Tue, 25 Mar 2025 09:21:49 GMT

File type
C++ source, ASCII text, with very long lines (874)
Size
1.6 kB (1622 bytes)
Hash
2f26a679e9d54a65e6578e947cc5bdf2
1b984864aa7b3e28231ac7cea3c199435dbdc6bf
1e3c4bd81a1cd9ee02e42a42802d5c18cbdb3f3a11c0b2732eb11bd12263020c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hd-api/external/assets/hdf.js HTTP/1.1
Host: 1xlite-032472.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-032472.top/en/block
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=1; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_87653m_16307c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D3098980_d26691_l109169_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_87653m_16307c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D3098980_d26691_l109169_clickunder; auid=LiC2d2eVuxJ3VRokA5DeAg==; window_width=1280; che_g=ed4f8691-357d-986e-988b-8186689a5f4e; SESSION=d59da11dcb50a7180f7c61101c37c2a4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 26 Jan 2025 04:33:32 GMT
content-type: text/javascript; charset=utf-8
content-length: 1622
cache-control: public, max-age=300
content-encoding: gzip
etag: 2f26a679e9d54a65e6578e947cc5bdf2
vary: Accept-Encoding
x-dt: 455
x-request-guid: cae5bb4095139891a099cd0bb2a53520
x-time-ng: 0.001
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.009, wf-uht;dur=
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2

185.244.209.62

200 OK

64 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-032472.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 63748, version 1.0
Size
64 kB (63748 bytes)
Hash
6887b6f24414dbc612dbf42ccdc76b70
8068d3abfbc6cbf35b55919da45b1f4d2d136238
fc5c015fc32518f1ed810fa84ca28941eb9d5a3c81acc8df69a4dbbeedef7b0c

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-032472.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 26 Jan 2025 04:33:33 GMT
content-type: font/woff2
content-length: 63748
traceparent: 00-22ba1423ae18adcc554a48584124737c-5b9217ae8a6a9402-01
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "6887b6f24414dbc612dbf42ccdc76b70"
expires: Thu, 16 Jan 2025 10:32:14 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 552
cache: HIT
x-cached-since: 2025-01-26T04:24:21+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2

185.244.209.62

200 OK

64 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-032472.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 63920, version 1.0
Size
64 kB (63920 bytes)
Hash
a65527fcb58f66a7cfbc0e6b160538b4
45d260e7fa343401b5bb0df982a014f53e2d253b
fb13c3a1cbac60649b76f7d7f85c1645d35ac69b85ce5f4eb0692505ecc2cd45

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-032472.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 26 Jan 2025 04:33:33 GMT
content-type: font/woff2
content-length: 63920
traceparent: 00-18dd5c9636aa53ef2839ce7e8f9e3beb-6f253b4571826991-01
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "a65527fcb58f66a7cfbc0e6b160538b4"
expires: Thu, 16 Jan 2025 10:45:34 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 1231
cache: HIT
x-cached-since: 2025-01-26T04:13:02+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/shared-assets/__shared_popper_js_5I5UQEBA.js

185.244.209.62

200 OK

14 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/shared-assets/__shared_popper_js_5I5UQEBA.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-032472.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
14 kB (13913 bytes)
Hash
00e8b78b38b0485a39c87df9323a8900
726dc00ce569c90f0ecf50f9c7cb27de4b0680c7
6abb66300568bb5432d462476f97ab0e89c79a1d2510ab6b3347e5c67f8bf008

HTTP Headers

GET /sys-static/shared-assets/__shared_popper_js_5I5UQEBA.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-032472.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 26 Jan 2025 04:33:24 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-4ad45b98cd54ae5502881fafad7839b0-4679d38f7c48d85d-01
last-modified: Fri, 24 Jan 2025 10:37:04 GMT
etag: W/"6cb09f9375675899743ac6e31bcf0b0d"
x-amz-meta-mtime: 1737714857.187199613
content-encoding: gzip
expires: Sun, 26 Jan 2025 10:04:53 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 66511
cache: HIT
x-cached-since: 2025-01-25T10:04:53+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/09c57c19d4f24724ef9af0686b86845f.json

185.244.209.62

200 OK

91 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/09c57c19d4f24724ef9af0686b86845f.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-032472.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with very long lines (61980)
Size
91 kB (90952 bytes)
Hash
d9350b092d4b93258f426bece5f4f8af
25bcd1017bbcc1843e42c37aa9829af8805dad11
02b073c57837029b06010ead553fa8a635fd12a7895c9ee220871fc548d9ae41

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/09c57c19d4f24724ef9af0686b86845f.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-032472.top/
Origin: https://1xlite-032472.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 26 Jan 2025 04:33:24 GMT
content-type: application/json
traceparent: 00-cac1d7fda6a156047fc21c33f65e1a32-ee98a2e36544406f-01
last-modified: Mon, 23 Dec 2024 11:31:03 GMT
etag: W/"20162c0068a1990d739eb07c9725864e"
content-encoding: gzip
expires: Thu, 16 Jan 2025 11:19:55 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 1068
cache: HIT
x-cached-since: 2025-01-26T04:15:36+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/47b9c1da/desktop/default/analytics-c4571eb0.js

185.244.209.62

200 OK

144 kB

URL GET HTTP/2
v3.traincdn.com/main-static/47b9c1da/desktop/default/analytics-c4571eb0.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-032472.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
144 kB (143859 bytes)
Hash
6a4a9103e16252983c40042aef77882d
734c051cdc44218cab8ecf5d7d3178a28fcff4df
7dc9a0586ddc2ca6b4252d7b10298872e3dcbcc80d984c4506228c3b662426b1

HTTP Headers

GET /main-static/47b9c1da/desktop/default/analytics-c4571eb0.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-032472.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 26 Jan 2025 04:33:34 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-efa8393b2e31861a8ef449bf75c8aadb-417476036cb57069-01
last-modified: Fri, 24 Jan 2025 09:00:19 GMT
etag: W/"24a1947c1fdf79ab3fe41096d1094cb4"
x-amz-meta-mtime: 1737709217.035067966
content-encoding: gzip
expires: Sat, 25 Jan 2025 09:33:33 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 68339
cache: HIT
x-cached-since: 2025-01-25T09:34:35+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/shared-assets/__shared_accept_language_parser_F4H4E7NH.js

185.244.209.62

200 OK

108 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/shared-assets/__shared_accept_language_parser_F4H4E7NH.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-032472.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
108 kB (108454 bytes)
Hash
fcaa7268e2576ac2ba8016b85a257210
dacf269d8d0743d6ee4a89c1d48286eeb2cf8202
13dc245647cf91904cb5f1cc8f59c94a879da807ea243622b9ff5ac9763cf53d

HTTP Headers

GET /sys-static/shared-assets/__shared_accept_language_parser_F4H4E7NH.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-032472.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 26 Jan 2025 04:33:24 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-eb8caa1112fac6e2301e01d6574aba6c-1b54f07987e523c5-01
last-modified: Fri, 24 Jan 2025 10:37:04 GMT
etag: W/"268c88e3fff4b1ae77e5109cba692e17"
x-amz-meta-mtime: 1737714857.186199579
content-encoding: gzip
expires: Sun, 26 Jan 2025 09:56:36 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 67008
cache: HIT
x-cached-since: 2025-01-25T09:56:36+00:00
X-Firefox-Spdy: h2

GET radar.cedexis.com/1/23802/radar.js

45.54.49.5

302 Moved Temporarily

138 B

URL GET HTTP/1.1
radar.cedexis.com/1/23802/radar.js
IP
45.54.49.5:443
ASN
#63911 NetActuate, Inc

Requested by
https://1xlite-032472.top/en/block
Certificate
IssuerDigiCert Inc
Subjectradar.cedexis.com
Fingerprint33:58:79:8E:87:A5:C3:05:CA:E2:82:50:61:CF:72:83:BD:64:80:C1
ValidityFri, 29 Mar 2024 00:00:00 GMT - Fri, 28 Mar 2025 23:59:59 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
138 B (138 bytes)
Hash
aff950cab4c0265e21d401db15f1026d
f03e18461817f7a6546c8bf8fa8d686d7e30aca0
753e0dd54f28c4f7009b9c0b18a68aed175416bd8b7d134858264586eaac56f0

HTTP Headers

GET /1/23802/radar.js HTTP/1.1
Host: radar.cedexis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-032472.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Sun, 26 Jan 2025 04:33:34 GMT
Content-Type: text/html
Content-Length: 138
Connection: keep-alive
Location: /1707728419/stub.js
Expires: Sun, 26 Jan 2025 04:43:34 GMT
Cache-Control: max-age=600
Vary: User-Agent,DNT

GET www.googletagmanager.com/gtag/destination?id=DC-14030178&l=dataLayer&cx=c&gtm=45He51n0v9180563600za200

142.250.74.168

200 OK

87 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/destination?id=DC-14030178&l=dataLayer&cx=c&gtm=45He51n0v9180563600za200
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-032472.top/en/block
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint10:26:0A:38:A4:FD:1E:F0:80:EB:EE:D7:0A:8D:41:1D:CB:DB:54:82
ValidityMon, 06 Jan 2025 08:36:08 GMT - Mon, 31 Mar 2025 08:36:07 GMT

File type
JavaScript source, ASCII text, with very long lines (5268)
Size
87 kB (87280 bytes)
Hash
3dd0bb028a8583162e62070bd6c2b6f6
11b60ddc443640c142095596a6456d30e6abb85d
20c3708fb3c2cb167fb5a191dad777212d050d9cd9cb0e42a6b2bc5d5c62a7f3

HTTP Headers

GET /gtag/destination?id=DC-14030178&l=dataLayer&cx=c&gtm=45He51n0v9180563600za200 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-032472.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 26 Jan 2025 04:33:34 GMT
expires: Sun, 26 Jan 2025 04:33:34 GMT
cache-control: private, max-age=900
last-modified: Sun, 26 Jan 2025 03:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcysghrgc:42:0
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcysghrgc:42:0"}],}
server: Google Tag Manager
content-length: 87280
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET www.googletagmanager.com/gtag/destination?id=AW-16664555628&l=dataLayer&cx=c&gtm=45He51n0v9180563600za200

142.250.74.168

200 OK

104 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/destination?id=AW-16664555628&l=dataLayer&cx=c&gtm=45He51n0v9180563600za200
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-032472.top/en/block
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint10:26:0A:38:A4:FD:1E:F0:80:EB:EE:D7:0A:8D:41:1D:CB:DB:54:82
ValidityMon, 06 Jan 2025 08:36:08 GMT - Mon, 31 Mar 2025 08:36:07 GMT

File type
JavaScript source, ASCII text, with very long lines (5268)
Size
104 kB (103690 bytes)
Hash
435556d796e594644f3c4c3cebf1aa60
8f10a41ee8c84d1b0169944beeb62dfec5193703
8bbc607ed80e2ef62a6af4ca5de799740a43ed8fead5c91183861f3116b05de9

HTTP Headers

GET /gtag/destination?id=AW-16664555628&l=dataLayer&cx=c&gtm=45He51n0v9180563600za200 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-032472.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 26 Jan 2025 04:33:35 GMT
expires: Sun, 26 Jan 2025 04:33:35 GMT
cache-control: private, max-age=900
last-modified: Sun, 26 Jan 2025 03:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcysghrgc:42:0
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcysghrgc:42:0"}],}
server: Google Tag Manager
content-length: 103690
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET v3.traincdn.com/sys-static/shared-assets/__shared_localforage_KSHPPCVF.js

185.244.209.62

200 OK

11 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/shared-assets/__shared_localforage_KSHPPCVF.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-032472.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (30255)
Size
11 kB (11302 bytes)
Hash
6f5a68dfb1ba3d03fae9af333682499e
70b2ecb4c71a1c8a56a8835d2ef78d141c4bae05
0322c6c75edaa842f6c94debb75c6138cb5667fa2f2ddb5128aaf1a91e8e90db

HTTP Headers

GET /sys-static/shared-assets/__shared_localforage_KSHPPCVF.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-032472.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 26 Jan 2025 04:33:24 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-e34fac3981072c9dc144a45c6163ca21-227254999d6e771a-01
last-modified: Fri, 24 Jan 2025 10:37:04 GMT
etag: W/"d750d8afadf936c37b83cbcafdbba18d"
x-amz-meta-mtime: 1737714857.187199613
content-encoding: gzip
expires: Sun, 26 Jan 2025 09:56:30 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 67014
cache: HIT
x-cached-since: 2025-01-25T09:56:30+00:00
X-Firefox-Spdy: h2

POST region1.analytics.google.com/g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je51n0v897130004za200&_p=1737866014390&em=tv.1~em.ODS1igyfeIhzOTHENqwIfH1sb8t0oxg8FT6iY2YCmeo&_gaz=1&gcd=13l3lPl2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=102067555~102067808~102081485~102123608&cid=1540380135.1737866015&ecid=738851352&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&ec_mode=a&_s=1&sid=1737866014&sct=1&seg=0&dl=https%3A%2F%2F1xlite-032472.top%2Fen%2Fblock&dt=1xBet&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.optimize_id=GTM-5R4MT54&upn.ref_id=1&tfd=13305

216.239.32.36

204 No Content

0 B

URL POST HTTP/2
region1.analytics.google.com/g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je51n0v897130004za200&_p=1737866014390&em=tv.1~em.ODS1igyfeIhzOTHENqwIfH1sb8t0oxg8FT6iY2YCmeo&_gaz=1&gcd=13l3lPl2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=102067555~102067808~102081485~102123608&cid=1540380135.1737866015&ecid=738851352&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&ec_mode=a&_s=1&sid=1737866014&sct=1&seg=0&dl=https%3A%2F%2F1xlite-032472.top%2Fen%2Fblock&dt=1xBet&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.optimize_id=GTM-5R4MT54&upn.ref_id=1&tfd=13305
IP
216.239.32.36:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-032472.top/en/block
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint10:26:0A:38:A4:FD:1E:F0:80:EB:EE:D7:0A:8D:41:1D:CB:DB:54:82
ValidityMon, 06 Jan 2025 08:36:08 GMT - Mon, 31 Mar 2025 08:36:07 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je51n0v897130004za200&_p=1737866014390&em=tv.1~em.ODS1igyfeIhzOTHENqwIfH1sb8t0oxg8FT6iY2YCmeo&_gaz=1&gcd=13l3lPl2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=102067555~102067808~102081485~102123608&cid=1540380135.1737866015&ecid=738851352&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&ec_mode=a&_s=1&sid=1737866014&sct=1&seg=0&dl=https%3A%2F%2F1xlite-032472.top%2Fen%2Fblock&dt=1xBet&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.optimize_id=GTM-5R4MT54&upn.ref_id=1&tfd=13305 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-032472.top/
Origin: https://1xlite-032472.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: https://1xlite-032472.top
date: Sun, 26 Jan 2025 04:33:35 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-7JGWL9SV66&cid=1540380135.1737866015&gtm=45je51n0v897130004za200&aip=1&dma=1&dma_cps=syphamo&gcd=13l3lPl2l1l1&npa=1&frm=0&tag_exp=102067555~102067808~102081485~102123608&tag_exp=102067555~102067808~102081485~102123608&z=80702216

142.250.74.131

200 OK

42 B

URL GET HTTP/2
www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-7JGWL9SV66&cid=1540380135.1737866015&gtm=45je51n0v897130004za200&aip=1&dma=1&dma_cps=syphamo&gcd=13l3lPl2l1l1&npa=1&frm=0&tag_exp=102067555~102067808~102081485~102123608&tag_exp=102067555~102067808~102081485~102123608&z=80702216
IP
142.250.74.131:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-032472.top/en/block
Certificate
IssuerGoogle Trust Services
Subject*.google.no
Fingerprint9B:87:46:80:51:F3:57:BB:58:27:17:EE:9E:AD:71:D4:7D:6D:F1:83
ValidityMon, 06 Jan 2025 08:38:56 GMT - Mon, 31 Mar 2025 08:38:55 GMT

File type
GIF image data, version 89a, 1 x 1
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-7JGWL9SV66&cid=1540380135.1737866015&gtm=45je51n0v897130004za200&aip=1&dma=1&dma_cps=syphamo&gcd=13l3lPl2l1l1&npa=1&frm=0&tag_exp=102067555~102067808~102081485~102123608&tag_exp=102067555~102067808~102081485~102123608&z=80702216 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-032472.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 26 Jan 2025 04:33:35 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

POST www.google.com/ccm/collect?en=page_view&dl=https%3A%2F%2F1xlite-032472.top%2Fen%2Fblock&scrsrc=www.googletagmanager.com&frm=0&rnd=1417278919.1737866015&dt=1xBet&auid=1985810888.1737866015&navt=n&npa=1&gtm=45He51n0v9180563600za200&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=102067555~102067808~102081485~102123608&tft=1737866014977&tfd=13295&apve=1

142.250.74.100

200 OK

0 B

URL POST HTTP/2
www.google.com/ccm/collect?en=page_view&dl=https%3A%2F%2F1xlite-032472.top%2Fen%2Fblock&scrsrc=www.googletagmanager.com&frm=0&rnd=1417278919.1737866015&dt=1xBet&auid=1985810888.1737866015&navt=n&npa=1&gtm=45He51n0v9180563600za200&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=102067555~102067808~102081485~102123608&tft=1737866014977&tfd=13295&apve=1
IP
142.250.74.100:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-032472.top/en/block
Certificate
IssuerGoogle Trust Services
Subjectwww.google.com
Fingerprint53:F5:E3:47:F6:DC:80:83:14:A1:CE:39:7B:A1:98:61:74:03:86:E2
ValidityMon, 06 Jan 2025 08:37:56 GMT - Mon, 31 Mar 2025 08:37:55 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /ccm/collect?en=page_view&dl=https%3A%2F%2F1xlite-032472.top%2Fen%2Fblock&scrsrc=www.googletagmanager.com&frm=0&rnd=1417278919.1737866015&dt=1xBet&auid=1985810888.1737866015&navt=n&npa=1&gtm=45He51n0v9180563600za200&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=102067555~102067808~102081485~102123608&tft=1737866014977&tfd=13295&apve=1 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-032472.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-032472.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 200 OK
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
content-type: text/plain
date: Sun, 26 Jan 2025 04:33:35 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
vary: Origin, X-Origin, Referer
server: scaffolding on HTTPServer2
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://1xlite-032472.top
access-control-expose-headers: date,vary,vary,vary,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

POST 1xlite-032472.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json

46.32.182.119

200 OK

23 B

URL POST HTTP/2
1xlite-032472.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json
IP
46.32.182.119:443
ASN
#0

Requested by
https://1xlite-032472.top/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-032472.top
Fingerprint67:A5:DB:FC:AB:A3:CB:3D:16:5D:64:68:CE:5C:77:27:83:DD:D9:57
ValidityWed, 25 Dec 2024 09:21:50 GMT - Tue, 25 Mar 2025 09:21:49 GMT

File type
JSON text data
Size
23 B (23 bytes)
Hash
00c516ed62e919dc1e926c1d18567aa9
7151cce05d6bdd6f9451e818211be15baee75a2e
c918a2c7a5414d3a64bdd3c28f90946c8b9c18f97ef6b49db19866419d0a4eb2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json HTTP/1.1
Host: 1xlite-032472.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-032472.top/en/block
Content-Type: application/json
X-Lang: en
X-Uuid: 6ef638fe-24d4-402e-ad67-a4cb1062f2d5
Content-Length: 109
Origin: https://1xlite-032472.top
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=1; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_87653m_16307c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D3098980_d26691_l109169_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_87653m_16307c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D3098980_d26691_l109169_clickunder; auid=LiC2d2eVuxJ3VRokA5DeAg==; window_width=1280; che_g=ed4f8691-357d-986e-988b-8186689a5f4e; SESSION=d59da11dcb50a7180f7c61101c37c2a4; _ga_7JGWL9SV66=GS1.1.1737866014.1.0.1737866014.60.0.738851352; _ga=GA1.1.1540380135.1737866015; _gcl_au=1.1.1985810888.1737866015
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 26 Jan 2025 04:33:36 GMT
content-type: application/json
content-length: 23
x-dt: 285
x-time-ng: 0.001
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.061, wf-uht;dur=0.015
X-Firefox-Spdy: h2

POST region1.analytics.google.com/g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je51n0v897130004za200&_p=1737866014390&gcd=13l3lPl2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=102067555~102067808~102081485~102123608&cid=1540380135.1737866015&ecid=738851352&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_eu=AEA&_s=2&sid=1737866014&sct=1&seg=0&dl=https%3A%2F%2F1xlite-032472.top%2Fen%2Fblock&dt=1xBet&en=scroll&ep.optimize_id=GTM-5R4MT54&epn.percent_scrolled=90&tfd=18347

216.239.32.36

204 No Content

0 B

URL POST HTTP/3
region1.analytics.google.com/g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je51n0v897130004za200&_p=1737866014390&gcd=13l3lPl2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=102067555~102067808~102081485~102123608&cid=1540380135.1737866015&ecid=738851352&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_eu=AEA&_s=2&sid=1737866014&sct=1&seg=0&dl=https%3A%2F%2F1xlite-032472.top%2Fen%2Fblock&dt=1xBet&en=scroll&ep.optimize_id=GTM-5R4MT54&epn.percent_scrolled=90&tfd=18347
IP
216.239.32.36:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-032472.top/en/block
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint10:26:0A:38:A4:FD:1E:F0:80:EB:EE:D7:0A:8D:41:1D:CB:DB:54:82
ValidityMon, 06 Jan 2025 08:36:08 GMT - Mon, 31 Mar 2025 08:36:07 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je51n0v897130004za200&_p=1737866014390&gcd=13l3lPl2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=102067555~102067808~102081485~102123608&cid=1540380135.1737866015&ecid=738851352&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_eu=AEA&_s=2&sid=1737866014&sct=1&seg=0&dl=https%3A%2F%2F1xlite-032472.top%2Fen%2Fblock&dt=1xBet&en=scroll&ep.optimize_id=GTM-5R4MT54&epn.percent_scrolled=90&tfd=18347 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-032472.top/
Origin: https://1xlite-032472.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0
TE: trailers

HTTP/3 204 No Content
access-control-allow-origin: https://1xlite-032472.top
date: Sun, 26 Jan 2025 04:33:40 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml

35.244.181.201

200 OK

444 B

URL
aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml
IP
35.244.181.201:0
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type
XML 1.0 document, ASCII text, with very long lines (332)
Size
444 B (444 bytes)
Hash
3b324dec137a87ef7e24a30a65b13dd0
c0faa95b2f1018e264b3a14aaf50d1003e6c27b3
6cd0b591d9239fc8564627e92a804fc261951b1cbaf5fa58a8ada3cc13f51463

HTTP Headers

GET /update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1
Host: aus5.mozilla.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Cache-Control: no-cache
Pragma: no-cache
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
rule-id: unknown
rule-data-version: unknown
content-signature: x5u=https://content-signature-2.cdn.mozilla.net/g/chains/202402/aus.content-signature.mozilla.org-2025-02-28-18-04-21.chain; p384ecdsa=Bx7A_DzSLbfEewR6_zuWWVCZgxwlGV4y-R_Uqo--x7Rn6oeG2CPzzOBzXwKM5SYJraAKakcxPY6vFfiFKWOLxB9NzBYRPCfTKRdtoWx3f_Mux9Bpp6gmecBOasQ52qeV
strict-transport-security: max-age=31536000;
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'
x-proxy-cache-status: EXPIRED
content-encoding: gzip
via: 1.1 google
date: Sun, 26 Jan 2025 04:31:54 GMT
content-type: text/xml; charset=utf-8
vary: Accept-Encoding
content-length: 444
age: 106
cache-control: public,max-age=90
alt-svc: clear
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/shared-assets/__shared_fast_deep_equal_ORMYJPSV.js

185.244.209.62

200 OK

865 B

URL GET HTTP/2
v3.traincdn.com/sys-static/shared-assets/__shared_fast_deep_equal_ORMYJPSV.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-032472.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (873), with no line terminators
Size
865 B (865 bytes)
Hash
625f9e7c0a9eb895856a03d28a85e9f3
f0e8b6113f4c0d088baca9234190ce2b484de3df
d3dc79f06ae64eef1bd29c19957cc035fdae020dc3fc29c818cfd3460f775675

HTTP Headers

GET /sys-static/shared-assets/__shared_fast_deep_equal_ORMYJPSV.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-032472.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 26 Jan 2025 04:33:24 GMT
content-type: text/javascript; charset=utf-8
content-length: 865
traceparent: 00-c296dd7a3858c860eba9714902563e8f-6d6f7e8d047d8737-01
last-modified: Fri, 24 Jan 2025 10:37:04 GMT
etag: "e42d2bda0bda350e6cb507a391561910"
x-amz-meta-mtime: 1737714857.186199579
expires: Sun, 26 Jan 2025 09:56:30 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 67014
cache: HIT
x-cached-since: 2025-01-25T09:56:30+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/ywYu240b.js

185.244.209.62

200 OK

5.5 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/ywYu240b.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-032472.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with very long lines (5650), with no line terminators
Size
5.5 kB (5515 bytes)
Hash
9806e301700caf30acd3089de303f5a8
52facbfc09cd68ccfe0068164b675343f6d3e237
9691a2a6a0812aa7816e26a6fa9c7529df10f18eb348f8a7713759fa1709f0de

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/ywYu240b.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-032472.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 26 Jan 2025 04:33:24 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-792f5e535172474a0f407c45d897821e-376848d3d8a4d3df-01
last-modified: Thu, 16 Jan 2025 12:01:29 GMT
etag: W/"29317f40f64ddd062ced9e94b607702e"
x-amz-meta-mtime: 1737028741.203096818
content-encoding: gzip
expires: Thu, 23 Jan 2025 12:28:07 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 57860
cache: HIT
x-cached-since: 2025-01-25T12:29:04+00:00
X-Firefox-Spdy: h2

POST 1xlite-032472.top/hd-api/external/verify

46.32.182.119

200 OK

609 B

URL POST HTTP/2
1xlite-032472.top/hd-api/external/verify
IP
46.32.182.119:443
ASN
#0

Requested by
https://1xlite-032472.top/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-032472.top
Fingerprint67:A5:DB:FC:AB:A3:CB:3D:16:5D:64:68:CE:5C:77:27:83:DD:D9:57
ValidityWed, 25 Dec 2024 09:21:50 GMT - Tue, 25 Mar 2025 09:21:49 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (615), with no line terminators
Size
609 B (609 bytes)
Hash
348c3f20b4c29ba4cef06cdea1864c66
6c0d8ec5de59c650537e1f23b727313b65a54e19
d8846be10ad050b889316e0dccb89df51f28e8a02ffa95ffd9884636505cf4f3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /hd-api/external/verify HTTP/1.1
Host: 1xlite-032472.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-032472.top/en/block
Content-Type: text/plain;charset=UTF-8
Content-Length: 74425
Origin: https://1xlite-032472.top
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=1; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_87653m_16307c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D3098980_d26691_l109169_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_87653m_16307c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D3098980_d26691_l109169_clickunder; auid=LiC2d2eVuxJ3VRokA5DeAg==; window_width=1280; che_g=ed4f8691-357d-986e-988b-8186689a5f4e; SESSION=d59da11dcb50a7180f7c61101c37c2a4
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 26 Jan 2025 04:33:33 GMT
content-type: application/json
content-length: 512
content-encoding: gzip
vary: Accept-Encoding
x-dt: 285
x-request-guid: 223b2c8abdfa18c4929d3ade87cc9ced
x-time-ng: 0.031
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.014, wf-uht;dur=0.059
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_coupon/en/dictionary_9514726ab1e70b389311f9cca2350b8c.json

185.244.209.62

200 OK

24 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_coupon/en/dictionary_9514726ab1e70b389311f9cca2350b8c.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-032472.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type

Size
24 kB (24432 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /genfiles/web-app-v2/dictionary2/v3_coupon/en/dictionary_9514726ab1e70b389311f9cca2350b8c.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-032472.top/
Origin: https://1xlite-032472.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 26 Jan 2025 04:33:24 GMT
content-type: application/json; charset=utf-8
traceparent: 00-fad4f6b5162f66b4573793d5287e9ae5-0ee9118f1d708181-01
last-modified: Tue, 14 Jan 2025 18:06:00 GMT
etag: W/"87e0b0fb7cdcc6570063fa443b80d36d"
cache-control: max-age=3600
content-encoding: gzip
expires: Thu, 16 Jan 2025 10:05:19 GMT
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 2855
cache: HIT
x-cached-since: 2025-01-26T03:45:49+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/47b9c1da/desktop/default/DC-d6ce9225.js

185.244.209.62

200 OK

2.7 kB

URL GET HTTP/2
v3.traincdn.com/main-static/47b9c1da/desktop/default/DC-d6ce9225.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-032472.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (2676), with no line terminators
Size
2.7 kB (2654 bytes)
Hash
9e4bc64081856ae2388e9f45beaa4629
9d83ab818ebd86029231e84fe115df070a7a36f5
ea8539b02208d473183f65968524d9c3963dcc958e6f05cebfc4ab9ad83cbf33

HTTP Headers

GET /main-static/47b9c1da/desktop/default/DC-d6ce9225.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-032472.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 26 Jan 2025 04:33:24 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-05aeae7a38cf9f980ad1341c64ff681f-37fa3a638d39673b-01
last-modified: Fri, 24 Jan 2025 09:00:19 GMT
etag: W/"eb58f903ab3f8f12f83f68befa090822"
x-amz-meta-mtime: 1737709217.023067933
content-encoding: gzip
expires: Sat, 25 Jan 2025 09:33:25 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 68339
cache: HIT
x-cached-since: 2025-01-25T09:34:25+00:00
X-Firefox-Spdy: h2

GET radar.cedexis.com/1707728419/stub.js

45.54.49.5

200 OK

390 B

URL GET HTTP/1.1
radar.cedexis.com/1707728419/stub.js
IP
45.54.49.5:443
ASN
#63911 NetActuate, Inc

Requested by
https://1xlite-032472.top/en/block
Certificate
IssuerDigiCert Inc
Subjectradar.cedexis.com
Fingerprint33:58:79:8E:87:A5:C3:05:CA:E2:82:50:61:CF:72:83:BD:64:80:C1
ValidityFri, 29 Mar 2024 00:00:00 GMT - Fri, 28 Mar 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (401), with no line terminators
Size
390 B (390 bytes)
Hash
41f91def4fb1d0becfdad5450e17dba6
17135e0326da4c71d38c2b07e230fa6ffdf16ba4
2b3a3cd4c97d33ddba33c7ac624b311cd035b41391ae3fab3a6bd5ca6f384a9f

HTTP Headers

GET /1707728419/stub.js HTTP/1.1
Host: radar.cedexis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-032472.top/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 26 Jan 2025 04:33:35 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 12 Feb 2024 09:50:42 GMT
Vary: Accept-Encoding
ETag: W/"65c9e9f2-186"
Expires: Sun, 09 Feb 2025 04:33:35 GMT
Cache-Control: max-age=1209600, public
Content-Encoding: gzip

GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/7eb49f3cb95029f19a7a99d6483a332d.json

185.244.209.62

200 OK

182 B

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/7eb49f3cb95029f19a7a99d6483a332d.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-032472.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
182 B (182 bytes)
Hash
1354132df8a5034bcda597127952730c
def2db205153babd3de7ea018e4189613aa8ddf6
c7cf9d8f1480c29d3f88a61151a62980f07c279eca2e94748f2d2dd1fa3a5c42

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/7eb49f3cb95029f19a7a99d6483a332d.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-032472.top/
Origin: https://1xlite-032472.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 26 Jan 2025 04:33:24 GMT
content-type: application/json
content-length: 182
traceparent: 00-306200bc29455e98babb995ad93d5afa-2fe591885d53ebd7-01
last-modified: Fri, 17 May 2024 06:18:09 GMT
etag: "e4c69ca8e3916987138c95a26642f53a"
expires: Thu, 16 Jan 2025 11:02:52 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 1363
cache: HIT
x-cached-since: 2025-01-26T04:10:41+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/47b9c1da/desktop/default/commons/app-0a1c36f7.js

185.244.209.62

200 OK

138 kB

URL GET HTTP/2
v3.traincdn.com/main-static/47b9c1da/desktop/default/commons/app-0a1c36f7.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-032472.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type

Size
138 kB (137776 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /main-static/47b9c1da/desktop/default/commons/app-0a1c36f7.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-032472.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 26 Jan 2025 04:33:23 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-4b2031d721579fba5bcdbcf2e97b70c6-b64666dcb2f9f8f0-01
last-modified: Fri, 24 Jan 2025 09:00:20 GMT
etag: W/"25c3542d7571a59fc23a20d6b7193a57"
x-amz-meta-mtime: 1737709217.035067966
content-encoding: gzip
expires: Sat, 25 Jan 2025 09:33:25 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 68340
cache: HIT
x-cached-since: 2025-01-25T09:34:23+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/shared-assets/__shared_libphonenumber_js_62MR2OUM.js

185.244.209.62

200 OK

159 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/shared-assets/__shared_libphonenumber_js_62MR2OUM.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-032472.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type

Size
159 kB (158815 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /sys-static/shared-assets/__shared_libphonenumber_js_62MR2OUM.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-032472.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 26 Jan 2025 04:33:24 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-12a361a86fb3b1853a8966733364e099-0fe1c813e9d816fe-01
last-modified: Fri, 24 Jan 2025 10:37:04 GMT
etag: W/"382948808b1330a7a717d99dfd278acb"
x-amz-meta-mtime: 1737714857.186199579
content-encoding: gzip
expires: Sun, 26 Jan 2025 09:56:30 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 67014
cache: HIT
x-cached-since: 2025-01-25T09:56:30+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_block_pages/en/dictionary_2579b0e62e11dfdc9944af80a7135015.json

185.244.209.62

200 OK

2.0 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_block_pages/en/dictionary_2579b0e62e11dfdc9944af80a7135015.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-032472.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
troff or preprocessor input, Unicode text, UTF-8 text, with very long lines (1936), with no line terminators
Size
2.0 kB (1994 bytes)
Hash
13b45504cd2db723587e3ad82415e90f
d51b7113752503b3d4168441ca7f65d10b625f9d
b1f5ce09501377501da98c79869d2d2d0ee05e296cf770eee6f93d479739f3c6

HTTP Headers

GET /genfiles/web-app-v2/dictionary2/v3_block_pages/en/dictionary_2579b0e62e11dfdc9944af80a7135015.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-032472.top/
Origin: https://1xlite-032472.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 26 Jan 2025 04:33:24 GMT
content-type: application/json; charset=utf-8
traceparent: 00-789b70c3047379cc19f65635605e7739-76d362505dcd69b6-01
last-modified: Fri, 15 Nov 2024 09:45:51 GMT
etag: W/"69ebea31f035c654ca3d565d6a96540e"
cache-control: max-age=3600
content-encoding: gzip
expires: Thu, 16 Jan 2025 10:55:29 GMT
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 304
cache: HIT
x-cached-since: 2025-01-26T04:28:20+00:00
X-Firefox-Spdy: h2

GET 1xlite-032472.top/version.json?timestamp=1737866004316

46.32.182.119

200 OK

11 B

URL GET HTTP/2
1xlite-032472.top/version.json?timestamp=1737866004316
IP
46.32.182.119:443
ASN
#0

Requested by
https://1xlite-032472.top/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-032472.top
Fingerprint67:A5:DB:FC:AB:A3:CB:3D:16:5D:64:68:CE:5C:77:27:83:DD:D9:57
ValidityWed, 25 Dec 2024 09:21:50 GMT - Tue, 25 Mar 2025 09:21:49 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
11 B (11 bytes)
Hash
dac7abaf71beaad6a48c0457b3eeb4f0
c958ffd91962a3bad8c67e5a9b16ff0296b98538
39fb6325ace2671ee80fe2ab20dbb5f1ca2d463933671b4fd7e56b89dedaaf18

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /version.json?timestamp=1737866004316 HTTP/1.1
Host: 1xlite-032472.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-032472.top/en/block
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=1; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_87653m_16307c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D3098980_d26691_l109169_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_87653m_16307c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D3098980_d26691_l109169_clickunder; postback_watcher=; auid=LiC2d2eVuxJ3VRokA5DeAg==; window_width=1920
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 26 Jan 2025 04:33:24 GMT
content-type: application/json
content-length: 11
last-modified: Fri, 24 Jan 2025 09:03:04 GMT
etag: "0c746b13eeb7506cefd57f8d03f74db2"
x-amz-meta-mtime: 1737709384.603537503
expires: Sun, 26 Jan 2025 04:34:24 GMT
cache-control: max-age=60
x-time-ng: 0.000
accept-ranges: bytes
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.008
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/site-admin/colors/5b2250f464951c6b1d4b2cfa25b00f4c.css

185.244.209.62

200 OK

39 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/site-admin/colors/5b2250f464951c6b1d4b2cfa25b00f4c.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-032472.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with very long lines (38759), with no line terminators
Size
39 kB (38759 bytes)
Hash
5b2250f464951c6b1d4b2cfa25b00f4c
2959bf3dc3493cd23891a55ed986bd16fe6845de
84588a275e80795b5952f1f1af78e60b4c1bcc3da5c53c4ec1eda2e67bdfb0bc

HTTP Headers

GET /genfiles/site-admin/colors/5b2250f464951c6b1d4b2cfa25b00f4c.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-032472.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 26 Jan 2025 04:33:24 GMT
content-type: text/css
traceparent: 00-b8c059d1b8ed8e04a680fa0eeb3aa16e-afe8895f3a5ae840-01
last-modified: Fri, 24 Jan 2025 11:28:52 GMT
etag: W/"5b2250f464951c6b1d4b2cfa25b00f4c"
cache-control: max-age=3600
content-encoding: gzip
expires: Fri, 24 Jan 2025 14:12:08 GMT
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 3412
cache: HIT
x-cached-since: 2025-01-26T03:36:32+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_game/en/dictionary_d3735ae52deabdb00e3d736326f9d798.json

185.244.209.62

200 OK

21 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_game/en/dictionary_d3735ae52deabdb00e3d736326f9d798.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-032472.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type

Size
21 kB (20636 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /genfiles/web-app-v2/dictionary2/v3_game/en/dictionary_d3735ae52deabdb00e3d736326f9d798.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-032472.top/
Origin: https://1xlite-032472.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 26 Jan 2025 04:33:24 GMT
content-type: application/json; charset=utf-8
traceparent: 00-7a76d26dae283ffdc0712fa46ebdc21f-dda96b916b203a87-01
last-modified: Thu, 23 Jan 2025 18:05:47 GMT
etag: W/"1bd41b39aeeba3906a1ab104ef181983"
cache-control: max-age=3600
content-encoding: gzip
expires: Thu, 23 Jan 2025 19:19:08 GMT
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 3220
cache: HIT
x-cached-since: 2025-01-26T03:39:44+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-ui/3.3.65/Desktop/Default/merged.css

185.244.209.62

200 OK

1.7 MB

URL GET HTTP/2
v3.traincdn.com/sys-ui/3.3.65/Desktop/Default/merged.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-032472.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type

Size
1.7 MB (1712582 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /sys-ui/3.3.65/Desktop/Default/merged.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-032472.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 26 Jan 2025 04:33:23 GMT
content-type: text/css; charset=utf-8
traceparent: 00-ad855424280e2ba040aaf9e0c5f489fd-15ea2d0d9bae6e06-01
last-modified: Fri, 24 Jan 2025 13:30:05 GMT
etag: W/"1e37b937d00f29906a6ca660e6154ac9"
x-amz-meta-mtime: 1737725311.981249513
content-encoding: gzip
expires: Sat, 25 Jan 2025 13:35:22 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 53857
cache: HIT
x-cached-since: 2025-01-25T13:35:46+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/47b9c1da/desktop/default/vendors/plugins.v-tooltip-fbbf9263.js

185.244.209.62

200 OK

77 kB

URL GET HTTP/2
v3.traincdn.com/main-static/47b9c1da/desktop/default/vendors/plugins.v-tooltip-fbbf9263.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-032472.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65476)
Size
77 kB (76898 bytes)
Hash
a685ae00f314eb051c72a7d446634d2b
67628bf924ed53e61883e6127e4b33307e8b3f06
e967fda64ea1be14948e042fdef167c8771c49f812835f318af43cdc883f7306

HTTP Headers

GET /main-static/47b9c1da/desktop/default/vendors/plugins.v-tooltip-fbbf9263.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-032472.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 26 Jan 2025 04:33:24 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-b851b85fae15f813e071ff168695b45a-2676759ed9531cf2-01
last-modified: Fri, 24 Jan 2025 09:00:20 GMT
etag: W/"a685ae00f314eb051c72a7d446634d2b"
x-amz-meta-mtime: 1737709217.059068033
content-encoding: gzip
expires: Sat, 25 Jan 2025 09:33:25 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 68340
cache: HIT
x-cached-since: 2025-01-25T09:34:24+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/shared-assets/__shared_vue_deps_PATB7KR4.js

185.244.209.62

200 OK

20 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/shared-assets/__shared_vue_deps_PATB7KR4.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-032472.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type

Size
20 kB (20242 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /sys-static/shared-assets/__shared_vue_deps_PATB7KR4.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-032472.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 26 Jan 2025 04:33:24 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-c0d28096ffa4f5b583e4076d6d4141be-f6613f4caa3e7d1e-01
last-modified: Fri, 24 Jan 2025 10:37:04 GMT
etag: W/"219b2bf4ebab7fe0b8a06850fb28e8b3"
x-amz-meta-mtime: 1737714857.187199613
content-encoding: gzip
expires: Sun, 26 Jan 2025 09:56:30 GMT
cache-control: max-age=86400
x-time-ng: 0.001
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 67014
cache: HIT
x-cached-since: 2025-01-25T09:56:30+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/bf723c7b79b6ce6aa267a76dc3f0a308.json

185.244.209.62

200 OK

2.0 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/bf723c7b79b6ce6aa267a76dc3f0a308.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-032472.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with very long lines (2258), with no line terminators
Size
2.0 kB (2040 bytes)
Hash
384c7b75c8400678aba79bac67d057dd
8f5bb6aa11a990dc0ead3f007085c61affebeaf0
c91c3087976d2e77000749bdc41e75e7199e0d69a9fd15e3bf7a7d57521899b2

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/bf723c7b79b6ce6aa267a76dc3f0a308.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-032472.top/
Origin: https://1xlite-032472.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 26 Jan 2025 04:33:24 GMT
content-type: application/json
traceparent: 00-fc86942d4c7b6ee85d76ff8668762b49-a565b69698546993-01
last-modified: Wed, 15 Jan 2025 12:27:18 GMT
etag: W/"fdf7f1a656ad6df3359d2f2706bc0f1c"
content-encoding: gzip
expires: Thu, 16 Jan 2025 11:02:51 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 1362
cache: HIT
x-cached-since: 2025-01-26T04:10:42+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/47b9c1da/desktop/default/css/7fe5f71b.css

185.244.209.62

200 OK

3.3 kB

URL GET HTTP/2
v3.traincdn.com/main-static/47b9c1da/desktop/default/css/7fe5f71b.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-032472.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with very long lines (3315), with no line terminators
Size
3.3 kB (3313 bytes)
Hash
a094ae2a980f9c9b48cfc132e74ab16c
61b5d23a03be10876ee135cc656e300653dffcb9
8539c401214dafe1264f86e601c2ba0e06d5b6d23b21d7dd343f28c3e6e738b4

HTTP Headers

GET /main-static/47b9c1da/desktop/default/css/7fe5f71b.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-032472.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 26 Jan 2025 04:33:24 GMT
content-type: text/css; charset=utf-8
traceparent: 00-1faaf922274d93ab01a9ea626375c61f-b1b8f62b80aea587-01
last-modified: Fri, 24 Jan 2025 09:00:20 GMT
etag: W/"c610b8710368de3bf2f1c5bb581b6a3a"
x-amz-meta-mtime: 1737709217.039067978
content-encoding: gzip
expires: Sat, 25 Jan 2025 09:33:25 GMT
cache-control: max-age=86400
x-time-ng: 0.001
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 68339
cache: HIT
x-cached-since: 2025-01-25T09:34:25+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/47b9c1da/desktop/default/vendors/plugins.vue-notification-2810a002.js

185.244.209.62

200 OK

13 kB

URL GET HTTP/2
v3.traincdn.com/main-static/47b9c1da/desktop/default/vendors/plugins.vue-notification-2810a002.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-032472.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (12563), with no line terminators
Size
13 kB (12563 bytes)
Hash
f6c5a202b198a4c0d45dc605993aeafd
ba56ff1a95908aaffb27bfd77231740b868a1916
67fa235c7313fb686bb3eeda86b2aa35d5466c1891bb6858512bc8fcd13c2a99

HTTP Headers

GET /main-static/47b9c1da/desktop/default/vendors/plugins.vue-notification-2810a002.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-032472.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 26 Jan 2025 04:33:24 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-4c29570ad1a401687305cc82de4a4fac-711be6f346b74ab4-01
last-modified: Fri, 24 Jan 2025 09:00:20 GMT
etag: W/"f6c5a202b198a4c0d45dc605993aeafd"
x-amz-meta-mtime: 1737709217.059068033
content-encoding: gzip
expires: Sat, 25 Jan 2025 09:33:25 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 68339
cache: HIT
x-cached-since: 2025-01-25T09:34:25+00:00
X-Firefox-Spdy: h2

GET www.googletagmanager.com/gtm.js?id=GTM-KFGPRJ2V

142.250.74.168

200 OK

304 kB

URL GET HTTP/2
www.googletagmanager.com/gtm.js?id=GTM-KFGPRJ2V
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-032472.top/en/block
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint10:26:0A:38:A4:FD:1E:F0:80:EB:EE:D7:0A:8D:41:1D:CB:DB:54:82
ValidityMon, 06 Jan 2025 08:36:08 GMT - Mon, 31 Mar 2025 08:36:07 GMT

File type

Size
304 kB (303850 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /gtm.js?id=GTM-KFGPRJ2V HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-032472.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 26 Jan 2025 04:33:34 GMT
expires: Sun, 26 Jan 2025 04:33:34 GMT
cache-control: private, max-age=900
last-modified: Sun, 26 Jan 2025 03:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1080:0
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1080:0"}],}
server: Google Tag Manager
content-length: 105508
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_registration/en/dictionary_60c452a4b57f0b9231563ee81a5a97da.json

185.244.209.62

200 OK

18 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_registration/en/dictionary_60c452a4b57f0b9231563ee81a5a97da.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-032472.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type

Size
18 kB (17901 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /genfiles/web-app-v2/dictionary2/v3_registration/en/dictionary_60c452a4b57f0b9231563ee81a5a97da.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-032472.top/
Origin: https://1xlite-032472.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 26 Jan 2025 04:33:24 GMT
content-type: application/json; charset=utf-8
traceparent: 00-ac4d2bdfde7e95d213f9e5b5752f860a-2432e09fd16aa8af-01
last-modified: Tue, 17 Dec 2024 16:05:25 GMT
etag: W/"9bb1f5ace96285c93e391e2fbc8a2b60"
cache-control: max-age=3600
content-encoding: gzip
expires: Thu, 16 Jan 2025 10:28:31 GMT
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 2966
cache: HIT
x-cached-since: 2025-01-26T03:43:58+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/9kbgqgDA.js

185.244.209.62

200 OK

4.7 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/9kbgqgDA.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-032472.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with very long lines (4870), with no line terminators
Size
4.7 kB (4745 bytes)
Hash
78c6ff96ce29fbca5af7558bda1f9afc
c5fbc58dfab6c1bc7b3f666be48266c23250c0e0
63032afe5cfdfab4d1e01d9b020923f5d48910ad1ad924e9a510c09b33afb3f9

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/9kbgqgDA.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-032472.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 26 Jan 2025 04:33:24 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-123dac9afb94579a5cb812d26611b97c-19ad6e1d4c715d09-01
last-modified: Thu, 16 Jan 2025 12:01:29 GMT
etag: W/"08be028667d14af0038fe725905f6727"
x-amz-meta-mtime: 1737028741.202096736
content-encoding: gzip
expires: Thu, 23 Jan 2025 12:28:06 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 57860
cache: HIT
x-cached-since: 2025-01-25T12:29:04+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/47b9c1da/desktop/default/runtime-c5698716.js

185.244.209.62

200 OK

24 kB

URL GET HTTP/2
v3.traincdn.com/main-static/47b9c1da/desktop/default/runtime-c5698716.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-032472.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (23551), with no line terminators
Size
24 kB (23551 bytes)
Hash
a12588b17862f55f6379f7973fc863be
1f5f3e490a644018222f70df8fe8b2f3fbc94807
e3df36f354c359873c50c2f8e32694d36d744f8cfd79c0eb9c3dd8d4f69a0518

HTTP Headers

GET /main-static/47b9c1da/desktop/default/runtime-c5698716.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-032472.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 26 Jan 2025 04:33:23 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-bd13ee945d079d8db63b5ac06b58b13d-e85aed732428753d-01
last-modified: Fri, 24 Jan 2025 09:00:20 GMT
etag: W/"a12588b17862f55f6379f7973fc863be"
x-amz-meta-mtime: 1737709217.055068021
content-encoding: gzip
expires: Sat, 25 Jan 2025 09:33:24 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 68340
cache: HIT
x-cached-since: 2025-01-25T09:34:23+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/site-admin/css_vars/f506188b04c16eaa9c664ed23f7ce58e.css

185.244.209.62

200 OK

46 B

URL GET HTTP/2
v3.traincdn.com/genfiles/site-admin/css_vars/f506188b04c16eaa9c664ed23f7ce58e.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-032472.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
46 B (46 bytes)
Hash
f506188b04c16eaa9c664ed23f7ce58e
08d068d7fa5a84beb06ba924a35d84d6bfdab30a
b9bfda0e940104e190b19543b94a10d120643bd1516d3ca2d266a0af6c0966e9

HTTP Headers

GET /genfiles/site-admin/css_vars/f506188b04c16eaa9c664ed23f7ce58e.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-032472.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 26 Jan 2025 04:33:24 GMT
content-type: text/css
content-length: 46
traceparent: 00-509ef622f951a1bdbe224df519dad9a7-07571bacc2640cc5-01
last-modified: Fri, 12 Apr 2024 13:46:52 GMT
etag: "f506188b04c16eaa9c664ed23f7ce58e"
cache-control: max-age=3600
expires: Thu, 16 Jan 2025 10:51:06 GMT
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 3001
cache: HIT
x-cached-since: 2025-01-26T03:43:23+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/47b9c1da/desktop/default/Betting.Core-32ad8e8f.js

185.244.209.62

200 OK

2.0 kB

URL GET HTTP/2
v3.traincdn.com/main-static/47b9c1da/desktop/default/Betting.Core-32ad8e8f.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-032472.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (2048), with no line terminators
Size
2.0 kB (2003 bytes)
Hash
94ce0f4159f2c6ba5f8c43bbd527ccb8
f9d1930cd883959a252da454afe75ec1b172ed13
efdb96e6f0c3fc51844070acd85d43527f219eaaf48588825c743c218af741b0

HTTP Headers

GET /main-static/47b9c1da/desktop/default/Betting.Core-32ad8e8f.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-032472.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 26 Jan 2025 04:33:24 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-5c016b3924fe7cb41644edabf4997a6e-1988652adb366160-01
last-modified: Fri, 24 Jan 2025 09:00:19 GMT
etag: W/"50857a08b29e5f846a815aae5d54fd57"
x-amz-meta-mtime: 1737709217.023067933
content-encoding: gzip
expires: Sat, 25 Jan 2025 09:33:25 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 68339
cache: HIT
x-cached-since: 2025-01-25T09:34:25+00:00
X-Firefox-Spdy: h2

GET www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66

142.250.74.168

200 OK

443 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-032472.top/en/block
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint10:26:0A:38:A4:FD:1E:F0:80:EB:EE:D7:0A:8D:41:1D:CB:DB:54:82
ValidityMon, 06 Jan 2025 08:36:08 GMT - Mon, 31 Mar 2025 08:36:07 GMT

File type

Size
443 kB (443300 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /gtag/js?id=G-7JGWL9SV66 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-032472.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 26 Jan 2025 04:33:34 GMT
expires: Sun, 26 Jan 2025 04:33:34 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
server: Google Tag Manager
content-length: 140717
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/ca0b35c4fc049f15180d875f935913b8.json

185.244.209.62

200 OK

9.3 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/ca0b35c4fc049f15180d875f935913b8.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-032472.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with very long lines (10243), with no line terminators
Size
9.3 kB (9330 bytes)
Hash
dbb3e349af512d58c9bdc0b817a5611b
3e2c1be287cf999a8e8e05fee82c97ebe5219f72
0e16a00e731a3a1ac2740dccf1334f82f881551b94bb0297b2cba2b7ed0134a4

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/ca0b35c4fc049f15180d875f935913b8.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-032472.top/
Origin: https://1xlite-032472.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 26 Jan 2025 04:33:24 GMT
content-type: application/json
traceparent: 00-601c85b90b54db97c98f30d9e1f3dab1-38d6db0ee7d3f9f0-01
last-modified: Wed, 20 Nov 2024 09:20:07 GMT
etag: W/"ca7f8dc261bfa0bedbe26c6196957093"
content-encoding: gzip
expires: Thu, 16 Jan 2025 10:57:42 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 1363
cache: HIT
x-cached-since: 2025-01-26T04:10:41+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/b5cd9a5e87d930de856c92da15aa121e.png

185.244.209.62

200 OK

653 B

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/b5cd9a5e87d930de856c92da15aa121e.png
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-032472.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
PNG image data, 32 x 32, 8-bit colormap, non-interlaced
Size
653 B (653 bytes)
Hash
e6f0766cbd95db33da44e7a9140648f2
5f196b1bfe8c3f92bd2ebcd67124e72e81ae6aaf
c0399d478788d5d483f104a2e8cb7c32f41cb40e9df0c22e831b2bfa2db63ec0

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/b5cd9a5e87d930de856c92da15aa121e.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-032472.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 26 Jan 2025 04:33:23 GMT
content-type: image/png
content-length: 653
traceparent: 00-1d02cf802abbc5702bf1d792f09aa280-01dae0e1b45acf76-01
last-modified: Wed, 26 Jun 2024 08:18:02 GMT
etag: "e6f0766cbd95db33da44e7a9140648f2"
expires: Thu, 16 Jan 2025 10:46:36 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 1220
cache: HIT
x-cached-since: 2025-01-26T04:13:03+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_express_day/en/dictionary_d33d208649ed1030df89e13e093c1b13.json

185.244.209.62

200 OK

831 B

URL GET HTTP/2
v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_express_day/en/dictionary_d33d208649ed1030df89e13e093c1b13.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-032472.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (888), with no line terminators
Size
831 B (831 bytes)
Hash
4157235fcf6bda16308d18ab6113b6fb
9c83a215e38d608b4000c51585219c057aae8bf2
588e8095ca0a3883ec271e21846d3f03f210320e50ac478b9ae73813e4482cbb

HTTP Headers

GET /genfiles/web-app-v2/dictionary2/v3_express_day/en/dictionary_d33d208649ed1030df89e13e093c1b13.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-032472.top/
Origin: https://1xlite-032472.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 26 Jan 2025 04:33:24 GMT
content-type: application/json; charset=utf-8
content-length: 831
traceparent: 00-e4d6e7a3f83036b51cbfff8eb71e1b04-a16e8f6ee8bd86be-01
last-modified: Wed, 24 Jan 2024 16:06:20 GMT
etag: "5d35c8a9d00341303233a231c1adecdb"
cache-control: max-age=3600
expires: Thu, 16 Jan 2025 10:56:26 GMT
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 761
cache: HIT
x-cached-since: 2025-01-26T04:20:43+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_forgot_password/en/dictionary_28cb4e6b9a8be3afbcbc2a6b22ab3393.json

185.244.209.62

200 OK

3.5 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_forgot_password/en/dictionary_28cb4e6b9a8be3afbcbc2a6b22ab3393.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-032472.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (3690), with no line terminators
Size
3.5 kB (3497 bytes)
Hash
f2e705877a451c1d6297f18a0d09b8b0
78e994cf53ef3d6ef8024eda5225926b7641e38b
ed1fea1eb8e1aa7acaa8f9feba9c7f8963cee50bbca7caf4c93fa23a38d42f93

HTTP Headers

GET /genfiles/web-app-v2/dictionary2/v3_forgot_password/en/dictionary_28cb4e6b9a8be3afbcbc2a6b22ab3393.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-032472.top/
Origin: https://1xlite-032472.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 26 Jan 2025 04:33:24 GMT
content-type: application/json; charset=utf-8
traceparent: 00-bfba1282547ef09bf5272bf1b8fa0273-38e5e6a9563e7d1b-01
last-modified: Tue, 03 Dec 2024 08:05:32 GMT
etag: W/"273bec90c875f74d2f5ef70f9e32db45"
cache-control: max-age=3600
content-encoding: gzip
expires: Thu, 16 Jan 2025 10:56:28 GMT
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 2789
cache: HIT
x-cached-since: 2025-01-26T03:46:55+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/e7f91740f4be211afac731343dc63895.json

185.244.209.62

200 OK

14 kB

URL GET HTTP/2
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/e7f91740f4be211afac731343dc63895.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-032472.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
14 kB (14236 bytes)
Hash
5f6393bd6febc268d33cb235c7eec194
819eb4409582bcea038e527fd5859dde2d13e0e7
9ae42c0a8d88add1a2d54faab5d819c619cb2a2a1eec7595fe1029a91449efb0

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/e7f91740f4be211afac731343dc63895.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-032472.top/
Origin: https://1xlite-032472.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 26 Jan 2025 04:33:24 GMT
content-type: application/json
traceparent: 00-a17e801bc3403f7da999c0e776616620-ee60b1a47f5d4026-01
last-modified: Fri, 17 May 2024 01:07:57 GMT
etag: W/"5f6393bd6febc268d33cb235c7eec194"
content-encoding: gzip
expires: Thu, 16 Jan 2025 11:02:52 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 1363
cache: HIT
x-cached-since: 2025-01-26T04:10:41+00:00
X-Firefox-Spdy: h2

GET 1xlite-032472.top/en/slots?tag=d_87653m_16307c_[]MS[]null[]null[]general[]3098980_d26691_l109169_clickunder

46.32.182.119

302 Found

252 kB

URL User Request GET HTTP/2
1xlite-032472.top/en/slots?tag=d_87653m_16307c_[]MS[]null[]null[]general[]3098980_d26691_l109169_clickunder
IP
46.32.182.119:443
ASN
#0

Certificate
IssuerLet's Encrypt
Subject1xlite-032472.top
Fingerprint67:A5:DB:FC:AB:A3:CB:3D:16:5D:64:68:CE:5C:77:27:83:DD:D9:57
ValidityWed, 25 Dec 2024 09:21:50 GMT - Tue, 25 Mar 2025 09:21:49 GMT

File type

Size
252 kB (252363 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /en/slots?tag=d_87653m_16307c_[]MS[]null[]null[]general[]3098980_d26691_l109169_clickunder HTTP/1.1
Host: 1xlite-032472.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: nginx
date: Sun, 26 Jan 2025 04:33:22 GMT
link: <https://v3.traincdn.com/sys-ui/2.3.48/Desktop/Default/client.css>; rel=preload; as=style; crossorigin=anonymous
location: /en/block
server-timing: dt_total;dur=0.009, total;dur=162;desc="Nuxt Server Time", wf-uht;dur=0.176
set-cookie: platform_type=desktop; Path=/; Expires=Wed, 29 Jan 2025 04:33:22 GMT; Secure; SameSite=None; Partitioned
lng=en; Path=/
cookies_agree_type=3; Path=/
tzo=1; Path=/
is12h=0; Path=/
referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_87653m_16307c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D3098980_d26691_l109169_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; Path=/; Expires=Thu, 27 Mar 2025 04:33:22 GMT
reflinkid=d_87653m_16307c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D3098980_d26691_l109169_clickunder; Path=/; Expires=Sun, 26 Jan 2025 05:33:22 GMT
postback_watcher=; Path=/; Expires=Sun, 26 Jan 2025 04:33:26 GMT
auid=LiC2d2eVuxJ3VRokA5DeAg==; path=/; secure; httponly; samesite=lax
x-dt: 285
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/D1iYNtOZ.css

185.244.209.62

200 OK

17 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/D1iYNtOZ.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-032472.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with very long lines (16646)
Size
17 kB (16647 bytes)
Hash
a161ab64e426c2e67de9bb720e159e76
f245ce31889e8eaaab39cfcfb34a913ac9baefca
afcae9c54be5b2ccb48feea71c2204701b974e54e04e3a4b93fe64b74d6c45f2

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/D1iYNtOZ.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-032472.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 26 Jan 2025 04:33:23 GMT
content-type: text/css; charset=utf-8
traceparent: 00-f2120a244d5a69a78d5089979feab1bc-fbb423c0748cf12f-01
last-modified: Thu, 16 Jan 2025 12:01:29 GMT
etag: W/"a161ab64e426c2e67de9bb720e159e76"
x-amz-meta-mtime: 1737028741.202096736
content-encoding: gzip
expires: Thu, 23 Jan 2025 12:27:28 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 57928
cache: HIT
x-cached-since: 2025-01-25T12:27:55+00:00
X-Firefox-Spdy: h2

GET 1xlite-032472.top/hd-api/external/0194a0e2-e775-7779-a2e1-b735c53cbb7b.js

46.32.182.119

200 OK

344 kB

URL GET HTTP/2
1xlite-032472.top/hd-api/external/0194a0e2-e775-7779-a2e1-b735c53cbb7b.js
IP
46.32.182.119:443
ASN
#0

Requested by
https://1xlite-032472.top/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-032472.top
Fingerprint67:A5:DB:FC:AB:A3:CB:3D:16:5D:64:68:CE:5C:77:27:83:DD:D9:57
ValidityWed, 25 Dec 2024 09:21:50 GMT - Tue, 25 Mar 2025 09:21:49 GMT

File type

Size
344 kB (344309 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hd-api/external/0194a0e2-e775-7779-a2e1-b735c53cbb7b.js HTTP/1.1
Host: 1xlite-032472.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-032472.top/en/block
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=1; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_87653m_16307c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D3098980_d26691_l109169_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_87653m_16307c_%5B%5DMS%5B%5Dnull%5B%5Dnull%5B%5Dgeneral%5B%5D3098980_d26691_l109169_clickunder; auid=LiC2d2eVuxJ3VRokA5DeAg==; window_width=1280; che_g=ed4f8691-357d-986e-988b-8186689a5f4e; SESSION=d59da11dcb50a7180f7c61101c37c2a4
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 26 Jan 2025 04:33:32 GMT
content-type: text/javascript; charset=utf-8
cache-control: private, max-age=0, must-revalidate
content-encoding: gzip
vary: Accept-Encoding
x-dt: 285
x-hd-trace-id: 9008b284-7f1e-434c-b290-f8829892c07e
x-request-guid: 7c06936675c5de194976bfbe3e4d43fe
x-time-ng: 0.002
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.018, wf-uht;dur=0.012
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/shared-assets/Desktop/__shared_base-app_lUiBTGbP.js

185.244.209.62

200 OK

779 kB

URL GET HTTP/2
v3.traincdn.com/sys-static/shared-assets/Desktop/__shared_base-app_lUiBTGbP.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-032472.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type

Size
779 kB (779147 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /sys-static/shared-assets/Desktop/__shared_base-app_lUiBTGbP.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-032472.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 26 Jan 2025 04:33:24 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-2d384b529fbb3c5d0fde35ae10dc27cf-da2e8dd84ccdcaab-01
last-modified: Wed, 22 Jan 2025 08:09:41 GMT
etag: W/"e6dbde9f88defcc7c52d0f625309c0e2"
x-amz-meta-mtime: 1737533121.063572431
content-encoding: gzip
expires: Thu, 23 Jan 2025 12:23:10 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 58160
cache: HIT
x-cached-since: 2025-01-25T12:24:04+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/PKQRX_b5.js

185.244.209.62

200 OK

270 B

URL GET HTTP/2
v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/PKQRX_b5.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-032472.top/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
270 B (270 bytes)
Hash
41bfc42b774ef52359e818ad3183126f
41df2d45a39f3d54dcf5b3abdbc4d33fdc10c7d4
360e0d6beaa6f9f26dbb97f355f16e410809ebe9c7cdc3835ab7b53ed7e6c2a9

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/PKQRX_b5.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-032472.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 26 Jan 2025 04:33:24 GMT
content-type: text/javascript; charset=utf-8
content-length: 270
traceparent: 00-2109720eb452f33ea8563d86bbe38550-e5400705b26653b9-01
last-modified: Thu, 16 Jan 2025 12:01:29 GMT
etag: "21545c1b5163b1aff8e5b501a8bf0e26"
x-amz-meta-mtime: 1737028741.202096736
expires: Thu, 23 Jan 2025 12:28:07 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 57860
cache: HIT
x-cached-since: 2025-01-25T12:29:04+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (44)

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN