Report - 1xlite-8941187.top/en/promotions/wheel-bet?tag=d_3553831m_18607c_&pb=e6fc45b0c608454c8f12397d35da7b34&click_id=A24A0F80-3161-11F0-9622-7D7A056F101B&r=promotions/wheel-bet

Report Overview

Visited public
2025-05-15 07:58:48
Tags
Submit Tags
URL
1xlite-8941187.top/en/promotions/wheel-bet?tag=d_3553831m_18607c_&pb=e6fc45b0c608454c8f12397d35da7b34&click_id=A24A0F80-3161-11F0-9622-7D7A056F101B&r=promotions/wheel-bet
Finishing URL
1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
IP / ASN
46.32.181.59
#202492 Silverhill Group Holding Ltd
Title
1xBet

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
v3.traincdn.com	unknown	2022-11-10	2022-11-25	2025-05-15	36 kB	6.0 MB	185.244.209.62
region1.analytics.google.com	unknown	1997-09-15	2022-03-17	2025-05-14	2.1 kB	1.7 kB	216.239.34.36
1xlite-8941187.top	unknown	2024-10-28	2025-05-15	2025-05-15	20 kB	851 kB	46.32.181.59
www.googletagmanager.com	75	2011-11-11	2012-10-04	2025-05-14	439 B	461 kB	142.250.74.136
radar.cedexis.com	3035	2009-01-07	2013-11-27	2025-05-15	852 B	1.4 kB	45.54.49.5
www.google.no	25607	2001-02-26	2012-06-26	2025-05-14	820 B	580 B	142.250.74.131

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-05-15	medium	1xlite-8941187.top	Sinkholed
2025-05-15	medium	1xlite-8941187.top	Sinkholed
2025-05-15	medium	1xlite-8941187.top	Sinkholed
2025-05-15	medium	1xlite-8941187.top	Sinkholed
2025-05-15	medium	1xlite-8941187.top	Sinkholed
2025-05-15	medium	1xlite-8941187.top	Sinkholed
2025-05-15	medium	1xlite-8941187.top	Sinkholed
2025-05-15	medium	1xlite-8941187.top	Sinkholed
2025-05-15	medium	1xlite-8941187.top	Sinkholed
2025-05-15	medium	1xlite-8941187.top	Sinkholed
2025-05-15	medium	1xlite-8941187.top	Sinkholed
2025-05-15	medium	1xlite-8941187.top	Sinkholed
2025-05-15	medium	1xlite-8941187.top	Sinkholed
2025-05-15	medium	1xlite-8941187.top	Sinkholed
2025-05-15	medium	1xlite-8941187.top	Sinkholed
2025-05-15	medium	1xlite-8941187.top	Sinkholed
2025-05-15	medium	1xlite-8941187.top	Sinkholed
2025-05-15	medium	1xlite-8941187.top	Sinkholed

ThreatFox

No alerts detected

JavaScript (51)

	URL	From	Size	First Seen	Last Seen
	v3.traincdn.com/main-static/6ace8295/desktop/default/vendors/app-4abfcbb9.js	ScriptElement	1.4 MB	2025-05-14	2025-05-16
Pretty URL v3.traincdn.com/main-static/6ace8295/desktop/default/vendors/app-4abfcbb9.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-14 05:06 Last Seen2025-05-16 07:45 Times Seen6 Hash fa55ae08d7b5e8f929cb3b57035dc9f0 f7f69cd580c357e1b8ab6dcae56524eb689176a6 a62bac5a6e8074a74c9b8c0654ad32cb83251f1ad3a668efaa155de3af54dcd2 Loading...

	v3.traincdn.com/main-static/6ace8295/desktop/default/DC-aa7e864f.js	ScriptElement	2.7 kB	2025-05-14	2025-05-16
Pretty URL v3.traincdn.com/main-static/6ace8295/desktop/default/DC-aa7e864f.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-14 05:06 Last Seen2025-05-16 07:45 Times Seen6 Hash ff6416721569f0ca7ca0a6111b8e845f 746b5a29aece55fc74ce28ed5c4bd27cd13a7127 c167cf9d96a1036fb00b89bfbd4a38e656739526ad4368ed1e4a0bd80409be86 Loading...

	v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/entry-773ad9a274.js	ScriptElement	21 kB	2025-05-14	2025-05-18
Pretty URL v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/entry-773ad9a274.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-14 05:06 Last Seen2025-05-18 18:09 Times Seen21 Hash acba92402dc1317bf72daa43da3a4c27 6b063d3a77fbfd4045a3ffcaa9dfb4cef861ea7e 9d6886aa6323c6e402192360d23de59c012cadbe61eea02c57822b658b38140d Loading...

	1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6	Function	47 B	2023-04-14	2025-07-19
Pretty URL 1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6 IP 46.32.181.59 ASN #202492 Silverhill Group Holding Ltd Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26 Last Seen2025-07-19 05:50 Times Seen6173 Hash a01893d8e129ad16c1e0fc5c7537f411 0e46d1bf2718f848d9d596fa269eaedb31204772 cbe7b89533bcd75b69f3e54807308551d68242ec1761e63bee1a99fc6e560175 Loading...

	v3.traincdn.com/main-static/6ace8295/desktop/default/Page.Block-9d985a45.js	ScriptElement	476 B	2025-05-14	2025-05-16
Pretty URL v3.traincdn.com/main-static/6ace8295/desktop/default/Page.Block-9d985a45.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-14 05:06 Last Seen2025-05-16 07:45 Times Seen6 Hash 388b41adb9ddbb05dcba0e411575774f 6b5f08fd97851cdf3105bd18354f02b7e869a64f 33413c5fa489707dd78978061f2a6740f35578919ed2bf47fd2e99100b465d99 Loading...

	v3.traincdn.com/main-static/6ace8295/desktop/default/vendors/plugins.v-tooltip-e339ee56.js	ScriptElement	77 kB	2025-05-14	2025-05-16
Pretty URL v3.traincdn.com/main-static/6ace8295/desktop/default/vendors/plugins.v-tooltip-e339ee56.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-14 05:06 Last Seen2025-05-16 07:45 Times Seen6 Hash 81d5c9d6f1552c6ec5eadc3432d963a9 aa541eb938c8bf1bfa6c318740ba5b69f71a903a 853e7a628847609aa596bf60da15461ab555aa554e82366717593b106a76751d Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_popper_js_E2H7ZPXQ.js	ImportedModule	21 kB	2025-05-14	2025-07-19
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_popper_js_E2H7ZPXQ.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-05-14 05:06 Last Seen2025-07-19 05:50 Times Seen1224 Hash 3cf0cae38afae9add22f7884e5061231 2a41037501375a439385a76a047876619683418f 322482e3beae5a985d069beea981614510fda90a5df7295b776a324d461fc43d Loading...

	v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/7413cf649a.js	ImportedModule	2.4 kB	2025-05-14	2025-05-18
Pretty URL v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/7413cf649a.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-05-14 05:06 Last Seen2025-05-18 18:09 Times Seen21 Hash fc9f00b3c5e80c91ffc413f8bff1f507 f4451cfe54e42a72f4355c4f4ae93bf833919b42 69d20bd48a101dd44f0aa62b660723f8f7f9e1013c39ae5c46896ba7e3376102 Loading...

	v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/d1a36b5f6a.js	ScriptElement	5.1 kB	2025-05-14	2025-05-18
Pretty URL v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/d1a36b5f6a.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-14 05:06 Last Seen2025-05-18 18:09 Times Seen21 Hash 54ce696a9c6363c00e6e811f3f59b132 8e9f932f7415e5c4ea001d9f14ed8bffb7152697 24c874e31808caf0045d84ecceee93a0bf39f37f8ad54af1427b7270c32b93cd Loading...

	1xlite-8941187.top/hd-api/external/assets/hdf.js	ScriptElement	4.1 kB	2024-11-12	2025-05-20
Pretty URL 1xlite-8941187.top/hd-api/external/assets/hdf.js IP 46.32.181.59 ASN #202492 Silverhill Group Holding Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2024-11-12 02:24 Last Seen2025-05-20 22:14 Times Seen708 Hash 2f26a679e9d54a65e6578e947cc5bdf2 1b984864aa7b3e28231ac7cea3c199435dbdc6bf 1e3c4bd81a1cd9ee02e42a42802d5c18cbdb3f3a11c0b2732eb11bd12263020c Loading...

	1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6	ScriptElement	1.7 kB	2025-05-14	2025-05-15
Pretty URL 1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6 IP 46.32.181.59 ASN #202492 Silverhill Group Holding Ltd Introduced by scriptElement Embedded in HTML true Observations First Seen2025-05-14 05:06 Last Seen2025-05-15 07:58 Times Seen2 Hash 6c72c044e93cb4502fb97cf32ecd5270 87ee96c578a1b66310a843f52df24f194a04976a 872ac2a3a025b5fcaea96602d3910106b5175711f2790cdceb9f7f7b199832f0 Loading...

	v3.traincdn.com/main-static/6ace8295/desktop/default/runtime-45fb308a.js	ScriptElement	20 kB	2025-05-14	2025-05-15
Pretty URL v3.traincdn.com/main-static/6ace8295/desktop/default/runtime-45fb308a.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-14 05:06 Last Seen2025-05-15 07:58 Times Seen2 Hash 1afbd79d0a58392a096f4bddfae2a451 e0abeb58130678ed7d5a4948aa91644c8cb80acb 79bc09f29c35a2af82fb798987cc5112ac61c29574ff7e0f9221ad12f6a1ec72 Loading...

	v3.traincdn.com/main-static/6ace8295/desktop/default/app-90837400.js	ScriptElement	512 kB	2025-05-14	2025-05-15
Pretty URL v3.traincdn.com/main-static/6ace8295/desktop/default/app-90837400.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-14 05:06 Last Seen2025-05-15 07:58 Times Seen2 Hash 431252e3cc85f98e529fcfea09096af3 a8b0ab52833ea2a1cdfd9317eca9418bdea767b5 21cfb62537f9a14d0fb7ed009ae68b0eeb9c946e04ed3221222689baa271325b Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_fast_deep_equal_XYWIEKOD.js	ImportedModule	865 B	2025-05-14	2025-07-19
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_fast_deep_equal_XYWIEKOD.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-05-14 05:06 Last Seen2025-07-19 05:50 Times Seen1234 Hash 0af3fe0c072a5bb3b6c731767187982f 55db5afb57265dc92fd121fe9ae565ffb2f53b2c 655bbe85da91e863401c6f96e24b41f5c2fe51a4245cecc2deb2b8c9600fef30 Loading...

	v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/1044f03473.js	ImportedModule	1.3 kB	2025-05-14	2025-05-18
Pretty URL v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/1044f03473.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-05-14 05:06 Last Seen2025-05-18 18:09 Times Seen21 Hash 5955ac4557e085786c0b60df3d90c41f 811ec2dc5b2a74e6a9382444bc2bdd4cf269cbbe d8469fc21f9dd69398a3505454528b18c01143ca4e693c194d04a403b2cd00af Loading...

	v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/b68552e386.js	ImportedModule	3.8 kB	2025-05-14	2025-05-18
Pretty URL v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/b68552e386.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-05-14 05:06 Last Seen2025-05-18 18:09 Times Seen21 Hash c3af87042792c6e2e307b8e4a6e7cecf c1d4428224d5828f8808e572831c9a16b1acd484 b07ba48fa57a5574af0447fd2ffa0a53fadaab737909620d9904f5934b99243f Loading...

	1xlite-8941187.top/captcha-api/assets/hunt-captcha.js	ScriptElement	84 kB	2025-05-01	2025-05-15
Pretty URL 1xlite-8941187.top/captcha-api/assets/hunt-captcha.js IP 46.32.181.59 ASN #202492 Silverhill Group Holding Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-01 07:13 Last Seen2025-05-15 07:58 Times Seen44 Hash be79c7224b26aecc4360524e88e8b1c8 83823bfb5014be1ff5fd565c182ce625f216a655 82f66c5a82eac3b54409b44f787da4e66a8c0cae1ad18c9685cc75cf604713f4 Loading...

	data:text/javascript,export const meta = import.meta;	ScriptElement	32 B	2023-12-06	2025-07-19
Pretty URL data:text/javascript,export const meta = import.meta; IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-06 14:32 Last Seen2025-07-19 05:50 Times Seen3927 Hash 6d772b7d405b447ecee54ab61cdd5108 dd65fb9cd5a7cb94a40fe161f4f72303a61eb3b7 b90ff694e492935b6036fb7e878d365dab51aafa46f0afb1e33414e7ecc3307b Loading...

	v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/$_$.js	ImportedModule	69 B	2025-05-14	2025-07-19
Pretty URL v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/$_$.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-05-14 05:06 Last Seen2025-07-19 05:50 Times Seen1146 Hash 2cdaa92927f02e0b628f1ef4d7dd8caf 9104a2e16ed080b80a42588b8aeb52ebec47ab7a ef8101ffea52addcdcfcc3a83f96ff2d4613fb3ae6d1c16bbe4852387b73a9db Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_accept_language_parser_B6TW5FDZ.js	ImportedModule	1.3 kB	2025-05-14	2025-07-19
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_accept_language_parser_B6TW5FDZ.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-05-14 05:06 Last Seen2025-07-19 05:50 Times Seen1234 Hash e3f1c4089db6b910890e85d97a2e2066 85828920da3c3fd7856acde184e835ac314295cd 6c28afe5a52e0f9b1138fe498b254c8671058a058b555651ccae8e91e7534614 Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_vue_deps_DYMTJONH.js	ImportedModule	19 kB	2025-05-14	2025-07-19
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_vue_deps_DYMTJONH.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-05-14 05:06 Last Seen2025-07-19 05:50 Times Seen1234 Hash 1580a3cfe81fd30910a49dfe64cc8e7b 314144dc49595482ba46c0b85b38d5f73ef73a7b 8989a021d20f0fc08c43966a287cbd99e43142a5a0ff42eb232756a101de6035 Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_libphonenumber_js_Q6RMKWT6.js	ImportedModule	159 kB	2025-05-14	2025-07-19
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_libphonenumber_js_Q6RMKWT6.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-05-14 05:06 Last Seen2025-07-19 05:50 Times Seen1234 Hash 1da464d70e78b04b9b808e82e4ad9487 0c79e65516d1525ecb43d13cfb4ccb0631095a28 b4c72b8036ca6767ab61490178f901538646f2aa1001cb042caa134174a41595 Loading...

	v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/a4446f7d50.js	ImportedModule	1.1 kB	2025-05-14	2025-05-21
Pretty URL v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/a4446f7d50.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-05-14 05:06 Last Seen2025-05-21 14:07 Times Seen61 Hash 27394e2b9d3d63b092206c08e9a504fa 9f767f416c7e7ef9a1f210d5944c8b050404282a 337cbcca75bb6b4ce433521b154bea716e8dcce784d8424018d8437a5d5466a5 Loading...

	v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/c50237ecf8.js	ImportedModule	147 B	2025-05-14	2025-05-18
Pretty URL v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/c50237ecf8.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-05-14 05:06 Last Seen2025-05-18 18:09 Times Seen21 Hash 9342a6022b9534791428a95d6f0e0960 21edf67a4d61d01073e1632bf874666df1403005 e6ddeb8d20f888ff72b70ae57ee365f5bcf1bf51de0cf76baf2f419705dc277d Loading...

	v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/ee18910b90.js	ImportedModule	27 kB	2025-05-14	2025-05-18
Pretty URL v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/ee18910b90.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-05-14 05:06 Last Seen2025-05-18 18:09 Times Seen21 Hash 339872447ffee6f3279147231c5ea294 a77dd26e42651662348fb9fa823e9dca23994c05 c3bffa1de6e44424bf2da1947f585b9f5c72e375c1c3adf288254c4a3b926ea4 Loading...

	v3.traincdn.com/main-static/6ace8295/desktop/default/analytics-2a8f5225.js	ScriptElement	7.8 kB	2025-05-10	2025-05-16
Pretty URL v3.traincdn.com/main-static/6ace8295/desktop/default/analytics-2a8f5225.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-10 00:11 Last Seen2025-05-16 07:45 Times Seen32 Hash a7ab0d3478efff4a7b6dc95b95fd78d0 29fd58ecfad589b7e2324789051fd93f883e8fb1 7952f5f889f4544c562bb59148eb55d0a212f7826843c2c622be04eda26aa490 Loading...

	radar.cedexis.com/1/23802/radar.js	ScriptElement	390 B	2024-02-13	2025-07-19
Pretty URL radar.cedexis.com/1/23802/radar.js IP 45.54.49.5 ASN #63911 NetActuate, Inc Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-13 14:23 Last Seen2025-07-19 05:50 Times Seen3165 Hash 82dec77fd0353c7c71ce053b8601387e fbbca95419e1d0c042e0a5fdf10f380aca66188c 39f2b7b0fa78d37d0c84d2d6618bd635d86fd683d9bcdd5729850cb2a62522f7 Loading...

	1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6	ScriptElement	6.4 kB	2025-05-15	2025-05-15
Pretty URL 1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6 IP 46.32.181.59 ASN #202492 Silverhill Group Holding Ltd Introduced by scriptElement Embedded in HTML true Observations First Seen2025-05-15 07:58 Last Seen2025-05-15 07:58 Times Seen1 Hash e3768f02525f0ea68fabbe55f25ee00f d644b2030fbda8d4d179d181fa184247389b7388 b82b4396b5fc3c069fb5a4a6d8bc837dea503d421601cb9fc4dbc3a3f27d3f2e Loading...

	1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6	DomTimer	10 B	2024-09-21	2025-07-19
Pretty URL 1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6 IP 46.32.181.59 ASN #202492 Silverhill Group Holding Ltd Introduced by domTimer Embedded in HTML false Observations First Seen2024-09-21 15:04 Last Seen2025-07-19 05:50 Times Seen1964 Hash 01f4b51b4ba7edd00ad9f0a22259f06e 00723d0eda4be61a7b1c542b0a08a94a94a60017 9fdac1c31a22f55dbb8ca225ee28c3f7e88b41cce82968af0018c9f8b3bd35ba Loading...

	1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6	ScriptElement	197 kB	2025-05-15	2025-05-15
Pretty URL 1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6 IP 46.32.181.59 ASN #202492 Silverhill Group Holding Ltd Introduced by scriptElement Embedded in HTML true Observations First Seen2025-05-15 07:58 Last Seen2025-05-15 07:58 Times Seen1 Hash b530e2ffa0a17f0e6e63b6e9213647b3 b9151a46d47042cf07797c77f3794dda302a7645 fbe4ab42544851fe9779a40a4c9f909d1338a283db38ee1bdaeb4ed6aa063f15 Loading...

	v3.traincdn.com/main-static/6ace8295/desktop/default/vendors/plugins.vue-notification-7abf8c63.js	ScriptElement	13 kB	2025-05-14	2025-05-16
Pretty URL v3.traincdn.com/main-static/6ace8295/desktop/default/vendors/plugins.vue-notification-7abf8c63.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-14 05:06 Last Seen2025-05-16 07:45 Times Seen6 Hash 44aee1ef5bb4af087ddd25381875cc88 775ed51fa3f60ab52c93d2795d3a5453132cd171 881f0ab869b417c0ac8f0212e5e2babcfc5019ae8e985aa333ce99786f7a0da4 Loading...

	v3.traincdn.com/sys-static/shared-assets/Desktop/__shared_base-app_114fe59c47.js	ImportedModule	789 kB	2025-05-14	2025-05-21
Pretty URL v3.traincdn.com/sys-static/shared-assets/Desktop/__shared_base-app_114fe59c47.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-05-14 05:06 Last Seen2025-05-21 14:07 Times Seen62 Hash 435056127d090da3962ec407566149c5 9313f126df39a83e81ff125106f1bf005bb38cde b285814b5de1f3b5270786c6e06277a6c250b186a9e468c3bb9ac63e93b9b490 Loading...

	v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/ef9556aec7.js	ImportedModule	2.0 kB	2025-05-14	2025-05-18
Pretty URL v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/ef9556aec7.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-05-14 05:06 Last Seen2025-05-18 18:09 Times Seen21 Hash f8fe2954451c806981cfa96f8af8906d 48e149b18717e97f1950a39655da30f9bdf95427 6aa1efd8c2d8b2c02b3df2baba5c29eca220e8328b58ad49570cddd7f262b88a Loading...

	1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6	Function	82 kB	2025-05-01	2025-05-15
Pretty URL 1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6 IP 46.32.181.59 ASN #202492 Silverhill Group Holding Ltd Introduced by Function Embedded in HTML false Observations First Seen2025-05-01 07:13 Last Seen2025-05-15 07:58 Times Seen44 Hash d358975bb9c7717418ccbff9ee446b78 51bb60be36765047e63201cf93011a86047cb857 ed8cab8a726d68bdbe67051581199c8548bd4ee75c3c55eadcd52ded261ddd40 Loading...

	1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6	Eval	216 kB	2025-05-15	2025-05-15
Pretty URL 1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6 IP 46.32.181.59 ASN #202492 Silverhill Group Holding Ltd Introduced by eval Embedded in HTML false Observations First Seen2025-05-15 07:58 Last Seen2025-05-15 07:58 Times Seen1 Hash 937f66c6a6de7fdb30c9ea525c5976fa 05d5ea5f3fec2c5c8cae1a956ded515569462484 211bef6357c32d9ec24e4e17119b92ba024994d715410e479dec3b17f473960a Loading...

	1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6	Function	44 B	2023-04-14	2025-07-19
Pretty URL 1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6 IP 46.32.181.59 ASN #202492 Silverhill Group Holding Ltd Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26 Last Seen2025-07-19 05:50 Times Seen6176 Hash 00beb9884d0391b342eadd30744b539a 3124c0bd593822379d22f13d3e08e70a1bf5ea14 92394eec5690449a4f6cfc9a7f97497a69e926b2365cb9a9aad3507a844f835c Loading...

	v3.traincdn.com/main-static/6ace8295/desktop/default/vendors/plugins.vue-js-modal-4880d136.js	ScriptElement	27 kB	2025-05-14	2025-05-16
Pretty URL v3.traincdn.com/main-static/6ace8295/desktop/default/vendors/plugins.vue-js-modal-4880d136.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-14 05:06 Last Seen2025-05-16 07:45 Times Seen6 Hash 1bf91dda7c7e63e5cc061aefa0e18528 6460f8030ff774a21b45458d495fd81a1c14fd7b 60bf2e595e97a0ec7a98ba27b4404b49a9a3adc12b818d36d0647d9b6add1e36 Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_chunk_7HDOEZTP.js	ImportedModule	1.2 kB	2025-05-14	2025-07-19
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_chunk_7HDOEZTP.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-05-14 05:06 Last Seen2025-07-19 05:50 Times Seen1234 Hash 7e76c08e7f16815131a5f13a10c1efba 5f800877b78a0713157fe119bc1a2d9a260f72e1 c6f29a0c7c3ed884ccffd7a529fd2fc599e2da1f31af658146f0e36a3f4c00dc Loading...

	1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6	Function	39 B	2023-04-14	2025-07-19
Pretty URL 1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6 IP 46.32.181.59 ASN #202492 Silverhill Group Holding Ltd Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26 Last Seen2025-07-19 05:50 Times Seen6179 Hash bc51ed8c76553717f10d58b2df60fd76 e2d03a8fd8d280074b226c288880f9df299c7cb1 bee994eaf88453f6343ba57571a069054c12c9b4e42f8cbad4f2ad75c7fb264c Loading...

	1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6	Function	47 B	2023-04-14	2025-07-19
Pretty URL 1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6 IP 46.32.181.59 ASN #202492 Silverhill Group Holding Ltd Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26 Last Seen2025-07-19 05:50 Times Seen6174 Hash 580b3e56fc9ab6e8b4655f43ee057cc1 5dfce565e446f4a167195de9a1a5dd26163c711c 446f07b6e56de61d2c2d5b6ba408cc580b492a6d1ede8fc51cfde4ef75a2b382 Loading...

	1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6	Function	96 B	2023-12-06	2025-07-19
Pretty URL 1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6 IP 46.32.181.59 ASN #202492 Silverhill Group Holding Ltd Introduced by Function Embedded in HTML false Observations First Seen2023-12-06 14:32 Last Seen2025-07-19 05:50 Times Seen3927 Hash 94361ed86ab9b2fbb8d805c2025df46a 3f428332f7a1c7196a85c93a373a966d75708c19 eee4d228a49a86625f29410cf9a23d145e821a09cbb1f7a4d7557d206872715a Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_localforage_FJKG5M2E.js	ImportedModule	30 kB	2025-05-14	2025-07-19
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_localforage_FJKG5M2E.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-05-14 05:06 Last Seen2025-07-19 05:50 Times Seen1234 Hash 02cf95f00794b77df34632e34a59c5be b64889fb6cbe78a141688ea761a627997ef8a8af bf78b7b3dd6ecbdea04c575edfb6022ed1b2e98c7a9cb9f02ab851ca638f1b83 Loading...

	v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/84bf8e5c40.js	ScriptElement	1.2 kB	2025-05-14	2025-05-18
Pretty URL v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/84bf8e5c40.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-14 05:06 Last Seen2025-05-18 18:09 Times Seen21 Hash c0b2fd41ca092a6197f8e64f691d959d f22e3a9f16bac0fb72607d076e78bc218035913a 33b7c074f08c7de8bf25abe195214c79b062daf41b50d773befd8eaeb9d7cec9 Loading...

	1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6	Function	34 B	2023-04-14	2025-07-19
Pretty URL 1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6 IP 46.32.181.59 ASN #202492 Silverhill Group Holding Ltd Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26 Last Seen2025-07-19 05:50 Times Seen6186 Hash 7bcdb973ab8af8e24ab11cb554a1ba6e 24e8a10f240f2b06f81d7c173cd0a90606641fc1 916ec4eb9b485eb47f43a17fe212e84e4b72600b45eb6d4588599ad495a57fcd Loading...

	1xlite-8941187.top/main-static/6ace8295/check-ob.js	ScriptElement	219 B	2024-07-17	2025-07-19
Pretty URL 1xlite-8941187.top/main-static/6ace8295/check-ob.js IP 46.32.181.59 ASN #202492 Silverhill Group Holding Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2024-07-17 14:33 Last Seen2025-07-19 05:50 Times Seen2354 Hash c065700c9c8c493403359e1f2baa10d9 4630fe729e70bdf63fa7ba6c84ec277fd1f51030 1e61f0c82ae82ffcf503fcd4b4c8ae27b32c11e19b882d5d13f3c44364c893f4 Loading...

	v3.traincdn.com/main-static/6ace8295/desktop/default/commons/app-62192425.js	ScriptElement	138 kB	2025-05-14	2025-05-16
Pretty URL v3.traincdn.com/main-static/6ace8295/desktop/default/commons/app-62192425.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-14 05:06 Last Seen2025-05-16 07:45 Times Seen6 Hash d60b74a949f102a8a1e463828951dd85 e6b81558411b8fe6407dbcd801e81d707693abfe 92c383c2bc3b7176f557aca1575bf5cde6ca9bea9c5f96a8b685ba582dd8d5e2 Loading...

	1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6	Eval	2.6 kB	2025-05-14	2025-05-28
Pretty URL 1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6 IP 46.32.181.59 ASN #202492 Silverhill Group Holding Ltd Introduced by eval Embedded in HTML false Observations First Seen2025-05-14 05:06 Last Seen2025-05-28 10:05 Times Seen136 Hash 056b2fc0921973e37a14e44dfc8894d8 3cde9b6e849ed18198aa4d8b446341e38040d27f 35484299c989b529a0d35acc5532486d979b4aa20fdc79ff07796b2ebe917053 Loading...

	v3.traincdn.com/main-static/6ace8295/desktop/default/Betting.Core-f08beb2a.js	ScriptElement	2.1 kB	2025-05-14	2025-05-15
Pretty URL v3.traincdn.com/main-static/6ace8295/desktop/default/Betting.Core-f08beb2a.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-14 05:06 Last Seen2025-05-15 07:58 Times Seen2 Hash c9df4b47db2aa6123790e4e9622dc82f 80293aa0c91faa485deaf1047896d3104a67373d 33bb29c1f8dce748e5bcd0cd8d7567b3db24bcb3a004f9dfbc1a1cd53e9f3464 Loading...

	1xlite-8941187.top/hd-api/external/apps/c5e31d5915661de4393e3f1489b00ebc4497dd48/api.js	ScriptElement	753 B	2025-02-26	2025-05-20
Pretty URL 1xlite-8941187.top/hd-api/external/apps/c5e31d5915661de4393e3f1489b00ebc4497dd48/api.js IP 46.32.181.59 ASN #202492 Silverhill Group Holding Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2025-02-26 21:56 Last Seen2025-05-20 22:14 Times Seen513 Hash f004562bde4d48fb0987e200eb06f3af 6ce4bb1f9a61802bc2b28d084810a6a752af30a6 ba2a7d9626d02a36d5c599c2e0f24594f47e2624d8fa93f6944056722e31f20f Loading...

	1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6	Function	209 kB	2025-05-15	2025-05-15
Pretty URL 1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6 IP 46.32.181.59 ASN #202492 Silverhill Group Holding Ltd Introduced by Function Embedded in HTML false Observations First Seen2025-05-15 07:58 Last Seen2025-05-15 07:58 Times Seen1 Hash a61deb4ec3cf796fc112815c273f003b 33741a64bbc3ffa5f0762a9afe1d858a8703c430 259015727108eb4c40a63a065b250551bd8abf76c9b7ab5cd86e03d932490704 Loading...

	www.googletagmanager.com/gtag/js?id=G-5671CMJ6T4	ScriptElement	460 kB	2025-05-15	2025-05-15
Pretty URL www.googletagmanager.com/gtag/js?id=G-5671CMJ6T4 IP 142.250.74.136 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-15 07:58 Last Seen2025-05-15 07:58 Times Seen1 Hash 991d152868894fb9d5ddf1c9f0d08894 3e567ed2425f2687807d0d02525fa0c56e0a5707 a9c7b3ab504726ae14738718b823c9e6e2df52f08e46addc62b3d2eb6c29728e Loading...

HTTP Transactions (95)

URL IP Response Size

GET v3.traincdn.com/sys-ui/3.3.203/Desktop/Default/merged.css

185.244.209.62

200 OK

745 kB

URL GET
v3.traincdn.com/sys-ui/3.3.203/Desktop/Default/merged.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
745 kB (745052 bytes)
Hash
dbddea30bbed766957461e184b39e4a8
adc8e52e86f32ad2e2ba83debbf8d3a14db426a5
ac9c988843284ce02f52ba93197a8de4b2fa4be21cccb2b8c146c4301ab1d3da

HTTP Headers

GET /sys-ui/3.3.203/Desktop/Default/merged.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-8941187.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 15 May 2025 07:58:25 GMT
content-type: text/css; charset=utf-8
traceparent: 00-2196359e3aeae95a41cc3d94396f9d67-8585c6e98356d45d-01
last-modified: Wed, 14 May 2025 13:17:44 GMT
etag: W/"dbddea30bbed766957461e184b39e4a8"
x-amz-meta-mtime: 1747228627.355818114
content-encoding: gzip
expires: Thu, 15 May 2025 13:27:42 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 66573
cache: HIT
x-cached-since: 2025-05-14T13:28:52+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-1557/desktop/media_asset/1b44632ee24d33ee68b1777a2ca65379.json

185.244.209.62

200 OK

7.3 kB

URL GET
v3.traincdn.com/genfiles/cms/1-1557/desktop/media_asset/1b44632ee24d33ee68b1777a2ca65379.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
7.3 kB (7321 bytes)
Hash
0614058b667e6dfa1cdecc6e0e53131c
4f20f88c436fb5cbd82cf1dcfeaa14e52195a369
be16474b0f19b7536ebdd3d0f8867b151eaa4638411ddb46845f887a5d51a653

HTTP Headers

GET /genfiles/cms/1-1557/desktop/media_asset/1b44632ee24d33ee68b1777a2ca65379.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-8941187.top/
Origin: https://1xlite-8941187.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 15 May 2025 07:58:26 GMT
content-type: application/json
traceparent: 00-a8b062bde8b300673e60f73a194cf159-5593f42053e097dd-01
last-modified: Thu, 23 Jan 2025 13:23:15 GMT
etag: W/"0614058b667e6dfa1cdecc6e0e53131c"
content-encoding: gzip
expires: Wed, 14 May 2025 02:31:36 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
cache: REVALIDATED
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-1557/desktop/media_asset/d3bfddf79b491f7f887cb194367a7ef7.json

185.244.209.62

200 OK

465 B

URL GET
v3.traincdn.com/genfiles/cms/1-1557/desktop/media_asset/d3bfddf79b491f7f887cb194367a7ef7.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
465 B (465 bytes)
Hash
c18f57f4aff3cdc9ac4e9b71b54a5810
11e0ec9094d11ec4bfe5ef61cd09aa827df836d4
4844ea1e167daceb7a53a3b70c83d4389c19d42d0c1af060daf3a91ee7dbe64a

HTTP Headers

GET /genfiles/cms/1-1557/desktop/media_asset/d3bfddf79b491f7f887cb194367a7ef7.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-8941187.top/
Origin: https://1xlite-8941187.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 15 May 2025 07:58:27 GMT
content-type: application/json
content-length: 465
traceparent: 00-f44fcb4042562858bf2349044de9cbc7-c99f1aa7c987be5c-01
last-modified: Mon, 26 Aug 2024 16:52:40 GMT
etag: "c18f57f4aff3cdc9ac4e9b71b54a5810"
expires: Wed, 14 May 2025 02:31:37 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
cache: REVALIDATED
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-1557/desktop/media_asset/ae88b1f3871e75ef437f190de403277a.json

185.244.209.62

200 OK

1.3 kB

URL GET
v3.traincdn.com/genfiles/cms/1-1557/desktop/media_asset/ae88b1f3871e75ef437f190de403277a.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
1.3 kB (1342 bytes)
Hash
499d57f89b2bf5fed52d984d865fd72c
f3dd138886f2c1e257d3ac2214b7e3cba57e56b2
9467cf5576ce2a97d9e44e53915a9c4ae529c134cc1ea5a3c62ea304eebda0c8

HTTP Headers

GET /genfiles/cms/1-1557/desktop/media_asset/ae88b1f3871e75ef437f190de403277a.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-8941187.top/
Origin: https://1xlite-8941187.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 15 May 2025 07:58:27 GMT
content-type: application/json
traceparent: 00-58dfe314b2065fd13d10b11b62441565-1b19feb801aeb091-01
last-modified: Thu, 27 Feb 2025 08:19:06 GMT
etag: W/"499d57f89b2bf5fed52d984d865fd72c"
content-encoding: gzip
expires: Wed, 14 May 2025 02:31:37 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
cache: REVALIDATED
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2

185.244.209.62

200 OK

64 kB

URL GET
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 63748, version 1.0
Size
64 kB (63748 bytes)
Hash
6887b6f24414dbc612dbf42ccdc76b70
8068d3abfbc6cbf35b55919da45b1f4d2d136238
fc5c015fc32518f1ed810fa84ca28941eb9d5a3c81acc8df69a4dbbeedef7b0c

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-8941187.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 15 May 2025 07:58:35 GMT
content-type: font/woff2
content-length: 63748
traceparent: 00-9fd959af25a22771ba98a0333085e213-69c9c9c9e741598f-01
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "6887b6f24414dbc612dbf42ccdc76b70"
expires: Thu, 16 Jan 2025 10:32:14 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 3050
cache: HIT
x-cached-since: 2025-05-15T07:07:45+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

POST region1.analytics.google.com/g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je55d1v897130004za200&_p=1747295916921&em=tv.1~em.ODS1igyfeIhzOTHENqwIfH1sb8t0oxg8FT6iY2YCmeo&_gaz=1&gcd=13l3lPl2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101509157~103116026~103130495~103130497~103200004~103233427~103252644~103252646~103301114~103301116&cid=738552927.1747295917&ecid=464080409&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&ec_mode=a&_s=1&sid=1747295917&sct=1&seg=0&dl=https%3A%2F%2F1xlite-8941187.top%2Fen%2Fblock%3FredirectedFrom%3D0ae5949961e95bf4210401c4d1f82ec6&dt=1xBet&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.optimize_id=GTM-5R4MT54&upn.ref_id=1&tfd=13398

216.239.34.36

204 No Content

0 B

URL POST
region1.analytics.google.com/g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je55d1v897130004za200&_p=1747295916921&em=tv.1~em.ODS1igyfeIhzOTHENqwIfH1sb8t0oxg8FT6iY2YCmeo&_gaz=1&gcd=13l3lPl2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101509157~103116026~103130495~103130497~103200004~103233427~103252644~103252646~103301114~103301116&cid=738552927.1747295917&ecid=464080409&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&ec_mode=a&_s=1&sid=1747295917&sct=1&seg=0&dl=https%3A%2F%2F1xlite-8941187.top%2Fen%2Fblock%3FredirectedFrom%3D0ae5949961e95bf4210401c4d1f82ec6&dt=1xBet&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.optimize_id=GTM-5R4MT54&upn.ref_id=1&tfd=13398
IP
216.239.34.36:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint02:7D:56:C0:B9:20:0C:27:A4:AC:B9:8F:9D:45:1D:85:2A:30:50:AD
ValidityMon, 21 Apr 2025 08:40:41 GMT - Mon, 14 Jul 2025 08:40:40 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je55d1v897130004za200&_p=1747295916921&em=tv.1~em.ODS1igyfeIhzOTHENqwIfH1sb8t0oxg8FT6iY2YCmeo&_gaz=1&gcd=13l3lPl2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101509157~103116026~103130495~103130497~103200004~103233427~103252644~103252646~103301114~103301116&cid=738552927.1747295917&ecid=464080409&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&ec_mode=a&_s=1&sid=1747295917&sct=1&seg=0&dl=https%3A%2F%2F1xlite-8941187.top%2Fen%2Fblock%3FredirectedFrom%3D0ae5949961e95bf4210401c4d1f82ec6&dt=1xBet&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.optimize_id=GTM-5R4MT54&upn.ref_id=1&tfd=13398 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-8941187.top/
Origin: https://1xlite-8941187.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: https://1xlite-8941187.top
date: Thu, 15 May 2025 07:58:37 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:153:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsggc:153:0
report-to: {"group":"ascnsrsggc:153:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:153:0"}],}
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_block_pages/en/dictionary_bc0570f08a28537dc724f4764ecf77e4.json

185.244.209.62

200 OK

2.3 kB

URL GET
v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_block_pages/en/dictionary_bc0570f08a28537dc724f4764ecf77e4.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
2.3 kB (2308 bytes)
Hash
7c12ae6fc08684f50822b3eb56779e29
036c726b8b7b2d24f987391101f3e8d1a2a183cf
a2eac45353675c82733192916712b8876c6b038b7bdbddc24df464e38b67cbfd

HTTP Headers

GET /genfiles/web-app-v2/dictionary2/v3_block_pages/en/dictionary_bc0570f08a28537dc724f4764ecf77e4.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-8941187.top/
Origin: https://1xlite-8941187.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 15 May 2025 07:58:27 GMT
content-type: application/json; charset=utf-8
traceparent: 00-f46aedae017a9d5f331a019ef35a7d6a-b329d3e97cefe70d-01
last-modified: Tue, 22 Apr 2025 08:06:29 GMT
etag: W/"7c12ae6fc08684f50822b3eb56779e29"
cache-control: max-age=3600
content-encoding: gzip
expires: Tue, 22 Apr 2025 09:26:34 GMT
x-time-ng: 0.001
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 1994
cache: HIT
x-cached-since: 2025-05-15T07:25:13+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/ef9556aec7.js

185.244.209.62

200 OK

2.0 kB

URL GET
v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/ef9556aec7.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (1967)
Size
2.0 kB (1968 bytes)
Hash
f8fe2954451c806981cfa96f8af8906d
48e149b18717e97f1950a39655da30f9bdf95427
6aa1efd8c2d8b2c02b3df2baba5c29eca220e8328b58ad49570cddd7f262b88a

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/ef9556aec7.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-8941187.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 15 May 2025 07:58:27 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-76a45ce5852d4d6da6976c9e49539d09-d2306af767b48bcf-01
last-modified: Tue, 13 May 2025 07:58:07 GMT
etag: W/"f8fe2954451c806981cfa96f8af8906d"
x-amz-meta-mtime: 1747122891.017052285
content-encoding: gzip
expires: Wed, 14 May 2025 08:27:30 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 84359
cache: HIT
x-cached-since: 2025-05-14T08:32:28+00:00
X-Firefox-Spdy: h2

POST 1xlite-8941187.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json

46.32.181.59

200 OK

23 B

URL POST
1xlite-8941187.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json
IP
46.32.181.59:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerLet's Encrypt
Subject1xlite-8941187.top
Fingerprint0E:9A:AD:42:31:98:A5:4E:3A:02:A1:69:82:4F:E7:1A:13:78:D0:E0
ValidityMon, 31 Mar 2025 05:22:12 GMT - Sun, 29 Jun 2025 05:22:11 GMT

File type
JSON text data
Size
23 B (23 bytes)
Hash
e55a97425414eac94b94d4bff7c183da
7ccde85363a0a177955b0d34210710dcacc71988
e3917f3854db9b8fb82805d5bb8fc70b635abf1b3c41478395c4e62ecaf10f8a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json HTTP/1.1
Host: 1xlite-8941187.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Content-Type: application/json
X-Lang: en
X-Uuid: 7068ef57-1db7-478e-9df6-3f55abbcace7
Content-Length: 72
Origin: https://1xlite-8941187.top
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3553831m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3553831m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_3553831m_18607c_%22%2C%22pb%22%3A%22e6fc45b0c608454c8f12397d35da7b34%22%2C%22click_id%22%3A%22A24A0F80-3161-11F0-9622-7D7A056F101B%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; auid=LiC1O2glnqCc/QWoAwguAg==; window_width=1280; che_g=6edfcf5b-76ac-6320-092d-212d8971c3dc
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 15 May 2025 07:58:27 GMT
content-type: application/json
content-length: 23
x-dt: 1557
x-time-ng: 0.000
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.100, wf-uht;dur=0.010
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/6ace8295/desktop/default/commons/app-62192425.js

185.244.209.62

200 OK

138 kB

URL GET
v3.traincdn.com/main-static/6ace8295/desktop/default/commons/app-62192425.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65476)
Size
138 kB (138079 bytes)
Hash
d60b74a949f102a8a1e463828951dd85
e6b81558411b8fe6407dbcd801e81d707693abfe
92c383c2bc3b7176f557aca1575bf5cde6ca9bea9c5f96a8b685ba582dd8d5e2

HTTP Headers

GET /main-static/6ace8295/desktop/default/commons/app-62192425.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-8941187.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 15 May 2025 07:58:25 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-b72e898d2edacce7f39e919d6587c6da-0059f7236bba3007-01
last-modified: Tue, 13 May 2025 08:19:09 GMT
etag: W/"d60b74a949f102a8a1e463828951dd85"
x-amz-meta-mtime: 1747124348.490725213
content-encoding: gzip
expires: Wed, 14 May 2025 09:16:13 GMT
cache-control: max-age=86400
x-time-ng: 0.001
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 81529
cache: HIT
x-cached-since: 2025-05-14T09:19:36+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/6ace8295/desktop/default/css/7fe5f71b.css

185.244.209.62

200 OK

3.3 kB

URL GET
v3.traincdn.com/main-static/6ace8295/desktop/default/css/7fe5f71b.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with very long lines (3313), with no line terminators
Size
3.3 kB (3313 bytes)
Hash
c610b8710368de3bf2f1c5bb581b6a3a
f67bc86785d434adb2e81a356a7926b8818ac567
fad7111846310042401990719146401178f22e2618abf2b058e641b6495e8eba

HTTP Headers

GET /main-static/6ace8295/desktop/default/css/7fe5f71b.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-8941187.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 15 May 2025 07:58:26 GMT
content-type: text/css; charset=utf-8
traceparent: 00-4a3ba4bf236ebb5b176d617cfaba0ff1-9289c8aeecf89d89-01
last-modified: Tue, 13 May 2025 08:19:09 GMT
etag: W/"c610b8710368de3bf2f1c5bb581b6a3a"
x-amz-meta-mtime: 1747124348.494725225
content-encoding: gzip
expires: Wed, 14 May 2025 09:16:14 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 81529
cache: HIT
x-cached-since: 2025-05-14T09:19:37+00:00
X-Firefox-Spdy: h2

GET 1xlite-8941187.top/checker/redirect/stat/run/

46.32.181.59

200 OK

48 B

URL GET
1xlite-8941187.top/checker/redirect/stat/run/
IP
46.32.181.59:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerLet's Encrypt
Subject1xlite-8941187.top
Fingerprint0E:9A:AD:42:31:98:A5:4E:3A:02:A1:69:82:4F:E7:1A:13:78:D0:E0
ValidityMon, 31 Mar 2025 05:22:12 GMT - Sun, 29 Jun 2025 05:22:11 GMT

File type
JSON text data
Size
48 B (48 bytes)
Hash
9888f7a224cc53454552a8c8eb10b19d
62e178608894924df151faab12f8ae662b12b970
70d6fbcf20c1f1becc6bce6fac3078156e200d22e15eea3aed2d8bdf187b457c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /checker/redirect/stat/run/ HTTP/1.1
Host: 1xlite-8941187.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
content-type: application/json
x-requested-with: XMLHttpRequest
x-app-n: v3-nuxt2
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3553831m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3553831m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_3553831m_18607c_%22%2C%22pb%22%3A%22e6fc45b0c608454c8f12397d35da7b34%22%2C%22click_id%22%3A%22A24A0F80-3161-11F0-9622-7D7A056F101B%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; auid=LiC1O2glnqCc/QWoAwguAg==; window_width=1280; che_g=6edfcf5b-76ac-6320-092d-212d8971c3dc
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 15 May 2025 07:58:26 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
x-time-ng: 0.001
content-encoding: br
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.013
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-1557/desktop/media_asset/a3a052c8a0450c884c78b7c168a6867a.json

185.244.209.62

200 OK

13 kB

URL GET
v3.traincdn.com/genfiles/cms/1-1557/desktop/media_asset/a3a052c8a0450c884c78b7c168a6867a.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
13 kB (13278 bytes)
Hash
2b474bcc2f009b70e64e2b5a95dd50a4
1fd5ee2d54da7dfbf61e67efd938a89c548fc866
f86d880575f3f65ddaaf9e8a0e3746bbbefcefe7e6c0c4441e9e20ceffdca237

HTTP Headers

GET /genfiles/cms/1-1557/desktop/media_asset/a3a052c8a0450c884c78b7c168a6867a.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-8941187.top/
Origin: https://1xlite-8941187.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 15 May 2025 07:58:27 GMT
content-type: application/json
traceparent: 00-83af48cd4c6b273f0e4ee4c607659196-ed86bac092f77381-01
last-modified: Wed, 12 Mar 2025 09:36:54 GMT
etag: W/"2b474bcc2f009b70e64e2b5a95dd50a4"
content-encoding: gzip
expires: Wed, 14 May 2025 02:31:37 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
cache: REVALIDATED
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/d1a36b5f6a.js

185.244.209.62

200 OK

5.1 kB

URL GET
v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/d1a36b5f6a.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (5101)
Size
5.1 kB (5102 bytes)
Hash
54ce696a9c6363c00e6e811f3f59b132
8e9f932f7415e5c4ea001d9f14ed8bffb7152697
24c874e31808caf0045d84ecceee93a0bf39f37f8ad54af1427b7270c32b93cd

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/d1a36b5f6a.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-8941187.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 15 May 2025 07:58:27 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-c4a80745e26b84148f1a5379c2394341-dd7a3d2742e8a41d-01
last-modified: Tue, 13 May 2025 07:58:07 GMT
etag: W/"54ce696a9c6363c00e6e811f3f59b132"
x-amz-meta-mtime: 1747122891.017052285
content-encoding: gzip
expires: Wed, 14 May 2025 08:27:30 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 84359
cache: HIT
x-cached-since: 2025-05-14T08:32:28+00:00
X-Firefox-Spdy: h2

GET 1xlite-8941187.top/captcha-api/assets/hunt-captcha.js

46.32.181.59

200 OK

84 kB

URL GET
1xlite-8941187.top/captcha-api/assets/hunt-captcha.js
IP
46.32.181.59:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerLet's Encrypt
Subject1xlite-8941187.top
Fingerprint0E:9A:AD:42:31:98:A5:4E:3A:02:A1:69:82:4F:E7:1A:13:78:D0:E0
ValidityMon, 31 Mar 2025 05:22:12 GMT - Sun, 29 Jun 2025 05:22:11 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
84 kB (83583 bytes)
Hash
be79c7224b26aecc4360524e88e8b1c8
83823bfb5014be1ff5fd565c182ce625f216a655
82f66c5a82eac3b54409b44f787da4e66a8c0cae1ad18c9685cc75cf604713f4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /captcha-api/assets/hunt-captcha.js HTTP/1.1
Host: 1xlite-8941187.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3553831m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3553831m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_3553831m_18607c_%22%2C%22pb%22%3A%22e6fc45b0c608454c8f12397d35da7b34%22%2C%22click_id%22%3A%22A24A0F80-3161-11F0-9622-7D7A056F101B%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; auid=LiC1O2glnqCc/QWoAwguAg==; window_width=1280; che_g=6edfcf5b-76ac-6320-092d-212d8971c3dc; SESSION=e1e7d8c79f45be859bab740e1afc651f
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 15 May 2025 07:58:34 GMT
content-type: text/javascript; charset=utf-8
cache-control: public, max-age=300
content-encoding: br
vary: Accept-Encoding
x-dt: 1559
x-request-id: efcc8c830dee55cce4b4c98e39ccbf5a
x-time-ng: 0.001
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.005, wf-uht;dur=
X-Firefox-Spdy: h2

POST 1xlite-8941187.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json

46.32.181.59

200 OK

23 B

URL POST
1xlite-8941187.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json
IP
46.32.181.59:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerLet's Encrypt
Subject1xlite-8941187.top
Fingerprint0E:9A:AD:42:31:98:A5:4E:3A:02:A1:69:82:4F:E7:1A:13:78:D0:E0
ValidityMon, 31 Mar 2025 05:22:12 GMT - Sun, 29 Jun 2025 05:22:11 GMT

File type
JSON text data
Size
23 B (23 bytes)
Hash
825d0ab97631e5c2600548b7f829e340
42c9ea3973e465e36406b8d9f1c7f28cf6861fb4
e67337b570230da58834c13fcb78b23d21c9c108f57c67c46309ffd4bbd8c853

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json HTTP/1.1
Host: 1xlite-8941187.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Content-Type: application/json
X-Lang: en
X-Uuid: 7068ef57-1db7-478e-9df6-3f55abbcace7
Content-Length: 109
Origin: https://1xlite-8941187.top
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3553831m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3553831m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_3553831m_18607c_%22%2C%22pb%22%3A%22e6fc45b0c608454c8f12397d35da7b34%22%2C%22click_id%22%3A%22A24A0F80-3161-11F0-9622-7D7A056F101B%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; auid=LiC1O2glnqCc/QWoAwguAg==; window_width=1280; che_g=6edfcf5b-76ac-6320-092d-212d8971c3dc; SESSION=e1e7d8c79f45be859bab740e1afc651f; _ga_7JGWL9SV66=GS2.1.s1747295917$o1$g0$t1747295917$j60$l0$h464080409; _ga=GA1.1.738552927.1747295917
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 15 May 2025 07:58:38 GMT
content-type: application/json
content-length: 23
x-dt: 1557
x-time-ng: 0.001
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.079, wf-uht;dur=0.013
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-ui/2.3.183/Desktop/Default/client.css

185.244.209.62

200 OK

618 kB

URL GET
v3.traincdn.com/sys-ui/2.3.183/Desktop/Default/client.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
618 kB (618486 bytes)
Hash
6638fab187fec8218a491f45c5644195
a9f7fb0ce2bc4a62868503e21b284af2acd9c782
66fb8837de8d19833c38f5f7a2aafabcc8245f3cd32c700ed3e4e8c36d778871

HTTP Headers

GET /sys-ui/2.3.183/Desktop/Default/client.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-8941187.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 15 May 2025 07:58:25 GMT
content-type: text/css; charset=utf-8
traceparent: 00-b911f365be3952d05489c4c5ad24e598-aba3bb0cb5dff76f-01
last-modified: Fri, 25 Apr 2025 08:33:58 GMT
etag: W/"6638fab187fec8218a491f45c5644195"
x-amz-meta-mtime: 1745570035.934854024
content-encoding: gzip
expires: Wed, 14 May 2025 09:16:10 GMT
cache-control: max-age=86400
x-time-ng: 0.003
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 81641
cache: HIT
x-cached-since: 2025-05-14T09:17:44+00:00
X-Firefox-Spdy: h2

GET 1xlite-8941187.top/web-api/session

46.32.181.59

204 No Content

0 B

URL GET
1xlite-8941187.top/web-api/session
IP
46.32.181.59:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerLet's Encrypt
Subject1xlite-8941187.top
Fingerprint0E:9A:AD:42:31:98:A5:4E:3A:02:A1:69:82:4F:E7:1A:13:78:D0:E0
ValidityMon, 31 Mar 2025 05:22:12 GMT - Sun, 29 Jun 2025 05:22:11 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /web-api/session HTTP/1.1
Host: 1xlite-8941187.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
content-type: application/json
x-requested-with: XMLHttpRequest
x-app-n: v3-nuxt2
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3553831m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3553831m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_3553831m_18607c_%22%2C%22pb%22%3A%22e6fc45b0c608454c8f12397d35da7b34%22%2C%22click_id%22%3A%22A24A0F80-3161-11F0-9622-7D7A056F101B%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; auid=LiC1O2glnqCc/QWoAwguAg==; window_width=1280; che_g=6edfcf5b-76ac-6320-092d-212d8971c3dc
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
server: nginx
date: Thu, 15 May 2025 07:58:34 GMT
cache-control: no-cache, private
server-timing: dt_total;dur=0.082, p;dur=15.869, wf-uht;dur=0.027
set-cookie: ua=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
SESSION=e1e7d8c79f45be859bab740e1afc651f; path=/; secure; httponly; samesite=lax
x-dt: 1557
x-time-ng: 0.017, 0.017
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

GET 1xlite-8941187.top/hd-api/external/apps/c5e31d5915661de4393e3f1489b00ebc4497dd48/api.js

46.32.181.59

200 OK

753 B

URL GET
1xlite-8941187.top/hd-api/external/apps/c5e31d5915661de4393e3f1489b00ebc4497dd48/api.js
IP
46.32.181.59:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerLet's Encrypt
Subject1xlite-8941187.top
Fingerprint0E:9A:AD:42:31:98:A5:4E:3A:02:A1:69:82:4F:E7:1A:13:78:D0:E0
ValidityMon, 31 Mar 2025 05:22:12 GMT - Sun, 29 Jun 2025 05:22:11 GMT

File type
JavaScript source, ASCII text, with very long lines (752)
Size
753 B (753 bytes)
Hash
f004562bde4d48fb0987e200eb06f3af
6ce4bb1f9a61802bc2b28d084810a6a752af30a6
ba2a7d9626d02a36d5c599c2e0f24594f47e2624d8fa93f6944056722e31f20f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hd-api/external/apps/c5e31d5915661de4393e3f1489b00ebc4497dd48/api.js HTTP/1.1
Host: 1xlite-8941187.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3553831m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3553831m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_3553831m_18607c_%22%2C%22pb%22%3A%22e6fc45b0c608454c8f12397d35da7b34%22%2C%22click_id%22%3A%22A24A0F80-3161-11F0-9622-7D7A056F101B%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; auid=LiC1O2glnqCc/QWoAwguAg==; window_width=1280; che_g=6edfcf5b-76ac-6320-092d-212d8971c3dc; SESSION=e1e7d8c79f45be859bab740e1afc651f
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 15 May 2025 07:58:34 GMT
content-type: text/javascript; charset=utf-8
content-length: 490
cache-control: public, max-age=300
content-encoding: gzip
etag: f004562bde4d48fb0987e200eb06f3af
vary: Accept-Encoding
x-dt: 1559
x-request-guid: 1d3744b1a7badb1df3cdeed287b6d992
x-time-ng: 0.003
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.010, wf-uht;dur=
accept-ranges: bytes
X-Firefox-Spdy: h2

GET 1xlite-8941187.top/hd-api/external/0196d2f3-cbe4-7ee4-b8a2-7787655bb8f3.js

46.32.181.59

200 OK

216 kB

URL GET
1xlite-8941187.top/hd-api/external/0196d2f3-cbe4-7ee4-b8a2-7787655bb8f3.js
IP
46.32.181.59:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerLet's Encrypt
Subject1xlite-8941187.top
Fingerprint0E:9A:AD:42:31:98:A5:4E:3A:02:A1:69:82:4F:E7:1A:13:78:D0:E0
ValidityMon, 31 Mar 2025 05:22:12 GMT - Sun, 29 Jun 2025 05:22:11 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
216 kB (215477 bytes)
Hash
937f66c6a6de7fdb30c9ea525c5976fa
05d5ea5f3fec2c5c8cae1a956ded515569462484
211bef6357c32d9ec24e4e17119b92ba024994d715410e479dec3b17f473960a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hd-api/external/0196d2f3-cbe4-7ee4-b8a2-7787655bb8f3.js HTTP/1.1
Host: 1xlite-8941187.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3553831m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3553831m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_3553831m_18607c_%22%2C%22pb%22%3A%22e6fc45b0c608454c8f12397d35da7b34%22%2C%22click_id%22%3A%22A24A0F80-3161-11F0-9622-7D7A056F101B%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; auid=LiC1O2glnqCc/QWoAwguAg==; window_width=1280; che_g=6edfcf5b-76ac-6320-092d-212d8971c3dc; SESSION=e1e7d8c79f45be859bab740e1afc651f
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 15 May 2025 07:58:35 GMT
content-type: text/javascript; charset=utf-8
cache-control: private, max-age=0, must-revalidate
content-encoding: gzip
vary: Accept-Encoding
x-dt: 1557
x-hd-trace-id: ba2635a3-2b5c-4901-a130-7bebde78117c
x-request-guid: 70b7feee5b8e7de439a31b6f4319dff9
x-time-ng: 0.003
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.109, wf-uht;dur=0.022
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/6ace8295/desktop/default/vendors/app-4abfcbb9.js

185.244.209.62

200 OK

1.4 MB

URL GET
v3.traincdn.com/main-static/6ace8295/desktop/default/vendors/app-4abfcbb9.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (63296)
Size
1.4 MB (1388287 bytes)
Hash
fa55ae08d7b5e8f929cb3b57035dc9f0
f7f69cd580c357e1b8ab6dcae56524eb689176a6
a62bac5a6e8074a74c9b8c0654ad32cb83251f1ad3a668efaa155de3af54dcd2

HTTP Headers

GET /main-static/6ace8295/desktop/default/vendors/app-4abfcbb9.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-8941187.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 15 May 2025 07:58:25 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-0092a962b7ad97637c80cd30c2fcf528-851d8f891bb34a60-01
last-modified: Tue, 13 May 2025 08:19:09 GMT
etag: W/"fa55ae08d7b5e8f929cb3b57035dc9f0"
x-amz-meta-mtime: 1747124348.498725236
content-encoding: gzip
expires: Wed, 14 May 2025 09:16:13 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 81529
cache: HIT
x-cached-since: 2025-05-14T09:19:36+00:00
X-Firefox-Spdy: h2

GET 1xlite-8941187.top/seo-module-api/api/public/v1/analytics-counters?project[id]=1557&domain[host]=1xlite-8941187.top

46.32.181.59

200 OK

43 B

URL GET
1xlite-8941187.top/seo-module-api/api/public/v1/analytics-counters?project[id]=1557&domain[host]=1xlite-8941187.top
IP
46.32.181.59:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerLet's Encrypt
Subject1xlite-8941187.top
Fingerprint0E:9A:AD:42:31:98:A5:4E:3A:02:A1:69:82:4F:E7:1A:13:78:D0:E0
ValidityMon, 31 Mar 2025 05:22:12 GMT - Sun, 29 Jun 2025 05:22:11 GMT

File type
JSON text data
Size
43 B (43 bytes)
Hash
c809138c09727a461b3438eb080f8445
2b43a325cd3d2b7a1d91967f30bb52c4e136822b
47d34e128cb5a1e2edb0f30e9a15ec1c79a82bc64c512b53702ddf6a5a33f74c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /seo-module-api/api/public/v1/analytics-counters?project[id]=1557&domain[host]=1xlite-8941187.top HTTP/1.1
Host: 1xlite-8941187.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
content-type: application/json
x-requested-with: XMLHttpRequest
x-app-n: v3-nuxt2
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3553831m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3553831m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_3553831m_18607c_%22%2C%22pb%22%3A%22e6fc45b0c608454c8f12397d35da7b34%22%2C%22click_id%22%3A%22A24A0F80-3161-11F0-9622-7D7A056F101B%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; auid=LiC1O2glnqCc/QWoAwguAg==; window_width=1920
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 15 May 2025 07:58:26 GMT
content-type: application/json
content-length: 47
cache-control: max-age=1200, must-revalidate, public, s-maxage=1800, stale-if-error=86400, stale-while-revalidate=300
x-content-digest: enb066c3de982d01779fd50476f73b1ab6
age: 419
x-request-id: 29ad30bb1a60b535cf5ca8c60f56133a
x-request-guid: 29ad30bb1a60b535cf5ca8c60f56133a
content-encoding: br
x-time-ng: 0.001
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: p;dur=1.2638568878174, wf-uht;dur=0.013
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/84bf8e5c40.js

185.244.209.62

200 OK

1.2 kB

URL GET
v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/84bf8e5c40.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (833)
Size
1.2 kB (1206 bytes)
Hash
c0b2fd41ca092a6197f8e64f691d959d
f22e3a9f16bac0fb72607d076e78bc218035913a
33b7c074f08c7de8bf25abe195214c79b062daf41b50d773befd8eaeb9d7cec9

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/84bf8e5c40.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-8941187.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 15 May 2025 07:58:27 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-ff0f77cb309271c1710e3a0efd991079-8e1a12df289cc137-01
last-modified: Tue, 13 May 2025 07:58:07 GMT
etag: W/"c0b2fd41ca092a6197f8e64f691d959d"
x-amz-meta-mtime: 1747122891.017052285
content-encoding: gzip
expires: Wed, 14 May 2025 08:27:29 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 84360
cache: HIT
x-cached-since: 2025-05-14T08:32:27+00:00
X-Firefox-Spdy: h2

GET www.googletagmanager.com/gtag/js?id=G-5671CMJ6T4

142.250.74.136

200 OK

460 kB

URL GET
www.googletagmanager.com/gtag/js?id=G-5671CMJ6T4
IP
142.250.74.136:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint02:7D:56:C0:B9:20:0C:27:A4:AC:B9:8F:9D:45:1D:85:2A:30:50:AD
ValidityMon, 21 Apr 2025 08:40:41 GMT - Mon, 14 Jul 2025 08:40:40 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (12571)
Size
460 kB (459750 bytes)
Hash
991d152868894fb9d5ddf1c9f0d08894
3e567ed2425f2687807d0d02525fa0c56e0a5707
a9c7b3ab504726ae14738718b823c9e6e2df52f08e46addc62b3d2eb6c29728e

HTTP Headers

GET /gtag/js?id=G-5671CMJ6T4 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-8941187.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 15 May 2025 07:58:37 GMT
expires: Thu, 15 May 2025 07:58:37 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1075:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1075:0
report-to: {"group":"ascgcycc:1075:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1075:0"}],}
server: Google Tag Manager
content-length: 148389
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET radar.cedexis.com/1/23802/radar.js

45.54.49.5

302 Moved Temporarily

390 B

URL GET
radar.cedexis.com/1/23802/radar.js
IP
45.54.49.5:443
ASN
#63911 NetActuate, Inc

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerDigiCert Inc
Subjectradar.cedexis.com
FingerprintA2:3E:30:19:D5:41:3A:11:81:58:E3:B1:6F:F4:D2:78:0B:44:6F:D0
ValidityFri, 07 Mar 2025 00:00:00 GMT - Fri, 06 Mar 2026 23:59:59 GMT

File type

Size
390 B (390 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /1/23802/radar.js HTTP/1.1
Host: radar.cedexis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-8941187.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Thu, 15 May 2025 07:58:37 GMT
Content-Type: text/html
Content-Length: 138
Connection: keep-alive
Location: /1707728419/stub.js
Expires: Thu, 15 May 2025 08:08:37 GMT
Cache-Control: max-age=600
Vary: User-Agent,DNT

GET v3.traincdn.com/main-static/6ace8295/desktop/default/runtime-45fb308a.js

185.244.209.62

200 OK

20 kB

URL GET
v3.traincdn.com/main-static/6ace8295/desktop/default/runtime-45fb308a.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (19720), with no line terminators
Size
20 kB (19720 bytes)
Hash
1afbd79d0a58392a096f4bddfae2a451
e0abeb58130678ed7d5a4948aa91644c8cb80acb
79bc09f29c35a2af82fb798987cc5112ac61c29574ff7e0f9221ad12f6a1ec72

HTTP Headers

GET /main-static/6ace8295/desktop/default/runtime-45fb308a.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-8941187.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 15 May 2025 07:58:25 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-11379d03bc861b009acbac8a1687db55-bd348ee12a380ae2-01
last-modified: Tue, 13 May 2025 08:19:09 GMT
etag: W/"1afbd79d0a58392a096f4bddfae2a451"
x-amz-meta-mtime: 1747124348.490725213
content-encoding: gzip
expires: Wed, 14 May 2025 09:16:13 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 81529
cache: HIT
x-cached-since: 2025-05-14T09:19:36+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_main/en/dictionary_f638b312153865df7e2e842e1c4c00c5.json

185.244.209.62

200 OK

136 kB

URL GET
v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_main/en/dictionary_f638b312153865df7e2e842e1c4c00c5.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
136 kB (136259 bytes)
Hash
30988ed214ab85f6e4d21f518f650324
3445bbec6f82710cf9f344ea45174916c9f6f720
df84186a82228ad90eb08cf086d6b132d8e09e8f1798343767bbfedd02a5343a

HTTP Headers

GET /genfiles/web-app-v2/dictionary2/v3_main/en/dictionary_f638b312153865df7e2e842e1c4c00c5.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-8941187.top/
Origin: https://1xlite-8941187.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 15 May 2025 07:58:26 GMT
content-type: application/json; charset=utf-8
traceparent: 00-4d01672f1cfae946a1ebca008371a6fa-69bfd4cefff32e9b-01
last-modified: Tue, 13 May 2025 16:06:46 GMT
etag: W/"30988ed214ab85f6e4d21f518f650324"
cache-control: max-age=3600
content-encoding: gzip
expires: Tue, 13 May 2025 17:17:37 GMT
x-time-ng: 0.003
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 793
cache: HIT
x-cached-since: 2025-05-15T07:45:13+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_registration/en/dictionary_bb5af3c161e5ecea91f5c57bc22b7551.json

185.244.209.62

200 OK

21 kB

URL GET
v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_registration/en/dictionary_bb5af3c161e5ecea91f5c57bc22b7551.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (20196), with no line terminators
Size
21 kB (21395 bytes)
Hash
36a58b4aa119fca38b720e475775f81b
73593140e23889497febee068ec84ad1b1b4db1a
0b7136598dca894573a6d9463643243a430a8ea04b9d2d1cd22449523ffaf511

HTTP Headers

GET /genfiles/web-app-v2/dictionary2/v3_registration/en/dictionary_bb5af3c161e5ecea91f5c57bc22b7551.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-8941187.top/
Origin: https://1xlite-8941187.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 15 May 2025 07:58:26 GMT
content-type: application/json; charset=utf-8
traceparent: 00-b76c3f13e247f2263ecf966d3069b7ee-2f849b25501e34dd-01
last-modified: Wed, 14 May 2025 10:06:52 GMT
etag: W/"4e377f3ce5a0833a3221b569b86aba92"
cache-control: max-age=3600
content-encoding: gzip
expires: Wed, 14 May 2025 11:17:40 GMT
x-time-ng: 0.001
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 1387
cache: HIT
x-cached-since: 2025-05-15T07:35:19+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-1557/desktop/media_asset/9d7386e9ce9e892c894b911873f00927.json

185.244.209.62

200 OK

182 B

URL GET
v3.traincdn.com/genfiles/cms/1-1557/desktop/media_asset/9d7386e9ce9e892c894b911873f00927.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
182 B (182 bytes)
Hash
0a64a07e9a34e8a5b5e97e80a10888c5
82545cbc39b7dcc031dd10dea841a0b3698243d6
7201497e7e8cdf9d35bf6998e43dcde5feea535f9828ce3ee98785781016126c

HTTP Headers

GET /genfiles/cms/1-1557/desktop/media_asset/9d7386e9ce9e892c894b911873f00927.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-8941187.top/
Origin: https://1xlite-8941187.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 15 May 2025 07:58:26 GMT
content-type: application/json
content-length: 182
traceparent: 00-2655f30cc58bb226ee1fa5d8943daed2-579fdf4a58d9299f-01
last-modified: Thu, 27 Feb 2025 08:56:52 GMT
etag: "0a64a07e9a34e8a5b5e97e80a10888c5"
expires: Wed, 14 May 2025 02:31:36 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
cache: REVALIDATED
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-1557/desktop/media_asset/d5ddda7f2b5f9350d4d1464b5313a7cf.json

185.244.209.62

200 OK

747 B

URL GET
v3.traincdn.com/genfiles/cms/1-1557/desktop/media_asset/d5ddda7f2b5f9350d4d1464b5313a7cf.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
747 B (747 bytes)
Hash
f4e90636ec9cff061c4301b3cefdd0d6
c506efe9c3672c58434ea10021dab0ad81b1ad98
30666f138ccc12735e2f8a6405ddce4a3d8756b9445e3b2732fa2970f14dbcea

HTTP Headers

GET /genfiles/cms/1-1557/desktop/media_asset/d5ddda7f2b5f9350d4d1464b5313a7cf.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-8941187.top/
Origin: https://1xlite-8941187.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 15 May 2025 07:58:26 GMT
content-type: application/json
content-length: 747
traceparent: 00-2a31f73ac17ee6a2ba4f27c895d03d1a-0897fc38328b9bb6-01
last-modified: Thu, 27 Feb 2025 13:28:02 GMT
etag: "f4e90636ec9cff061c4301b3cefdd0d6"
expires: Wed, 14 May 2025 02:31:36 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
cache: REVALIDATED
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/8192228305b202797f207eeb6842287c.png

185.244.209.62

200 OK

5.2 kB

URL GET
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/8192228305b202797f207eeb6842287c.png
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
PNG image data, 514 x 514, 8-bit colormap, non-interlaced
Size
5.2 kB (5202 bytes)
Hash
b9a636eef54b2844b571fe7de49184a7
bf653690790ced40eb3189da075a275d951d1607
001bfcdd52b658d46543a1aec889d35b73b3909b47097cc011b95e96fc9e3743

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/8192228305b202797f207eeb6842287c.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-8941187.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 15 May 2025 07:58:26 GMT
content-type: image/png
content-length: 5202
traceparent: 00-09fe4d34bf453a9ff8ef802a89a7d647-f1746f465dbdfd31-01
last-modified: Wed, 26 Jun 2024 08:22:59 GMT
etag: "b9a636eef54b2844b571fe7de49184a7"
expires: Thu, 16 Jan 2025 11:18:57 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 476
cache: HIT
x-cached-since: 2025-05-15T07:50:30+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/1044f03473.js

185.244.209.62

200 OK

1.3 kB

URL GET
v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/1044f03473.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (1329)
Size
1.3 kB (1330 bytes)
Hash
5955ac4557e085786c0b60df3d90c41f
811ec2dc5b2a74e6a9382444bc2bdd4cf269cbbe
d8469fc21f9dd69398a3505454528b18c01143ca4e693c194d04a403b2cd00af

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/1044f03473.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-8941187.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 15 May 2025 07:58:27 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-8fb74634f0cdf830de9741ab0dccd160-00b20adcfc43f2bc-01
last-modified: Tue, 13 May 2025 07:58:07 GMT
etag: W/"5955ac4557e085786c0b60df3d90c41f"
x-amz-meta-mtime: 1747122891.013052267
content-encoding: gzip
expires: Wed, 14 May 2025 08:25:58 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 84359
cache: HIT
x-cached-since: 2025-05-14T08:32:28+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2

185.244.209.62

200 OK

64 kB

URL GET
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 63748, version 1.0
Size
64 kB (63748 bytes)
Hash
6887b6f24414dbc612dbf42ccdc76b70
8068d3abfbc6cbf35b55919da45b1f4d2d136238
fc5c015fc32518f1ed810fa84ca28941eb9d5a3c81acc8df69a4dbbeedef7b0c

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-8941187.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 15 May 2025 07:58:25 GMT
content-type: font/woff2
content-length: 63748
traceparent: 00-31aa7122ba8286c4e21c9f595e72dd9d-d2b2092e1da90381-01
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "6887b6f24414dbc612dbf42ccdc76b70"
expires: Thu, 16 Jan 2025 10:32:14 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 3040
cache: HIT
x-cached-since: 2025-05-15T07:07:45+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/site-admin/colors/73c1e50506faab2d495c95d31b820a22.css

185.244.209.62

200 OK

40 kB

URL GET
v3.traincdn.com/genfiles/site-admin/colors/73c1e50506faab2d495c95d31b820a22.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with very long lines (39662), with no line terminators
Size
40 kB (39662 bytes)
Hash
73c1e50506faab2d495c95d31b820a22
c0f2744dc4b187b6667f6aa6a9b4013cf1f0dcd3
4ea05001192895400e75d7cd8c07c56ed203c40a1aed77be2534e7bd42135566

HTTP Headers

GET /genfiles/site-admin/colors/73c1e50506faab2d495c95d31b820a22.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-8941187.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 15 May 2025 07:58:26 GMT
content-type: text/css
traceparent: 00-a4047d5c3caacd4f3d4c70b33841170a-0faa5bb9c4d857a3-01
last-modified: Mon, 12 May 2025 13:15:10 GMT
etag: W/"73c1e50506faab2d495c95d31b820a22"
cache-control: max-age=3600
content-encoding: gzip
expires: Mon, 12 May 2025 15:11:16 GMT
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 3534
cache: HIT
x-cached-since: 2025-05-15T06:59:32+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_game/en/dictionary_633badab13286d149e2e53ba9cddcd56.json

185.244.209.62

200 OK

22 kB

URL GET
v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_game/en/dictionary_633badab13286d149e2e53ba9cddcd56.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (21943), with no line terminators
Size
22 kB (22102 bytes)
Hash
f8e38c106493e25c8d998abca3adbfad
e512c42df5c9eb5704ed7791d70b2ffe1f81a93e
6c63846ee5fc0545cad9e70c5428d69ee73bfcfe4e2670e6963002aacb911909

HTTP Headers

GET /genfiles/web-app-v2/dictionary2/v3_game/en/dictionary_633badab13286d149e2e53ba9cddcd56.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-8941187.top/
Origin: https://1xlite-8941187.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 15 May 2025 07:58:26 GMT
content-type: application/json; charset=utf-8
traceparent: 00-789c97f7b9363d17b4a8fbb8bbe3a5cf-81ea9bfa26991855-01
last-modified: Wed, 07 May 2025 16:06:34 GMT
etag: W/"895da097d39231b34332842ef0092651"
cache-control: max-age=3600
content-encoding: gzip
expires: Wed, 07 May 2025 17:17:40 GMT
x-time-ng: 0.001
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 232
cache: HIT
x-cached-since: 2025-05-15T07:54:34+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_reset_password/en/dictionary_612c6e919ca15d39cc751a619a3952c7.json

185.244.209.62

200 OK

765 B

URL GET
v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_reset_password/en/dictionary_612c6e919ca15d39cc751a619a3952c7.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
765 B (765 bytes)
Hash
00f980f23f1b4c1ccee99ed49e0a8feb
4cb07094de9bffff1bf81d94446280b91013b660
bb3be3377fbb8e66a4b5a8a3866dfd865a37cb4a96482ab2f439981e03b57cea

HTTP Headers

GET /genfiles/web-app-v2/dictionary2/v3_reset_password/en/dictionary_612c6e919ca15d39cc751a619a3952c7.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-8941187.top/
Origin: https://1xlite-8941187.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 15 May 2025 07:58:26 GMT
content-type: application/json; charset=utf-8
content-length: 765
traceparent: 00-d75c2d9298c1a4097de19fbfcb768053-f045a9db257ccd5b-01
last-modified: Wed, 11 Oct 2023 12:52:53 GMT
etag: "00f980f23f1b4c1ccee99ed49e0a8feb"
cache-control: max-age=3600
expires: Thu, 16 Jan 2025 10:53:47 GMT
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 587
cache: HIT
x-cached-since: 2025-05-15T07:48:39+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/$_$.js

185.244.209.62

200 OK

69 B

URL GET
v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/$_$.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
69 B (69 bytes)
Hash
2cdaa92927f02e0b628f1ef4d7dd8caf
9104a2e16ed080b80a42588b8aeb52ebec47ab7a
ef8101ffea52addcdcfcc3a83f96ff2d4613fb3ae6d1c16bbe4852387b73a9db

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/$_$.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-8941187.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 15 May 2025 07:58:26 GMT
content-type: text/javascript; charset=utf-8
content-length: 69
traceparent: 00-e557777e642c94e5a2f40fe92793fa7a-fb0712797a353920-01
last-modified: Tue, 13 May 2025 07:58:07 GMT
etag: "2cdaa92927f02e0b628f1ef4d7dd8caf"
x-amz-meta-mtime: 1747122891.009052251
expires: Wed, 14 May 2025 08:27:27 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 84359
cache: HIT
x-cached-since: 2025-05-14T08:32:27+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/ee18910b90.js

185.244.209.62

200 OK

27 kB

URL GET
v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/ee18910b90.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (27023)
Size
27 kB (27024 bytes)
Hash
339872447ffee6f3279147231c5ea294
a77dd26e42651662348fb9fa823e9dca23994c05
c3bffa1de6e44424bf2da1947f585b9f5c72e375c1c3adf288254c4a3b926ea4

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/ee18910b90.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-8941187.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 15 May 2025 07:58:27 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-6e800d1ff1bce03d25cc6ff10e36fc37-5ccf4715d465aa2e-01
last-modified: Tue, 13 May 2025 07:58:08 GMT
etag: W/"339872447ffee6f3279147231c5ea294"
x-amz-meta-mtime: 1747122891.017052285
content-encoding: gzip
expires: Wed, 14 May 2025 08:25:58 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 84359
cache: HIT
x-cached-since: 2025-05-14T08:32:28+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/b68552e386.js

185.244.209.62

200 OK

3.8 kB

URL GET
v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/b68552e386.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (3804)
Size
3.8 kB (3807 bytes)
Hash
c3af87042792c6e2e307b8e4a6e7cecf
c1d4428224d5828f8808e572831c9a16b1acd484
b07ba48fa57a5574af0447fd2ffa0a53fadaab737909620d9904f5934b99243f

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/b68552e386.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-8941187.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 15 May 2025 07:58:27 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-f10ff03a1fd64a0a0e1363907ca741bc-dc08530d1ff5495a-01
last-modified: Tue, 13 May 2025 07:58:07 GMT
etag: W/"c3af87042792c6e2e307b8e4a6e7cecf"
x-amz-meta-mtime: 1747122891.017052285
content-encoding: gzip
expires: Wed, 14 May 2025 08:27:15 GMT
cache-control: max-age=86400
x-time-ng: 0.001
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 84359
cache: HIT
x-cached-since: 2025-05-14T08:32:28+00:00
X-Firefox-Spdy: h2

POST 1xlite-8941187.top/hd-api/external/verify

46.32.181.59

200 OK

715 B

URL POST
1xlite-8941187.top/hd-api/external/verify
IP
46.32.181.59:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerLet's Encrypt
Subject1xlite-8941187.top
Fingerprint0E:9A:AD:42:31:98:A5:4E:3A:02:A1:69:82:4F:E7:1A:13:78:D0:E0
ValidityMon, 31 Mar 2025 05:22:12 GMT - Sun, 29 Jun 2025 05:22:11 GMT

File type
JSON text data
Size
715 B (715 bytes)
Hash
389076a9b259e661ee34c09517a1ab0c
627e71d2e8b0bf0a4daa45983e0bef3bfa4b3e64
10eb3ea04f7465d30b5cae19b69fd77107765ebe39bb927db93c3cc9a68a144f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /hd-api/external/verify HTTP/1.1
Host: 1xlite-8941187.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Content-Type: text/plain;charset=UTF-8
Content-Length: 108725
Origin: https://1xlite-8941187.top
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3553831m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3553831m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_3553831m_18607c_%22%2C%22pb%22%3A%22e6fc45b0c608454c8f12397d35da7b34%22%2C%22click_id%22%3A%22A24A0F80-3161-11F0-9622-7D7A056F101B%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; auid=LiC1O2glnqCc/QWoAwguAg==; window_width=1280; che_g=6edfcf5b-76ac-6320-092d-212d8971c3dc; SESSION=e1e7d8c79f45be859bab740e1afc651f
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 15 May 2025 07:58:36 GMT
content-type: application/json
content-length: 587
content-encoding: gzip
vary: Accept-Encoding
x-dt: 1557
x-request-guid: 6caa12547d63b3851df52dcc2a08f38c
x-time-ng: 0.013
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.089, wf-uht;dur=0.060
X-Firefox-Spdy: h2

GET 1xlite-8941187.top/en/promotions/wheel-bet?tag=d_3553831m_18607c_&pb=e6fc45b0c608454c8f12397d35da7b34&click_id=A24A0F80-3161-11F0-9622-7D7A056F101B&r=promotions/wheel-bet

46.32.181.59

302 Found

268 kB

URL User Request GET
1xlite-8941187.top/en/promotions/wheel-bet?tag=d_3553831m_18607c_&pb=e6fc45b0c608454c8f12397d35da7b34&click_id=A24A0F80-3161-11F0-9622-7D7A056F101B&r=promotions/wheel-bet
IP
46.32.181.59:443
ASN
#202492 Silverhill Group Holding Ltd

Certificate
IssuerLet's Encrypt
Subject1xlite-8941187.top
Fingerprint0E:9A:AD:42:31:98:A5:4E:3A:02:A1:69:82:4F:E7:1A:13:78:D0:E0
ValidityMon, 31 Mar 2025 05:22:12 GMT - Sun, 29 Jun 2025 05:22:11 GMT

File type

Size
268 kB (268449 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /en/promotions/wheel-bet?tag=d_3553831m_18607c_&pb=e6fc45b0c608454c8f12397d35da7b34&click_id=A24A0F80-3161-11F0-9622-7D7A056F101B&r=promotions/wheel-bet HTTP/1.1
Host: 1xlite-8941187.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: nginx
date: Thu, 15 May 2025 07:58:24 GMT
location: https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
link: <https://v3.traincdn.com/sys-ui/2.3.183/Desktop/Default/client.css>; rel=preload; as=style; crossorigin=anonymous
server-timing: dt_total;dur=0.010, total;dur=165;desc="Nuxt Server Time", wf-uht;dur=0.187
set-cookie: platform_type=desktop; Path=/; Expires=Sun, 18 May 2025 07:58:24 GMT; Secure; SameSite=None; Partitioned
gw-mm=; Path=/; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Secure; SameSite=None; Partitioned
lng=en; Path=/
cookies_agree_type=3; Path=/
tzo=2; Path=/
is12h=0; Path=/
referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3553831m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; Path=/; Expires=Mon, 14 Jul 2025 07:58:24 GMT
reflinkid=d_3553831m_18607c_; Path=/; Expires=Thu, 15 May 2025 08:58:24 GMT
postback_watcher=%7B%22tag%22%3A%22d_3553831m_18607c_%22%2C%22pb%22%3A%22e6fc45b0c608454c8f12397d35da7b34%22%2C%22click_id%22%3A%22A24A0F80-3161-11F0-9622-7D7A056F101B%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; Path=/; Expires=Sat, 14 Jun 2025 07:58:24 GMT
auid=LiC1O2glnqCc/QWoAwguAg==; path=/; secure; httponly; samesite=lax
x-dt: 1557
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/19f05ee466.css

185.244.209.62

200 OK

15 kB

URL GET
v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/19f05ee466.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with very long lines (15082)
Size
15 kB (15083 bytes)
Hash
967ea13abafaa256ab87710daeab15e3
c35d006df7e93184905785ddd0780675dbf5ea14
21a68512f65cb824cf777ebddc9aa65f5922defc4dfbc969c3c0e37f74636eda

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/19f05ee466.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-8941187.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 15 May 2025 07:58:25 GMT
content-type: text/css; charset=utf-8
traceparent: 00-f84647a7629f86de360eb2317d880661-1258a331af28b423-01
last-modified: Tue, 13 May 2025 07:58:07 GMT
etag: W/"967ea13abafaa256ab87710daeab15e3"
x-amz-meta-mtime: 1747122891.013052267
content-encoding: gzip
expires: Wed, 14 May 2025 10:49:41 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 76015
cache: HIT
x-cached-since: 2025-05-14T10:51:30+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/shared-assets/Desktop/__shared_css_837b35.css

185.244.209.62

200 OK

5.0 kB

URL GET
v3.traincdn.com/sys-static/shared-assets/Desktop/__shared_css_837b35.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with very long lines (4607)
Size
5.0 kB (5030 bytes)
Hash
2dc3c5d853f65e50dfb8de84d59a18b0
a168396fa9771bc483dca1039683ca7ffa3419db
837b358c84c90e7d3c43ceb65e82cb01aa8041298e1adc175901ea487a5d1cd1

HTTP Headers

GET /sys-static/shared-assets/Desktop/__shared_css_837b35.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-8941187.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 15 May 2025 07:58:25 GMT
content-type: text/css; charset=utf-8
traceparent: 00-8bbb7b34b1b3c88afa2bbab15431af7d-3562576181730a67-01
last-modified: Wed, 14 May 2025 08:22:11 GMT
etag: W/"2dc3c5d853f65e50dfb8de84d59a18b0"
x-amz-meta-mtime: 1747210738.213176029
content-encoding: gzip
expires: Thu, 15 May 2025 10:50:43 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 76022
cache: HIT
x-cached-since: 2025-05-14T10:51:23+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/6ace8295/desktop/default/css/8c688214.css

185.244.209.62

200 OK

66 kB

URL GET
v3.traincdn.com/main-static/6ace8295/desktop/default/css/8c688214.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
66 kB (65761 bytes)
Hash
1ac35c329da569662b554b532699c454
0c3d342c4378df09c86b4ff84bc422e4e6bae57f
db353aaf9a66c38f4ac8cc8264dc91300806d05fe49cb0edcdd2f65c18b73e73

HTTP Headers

GET /main-static/6ace8295/desktop/default/css/8c688214.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-8941187.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 15 May 2025 07:58:25 GMT
content-type: text/css; charset=utf-8
traceparent: 00-f0f69850f6ea449a28c966c2f6cc5131-2379ab3eca4f4791-01
last-modified: Tue, 13 May 2025 08:19:09 GMT
etag: W/"1ac35c329da569662b554b532699c454"
x-amz-meta-mtime: 1747124348.494725225
content-encoding: gzip
expires: Wed, 14 May 2025 09:16:13 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 81530
cache: HIT
x-cached-since: 2025-05-14T09:19:35+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2

185.244.209.62

200 OK

64 kB

URL GET
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 63920, version 1.0
Size
64 kB (63920 bytes)
Hash
a65527fcb58f66a7cfbc0e6b160538b4
45d260e7fa343401b5bb0df982a014f53e2d253b
fb13c3a1cbac60649b76f7d7f85c1645d35ac69b85ce5f4eb0692505ecc2cd45

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-8941187.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 15 May 2025 07:58:25 GMT
content-type: font/woff2
content-length: 63920
traceparent: 00-6d931a1e0b5a6ade6ef1d826686ee9a1-f0ed1809b3e6f450-01
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "a65527fcb58f66a7cfbc0e6b160538b4"
expires: Thu, 16 Jan 2025 10:45:34 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 3404
cache: HIT
x-cached-since: 2025-05-15T07:01:41+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-1557/desktop/media_asset/f594bc0d2c2679b7e8fc694537f0d9a3.json

185.244.209.62

200 OK

14 kB

URL GET
v3.traincdn.com/genfiles/cms/1-1557/desktop/media_asset/f594bc0d2c2679b7e8fc694537f0d9a3.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
14 kB (14232 bytes)
Hash
811ce3b7877d19901e45430cb6523d62
16a905115a678fdef3923f91c6f76cbab613e84d
10fbb74dbac63abfe9c4f5a77abc03757ef3527a479d4ae70dc977b515eec8cb

HTTP Headers

GET /genfiles/cms/1-1557/desktop/media_asset/f594bc0d2c2679b7e8fc694537f0d9a3.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-8941187.top/
Origin: https://1xlite-8941187.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 15 May 2025 07:58:26 GMT
content-type: application/json
traceparent: 00-153eb3f734a8f6eb728e082241903780-13c22d8cba088705-01
last-modified: Thu, 27 Feb 2025 09:05:29 GMT
etag: W/"811ce3b7877d19901e45430cb6523d62"
content-encoding: gzip
expires: Wed, 14 May 2025 02:31:36 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
cache: REVALIDATED
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-1557/desktop/media_asset/044509d3ab663909228dde9ba00e7ca7.json

185.244.209.62

200 OK

9.3 kB

URL GET
v3.traincdn.com/genfiles/cms/1-1557/desktop/media_asset/044509d3ab663909228dde9ba00e7ca7.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
9.3 kB (9330 bytes)
Hash
ca7f8dc261bfa0bedbe26c6196957093
201939c20640df2ad6fbe79bc165b2e2d19bc65b
9d7da7f9fd8b6eb344298507d3e2afd038623c0e46dee2a018c0e3ecd667f203

HTTP Headers

GET /genfiles/cms/1-1557/desktop/media_asset/044509d3ab663909228dde9ba00e7ca7.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-8941187.top/
Origin: https://1xlite-8941187.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 15 May 2025 07:58:26 GMT
content-type: application/json
traceparent: 00-61e04134bf70013e94dd67a4afc2e725-f44cfb139ef9fc6d-01
last-modified: Wed, 20 Nov 2024 09:22:12 GMT
etag: W/"ca7f8dc261bfa0bedbe26c6196957093"
content-encoding: gzip
expires: Wed, 14 May 2025 02:31:36 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
cache: REVALIDATED
X-Firefox-Spdy: h2

POST 1xlite-8941187.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/ab.json

46.32.181.59

200 OK

2 B

URL POST
1xlite-8941187.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/ab.json
IP
46.32.181.59:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerLet's Encrypt
Subject1xlite-8941187.top
Fingerprint0E:9A:AD:42:31:98:A5:4E:3A:02:A1:69:82:4F:E7:1A:13:78:D0:E0
ValidityMon, 31 Mar 2025 05:22:12 GMT - Sun, 29 Jun 2025 05:22:11 GMT

File type
JSON text data
Size
2 B (2 bytes)
Hash
d751713988987e9331980363e24189ce
97d170e1550eee4afc0af065b78cda302a97674c
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/ab.json HTTP/1.1
Host: 1xlite-8941187.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Content-Type: application/json
X-Lang: en
X-Uuid: 7068ef57-1db7-478e-9df6-3f55abbcace7
Content-Length: 19
Origin: https://1xlite-8941187.top
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3553831m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3553831m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_3553831m_18607c_%22%2C%22pb%22%3A%22e6fc45b0c608454c8f12397d35da7b34%22%2C%22click_id%22%3A%22A24A0F80-3161-11F0-9622-7D7A056F101B%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; auid=LiC1O2glnqCc/QWoAwguAg==; window_width=1280; che_g=6edfcf5b-76ac-6320-092d-212d8971c3dc
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 15 May 2025 07:58:27 GMT
content-type: application/json
content-length: 2
x-dt: 1557
x-time-ng: 0.000
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.083, wf-uht;dur=0.011
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/b5cd9a5e87d930de856c92da15aa121e.png

185.244.209.62

200 OK

653 B

URL GET
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/b5cd9a5e87d930de856c92da15aa121e.png
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
PNG image data, 32 x 32, 8-bit colormap, non-interlaced
Size
653 B (653 bytes)
Hash
e6f0766cbd95db33da44e7a9140648f2
5f196b1bfe8c3f92bd2ebcd67124e72e81ae6aaf
c0399d478788d5d483f104a2e8cb7c32f41cb40e9df0c22e831b2bfa2db63ec0

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/b5cd9a5e87d930de856c92da15aa121e.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-8941187.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 15 May 2025 07:58:25 GMT
content-type: image/png
content-length: 653
traceparent: 00-39604a76648cb61994ac1e561212b4a2-6cbab909c04711ae-01
last-modified: Wed, 26 Jun 2024 08:18:02 GMT
etag: "e6f0766cbd95db33da44e7a9140648f2"
expires: Thu, 16 Jan 2025 10:46:36 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 1045
cache: HIT
x-cached-since: 2025-05-15T07:41:00+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-1557/desktop/media_asset/c67c82cb34c71d05fc2cfd82e034fb99.json

185.244.209.62

200 OK

2.9 kB

URL GET
v3.traincdn.com/genfiles/cms/1-1557/desktop/media_asset/c67c82cb34c71d05fc2cfd82e034fb99.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
2.9 kB (2853 bytes)
Hash
c163e08f04217198adf89b6af95e8ff6
4f45163b22f2cb4d66d287eb4acc54345ee814f8
d5af82911b446075abf5a86e262c5d8210894f80f8e6140d771e6d3effe7c7a1

HTTP Headers

GET /genfiles/cms/1-1557/desktop/media_asset/c67c82cb34c71d05fc2cfd82e034fb99.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-8941187.top/
Origin: https://1xlite-8941187.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 15 May 2025 07:58:27 GMT
content-type: application/json
traceparent: 00-d12d180f52c8679bc863a02f2ab262f8-8af2c0d302fbba28-01
last-modified: Thu, 08 May 2025 12:54:05 GMT
etag: W/"c163e08f04217198adf89b6af95e8ff6"
content-encoding: gzip
expires: Wed, 14 May 2025 02:31:38 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
cache: REVALIDATED
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/c50237ecf8.js

185.244.209.62

200 OK

147 B

URL GET
v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/c50237ecf8.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
Java source, ASCII text
Size
147 B (147 bytes)
Hash
9342a6022b9534791428a95d6f0e0960
21edf67a4d61d01073e1632bf874666df1403005
e6ddeb8d20f888ff72b70ae57ee365f5bcf1bf51de0cf76baf2f419705dc277d

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/c50237ecf8.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-8941187.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 15 May 2025 07:58:27 GMT
content-type: text/javascript; charset=utf-8
content-length: 147
traceparent: 00-bf53a7a600295d368753cbbe0d6a8563-c32e1e7d8cf74108-01
last-modified: Tue, 13 May 2025 07:58:07 GMT
etag: "9342a6022b9534791428a95d6f0e0960"
x-amz-meta-mtime: 1747122891.017052285
expires: Wed, 14 May 2025 08:27:30 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 84359
cache: HIT
x-cached-since: 2025-05-14T08:32:28+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2

185.244.209.62

200 OK

64 kB

URL GET
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 63920, version 1.0
Size
64 kB (63920 bytes)
Hash
a65527fcb58f66a7cfbc0e6b160538b4
45d260e7fa343401b5bb0df982a014f53e2d253b
fb13c3a1cbac60649b76f7d7f85c1645d35ac69b85ce5f4eb0692505ecc2cd45

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-8941187.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 15 May 2025 07:58:35 GMT
content-type: font/woff2
content-length: 63920
traceparent: 00-46bde3a22825dcb7605c7f1ad63e093a-b71a472f6f853886-01
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "a65527fcb58f66a7cfbc0e6b160538b4"
expires: Thu, 16 Jan 2025 10:45:34 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 3414
cache: HIT
x-cached-since: 2025-05-15T07:01:41+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/6ace8295/desktop/default/app-90837400.js

185.244.209.62

200 OK

512 kB

URL GET
v3.traincdn.com/main-static/6ace8295/desktop/default/app-90837400.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
512 kB (512537 bytes)
Hash
431252e3cc85f98e529fcfea09096af3
a8b0ab52833ea2a1cdfd9317eca9418bdea767b5
21cfb62537f9a14d0fb7ed009ae68b0eeb9c946e04ed3221222689baa271325b

HTTP Headers

GET /main-static/6ace8295/desktop/default/app-90837400.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-8941187.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 15 May 2025 07:58:25 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-f68f48b51fe1cf01b8da19e40c0509c6-0baae809ff99e549-01
last-modified: Tue, 13 May 2025 08:19:09 GMT
etag: W/"431252e3cc85f98e529fcfea09096af3"
x-amz-meta-mtime: 1747124348.482725191
content-encoding: gzip
expires: Wed, 14 May 2025 09:16:13 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 81529
cache: HIT
x-cached-since: 2025-05-14T09:19:36+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/6ace8295/desktop/default/vendors/plugins.vue-notification-7abf8c63.js

185.244.209.62

200 OK

13 kB

URL GET
v3.traincdn.com/main-static/6ace8295/desktop/default/vendors/plugins.vue-notification-7abf8c63.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (12563), with no line terminators
Size
13 kB (12563 bytes)
Hash
44aee1ef5bb4af087ddd25381875cc88
775ed51fa3f60ab52c93d2795d3a5453132cd171
881f0ab869b417c0ac8f0212e5e2babcfc5019ae8e985aa333ce99786f7a0da4

HTTP Headers

GET /main-static/6ace8295/desktop/default/vendors/plugins.vue-notification-7abf8c63.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-8941187.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 15 May 2025 07:58:26 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-7e4a75263ecc6e5c4ad37980cd87d666-7cb0f93533150a51-01
last-modified: Tue, 13 May 2025 08:19:09 GMT
etag: W/"44aee1ef5bb4af087ddd25381875cc88"
x-amz-meta-mtime: 1747124348.498725236
content-encoding: gzip
expires: Wed, 14 May 2025 09:16:14 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 81530
cache: HIT
x-cached-since: 2025-05-14T09:19:36+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/6ace8295/desktop/default/vendors/plugins.vue-js-modal-4880d136.js

185.244.209.62

200 OK

27 kB

URL GET
v3.traincdn.com/main-static/6ace8295/desktop/default/vendors/plugins.vue-js-modal-4880d136.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (26667), with no line terminators
Size
27 kB (26667 bytes)
Hash
1bf91dda7c7e63e5cc061aefa0e18528
6460f8030ff774a21b45458d495fd81a1c14fd7b
60bf2e595e97a0ec7a98ba27b4404b49a9a3adc12b818d36d0647d9b6add1e36

HTTP Headers

GET /main-static/6ace8295/desktop/default/vendors/plugins.vue-js-modal-4880d136.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-8941187.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 15 May 2025 07:58:26 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-53940a6b2cededb22b048ac5f4f03d92-e78081fe906f5912-01
last-modified: Tue, 13 May 2025 08:19:09 GMT
etag: W/"1bf91dda7c7e63e5cc061aefa0e18528"
x-amz-meta-mtime: 1747124348.498725236
content-encoding: gzip
expires: Wed, 14 May 2025 09:16:14 GMT
cache-control: max-age=86400
x-time-ng: 0.001
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 81529
cache: HIT
x-cached-since: 2025-05-14T09:19:37+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/shared-assets/__shared_vue_deps_DYMTJONH.js

185.244.209.62

200 OK

19 kB

URL GET
v3.traincdn.com/sys-static/shared-assets/__shared_vue_deps_DYMTJONH.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (19034)
Size
19 kB (19175 bytes)
Hash
1580a3cfe81fd30910a49dfe64cc8e7b
314144dc49595482ba46c0b85b38d5f73ef73a7b
8989a021d20f0fc08c43966a287cbd99e43142a5a0ff42eb232756a101de6035

HTTP Headers

GET /sys-static/shared-assets/__shared_vue_deps_DYMTJONH.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-8941187.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 15 May 2025 07:58:27 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-b200094f2e48357d6bd79fd1ec601b6b-6ea92821d36ef9f5-01
last-modified: Wed, 14 May 2025 06:46:23 GMT
etag: W/"1580a3cfe81fd30910a49dfe64cc8e7b"
x-amz-meta-mtime: 1747205150.722023008
content-encoding: gzip
expires: Thu, 15 May 2025 08:08:24 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 85736
cache: HIT
x-cached-since: 2025-05-14T08:09:31+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/a4446f7d50.js

185.244.209.62

200 OK

1.1 kB

URL GET
v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/a4446f7d50.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (1128)
Size
1.1 kB (1129 bytes)
Hash
27394e2b9d3d63b092206c08e9a504fa
9f767f416c7e7ef9a1f210d5944c8b050404282a
337cbcca75bb6b4ce433521b154bea716e8dcce784d8424018d8437a5d5466a5

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/a4446f7d50.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-8941187.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 15 May 2025 07:58:27 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-2632e61e3c32d470ca8af364b4c0f0aa-4f4134e760a0067e-01
last-modified: Tue, 13 May 2025 07:58:07 GMT
etag: W/"27394e2b9d3d63b092206c08e9a504fa"
x-amz-meta-mtime: 1747122891.017052285
content-encoding: gzip
expires: Wed, 14 May 2025 08:27:30 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 84359
cache: HIT
x-cached-since: 2025-05-14T08:32:28+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/6ace8295/desktop/default/analytics-2a8f5225.js

185.244.209.62

200 OK

7.8 kB

URL GET
v3.traincdn.com/main-static/6ace8295/desktop/default/analytics-2a8f5225.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (7765), with no line terminators
Size
7.8 kB (7765 bytes)
Hash
a7ab0d3478efff4a7b6dc95b95fd78d0
29fd58ecfad589b7e2324789051fd93f883e8fb1
7952f5f889f4544c562bb59148eb55d0a212f7826843c2c622be04eda26aa490

HTTP Headers

GET /main-static/6ace8295/desktop/default/analytics-2a8f5225.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-8941187.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 15 May 2025 07:58:36 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-f8d6a78193274cc89972b31ae0952590-a1371d41a9078de5-01
last-modified: Tue, 13 May 2025 08:19:09 GMT
etag: W/"a7ab0d3478efff4a7b6dc95b95fd78d0"
x-amz-meta-mtime: 1747124348.482725191
content-encoding: gzip
expires: Wed, 14 May 2025 09:16:25 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 80836
cache: HIT
x-cached-since: 2025-05-14T09:31:20+00:00
X-Firefox-Spdy: h2

POST region1.analytics.google.com/g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je55d1v897130004za200&_p=1747295916921&gcd=13l3lPl2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101509157~103116026~103130495~103130497~103200004~103233427~103252644~103252646~103301114~103301116&cid=738552927.1747295917&ecid=464080409&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_eu=AEAAAAQ&_s=2&sid=1747295917&sct=1&seg=0&dl=https%3A%2F%2F1xlite-8941187.top%2Fen%2Fblock%3FredirectedFrom%3D0ae5949961e95bf4210401c4d1f82ec6&dt=1xBet&en=scroll&ep.optimize_id=GTM-5R4MT54&epn.percent_scrolled=90&tfd=18446

216.239.34.36

204 No Content

0 B

URL POST
region1.analytics.google.com/g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je55d1v897130004za200&_p=1747295916921&gcd=13l3lPl2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101509157~103116026~103130495~103130497~103200004~103233427~103252644~103252646~103301114~103301116&cid=738552927.1747295917&ecid=464080409&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_eu=AEAAAAQ&_s=2&sid=1747295917&sct=1&seg=0&dl=https%3A%2F%2F1xlite-8941187.top%2Fen%2Fblock%3FredirectedFrom%3D0ae5949961e95bf4210401c4d1f82ec6&dt=1xBet&en=scroll&ep.optimize_id=GTM-5R4MT54&epn.percent_scrolled=90&tfd=18446
IP
216.239.34.36:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint02:7D:56:C0:B9:20:0C:27:A4:AC:B9:8F:9D:45:1D:85:2A:30:50:AD
ValidityMon, 21 Apr 2025 08:40:41 GMT - Mon, 14 Jul 2025 08:40:40 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je55d1v897130004za200&_p=1747295916921&gcd=13l3lPl2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101509157~103116026~103130495~103130497~103200004~103233427~103252644~103252646~103301114~103301116&cid=738552927.1747295917&ecid=464080409&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_eu=AEAAAAQ&_s=2&sid=1747295917&sct=1&seg=0&dl=https%3A%2F%2F1xlite-8941187.top%2Fen%2Fblock%3FredirectedFrom%3D0ae5949961e95bf4210401c4d1f82ec6&dt=1xBet&en=scroll&ep.optimize_id=GTM-5R4MT54&epn.percent_scrolled=90&tfd=18446 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-8941187.top/
Origin: https://1xlite-8941187.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/3 204 No Content
access-control-allow-origin: https://1xlite-8941187.top
date: Thu, 15 May 2025 07:58:42 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:153:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsggc:153:0
report-to: {"group":"ascnsrsggc:153:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:153:0"}],}
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_coupon/en/dictionary_7f9929f9278a5ec48677c57da7e65df4.json

185.244.209.62

200 OK

24 kB

URL GET
v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_coupon/en/dictionary_7f9929f9278a5ec48677c57da7e65df4.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
24 kB (24340 bytes)
Hash
40b55f195304c8abb24179499bb6717b
107facb64795f95ea53b05300d453bd6a2866f4f
076ac666b53dc1afdd331724c42c68cb61b4870ad64bb62986d09f6db5c32550

HTTP Headers

GET /genfiles/web-app-v2/dictionary2/v3_coupon/en/dictionary_7f9929f9278a5ec48677c57da7e65df4.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-8941187.top/
Origin: https://1xlite-8941187.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 15 May 2025 07:58:26 GMT
content-type: application/json; charset=utf-8
traceparent: 00-169d27b1573b2d814e2f3c3fd59f4d84-e1007861251a7d0a-01
last-modified: Tue, 13 May 2025 16:06:46 GMT
etag: W/"40b55f195304c8abb24179499bb6717b"
cache-control: max-age=3600
content-encoding: gzip
expires: Tue, 13 May 2025 17:17:37 GMT
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 2888
cache: HIT
x-cached-since: 2025-05-15T07:10:18+00:00
X-Firefox-Spdy: h2

POST 1xlite-8941187.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json

46.32.181.59

200 OK

23 B

URL POST
1xlite-8941187.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json
IP
46.32.181.59:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerLet's Encrypt
Subject1xlite-8941187.top
Fingerprint0E:9A:AD:42:31:98:A5:4E:3A:02:A1:69:82:4F:E7:1A:13:78:D0:E0
ValidityMon, 31 Mar 2025 05:22:12 GMT - Sun, 29 Jun 2025 05:22:11 GMT

File type
JSON text data
Size
23 B (23 bytes)
Hash
e47b78c7e8ec180d82cab0441b183b64
b2f3be8519c3f20f3c0ee55ec9294d0f2bdb8218
99550e8d80f237f33999d754549a1a68ddb7c653393dbcefe8163fa84217af5e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json HTTP/1.1
Host: 1xlite-8941187.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Content-Type: application/json
X-Lang: en
X-Uuid: 7068ef57-1db7-478e-9df6-3f55abbcace7
Content-Length: 89
Origin: https://1xlite-8941187.top
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3553831m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3553831m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_3553831m_18607c_%22%2C%22pb%22%3A%22e6fc45b0c608454c8f12397d35da7b34%22%2C%22click_id%22%3A%22A24A0F80-3161-11F0-9622-7D7A056F101B%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; auid=LiC1O2glnqCc/QWoAwguAg==; window_width=1280; che_g=6edfcf5b-76ac-6320-092d-212d8971c3dc
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 15 May 2025 07:58:26 GMT
content-type: application/json
content-length: 23
x-dt: 1557
x-time-ng: 0.000
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.083, wf-uht;dur=0.010
X-Firefox-Spdy: h2

GET 1xlite-8941187.top/bff-api/config/group/get?groups=d.technical&lang=en

46.32.181.59

200 OK

754 B

URL GET
1xlite-8941187.top/bff-api/config/group/get?groups=d.technical&lang=en
IP
46.32.181.59:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerLet's Encrypt
Subject1xlite-8941187.top
Fingerprint0E:9A:AD:42:31:98:A5:4E:3A:02:A1:69:82:4F:E7:1A:13:78:D0:E0
ValidityMon, 31 Mar 2025 05:22:12 GMT - Sun, 29 Jun 2025 05:22:11 GMT

File type
JSON text data
Size
754 B (754 bytes)
Hash
ce728315129563a21dd68178767f3101
e0a7c56f6110d34db1b1dc90401a67a0e2372fff
3c5ab35187886927807fd3e55e953678c478d38aaebd5a61ba540c5d593ca420

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bff-api/config/group/get?groups=d.technical&lang=en HTTP/1.1
Host: 1xlite-8941187.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
content-type: application/json
x-requested-with: XMLHttpRequest
is-srv: false
x-svc-source: __TECHNICAL_PAGES_APP__
x-app-n: __TECHNICAL_PAGES_APP__
x-geoip2-country-code: ru
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3553831m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3553831m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_3553831m_18607c_%22%2C%22pb%22%3A%22e6fc45b0c608454c8f12397d35da7b34%22%2C%22click_id%22%3A%22A24A0F80-3161-11F0-9622-7D7A056F101B%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; auid=LiC1O2glnqCc/QWoAwguAg==; window_width=1920; che_g=6edfcf5b-76ac-6320-092d-212d8971c3dc
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 15 May 2025 07:58:27 GMT
content-type: application/json
content-length: 754
cache-control: no-cache, private
server-timing: dt_total;dur=0.106, bff;dur=44.44, wf-uht;dur=0.059
x-dt: 1557
x-pod: R-pdknj
x-time-ng: 0.046
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

GET www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-7JGWL9SV66&cid=738552927.1747295917&gtm=45je55d1v897130004za200&aip=1&dma=1&dma_cps=syphamo&gcd=13l3lPl2l1l1&npa=1&frm=0&tag_exp=101509157~103116026~103130495~103130497~103200004~103233427~103252644~103252646~103301114~103301116&tag_exp=101509157~103116026~103130495~103130497~103200004~103233427~103252644~103252646~103301114~103301116&z=518381063

142.250.74.131

200 OK

42 B

URL GET
www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-7JGWL9SV66&cid=738552927.1747295917&gtm=45je55d1v897130004za200&aip=1&dma=1&dma_cps=syphamo&gcd=13l3lPl2l1l1&npa=1&frm=0&tag_exp=101509157~103116026~103130495~103130497~103200004~103233427~103252644~103252646~103301114~103301116&tag_exp=101509157~103116026~103130495~103130497~103200004~103233427~103252644~103252646~103301114~103301116&z=518381063
IP
142.250.74.131:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerGoogle Trust Services
Subject*.google.no
Fingerprint66:A3:1A:F5:73:DE:8E:7D:0E:AA:01:69:6B:5C:DA:3F:F8:63:CD:5F
ValidityMon, 21 Apr 2025 08:43:35 GMT - Mon, 14 Jul 2025 08:43:34 GMT

File type
GIF image data, version 89a, 1 x 1
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-7JGWL9SV66&cid=738552927.1747295917&gtm=45je55d1v897130004za200&aip=1&dma=1&dma_cps=syphamo&gcd=13l3lPl2l1l1&npa=1&frm=0&tag_exp=101509157~103116026~103130495~103130497~103200004~103233427~103252644~103252646~103301114~103301116&tag_exp=101509157~103116026~103130495~103130497~103200004~103233427~103252644~103252646~103301114~103301116&z=518381063 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-8941187.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 15 May 2025 07:58:37 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/346ba7cb7f.css

185.244.209.62

200 OK

650 B

URL GET
v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/346ba7cb7f.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with very long lines (649)
Size
650 B (650 bytes)
Hash
d1fd527117bc7f6ab34dfb21f73eff21
3cd449f00b04eaf0e19ace8e68cd5ca39b43cfa8
4aa6713aa401bfab91d607e5d75483215ae8c34f840d55b2e7bef9cc3cc0cd28

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/346ba7cb7f.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-8941187.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 15 May 2025 07:58:25 GMT
content-type: text/css; charset=utf-8
content-length: 650
traceparent: 00-282d43534a7d613b1f20e88ef8b36831-bfb1ef03e19689b5-01
last-modified: Tue, 13 May 2025 07:58:07 GMT
etag: "d1fd527117bc7f6ab34dfb21f73eff21"
x-amz-meta-mtime: 1747122891.013052267
expires: Wed, 14 May 2025 09:52:08 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 79073
cache: HIT
x-cached-since: 2025-05-14T10:00:32+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/6ace8295/desktop/default/Page.Block-9d985a45.js

185.244.209.62

200 OK

476 B

URL GET
v3.traincdn.com/main-static/6ace8295/desktop/default/Page.Block-9d985a45.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (476), with no line terminators
Size
476 B (476 bytes)
Hash
388b41adb9ddbb05dcba0e411575774f
6b5f08fd97851cdf3105bd18354f02b7e869a64f
33413c5fa489707dd78978061f2a6740f35578919ed2bf47fd2e99100b465d99

HTTP Headers

GET /main-static/6ace8295/desktop/default/Page.Block-9d985a45.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-8941187.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 15 May 2025 07:58:25 GMT
content-type: text/javascript; charset=utf-8
content-length: 476
traceparent: 00-c35acaeffec899b856037f8719be1883-6b8a4dd861cf5c7f-01
last-modified: Tue, 13 May 2025 08:19:09 GMT
etag: "388b41adb9ddbb05dcba0e411575774f"
x-amz-meta-mtime: 1747124348.474725168
expires: Wed, 14 May 2025 09:16:27 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 80908
cache: HIT
x-cached-since: 2025-05-14T09:29:57+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_forgot_password/en/dictionary_aef164340349169ddaae9184d8220105.json

185.244.209.62

200 OK

3.8 kB

URL GET
v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_forgot_password/en/dictionary_aef164340349169ddaae9184d8220105.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
3.8 kB (3759 bytes)
Hash
0fcc427be22daf21174cdb38a0771dcf
68ebb00e1faac3d607d655c3d0660983e508cdfe
347bb59968bb65efe1f2aba722bcecd4d12a7816cf03dae3b7a528bd14d7b237

HTTP Headers

GET /genfiles/web-app-v2/dictionary2/v3_forgot_password/en/dictionary_aef164340349169ddaae9184d8220105.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-8941187.top/
Origin: https://1xlite-8941187.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 15 May 2025 07:58:26 GMT
content-type: application/json; charset=utf-8
traceparent: 00-430a4e6096f68dd00ced5023ee55e06d-ea96ece7750db022-01
last-modified: Mon, 12 May 2025 12:06:33 GMT
etag: W/"0fcc427be22daf21174cdb38a0771dcf"
cache-control: max-age=3600
content-encoding: gzip
expires: Mon, 12 May 2025 13:17:42 GMT
x-time-ng: 0.001
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 649
cache: HIT
x-cached-since: 2025-05-15T07:47:37+00:00
X-Firefox-Spdy: h2

POST 1xlite-8941187.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json

46.32.181.59

200 OK

23 B

URL POST
1xlite-8941187.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json
IP
46.32.181.59:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerLet's Encrypt
Subject1xlite-8941187.top
Fingerprint0E:9A:AD:42:31:98:A5:4E:3A:02:A1:69:82:4F:E7:1A:13:78:D0:E0
ValidityMon, 31 Mar 2025 05:22:12 GMT - Sun, 29 Jun 2025 05:22:11 GMT

File type
JSON text data
Size
23 B (23 bytes)
Hash
1e9ab1eb9188636749279d0327430aaa
4fb269673341ab17fe5ab856f999195f4f8ccec1
5de553d5ecd96d945408ead265b918b5af6c3c39aa64fab23cbcd73c7fc86076

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json HTTP/1.1
Host: 1xlite-8941187.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Content-Type: application/json
X-Lang: en
X-Uuid: 7068ef57-1db7-478e-9df6-3f55abbcace7
Content-Length: 48
Origin: https://1xlite-8941187.top
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3553831m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3553831m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_3553831m_18607c_%22%2C%22pb%22%3A%22e6fc45b0c608454c8f12397d35da7b34%22%2C%22click_id%22%3A%22A24A0F80-3161-11F0-9622-7D7A056F101B%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; auid=LiC1O2glnqCc/QWoAwguAg==
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 15 May 2025 07:58:26 GMT
content-type: application/json
content-length: 23
x-dt: 1557
x-time-ng: 0.000
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.104, wf-uht;dur=0.011
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/shared-assets/__shared_libphonenumber_js_Q6RMKWT6.js

185.244.209.62

200 OK

159 kB

URL GET
v3.traincdn.com/sys-static/shared-assets/__shared_libphonenumber_js_Q6RMKWT6.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with very long lines (65509)
Size
159 kB (158815 bytes)
Hash
1da464d70e78b04b9b808e82e4ad9487
0c79e65516d1525ecb43d13cfb4ccb0631095a28
b4c72b8036ca6767ab61490178f901538646f2aa1001cb042caa134174a41595

HTTP Headers

GET /sys-static/shared-assets/__shared_libphonenumber_js_Q6RMKWT6.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-8941187.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 15 May 2025 07:58:26 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-423ce3c65a12c667be2eec9290e7ebd9-fc55d453cb94992c-01
last-modified: Tue, 13 May 2025 14:38:20 GMT
etag: W/"1da464d70e78b04b9b808e82e4ad9487"
x-amz-meta-mtime: 1747147048.066401979
content-encoding: gzip
expires: Thu, 15 May 2025 08:08:17 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 85735
cache: HIT
x-cached-since: 2025-05-14T08:09:31+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/shared-assets/__shared_accept_language_parser_B6TW5FDZ.js

185.244.209.62

200 OK

1.3 kB

URL GET
v3.traincdn.com/sys-static/shared-assets/__shared_accept_language_parser_B6TW5FDZ.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (1265)
Size
1.3 kB (1297 bytes)
Hash
e3f1c4089db6b910890e85d97a2e2066
85828920da3c3fd7856acde184e835ac314295cd
6c28afe5a52e0f9b1138fe498b254c8671058a058b555651ccae8e91e7534614

HTTP Headers

GET /sys-static/shared-assets/__shared_accept_language_parser_B6TW5FDZ.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-8941187.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 15 May 2025 07:58:27 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-2c7d47ee20112964e78a1a3445149e38-f4b64783a99ea8e8-01
last-modified: Wed, 14 May 2025 06:46:23 GMT
etag: W/"e3f1c4089db6b910890e85d97a2e2066"
x-amz-meta-mtime: 1747205150.706023229
content-encoding: gzip
expires: Thu, 15 May 2025 08:00:29 GMT
cache-control: max-age=86400
x-time-ng: 0.004
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 85736
cache: HIT
x-cached-since: 2025-05-14T08:09:31+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-1557/desktop/media_asset/dfb33d7975a7cca40b871069dc418d5a.json

185.244.209.62

200 OK

1.4 kB

URL GET
v3.traincdn.com/genfiles/cms/1-1557/desktop/media_asset/dfb33d7975a7cca40b871069dc418d5a.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
1.4 kB (1381 bytes)
Hash
60800fc6a93e48491d94e7d6447b1709
632786af7227839842c02819d3d6340d13cc6125
62e20d1db7acda670afe7035a169bb1d4ba4adfac1251ad8a666edc7e14a5f8f

HTTP Headers

GET /genfiles/cms/1-1557/desktop/media_asset/dfb33d7975a7cca40b871069dc418d5a.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-8941187.top/
Origin: https://1xlite-8941187.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 15 May 2025 07:58:27 GMT
content-type: application/json
traceparent: 00-77828d411fa46b0c5d7601cfcb8751bc-07a0134b59b5fc31-01
last-modified: Mon, 26 Aug 2024 16:52:36 GMT
etag: W/"60800fc6a93e48491d94e7d6447b1709"
content-encoding: gzip
expires: Wed, 14 May 2025 02:31:37 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
cache: REVALIDATED
X-Firefox-Spdy: h2

GET radar.cedexis.com/1707728419/stub.js

45.54.49.5

200 OK

390 B

URL GET
radar.cedexis.com/1707728419/stub.js
IP
45.54.49.5:443
ASN
#63911 NetActuate, Inc

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerDigiCert Inc
Subjectradar.cedexis.com
FingerprintA2:3E:30:19:D5:41:3A:11:81:58:E3:B1:6F:F4:D2:78:0B:44:6F:D0
ValidityFri, 07 Mar 2025 00:00:00 GMT - Fri, 06 Mar 2026 23:59:59 GMT

File type
JavaScript source, ASCII text
Size
390 B (390 bytes)
Hash
82dec77fd0353c7c71ce053b8601387e
fbbca95419e1d0c042e0a5fdf10f380aca66188c
39f2b7b0fa78d37d0c84d2d6618bd635d86fd683d9bcdd5729850cb2a62522f7

HTTP Headers

GET /1707728419/stub.js HTTP/1.1
Host: radar.cedexis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-8941187.top/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 15 May 2025 07:58:37 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 12 Feb 2024 09:50:42 GMT
Vary: Accept-Encoding
ETag: W/"65c9e9f2-186"
Expires: Thu, 29 May 2025 07:58:37 GMT
Cache-Control: max-age=1209600, public
Content-Encoding: gzip

GET 1xlite-8941187.top/main-static/6ace8295/check-ob.js

46.32.181.59

200 OK

219 B

URL GET
1xlite-8941187.top/main-static/6ace8295/check-ob.js
IP
46.32.181.59:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerLet's Encrypt
Subject1xlite-8941187.top
Fingerprint0E:9A:AD:42:31:98:A5:4E:3A:02:A1:69:82:4F:E7:1A:13:78:D0:E0
ValidityMon, 31 Mar 2025 05:22:12 GMT - Sun, 29 Jun 2025 05:22:11 GMT

File type
JavaScript source, ASCII text
Size
219 B (219 bytes)
Hash
c065700c9c8c493403359e1f2baa10d9
4630fe729e70bdf63fa7ba6c84ec277fd1f51030
1e61f0c82ae82ffcf503fcd4b4c8ae27b32c11e19b882d5d13f3c44364c893f4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /main-static/6ace8295/check-ob.js HTTP/1.1
Host: 1xlite-8941187.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3553831m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3553831m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_3553831m_18607c_%22%2C%22pb%22%3A%22e6fc45b0c608454c8f12397d35da7b34%22%2C%22click_id%22%3A%22A24A0F80-3161-11F0-9622-7D7A056F101B%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; auid=LiC1O2glnqCc/QWoAwguAg==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 15 May 2025 07:58:25 GMT
content-type: text/javascript; charset=utf-8
content-length: 219
last-modified: Tue, 13 May 2025 08:20:33 GMT
etag: "c065700c9c8c493403359e1f2baa10d9"
x-amz-meta-mtime: 1747124432.334964797
expires: Fri, 16 May 2025 07:37:59 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_express_day/en/dictionary_1971e4038469f37ec9a819d99d5b8f4a.json

185.244.209.62

200 OK

1.1 kB

URL GET
v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_express_day/en/dictionary_1971e4038469f37ec9a819d99d5b8f4a.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
1.1 kB (1129 bytes)
Hash
a3810b04fc93c6b4f295ceb812f9f212
6cff2c69f8e43259380952d6c0df7ba563b7da8d
c1afcca19f61498f21aab6c0ca6b1992f5c8b4baf281dfa14b780ed780035c54

HTTP Headers

GET /genfiles/web-app-v2/dictionary2/v3_express_day/en/dictionary_1971e4038469f37ec9a819d99d5b8f4a.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-8941187.top/
Origin: https://1xlite-8941187.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 15 May 2025 07:58:26 GMT
content-type: application/json; charset=utf-8
traceparent: 00-ef5f937888106f3a637a99e992897a8d-11166a3a91cf40a3-01
last-modified: Fri, 09 May 2025 16:06:27 GMT
etag: W/"a3810b04fc93c6b4f295ceb812f9f212"
cache-control: max-age=3600
content-encoding: gzip
expires: Fri, 09 May 2025 17:11:01 GMT
x-time-ng: 0.001
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 587
cache: HIT
x-cached-since: 2025-05-15T07:48:39+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/shared-assets/__shared_localforage_FJKG5M2E.js

185.244.209.62

200 OK

30 kB

URL GET
v3.traincdn.com/sys-static/shared-assets/__shared_localforage_FJKG5M2E.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (30255)
Size
30 kB (30277 bytes)
Hash
02cf95f00794b77df34632e34a59c5be
b64889fb6cbe78a141688ea761a627997ef8a8af
bf78b7b3dd6ecbdea04c575edfb6022ed1b2e98c7a9cb9f02ab851ca638f1b83

HTTP Headers

GET /sys-static/shared-assets/__shared_localforage_FJKG5M2E.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-8941187.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 15 May 2025 07:58:27 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-f7137699a1009d50ee703635b6ba1f11-72e4ea3b13b85a71-01
last-modified: Wed, 14 May 2025 06:40:55 GMT
etag: W/"02cf95f00794b77df34632e34a59c5be"
x-amz-meta-mtime: 1747204694.903230631
content-encoding: gzip
expires: Thu, 15 May 2025 07:00:53 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 85736
cache: HIT
x-cached-since: 2025-05-14T08:09:31+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-1557/desktop/media_asset/d7cdddcad90ad908d81a5f684d2ca365.json

185.244.209.62

200 OK

328 B

URL GET
v3.traincdn.com/genfiles/cms/1-1557/desktop/media_asset/d7cdddcad90ad908d81a5f684d2ca365.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
328 B (328 bytes)
Hash
4347fc050ebe622e30a7bf78a213b5a0
c05b3b571980b01ff9f07e6adc1c29c58be70bd1
ed1b1193a248bf273141c31b7f74dd1224416b3757e5a71f2e7d579c50d65d57

HTTP Headers

GET /genfiles/cms/1-1557/desktop/media_asset/d7cdddcad90ad908d81a5f684d2ca365.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-8941187.top/
Origin: https://1xlite-8941187.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 15 May 2025 07:58:27 GMT
content-type: application/json
content-length: 328
traceparent: 00-cd26b52a3f0496aa5d108ce8726f18bd-76196b4d95fa9cab-01
last-modified: Thu, 27 Feb 2025 10:57:27 GMT
etag: "4347fc050ebe622e30a7bf78a213b5a0"
expires: Wed, 14 May 2025 02:31:37 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
cache: REVALIDATED
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/7413cf649a.js

185.244.209.62

200 OK

2.4 kB

URL GET
v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/7413cf649a.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (2401)
Size
2.4 kB (2402 bytes)
Hash
fc9f00b3c5e80c91ffc413f8bff1f507
f4451cfe54e42a72f4355c4f4ae93bf833919b42
69d20bd48a101dd44f0aa62b660723f8f7f9e1013c39ae5c46896ba7e3376102

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/7413cf649a.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-8941187.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 15 May 2025 07:58:27 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-9c23c24969faf0474a88f7114bf67aec-220de0c556641756-01
last-modified: Tue, 13 May 2025 07:58:07 GMT
etag: W/"fc9f00b3c5e80c91ffc413f8bff1f507"
x-amz-meta-mtime: 1747122891.017052285
content-encoding: gzip
expires: Wed, 14 May 2025 08:27:30 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 84359
cache: HIT
x-cached-since: 2025-05-14T08:32:28+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/6ace8295/desktop/default/css/684d7545.css

185.244.209.62

200 OK

14 kB

URL GET
v3.traincdn.com/main-static/6ace8295/desktop/default/css/684d7545.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with very long lines (14391), with no line terminators
Size
14 kB (14391 bytes)
Hash
a552d5db890b7f16e370b33cc587e807
a9dc47737b3e1d8ef6fcbb48c7c0b026c6fda545
0d7e00204297499711ae1da574d4635b31d8238ab4a663b382c44d850d24f3ec

HTTP Headers

GET /main-static/6ace8295/desktop/default/css/684d7545.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-8941187.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 15 May 2025 07:58:25 GMT
content-type: text/css; charset=utf-8
traceparent: 00-6fe247e6b061d70b1fd4d517802762af-1d1ba9bba7a99930-01
last-modified: Tue, 13 May 2025 08:19:09 GMT
etag: W/"a552d5db890b7f16e370b33cc587e807"
x-amz-meta-mtime: 1747124348.494725225
content-encoding: gzip
expires: Wed, 14 May 2025 09:16:12 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 81530
cache: HIT
x-cached-since: 2025-05-14T09:19:35+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/version.json

185.244.209.62

200 OK

11 B

URL GET
v3.traincdn.com/version.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text
Size
11 B (11 bytes)
Hash
6825159706f85d2892bac9d8e7f99580
8d9c75ab0523b3920e01b7237cde1cc197292caa
339041651db52cb084df1e97b9f409c730271445f3ea439890e199407a19004f

HTTP Headers

GET /version.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-8941187.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-8941187.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 15 May 2025 07:58:25 GMT
content-type: application/json
content-length: 11
traceparent: 00-f78252d27240b3bdf39f9c6ea1adf0e8-99a40083fc686457-01
last-modified: Tue, 13 May 2025 08:20:33 GMT
etag: "6825159706f85d2892bac9d8e7f99580"
x-amz-meta-mtime: 1747124433.554968282
expires: Tue, 13 May 2025 08:22:16 GMT
cache-control: max-age=60
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 26
cache: HIT
x-cached-since: 2025-05-15T07:57:59+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/6ace8295/desktop/default/vendors/plugins.v-tooltip-e339ee56.js

185.244.209.62

200 OK

77 kB

URL GET
v3.traincdn.com/main-static/6ace8295/desktop/default/vendors/plugins.v-tooltip-e339ee56.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65476)
Size
77 kB (76622 bytes)
Hash
81d5c9d6f1552c6ec5eadc3432d963a9
aa541eb938c8bf1bfa6c318740ba5b69f71a903a
853e7a628847609aa596bf60da15461ab555aa554e82366717593b106a76751d

HTTP Headers

GET /main-static/6ace8295/desktop/default/vendors/plugins.v-tooltip-e339ee56.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-8941187.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 15 May 2025 07:58:26 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-ea6c87b88e0edad2a56be30a10d89934-ec49dfee93557aec-01
last-modified: Tue, 13 May 2025 08:19:09 GMT
etag: W/"81d5c9d6f1552c6ec5eadc3432d963a9"
x-amz-meta-mtime: 1747124348.498725236
content-encoding: gzip
expires: Wed, 14 May 2025 09:16:14 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 81530
cache: HIT
x-cached-since: 2025-05-14T09:19:36+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/6ace8295/desktop/default/DC-aa7e864f.js

185.244.209.62

200 OK

2.7 kB

URL GET
v3.traincdn.com/main-static/6ace8295/desktop/default/DC-aa7e864f.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (2654), with no line terminators
Size
2.7 kB (2654 bytes)
Hash
ff6416721569f0ca7ca0a6111b8e845f
746b5a29aece55fc74ce28ed5c4bd27cd13a7127
c167cf9d96a1036fb00b89bfbd4a38e656739526ad4368ed1e4a0bd80409be86

HTTP Headers

GET /main-static/6ace8295/desktop/default/DC-aa7e864f.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-8941187.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 15 May 2025 07:58:26 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-d04639146b2750be003733554d5ebc8a-e3d08cdebb7fc43a-01
last-modified: Tue, 13 May 2025 08:19:09 GMT
etag: W/"ff6416721569f0ca7ca0a6111b8e845f"
x-amz-meta-mtime: 1747124348.474725168
content-encoding: gzip
expires: Wed, 14 May 2025 09:16:14 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 81529
cache: HIT
x-cached-since: 2025-05-14T09:19:37+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/shared-assets/Desktop/__shared_base-app_114fe59c47.js

185.244.209.62

200 OK

789 kB

URL GET
v3.traincdn.com/sys-static/shared-assets/Desktop/__shared_base-app_114fe59c47.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (22825)
Size
789 kB (789396 bytes)
Hash
435056127d090da3962ec407566149c5
9313f126df39a83e81ff125106f1bf005bb38cde
b285814b5de1f3b5270786c6e06277a6c250b186a9e468c3bb9ac63e93b9b490

HTTP Headers

GET /sys-static/shared-assets/Desktop/__shared_base-app_114fe59c47.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-8941187.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 15 May 2025 07:58:26 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-fd6a28915497f2ef62ea9982ef52a2d6-9f2912c551607e8a-01
last-modified: Tue, 13 May 2025 07:58:12 GMT
etag: W/"435056127d090da3962ec407566149c5"
x-amz-meta-mtime: 1747122891.825055656
content-encoding: gzip
expires: Wed, 14 May 2025 08:23:53 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 84479
cache: HIT
x-cached-since: 2025-05-14T08:30:27+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/shared-assets/__shared_popper_js_E2H7ZPXQ.js

185.244.209.62

200 OK

21 kB

URL GET
v3.traincdn.com/sys-static/shared-assets/__shared_popper_js_E2H7ZPXQ.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (21232)
Size
21 kB (21252 bytes)
Hash
3cf0cae38afae9add22f7884e5061231
2a41037501375a439385a76a047876619683418f
322482e3beae5a985d069beea981614510fda90a5df7295b776a324d461fc43d

HTTP Headers

GET /sys-static/shared-assets/__shared_popper_js_E2H7ZPXQ.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-8941187.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 15 May 2025 07:58:27 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-c3a34270b70f12a368498cc405cc5e77-88ae0537de183aff-01
last-modified: Wed, 14 May 2025 06:46:23 GMT
etag: W/"3cf0cae38afae9add22f7884e5061231"
x-amz-meta-mtime: 1747205150.722023008
content-encoding: gzip
expires: Thu, 15 May 2025 08:28:25 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 84602
cache: HIT
x-cached-since: 2025-05-14T08:28:25+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-1557/desktop/media_asset/f6840074d112eed1a00d900db0b5dc4d.json

185.244.209.62

200 OK

3.6 kB

URL GET
v3.traincdn.com/genfiles/cms/1-1557/desktop/media_asset/f6840074d112eed1a00d900db0b5dc4d.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
3.6 kB (3557 bytes)
Hash
4b08975411699bcd7464f49777e866bf
2a9b0a0f3eadf5f3e1ef688bacd9560dd59c73d2
b6208d18413f8988db2e0040ff72516c0cb5e06d3d9692b5b098808ab46fc378

HTTP Headers

GET /genfiles/cms/1-1557/desktop/media_asset/f6840074d112eed1a00d900db0b5dc4d.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-8941187.top/
Origin: https://1xlite-8941187.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 15 May 2025 07:58:27 GMT
content-type: application/json
traceparent: 00-1aad2ef35e86dce8e29c3be54febaad7-3d5965842304d793-01
last-modified: Thu, 27 Feb 2025 09:07:40 GMT
etag: W/"4b08975411699bcd7464f49777e866bf"
content-encoding: gzip
expires: Wed, 14 May 2025 02:31:37 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
cache: REVALIDATED
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/site-admin/css_vars/29b5cda95fa390c124de39b6aeca6d24.css

185.244.209.62

200 OK

46 B

URL GET
v3.traincdn.com/genfiles/site-admin/css_vars/29b5cda95fa390c124de39b6aeca6d24.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
46 B (46 bytes)
Hash
29b5cda95fa390c124de39b6aeca6d24
46f68f69533c1fdc737eb36e8e7af7672178e610
6021ec0aede22eadcb8401fe945d345202320437c7be01b157f0cb282ebe7c88

HTTP Headers

GET /genfiles/site-admin/css_vars/29b5cda95fa390c124de39b6aeca6d24.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-8941187.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 15 May 2025 07:58:26 GMT
content-type: text/css
content-length: 46
traceparent: 00-1a80ca01a9a83f2d3d4bf9c4c7dccfcd-b5d6530bdd5726ff-01
last-modified: Thu, 20 Mar 2025 13:29:31 GMT
etag: "29b5cda95fa390c124de39b6aeca6d24"
cache-control: max-age=3600
expires: Thu, 20 Mar 2025 14:32:37 GMT
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 1190
cache: HIT
x-cached-since: 2025-05-15T07:38:36+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/6ace8295/desktop/default/Betting.Core-f08beb2a.js

185.244.209.62

200 OK

2.1 kB

URL GET
v3.traincdn.com/main-static/6ace8295/desktop/default/Betting.Core-f08beb2a.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (2057), with no line terminators
Size
2.1 kB (2057 bytes)
Hash
c9df4b47db2aa6123790e4e9622dc82f
80293aa0c91faa485deaf1047896d3104a67373d
33bb29c1f8dce748e5bcd0cd8d7567b3db24bcb3a004f9dfbc1a1cd53e9f3464

HTTP Headers

GET /main-static/6ace8295/desktop/default/Betting.Core-f08beb2a.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-8941187.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 15 May 2025 07:58:26 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-3f2afb6d89b2438a6a16e561fd076dad-de7f2d422f977fe1-01
last-modified: Tue, 13 May 2025 08:19:09 GMT
etag: W/"c9df4b47db2aa6123790e4e9622dc82f"
x-amz-meta-mtime: 1747124348.474725168
content-encoding: gzip
expires: Wed, 14 May 2025 09:16:15 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 81528
cache: HIT
x-cached-since: 2025-05-14T09:19:38+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/shared-assets/__shared_chunk_7HDOEZTP.js

185.244.209.62

200 OK

1.2 kB

URL GET
v3.traincdn.com/sys-static/shared-assets/__shared_chunk_7HDOEZTP.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (1193)
Size
1.2 kB (1194 bytes)
Hash
7e76c08e7f16815131a5f13a10c1efba
5f800877b78a0713157fe119bc1a2d9a260f72e1
c6f29a0c7c3ed884ccffd7a529fd2fc599e2da1f31af658146f0e36a3f4c00dc

HTTP Headers

GET /sys-static/shared-assets/__shared_chunk_7HDOEZTP.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-8941187.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 15 May 2025 07:58:27 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-2c82dfdbb3875970588bf737d0507623-19ddda4a722103e2-01
last-modified: Tue, 13 May 2025 14:38:20 GMT
etag: W/"7e76c08e7f16815131a5f13a10c1efba"
x-amz-meta-mtime: 1747147048.065401947
content-encoding: gzip
expires: Thu, 15 May 2025 07:00:53 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 85736
cache: HIT
x-cached-since: 2025-05-14T08:09:31+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/shared-assets/__shared_fast_deep_equal_XYWIEKOD.js

185.244.209.62

200 OK

865 B

URL GET
v3.traincdn.com/sys-static/shared-assets/__shared_fast_deep_equal_XYWIEKOD.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (840)
Size
865 B (865 bytes)
Hash
0af3fe0c072a5bb3b6c731767187982f
55db5afb57265dc92fd121fe9ae565ffb2f53b2c
655bbe85da91e863401c6f96e24b41f5c2fe51a4245cecc2deb2b8c9600fef30

HTTP Headers

GET /sys-static/shared-assets/__shared_fast_deep_equal_XYWIEKOD.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-8941187.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 15 May 2025 07:58:27 GMT
content-type: text/javascript; charset=utf-8
content-length: 865
traceparent: 00-11649bd8976a96ce534c6ddad9fd55b6-a79ed6c222970846-01
last-modified: Tue, 13 May 2025 14:38:20 GMT
etag: "0af3fe0c072a5bb3b6c731767187982f"
x-amz-meta-mtime: 1747147048.066401979
expires: Thu, 15 May 2025 08:08:26 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 85736
cache: HIT
x-cached-since: 2025-05-14T08:09:31+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET 1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6

46.32.181.59

203 Non Authoritative

268 kB

URL User Request GET
1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
IP
46.32.181.59:443
ASN
#202492 Silverhill Group Holding Ltd

Certificate
IssuerLet's Encrypt
Subject1xlite-8941187.top
Fingerprint0E:9A:AD:42:31:98:A5:4E:3A:02:A1:69:82:4F:E7:1A:13:78:D0:E0
ValidityMon, 31 Mar 2025 05:22:12 GMT - Sun, 29 Jun 2025 05:22:11 GMT

File type
HTML document, ASCII text, with very long lines (57799)
Size
268 kB (268449 bytes)
Hash
e9bc224d3630f2560f521895ff565c06
a3276200158cce6562d5036ccff856d20de979aa
91bbb55ceaa1cc0a5470a601384bc39e3e5092ed2c9f951207542067a7ee0b6d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6 HTTP/1.1
Host: 1xlite-8941187.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3553831m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3553831m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_3553831m_18607c_%22%2C%22pb%22%3A%22e6fc45b0c608454c8f12397d35da7b34%22%2C%22click_id%22%3A%22A24A0F80-3161-11F0-9622-7D7A056F101B%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; auid=LiC1O2glnqCc/QWoAwguAg==
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 203 Non Authoritative
server: nginx
date: Thu, 15 May 2025 07:58:24 GMT
content-type: text/html; charset=utf-8
content-length: 268449
accept-ranges: none
link: <https://v3.traincdn.com/sys-ui/2.3.183/Desktop/Default/client.css>; rel=preload; as=style; crossorigin=anonymous
server-timing: dt_total;dur=0.007, total;dur=246;desc="Nuxt Server Time"
set-cookie: gw-mm=; Path=/; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Secure; SameSite=None; Partitioned
lng=en; Path=/
cookies_agree_type=3; Path=/
tzo=2; Path=/
is12h=0; Path=/
x-dt: 1557
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-ui/2.3.183/Desktop/Default/client.css

185.244.209.62

200 OK

618 kB

URL GET
v3.traincdn.com/sys-ui/2.3.183/Desktop/Default/client.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
618 kB (618486 bytes)
Hash
6638fab187fec8218a491f45c5644195
a9f7fb0ce2bc4a62868503e21b284af2acd9c782
66fb8837de8d19833c38f5f7a2aafabcc8245f3cd32c700ed3e4e8c36d778871

HTTP Headers

GET /sys-ui/2.3.183/Desktop/Default/client.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-8941187.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-8941187.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 15 May 2025 07:58:25 GMT
content-type: text/css; charset=utf-8
traceparent: 00-0ed859d53d767a532ab060af9fa1d955-57f6183eaf8b2fdd-01
last-modified: Fri, 25 Apr 2025 08:33:58 GMT
etag: W/"6638fab187fec8218a491f45c5644195"
x-amz-meta-mtime: 1745570035.934854024
content-encoding: gzip
expires: Wed, 14 May 2025 09:16:10 GMT
cache-control: max-age=86400
x-time-ng: 0.003
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 81641
cache: HIT
x-cached-since: 2025-05-14T09:17:44+00:00
X-Firefox-Spdy: h2

POST 1xlite-8941187.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/ab.json

46.32.181.59

200 OK

2 B

URL POST
1xlite-8941187.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/ab.json
IP
46.32.181.59:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerLet's Encrypt
Subject1xlite-8941187.top
Fingerprint0E:9A:AD:42:31:98:A5:4E:3A:02:A1:69:82:4F:E7:1A:13:78:D0:E0
ValidityMon, 31 Mar 2025 05:22:12 GMT - Sun, 29 Jun 2025 05:22:11 GMT

File type
JSON text data
Size
2 B (2 bytes)
Hash
d751713988987e9331980363e24189ce
97d170e1550eee4afc0af065b78cda302a97674c
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/ab.json HTTP/1.1
Host: 1xlite-8941187.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Content-Type: application/json
X-Lang: en
X-Uuid: 7068ef57-1db7-478e-9df6-3f55abbcace7
Content-Length: 19
Origin: https://1xlite-8941187.top
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3553831m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3553831m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_3553831m_18607c_%22%2C%22pb%22%3A%22e6fc45b0c608454c8f12397d35da7b34%22%2C%22click_id%22%3A%22A24A0F80-3161-11F0-9622-7D7A056F101B%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; auid=LiC1O2glnqCc/QWoAwguAg==
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 15 May 2025 07:58:26 GMT
content-type: application/json
content-length: 2
x-dt: 1557
x-time-ng: 0.000
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.110, wf-uht;dur=0.011
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_auth/en/dictionary_599e0c3097a9eabef2386f2e8529bae8.json

185.244.209.62

200 OK

9.7 kB

URL GET
v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_auth/en/dictionary_599e0c3097a9eabef2386f2e8529bae8.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
9.7 kB (9699 bytes)
Hash
7f0b770a6324f9ab08a96b4c36d938eb
6af5021bbc842ac77f16161b0187d4a68edaf723
1b48f094de53106218de845a1fabd5697d83b17e3f2cdfa2a9a7616552dbc71a

HTTP Headers

GET /genfiles/web-app-v2/dictionary2/v3_auth/en/dictionary_599e0c3097a9eabef2386f2e8529bae8.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-8941187.top/
Origin: https://1xlite-8941187.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 15 May 2025 07:58:26 GMT
content-type: application/json; charset=utf-8
traceparent: 00-0d6cf1bc0bfc848cf5c3b93cfec11996-1182a2505ff3f99f-01
last-modified: Mon, 12 May 2025 14:06:25 GMT
etag: W/"7f0b770a6324f9ab08a96b4c36d938eb"
cache-control: max-age=3600
content-encoding: gzip
expires: Mon, 12 May 2025 15:17:37 GMT
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 2425
cache: HIT
x-cached-since: 2025-05-15T07:18:01+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-1557/desktop/media_asset/3e1be8ae767d24a389640b034ee357da.json

185.244.209.62

200 OK

22 kB

URL GET
v3.traincdn.com/genfiles/cms/1-1557/desktop/media_asset/3e1be8ae767d24a389640b034ee357da.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
22 kB (22312 bytes)
Hash
7143c943da4efc8684f01a600901f932
e0527d933de7f335af507ca2babdf6aee23436b2
99fff973220295b42c171551942fe1fc5a8c74299a59ee299dacc10834248826

HTTP Headers

GET /genfiles/cms/1-1557/desktop/media_asset/3e1be8ae767d24a389640b034ee357da.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-8941187.top/
Origin: https://1xlite-8941187.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 15 May 2025 07:58:26 GMT
content-type: application/json
traceparent: 00-d5d015e625f99eaa0c90c334a9157106-012cd03b3cf8367d-01
last-modified: Wed, 14 May 2025 15:38:58 GMT
etag: W/"7143c943da4efc8684f01a600901f932"
content-encoding: gzip
expires: Thu, 15 May 2025 08:58:26 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
cache: MISS
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/entry-773ad9a274.js

185.244.209.62

200 OK

21 kB

URL GET
v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/entry-773ad9a274.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (20598)
Size
21 kB (21120 bytes)
Hash
acba92402dc1317bf72daa43da3a4c27
6b063d3a77fbfd4045a3ffcaa9dfb4cef861ea7e
9d6886aa6323c6e402192360d23de59c012cadbe61eea02c57822b658b38140d

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/entry-773ad9a274.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-8941187.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-8941187.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 15 May 2025 07:58:26 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-eb3a3204cb1feec46f2064d9e435b215-5610ff91173256eb-01
last-modified: Tue, 13 May 2025 07:58:07 GMT
etag: W/"acba92402dc1317bf72daa43da3a4c27"
x-amz-meta-mtime: 1747122891.017052285
content-encoding: gzip
expires: Wed, 14 May 2025 08:27:26 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 84359
cache: HIT
x-cached-since: 2025-05-14T08:32:27+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-1557/desktop/media_asset/23c7e88ecb4524e2222a63ddad8f28b4.json

185.244.209.62

200 OK

241 B

URL GET
v3.traincdn.com/genfiles/cms/1-1557/desktop/media_asset/23c7e88ecb4524e2222a63ddad8f28b4.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
241 B (241 bytes)
Hash
39257fbb62736206d5245e08925d7b60
4c11e3cb6a16b884772b88acdba30a2ad98e86b8
3a3cf0f5c60899ffb49d9825516aec475fd7b78cea8ae0b5b58dfb4e658f041e

HTTP Headers

GET /genfiles/cms/1-1557/desktop/media_asset/23c7e88ecb4524e2222a63ddad8f28b4.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-8941187.top/
Origin: https://1xlite-8941187.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 15 May 2025 07:58:27 GMT
content-type: application/json
content-length: 241
traceparent: 00-a8bf5d56849ca8004b1dccb8ea203b6f-ecf137bbdb3111c6-01
last-modified: Thu, 27 Feb 2025 13:25:52 GMT
etag: "39257fbb62736206d5245e08925d7b60"
expires: Wed, 14 May 2025 02:31:38 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
cache: REVALIDATED
accept-ranges: bytes
X-Firefox-Spdy: h2

GET 1xlite-8941187.top/hd-api/external/assets/hdf.js

46.32.181.59

200 OK

4.1 kB

URL GET
1xlite-8941187.top/hd-api/external/assets/hdf.js
IP
46.32.181.59:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Certificate
IssuerLet's Encrypt
Subject1xlite-8941187.top
Fingerprint0E:9A:AD:42:31:98:A5:4E:3A:02:A1:69:82:4F:E7:1A:13:78:D0:E0
ValidityMon, 31 Mar 2025 05:22:12 GMT - Sun, 29 Jun 2025 05:22:11 GMT

File type
C++ source, ASCII text, with very long lines (874)
Size
4.1 kB (4078 bytes)
Hash
2f26a679e9d54a65e6578e947cc5bdf2
1b984864aa7b3e28231ac7cea3c199435dbdc6bf
1e3c4bd81a1cd9ee02e42a42802d5c18cbdb3f3a11c0b2732eb11bd12263020c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hd-api/external/assets/hdf.js HTTP/1.1
Host: 1xlite-8941187.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-8941187.top/en/block?redirectedFrom=0ae5949961e95bf4210401c4d1f82ec6
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_3553831m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_3553831m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_3553831m_18607c_%22%2C%22pb%22%3A%22e6fc45b0c608454c8f12397d35da7b34%22%2C%22click_id%22%3A%22A24A0F80-3161-11F0-9622-7D7A056F101B%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; auid=LiC1O2glnqCc/QWoAwguAg==; window_width=1280; che_g=6edfcf5b-76ac-6320-092d-212d8971c3dc; SESSION=e1e7d8c79f45be859bab740e1afc651f
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 15 May 2025 07:58:34 GMT
content-type: text/javascript; charset=utf-8
content-length: 1622
cache-control: public, max-age=300
content-encoding: gzip
etag: 2f26a679e9d54a65e6578e947cc5bdf2
vary: Accept-Encoding
x-dt: 1559
x-request-guid: 3d92335f14f2713a284e2eebb456a5b7
x-time-ng: 0.000
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.013, wf-uht;dur=
accept-ranges: bytes
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (51)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML