Report - 1xlite-41901.pro/en?tag=s_224327m_14517c_[]MS[]null[]SmartCPM[]general[]4378168_d28985_l18201

Report Overview

Visited public
2025-07-17 18:39:11
Tags
Submit Tags
URL
1xlite-41901.pro/en?tag=s_224327m_14517c_[]MS[]null[]SmartCPM[]general[]4378168_d28985_l18201_clickunder
Finishing URL
1xlite-41901.pro/en/block
IP / ASN
178.253.36.54
#202492 Silverhill Group Holding Ltd
Title
1xBet

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.google.no	25607	2001-02-26	2012-06-26	2025-07-16	942 B	580 B	142.250.74.131
region1.analytics.google.com	unknown	1997-09-15	2022-03-17	2025-07-16	2.1 kB	1.7 kB	216.239.34.36
v3.traincdn.com	unknown	2022-11-10	2022-11-25	2025-07-11	35 kB	5.6 MB	185.244.209.62
1xlite-41901.pro	unknown	2025-07-10	2025-07-16	2025-07-16	20 kB	974 kB	178.253.36.54
radar.cedexis.com	3035	2009-01-07	2013-11-27	2025-07-11	848 B	1.4 kB	45.54.49.5
www.googletagmanager.com	75	2011-11-11	2012-10-04	2025-07-16	437 B	477 kB	142.250.74.136

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-07-17	medium	1xlite-41901.pro	Sinkholed

ThreatFox

No alerts detected

JavaScript (50)

	URL	From	Size	First Seen	Last Seen
	v3.traincdn.com/main-static/190a8485/desktop/default/vendors/app-2a057bc4.js	ScriptElement	941 kB	2025-07-17	2025-07-19
Pretty URL v3.traincdn.com/main-static/190a8485/desktop/default/vendors/app-2a057bc4.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-07-17 12:41 Last Seen2025-07-19 06:13 Times Seen21 Hash 893ce42b3a34ec31c93484a50e958c04 c06e848bb3d5e383dd91e0a68f2676eb801d58ab 116e6d9852ce9d909fa47c1af2f2cc2c6b193be03fc61cb4ca1a14fddd9bf6aa Loading...

	1xlite-41901.pro/hd-api/external/assets/hdf.js	ScriptElement	4.1 kB	2025-06-05	2025-07-19
Pretty URL 1xlite-41901.pro/hd-api/external/assets/hdf.js IP 178.253.36.54 ASN #202492 Silverhill Group Holding Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2025-06-05 12:46 Last Seen2025-07-19 06:13 Times Seen979 Hash 40eaa62ed21bd753172f4c307e2a41d0 f7b03c6b004562311c8ca00466179629738b2a40 60fed8cb321dc09e4e1d910b5822bd8f67d53d0962a41ddc9f5ac33edd4e2213 Loading...

	1xlite-41901.pro/en/block	Function	96 B	2023-12-06	2025-07-19
Pretty URL 1xlite-41901.pro/en/block IP 178.253.36.54 ASN #202492 Silverhill Group Holding Ltd Introduced by Function Embedded in HTML false Observations First Seen2023-12-06 14:32 Last Seen2025-07-19 06:13 Times Seen3928 Hash 94361ed86ab9b2fbb8d805c2025df46a 3f428332f7a1c7196a85c93a373a966d75708c19 eee4d228a49a86625f29410cf9a23d145e821a09cbb1f7a4d7557d206872715a Loading...

	1xlite-41901.pro/en/block	ScriptElement	1.7 kB	2025-07-17	2025-07-18
Pretty URL 1xlite-41901.pro/en/block IP 178.253.36.54 ASN #202492 Silverhill Group Holding Ltd Introduced by scriptElement Embedded in HTML true Observations First Seen2025-07-17 12:41 Last Seen2025-07-18 08:54 Times Seen7 Hash 568172d193d4c4522bcb152d04d46023 b0516d7eccb50cac861042b75dc8f04d9f3f5dc4 b2bc8d5437ad974555e14ca23a3040dd426d72fadd5b7ca5dd035a70de197e1d Loading...

	v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/233d6516d0.js	ImportedModule	3.8 kB	2025-07-16	2025-07-19
Pretty URL v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/233d6516d0.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-07-16 08:51 Last Seen2025-07-19 06:13 Times Seen42 Hash 5f81df557d39d1978b9e69bc6234b769 afd789007fef0f81b9acf83a8614e5c7e3c19b51 0dfc8424d610d5cf652ef22801e7d26bc97f3b2a1a4c58834e97d17ebe066d8b Loading...

	www.googletagmanager.com/gtag/js?id=G-5671CMJ6T4	ScriptElement	476 kB	2025-07-17	2025-07-17
Pretty URL www.googletagmanager.com/gtag/js?id=G-5671CMJ6T4 IP 142.250.74.136 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-07-17 18:39 Last Seen2025-07-17 18:39 Times Seen1 Hash 067fc7827134cfdb6dcc8573f14b79b3 62f1743c82c739a81a9170d33b16576c841b152d 2c25112bc32a5c27ec196519edd10c3de516c86207e956f66d0bfaaa87bbcbe0 Loading...

	data:text/javascript,export const meta = import.meta;	ScriptElement	32 B	2023-12-06	2025-07-19
Pretty URL data:text/javascript,export const meta = import.meta; IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-06 14:32 Last Seen2025-07-19 06:13 Times Seen3928 Hash 6d772b7d405b447ecee54ab61cdd5108 dd65fb9cd5a7cb94a40fe161f4f72303a61eb3b7 b90ff694e492935b6036fb7e878d365dab51aafa46f0afb1e33414e7ecc3307b Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_fast_deep_equal_XYWIEKOD.js	ImportedModule	865 B	2025-05-14	2025-07-19
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_fast_deep_equal_XYWIEKOD.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-05-14 05:06 Last Seen2025-07-19 06:13 Times Seen1235 Hash 0af3fe0c072a5bb3b6c731767187982f 55db5afb57265dc92fd121fe9ae565ffb2f53b2c 655bbe85da91e863401c6f96e24b41f5c2fe51a4245cecc2deb2b8c9600fef30 Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_accept_language_parser_B6TW5FDZ.js	ImportedModule	1.3 kB	2025-05-14	2025-07-19
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_accept_language_parser_B6TW5FDZ.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-05-14 05:06 Last Seen2025-07-19 06:13 Times Seen1235 Hash e3f1c4089db6b910890e85d97a2e2066 85828920da3c3fd7856acde184e835ac314295cd 6c28afe5a52e0f9b1138fe498b254c8671058a058b555651ccae8e91e7534614 Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_vue_deps_DYMTJONH.js	ImportedModule	19 kB	2025-05-14	2025-07-19
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_vue_deps_DYMTJONH.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-05-14 05:06 Last Seen2025-07-19 06:13 Times Seen1235 Hash 1580a3cfe81fd30910a49dfe64cc8e7b 314144dc49595482ba46c0b85b38d5f73ef73a7b 8989a021d20f0fc08c43966a287cbd99e43142a5a0ff42eb232756a101de6035 Loading...

	1xlite-41901.pro/en/block	Function	34 B	2023-04-14	2025-07-19
Pretty URL 1xlite-41901.pro/en/block IP 178.253.36.54 ASN #202492 Silverhill Group Holding Ltd Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26 Last Seen2025-07-19 06:13 Times Seen6187 Hash 7bcdb973ab8af8e24ab11cb554a1ba6e 24e8a10f240f2b06f81d7c173cd0a90606641fc1 916ec4eb9b485eb47f43a17fe212e84e4b72600b45eb6d4588599ad495a57fcd Loading...

	radar.cedexis.com/1/23802/radar.js	ScriptElement	390 B	2024-02-13	2025-07-19
Pretty URL radar.cedexis.com/1/23802/radar.js IP 45.54.49.5 ASN #63911 NetActuate, Inc Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-13 14:23 Last Seen2025-07-19 06:13 Times Seen3166 Hash 82dec77fd0353c7c71ce053b8601387e fbbca95419e1d0c042e0a5fdf10f380aca66188c 39f2b7b0fa78d37d0c84d2d6618bd635d86fd683d9bcdd5729850cb2a62522f7 Loading...

	1xlite-41901.pro/en/block	Eval	2.6 kB	2025-05-29	2025-07-19
Pretty URL 1xlite-41901.pro/en/block IP 178.253.36.54 ASN #202492 Silverhill Group Holding Ltd Introduced by eval Embedded in HTML false Observations First Seen2025-05-29 01:53 Last Seen2025-07-19 06:13 Times Seen726 Hash 5236f6ffdc0b23f0b4a458e72ccc2e96 e312439a042f4c726d9566784a0783f5b66f86e9 ed52fb4838e482b45678a5ac8ab73644c4ea46d6a9ac659c20219094e1fdf5d3 Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_chunk_7HDOEZTP.js	ImportedModule	1.2 kB	2025-05-14	2025-07-19
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_chunk_7HDOEZTP.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-05-14 05:06 Last Seen2025-07-19 06:13 Times Seen1235 Hash 7e76c08e7f16815131a5f13a10c1efba 5f800877b78a0713157fe119bc1a2d9a260f72e1 c6f29a0c7c3ed884ccffd7a529fd2fc599e2da1f31af658146f0e36a3f4c00dc Loading...

	v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/b5f65e3642.js	ImportedModule	1.7 kB	2025-07-16	2025-07-19
Pretty URL v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/b5f65e3642.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-07-16 08:51 Last Seen2025-07-19 06:13 Times Seen42 Hash 52adae5818b3da78f15683c64562b5be 5ab2238fefeb1718cd8c708bbe8cb573abfef1b4 40213f9faec2c389110d76a596f96f972b66107da97229729b9fafd455ea0de7 Loading...

	1xlite-41901.pro/en/block	Function	85 kB	2025-07-16	2025-07-19
Pretty URL 1xlite-41901.pro/en/block IP 178.253.36.54 ASN #202492 Silverhill Group Holding Ltd Introduced by Function Embedded in HTML false Observations First Seen2025-07-16 08:51 Last Seen2025-07-19 06:13 Times Seen70 Hash 6cc39c97d24ea677a3b8b33bc06ebe37 753a3cc5a6c5cabf40beab71d3955f0d0b9301ee b2c91f15882c6636b78fc8ba29b53382acd75a4b97ead9121199b1a1781be2fa Loading...

	1xlite-41901.pro/en/block	Eval	300 kB	2025-07-17	2025-07-17
Pretty URL 1xlite-41901.pro/en/block IP 178.253.36.54 ASN #202492 Silverhill Group Holding Ltd Introduced by eval Embedded in HTML false Observations First Seen2025-07-17 18:39 Last Seen2025-07-17 18:39 Times Seen1 Hash bedd88fb9841f2bf123b9fbf94da3abd cf8ceb9722dcdc859db39128a8093ea215bd65da bbb96312b95ccb71d0bdd0b5183c29b5199ba37989225f4b2ebaae181c6de9dc Loading...

	1xlite-41901.pro/en/block	Function	47 B	2023-04-14	2025-07-19
Pretty URL 1xlite-41901.pro/en/block IP 178.253.36.54 ASN #202492 Silverhill Group Holding Ltd Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26 Last Seen2025-07-19 06:13 Times Seen6174 Hash a01893d8e129ad16c1e0fc5c7537f411 0e46d1bf2718f848d9d596fa269eaedb31204772 cbe7b89533bcd75b69f3e54807308551d68242ec1761e63bee1a99fc6e560175 Loading...

	1xlite-41901.pro/en/block	Function	39 B	2023-04-14	2025-07-19
Pretty URL 1xlite-41901.pro/en/block IP 178.253.36.54 ASN #202492 Silverhill Group Holding Ltd Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26 Last Seen2025-07-19 06:13 Times Seen6180 Hash bc51ed8c76553717f10d58b2df60fd76 e2d03a8fd8d280074b226c288880f9df299c7cb1 bee994eaf88453f6343ba57571a069054c12c9b4e42f8cbad4f2ad75c7fb264c Loading...

	v3.traincdn.com/main-static/190a8485/desktop/default/analytics-b7a3986a.js	ScriptElement	7.1 kB	2025-07-09	2025-07-19
Pretty URL v3.traincdn.com/main-static/190a8485/desktop/default/analytics-b7a3986a.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-07-09 10:12 Last Seen2025-07-19 06:13 Times Seen162 Hash c9e8dfbeb71861e1be64e13c3885d35e 99bacc35ff8c99aceae982440f90d562f6aab961 b0e2d167084522273a17c8ff2a2adc88736deabf9f4a5bc254a656ebcdbe435a Loading...

	1xlite-41901.pro/en/block	DomTimer	10 B	2024-09-21	2025-07-19
Pretty URL 1xlite-41901.pro/en/block IP 178.253.36.54 ASN #202492 Silverhill Group Holding Ltd Introduced by domTimer Embedded in HTML false Observations First Seen2024-09-21 15:04 Last Seen2025-07-19 06:13 Times Seen1965 Hash 01f4b51b4ba7edd00ad9f0a22259f06e 00723d0eda4be61a7b1c542b0a08a94a94a60017 9fdac1c31a22f55dbb8ca225ee28c3f7e88b41cce82968af0018c9f8b3bd35ba Loading...

	v3.traincdn.com/sys-static/shared-assets/Desktop/__shared_base-app_6beaa69080.js	ImportedModule	1.4 MB	2025-07-16	2025-07-19
Pretty URL v3.traincdn.com/sys-static/shared-assets/Desktop/__shared_base-app_6beaa69080.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-07-16 08:51 Last Seen2025-07-19 06:13 Times Seen60 Hash 47286570d1c64ce7f0eb3d4d009048b4 28e039b364415e8d83756ff16edecd5767b5a235 5c866bf9966e47e67616550b3c20555374028d9100defb7e853f469c25019d06 Loading...

	v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/$_$.js	ImportedModule	69 B	2025-05-14	2025-07-19
Pretty URL v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/$_$.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-05-14 05:06 Last Seen2025-07-19 06:13 Times Seen1147 Hash 2cdaa92927f02e0b628f1ef4d7dd8caf 9104a2e16ed080b80a42588b8aeb52ebec47ab7a ef8101ffea52addcdcfcc3a83f96ff2d4613fb3ae6d1c16bbe4852387b73a9db Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_libphonenumber_js_Q6RMKWT6.js	ImportedModule	159 kB	2025-05-14	2025-07-19
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_libphonenumber_js_Q6RMKWT6.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-05-14 05:06 Last Seen2025-07-19 06:13 Times Seen1235 Hash 1da464d70e78b04b9b808e82e4ad9487 0c79e65516d1525ecb43d13cfb4ccb0631095a28 b4c72b8036ca6767ab61490178f901538646f2aa1001cb042caa134174a41595 Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_localforage_FJKG5M2E.js	ImportedModule	30 kB	2025-05-14	2025-07-19
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_localforage_FJKG5M2E.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-05-14 05:06 Last Seen2025-07-19 06:13 Times Seen1235 Hash 02cf95f00794b77df34632e34a59c5be b64889fb6cbe78a141688ea761a627997ef8a8af bf78b7b3dd6ecbdea04c575edfb6022ed1b2e98c7a9cb9f02ab851ca638f1b83 Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_popper_js_E2H7ZPXQ.js	ImportedModule	21 kB	2025-05-14	2025-07-19
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_popper_js_E2H7ZPXQ.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-05-14 05:06 Last Seen2025-07-19 06:13 Times Seen1225 Hash 3cf0cae38afae9add22f7884e5061231 2a41037501375a439385a76a047876619683418f 322482e3beae5a985d069beea981614510fda90a5df7295b776a324d461fc43d Loading...

	v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/8a6741b232.js	ImportedModule	147 B	2025-07-16	2025-07-19
Pretty URL v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/8a6741b232.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-07-16 08:51 Last Seen2025-07-19 06:13 Times Seen42 Hash a28c079ed8e99f32c7eb0130daaa6e9e ffae5d0896f08982eaad298cc81d1784bef0bcd5 321bc8fec36f7e640de026f7f38354adc74914d42b6964f7247927def872d665 Loading...

	1xlite-41901.pro/en/block	Function	289 kB	2025-07-17	2025-07-17
Pretty URL 1xlite-41901.pro/en/block IP 178.253.36.54 ASN #202492 Silverhill Group Holding Ltd Introduced by Function Embedded in HTML false Observations First Seen2025-07-17 18:39 Last Seen2025-07-17 18:39 Times Seen1 Hash 78ae4951e88583dec57c830bb19f523f 13b0823ecdc88fd2f170f73565d41bdde28803b9 1ba08b31bc978fca6573d3ddd5271e123faf44a3aa1a704922999f785f6f5e95 Loading...

	1xlite-41901.pro/main-static/190a8485/check-ob.js	ScriptElement	219 B	2024-07-17	2025-07-19
Pretty URL 1xlite-41901.pro/main-static/190a8485/check-ob.js IP 178.253.36.54 ASN #202492 Silverhill Group Holding Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2024-07-17 14:33 Last Seen2025-07-19 06:13 Times Seen2355 Hash c065700c9c8c493403359e1f2baa10d9 4630fe729e70bdf63fa7ba6c84ec277fd1f51030 1e61f0c82ae82ffcf503fcd4b4c8ae27b32c11e19b882d5d13f3c44364c893f4 Loading...

	v3.traincdn.com/main-static/190a8485/desktop/default/vendors/plugins.vue-js-modal-68f6d8af.js	ScriptElement	27 kB	2025-07-16	2025-07-19
Pretty URL v3.traincdn.com/main-static/190a8485/desktop/default/vendors/plugins.vue-js-modal-68f6d8af.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-07-16 07:17 Last Seen2025-07-19 06:13 Times Seen45 Hash 6e3c1d147cd7b7419642af6c4f889a6d 51c940a81be7013202d5b7745959201fbc108e74 0d55cc88b766f0e5deceb32c8391e4167fd5668f3862a264d38aacf0c0542d85 Loading...

	v3.traincdn.com/main-static/190a8485/desktop/default/vendors/plugins.v-tooltip-5e481844.js	ScriptElement	77 kB	2025-07-16	2025-07-19
Pretty URL v3.traincdn.com/main-static/190a8485/desktop/default/vendors/plugins.v-tooltip-5e481844.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-07-16 07:17 Last Seen2025-07-19 06:13 Times Seen45 Hash fc2b2a119a466518331ef6cae439ef70 ba77237fc8a951dc73ff2526f93423097f991bd6 29b40a2cbdd11dd5656b63c920e1f1566de2b195f7771c38991c0bb7c99d242d Loading...

	v3.traincdn.com/main-static/190a8485/desktop/default/Betting.Core-58ae54a0.js	ScriptElement	2.2 kB	2025-07-17	2025-07-18
Pretty URL v3.traincdn.com/main-static/190a8485/desktop/default/Betting.Core-58ae54a0.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-07-17 12:41 Last Seen2025-07-18 08:54 Times Seen8 Hash 8283c66d6f763a60a5d060d7d5a4bf1d ee7f620774bd50c1bb93724533284ca8d77ac2c5 ba9b442093f6992d7cdb83d97b45050c77c0ba62d3d7c4bc28f38f03388dc0aa Loading...

	v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/5ba4109660.js	ScriptElement	1.7 kB	2025-07-16	2025-07-19
Pretty URL v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/5ba4109660.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-07-16 08:51 Last Seen2025-07-19 06:13 Times Seen42 Hash 213b2e7d5e2418c7839101756ffd789f ae6a93e34e6d03ade43f6b7b77e3327fc16ae34f bfa42920771231a474d91d2a028a5a31f0b6b18e83491d2fcc3b32be7c691fba Loading...

	v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/d71c147601.js	ImportedModule	1.2 kB	2025-07-16	2025-07-19
Pretty URL v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/d71c147601.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-07-16 08:51 Last Seen2025-07-19 06:13 Times Seen42 Hash 7149806e71b7f51bea19d1b4dffeee18 7f66b0ed9605832e6ea79c76813e3acdf1bce82e 9aec8056434d23e52a0d6c0c5a6cf8816ff155546b31340ff1a5cc373c3f77ff Loading...

	1xlite-41901.pro/en/block	Function	47 B	2023-04-14	2025-07-19
Pretty URL 1xlite-41901.pro/en/block IP 178.253.36.54 ASN #202492 Silverhill Group Holding Ltd Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26 Last Seen2025-07-19 06:13 Times Seen6175 Hash 580b3e56fc9ab6e8b4655f43ee057cc1 5dfce565e446f4a167195de9a1a5dd26163c711c 446f07b6e56de61d2c2d5b6ba408cc580b492a6d1ede8fc51cfde4ef75a2b382 Loading...

	1xlite-41901.pro/en/block	ScriptElement	6.3 kB	2025-07-17	2025-07-17
Pretty URL 1xlite-41901.pro/en/block IP 178.253.36.54 ASN #202492 Silverhill Group Holding Ltd Introduced by scriptElement Embedded in HTML true Observations First Seen2025-07-17 18:39 Last Seen2025-07-17 18:39 Times Seen1 Hash 54fdfd87e0f7d7baf613947ebe4f2444 ae948fed19ed3e022a3ed8fadb81dc410a320ade b94955a7837804d53c090b2a06dd8770fdd15315ba65bc170bf5e0e3f417d887 Loading...

	v3.traincdn.com/main-static/190a8485/desktop/default/app-93fa2cf5.js	ScriptElement	505 kB	2025-07-17	2025-07-18
Pretty URL v3.traincdn.com/main-static/190a8485/desktop/default/app-93fa2cf5.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-07-17 12:41 Last Seen2025-07-18 08:54 Times Seen8 Hash 067a2ed8388528e3ae867179807ec24f 390a0e6824ad9468dd03bb7960cd8ff03f237beb 3b34bf6344ad5a64f3442849727cc5021afd57fcf7a35b0e7d0b1ecfceced78e Loading...

	v3.traincdn.com/sys-static/shared-assets/Desktop/__shared_c29ed659a5.js	ImportedModule	16 kB	2025-07-01	2025-07-19
Pretty URL v3.traincdn.com/sys-static/shared-assets/Desktop/__shared_c29ed659a5.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-07-01 14:08 Last Seen2025-07-19 06:13 Times Seen427 Hash b95f2867a4f69c6f87508d4376778ab8 34b733244053bb0634826b593e14e88782e81680 f318dcd075506078ef1811c0a12962c5fed8811ee39cc3c77691a81063e05340 Loading...

	v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/fb29ee326f.js	ScriptElement	3.3 kB	2025-07-16	2025-07-19
Pretty URL v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/fb29ee326f.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-07-16 08:51 Last Seen2025-07-19 06:13 Times Seen42 Hash 2c915794d5c9c71a400bcc0ee7066210 b4ad48f088a5fbca0aff387b9cd36e5e7d40a045 cc6b7bc3317bef57e9d08534eaa77b799ece10076a4520bc69b10dcd83794c8e Loading...

	1xlite-41901.pro/hd-api/external/apps/c5e31d5915661de4393e3f1489b00ebc4497dd48/api.js	ScriptElement	760 B	2025-05-21	2025-07-19
Pretty URL 1xlite-41901.pro/hd-api/external/apps/c5e31d5915661de4393e3f1489b00ebc4497dd48/api.js IP 178.253.36.54 ASN #202492 Silverhill Group Holding Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-21 09:35 Last Seen2025-07-19 06:13 Times Seen1185 Hash 0b911773e0df627d77f8306c86e228aa 0d584bb1a3294e4fe42df4582dcc8a2c8f77f7bb 01e4926540498a77d866259516007d41fae1213ab9607db826f011d926fd6006 Loading...

	1xlite-41901.pro/en/block	Function	44 B	2023-04-14	2025-07-19
Pretty URL 1xlite-41901.pro/en/block IP 178.253.36.54 ASN #202492 Silverhill Group Holding Ltd Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26 Last Seen2025-07-19 06:13 Times Seen6177 Hash 00beb9884d0391b342eadd30744b539a 3124c0bd593822379d22f13d3e08e70a1bf5ea14 92394eec5690449a4f6cfc9a7f97497a69e926b2365cb9a9aad3507a844f835c Loading...

	v3.traincdn.com/main-static/190a8485/desktop/default/Page.Block-99cca318.js	ScriptElement	476 B	2025-07-16	2025-07-19
Pretty URL v3.traincdn.com/main-static/190a8485/desktop/default/Page.Block-99cca318.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-07-16 07:17 Last Seen2025-07-19 06:13 Times Seen44 Hash aac8def60dbf7ae9e7f51ef0fa542bec 14be02d620abab789eea941b7834617c0112d4b7 af031d0af3ce336cc64791a4046d7884c131b62e5f277b60e76680b1e0ffa1ce Loading...

	v3.traincdn.com/main-static/190a8485/desktop/default/commons/app-b02bd1c8.js	ScriptElement	138 kB	2025-07-09	2025-07-19
Pretty URL v3.traincdn.com/main-static/190a8485/desktop/default/commons/app-b02bd1c8.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-07-09 10:12 Last Seen2025-07-19 06:13 Times Seen163 Hash cdd59493abdbe2a455843601a7d4d00b e5fa84f9f4dd2fdd114b1044ccf29eb85379a5e2 45d4d2a0f69c09bd60f79cb1e82df89da3b82a98852eeb3dcdaf3e51d6931aeb Loading...

	v3.traincdn.com/main-static/190a8485/desktop/default/DC-91ef4e0e.js	ScriptElement	2.7 kB	2025-07-16	2025-07-19
Pretty URL v3.traincdn.com/main-static/190a8485/desktop/default/DC-91ef4e0e.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-07-16 07:17 Last Seen2025-07-19 06:13 Times Seen45 Hash d89cdfa33534b217cd72c431f203b494 10bdddc449e29d097e1a3571580657d197e029fc d9e65032547a90fb16de5c8e4477252c62961d74ab72e0f4fcfd183933068806 Loading...

	v3.traincdn.com/main-static/190a8485/desktop/default/vendors/plugins.vue-notification-8d897e1e.js	ScriptElement	13 kB	2025-07-16	2025-07-19
Pretty URL v3.traincdn.com/main-static/190a8485/desktop/default/vendors/plugins.vue-notification-8d897e1e.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-07-16 07:17 Last Seen2025-07-19 06:13 Times Seen45 Hash fd924054a3b26f452298f24cfe66cd8e ffd754f3c37a6d442f05ed9ff1c49dc90ba41a66 4ae96bbde50fee55c7a9d48fc6b91b2ef95e692b31517bd100d12b32f87ee1ad Loading...

	v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/entry-304e92fc2d.js	ScriptElement	30 kB	2025-07-16	2025-07-19
Pretty URL v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/entry-304e92fc2d.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-07-16 08:51 Last Seen2025-07-19 06:13 Times Seen42 Hash 4c3d8dbf1a2a88947d54b781b237ff3c eb928a4364d82fef203eeb5d587a8e966cfd854f 7b32be74cf89901fea37ce259fd3b7eb9e769002a87838a1e88f3bd48f4bbd36 Loading...

	v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/90bde40cf4.js	ImportedModule	855 B	2025-07-16	2025-07-19
Pretty URL v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/90bde40cf4.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-07-16 08:51 Last Seen2025-07-19 06:13 Times Seen42 Hash 56b6f377aaac9200d0f33aec73396a57 0cfe766fdf6196f17224e7bcc1eda6d1879eef45 916a1d0b1fa7946a897d17c21c14ac6a0da20dbdd882c51049172f4a7253d9eb Loading...

	1xlite-41901.pro/captcha-api/assets/hunt-captcha.js	ScriptElement	87 kB	2025-07-16	2025-07-19
Pretty URL 1xlite-41901.pro/captcha-api/assets/hunt-captcha.js IP 178.253.36.54 ASN #202492 Silverhill Group Holding Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2025-07-16 08:51 Last Seen2025-07-19 06:13 Times Seen70 Hash 463ec5b64c24135eb67e671110b5d44b a7bd6aa5fc80405ffcb6d9e5ad1c51590e00ef7c 117405693cdc1b81d14087d8fd50ecb1709a19fb6d7adb936ef31d7e8f6ab3c7 Loading...

	1xlite-41901.pro/en/block	ScriptElement	218 kB	2025-07-17	2025-07-17
Pretty URL 1xlite-41901.pro/en/block IP 178.253.36.54 ASN #202492 Silverhill Group Holding Ltd Introduced by scriptElement Embedded in HTML true Observations First Seen2025-07-17 18:39 Last Seen2025-07-17 18:39 Times Seen1 Hash b5acfe5e7b85c6111f25f3d3eb107178 438f4c89cdca52383cb5f214e885589e80f8fdea e6a6dcaffdb3f5c0fddd49c5b189697c2fc66781d567cca0c906dbe520654f90 Loading...

	v3.traincdn.com/main-static/190a8485/desktop/default/runtime-90b3dc3b.js	ScriptElement	18 kB	2025-07-17	2025-07-18
Pretty URL v3.traincdn.com/main-static/190a8485/desktop/default/runtime-90b3dc3b.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-07-17 12:41 Last Seen2025-07-18 08:54 Times Seen8 Hash 682fc05ca20f1121e609b88f55242828 28227832173f0777a20b39ad2e1eb8446461c27e 6bef38fa68501eeb216f6de9b41479ab271f7e3a1a3f918dfe9bde630222b64e Loading...

HTTP Transactions (94)

URL IP Response Size

GET v3.traincdn.com/sys-static/shared-assets/Desktop/__shared_css_9c29d1.css

185.244.209.62

200 OK

4.2 kB

URL GET
v3.traincdn.com/sys-static/shared-assets/Desktop/__shared_css_9c29d1.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-41901.pro/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with very long lines (3743)
Size
4.2 kB (4166 bytes)
Hash
e2951151a267e612b3b7e708b81709ec
b3a1b9af992a8b4a4009441163bab5c829ff35ba
9c29d122f50348d33af9c06097d927c10950fa7d532f768eb84944b6077047f4

HTTP Headers

GET /sys-static/shared-assets/Desktop/__shared_css_9c29d1.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-41901.pro/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 17 Jul 2025 18:38:49 GMT
content-type: text/css; charset=utf-8
traceparent: 00-62cdd50f1febf9e73fb4b5b8c794c5bd-ec3dfa8a7d2020d0-01
last-modified: Thu, 17 Jul 2025 11:20:42 GMT
etag: W/"e2951151a267e612b3b7e708b81709ec"
x-amz-meta-mtime: 1752750985.29733485
content-encoding: gzip
expires: Fri, 18 Jul 2025 12:51:24 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 20845
cache: HIT
x-cached-since: 2025-07-17T12:51:24+00:00
X-Firefox-Spdy: h2

GET 1xlite-41901.pro/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/vision.json

178.253.36.54

204 No Content

0 B

URL GET
1xlite-41901.pro/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/vision.json
IP
178.253.36.54:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-41901.pro/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-41901.pro
Fingerprint9E:6C:E0:D2:D8:86:8E:88:51:60:C2:53:C9:3A:3B:37:9C:86:E3:AA
ValidityThu, 10 Jul 2025 12:53:00 GMT - Wed, 08 Oct 2025 12:52:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/vision.json HTTP/1.1
Host: 1xlite-41901.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-41901.pro/en/block
Content-Type: application/json
X-Lang: en
X-Uuid: cfd2f2cf-1006-4e6a-9047-7ec510fd60c2
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_224327m_14517c_%5B%5DMS%5B%5Dnull%5B%5DSmartCPM%5B%5Dgeneral%5B%5D4378168_d28985_l18201_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_224327m_14517c_%5B%5DMS%5B%5Dnull%5B%5DSmartCPM%5B%5Dgeneral%5B%5D4378168_d28985_l18201_clickunder; postback_watcher=; auid=sv0kNmh5QzeT/2blAyUDAg==
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
server: nginx
date: Thu, 17 Jul 2025 18:38:50 GMT
x-dt: 1222
x-rejected: E001
x-time-ng: 0.000
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.010, wf-uht;dur=0.013
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/8192228305b202797f207eeb6842287c.png

185.244.209.62

200 OK

5.2 kB

URL GET
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/8192228305b202797f207eeb6842287c.png
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-41901.pro/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
PNG image data, 514 x 514, 8-bit colormap, non-interlaced
Size
5.2 kB (5202 bytes)
Hash
b9a636eef54b2844b571fe7de49184a7
bf653690790ced40eb3189da075a275d951d1607
001bfcdd52b658d46543a1aec889d35b73b3909b47097cc011b95e96fc9e3743

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/8192228305b202797f207eeb6842287c.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-41901.pro/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 17 Jul 2025 18:38:50 GMT
content-type: image/png
content-length: 5202
traceparent: 00-b269cb51d9b355a18473e79fc5bae093-5ab06f49c37217ac-01
last-modified: Wed, 26 Jun 2024 08:22:59 GMT
etag: "b9a636eef54b2844b571fe7de49184a7"
expires: Thu, 17 Jul 2025 00:54:52 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 384
cache: HIT
x-cached-since: 2025-07-17T18:32:26+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/fb29ee326f.js

185.244.209.62

200 OK

3.3 kB

URL GET
v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/fb29ee326f.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-41901.pro/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (3274)
Size
3.3 kB (3275 bytes)
Hash
2c915794d5c9c71a400bcc0ee7066210
b4ad48f088a5fbca0aff387b9cd36e5e7d40a045
cc6b7bc3317bef57e9d08534eaa77b799ece10076a4520bc69b10dcd83794c8e

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/fb29ee326f.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-41901.pro
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 17 Jul 2025 18:38:51 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-fa135ee424fe9b1f8d434be94f9ccc28-2541df3a03d45cb6-01
last-modified: Wed, 16 Jul 2025 08:21:14 GMT
etag: W/"2c915794d5c9c71a400bcc0ee7066210"
x-amz-meta-mtime: 1752653611.100586201
content-encoding: gzip
expires: Thu, 17 Jul 2025 23:56:33 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 67338
cache: HIT
x-cached-since: 2025-07-16T23:56:33+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/8a6741b232.js

185.244.209.62

200 OK

147 B

URL GET
v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/8a6741b232.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-41901.pro/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
Java source, ASCII text
Size
147 B (147 bytes)
Hash
a28c079ed8e99f32c7eb0130daaa6e9e
ffae5d0896f08982eaad298cc81d1784bef0bcd5
321bc8fec36f7e640de026f7f38354adc74914d42b6964f7247927def872d665

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/8a6741b232.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-41901.pro
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 17 Jul 2025 18:38:51 GMT
content-type: text/javascript; charset=utf-8
content-length: 147
traceparent: 00-9394e8014d1d0854195d3866228579f1-d63a691d8b04fcec-01
last-modified: Wed, 16 Jul 2025 08:21:14 GMT
etag: "a28c079ed8e99f32c7eb0130daaa6e9e"
x-amz-meta-mtime: 1752653611.095586093
expires: Thu, 17 Jul 2025 20:21:59 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 80212
cache: HIT
x-cached-since: 2025-07-16T20:21:59+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET radar.cedexis.com/1707728419/stub.js

45.54.49.5

200 OK

390 B

URL GET
radar.cedexis.com/1707728419/stub.js
IP
45.54.49.5:443
ASN
#63911 NetActuate, Inc

Requested by
https://1xlite-41901.pro/en/block
Certificate
IssuerDigiCert Inc
Subjectradar.cedexis.com
FingerprintA2:3E:30:19:D5:41:3A:11:81:58:E3:B1:6F:F4:D2:78:0B:44:6F:D0
ValidityFri, 07 Mar 2025 00:00:00 GMT - Fri, 06 Mar 2026 23:59:59 GMT

File type
JavaScript source, ASCII text
Size
390 B (390 bytes)
Hash
82dec77fd0353c7c71ce053b8601387e
fbbca95419e1d0c042e0a5fdf10f380aca66188c
39f2b7b0fa78d37d0c84d2d6618bd635d86fd683d9bcdd5729850cb2a62522f7

HTTP Headers

GET /1707728419/stub.js HTTP/1.1
Host: radar.cedexis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-41901.pro/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 17 Jul 2025 18:39:01 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 12 Feb 2024 09:51:01 GMT
Vary: Accept-Encoding
ETag: W/"65c9ea05-186"
Expires: Thu, 31 Jul 2025 18:39:01 GMT
Cache-Control: max-age=1209600, public
Content-Encoding: gzip

GET 1xlite-41901.pro/main-static/190a8485/check-ob.js

178.253.36.54

200 OK

219 B

URL GET
1xlite-41901.pro/main-static/190a8485/check-ob.js
IP
178.253.36.54:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-41901.pro/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-41901.pro
Fingerprint9E:6C:E0:D2:D8:86:8E:88:51:60:C2:53:C9:3A:3B:37:9C:86:E3:AA
ValidityThu, 10 Jul 2025 12:53:00 GMT - Wed, 08 Oct 2025 12:52:59 GMT

File type
JavaScript source, ASCII text
Size
219 B (219 bytes)
Hash
c065700c9c8c493403359e1f2baa10d9
4630fe729e70bdf63fa7ba6c84ec277fd1f51030
1e61f0c82ae82ffcf503fcd4b4c8ae27b32c11e19b882d5d13f3c44364c893f4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /main-static/190a8485/check-ob.js HTTP/1.1
Host: 1xlite-41901.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-41901.pro/en/block
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_224327m_14517c_%5B%5DMS%5B%5Dnull%5B%5DSmartCPM%5B%5Dgeneral%5B%5D4378168_d28985_l18201_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_224327m_14517c_%5B%5DMS%5B%5Dnull%5B%5DSmartCPM%5B%5Dgeneral%5B%5D4378168_d28985_l18201_clickunder; postback_watcher=; auid=sv0kNmh5QzeT/2blAyUDAg==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 17 Jul 2025 18:38:48 GMT
content-type: text/javascript; charset=utf-8
content-length: 219
last-modified: Thu, 17 Jul 2025 11:00:56 GMT
etag: "c065700c9c8c493403359e1f2baa10d9"
x-amz-meta-mtime: 1752750055.149747053
expires: Fri, 18 Jul 2025 18:38:48 GMT
cache-control: max-age=86400
x-time-ng: 0.000
accept-ranges: bytes
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.011
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_auth/en/dictionary_afaf81e30d642b97c9a47adfabb20735.json

185.244.209.62

200 OK

9.7 kB

URL GET
v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_auth/en/dictionary_afaf81e30d642b97c9a47adfabb20735.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-41901.pro/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
9.7 kB (9656 bytes)
Hash
d75b2ed6baf27beaa7c13a8eedee98ba
0f0bc6e193b2de4642068dfc72b0bcb193469f78
0d9a0565ceab3ff1bc46ea48f330012693f8958784f13ec7681644d180b2d503

HTTP Headers

GET /genfiles/web-app-v2/dictionary2/v3_auth/en/dictionary_afaf81e30d642b97c9a47adfabb20735.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-41901.pro/
Origin: https://1xlite-41901.pro
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 17 Jul 2025 18:38:50 GMT
content-type: application/json; charset=utf-8
traceparent: 00-de4b00394376e1ace74b9d21dd0d1114-4393903d85d183a1-01
last-modified: Thu, 26 Jun 2025 16:06:49 GMT
etag: W/"d75b2ed6baf27beaa7c13a8eedee98ba"
cache-control: max-age=3600
content-encoding: gzip
expires: Tue, 15 Jul 2025 01:44:20 GMT
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 2834
cache: HIT
x-cached-since: 2025-07-17T17:51:36+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-1222/desktop/media_asset/d74c739e8dc699924a92aa456420dcf1.json

185.244.209.62

200 OK

14 kB

URL GET
v3.traincdn.com/genfiles/cms/1-1222/desktop/media_asset/d74c739e8dc699924a92aa456420dcf1.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-41901.pro/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
14 kB (14232 bytes)
Hash
811ce3b7877d19901e45430cb6523d62
16a905115a678fdef3923f91c6f76cbab613e84d
10fbb74dbac63abfe9c4f5a77abc03757ef3527a479d4ae70dc977b515eec8cb

HTTP Headers

GET /genfiles/cms/1-1222/desktop/media_asset/d74c739e8dc699924a92aa456420dcf1.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-41901.pro/
Origin: https://1xlite-41901.pro
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 17 Jul 2025 18:38:50 GMT
content-type: application/json
traceparent: 00-c9cb0e522a00179f0e6e9a0da5bcc0f6-69ae9f01cd68b02f-01
last-modified: Thu, 27 Feb 2025 09:05:16 GMT
etag: W/"811ce3b7877d19901e45430cb6523d62"
content-encoding: gzip
expires: Wed, 16 Jul 2025 08:16:44 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
cache: REVALIDATED
X-Firefox-Spdy: h2

POST 1xlite-41901.pro/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json

178.253.36.54

200 OK

23 B

URL POST
1xlite-41901.pro/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json
IP
178.253.36.54:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-41901.pro/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-41901.pro
Fingerprint9E:6C:E0:D2:D8:86:8E:88:51:60:C2:53:C9:3A:3B:37:9C:86:E3:AA
ValidityThu, 10 Jul 2025 12:53:00 GMT - Wed, 08 Oct 2025 12:52:59 GMT

File type
JSON text data
Size
23 B (23 bytes)
Hash
ab135b5aeb6959d18efb7b463973979b
829fc82d1a03c415f413ded55282fc636eaab3a9
2cef83632f4de04b3d6bff1999be99dac15adc2a08a5f18ee7fecfaeafb3360b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json HTTP/1.1
Host: 1xlite-41901.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-41901.pro/en/block
Content-Type: application/json
X-Lang: en
X-Uuid: cfd2f2cf-1006-4e6a-9047-7ec510fd60c2
Content-Length: 98
Origin: https://1xlite-41901.pro
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_224327m_14517c_%5B%5DMS%5B%5Dnull%5B%5DSmartCPM%5B%5Dgeneral%5B%5D4378168_d28985_l18201_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_224327m_14517c_%5B%5DMS%5B%5Dnull%5B%5DSmartCPM%5B%5Dgeneral%5B%5D4378168_d28985_l18201_clickunder; postback_watcher=; auid=sv0kNmh5QzeT/2blAyUDAg==
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 17 Jul 2025 18:38:50 GMT
content-type: application/json
content-length: 23
x-dt: 1222
x-time-ng: 0.000
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.110, wf-uht;dur=0.012
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/shared-assets/__shared_localforage_FJKG5M2E.js

185.244.209.62

200 OK

30 kB

URL GET
v3.traincdn.com/sys-static/shared-assets/__shared_localforage_FJKG5M2E.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-41901.pro/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (30255)
Size
30 kB (30277 bytes)
Hash
02cf95f00794b77df34632e34a59c5be
b64889fb6cbe78a141688ea761a627997ef8a8af
bf78b7b3dd6ecbdea04c575edfb6022ed1b2e98c7a9cb9f02ab851ca638f1b83

HTTP Headers

GET /sys-static/shared-assets/__shared_localforage_FJKG5M2E.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-41901.pro
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 17 Jul 2025 18:38:51 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-058e07685c7defbc88bb4f16b141cc3e-73811b11b9f5e762-01
last-modified: Thu, 17 Jul 2025 07:58:22 GMT
etag: W/"02cf95f00794b77df34632e34a59c5be"
x-amz-meta-mtime: 1752738872.224956215
content-encoding: gzip
expires: Fri, 18 Jul 2025 08:09:30 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 36972
cache: HIT
x-cached-since: 2025-07-17T08:22:39+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-1222/desktop/media_asset/40c623f07254442d0bc1208525e98ccb.json

185.244.209.62

200 OK

3.6 kB

URL GET
v3.traincdn.com/genfiles/cms/1-1222/desktop/media_asset/40c623f07254442d0bc1208525e98ccb.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-41901.pro/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
3.6 kB (3557 bytes)
Hash
4b08975411699bcd7464f49777e866bf
2a9b0a0f3eadf5f3e1ef688bacd9560dd59c73d2
b6208d18413f8988db2e0040ff72516c0cb5e06d3d9692b5b098808ab46fc378

HTTP Headers

GET /genfiles/cms/1-1222/desktop/media_asset/40c623f07254442d0bc1208525e98ccb.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-41901.pro/
Origin: https://1xlite-41901.pro
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 17 Jul 2025 18:38:51 GMT
content-type: application/json
traceparent: 00-3866f001fe938f8c78e67d34b26cf50d-de3925081402026a-01
last-modified: Thu, 27 Feb 2025 09:07:27 GMT
etag: W/"4b08975411699bcd7464f49777e866bf"
content-encoding: gzip
expires: Wed, 16 Jul 2025 08:16:45 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
cache: REVALIDATED
X-Firefox-Spdy: h2

GET 1xlite-41901.pro/hd-api/external/assets/hdf.js

178.253.36.54

200 OK

4.1 kB

URL GET
1xlite-41901.pro/hd-api/external/assets/hdf.js
IP
178.253.36.54:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-41901.pro/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-41901.pro
Fingerprint9E:6C:E0:D2:D8:86:8E:88:51:60:C2:53:C9:3A:3B:37:9C:86:E3:AA
ValidityThu, 10 Jul 2025 12:53:00 GMT - Wed, 08 Oct 2025 12:52:59 GMT

File type
C++ source, ASCII text, with very long lines (874)
Size
4.1 kB (4083 bytes)
Hash
40eaa62ed21bd753172f4c307e2a41d0
f7b03c6b004562311c8ca00466179629738b2a40
60fed8cb321dc09e4e1d910b5822bd8f67d53d0962a41ddc9f5ac33edd4e2213

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hd-api/external/assets/hdf.js HTTP/1.1
Host: 1xlite-41901.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-41901.pro/en/block
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_224327m_14517c_%5B%5DMS%5B%5Dnull%5B%5DSmartCPM%5B%5Dgeneral%5B%5D4378168_d28985_l18201_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_224327m_14517c_%5B%5DMS%5B%5Dnull%5B%5DSmartCPM%5B%5Dgeneral%5B%5D4378168_d28985_l18201_clickunder; auid=sv0kNmh5QzeT/2blAyUDAg==; window_width=1280; che_g=f7975d73-f18e-a744-9292-491927bf1e2b; SESSION=ed2185a33122d563e29932f9d57150e3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 17 Jul 2025 18:38:58 GMT
content-type: text/javascript; charset=utf-8
content-length: 1620
accept-ranges: bytes
cache-control: public, max-age=300
content-encoding: gzip
etag: 40eaa62ed21bd753172f4c307e2a41d0
vary: Accept-Encoding
x-dt: 1222
x-request-guid: d48eff8d14395a6e7c87427bd496bd15
x-time-ng: 0.003
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.084, wf-uht;dur=0.015
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_coupon/en/dictionary_cddbc9f9f68eec0edd648d7fc656a30a.json

185.244.209.62

200 OK

28 kB

URL GET
v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_coupon/en/dictionary_cddbc9f9f68eec0edd648d7fc656a30a.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-41901.pro/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
28 kB (27690 bytes)
Hash
e7fa5d4b44fe5d441391a5338da8f25b
d26a581526af70713c444d3ed734bfbfccb9e606
333d915c8dbdea6f31c0e9e057bdc08c451bead6286ae5f1f59b9012ab741684

HTTP Headers

GET /genfiles/web-app-v2/dictionary2/v3_coupon/en/dictionary_cddbc9f9f68eec0edd648d7fc656a30a.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-41901.pro/
Origin: https://1xlite-41901.pro
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 17 Jul 2025 18:38:50 GMT
content-type: application/json; charset=utf-8
traceparent: 00-05ac344c09b77c7e62c65f52641c0244-b91465b11eec99c8-01
last-modified: Mon, 07 Jul 2025 16:06:32 GMT
etag: W/"e7fa5d4b44fe5d441391a5338da8f25b"
cache-control: max-age=3600
content-encoding: gzip
expires: Thu, 17 Jul 2025 15:41:39 GMT
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 2791
cache: HIT
x-cached-since: 2025-07-17T17:52:19+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_registration/en/dictionary_1e825bca2c52cd207d6fbf7ae456ca3d.json

185.244.209.62

200 OK

22 kB

URL GET
v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_registration/en/dictionary_1e825bca2c52cd207d6fbf7ae456ca3d.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-41901.pro/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
22 kB (22173 bytes)
Hash
9d1a48e2a7e19fcfc5db6e3fea734295
6506b7a4a1725bb7d36b9687870e0f46cdbc24e9
79536776b3b8296ab4cf97d7c6c4c3c4ef3ecb0cb362c9a34529c1b1709132cd

HTTP Headers

GET /genfiles/web-app-v2/dictionary2/v3_registration/en/dictionary_1e825bca2c52cd207d6fbf7ae456ca3d.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-41901.pro/
Origin: https://1xlite-41901.pro
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 17 Jul 2025 18:38:50 GMT
content-type: application/json; charset=utf-8
traceparent: 00-5bea7787fe4bf1646e002b24ddbfef15-cd3b24dbbc29a82f-01
last-modified: Mon, 14 Jul 2025 12:07:00 GMT
etag: W/"f63d73a8218769b1c70f490823f2e1cb"
cache-control: max-age=3600
content-encoding: gzip
expires: Mon, 14 Jul 2025 13:12:16 GMT
x-time-ng: 0.001
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 2840
cache: HIT
x-cached-since: 2025-07-17T17:51:30+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_express_day/en/dictionary_84e511afe97bad68fa98353e8037b65e.json

185.244.209.62

200 OK

1.2 kB

URL GET
v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_express_day/en/dictionary_84e511afe97bad68fa98353e8037b65e.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-41901.pro/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
1.2 kB (1202 bytes)
Hash
26f10f416f0a3743c3362a51dd558a4b
6b458c43b5e31fc0515de1eb1a0e535855a3e936
8374658000ae2d2747471b9535397e6de0c036d4e1a767a2a523047f8d06cb73

HTTP Headers

GET /genfiles/web-app-v2/dictionary2/v3_express_day/en/dictionary_84e511afe97bad68fa98353e8037b65e.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-41901.pro/
Origin: https://1xlite-41901.pro
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 17 Jul 2025 18:38:50 GMT
content-type: application/json; charset=utf-8
traceparent: 00-35f30f38319683bf42363b2b427c339f-31f71ef64c3ec37e-01
last-modified: Mon, 30 Jun 2025 14:06:32 GMT
etag: W/"26f10f416f0a3743c3362a51dd558a4b"
cache-control: max-age=3600
content-encoding: gzip
expires: Mon, 14 Jul 2025 21:59:56 GMT
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 1837
cache: HIT
x-cached-since: 2025-07-17T18:08:13+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_reset_password/en/dictionary_612c6e919ca15d39cc751a619a3952c7.json

185.244.209.62

200 OK

765 B

URL GET
v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_reset_password/en/dictionary_612c6e919ca15d39cc751a619a3952c7.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-41901.pro/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
765 B (765 bytes)
Hash
00f980f23f1b4c1ccee99ed49e0a8feb
4cb07094de9bffff1bf81d94446280b91013b660
bb3be3377fbb8e66a4b5a8a3866dfd865a37cb4a96482ab2f439981e03b57cea

HTTP Headers

GET /genfiles/web-app-v2/dictionary2/v3_reset_password/en/dictionary_612c6e919ca15d39cc751a619a3952c7.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-41901.pro/
Origin: https://1xlite-41901.pro
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 17 Jul 2025 18:38:50 GMT
content-type: application/json; charset=utf-8
content-length: 765
traceparent: 00-bceacf8d56ee171c9fba7b868390e1aa-bd918cb831a98c0e-01
last-modified: Wed, 11 Oct 2023 12:52:53 GMT
etag: "00f980f23f1b4c1ccee99ed49e0a8feb"
cache-control: max-age=3600
expires: Thu, 16 Jan 2025 10:53:47 GMT
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 3280
cache: HIT
x-cached-since: 2025-07-17T17:44:10+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-1222/desktop/media_asset/8f7d7f13a61718019033a7ce744e8fbe.json

185.244.209.62

200 OK

1.3 kB

URL GET
v3.traincdn.com/genfiles/cms/1-1222/desktop/media_asset/8f7d7f13a61718019033a7ce744e8fbe.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-41901.pro/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
1.3 kB (1342 bytes)
Hash
499d57f89b2bf5fed52d984d865fd72c
f3dd138886f2c1e257d3ac2214b7e3cba57e56b2
9467cf5576ce2a97d9e44e53915a9c4ae529c134cc1ea5a3c62ea304eebda0c8

HTTP Headers

GET /genfiles/cms/1-1222/desktop/media_asset/8f7d7f13a61718019033a7ce744e8fbe.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-41901.pro/
Origin: https://1xlite-41901.pro
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 17 Jul 2025 18:38:51 GMT
content-type: application/json
traceparent: 00-076d087a47a7e097d7817381b4ccf43f-3cc6d4270f40b404-01
last-modified: Thu, 27 Feb 2025 08:18:49 GMT
etag: W/"499d57f89b2bf5fed52d984d865fd72c"
content-encoding: gzip
expires: Wed, 16 Jul 2025 08:16:45 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
cache: REVALIDATED
X-Firefox-Spdy: h2

GET www.googletagmanager.com/gtag/js?id=G-5671CMJ6T4

142.250.74.136

200 OK

476 kB

URL GET
www.googletagmanager.com/gtag/js?id=G-5671CMJ6T4
IP
142.250.74.136:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-41901.pro/en/block
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint3A:12:37:38:16:E5:9F:51:4E:B7:1D:5F:1F:C0:84:BB:92:EA:9E:20
ValidityMon, 23 Jun 2025 08:40:16 GMT - Mon, 15 Sep 2025 08:40:15 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (12571)
Size
476 kB (476252 bytes)
Hash
067fc7827134cfdb6dcc8573f14b79b3
62f1743c82c739a81a9170d33b16576c841b152d
2c25112bc32a5c27ec196519edd10c3de516c86207e956f66d0bfaaa87bbcbe0

HTTP Headers

GET /gtag/js?id=G-5671CMJ6T4 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-41901.pro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 17 Jul 2025 18:39:01 GMT
expires: Thu, 17 Jul 2025 18:39:01 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1077:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1077:0
report-to: {"group":"ascgcycc:1077:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1077:0"}],}
server: Google Tag Manager
content-length: 151791
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/190a8485/desktop/default/app-93fa2cf5.js

185.244.209.62

200 OK

505 kB

URL GET
v3.traincdn.com/main-static/190a8485/desktop/default/app-93fa2cf5.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-41901.pro/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65535), with no line terminators
Size
505 kB (504573 bytes)
Hash
067a2ed8388528e3ae867179807ec24f
390a0e6824ad9468dd03bb7960cd8ff03f237beb
3b34bf6344ad5a64f3442849727cc5021afd57fcf7a35b0e7d0b1ecfceced78e

HTTP Headers

GET /main-static/190a8485/desktop/default/app-93fa2cf5.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-41901.pro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 17 Jul 2025 18:38:49 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-07f116859bcf6f5f03ae364a691368e3-5aa9d00206a6bae0-01
last-modified: Thu, 17 Jul 2025 10:59:54 GMT
etag: W/"067a2ed8388528e3ae867179807ec24f"
x-amz-meta-mtime: 1752749990.147371224
content-encoding: gzip
expires: Fri, 18 Jul 2025 11:15:51 GMT
cache-control: max-age=86400
x-time-ng: 0.003
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 26533
cache: HIT
x-cached-since: 2025-07-17T11:16:36+00:00
X-Firefox-Spdy: h2

POST 1xlite-41901.pro/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json

178.253.36.54

200 OK

23 B

URL POST
1xlite-41901.pro/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json
IP
178.253.36.54:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-41901.pro/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-41901.pro
Fingerprint9E:6C:E0:D2:D8:86:8E:88:51:60:C2:53:C9:3A:3B:37:9C:86:E3:AA
ValidityThu, 10 Jul 2025 12:53:00 GMT - Wed, 08 Oct 2025 12:52:59 GMT

File type
JSON text data
Size
23 B (23 bytes)
Hash
0831b01ef9f95cfba5df5fb3ddbc0cf9
48081a97c547c829951cc367480cf880bd6dfb4d
8e816c35ef2c3234d489ffb0d991ac77859bdba42754969a6618b19e430f73e9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json HTTP/1.1
Host: 1xlite-41901.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-41901.pro/en/block
Content-Type: application/json
X-Lang: en
X-Uuid: cfd2f2cf-1006-4e6a-9047-7ec510fd60c2
Content-Length: 48
Origin: https://1xlite-41901.pro
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_224327m_14517c_%5B%5DMS%5B%5Dnull%5B%5DSmartCPM%5B%5Dgeneral%5B%5D4378168_d28985_l18201_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_224327m_14517c_%5B%5DMS%5B%5Dnull%5B%5DSmartCPM%5B%5Dgeneral%5B%5D4378168_d28985_l18201_clickunder; postback_watcher=; auid=sv0kNmh5QzeT/2blAyUDAg==
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 17 Jul 2025 18:38:50 GMT
content-type: application/json
content-length: 23
x-dt: 1222
x-time-ng: 0.000
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.075, wf-uht;dur=0.013
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-1222/desktop/media_asset/e4abf41fea6ef3c13df98ed2976c814a.json

185.244.209.62

200 OK

13 kB

URL GET
v3.traincdn.com/genfiles/cms/1-1222/desktop/media_asset/e4abf41fea6ef3c13df98ed2976c814a.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-41901.pro/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
13 kB (13278 bytes)
Hash
2b474bcc2f009b70e64e2b5a95dd50a4
1fd5ee2d54da7dfbf61e67efd938a89c548fc866
f86d880575f3f65ddaaf9e8a0e3746bbbefcefe7e6c0c4441e9e20ceffdca237

HTTP Headers

GET /genfiles/cms/1-1222/desktop/media_asset/e4abf41fea6ef3c13df98ed2976c814a.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-41901.pro/
Origin: https://1xlite-41901.pro
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 17 Jul 2025 18:38:51 GMT
content-type: application/json
traceparent: 00-44c727775ee56c6e5251c4cfbcf2685e-368130c4c2aa8e99-01
last-modified: Wed, 12 Mar 2025 09:36:41 GMT
etag: W/"2b474bcc2f009b70e64e2b5a95dd50a4"
content-encoding: gzip
expires: Wed, 16 Jul 2025 08:16:45 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
cache: REVALIDATED
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-1222/desktop/media_asset/ad01a559dfff9537dd306a23757dec07.json

185.244.209.62

200 OK

241 B

URL GET
v3.traincdn.com/genfiles/cms/1-1222/desktop/media_asset/ad01a559dfff9537dd306a23757dec07.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-41901.pro/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
241 B (241 bytes)
Hash
39257fbb62736206d5245e08925d7b60
4c11e3cb6a16b884772b88acdba30a2ad98e86b8
3a3cf0f5c60899ffb49d9825516aec475fd7b78cea8ae0b5b58dfb4e658f041e

HTTP Headers

GET /genfiles/cms/1-1222/desktop/media_asset/ad01a559dfff9537dd306a23757dec07.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-41901.pro/
Origin: https://1xlite-41901.pro
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 17 Jul 2025 18:38:51 GMT
content-type: application/json
content-length: 241
traceparent: 00-d8277f1baea8c02b96a03a6c7f65d826-29d581f37d1eed41-01
last-modified: Thu, 27 Feb 2025 13:25:39 GMT
etag: "39257fbb62736206d5245e08925d7b60"
expires: Wed, 16 Jul 2025 08:16:45 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
cache: REVALIDATED
accept-ranges: bytes
X-Firefox-Spdy: h2

GET 1xlite-41901.pro/web-api/session

178.253.36.54

204 No Content

0 B

URL GET
1xlite-41901.pro/web-api/session
IP
178.253.36.54:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-41901.pro/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-41901.pro
Fingerprint9E:6C:E0:D2:D8:86:8E:88:51:60:C2:53:C9:3A:3B:37:9C:86:E3:AA
ValidityThu, 10 Jul 2025 12:53:00 GMT - Wed, 08 Oct 2025 12:52:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /web-api/session HTTP/1.1
Host: 1xlite-41901.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-41901.pro/en/block
content-type: application/json
x-requested-with: XMLHttpRequest
x-app-n: v3-nuxt2
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_224327m_14517c_%5B%5DMS%5B%5Dnull%5B%5DSmartCPM%5B%5Dgeneral%5B%5D4378168_d28985_l18201_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_224327m_14517c_%5B%5DMS%5B%5Dnull%5B%5DSmartCPM%5B%5Dgeneral%5B%5D4378168_d28985_l18201_clickunder; auid=sv0kNmh5QzeT/2blAyUDAg==; window_width=1280; che_g=f7975d73-f18e-a744-9292-491927bf1e2b
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
server: nginx
date: Thu, 17 Jul 2025 18:38:58 GMT
cache-control: no-cache, private
server-timing: dt_total;dur=0.005, p;dur=12.16, wf-uht;dur=0.026
set-cookie: ua=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
SESSION=ed2185a33122d563e29932f9d57150e3; path=/; secure; httponly; samesite=lax
x-dt: 1222
x-time-ng: 0.013, 0.014
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

GET v3.traincdn.com/version.json

185.244.209.62

200 OK

11 B

URL GET
v3.traincdn.com/version.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-41901.pro/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text
Size
11 B (11 bytes)
Hash
968cceca0e20ae179d1ce9560146901b
1257ae799382a480e2e15d1d87bf8c76bbdda038
bef70914697805d29a42254ed1d20864a228a29e98ebf5e19ed360739187eb3f

HTTP Headers

GET /version.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-41901.pro
DNT: 1
Connection: keep-alive
Referer: https://1xlite-41901.pro/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 17 Jul 2025 18:38:48 GMT
content-type: application/json
content-length: 11
traceparent: 00-b4a07ba264be438e5cc4660176a8e4a1-a4c9ad1dcb1dffca-01
last-modified: Thu, 17 Jul 2025 11:00:56 GMT
etag: "968cceca0e20ae179d1ce9560146901b"
x-amz-meta-mtime: 1752750056.897752769
expires: Thu, 17 Jul 2025 11:04:16 GMT
cache-control: max-age=60
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
cache: REVALIDATED
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/shared-assets/Desktop/__shared_base-app_6beaa69080.js

185.244.209.62

200 OK

1.4 MB

URL GET
v3.traincdn.com/sys-static/shared-assets/Desktop/__shared_base-app_6beaa69080.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-41901.pro/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (23471)
Size
1.4 MB (1436846 bytes)
Hash
47286570d1c64ce7f0eb3d4d009048b4
28e039b364415e8d83756ff16edecd5767b5a235
5c866bf9966e47e67616550b3c20555374028d9100defb7e853f469c25019d06

HTTP Headers

GET /sys-static/shared-assets/Desktop/__shared_base-app_6beaa69080.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-41901.pro
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 17 Jul 2025 18:38:50 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-0e2913a93a008ac144ccef08f3946f1d-e79621cca3e7052f-01
last-modified: Thu, 17 Jul 2025 09:50:09 GMT
etag: W/"47286570d1c64ce7f0eb3d4d009048b4"
x-amz-meta-mtime: 1752745683.523792353
content-encoding: gzip
expires: Fri, 18 Jul 2025 11:20:32 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 26092
cache: HIT
x-cached-since: 2025-07-17T11:23:58+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/shared-assets/__shared_libphonenumber_js_Q6RMKWT6.js

185.244.209.62

200 OK

159 kB

URL GET
v3.traincdn.com/sys-static/shared-assets/__shared_libphonenumber_js_Q6RMKWT6.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-41901.pro/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with very long lines (65509)
Size
159 kB (158815 bytes)
Hash
1da464d70e78b04b9b808e82e4ad9487
0c79e65516d1525ecb43d13cfb4ccb0631095a28
b4c72b8036ca6767ab61490178f901538646f2aa1001cb042caa134174a41595

HTTP Headers

GET /sys-static/shared-assets/__shared_libphonenumber_js_Q6RMKWT6.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-41901.pro
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 17 Jul 2025 18:38:50 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-64612abfef6890d8743a14e630b738a3-2030ae76c2aa730d-01
last-modified: Thu, 17 Jul 2025 07:58:22 GMT
etag: W/"1da464d70e78b04b9b808e82e4ad9487"
x-amz-meta-mtime: 1752738872.223956139
content-encoding: gzip
expires: Fri, 18 Jul 2025 08:22:15 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 36961
cache: HIT
x-cached-since: 2025-07-17T08:22:49+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/d71c147601.js

185.244.209.62

200 OK

1.2 kB

URL GET
v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/d71c147601.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-41901.pro/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (1165)
Size
1.2 kB (1166 bytes)
Hash
7149806e71b7f51bea19d1b4dffeee18
7f66b0ed9605832e6ea79c76813e3acdf1bce82e
9aec8056434d23e52a0d6c0c5a6cf8816ff155546b31340ff1a5cc373c3f77ff

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/d71c147601.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-41901.pro
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 17 Jul 2025 18:38:51 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-c0ec3c48167be618c452f6ea09820d56-e19e0fde3eb4a8b8-01
last-modified: Wed, 16 Jul 2025 08:21:14 GMT
etag: W/"7149806e71b7f51bea19d1b4dffeee18"
x-amz-meta-mtime: 1752653611.098586158
content-encoding: gzip
expires: Fri, 18 Jul 2025 11:57:04 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 24107
cache: HIT
x-cached-since: 2025-07-17T11:57:04+00:00
X-Firefox-Spdy: h2

GET radar.cedexis.com/1/23802/radar.js

45.54.49.5

302 Moved Temporarily

390 B

URL GET
radar.cedexis.com/1/23802/radar.js
IP
45.54.49.5:443
ASN
#63911 NetActuate, Inc

Requested by
https://1xlite-41901.pro/en/block
Certificate
IssuerDigiCert Inc
Subjectradar.cedexis.com
FingerprintA2:3E:30:19:D5:41:3A:11:81:58:E3:B1:6F:F4:D2:78:0B:44:6F:D0
ValidityFri, 07 Mar 2025 00:00:00 GMT - Fri, 06 Mar 2026 23:59:59 GMT

File type

Size
390 B (390 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /1/23802/radar.js HTTP/1.1
Host: radar.cedexis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-41901.pro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Thu, 17 Jul 2025 18:39:01 GMT
Content-Type: text/html
Content-Length: 138
Connection: keep-alive
Location: /1707728419/stub.js
Expires: Thu, 17 Jul 2025 18:49:01 GMT
Cache-Control: max-age=600
Vary: User-Agent,DNT

GET 1xlite-41901.pro/en?tag=s_224327m_14517c_[]MS[]null[]SmartCPM[]general[]4378168_d28985_l18201_clickunder

178.253.36.54

302 Found

286 kB

URL User Request GET
1xlite-41901.pro/en?tag=s_224327m_14517c_[]MS[]null[]SmartCPM[]general[]4378168_d28985_l18201_clickunder
IP
178.253.36.54:443
ASN
#202492 Silverhill Group Holding Ltd

Certificate
IssuerLet's Encrypt
Subject1xlite-41901.pro
Fingerprint9E:6C:E0:D2:D8:86:8E:88:51:60:C2:53:C9:3A:3B:37:9C:86:E3:AA
ValidityThu, 10 Jul 2025 12:53:00 GMT - Wed, 08 Oct 2025 12:52:59 GMT

File type

Size
286 kB (286347 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /en?tag=s_224327m_14517c_[]MS[]null[]SmartCPM[]general[]4378168_d28985_l18201_clickunder HTTP/1.1
Host: 1xlite-41901.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: nginx
date: Thu, 17 Jul 2025 18:38:47 GMT
location: https://1xlite-41901.pro/en/block
server-timing: dt_total;dur=0.016, total;dur=448;desc="Nuxt Server Time", wf-uht;dur=0.462
set-cookie: platform_type=desktop; Path=/; Expires=Sun, 20 Jul 2025 18:38:47 GMT; Secure; SameSite=None; Partitioned
gw-mm=; Path=/; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Secure; SameSite=None; Partitioned
lng=en; Path=/
cookies_agree_type=3; Path=/
tzo=2; Path=/
is12h=0; Path=/
referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_224327m_14517c_%5B%5DMS%5B%5Dnull%5B%5DSmartCPM%5B%5Dgeneral%5B%5D4378168_d28985_l18201_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; Path=/; Expires=Mon, 15 Sep 2025 18:38:47 GMT
reflinkid=s_224327m_14517c_%5B%5DMS%5B%5Dnull%5B%5DSmartCPM%5B%5Dgeneral%5B%5D4378168_d28985_l18201_clickunder; Path=/; Expires=Thu, 17 Jul 2025 19:38:47 GMT
postback_watcher=; Path=/; Expires=Thu, 17 Jul 2025 18:38:51 GMT
auid=sv0kNmh5QzeT/2blAyUDAg==; path=/; secure; httponly; samesite=lax
x-dt: 1222
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/190a8485/desktop/default/Page.Block-99cca318.js

185.244.209.62

200 OK

476 B

URL GET
v3.traincdn.com/main-static/190a8485/desktop/default/Page.Block-99cca318.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-41901.pro/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (476), with no line terminators
Size
476 B (476 bytes)
Hash
aac8def60dbf7ae9e7f51ef0fa542bec
14be02d620abab789eea941b7834617c0112d4b7
af031d0af3ce336cc64791a4046d7884c131b62e5f277b60e76680b1e0ffa1ce

HTTP Headers

GET /main-static/190a8485/desktop/default/Page.Block-99cca318.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-41901.pro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 17 Jul 2025 18:38:49 GMT
content-type: text/javascript; charset=utf-8
content-length: 476
traceparent: 00-c0bdadfa335bbd81d15e4559345ac96e-0fea71d714d9f684-01
last-modified: Thu, 17 Jul 2025 10:59:54 GMT
etag: "aac8def60dbf7ae9e7f51ef0fa542bec"
x-amz-meta-mtime: 1752749990.143371186
expires: Fri, 18 Jul 2025 11:16:16 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 26494
cache: HIT
x-cached-since: 2025-07-17T11:17:15+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/190a8485/desktop/default/commons/app-b02bd1c8.js

185.244.209.62

200 OK

138 kB

URL GET
v3.traincdn.com/main-static/190a8485/desktop/default/commons/app-b02bd1c8.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-41901.pro/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65476)
Size
138 kB (137774 bytes)
Hash
cdd59493abdbe2a455843601a7d4d00b
e5fa84f9f4dd2fdd114b1044ccf29eb85379a5e2
45d4d2a0f69c09bd60f79cb1e82df89da3b82a98852eeb3dcdaf3e51d6931aeb

HTTP Headers

GET /main-static/190a8485/desktop/default/commons/app-b02bd1c8.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-41901.pro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 17 Jul 2025 18:38:49 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-9d4fe1cc54af765af90278a60c1bdeb6-2bf6c0be79530d95-01
last-modified: Thu, 17 Jul 2025 10:59:54 GMT
etag: W/"cdd59493abdbe2a455843601a7d4d00b"
x-amz-meta-mtime: 1752749990.147371224
content-encoding: gzip
expires: Fri, 18 Jul 2025 11:15:51 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 26533
cache: HIT
x-cached-since: 2025-07-17T11:16:36+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-1222/desktop/media_asset/6f2c3f2e1377f234b8983091818058a8.json

185.244.209.62

200 OK

747 B

URL GET
v3.traincdn.com/genfiles/cms/1-1222/desktop/media_asset/6f2c3f2e1377f234b8983091818058a8.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-41901.pro/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
747 B (747 bytes)
Hash
f4e90636ec9cff061c4301b3cefdd0d6
c506efe9c3672c58434ea10021dab0ad81b1ad98
30666f138ccc12735e2f8a6405ddce4a3d8756b9445e3b2732fa2970f14dbcea

HTTP Headers

GET /genfiles/cms/1-1222/desktop/media_asset/6f2c3f2e1377f234b8983091818058a8.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-41901.pro/
Origin: https://1xlite-41901.pro
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 17 Jul 2025 18:38:50 GMT
content-type: application/json
content-length: 747
traceparent: 00-a8d6fb6998f5a24f93305e8fcf95f795-a074e0ef746c2397-01
last-modified: Thu, 27 Feb 2025 13:27:49 GMT
etag: "f4e90636ec9cff061c4301b3cefdd0d6"
expires: Thu, 17 Jul 2025 18:29:30 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
cache: REVALIDATED
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/190a8485/desktop/default/Betting.Core-58ae54a0.js

185.244.209.62

200 OK

2.2 kB

URL GET
v3.traincdn.com/main-static/190a8485/desktop/default/Betting.Core-58ae54a0.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-41901.pro/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (2168), with no line terminators
Size
2.2 kB (2168 bytes)
Hash
8283c66d6f763a60a5d060d7d5a4bf1d
ee7f620774bd50c1bb93724533284ca8d77ac2c5
ba9b442093f6992d7cdb83d97b45050c77c0ba62d3d7c4bc28f38f03388dc0aa

HTTP Headers

GET /main-static/190a8485/desktop/default/Betting.Core-58ae54a0.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-41901.pro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 17 Jul 2025 18:38:50 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-8aa9742699148ddf06a0bfb0f5c80318-83df7df4a172b74f-01
last-modified: Thu, 17 Jul 2025 10:59:54 GMT
etag: W/"8283c66d6f763a60a5d060d7d5a4bf1d"
x-amz-meta-mtime: 1752749990.143371186
content-encoding: gzip
expires: Fri, 18 Jul 2025 11:15:53 GMT
cache-control: max-age=86400
x-time-ng: 0.003
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 26531
cache: HIT
x-cached-since: 2025-07-17T11:16:39+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2

185.244.209.62

200 OK

64 kB

URL GET
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-41901.pro/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 63748, version 1.0
Size
64 kB (63748 bytes)
Hash
6887b6f24414dbc612dbf42ccdc76b70
8068d3abfbc6cbf35b55919da45b1f4d2d136238
fc5c015fc32518f1ed810fa84ca28941eb9d5a3c81acc8df69a4dbbeedef7b0c

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-41901.pro
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 17 Jul 2025 18:38:59 GMT
content-type: font/woff2
content-length: 63748
traceparent: 00-e9a6850f9b8889a415898e460ad2ae7c-ad79b79e0172f76b-01
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "6887b6f24414dbc612dbf42ccdc76b70"
expires: Thu, 16 Jan 2025 10:32:14 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 3152
cache: HIT
x-cached-since: 2025-07-17T17:46:27+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET 1xlite-41901.pro/en/block

178.253.36.54

203 Non Authoritative

286 kB

URL User Request GET
1xlite-41901.pro/en/block
IP
178.253.36.54:443
ASN
#202492 Silverhill Group Holding Ltd

Certificate
IssuerLet's Encrypt
Subject1xlite-41901.pro
Fingerprint9E:6C:E0:D2:D8:86:8E:88:51:60:C2:53:C9:3A:3B:37:9C:86:E3:AA
ValidityThu, 10 Jul 2025 12:53:00 GMT - Wed, 08 Oct 2025 12:52:59 GMT

File type
HTML document, ASCII text, with very long lines (54212)
Size
286 kB (286347 bytes)
Hash
4d037580c609f9bdab0b076a86c14cc3
20b5c07dc27f1ed8dc0ec3eaa73f2fa5a3403162
67acd146296dcbdac0e09cc60f45eb397944d7405ab717b12b4f6d60a782a46d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /en/block HTTP/1.1
Host: 1xlite-41901.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_224327m_14517c_%5B%5DMS%5B%5Dnull%5B%5DSmartCPM%5B%5Dgeneral%5B%5D4378168_d28985_l18201_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_224327m_14517c_%5B%5DMS%5B%5Dnull%5B%5DSmartCPM%5B%5Dgeneral%5B%5D4378168_d28985_l18201_clickunder; postback_watcher=; auid=sv0kNmh5QzeT/2blAyUDAg==
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 203 Non Authoritative
server: nginx
date: Thu, 17 Jul 2025 18:38:48 GMT
content-type: text/html; charset=utf-8
content-length: 286347
accept-ranges: none
server-timing: dt_total;dur=0.004, total;dur=426;desc="Nuxt Server Time"
set-cookie: gw-mm=; Path=/; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Secure; SameSite=None; Partitioned
lng=en; Path=/
cookies_agree_type=3; Path=/
tzo=2; Path=/
is12h=0; Path=/
x-dt: 1222
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/190a8485/desktop/default/css/7fe5f71b.css

185.244.209.62

200 OK

3.3 kB

URL GET
v3.traincdn.com/main-static/190a8485/desktop/default/css/7fe5f71b.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-41901.pro/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with very long lines (3313), with no line terminators
Size
3.3 kB (3313 bytes)
Hash
c610b8710368de3bf2f1c5bb581b6a3a
f67bc86785d434adb2e81a356a7926b8818ac567
fad7111846310042401990719146401178f22e2618abf2b058e641b6495e8eba

HTTP Headers

GET /main-static/190a8485/desktop/default/css/7fe5f71b.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-41901.pro/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 17 Jul 2025 18:38:50 GMT
content-type: text/css; charset=utf-8
traceparent: 00-5c30d37e7797da86db373dbd921a4613-8bf1064fded637af-01
last-modified: Thu, 17 Jul 2025 10:59:55 GMT
etag: W/"c610b8710368de3bf2f1c5bb581b6a3a"
x-amz-meta-mtime: 1752749990.147371224
content-encoding: gzip
expires: Fri, 18 Jul 2025 11:15:52 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 26532
cache: HIT
x-cached-since: 2025-07-17T11:16:38+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/shared-assets/__shared_fast_deep_equal_XYWIEKOD.js

185.244.209.62

200 OK

865 B

URL GET
v3.traincdn.com/sys-static/shared-assets/__shared_fast_deep_equal_XYWIEKOD.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-41901.pro/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (840)
Size
865 B (865 bytes)
Hash
0af3fe0c072a5bb3b6c731767187982f
55db5afb57265dc92fd121fe9ae565ffb2f53b2c
655bbe85da91e863401c6f96e24b41f5c2fe51a4245cecc2deb2b8c9600fef30

HTTP Headers

GET /sys-static/shared-assets/__shared_fast_deep_equal_XYWIEKOD.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-41901.pro
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 17 Jul 2025 18:38:51 GMT
content-type: text/javascript; charset=utf-8
content-length: 865
traceparent: 00-12c25d66af5a26f9523f8b824bb26059-015e9fdbc649ac7c-01
last-modified: Wed, 16 Jul 2025 17:08:22 GMT
etag: "0af3fe0c072a5bb3b6c731767187982f"
x-amz-meta-mtime: 1752685645.162300546
expires: Fri, 18 Jul 2025 08:09:31 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 36972
cache: HIT
x-cached-since: 2025-07-17T08:22:39+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/shared-assets/__shared_accept_language_parser_B6TW5FDZ.js

185.244.209.62

200 OK

1.3 kB

URL GET
v3.traincdn.com/sys-static/shared-assets/__shared_accept_language_parser_B6TW5FDZ.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-41901.pro/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (1265)
Size
1.3 kB (1297 bytes)
Hash
e3f1c4089db6b910890e85d97a2e2066
85828920da3c3fd7856acde184e835ac314295cd
6c28afe5a52e0f9b1138fe498b254c8671058a058b555651ccae8e91e7534614

HTTP Headers

GET /sys-static/shared-assets/__shared_accept_language_parser_B6TW5FDZ.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-41901.pro
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 17 Jul 2025 18:38:51 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-ecf2aa52211fdd26094fd6927159ceb1-d3f54956006670ac-01
last-modified: Thu, 17 Jul 2025 13:47:46 GMT
etag: W/"e3f1c4089db6b910890e85d97a2e2066"
x-amz-meta-mtime: 1752759598.663280787
content-encoding: gzip
expires: Fri, 18 Jul 2025 14:31:08 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 14863
cache: HIT
x-cached-since: 2025-07-17T14:31:08+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/5ba4109660.js

185.244.209.62

200 OK

1.7 kB

URL GET
v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/5ba4109660.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-41901.pro/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (1388)
Size
1.7 kB (1725 bytes)
Hash
213b2e7d5e2418c7839101756ffd789f
ae6a93e34e6d03ade43f6b7b77e3327fc16ae34f
bfa42920771231a474d91d2a028a5a31f0b6b18e83491d2fcc3b32be7c691fba

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/5ba4109660.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-41901.pro
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 17 Jul 2025 18:38:51 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-f66f204cbde2f814ab28f3d1c7c8a2ea-fa94d918d25fecf3-01
last-modified: Wed, 16 Jul 2025 08:21:14 GMT
etag: W/"213b2e7d5e2418c7839101756ffd789f"
x-amz-meta-mtime: 1752653611.103586265
content-encoding: gzip
expires: Thu, 17 Jul 2025 19:46:09 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 82362
cache: HIT
x-cached-since: 2025-07-16T19:46:09+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-1222/desktop/media_asset/3bf3de989ea9c0c7ae938990ea7cdfa6.json

185.244.209.62

200 OK

1.1 kB

URL GET
v3.traincdn.com/genfiles/cms/1-1222/desktop/media_asset/3bf3de989ea9c0c7ae938990ea7cdfa6.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-41901.pro/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
1.1 kB (1085 bytes)
Hash
338264fc869e8f0b86b0d6c9d92102b0
83b4d35816df0e1486b766251e74d23f28b77824
015355a44429f40dd63b566dd1e9b1b76af3dfa28dcd25a43e82820ba0847b8d

HTTP Headers

GET /genfiles/cms/1-1222/desktop/media_asset/3bf3de989ea9c0c7ae938990ea7cdfa6.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-41901.pro/
Origin: https://1xlite-41901.pro
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 17 Jul 2025 18:38:51 GMT
content-type: application/json
traceparent: 00-71aad9df3668960d3be3f028cb140459-899c14156704449d-01
last-modified: Sun, 19 May 2024 00:44:04 GMT
etag: W/"338264fc869e8f0b86b0d6c9d92102b0"
content-encoding: gzip
expires: Wed, 16 Jul 2025 08:16:45 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
cache: REVALIDATED
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/b5f65e3642.js

185.244.209.62

200 OK

1.7 kB

URL GET
v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/b5f65e3642.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-41901.pro/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (1662)
Size
1.7 kB (1663 bytes)
Hash
52adae5818b3da78f15683c64562b5be
5ab2238fefeb1718cd8c708bbe8cb573abfef1b4
40213f9faec2c389110d76a596f96f972b66107da97229729b9fafd455ea0de7

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/b5f65e3642.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-41901.pro
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 17 Jul 2025 18:38:51 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-22c9ccf33fc6f020b2275ba0156ede10-a8e1cad209930f89-01
last-modified: Wed, 16 Jul 2025 08:21:14 GMT
etag: W/"52adae5818b3da78f15683c64562b5be"
x-amz-meta-mtime: 1752653611.096586115
content-encoding: gzip
expires: Thu, 17 Jul 2025 08:24:06 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 36566
cache: HIT
x-cached-since: 2025-07-17T08:29:25+00:00
X-Firefox-Spdy: h2

POST 1xlite-41901.pro/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/ab.json

178.253.36.54

200 OK

2 B

URL POST
1xlite-41901.pro/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/ab.json
IP
178.253.36.54:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-41901.pro/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-41901.pro
Fingerprint9E:6C:E0:D2:D8:86:8E:88:51:60:C2:53:C9:3A:3B:37:9C:86:E3:AA
ValidityThu, 10 Jul 2025 12:53:00 GMT - Wed, 08 Oct 2025 12:52:59 GMT

File type
JSON text data
Size
2 B (2 bytes)
Hash
d751713988987e9331980363e24189ce
97d170e1550eee4afc0af065b78cda302a97674c
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/ab.json HTTP/1.1
Host: 1xlite-41901.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-41901.pro/en/block
Content-Type: application/json
X-Lang: en
X-Uuid: cfd2f2cf-1006-4e6a-9047-7ec510fd60c2
Content-Length: 19
Origin: https://1xlite-41901.pro
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_224327m_14517c_%5B%5DMS%5B%5Dnull%5B%5DSmartCPM%5B%5Dgeneral%5B%5D4378168_d28985_l18201_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_224327m_14517c_%5B%5DMS%5B%5Dnull%5B%5DSmartCPM%5B%5Dgeneral%5B%5D4378168_d28985_l18201_clickunder; auid=sv0kNmh5QzeT/2blAyUDAg==; window_width=1280; che_g=f7975d73-f18e-a744-9292-491927bf1e2b
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 17 Jul 2025 18:38:51 GMT
content-type: application/json
content-length: 2
x-dt: 1222
x-time-ng: 0.001
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.100, wf-uht;dur=0.013
X-Firefox-Spdy: h2

POST 1xlite-41901.pro/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json

178.253.36.54

200 OK

23 B

URL POST
1xlite-41901.pro/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json
IP
178.253.36.54:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-41901.pro/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-41901.pro
Fingerprint9E:6C:E0:D2:D8:86:8E:88:51:60:C2:53:C9:3A:3B:37:9C:86:E3:AA
ValidityThu, 10 Jul 2025 12:53:00 GMT - Wed, 08 Oct 2025 12:52:59 GMT

File type
JSON text data
Size
23 B (23 bytes)
Hash
89c4d1d5c739925417750da6d4e0d54e
10f28c662dc23564eb02c14f70c3c459ab87b5d3
b353be403c96f7aa48c29db6214bd6a257de458d8f66f3affed243d605230db3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json HTTP/1.1
Host: 1xlite-41901.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-41901.pro/en/block
Content-Type: application/json
X-Lang: en
X-Uuid: cfd2f2cf-1006-4e6a-9047-7ec510fd60c2
Content-Length: 72
Origin: https://1xlite-41901.pro
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_224327m_14517c_%5B%5DMS%5B%5Dnull%5B%5DSmartCPM%5B%5Dgeneral%5B%5D4378168_d28985_l18201_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_224327m_14517c_%5B%5DMS%5B%5Dnull%5B%5DSmartCPM%5B%5Dgeneral%5B%5D4378168_d28985_l18201_clickunder; auid=sv0kNmh5QzeT/2blAyUDAg==; window_width=1280; che_g=f7975d73-f18e-a744-9292-491927bf1e2b
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 17 Jul 2025 18:38:51 GMT
content-type: application/json
content-length: 23
x-dt: 1222
x-time-ng: 0.000
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.155, wf-uht;dur=0.011
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-ui/3.3.302/Desktop/Default/merged.css

185.244.209.62

200 OK

785 kB

URL GET
v3.traincdn.com/sys-ui/3.3.302/Desktop/Default/merged.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-41901.pro/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
785 kB (784809 bytes)
Hash
d077520a3e77416e777d1948aa25ca5d
0acaea18ebb7e63da17b7a5fe2afe09654f7728d
9e3808aee469146f536617faf8138b10a5d5122c4e5c4e233adb56fa8e3d8714

HTTP Headers

GET /sys-ui/3.3.302/Desktop/Default/merged.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-41901.pro/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 17 Jul 2025 18:38:48 GMT
content-type: text/css; charset=utf-8
traceparent: 00-3c3f6582dd2b360479ae57e9f8d9a781-dd4e7a6e71d4010e-01
last-modified: Thu, 17 Jul 2025 10:45:26 GMT
etag: W/"d077520a3e77416e777d1948aa25ca5d"
x-amz-meta-mtime: 1752749078.660686994
content-encoding: gzip
expires: Fri, 18 Jul 2025 10:54:15 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 27857
cache: HIT
x-cached-since: 2025-07-17T10:54:31+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-1222/desktop/media_asset/0ea06c2473593dcb5d1e9b57b2f1565b.json

185.244.209.62

200 OK

23 kB

URL GET
v3.traincdn.com/genfiles/cms/1-1222/desktop/media_asset/0ea06c2473593dcb5d1e9b57b2f1565b.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-41901.pro/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
23 kB (23270 bytes)
Hash
bc3c79e764880121898f78d58c54ac21
0e1fb57593fa0c59e51e06040bf3a6b4c868b430
8bcfd2c3d6f34658a491941dbffa8478d7c2462340b78e1dd82d4b91c9a3163d

HTTP Headers

GET /genfiles/cms/1-1222/desktop/media_asset/0ea06c2473593dcb5d1e9b57b2f1565b.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-41901.pro/
Origin: https://1xlite-41901.pro
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 17 Jul 2025 18:38:50 GMT
content-type: application/json
traceparent: 00-64c8b018e225916093d35022516de92a-cce82213020ca055-01
last-modified: Tue, 01 Jul 2025 08:20:47 GMT
etag: W/"bc3c79e764880121898f78d58c54ac21"
content-encoding: gzip
expires: Wed, 16 Jul 2025 08:16:44 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
cache: REVALIDATED
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/entry-304e92fc2d.js

185.244.209.62

200 OK

30 kB

URL GET
v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/entry-304e92fc2d.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-41901.pro/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (29524)
Size
30 kB (30040 bytes)
Hash
4c3d8dbf1a2a88947d54b781b237ff3c
eb928a4364d82fef203eeb5d587a8e966cfd854f
7b32be74cf89901fea37ce259fd3b7eb9e769002a87838a1e88f3bd48f4bbd36

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/entry-304e92fc2d.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-41901.pro
DNT: 1
Connection: keep-alive
Referer: https://1xlite-41901.pro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 17 Jul 2025 18:38:50 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-1a84c35e82832f20d9f8398862d2ec8d-f555b94ef323ed4f-01
last-modified: Wed, 16 Jul 2025 08:21:14 GMT
etag: W/"4c3d8dbf1a2a88947d54b781b237ff3c"
x-amz-meta-mtime: 1752653611.099586179
content-encoding: gzip
expires: Thu, 17 Jul 2025 08:24:02 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 36567
cache: HIT
x-cached-since: 2025-07-17T08:29:23+00:00
X-Firefox-Spdy: h2

GET 1xlite-41901.pro/hd-api/external/apps/c5e31d5915661de4393e3f1489b00ebc4497dd48/api.js

178.253.36.54

200 OK

760 B

URL GET
1xlite-41901.pro/hd-api/external/apps/c5e31d5915661de4393e3f1489b00ebc4497dd48/api.js
IP
178.253.36.54:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-41901.pro/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-41901.pro
Fingerprint9E:6C:E0:D2:D8:86:8E:88:51:60:C2:53:C9:3A:3B:37:9C:86:E3:AA
ValidityThu, 10 Jul 2025 12:53:00 GMT - Wed, 08 Oct 2025 12:52:59 GMT

File type
JavaScript source, ASCII text, with very long lines (759)
Size
760 B (760 bytes)
Hash
0b911773e0df627d77f8306c86e228aa
0d584bb1a3294e4fe42df4582dcc8a2c8f77f7bb
01e4926540498a77d866259516007d41fae1213ab9607db826f011d926fd6006

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hd-api/external/apps/c5e31d5915661de4393e3f1489b00ebc4497dd48/api.js HTTP/1.1
Host: 1xlite-41901.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-41901.pro/en/block
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_224327m_14517c_%5B%5DMS%5B%5Dnull%5B%5DSmartCPM%5B%5Dgeneral%5B%5D4378168_d28985_l18201_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_224327m_14517c_%5B%5DMS%5B%5Dnull%5B%5DSmartCPM%5B%5Dgeneral%5B%5D4378168_d28985_l18201_clickunder; auid=sv0kNmh5QzeT/2blAyUDAg==; window_width=1280; che_g=f7975d73-f18e-a744-9292-491927bf1e2b; SESSION=ed2185a33122d563e29932f9d57150e3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 17 Jul 2025 18:38:58 GMT
content-type: text/javascript; charset=utf-8
content-length: 492
accept-ranges: bytes
cache-control: public, max-age=300
content-encoding: gzip
etag: 0b911773e0df627d77f8306c86e228aa
vary: Accept-Encoding
x-dt: 1222
x-request-guid: cd81960650bce6db67c0286dbcf3b780
x-time-ng: 0.000
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.010, wf-uht;dur=0.011
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/190a8485/desktop/default/runtime-90b3dc3b.js

185.244.209.62

200 OK

18 kB

URL GET
v3.traincdn.com/main-static/190a8485/desktop/default/runtime-90b3dc3b.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-41901.pro/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (18456), with no line terminators
Size
18 kB (18456 bytes)
Hash
682fc05ca20f1121e609b88f55242828
28227832173f0777a20b39ad2e1eb8446461c27e
6bef38fa68501eeb216f6de9b41479ab271f7e3a1a3f918dfe9bde630222b64e

HTTP Headers

GET /main-static/190a8485/desktop/default/runtime-90b3dc3b.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-41901.pro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 17 Jul 2025 18:38:49 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-83cb04fa4c97f9c4f5ef471d64b4bf76-ba8765270896a805-01
last-modified: Thu, 17 Jul 2025 10:59:54 GMT
etag: W/"682fc05ca20f1121e609b88f55242828"
x-amz-meta-mtime: 1752749990.155371299
content-encoding: gzip
expires: Fri, 18 Jul 2025 11:15:51 GMT
cache-control: max-age=86400
x-time-ng: 0.003
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 26533
cache: HIT
x-cached-since: 2025-07-17T11:16:36+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-1222/desktop/media_asset/ad0286bd6a3ae7ca00e000ee9825ce80.json

185.244.209.62

200 OK

14 kB

URL GET
v3.traincdn.com/genfiles/cms/1-1222/desktop/media_asset/ad0286bd6a3ae7ca00e000ee9825ce80.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-41901.pro/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
14 kB (14466 bytes)
Hash
1a7ec72aad44f9540cb604d7cde5ff38
65e5851d652e0471c213282efb5eeee31ae813db
94d4bf6bc00a09b766ea0ba441e860dc40ee6d398be80e89016dd0ee662869d6

HTTP Headers

GET /genfiles/cms/1-1222/desktop/media_asset/ad0286bd6a3ae7ca00e000ee9825ce80.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-41901.pro/
Origin: https://1xlite-41901.pro
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 17 Jul 2025 18:38:50 GMT
content-type: application/json
traceparent: 00-b3da1d812a8276f042c2524ebbaa7c5f-626335c3e37f39f2-01
last-modified: Mon, 16 Jun 2025 11:27:24 GMT
etag: W/"1a7ec72aad44f9540cb604d7cde5ff38"
content-encoding: gzip
expires: Wed, 16 Jul 2025 08:16:44 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
cache: REVALIDATED
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/b5cd9a5e87d930de856c92da15aa121e.png

185.244.209.62

200 OK

653 B

URL GET
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/b5cd9a5e87d930de856c92da15aa121e.png
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-41901.pro/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
PNG image data, 32 x 32, 8-bit colormap, non-interlaced
Size
653 B (653 bytes)
Hash
e6f0766cbd95db33da44e7a9140648f2
5f196b1bfe8c3f92bd2ebcd67124e72e81ae6aaf
c0399d478788d5d483f104a2e8cb7c32f41cb40e9df0c22e831b2bfa2db63ec0

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/b5cd9a5e87d930de856c92da15aa121e.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-41901.pro/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 17 Jul 2025 18:38:49 GMT
content-type: image/png
content-length: 653
traceparent: 00-375ed1dfbc5f695afd863a1eb6af12c9-c8382a21ec1b5c13-01
last-modified: Wed, 26 Jun 2024 08:18:02 GMT
etag: "e6f0766cbd95db33da44e7a9140648f2"
expires: Thu, 16 Jan 2025 10:46:36 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 3540
cache: HIT
x-cached-since: 2025-07-17T17:39:49+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_forgot_password/en/dictionary_776c0b6a6ae43ea4503f983fa859981a.json

185.244.209.62

200 OK

4.1 kB

URL GET
v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_forgot_password/en/dictionary_776c0b6a6ae43ea4503f983fa859981a.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-41901.pro/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
4.1 kB (4086 bytes)
Hash
9e075dc2a068d12162e260d49c92f233
9c748240ee9aeeb922f9998005c557517763a979
81b3796da635e227e36b1a44c3224d8e0ccda902293beb08f84d870ed3bcee99

HTTP Headers

GET /genfiles/web-app-v2/dictionary2/v3_forgot_password/en/dictionary_776c0b6a6ae43ea4503f983fa859981a.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-41901.pro/
Origin: https://1xlite-41901.pro
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 17 Jul 2025 18:38:50 GMT
content-type: application/json; charset=utf-8
traceparent: 00-b8db8f48533f9abbbbef1c5cb67d85c0-5f22f127bdc4b099-01
last-modified: Thu, 26 Jun 2025 16:06:49 GMT
etag: W/"9e075dc2a068d12162e260d49c92f233"
cache-control: max-age=3600
content-encoding: gzip
expires: Thu, 26 Jun 2025 17:12:47 GMT
x-time-ng: 0.001
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 1526
cache: HIT
x-cached-since: 2025-07-17T18:13:24+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-1222/desktop/media_asset/d3964ba5fa7fd773b92281c983039f61.json

185.244.209.62

200 OK

473 B

URL GET
v3.traincdn.com/genfiles/cms/1-1222/desktop/media_asset/d3964ba5fa7fd773b92281c983039f61.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-41901.pro/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
473 B (473 bytes)
Hash
e67aa19ef00fd2285c7b4ecbb6018306
5b01d4786d6fbfbd5de7901eb4359a55466f434a
135c1042c31e3674d8a1b3b9e7179f4f36868048ca6058ea458ff291b8880b5e

HTTP Headers

GET /genfiles/cms/1-1222/desktop/media_asset/d3964ba5fa7fd773b92281c983039f61.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-41901.pro/
Origin: https://1xlite-41901.pro
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 17 Jul 2025 18:38:51 GMT
content-type: application/json
content-length: 473
traceparent: 00-f5b9cd8c60a9b7a8e37f00c0e29aefac-3864959682a6ff72-01
last-modified: Sun, 19 May 2024 00:44:05 GMT
etag: "e67aa19ef00fd2285c7b4ecbb6018306"
expires: Wed, 16 Jul 2025 08:16:45 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
cache: REVALIDATED
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/90bde40cf4.js

185.244.209.62

200 OK

855 B

URL GET
v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/90bde40cf4.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-41901.pro/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (854)
Size
855 B (855 bytes)
Hash
56b6f377aaac9200d0f33aec73396a57
0cfe766fdf6196f17224e7bcc1eda6d1879eef45
916a1d0b1fa7946a897d17c21c14ac6a0da20dbdd882c51049172f4a7253d9eb

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/90bde40cf4.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-41901.pro
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 17 Jul 2025 18:38:51 GMT
content-type: text/javascript; charset=utf-8
content-length: 855
traceparent: 00-c4b3c491776535baee0e6d7673e51403-5f6f93e5b873acc0-01
last-modified: Wed, 16 Jul 2025 08:21:14 GMT
etag: "56b6f377aaac9200d0f33aec73396a57"
x-amz-meta-mtime: 1752653611.096586115
expires: Thu, 17 Jul 2025 08:24:06 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 36566
cache: HIT
x-cached-since: 2025-07-17T08:29:25+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-7JGWL9SV66&cid=1445409514.1752777541&gtm=45je57g1h2v897130004za200&aip=1&dma=1&dma_cps=syphamo&gcd=13l3lPl2l1l1&npa=1&frm=0&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684208~104684211~104732253~104732255~104908321~104908323~104964065~104964067~104967141~104967143&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684208~104684211~104732253~104732255~104908321~104908323~104964065~104964067~104967141~104967143&z=1067986842

142.250.74.131

200 OK

42 B

URL GET
www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-7JGWL9SV66&cid=1445409514.1752777541&gtm=45je57g1h2v897130004za200&aip=1&dma=1&dma_cps=syphamo&gcd=13l3lPl2l1l1&npa=1&frm=0&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684208~104684211~104732253~104732255~104908321~104908323~104964065~104964067~104967141~104967143&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684208~104684211~104732253~104732255~104908321~104908323~104964065~104964067~104967141~104967143&z=1067986842
IP
142.250.74.131:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-41901.pro/en/block
Certificate
IssuerGoogle Trust Services
Subject*.google.no
FingerprintA8:B1:20:9F:85:E5:F5:7D:94:F3:52:D0:EF:BC:D2:DB:A6:FA:8F:4F
ValidityMon, 23 Jun 2025 08:43:14 GMT - Mon, 15 Sep 2025 08:43:13 GMT

File type
GIF image data, version 89a, 1 x 1
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-7JGWL9SV66&cid=1445409514.1752777541&gtm=45je57g1h2v897130004za200&aip=1&dma=1&dma_cps=syphamo&gcd=13l3lPl2l1l1&npa=1&frm=0&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684208~104684211~104732253~104732255~104908321~104908323~104964065~104964067~104967141~104967143&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684208~104684211~104732253~104732255~104908321~104908323~104964065~104964067~104967141~104967143&z=1067986842 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-41901.pro/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 17 Jul 2025 18:39:01 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

POST region1.analytics.google.com/g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je57g1h2v897130004za200&_p=1752777540891&em=tv.1~em.ODS1igyfeIhzOTHENqwIfH1sb8t0oxg8FT6iY2YCmeo&_gaz=1&gcd=13l3lPl2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684208~104684211~104732253~104732255~104908321~104908323~104964065~104964067~104967141~104967143&cid=1445409514.1752777541&ecid=752955195&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&ec_mode=a&_s=1&sid=1752777541&sct=1&seg=0&dl=https%3A%2F%2F1xlite-41901.pro%2Fen%2Fblock&dt=1xBet&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.optimize_id=GTM-5R4MT54&upn.ref_id=1&tfd=14715

216.239.34.36

204 No Content

0 B

URL POST
region1.analytics.google.com/g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je57g1h2v897130004za200&_p=1752777540891&em=tv.1~em.ODS1igyfeIhzOTHENqwIfH1sb8t0oxg8FT6iY2YCmeo&_gaz=1&gcd=13l3lPl2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684208~104684211~104732253~104732255~104908321~104908323~104964065~104964067~104967141~104967143&cid=1445409514.1752777541&ecid=752955195&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&ec_mode=a&_s=1&sid=1752777541&sct=1&seg=0&dl=https%3A%2F%2F1xlite-41901.pro%2Fen%2Fblock&dt=1xBet&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.optimize_id=GTM-5R4MT54&upn.ref_id=1&tfd=14715
IP
216.239.34.36:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-41901.pro/en/block
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint3A:12:37:38:16:E5:9F:51:4E:B7:1D:5F:1F:C0:84:BB:92:EA:9E:20
ValidityMon, 23 Jun 2025 08:40:16 GMT - Mon, 15 Sep 2025 08:40:15 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je57g1h2v897130004za200&_p=1752777540891&em=tv.1~em.ODS1igyfeIhzOTHENqwIfH1sb8t0oxg8FT6iY2YCmeo&_gaz=1&gcd=13l3lPl2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684208~104684211~104732253~104732255~104908321~104908323~104964065~104964067~104967141~104967143&cid=1445409514.1752777541&ecid=752955195&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&ec_mode=a&_s=1&sid=1752777541&sct=1&seg=0&dl=https%3A%2F%2F1xlite-41901.pro%2Fen%2Fblock&dt=1xBet&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.optimize_id=GTM-5R4MT54&upn.ref_id=1&tfd=14715 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-41901.pro/
Origin: https://1xlite-41901.pro
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: https://1xlite-41901.pro
date: Thu, 17 Jul 2025 18:39:01 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:158:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsggc:158:0
report-to: {"group":"ascnsrsggc:158:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:158:0"}],}
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

POST region1.analytics.google.com/g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je57g1h2v897130004za200&_p=1752777540891&gcd=13l3lPl2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684208~104684211~104732253~104732255~104908321~104908323~104964065~104964067~104967141~104967143&cid=1445409514.1752777541&ecid=752955195&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_eu=AEAAAAQ&_s=2&sid=1752777541&sct=1&seg=0&dl=https%3A%2F%2F1xlite-41901.pro%2Fen%2Fblock&dt=1xBet&en=scroll&ep.optimize_id=GTM-5R4MT54&epn.percent_scrolled=90&tfd=19768

216.239.34.36

204 No Content

0 B

URL POST
region1.analytics.google.com/g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je57g1h2v897130004za200&_p=1752777540891&gcd=13l3lPl2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684208~104684211~104732253~104732255~104908321~104908323~104964065~104964067~104967141~104967143&cid=1445409514.1752777541&ecid=752955195&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_eu=AEAAAAQ&_s=2&sid=1752777541&sct=1&seg=0&dl=https%3A%2F%2F1xlite-41901.pro%2Fen%2Fblock&dt=1xBet&en=scroll&ep.optimize_id=GTM-5R4MT54&epn.percent_scrolled=90&tfd=19768
IP
216.239.34.36:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-41901.pro/en/block
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint3A:12:37:38:16:E5:9F:51:4E:B7:1D:5F:1F:C0:84:BB:92:EA:9E:20
ValidityMon, 23 Jun 2025 08:40:16 GMT - Mon, 15 Sep 2025 08:40:15 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je57g1h2v897130004za200&_p=1752777540891&gcd=13l3lPl2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684208~104684211~104732253~104732255~104908321~104908323~104964065~104964067~104967141~104967143&cid=1445409514.1752777541&ecid=752955195&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_eu=AEAAAAQ&_s=2&sid=1752777541&sct=1&seg=0&dl=https%3A%2F%2F1xlite-41901.pro%2Fen%2Fblock&dt=1xBet&en=scroll&ep.optimize_id=GTM-5R4MT54&epn.percent_scrolled=90&tfd=19768 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-41901.pro/
Origin: https://1xlite-41901.pro
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/3 204 No Content
access-control-allow-origin: https://1xlite-41901.pro
date: Thu, 17 Jul 2025 18:39:06 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:158:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsggc:158:0
report-to: {"group":"ascnsrsggc:158:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:158:0"}],}
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET v3.traincdn.com/genfiles/site-admin/colors/1d460dd6668d3a7fae9466949edb033f.css

185.244.209.62

200 OK

40 kB

URL GET
v3.traincdn.com/genfiles/site-admin/colors/1d460dd6668d3a7fae9466949edb033f.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-41901.pro/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with very long lines (40085), with no line terminators
Size
40 kB (40085 bytes)
Hash
1d460dd6668d3a7fae9466949edb033f
b7c34ce1f8e6b8f9b8e8b523a66a20cee075a49b
3bdb068a33276a91b91ae2e4a92ab384919205dc0951d07763608d2053cd8380

HTTP Headers

GET /genfiles/site-admin/colors/1d460dd6668d3a7fae9466949edb033f.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-41901.pro/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 17 Jul 2025 18:38:50 GMT
content-type: text/css
traceparent: 00-afe48a7fcb229786c53913dc8663bb59-4f8b8838b8d1d5ca-01
last-modified: Wed, 16 Jul 2025 14:05:21 GMT
etag: W/"1d460dd6668d3a7fae9466949edb033f"
cache-control: max-age=3600
content-encoding: gzip
expires: Wed, 16 Jul 2025 15:14:07 GMT
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 871
cache: HIT
x-cached-since: 2025-07-17T18:24:19+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/shared-assets/__shared_chunk_7HDOEZTP.js

185.244.209.62

200 OK

1.2 kB

URL GET
v3.traincdn.com/sys-static/shared-assets/__shared_chunk_7HDOEZTP.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-41901.pro/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (1193)
Size
1.2 kB (1194 bytes)
Hash
7e76c08e7f16815131a5f13a10c1efba
5f800877b78a0713157fe119bc1a2d9a260f72e1
c6f29a0c7c3ed884ccffd7a529fd2fc599e2da1f31af658146f0e36a3f4c00dc

HTTP Headers

GET /sys-static/shared-assets/__shared_chunk_7HDOEZTP.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-41901.pro
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 17 Jul 2025 18:38:50 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-a1bb0189f5571b8bdc4bd84a533b907d-2d5b421167ebf7bb-01
last-modified: Thu, 17 Jul 2025 07:58:22 GMT
etag: W/"7e76c08e7f16815131a5f13a10c1efba"
x-amz-meta-mtime: 1752738872.223956139
content-encoding: gzip
expires: Fri, 18 Jul 2025 08:09:29 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 36971
cache: HIT
x-cached-since: 2025-07-17T08:22:39+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/shared-assets/__shared_vue_deps_DYMTJONH.js

185.244.209.62

200 OK

19 kB

URL GET
v3.traincdn.com/sys-static/shared-assets/__shared_vue_deps_DYMTJONH.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-41901.pro/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (19034)
Size
19 kB (19175 bytes)
Hash
1580a3cfe81fd30910a49dfe64cc8e7b
314144dc49595482ba46c0b85b38d5f73ef73a7b
8989a021d20f0fc08c43966a287cbd99e43142a5a0ff42eb232756a101de6035

HTTP Headers

GET /sys-static/shared-assets/__shared_vue_deps_DYMTJONH.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-41901.pro
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 17 Jul 2025 18:38:51 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-4cf487d5893f14fc3b6fee63440ffb1d-e97e2b19c7a3172b-01
last-modified: Thu, 17 Jul 2025 12:39:36 GMT
etag: W/"1580a3cfe81fd30910a49dfe64cc8e7b"
x-amz-meta-mtime: 1752755840.02813022
content-encoding: gzip
expires: Fri, 18 Jul 2025 14:31:41 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 14830
cache: HIT
x-cached-since: 2025-07-17T14:31:41+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/233d6516d0.js

185.244.209.62

200 OK

3.8 kB

URL GET
v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/233d6516d0.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-41901.pro/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (3802)
Size
3.8 kB (3805 bytes)
Hash
5f81df557d39d1978b9e69bc6234b769
afd789007fef0f81b9acf83a8614e5c7e3c19b51
0dfc8424d610d5cf652ef22801e7d26bc97f3b2a1a4c58834e97d17ebe066d8b

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/233d6516d0.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-41901.pro
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 17 Jul 2025 18:38:51 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-9f5319552375f891783772a9a9fb81a8-25e1300b32db7086-01
last-modified: Wed, 16 Jul 2025 08:21:14 GMT
etag: W/"5f81df557d39d1978b9e69bc6234b769"
x-amz-meta-mtime: 1752653611.102586244
content-encoding: gzip
expires: Thu, 17 Jul 2025 08:24:04 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 36567
cache: HIT
x-cached-since: 2025-07-17T08:29:24+00:00
X-Firefox-Spdy: h2

GET 1xlite-41901.pro/bff-api/config/group/get?groups=d.technical&lang=en

178.253.36.54

200 OK

754 B

URL GET
1xlite-41901.pro/bff-api/config/group/get?groups=d.technical&lang=en
IP
178.253.36.54:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-41901.pro/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-41901.pro
Fingerprint9E:6C:E0:D2:D8:86:8E:88:51:60:C2:53:C9:3A:3B:37:9C:86:E3:AA
ValidityThu, 10 Jul 2025 12:53:00 GMT - Wed, 08 Oct 2025 12:52:59 GMT

File type
JSON text data
Size
754 B (754 bytes)
Hash
60ee620042b4b174bd74a6f5cbe8eeb1
b101858901acf172addb4af9da6ce5f9ccfb4950
c828b823f876a5cd928b8f1ace153e5798af10c3c99f17839b1dab50e8cb891b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bff-api/config/group/get?groups=d.technical&lang=en HTTP/1.1
Host: 1xlite-41901.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-41901.pro/en/block
content-type: application/json
x-requested-with: XMLHttpRequest
is-srv: false
x-svc-source: __TECHNICAL_PAGES_APP__
x-app-n: __TECHNICAL_PAGES_APP__
x-geoip2-country-code: ru
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_224327m_14517c_%5B%5DMS%5B%5Dnull%5B%5DSmartCPM%5B%5Dgeneral%5B%5D4378168_d28985_l18201_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_224327m_14517c_%5B%5DMS%5B%5Dnull%5B%5DSmartCPM%5B%5Dgeneral%5B%5D4378168_d28985_l18201_clickunder; auid=sv0kNmh5QzeT/2blAyUDAg==; window_width=1920; che_g=f7975d73-f18e-a744-9292-491927bf1e2b
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 17 Jul 2025 18:38:51 GMT
content-type: application/json
content-length: 754
cache-control: no-cache, private
server-timing: dt_total;dur=0.105, bff;dur=8.39, wf-uht;dur=0.023
x-dt: 1222
x-pod: R-cpxxw
x-time-ng: 0.010
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/190a8485/desktop/default/analytics-b7a3986a.js

185.244.209.62

200 OK

7.1 kB

URL GET
v3.traincdn.com/main-static/190a8485/desktop/default/analytics-b7a3986a.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-41901.pro/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (7104), with no line terminators
Size
7.1 kB (7104 bytes)
Hash
c9e8dfbeb71861e1be64e13c3885d35e
99bacc35ff8c99aceae982440f90d562f6aab961
b0e2d167084522273a17c8ff2a2adc88736deabf9f4a5bc254a656ebcdbe435a

HTTP Headers

GET /main-static/190a8485/desktop/default/analytics-b7a3986a.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-41901.pro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 17 Jul 2025 18:39:00 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-22893eeb5aa8530319306543208bbcbc-b594d8e0814b0d73-01
last-modified: Thu, 17 Jul 2025 10:59:54 GMT
etag: W/"c9e8dfbeb71861e1be64e13c3885d35e"
x-amz-meta-mtime: 1752749990.147371224
content-encoding: gzip
expires: Fri, 18 Jul 2025 11:16:01 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 26531
cache: HIT
x-cached-since: 2025-07-17T11:16:49+00:00
X-Firefox-Spdy: h2

POST 1xlite-41901.pro/hd-api/external/verify

178.253.36.54

200 OK

742 B

URL POST
1xlite-41901.pro/hd-api/external/verify
IP
178.253.36.54:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-41901.pro/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-41901.pro
Fingerprint9E:6C:E0:D2:D8:86:8E:88:51:60:C2:53:C9:3A:3B:37:9C:86:E3:AA
ValidityThu, 10 Jul 2025 12:53:00 GMT - Wed, 08 Oct 2025 12:52:59 GMT

File type
JSON text data
Size
742 B (742 bytes)
Hash
2c681e0dbf8098802f524e98679eb7de
7139e7d3a3d0fcba59640f78d50d3661112305e4
8b1cd6afe41ca7b38f9be02b4bad600916a8be757208b25492263ddc4c9fff41

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /hd-api/external/verify HTTP/1.1
Host: 1xlite-41901.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-41901.pro/en/block
Content-Type: text/plain;charset=UTF-8
Content-Length: 108801
Origin: https://1xlite-41901.pro
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_224327m_14517c_%5B%5DMS%5B%5Dnull%5B%5DSmartCPM%5B%5Dgeneral%5B%5D4378168_d28985_l18201_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_224327m_14517c_%5B%5DMS%5B%5Dnull%5B%5DSmartCPM%5B%5Dgeneral%5B%5D4378168_d28985_l18201_clickunder; auid=sv0kNmh5QzeT/2blAyUDAg==; window_width=1280; che_g=f7975d73-f18e-a744-9292-491927bf1e2b; SESSION=ed2185a33122d563e29932f9d57150e3
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 17 Jul 2025 18:39:01 GMT
content-type: application/json
content-length: 608
content-encoding: gzip
vary: Accept-Encoding
x-dt: 1222
x-request-guid: fe0dd9e0f3ed2065311c9239f210f18a
x-time-ng: 0.131
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.092, wf-uht;dur=0.185
X-Firefox-Spdy: h2

POST 1xlite-41901.pro/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/ab.json

178.253.36.54

200 OK

2 B

URL POST
1xlite-41901.pro/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/ab.json
IP
178.253.36.54:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-41901.pro/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-41901.pro
Fingerprint9E:6C:E0:D2:D8:86:8E:88:51:60:C2:53:C9:3A:3B:37:9C:86:E3:AA
ValidityThu, 10 Jul 2025 12:53:00 GMT - Wed, 08 Oct 2025 12:52:59 GMT

File type
JSON text data
Size
2 B (2 bytes)
Hash
d751713988987e9331980363e24189ce
97d170e1550eee4afc0af065b78cda302a97674c
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/ab.json HTTP/1.1
Host: 1xlite-41901.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-41901.pro/en/block
Content-Type: application/json
X-Lang: en
X-Uuid: cfd2f2cf-1006-4e6a-9047-7ec510fd60c2
Content-Length: 19
Origin: https://1xlite-41901.pro
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_224327m_14517c_%5B%5DMS%5B%5Dnull%5B%5DSmartCPM%5B%5Dgeneral%5B%5D4378168_d28985_l18201_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_224327m_14517c_%5B%5DMS%5B%5Dnull%5B%5DSmartCPM%5B%5Dgeneral%5B%5D4378168_d28985_l18201_clickunder; postback_watcher=; auid=sv0kNmh5QzeT/2blAyUDAg==
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 17 Jul 2025 18:38:50 GMT
content-type: application/json
content-length: 2
x-dt: 1222
x-time-ng: 0.001
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.115, wf-uht;dur=0.013
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-1222/desktop/media_asset/dc449a632d8e1d5b242e881827329e73.json

185.244.209.62

200 OK

7.3 kB

URL GET
v3.traincdn.com/genfiles/cms/1-1222/desktop/media_asset/dc449a632d8e1d5b242e881827329e73.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-41901.pro/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
7.3 kB (7321 bytes)
Hash
0614058b667e6dfa1cdecc6e0e53131c
4f20f88c436fb5cbd82cf1dcfeaa14e52195a369
be16474b0f19b7536ebdd3d0f8867b151eaa4638411ddb46845f887a5d51a653

HTTP Headers

GET /genfiles/cms/1-1222/desktop/media_asset/dc449a632d8e1d5b242e881827329e73.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-41901.pro/
Origin: https://1xlite-41901.pro
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 17 Jul 2025 18:38:50 GMT
content-type: application/json
traceparent: 00-364c18c46646079360be9baf02da49b5-c27343b257b9f7a3-01
last-modified: Thu, 23 Jan 2025 13:22:29 GMT
etag: W/"0614058b667e6dfa1cdecc6e0e53131c"
content-encoding: gzip
expires: Thu, 17 Jul 2025 19:38:50 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
cache: MISS
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_main/en/dictionary_ba5801319ccd290c39d7b396cf81d929.json

185.244.209.62

200 OK

140 kB

URL GET
v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_main/en/dictionary_ba5801319ccd290c39d7b396cf81d929.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-41901.pro/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
140 kB (139496 bytes)
Hash
1d89c5caf0749b2b128004ae3321ce44
704f833c29445b789897283d0854709ee8e86e92
101a7bfe3cdf45e643357ef2990cd3c1e262fa2fa730451845d227abacff1132

HTTP Headers

GET /genfiles/web-app-v2/dictionary2/v3_main/en/dictionary_ba5801319ccd290c39d7b396cf81d929.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-41901.pro/
Origin: https://1xlite-41901.pro
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 17 Jul 2025 18:38:50 GMT
content-type: application/json; charset=utf-8
traceparent: 00-dff2b407ef51519cf5f108697de8ab38-cdfd91fb601b1571-01
last-modified: Thu, 17 Jul 2025 16:07:48 GMT
etag: W/"1d89c5caf0749b2b128004ae3321ce44"
cache-control: max-age=3600
content-encoding: gzip
expires: Thu, 17 Jul 2025 17:34:04 GMT
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 234
cache: HIT
x-cached-since: 2025-07-17T18:34:56+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-1222/desktop/media_asset/b91ef5d157928b371bf4a4e47786ab59.json

185.244.209.62

200 OK

182 B

URL GET
v3.traincdn.com/genfiles/cms/1-1222/desktop/media_asset/b91ef5d157928b371bf4a4e47786ab59.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-41901.pro/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
182 B (182 bytes)
Hash
0a64a07e9a34e8a5b5e97e80a10888c5
82545cbc39b7dcc031dd10dea841a0b3698243d6
7201497e7e8cdf9d35bf6998e43dcde5feea535f9828ce3ee98785781016126c

HTTP Headers

GET /genfiles/cms/1-1222/desktop/media_asset/b91ef5d157928b371bf4a4e47786ab59.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-41901.pro/
Origin: https://1xlite-41901.pro
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 17 Jul 2025 18:38:50 GMT
content-type: application/json
content-length: 182
traceparent: 00-41f246753d3350a645f18cef3382aeac-c2257babce5aad65-01
last-modified: Thu, 27 Feb 2025 08:56:40 GMT
etag: "0a64a07e9a34e8a5b5e97e80a10888c5"
expires: Wed, 16 Jul 2025 08:16:44 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
cache: REVALIDATED
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/190a8485/desktop/default/DC-91ef4e0e.js

185.244.209.62

200 OK

2.7 kB

URL GET
v3.traincdn.com/main-static/190a8485/desktop/default/DC-91ef4e0e.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-41901.pro/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (2656), with no line terminators
Size
2.7 kB (2656 bytes)
Hash
d89cdfa33534b217cd72c431f203b494
10bdddc449e29d097e1a3571580657d197e029fc
d9e65032547a90fb16de5c8e4477252c62961d74ab72e0f4fcfd183933068806

HTTP Headers

GET /main-static/190a8485/desktop/default/DC-91ef4e0e.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-41901.pro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 17 Jul 2025 18:38:50 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-5110ff5e22143a510a99ce392b5fb8ef-a093d71454dcf646-01
last-modified: Thu, 17 Jul 2025 10:59:54 GMT
etag: W/"d89cdfa33534b217cd72c431f203b494"
x-amz-meta-mtime: 1752749990.143371186
content-encoding: gzip
expires: Fri, 18 Jul 2025 11:15:53 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 26531
cache: HIT
x-cached-since: 2025-07-17T11:16:39+00:00
X-Firefox-Spdy: h2

POST 1xlite-41901.pro/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json

178.253.36.54

200 OK

23 B

URL POST
1xlite-41901.pro/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json
IP
178.253.36.54:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-41901.pro/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-41901.pro
Fingerprint9E:6C:E0:D2:D8:86:8E:88:51:60:C2:53:C9:3A:3B:37:9C:86:E3:AA
ValidityThu, 10 Jul 2025 12:53:00 GMT - Wed, 08 Oct 2025 12:52:59 GMT

File type
JSON text data
Size
23 B (23 bytes)
Hash
7a2667003b2ec3a8bba9b0b6b51c167a
0a832f4a27eeafb2ce4b8851935c8718b668aed5
b00a4599033e5a502675bd17fb5187c1d6fe23f50c64ac78ecf4fa106f8bf6c2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json HTTP/1.1
Host: 1xlite-41901.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-41901.pro/en/block
Content-Type: application/json
X-Lang: en
X-Uuid: cfd2f2cf-1006-4e6a-9047-7ec510fd60c2
Content-Length: 90
Origin: https://1xlite-41901.pro
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_224327m_14517c_%5B%5DMS%5B%5Dnull%5B%5DSmartCPM%5B%5Dgeneral%5B%5D4378168_d28985_l18201_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_224327m_14517c_%5B%5DMS%5B%5Dnull%5B%5DSmartCPM%5B%5Dgeneral%5B%5D4378168_d28985_l18201_clickunder; postback_watcher=; auid=sv0kNmh5QzeT/2blAyUDAg==; window_width=1280
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 17 Jul 2025 18:38:50 GMT
content-type: application/json
content-length: 23
x-dt: 1222
x-time-ng: 0.001
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.046, wf-uht;dur=0.009
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/shared-assets/Desktop/__shared_c29ed659a5.js

185.244.209.62

200 OK

16 kB

URL GET
v3.traincdn.com/sys-static/shared-assets/Desktop/__shared_c29ed659a5.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-41901.pro/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (16156)
Size
16 kB (16157 bytes)
Hash
b95f2867a4f69c6f87508d4376778ab8
34b733244053bb0634826b593e14e88782e81680
f318dcd075506078ef1811c0a12962c5fed8811ee39cc3c77691a81063e05340

HTTP Headers

GET /sys-static/shared-assets/Desktop/__shared_c29ed659a5.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-41901.pro
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 17 Jul 2025 18:38:50 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-1178d34022de35fcff9acc7cc7e6a1ef-12e71352ef632428-01
last-modified: Thu, 17 Jul 2025 11:20:42 GMT
etag: W/"b95f2867a4f69c6f87508d4376778ab8"
x-amz-meta-mtime: 1752750985.288334091
content-encoding: gzip
expires: Fri, 18 Jul 2025 12:53:43 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 20302
cache: HIT
x-cached-since: 2025-07-17T13:00:28+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-1222/desktop/media_asset/a2e9be8ffc9fe0f1e661d3fc5e68dc63.json

185.244.209.62

200 OK

328 B

URL GET
v3.traincdn.com/genfiles/cms/1-1222/desktop/media_asset/a2e9be8ffc9fe0f1e661d3fc5e68dc63.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-41901.pro/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
328 B (328 bytes)
Hash
4347fc050ebe622e30a7bf78a213b5a0
c05b3b571980b01ff9f07e6adc1c29c58be70bd1
ed1b1193a248bf273141c31b7f74dd1224416b3757e5a71f2e7d579c50d65d57

HTTP Headers

GET /genfiles/cms/1-1222/desktop/media_asset/a2e9be8ffc9fe0f1e661d3fc5e68dc63.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-41901.pro/
Origin: https://1xlite-41901.pro
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 17 Jul 2025 18:38:51 GMT
content-type: application/json
content-length: 328
traceparent: 00-4cd37b611eb0db4405f465938fdaf6e3-97ef6f49ed3085af-01
last-modified: Thu, 27 Feb 2025 10:57:08 GMT
etag: "4347fc050ebe622e30a7bf78a213b5a0"
expires: Wed, 16 Jul 2025 08:16:45 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
cache: REVALIDATED
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2

185.244.209.62

200 OK

64 kB

URL GET
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-41901.pro/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 63920, version 1.0
Size
64 kB (63920 bytes)
Hash
a65527fcb58f66a7cfbc0e6b160538b4
45d260e7fa343401b5bb0df982a014f53e2d253b
fb13c3a1cbac60649b76f7d7f85c1645d35ac69b85ce5f4eb0692505ecc2cd45

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-41901.pro
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 17 Jul 2025 18:38:59 GMT
content-type: font/woff2
content-length: 63920
traceparent: 00-36c62710a675e6bd745b27004c091c47-b645f90e3bb5b04c-01
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "a65527fcb58f66a7cfbc0e6b160538b4"
expires: Wed, 16 Jul 2025 19:36:40 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 1069
cache: HIT
x-cached-since: 2025-07-17T18:21:10+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

POST 1xlite-41901.pro/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json

178.253.36.54

200 OK

23 B

URL POST
1xlite-41901.pro/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json
IP
178.253.36.54:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-41901.pro/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-41901.pro
Fingerprint9E:6C:E0:D2:D8:86:8E:88:51:60:C2:53:C9:3A:3B:37:9C:86:E3:AA
ValidityThu, 10 Jul 2025 12:53:00 GMT - Wed, 08 Oct 2025 12:52:59 GMT

File type
JSON text data
Size
23 B (23 bytes)
Hash
73d7c7f346e99ef0f64970157855e412
666506af3234cadd42203e5928f4a15dd9f53d9b
2792c0ab3ba8879bd03a88c2b640e042c43ea84851a3fc17efa0c661c7b097ca

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json HTTP/1.1
Host: 1xlite-41901.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-41901.pro/en/block
Content-Type: application/json
X-Lang: en
X-Uuid: cfd2f2cf-1006-4e6a-9047-7ec510fd60c2
Content-Length: 109
Origin: https://1xlite-41901.pro
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_224327m_14517c_%5B%5DMS%5B%5Dnull%5B%5DSmartCPM%5B%5Dgeneral%5B%5D4378168_d28985_l18201_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_224327m_14517c_%5B%5DMS%5B%5Dnull%5B%5DSmartCPM%5B%5Dgeneral%5B%5D4378168_d28985_l18201_clickunder; auid=sv0kNmh5QzeT/2blAyUDAg==; window_width=1280; che_g=f7975d73-f18e-a744-9292-491927bf1e2b; SESSION=ed2185a33122d563e29932f9d57150e3; _ga_7JGWL9SV66=GS2.1.s1752777541$o1$g0$t1752777541$j60$l0$h752955195; _ga=GA1.1.1445409514.1752777541
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 17 Jul 2025 18:39:02 GMT
content-type: application/json
content-length: 23
x-dt: 1222
x-time-ng: 0.003
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.006, wf-uht;dur=0.013
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-ui/2.3.273/Desktop/Default/client.css

185.244.209.62

200 OK

646 kB

URL GET
v3.traincdn.com/sys-ui/2.3.273/Desktop/Default/client.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-41901.pro/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
646 kB (645724 bytes)
Hash
a8a44b273c4f19498dfe5dfbe6d66b5f
6d68353f0344e5f497f983d9843493c5cba4416e
3a55dbb30fd14dbf83a9bd142e1a2cdff2008b12994f1e1cea74cd55b2c6792a

HTTP Headers

GET /sys-ui/2.3.273/Desktop/Default/client.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-41901.pro/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 17 Jul 2025 18:38:48 GMT
content-type: text/css; charset=utf-8
traceparent: 00-2ea21957017ad2bc21f84d70ede95d7b-1d2c343418cac7ec-01
last-modified: Fri, 27 Jun 2025 13:38:05 GMT
etag: W/"a8a44b273c4f19498dfe5dfbe6d66b5f"
x-amz-meta-mtime: 1751031482.572809748
content-encoding: gzip
expires: Thu, 03 Jul 2025 09:30:19 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 65941
cache: HIT
x-cached-since: 2025-07-17T00:19:47+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_block_pages/en/dictionary_bc0570f08a28537dc724f4764ecf77e4.json

185.244.209.62

200 OK

2.3 kB

URL GET
v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_block_pages/en/dictionary_bc0570f08a28537dc724f4764ecf77e4.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-41901.pro/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
2.3 kB (2308 bytes)
Hash
7c12ae6fc08684f50822b3eb56779e29
036c726b8b7b2d24f987391101f3e8d1a2a183cf
a2eac45353675c82733192916712b8876c6b038b7bdbddc24df464e38b67cbfd

HTTP Headers

GET /genfiles/web-app-v2/dictionary2/v3_block_pages/en/dictionary_bc0570f08a28537dc724f4764ecf77e4.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-41901.pro/
Origin: https://1xlite-41901.pro
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 17 Jul 2025 18:38:51 GMT
content-type: application/json; charset=utf-8
traceparent: 00-75ba04af65af641d0300e8c6910393c9-16c9e695eb009932-01
last-modified: Tue, 22 Apr 2025 08:06:29 GMT
etag: W/"7c12ae6fc08684f50822b3eb56779e29"
cache-control: max-age=3600
content-encoding: gzip
expires: Tue, 22 Apr 2025 09:26:34 GMT
x-time-ng: 0.001
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 1523
cache: HIT
x-cached-since: 2025-07-17T18:13:28+00:00
X-Firefox-Spdy: h2

GET 1xlite-41901.pro/captcha-api/assets/hunt-captcha.js

178.253.36.54

200 OK

87 kB

URL GET
1xlite-41901.pro/captcha-api/assets/hunt-captcha.js
IP
178.253.36.54:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-41901.pro/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-41901.pro
Fingerprint9E:6C:E0:D2:D8:86:8E:88:51:60:C2:53:C9:3A:3B:37:9C:86:E3:AA
ValidityThu, 10 Jul 2025 12:53:00 GMT - Wed, 08 Oct 2025 12:52:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
87 kB (86579 bytes)
Hash
463ec5b64c24135eb67e671110b5d44b
a7bd6aa5fc80405ffcb6d9e5ad1c51590e00ef7c
117405693cdc1b81d14087d8fd50ecb1709a19fb6d7adb936ef31d7e8f6ab3c7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /captcha-api/assets/hunt-captcha.js HTTP/1.1
Host: 1xlite-41901.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-41901.pro/en/block
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_224327m_14517c_%5B%5DMS%5B%5Dnull%5B%5DSmartCPM%5B%5Dgeneral%5B%5D4378168_d28985_l18201_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_224327m_14517c_%5B%5DMS%5B%5Dnull%5B%5DSmartCPM%5B%5Dgeneral%5B%5D4378168_d28985_l18201_clickunder; auid=sv0kNmh5QzeT/2blAyUDAg==; window_width=1280; che_g=f7975d73-f18e-a744-9292-491927bf1e2b; SESSION=ed2185a33122d563e29932f9d57150e3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 17 Jul 2025 18:38:58 GMT
content-type: text/javascript; charset=utf-8
cache-control: public, max-age=300
content-encoding: br
vary: Accept-Encoding
x-dt: 1222
x-request-id: 0b6e5af1b72c8c0da8c12d1d2a98c0e3
x-time-ng: 0.001
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.005, wf-uht;dur=0.024
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/6293f1a8ca.css

185.244.209.62

200 OK

650 B

URL GET
v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/6293f1a8ca.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-41901.pro/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with very long lines (649)
Size
650 B (650 bytes)
Hash
5d70ac7829c3ae41ce5c0971c798fbcf
9996ce3a09f56d3e37d67fbe7e1efb301ea2f261
0e76b1cd191bd618caea37cb7fb6673d12c7cdff7ea47e939758eda5764a140b

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/6293f1a8ca.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-41901.pro/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 17 Jul 2025 18:38:48 GMT
content-type: text/css; charset=utf-8
content-length: 650
traceparent: 00-0ff9e9e1b114dbb544fb63bb8e467fc3-30ba92f0d03a20cb-01
last-modified: Wed, 16 Jul 2025 08:21:14 GMT
etag: "5d70ac7829c3ae41ce5c0971c798fbcf"
x-amz-meta-mtime: 1752653611.094586072
expires: Thu, 17 Jul 2025 10:52:01 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 27949
cache: HIT
x-cached-since: 2025-07-17T10:52:59+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/190a8485/desktop/default/css/dad7a6e4.css

185.244.209.62

200 OK

41 kB

URL GET
v3.traincdn.com/main-static/190a8485/desktop/default/css/dad7a6e4.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-41901.pro/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with very long lines (40883), with no line terminators
Size
41 kB (40883 bytes)
Hash
f14bcc7510c4f26df7bd2f918d16d8f8
4ef37e2e86bd42557aa87de9f72705873e834412
498a8486a41b0056acc3eade4549254931682bd42d59a8d3636506e9e55f04cc

HTTP Headers

GET /main-static/190a8485/desktop/default/css/dad7a6e4.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-41901.pro/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 17 Jul 2025 18:38:48 GMT
content-type: text/css; charset=utf-8
traceparent: 00-f7d95ca6cb030fa0f51a6f321c1f8fd1-11b520521b29d2f7-01
last-modified: Thu, 17 Jul 2025 10:59:55 GMT
etag: W/"f14bcc7510c4f26df7bd2f918d16d8f8"
x-amz-meta-mtime: 1752749990.151371261
content-encoding: gzip
expires: Fri, 18 Jul 2025 11:15:50 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 26535
cache: HIT
x-cached-since: 2025-07-17T11:16:33+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2

185.244.209.62

200 OK

64 kB

URL GET
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-41901.pro/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 63748, version 1.0
Size
64 kB (63748 bytes)
Hash
6887b6f24414dbc612dbf42ccdc76b70
8068d3abfbc6cbf35b55919da45b1f4d2d136238
fc5c015fc32518f1ed810fa84ca28941eb9d5a3c81acc8df69a4dbbeedef7b0c

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-41901.pro
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 17 Jul 2025 18:38:49 GMT
content-type: font/woff2
content-length: 63748
traceparent: 00-d948947ec8c09db924896fe74c7b06f7-bbfbc7ddf953750d-01
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "6887b6f24414dbc612dbf42ccdc76b70"
expires: Thu, 16 Jan 2025 10:32:14 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 3142
cache: HIT
x-cached-since: 2025-07-17T17:46:27+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/190a8485/desktop/default/vendors/plugins.v-tooltip-5e481844.js

185.244.209.62

200 OK

77 kB

URL GET
v3.traincdn.com/main-static/190a8485/desktop/default/vendors/plugins.v-tooltip-5e481844.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-41901.pro/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65476)
Size
77 kB (76822 bytes)
Hash
fc2b2a119a466518331ef6cae439ef70
ba77237fc8a951dc73ff2526f93423097f991bd6
29b40a2cbdd11dd5656b63c920e1f1566de2b195f7771c38991c0bb7c99d242d

HTTP Headers

GET /main-static/190a8485/desktop/default/vendors/plugins.v-tooltip-5e481844.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-41901.pro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 17 Jul 2025 18:38:49 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-a8e859fa8844bb8101f3c23c93b8ed6c-61e772a98769022a-01
last-modified: Thu, 17 Jul 2025 10:59:54 GMT
etag: W/"fc2b2a119a466518331ef6cae439ef70"
x-amz-meta-mtime: 1752749990.159371336
content-encoding: gzip
expires: Fri, 18 Jul 2025 11:15:52 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 26531
cache: HIT
x-cached-since: 2025-07-17T11:16:38+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/$_$.js

185.244.209.62

200 OK

69 B

URL GET
v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/$_$.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-41901.pro/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
69 B (69 bytes)
Hash
2cdaa92927f02e0b628f1ef4d7dd8caf
9104a2e16ed080b80a42588b8aeb52ebec47ab7a
ef8101ffea52addcdcfcc3a83f96ff2d4613fb3ae6d1c16bbe4852387b73a9db

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/$_$.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-41901.pro
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 17 Jul 2025 18:38:50 GMT
content-type: text/javascript; charset=utf-8
content-length: 69
traceparent: 00-5d127a75327ac501508e7e9304fd1c24-373438f71e3010d8-01
last-modified: Wed, 16 Jul 2025 08:21:14 GMT
etag: "2cdaa92927f02e0b628f1ef4d7dd8caf"
x-amz-meta-mtime: 1752653611.102586244
expires: Thu, 17 Jul 2025 19:46:09 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 82361
cache: HIT
x-cached-since: 2025-07-16T19:46:09+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/shared-assets/__shared_popper_js_E2H7ZPXQ.js

185.244.209.62

200 OK

21 kB

URL GET
v3.traincdn.com/sys-static/shared-assets/__shared_popper_js_E2H7ZPXQ.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-41901.pro/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (21232)
Size
21 kB (21252 bytes)
Hash
3cf0cae38afae9add22f7884e5061231
2a41037501375a439385a76a047876619683418f
322482e3beae5a985d069beea981614510fda90a5df7295b776a324d461fc43d

HTTP Headers

GET /sys-static/shared-assets/__shared_popper_js_E2H7ZPXQ.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-41901.pro
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 17 Jul 2025 18:38:51 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-f0370ca5510b70a7e2916beb19313ca4-55916f99e2ce7bdc-01
last-modified: Thu, 17 Jul 2025 12:39:36 GMT
etag: W/"3cf0cae38afae9add22f7884e5061231"
x-amz-meta-mtime: 1752755840.027130154
content-encoding: gzip
expires: Fri, 18 Jul 2025 14:51:42 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 13629
cache: HIT
x-cached-since: 2025-07-17T14:51:42+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-1222/desktop/media_asset/056a2ad527103201fc119c8bccc74f7a.json

185.244.209.62

200 OK

2.9 kB

URL GET
v3.traincdn.com/genfiles/cms/1-1222/desktop/media_asset/056a2ad527103201fc119c8bccc74f7a.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-41901.pro/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
2.9 kB (2853 bytes)
Hash
f9867cd5bf362d5d518027321410c262
c8152b1f17123f07b027c8ab359062dc5f7c1456
baa9a4f415e8e8b95c2269ac32d20c6850852d9973e47937440e2761a6d8ee65

HTTP Headers

GET /genfiles/cms/1-1222/desktop/media_asset/056a2ad527103201fc119c8bccc74f7a.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-41901.pro/
Origin: https://1xlite-41901.pro
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 17 Jul 2025 18:38:51 GMT
content-type: application/json
traceparent: 00-4461e45a3d9125acfe1df33db909a2df-103c1010efadb78b-01
last-modified: Thu, 05 Jun 2025 12:31:01 GMT
etag: W/"f9867cd5bf362d5d518027321410c262"
content-encoding: gzip
expires: Wed, 16 Jul 2025 08:16:45 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
cache: REVALIDATED
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/c0e02032d1.css

185.244.209.62

200 OK

11 kB

URL GET
v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/c0e02032d1.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-41901.pro/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with very long lines (11072)
Size
11 kB (11073 bytes)
Hash
3d3e04f603cc58802ff96240abbdc3aa
e7e6a5d59c97236922354b40d288736f034a1ce3
611f7a963cd4aa278f1ba51f2401247df8c658929b76bfdce45bec08be83d7bd

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/c0e02032d1.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-41901.pro/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 17 Jul 2025 18:38:48 GMT
content-type: text/css; charset=utf-8
traceparent: 00-d129703746ca4bc2160ad4eedce03cdc-455be4d34b62740c-01
last-modified: Wed, 16 Jul 2025 08:21:14 GMT
etag: W/"3d3e04f603cc58802ff96240abbdc3aa"
x-amz-meta-mtime: 1752653611.10658633
content-encoding: gzip
expires: Fri, 18 Jul 2025 01:03:43 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 63305
cache: HIT
x-cached-since: 2025-07-17T01:03:43+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/190a8485/desktop/default/css/e45d3c54.css

185.244.209.62

200 OK

14 kB

URL GET
v3.traincdn.com/main-static/190a8485/desktop/default/css/e45d3c54.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-41901.pro/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with very long lines (13478), with no line terminators
Size
14 kB (13478 bytes)
Hash
74ac1e9c5cab64b7d31ed8deccbd2659
ed589fe1c672ce7baa4ae8caa2d969d2941c4332
5cbce6d9cbdb897a99ac14285ec6dca35d84382aa1a94cf96e555b5811039dbe

HTTP Headers

GET /main-static/190a8485/desktop/default/css/e45d3c54.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-41901.pro/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 17 Jul 2025 18:38:48 GMT
content-type: text/css; charset=utf-8
traceparent: 00-348602f6fd647d2150fe236545b66efd-c1269fc26b656c3b-01
last-modified: Thu, 17 Jul 2025 10:59:55 GMT
etag: W/"74ac1e9c5cab64b7d31ed8deccbd2659"
x-amz-meta-mtime: 1752749990.151371261
content-encoding: gzip
expires: Fri, 18 Jul 2025 11:15:50 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 26535
cache: HIT
x-cached-since: 2025-07-17T11:16:33+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2

185.244.209.62

200 OK

64 kB

URL GET
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-41901.pro/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 63920, version 1.0
Size
64 kB (63920 bytes)
Hash
a65527fcb58f66a7cfbc0e6b160538b4
45d260e7fa343401b5bb0df982a014f53e2d253b
fb13c3a1cbac60649b76f7d7f85c1645d35ac69b85ce5f4eb0692505ecc2cd45

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-41901.pro
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 17 Jul 2025 18:38:49 GMT
content-type: font/woff2
content-length: 63920
traceparent: 00-77246cfff8281a2d637d7ec23c6ecdf4-ec21ccfcd0e5976e-01
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "a65527fcb58f66a7cfbc0e6b160538b4"
expires: Wed, 16 Jul 2025 19:36:40 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 1059
cache: HIT
x-cached-since: 2025-07-17T18:21:10+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_game/en/dictionary_48d6e4a8c0d06548e82d2443bd994e03.json

185.244.209.62

200 OK

23 kB

URL GET
v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_game/en/dictionary_48d6e4a8c0d06548e82d2443bd994e03.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-41901.pro/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
23 kB (22865 bytes)
Hash
fb6988e5794098b8c4c12064ba2c4a39
1f67751147dc5ee5e6280cdae2527b8b6e28d35a
60a6fa3ffec4fd1056a6ed61345a8181d57692ff9591dd8cea8b04abed0e142c

HTTP Headers

GET /genfiles/web-app-v2/dictionary2/v3_game/en/dictionary_48d6e4a8c0d06548e82d2443bd994e03.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-41901.pro/
Origin: https://1xlite-41901.pro
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 17 Jul 2025 18:38:50 GMT
content-type: application/json; charset=utf-8
traceparent: 00-4a0522bf030edad713cffcc4fe45df5a-2b953f6cb7cfa71a-01
last-modified: Thu, 17 Jul 2025 16:07:48 GMT
etag: W/"0697fb6f120bbaa2e77b2d367bbdada4"
cache-control: max-age=3600
content-encoding: gzip
expires: Thu, 17 Jul 2025 17:34:09 GMT
x-time-ng: 0.001
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 197
cache: HIT
x-cached-since: 2025-07-17T18:35:33+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/190a8485/desktop/default/vendors/app-2a057bc4.js

185.244.209.62

200 OK

941 kB

URL GET
v3.traincdn.com/main-static/190a8485/desktop/default/vendors/app-2a057bc4.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-41901.pro/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (64133)
Size
941 kB (941435 bytes)
Hash
893ce42b3a34ec31c93484a50e958c04
c06e848bb3d5e383dd91e0a68f2676eb801d58ab
116e6d9852ce9d909fa47c1af2f2cc2c6b193be03fc61cb4ca1a14fddd9bf6aa

HTTP Headers

GET /main-static/190a8485/desktop/default/vendors/app-2a057bc4.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-41901.pro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 17 Jul 2025 18:38:49 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-ace12d5410299d2864128cec9f1c2a33-a80900e2c6420598-01
last-modified: Thu, 17 Jul 2025 10:59:54 GMT
etag: W/"893ce42b3a34ec31c93484a50e958c04"
x-amz-meta-mtime: 1752749990.155371299
content-encoding: gzip
expires: Fri, 18 Jul 2025 11:15:51 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 26533
cache: HIT
x-cached-since: 2025-07-17T11:16:36+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/190a8485/desktop/default/vendors/plugins.vue-notification-8d897e1e.js

185.244.209.62

200 OK

13 kB

URL GET
v3.traincdn.com/main-static/190a8485/desktop/default/vendors/plugins.vue-notification-8d897e1e.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-41901.pro/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (12563), with no line terminators
Size
13 kB (12563 bytes)
Hash
fd924054a3b26f452298f24cfe66cd8e
ffd754f3c37a6d442f05ed9ff1c49dc90ba41a66
4ae96bbde50fee55c7a9d48fc6b91b2ef95e692b31517bd100d12b32f87ee1ad

HTTP Headers

GET /main-static/190a8485/desktop/default/vendors/plugins.vue-notification-8d897e1e.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-41901.pro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 17 Jul 2025 18:38:50 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-1b5b590875fd7b3012e55b76b61e37d3-f91442c7d0a01f9e-01
last-modified: Thu, 17 Jul 2025 10:59:54 GMT
etag: W/"fd924054a3b26f452298f24cfe66cd8e"
x-amz-meta-mtime: 1752749990.159371336
content-encoding: gzip
expires: Fri, 18 Jul 2025 11:15:52 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 26532
cache: HIT
x-cached-since: 2025-07-17T11:16:38+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/190a8485/desktop/default/vendors/plugins.vue-js-modal-68f6d8af.js

185.244.209.62

200 OK

27 kB

URL GET
v3.traincdn.com/main-static/190a8485/desktop/default/vendors/plugins.vue-js-modal-68f6d8af.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-41901.pro/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (26667), with no line terminators
Size
27 kB (26667 bytes)
Hash
6e3c1d147cd7b7419642af6c4f889a6d
51c940a81be7013202d5b7745959201fbc108e74
0d55cc88b766f0e5deceb32c8391e4167fd5668f3862a264d38aacf0c0542d85

HTTP Headers

GET /main-static/190a8485/desktop/default/vendors/plugins.vue-js-modal-68f6d8af.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-41901.pro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 17 Jul 2025 18:38:50 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-381ae88f56e5fd3e17c86333f99f5e64-68649dfc5ecafd49-01
last-modified: Thu, 17 Jul 2025 10:59:54 GMT
etag: W/"6e3c1d147cd7b7419642af6c4f889a6d"
x-amz-meta-mtime: 1752749990.159371336
content-encoding: gzip
expires: Fri, 18 Jul 2025 11:15:52 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 26532
cache: HIT
x-cached-since: 2025-07-17T11:16:38+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/site-admin/css_vars/29b5cda95fa390c124de39b6aeca6d24.css

185.244.209.62

200 OK

46 B

URL GET
v3.traincdn.com/genfiles/site-admin/css_vars/29b5cda95fa390c124de39b6aeca6d24.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-41901.pro/en/block
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
46 B (46 bytes)
Hash
29b5cda95fa390c124de39b6aeca6d24
46f68f69533c1fdc737eb36e8e7af7672178e610
6021ec0aede22eadcb8401fe945d345202320437c7be01b157f0cb282ebe7c88

HTTP Headers

GET /genfiles/site-admin/css_vars/29b5cda95fa390c124de39b6aeca6d24.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-41901.pro/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 17 Jul 2025 18:38:50 GMT
content-type: text/css
content-length: 46
traceparent: 00-fd5dcfc2197b1928a50b480b8ad9cda0-57f14736e69d9f99-01
last-modified: Thu, 20 Mar 2025 13:29:31 GMT
etag: "29b5cda95fa390c124de39b6aeca6d24"
cache-control: max-age=3600
expires: Sat, 12 Jul 2025 06:36:16 GMT
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 1970
cache: HIT
x-cached-since: 2025-07-17T18:06:00+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET 1xlite-41901.pro/checker/redirect/stat/run/

178.253.36.54

200 OK

14 B

URL GET
1xlite-41901.pro/checker/redirect/stat/run/
IP
178.253.36.54:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-41901.pro/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-41901.pro
Fingerprint9E:6C:E0:D2:D8:86:8E:88:51:60:C2:53:C9:3A:3B:37:9C:86:E3:AA
ValidityThu, 10 Jul 2025 12:53:00 GMT - Wed, 08 Oct 2025 12:52:59 GMT

File type
JSON text data
Size
14 B (14 bytes)
Hash
2de0d0acfd684235f066bd0ec0c9e3df
68d0cb64805a42d7e40f43e8e198986b43dd6b69
9682f312f23e078bb135f23ea5a178b178e75c02d33672f20044d18c6d258928

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /checker/redirect/stat/run/ HTTP/1.1
Host: 1xlite-41901.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-41901.pro/en/block
content-type: application/json
x-requested-with: XMLHttpRequest
x-app-n: v3-nuxt2
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_224327m_14517c_%5B%5DMS%5B%5Dnull%5B%5DSmartCPM%5B%5Dgeneral%5B%5D4378168_d28985_l18201_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_224327m_14517c_%5B%5DMS%5B%5Dnull%5B%5DSmartCPM%5B%5Dgeneral%5B%5D4378168_d28985_l18201_clickunder; postback_watcher=; auid=sv0kNmh5QzeT/2blAyUDAg==; window_width=1280; che_g=f7975d73-f18e-a744-9292-491927bf1e2b
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 17 Jul 2025 18:38:50 GMT
content-type: application/json
content-length: 14
x-time-ng: 0.001
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.010
X-Firefox-Spdy: h2

GET 1xlite-41901.pro/hd-api/external/019819ae-bc82-7bba-a135-95d38d15c9b4.js

178.253.36.54

200 OK

300 kB

URL GET
1xlite-41901.pro/hd-api/external/019819ae-bc82-7bba-a135-95d38d15c9b4.js
IP
178.253.36.54:443
ASN
#202492 Silverhill Group Holding Ltd

Requested by
https://1xlite-41901.pro/en/block
Certificate
IssuerLet's Encrypt
Subject1xlite-41901.pro
Fingerprint9E:6C:E0:D2:D8:86:8E:88:51:60:C2:53:C9:3A:3B:37:9C:86:E3:AA
ValidityThu, 10 Jul 2025 12:53:00 GMT - Wed, 08 Oct 2025 12:52:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
300 kB (300089 bytes)
Hash
bedd88fb9841f2bf123b9fbf94da3abd
cf8ceb9722dcdc859db39128a8093ea215bd65da
bbb96312b95ccb71d0bdd0b5183c29b5199ba37989225f4b2ebaae181c6de9dc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hd-api/external/019819ae-bc82-7bba-a135-95d38d15c9b4.js HTTP/1.1
Host: 1xlite-41901.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-41901.pro/en/block
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22s_224327m_14517c_%5B%5DMS%5B%5Dnull%5B%5DSmartCPM%5B%5Dgeneral%5B%5D4378168_d28985_l18201_clickunder%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=s_224327m_14517c_%5B%5DMS%5B%5Dnull%5B%5DSmartCPM%5B%5Dgeneral%5B%5D4378168_d28985_l18201_clickunder; auid=sv0kNmh5QzeT/2blAyUDAg==; window_width=1280; che_g=f7975d73-f18e-a744-9292-491927bf1e2b; SESSION=ed2185a33122d563e29932f9d57150e3
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 17 Jul 2025 18:38:58 GMT
content-type: text/javascript; charset=utf-8
cache-control: private, max-age=0, must-revalidate
content-encoding: gzip
vary: Accept-Encoding
x-dt: 1222
x-hd-trace-id: 00edfd79-d876-4fe2-b00d-143e845f5d54
x-request-guid: 36f21687e2a34fc345a4b79a3ff95cb5
x-time-ng: 0.003
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.042, wf-uht;dur=0.026
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (50)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML