Report - refpa3740576.top/l?tag=d_4299502m_1599c_1w

Report Overview

Visited public
2025-05-10 15:46:26
Tags
Submit Tags
URL
refpa3740576.top/l?tag=d_4299502m_1599c_1w_1wkywe&site=4299502&ad=1599
Finishing URL
1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
IP / ASN
178.253.15.167
#202492 Silverhill Group Holding Ltd
Title
1xBet

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.googletagmanager.com	75	2011-11-11	2012-10-04	2025-05-07	2.1 kB	1.4 MB	142.250.178.104
www.google.com	7	1997-09-15	2015-05-10	2025-05-07	1.9 kB	1.2 kB	142.250.74.68
refpa3740576.top	unknown	2022-08-05	2025-03-04	2025-05-01	538 B	267 kB	178.253.15.167
www.google.no	25607	2001-02-26	2012-06-26	2025-05-07	859 B	580 B	142.250.74.131
1xlite-089702.top	unknown	2024-10-10	2025-05-07	2025-05-07	17 kB	995 kB	83.147.224.6
v3.traincdn.com	unknown	2022-11-10	2022-11-25	2025-05-07	35 kB	6.2 MB	185.244.209.62
region1.analytics.google.com	unknown	1997-09-15	2022-03-17	2025-05-07	2.1 kB	1.7 kB	216.239.32.36
radar.cedexis.com	3035	2009-01-07	2013-11-27	2025-05-07	850 B	1.4 kB	45.54.49.5

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-05-10	medium	1xlite-089702.top	Sinkholed
2025-05-10	medium	1xlite-089702.top	Sinkholed
2025-05-10	medium	1xlite-089702.top	Sinkholed
2025-05-10	medium	1xlite-089702.top	Sinkholed
2025-05-10	medium	1xlite-089702.top	Sinkholed
2025-05-10	medium	1xlite-089702.top	Sinkholed
2025-05-10	medium	1xlite-089702.top	Sinkholed
2025-05-10	medium	1xlite-089702.top	Sinkholed
2025-05-10	medium	1xlite-089702.top	Sinkholed
2025-05-10	medium	1xlite-089702.top	Sinkholed
2025-05-10	medium	1xlite-089702.top	Sinkholed
2025-05-10	medium	1xlite-089702.top	Sinkholed
2025-05-10	medium	1xlite-089702.top	Sinkholed
2025-05-10	medium	1xlite-089702.top	Sinkholed
2025-05-10	medium	1xlite-089702.top	Sinkholed
2025-05-10	medium	1xlite-089702.top	Sinkholed
2025-05-10	medium	1xlite-089702.top	Sinkholed
2025-05-10	medium	1xlite-089702.top	Sinkholed

ThreatFox

No alerts detected

JavaScript (55)

	URL	From	Size	First Seen	Last Seen
	v3.traincdn.com/sys-static/shared-assets/__shared_fast_deep_equal_4DKQVMAE.js	ImportedModule	865 B	2025-03-21	2025-05-20
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_fast_deep_equal_4DKQVMAE.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-03-21 03:26 Last Seen2025-05-20 22:14 Times Seen247 Hash b83f09e2c933f2aafd2e97f88f23d81f c5c5ff5f8b7cd801781559b42c365a16e6839800 f584585b1dce860bf95b8270b60680af7022244f6723ed8f01fe3967780c6aae Loading...

	1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4	Eval	4 B	2023-03-07	2025-07-17
Pretty URL 1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4 IP 83.147.224.6 ASN #0 Introduced by eval Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-07-17 07:32 Times Seen418651 Hash 9e925e9341b490bfd3b4c4ca3b0c1ef2 c2543fff3bfa6f144c2f06a7de6cd10c0b650cae 1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408 Loading...

	www.googletagmanager.com/gtm.js?id=GTM-KFGPRJ2V	ScriptElement	331 kB	2025-05-10	2025-05-11
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-KFGPRJ2V IP 142.250.178.104 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-10 15:46 Last Seen2025-05-11 02:04 Times Seen2 Hash e5d149d40571a2c94e4547f51081fd54 bc67042c841fd93f6ab78620d181d9c9545e11b5 4771841227d62b2be8025337319b8361534be51420d2e01fe4b70ed35f04aee8 Loading...

	data:text/javascript,export const meta = import.meta;	ScriptElement	32 B	2023-12-06	2025-07-17
Pretty URL data:text/javascript,export const meta = import.meta; IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-06 14:32 Last Seen2025-07-17 06:07 Times Seen3887 Hash 6d772b7d405b447ecee54ab61cdd5108 dd65fb9cd5a7cb94a40fe161f4f72303a61eb3b7 b90ff694e492935b6036fb7e878d365dab51aafa46f0afb1e33414e7ecc3307b Loading...

	1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4	DomTimer	10 B	2024-09-21	2025-07-17
Pretty URL 1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4 IP 83.147.224.6 ASN #0 Introduced by domTimer Embedded in HTML false Observations First Seen2024-09-21 15:04 Last Seen2025-07-17 06:07 Times Seen1924 Hash 01f4b51b4ba7edd00ad9f0a22259f06e 00723d0eda4be61a7b1c542b0a08a94a94a60017 9fdac1c31a22f55dbb8ca225ee28c3f7e88b41cce82968af0018c9f8b3bd35ba Loading...

	1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4	Eval	2.6 kB	2025-05-01	2025-05-12
Pretty URL 1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4 IP 83.147.224.6 ASN #0 Introduced by eval Embedded in HTML false Observations First Seen2025-05-01 07:19 Last Seen2025-05-12 21:07 Times Seen32 Hash 9531ea3342e4a40f60f37c503974da29 b749b70f9c9fc73296282a90265d89d65419be9e b865ed67dc093e5a597e6df8e8f0d829ca0635b93efbd86301faf7b553235b5e Loading...

	v3.traincdn.com/main-static/62ddcac7/desktop/default/Betting.Core-e26aeba3.js	ScriptElement	2.1 kB	2025-05-10	2025-05-12
Pretty URL v3.traincdn.com/main-static/62ddcac7/desktop/default/Betting.Core-e26aeba3.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-10 00:11 Last Seen2025-05-12 09:47 Times Seen24 Hash ad8b702f43e8488b2f83d2591e11cc73 8a0fc892a4f1bb60446fdfb48474e713ab24d012 280be10eba734661bd87ecaf27c95576732e8f196db87a8b1c3402b311cd45be Loading...

	v3.traincdn.com/sys-static/shared-assets/Desktop/__shared_base-app_210b6fa8a8.js	ImportedModule	799 kB	2025-05-01	2025-05-12
Pretty URL v3.traincdn.com/sys-static/shared-assets/Desktop/__shared_base-app_210b6fa8a8.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-05-01 07:19 Last Seen2025-05-12 21:07 Times Seen33 Hash b388efb9d1e0486ae5f4eefc048c6f92 312d9a68daac4023901700e92fd94786348c6926 8c5a3904a9ea820b8dc76874370cd5f6b773885167b63b2ed97d39ff33aaaa12 Loading...

	v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/dcaabc3ceb.js	ImportedModule	1.4 kB	2025-05-01	2025-05-12
Pretty URL v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/dcaabc3ceb.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-05-01 07:19 Last Seen2025-05-12 21:07 Times Seen32 Hash 591d7722db1b5815dd0d05ae7ad107de 15b9a49d4409c9e572501ef6310a5d2a898b8965 482f8c939facba54f795ae64b55d1861aff8e237817b2c9145b229d4f86cfb29 Loading...

	v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/e3ac97c990.js	ImportedModule	2.0 kB	2025-05-01	2025-05-12
Pretty URL v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/e3ac97c990.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-05-01 07:19 Last Seen2025-05-12 21:07 Times Seen32 Hash 633a23ac8f2994574a7c8d19f46eee33 70865c9a4e87ef719dfbfb98063b831f92b09994 fb0d2c002aff9eabf98e91ef9b237795503911ddfa40fce737a0dc851d385d8d Loading...

	v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/3391a1bcde.js	ImportedModule	134 B	2025-05-01	2025-05-12
Pretty URL v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/3391a1bcde.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-05-01 07:19 Last Seen2025-05-12 21:07 Times Seen32 Hash 9cab00381884409f22ed5881f2c6b94e 6cb9dc6ad9f587cac210658052275cc905a83a47 3d2a785e69f540de179b22dc081d4a1645cc79b40a9359da6476cc406cdd76a2 Loading...

	v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/20c4fa5118.js	ScriptElement	5.3 kB	2025-05-01	2025-05-12
Pretty URL v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/20c4fa5118.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-01 07:19 Last Seen2025-05-12 21:07 Times Seen32 Hash 8b0f099a7e76b4c927fd26cb53407364 9f6d3e740fc38b6414dba6d949443e6660f00089 d733afd40054ce8437c2bd1c0a72a80cc936d6d85b259228ae7d6378235e87eb Loading...

	1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4	Function	47 B	2023-04-14	2025-07-17
Pretty URL 1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4 IP 83.147.224.6 ASN #0 Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26 Last Seen2025-07-17 07:23 Times Seen6116 Hash a01893d8e129ad16c1e0fc5c7537f411 0e46d1bf2718f848d9d596fa269eaedb31204772 cbe7b89533bcd75b69f3e54807308551d68242ec1761e63bee1a99fc6e560175 Loading...

	1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4	Function	44 B	2023-04-14	2025-07-17
Pretty URL 1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4 IP 83.147.224.6 ASN #0 Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26 Last Seen2025-07-17 07:23 Times Seen6119 Hash 00beb9884d0391b342eadd30744b539a 3124c0bd593822379d22f13d3e08e70a1bf5ea14 92394eec5690449a4f6cfc9a7f97497a69e926b2365cb9a9aad3507a844f835c Loading...

	v3.traincdn.com/main-static/62ddcac7/desktop/default/Page.Block-8205f2da.js	ScriptElement	476 B	2025-05-10	2025-05-12
Pretty URL v3.traincdn.com/main-static/62ddcac7/desktop/default/Page.Block-8205f2da.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-10 00:11 Last Seen2025-05-12 21:07 Times Seen26 Hash e86306810b548e42f2e7815c1b75121d 346bbfd46ceb2300dc259150a11670b68f8281e9 980db9cdb7d3b824645bdf19ae79a9a64b06a38880966b44e9ebe3ec7ee20d71 Loading...

	v3.traincdn.com/main-static/62ddcac7/desktop/default/runtime-b6dc95f8.js	ScriptElement	20 kB	2025-05-10	2025-05-12
Pretty URL v3.traincdn.com/main-static/62ddcac7/desktop/default/runtime-b6dc95f8.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-10 00:11 Last Seen2025-05-12 09:47 Times Seen24 Hash 097e517ba5e727312c8520b55e892e17 34643a5885d3fffb02b6aacd0203d392eb270d37 b66f8a4fdca078113b9b7ce4fdd74bb9c417c167b18f915ee31eec8f72efa489 Loading...

	v3.traincdn.com/main-static/62ddcac7/desktop/default/DC-38482302.js	ScriptElement	2.7 kB	2025-05-10	2025-05-12
Pretty URL v3.traincdn.com/main-static/62ddcac7/desktop/default/DC-38482302.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-10 00:11 Last Seen2025-05-12 21:07 Times Seen26 Hash da38502ad32bc4d042da722f9a083729 5bdc412d09b4cac6348defd5f831903df935bf12 2a0bd746cb4256fc0bf147cf7d1de47011ba12cb22c7ecfdbf7a2472c6371825 Loading...

	v3.traincdn.com/main-static/62ddcac7/desktop/default/vendors/plugins.vue-notification-82d2bba4.js	ScriptElement	13 kB	2025-05-10	2025-05-12
Pretty URL v3.traincdn.com/main-static/62ddcac7/desktop/default/vendors/plugins.vue-notification-82d2bba4.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-10 00:11 Last Seen2025-05-12 21:07 Times Seen26 Hash 80675449a00476e14a2a7d4b74c8fe46 0defece3fd48323a940faeff429b4826ed027b48 dfafa0bbf8b911f1be89941425c7fa9d570e6f4532e8bd4a0192d07696924f33 Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_chunk_KSBWA3N2.js	ImportedModule	610 B	2024-12-07	2025-05-20
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_chunk_KSBWA3N2.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2024-12-07 20:25 Last Seen2025-05-20 22:14 Times Seen572 Hash 464c50409850b3095783d5b3b9a1b00d 7d5c3f49bd0689d72dddceee68afd229f4168ed5 71cbc8847b4abb3782fe515be3e9e1f3fb639f801b337a2a3612616151ec250d Loading...

	1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4	Eval	364 kB	2025-05-10	2025-05-10
Pretty URL 1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4 IP 83.147.224.6 ASN #0 Introduced by eval Embedded in HTML false Observations First Seen2025-05-10 15:46 Last Seen2025-05-10 15:46 Times Seen1 Hash 3d728c5f70a131cdc0e1ded6584fff8d bfc1cc7be77b312b57e92ee977254ce691accd16 127593915c963826c52f8861a3e946b924131f6f58ee223ab4eeb465215a686e Loading...

	radar.cedexis.com/1/23802/radar.js	ScriptElement	390 B	2024-02-13	2025-07-17
Pretty URL radar.cedexis.com/1/23802/radar.js IP 45.54.49.5 ASN #63911 NetActuate, Inc Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-13 14:23 Last Seen2025-07-17 06:07 Times Seen3124 Hash 82dec77fd0353c7c71ce053b8601387e fbbca95419e1d0c042e0a5fdf10f380aca66188c 39f2b7b0fa78d37d0c84d2d6618bd635d86fd683d9bcdd5729850cb2a62522f7 Loading...

	www.googletagmanager.com/gtag/destination?id=AW-16664555628&cx=c&gtm=45He5571v9180563600za200&tag_exp=101509156~103101750~103101752~103116025~103200001~103233424~103251618~103251620~103284320~103284322~103301114~103301116	ScriptElement	332 kB	2025-05-10	2025-05-10
Pretty URL www.googletagmanager.com/gtag/destination?id=AW-16664555628&cx=c&gtm=45He5571v9180563600za200&tag_exp=101509156~103101750~103101752~103116025~103200001~103233424~103251618~103251620~103284320~103284322~103301114~103301116 IP 142.250.178.104 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-10 15:46 Last Seen2025-05-10 15:46 Times Seen1 Hash cf172b95a44d54069d236945fd64317e 37d0d6bdd104d9a49b6be77bdecd26b4b13ec77d 509d8daee352345f3c320bd403d9c61d1921606b6e7a8bd8f6b5b32e896e7a1e Loading...

	1xlite-089702.top/main-static/62ddcac7/check-ob.js	ScriptElement	219 B	2024-07-17	2025-07-17
Pretty URL 1xlite-089702.top/main-static/62ddcac7/check-ob.js IP 83.147.224.6 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-07-17 14:33 Last Seen2025-07-17 06:07 Times Seen2313 Hash c065700c9c8c493403359e1f2baa10d9 4630fe729e70bdf63fa7ba6c84ec277fd1f51030 1e61f0c82ae82ffcf503fcd4b4c8ae27b32c11e19b882d5d13f3c44364c893f4 Loading...

	v3.traincdn.com/main-static/62ddcac7/desktop/default/commons/app-6cee1b54.js	ScriptElement	138 kB	2025-05-10	2025-05-12
Pretty URL v3.traincdn.com/main-static/62ddcac7/desktop/default/commons/app-6cee1b54.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-10 00:11 Last Seen2025-05-12 21:07 Times Seen26 Hash d76951ff0952b11ad5f228dd59e3440c 8e7aa237896f6fa259609de20e31566959afe1c2 56e30a9244acd3ebfa556a91683b65ef46bd00f1a4b4f4086df628abfcd4d2ca Loading...

	v3.traincdn.com/main-static/62ddcac7/desktop/default/vendors/app-9a795df8.js	ScriptElement	1.4 MB	2025-05-10	2025-05-12
Pretty URL v3.traincdn.com/main-static/62ddcac7/desktop/default/vendors/app-9a795df8.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-10 00:11 Last Seen2025-05-12 09:47 Times Seen24 Hash 285c266c7f9d7053d81dc349efcc5564 565528e5e0147f7bc3024427acd093fe10fb3653 5219100382262de7b72e661866c8aa901c679a268057aec0d9bb9f9918153376 Loading...

	v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/entry-d0ce2ba8a2.js	ScriptElement	28 kB	2025-05-01	2025-05-12
Pretty URL v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/entry-d0ce2ba8a2.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-01 07:19 Last Seen2025-05-12 21:07 Times Seen32 Hash feb598e3059a193eccbaa750d5abb764 8e97a33f00c356963a11b44edccad3e720a8f286 71d4552fff174538787abc9e1070b5731e2a8911d019f7e8a143e0448826f2c5 Loading...

	v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/4b4d8dc118.js	ImportedModule	2.5 kB	2025-05-01	2025-05-12
Pretty URL v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/4b4d8dc118.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-05-01 07:19 Last Seen2025-05-12 21:07 Times Seen32 Hash 0b0bfa4e985d164cc8daea3a5d6ba08f ff5a04a41e2e72112766ccbc72878afc6eaa9f79 98bc37db78480c22fbe53878ba6a1c4feb09758f2e98394026e2de232124ddf0 Loading...

	1xlite-089702.top/hd-api/external/assets/hdf.js	ScriptElement	4.1 kB	2024-11-12	2025-05-20
Pretty URL 1xlite-089702.top/hd-api/external/assets/hdf.js IP 83.147.224.6 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-11-12 02:24 Last Seen2025-05-20 22:14 Times Seen708 Hash 2f26a679e9d54a65e6578e947cc5bdf2 1b984864aa7b3e28231ac7cea3c199435dbdc6bf 1e3c4bd81a1cd9ee02e42a42802d5c18cbdb3f3a11c0b2732eb11bd12263020c Loading...

	1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4	Eval	17 B	2025-05-10	2025-05-10
Pretty URL 1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4 IP 83.147.224.6 ASN #0 Introduced by eval Embedded in HTML false Observations First Seen2025-05-10 15:46 Last Seen2025-05-10 15:46 Times Seen1 Hash 614019077aa0c1fa682d275ba2804ed4 e3d8bba5519f7db0885389f7f7c8ff50d1371630 ad79de12ce3678ca19bd8e8acb4a866face86c23404fcfd2ba5cbe38c5bd4e7b Loading...

	1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4	Function	96 B	2023-12-06	2025-07-17
Pretty URL 1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4 IP 83.147.224.6 ASN #0 Introduced by Function Embedded in HTML false Observations First Seen2023-12-06 14:32 Last Seen2025-07-17 06:07 Times Seen3887 Hash 94361ed86ab9b2fbb8d805c2025df46a 3f428332f7a1c7196a85c93a373a966d75708c19 eee4d228a49a86625f29410cf9a23d145e821a09cbb1f7a4d7557d206872715a Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_vue_deps_SVMMEEZF.js	ImportedModule	21 kB	2025-04-23	2025-05-12
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_vue_deps_SVMMEEZF.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-04-23 15:46 Last Seen2025-05-12 21:07 Times Seen64 Hash b3ce9215487c615dbe0e474955e1dd39 64d50e6020e3cdfe3156bf52d46c176dfd098fd9 e3c9c6a51511916a872d65993ad41d579fd580f3dd688335924153613e295d43 Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_localforage_H7M2CI7V.js	ImportedModule	30 kB	2025-03-21	2025-05-20
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_localforage_H7M2CI7V.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-03-21 03:26 Last Seen2025-05-20 22:14 Times Seen247 Hash 8c858b7ed9e89233e182c6824388b15d 72b5da96c3735591317ee5d7a77733f3ee2e4f5b ff626e5d8a3bf634c1577b920a448b6da177e7e0e164a3cce4d270ff78bb7d23 Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_libphonenumber_js_4IISRMA4.js	ImportedModule	159 kB	2025-03-21	2025-05-20
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_libphonenumber_js_4IISRMA4.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-03-21 03:26 Last Seen2025-05-20 22:14 Times Seen247 Hash 4673edf4e262d0703069c59915cde01f da52ee1e0d3f5967a58218500593537f8e33621e 4e24e1b83813d014e5a44217a142123c8f95be42d2a9594b535155630e1adf45 Loading...

	1xlite-089702.top/captcha-api/assets/hunt-captcha.js	ScriptElement	84 kB	2025-05-01	2025-05-15
Pretty URL 1xlite-089702.top/captcha-api/assets/hunt-captcha.js IP 83.147.224.6 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-01 07:13 Last Seen2025-05-15 07:58 Times Seen44 Hash be79c7224b26aecc4360524e88e8b1c8 83823bfb5014be1ff5fd565c182ce625f216a655 82f66c5a82eac3b54409b44f787da4e66a8c0cae1ad18c9685cc75cf604713f4 Loading...

	1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4	Function	47 B	2023-04-14	2025-07-17
Pretty URL 1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4 IP 83.147.224.6 ASN #0 Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26 Last Seen2025-07-17 07:23 Times Seen6117 Hash 580b3e56fc9ab6e8b4655f43ee057cc1 5dfce565e446f4a167195de9a1a5dd26163c711c 446f07b6e56de61d2c2d5b6ba408cc580b492a6d1ede8fc51cfde4ef75a2b382 Loading...

	1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4	ScriptElement	1.7 kB	2025-05-10	2025-05-12
Pretty URL 1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4 IP 83.147.224.6 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2025-05-10 00:11 Last Seen2025-05-12 09:47 Times Seen24 Hash 086a9ac05ff9dceb0cf515a8ce0e861a 69ece56c6ca1596fb0a8579096eaabc51a866041 ec3cf80b61f3273918979154d714886f45b761ba236d45b1d1d8bf69bdab390c Loading...

	1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4	ScriptElement	6.4 kB	2025-05-10	2025-05-12
Pretty URL 1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4 IP 83.147.224.6 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2025-05-10 00:11 Last Seen2025-05-12 09:47 Times Seen22 Hash c3e0d3417d127ec41897faae7b5faba6 16ca71ee96198419ab3767d5c0d6669e9098138b aa9299294490d807cf2cdbd8101def375c16bd2a2fe23b363943635f65597ac7 Loading...

	v3.traincdn.com/main-static/62ddcac7/desktop/default/vendors/plugins.vue-js-modal-aaff7d67.js	ScriptElement	27 kB	2025-05-10	2025-05-12
Pretty URL v3.traincdn.com/main-static/62ddcac7/desktop/default/vendors/plugins.vue-js-modal-aaff7d67.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-10 00:11 Last Seen2025-05-12 21:07 Times Seen26 Hash 75d1d62e02e06c6b8faedd0408117b2c 1ba582191d375b69b70cb623dda679433026f665 9b4fd88e9862002a4c5b5221a9cce532eea7a8ef98e624784e566445d77930f6 Loading...

	v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/cc4c02ced1.js	ImportedModule	1.2 kB	2025-05-01	2025-05-12
Pretty URL v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/cc4c02ced1.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-05-01 07:19 Last Seen2025-05-12 21:07 Times Seen32 Hash 83d01b7d33bd0cecde4dc75bf7168e0b 924cbadc9f0e2d2de7acdeb219fbba16d5dc728a 415861cbe374571907cede8755b222563576bc289fdbd0772798d73c6c39238d Loading...

	v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/753dedb46f.js	ImportedModule	4.0 kB	2025-05-01	2025-05-12
Pretty URL v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/753dedb46f.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-05-01 07:19 Last Seen2025-05-12 21:07 Times Seen32 Hash 054f2c276abe0e3e4e41fa10162572ed 12ca6ac3041d4ce1a37eb62a5f5b17fd191361b9 7624afce7be3aa2aaacc896f53855c44d0f9d6dd2c6f22e03c02d7f5f206a6fa Loading...

	1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4	Function	82 kB	2025-05-01	2025-05-15
Pretty URL 1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4 IP 83.147.224.6 ASN #0 Introduced by Function Embedded in HTML false Observations First Seen2025-05-01 07:13 Last Seen2025-05-15 07:58 Times Seen44 Hash d358975bb9c7717418ccbff9ee446b78 51bb60be36765047e63201cf93011a86047cb857 ed8cab8a726d68bdbe67051581199c8548bd4ee75c3c55eadcd52ded261ddd40 Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_accept_language_parser_FZZ6RWIK.js	ImportedModule	1.3 kB	2025-03-21	2025-05-20
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_accept_language_parser_FZZ6RWIK.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-03-21 03:26 Last Seen2025-05-20 22:14 Times Seen247 Hash fc1c44ae9e4954ae02c484125b7a6a1e 484eb92dd5bb166e7a06c1cf2dce2400bb3055e3 fa015c22854d009fd3436cac0b3958a3616d67d9c633c61d0ae309c114ab9f04 Loading...

	v3.traincdn.com/sys-static/shared-assets/__shared_popper_js_EEH7JIJK.js	ImportedModule	21 kB	2025-03-21	2025-05-20
Pretty URL v3.traincdn.com/sys-static/shared-assets/__shared_popper_js_EEH7JIJK.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-03-21 03:26 Last Seen2025-05-20 22:14 Times Seen247 Hash 65baa1e0e10c3b0e4763d35e76999e25 a21b6807691f637324b24296803e05b64fc4c694 610516103d1262a5c7d3f5481f3f54328723386634607085bf0cfc631ad0ab3f Loading...

	1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4	Function	355 kB	2025-05-10	2025-05-10
Pretty URL 1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4 IP 83.147.224.6 ASN #0 Introduced by Function Embedded in HTML false Observations First Seen2025-05-10 15:46 Last Seen2025-05-10 15:46 Times Seen1 Hash 7bfd47d07a0f396a7895fe0f9bd46c3c 8967c14da01a95eafde275ece27ad977e8309bb9 5b594b97e92205a264201d9c21cc482d38c1a761177ca9a1d15c049b31a59832 Loading...

	1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4	Function	39 B	2023-04-14	2025-07-17
Pretty URL 1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4 IP 83.147.224.6 ASN #0 Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26 Last Seen2025-07-17 07:23 Times Seen6122 Hash bc51ed8c76553717f10d58b2df60fd76 e2d03a8fd8d280074b226c288880f9df299c7cb1 bee994eaf88453f6343ba57571a069054c12c9b4e42f8cbad4f2ad75c7fb264c Loading...

	v3.traincdn.com/main-static/62ddcac7/desktop/default/vendors/plugins.v-tooltip-b5cb60af.js	ScriptElement	77 kB	2025-05-10	2025-05-12
Pretty URL v3.traincdn.com/main-static/62ddcac7/desktop/default/vendors/plugins.v-tooltip-b5cb60af.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-10 00:11 Last Seen2025-05-12 21:07 Times Seen26 Hash d202605644cb1a962c2ea9edfa17418b ad3743f9070fdb9ea7bf2b3b32458ff4a7b45b35 645c7eda5803dd79632d37d9e9ded3b5462329a57ebe4a7c9bbdc471deb9d41d Loading...

	v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/a572c043a1.js	ImportedModule	27 kB	2025-05-01	2025-05-12
Pretty URL v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/a572c043a1.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by importedModule Embedded in HTML false Observations First Seen2025-05-01 07:19 Last Seen2025-05-12 21:07 Times Seen32 Hash 4616600346817a146fab20f3b48d685b 190b06fd9f4b417a26294e440238478e0d305225 9ef9a9d41db770d6ac0f1c385fb3d17688446216b56067099208691afe6640f8 Loading...

	1xlite-089702.top/hd-api/external/apps/c5e31d5915661de4393e3f1489b00ebc4497dd48/api.js	ScriptElement	753 B	2025-02-26	2025-05-20
Pretty URL 1xlite-089702.top/hd-api/external/apps/c5e31d5915661de4393e3f1489b00ebc4497dd48/api.js IP 83.147.224.6 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2025-02-26 21:56 Last Seen2025-05-20 22:14 Times Seen513 Hash f004562bde4d48fb0987e200eb06f3af 6ce4bb1f9a61802bc2b28d084810a6a752af30a6 ba2a7d9626d02a36d5c599c2e0f24594f47e2624d8fa93f6944056722e31f20f Loading...

	www.googletagmanager.com/gtag/destination?id=DC-14030178&cx=c&gtm=45He5571v9180563600za200&tag_exp=101509156~103101750~103101752~103116025~103200001~103233424~103251618~103251620~103284320~103284322~103301114~103301116	ScriptElement	288 kB	2025-05-10	2025-05-10
Pretty URL www.googletagmanager.com/gtag/destination?id=DC-14030178&cx=c&gtm=45He5571v9180563600za200&tag_exp=101509156~103101750~103101752~103116025~103200001~103233424~103251618~103251620~103284320~103284322~103301114~103301116 IP 142.250.178.104 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-10 15:46 Last Seen2025-05-10 15:46 Times Seen1 Hash d9200c9294e58be37ac714b5e79d3ca1 df518cd5e5a72bdf65d157f0d48bd803c03127e2 00d15eca5b3c10fe090deea7ffa9dc49a68f4f2ddf2ad85ede6c0b06b53aec9d Loading...

	1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4	ScriptElement	194 kB	2025-05-10	2025-05-10
Pretty URL 1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4 IP 83.147.224.6 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2025-05-10 15:46 Last Seen2025-05-10 15:46 Times Seen1 Hash a9f2d4fc2007e6edf244e20bddc0709f bd7a0eff1e062845b27350cae603c634aa59dcf7 645d63ad1c83da25fb61dcfa4123bd5f8df13f48c01f3975ebfd61e8e4fcb1b8 Loading...

	v3.traincdn.com/main-static/62ddcac7/desktop/default/app-f96c89dd.js	ScriptElement	512 kB	2025-05-10	2025-05-12
Pretty URL v3.traincdn.com/main-static/62ddcac7/desktop/default/app-f96c89dd.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-10 00:11 Last Seen2025-05-12 09:47 Times Seen24 Hash 0dec2a25c2b968439ab5d1031dc51c64 df48197a9df3f46d7131245416737b508ff97556 167e5558cce31248f259b98aed4a1befbfb20b09a79e12f0f38590c362ee30ed Loading...

	v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/5a5f890255.js	ScriptElement	1.3 kB	2025-05-01	2025-05-12
Pretty URL v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/5a5f890255.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-01 07:19 Last Seen2025-05-12 21:07 Times Seen32 Hash 203e1eb567b6bf51d10aaad1a9dff7b3 d4fd718108c9c573b15464a563978f76a0f26288 4002b63ec36a11d32ef5fc9774702157a2c1c82acb17429c1b42cfb165714399 Loading...

	1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4	Function	34 B	2023-04-14	2025-07-17
Pretty URL 1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4 IP 83.147.224.6 ASN #0 Introduced by Function Embedded in HTML false Observations First Seen2023-04-14 16:26 Last Seen2025-07-17 07:23 Times Seen6129 Hash 7bcdb973ab8af8e24ab11cb554a1ba6e 24e8a10f240f2b06f81d7c173cd0a90606641fc1 916ec4eb9b485eb47f43a17fe212e84e4b72600b45eb6d4588599ad495a57fcd Loading...

	v3.traincdn.com/main-static/62ddcac7/desktop/default/analytics-2a8f5225.js	ScriptElement	7.8 kB	2025-05-10	2025-05-16
Pretty URL v3.traincdn.com/main-static/62ddcac7/desktop/default/analytics-2a8f5225.js IP 185.244.209.62 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-10 00:11 Last Seen2025-05-16 07:45 Times Seen32 Hash a7ab0d3478efff4a7b6dc95b95fd78d0 29fd58ecfad589b7e2324789051fd93f883e8fb1 7952f5f889f4544c562bb59148eb55d0a212f7826843c2c622be04eda26aa490 Loading...

	www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66	ScriptElement	455 kB	2025-05-10	2025-05-10
Pretty URL www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66 IP 142.250.178.104 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-10 15:46 Last Seen2025-05-10 15:46 Times Seen1 Hash 6b1ff18480fa7c88461ea45ad1944031 a3ce4d1fe5c2005e07a2cb65e92cac3310eafcaa 9ece776dc8894694360fb6c35ac3f8878029ce3ff0716cff96492d4b7f1d8c08 Loading...

HTTP Transactions (100)

URL IP Response Size

GET 1xlite-089702.top/bff-api/config/group/get?groups=d.technical&lang=en

83.147.224.6

200 OK

730 B

URL GET
1xlite-089702.top/bff-api/config/group/get?groups=d.technical&lang=en
IP
83.147.224.6:443
ASN
#0

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerLet's Encrypt
Subject1xlite-089702.top
Fingerprint54:B3:E2:1B:47:8C:65:C3:1C:ED:F1:C8:6E:9B:A3:92:BC:94:C0:AF
ValidityTue, 11 Mar 2025 05:20:05 GMT - Mon, 09 Jun 2025 05:20:04 GMT

File type
JSON text data
Size
730 B (730 bytes)
Hash
87ec2701f4efb3b20790e1a967af79be
8c7a33e8de1fadc580287953380b136d261c27f5
add58098a30e646183c0c004afd7cdb345b576ed641263c6b19ab40c18d75395

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bff-api/config/group/get?groups=d.technical&lang=en HTTP/1.1
Host: 1xlite-089702.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
content-type: application/json
x-requested-with: XMLHttpRequest
is-srv: false
x-svc-source: __TECHNICAL_PAGES_APP__
x-app-n: __TECHNICAL_PAGES_APP__
x-geoip2-country-code: ru
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_4299502m_1599c_1w_1wkywe%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_4299502m_1599c_1w_1wkywe; postback_watcher=; auid=U5PgBmgfdLqsu89IAyErAg==; window_width=1920; che_g=55645f11-4340-344c-8034-a6f0583ed4d6
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 10 May 2025 15:46:04 GMT
content-type: application/json
content-length: 730
cache-control: no-cache, private
server-timing: dt_total;dur=0.009, bff;dur=6.25, wf-uht;dur=0.018
x-dt: 285
x-pod: R-sch74
x-time-ng: 0.008
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/e3dd2d416ede1d7659584842878349f6.json

185.244.209.62

200 OK

1.1 kB

URL GET
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/e3dd2d416ede1d7659584842878349f6.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
1.1 kB (1085 bytes)
Hash
338264fc869e8f0b86b0d6c9d92102b0
83b4d35816df0e1486b766251e74d23f28b77824
015355a44429f40dd63b566dd1e9b1b76af3dfa28dcd25a43e82820ba0847b8d

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/e3dd2d416ede1d7659584842878349f6.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-089702.top/
Origin: https://1xlite-089702.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 10 May 2025 15:46:04 GMT
content-type: application/json
traceparent: 00-4fe67bb6516cbaa4a8a1ce5d4b6b112b-7b91926a98c049f8-01
last-modified: Thu, 16 May 2024 19:05:13 GMT
etag: W/"338264fc869e8f0b86b0d6c9d92102b0"
content-encoding: gzip
expires: Thu, 16 Jan 2025 11:19:55 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
cache: REVALIDATED
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/cc4c02ced1.js

185.244.209.62

200 OK

1.2 kB

URL GET
v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/cc4c02ced1.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with very long lines (839)
Size
1.2 kB (1208 bytes)
Hash
83d01b7d33bd0cecde4dc75bf7168e0b
924cbadc9f0e2d2de7acdeb219fbba16d5dc728a
415861cbe374571907cede8755b222563576bc289fdbd0772798d73c6c39238d

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/cc4c02ced1.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-089702.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 10 May 2025 15:46:04 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-72919f89a9f27ee189d56b55f3cf9f5b-8d2623c7903b9c13-01
last-modified: Wed, 30 Apr 2025 07:29:34 GMT
etag: W/"83d01b7d33bd0cecde4dc75bf7168e0b"
x-amz-meta-mtime: 1745997847.069695279
content-encoding: gzip
expires: Thu, 01 May 2025 10:12:31 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 18575
cache: HIT
x-cached-since: 2025-05-10T10:36:29+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/5a5f890255.js

185.244.209.62

200 OK

1.3 kB

URL GET
v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/5a5f890255.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with very long lines (542)
Size
1.3 kB (1299 bytes)
Hash
203e1eb567b6bf51d10aaad1a9dff7b3
d4fd718108c9c573b15464a563978f76a0f26288
4002b63ec36a11d32ef5fc9774702157a2c1c82acb17429c1b42cfb165714399

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/5a5f890255.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-089702.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 10 May 2025 15:46:04 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-e113a4803d7cd3282eb36579fa66cf65-a0de34b715f66776-01
last-modified: Wed, 30 Apr 2025 07:29:34 GMT
etag: W/"203e1eb567b6bf51d10aaad1a9dff7b3"
x-amz-meta-mtime: 1745997847.067695148
content-encoding: gzip
expires: Fri, 02 May 2025 18:31:20 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 75816
cache: HIT
x-cached-since: 2025-05-09T18:42:28+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/8b4e10c31932a559912f415b65fba92c.json

185.244.209.62

200 OK

1.3 kB

URL GET
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/8b4e10c31932a559912f415b65fba92c.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
1.3 kB (1342 bytes)
Hash
499d57f89b2bf5fed52d984d865fd72c
f3dd138886f2c1e257d3ac2214b7e3cba57e56b2
9467cf5576ce2a97d9e44e53915a9c4ae529c134cc1ea5a3c62ea304eebda0c8

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/8b4e10c31932a559912f415b65fba92c.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-089702.top/
Origin: https://1xlite-089702.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 10 May 2025 15:46:04 GMT
content-type: application/json
traceparent: 00-f5e19addbb274f6143141f6366b3c1bc-306a906d73432eef-01
last-modified: Thu, 27 Feb 2025 08:17:13 GMT
etag: W/"499d57f89b2bf5fed52d984d865fd72c"
content-encoding: gzip
expires: Thu, 27 Feb 2025 11:06:29 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
cache: REVALIDATED
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/dcaabc3ceb.js

185.244.209.62

200 OK

1.4 kB

URL GET
v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/dcaabc3ceb.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with very long lines (454)
Size
1.4 kB (1425 bytes)
Hash
591d7722db1b5815dd0d05ae7ad107de
15b9a49d4409c9e572501ef6310a5d2a898b8965
482f8c939facba54f795ae64b55d1861aff8e237817b2c9145b229d4f86cfb29

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/dcaabc3ceb.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-089702.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 10 May 2025 15:46:04 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-567e35fe06e83c6743a873586d645698-35c26de1d00d7611-01
last-modified: Wed, 30 Apr 2025 07:29:34 GMT
etag: W/"591d7722db1b5815dd0d05ae7ad107de"
x-amz-meta-mtime: 1745997847.071695411
content-encoding: gzip
expires: Thu, 01 May 2025 07:34:05 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 27561
cache: HIT
x-cached-since: 2025-05-10T08:06:43+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/753dedb46f.js

185.244.209.62

200 OK

4.0 kB

URL GET
v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/753dedb46f.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (1195)
Size
4.0 kB (3974 bytes)
Hash
054f2c276abe0e3e4e41fa10162572ed
12ca6ac3041d4ce1a37eb62a5f5b17fd191361b9
7624afce7be3aa2aaacc896f53855c44d0f9d6dd2c6f22e03c02d7f5f206a6fa

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/753dedb46f.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-089702.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 10 May 2025 15:46:04 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-5861ac356582186424738cd8ded7c6a9-68608ecef200e3e6-01
last-modified: Wed, 30 Apr 2025 07:29:34 GMT
etag: W/"054f2c276abe0e3e4e41fa10162572ed"
x-amz-meta-mtime: 1745997847.067695148
content-encoding: gzip
expires: Thu, 01 May 2025 07:34:05 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 27561
cache: HIT
x-cached-since: 2025-05-10T08:06:43+00:00
X-Firefox-Spdy: h2

POST region1.analytics.google.com/g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je5571v897130004za200&_p=1746891974122&gcd=13l3lPl2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101509157~103101750~103101752~103116025~103200001~103233427~103251618~103251620~103284320~103284322~103301114~103301116&cid=264750548.1746891975&ecid=2017985883&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_eu=AEAAAAQ&_s=2&sid=1746891974&sct=1&seg=0&dl=https%3A%2F%2F1xlite-089702.top%2Fen%2Fblock%3FredirectedFrom%3Dfebfcfd952501b35ef8ab19b1e78f8b4&dt=1xBet&en=scroll&ep.optimize_id=GTM-5R4MT54&epn.percent_scrolled=90&tfd=18408

216.239.32.36

204 No Content

0 B

URL POST
region1.analytics.google.com/g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je5571v897130004za200&_p=1746891974122&gcd=13l3lPl2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101509157~103101750~103101752~103116025~103200001~103233427~103251618~103251620~103284320~103284322~103301114~103301116&cid=264750548.1746891975&ecid=2017985883&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_eu=AEAAAAQ&_s=2&sid=1746891974&sct=1&seg=0&dl=https%3A%2F%2F1xlite-089702.top%2Fen%2Fblock%3FredirectedFrom%3Dfebfcfd952501b35ef8ab19b1e78f8b4&dt=1xBet&en=scroll&ep.optimize_id=GTM-5R4MT54&epn.percent_scrolled=90&tfd=18408
IP
216.239.32.36:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint02:7D:56:C0:B9:20:0C:27:A4:AC:B9:8F:9D:45:1D:85:2A:30:50:AD
ValidityMon, 21 Apr 2025 08:40:41 GMT - Mon, 14 Jul 2025 08:40:40 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je5571v897130004za200&_p=1746891974122&gcd=13l3lPl2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101509157~103101750~103101752~103116025~103200001~103233427~103251618~103251620~103284320~103284322~103301114~103301116&cid=264750548.1746891975&ecid=2017985883&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_eu=AEAAAAQ&_s=2&sid=1746891974&sct=1&seg=0&dl=https%3A%2F%2F1xlite-089702.top%2Fen%2Fblock%3FredirectedFrom%3Dfebfcfd952501b35ef8ab19b1e78f8b4&dt=1xBet&en=scroll&ep.optimize_id=GTM-5R4MT54&epn.percent_scrolled=90&tfd=18408 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-089702.top/
Origin: https://1xlite-089702.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/3 204 No Content
access-control-allow-origin: https://1xlite-089702.top
date: Sat, 10 May 2025 15:46:19 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:153:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsggc:153:0
report-to: {"group":"ascnsrsggc:153:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:153:0"}],}
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_main/en/dictionary_9e28d5a25826cadfe09af4e9b1545502.json

185.244.209.62

200 OK

136 kB

URL GET
v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_main/en/dictionary_9e28d5a25826cadfe09af4e9b1545502.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
136 kB (135698 bytes)
Hash
b308faa236c024a35a835d31092c05c9
fe3c36036a037207842c64add7939cb7feb45059
f818aac589866a5df2e70bc59bfd76685bba1a80cb83591ab38e000573caa071

HTTP Headers

GET /genfiles/web-app-v2/dictionary2/v3_main/en/dictionary_9e28d5a25826cadfe09af4e9b1545502.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-089702.top/
Origin: https://1xlite-089702.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 10 May 2025 15:46:03 GMT
content-type: application/json; charset=utf-8
traceparent: 00-e1bf9fb5e3710c1c513796f41cb04e59-dba054b42ec14b44-01
last-modified: Thu, 08 May 2025 10:06:13 GMT
etag: W/"b308faa236c024a35a835d31092c05c9"
cache-control: max-age=3600
content-encoding: gzip
expires: Thu, 08 May 2025 11:17:40 GMT
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 3232
cache: HIT
x-cached-since: 2025-05-10T14:52:11+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/8a06d45803d5dab2daf7338e3d600636.json

185.244.209.62

200 OK

22 kB

URL GET
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/8a06d45803d5dab2daf7338e3d600636.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
22 kB (21827 bytes)
Hash
ff5d81879a491bb1cfe091c5817a89b4
2a1d20f61eb8c513b270b8d123e3a9f66c89f808
538bffce9fa55e37a08e6b7f5148f8e7884c02a82b13e8426553061ff2475f90

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/8a06d45803d5dab2daf7338e3d600636.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-089702.top/
Origin: https://1xlite-089702.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 10 May 2025 15:46:03 GMT
content-type: application/json
traceparent: 00-2bd0209def83e0b08dde20ab872dd9b4-5555c5cf7d40413a-01
last-modified: Wed, 16 Apr 2025 13:44:01 GMT
etag: W/"ff5d81879a491bb1cfe091c5817a89b4"
content-encoding: gzip
expires: Wed, 16 Apr 2025 14:52:16 GMT
cache-control: max-age=3600
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 427
cache: HIT
x-cached-since: 2025-05-10T15:38:56+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/60608cbba85ee2e8946c25b55281a0bc.json

185.244.209.62

200 OK

328 B

URL GET
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/60608cbba85ee2e8946c25b55281a0bc.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
328 B (328 bytes)
Hash
4347fc050ebe622e30a7bf78a213b5a0
c05b3b571980b01ff9f07e6adc1c29c58be70bd1
ed1b1193a248bf273141c31b7f74dd1224416b3757e5a71f2e7d579c50d65d57

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/60608cbba85ee2e8946c25b55281a0bc.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-089702.top/
Origin: https://1xlite-089702.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 10 May 2025 15:46:04 GMT
content-type: application/json
content-length: 328
traceparent: 00-75f3ebe6fc0c555f6e8dfe3d98cadd95-86e792ac9a51a897-01
last-modified: Thu, 27 Feb 2025 10:51:50 GMT
etag: "4347fc050ebe622e30a7bf78a213b5a0"
expires: Thu, 27 Feb 2025 12:17:56 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
cache: REVALIDATED
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_express_day/en/dictionary_1971e4038469f37ec9a819d99d5b8f4a.json

185.244.209.62

200 OK

1.1 kB

URL GET
v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_express_day/en/dictionary_1971e4038469f37ec9a819d99d5b8f4a.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
1.1 kB (1129 bytes)
Hash
a3810b04fc93c6b4f295ceb812f9f212
6cff2c69f8e43259380952d6c0df7ba563b7da8d
c1afcca19f61498f21aab6c0ca6b1992f5c8b4baf281dfa14b780ed780035c54

HTTP Headers

GET /genfiles/web-app-v2/dictionary2/v3_express_day/en/dictionary_1971e4038469f37ec9a819d99d5b8f4a.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-089702.top/
Origin: https://1xlite-089702.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 10 May 2025 15:46:03 GMT
content-type: application/json; charset=utf-8
traceparent: 00-72f18192e5782b2aa45f5734d7acc666-897fc888fe68e020-01
last-modified: Fri, 09 May 2025 16:06:27 GMT
etag: W/"a3810b04fc93c6b4f295ceb812f9f212"
cache-control: max-age=3600
content-encoding: gzip
expires: Fri, 09 May 2025 17:11:01 GMT
x-time-ng: 0.001
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 2919
cache: HIT
x-cached-since: 2025-05-10T14:57:24+00:00
X-Firefox-Spdy: h2

POST 1xlite-089702.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json

83.147.224.6

200 OK

23 B

URL POST
1xlite-089702.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json
IP
83.147.224.6:443
ASN
#0

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerLet's Encrypt
Subject1xlite-089702.top
Fingerprint54:B3:E2:1B:47:8C:65:C3:1C:ED:F1:C8:6E:9B:A3:92:BC:94:C0:AF
ValidityTue, 11 Mar 2025 05:20:05 GMT - Mon, 09 Jun 2025 05:20:04 GMT

File type
JSON text data
Size
23 B (23 bytes)
Hash
df1b1f2fa2857305682f271318e79144
ee3b9739e30ea91d27ea76d09d993784b61f61f3
f83aa7e26539c140271b9378fb4dfe3a9f8c6ee28706d15ea0b03d4f099c4d21

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json HTTP/1.1
Host: 1xlite-089702.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Content-Type: application/json
X-Lang: en
X-Uuid: cb977724-ff70-45ca-9783-34e2f2dfc848
Content-Length: 88
Origin: https://1xlite-089702.top
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_4299502m_1599c_1w_1wkywe%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_4299502m_1599c_1w_1wkywe; postback_watcher=; auid=U5PgBmgfdLqsu89IAyErAg==; window_width=1280; che_g=55645f11-4340-344c-8034-a6f0583ed4d6
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 10 May 2025 15:46:04 GMT
content-type: application/json
content-length: 23
x-dt: 285
x-time-ng: 0.001
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.110, wf-uht;dur=0.009
X-Firefox-Spdy: h2

GET 1xlite-089702.top/hd-api/external/apps/c5e31d5915661de4393e3f1489b00ebc4497dd48/api.js

83.147.224.6

200 OK

753 B

URL GET
1xlite-089702.top/hd-api/external/apps/c5e31d5915661de4393e3f1489b00ebc4497dd48/api.js
IP
83.147.224.6:443
ASN
#0

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerLet's Encrypt
Subject1xlite-089702.top
Fingerprint54:B3:E2:1B:47:8C:65:C3:1C:ED:F1:C8:6E:9B:A3:92:BC:94:C0:AF
ValidityTue, 11 Mar 2025 05:20:05 GMT - Mon, 09 Jun 2025 05:20:04 GMT

File type
JavaScript source, ASCII text, with very long lines (752)
Size
753 B (753 bytes)
Hash
f004562bde4d48fb0987e200eb06f3af
6ce4bb1f9a61802bc2b28d084810a6a752af30a6
ba2a7d9626d02a36d5c599c2e0f24594f47e2624d8fa93f6944056722e31f20f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hd-api/external/apps/c5e31d5915661de4393e3f1489b00ebc4497dd48/api.js HTTP/1.1
Host: 1xlite-089702.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_4299502m_1599c_1w_1wkywe%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_4299502m_1599c_1w_1wkywe; auid=U5PgBmgfdLqsu89IAyErAg==; window_width=1280; che_g=55645f11-4340-344c-8034-a6f0583ed4d6; SESSION=ccb597c614e7236c9a7c9ef88725b820
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 10 May 2025 15:46:12 GMT
content-type: text/javascript; charset=utf-8
content-length: 490
cache-control: public, max-age=300
content-encoding: gzip
etag: f004562bde4d48fb0987e200eb06f3af
vary: Accept-Encoding
x-dt: 455
x-request-guid: ccdc924f2c2f6936edb97fbfbab2d1bd
x-time-ng: 0.001
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.008, wf-uht;dur=
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/62ddcac7/desktop/default/vendors/plugins.vue-notification-82d2bba4.js

185.244.209.62

200 OK

13 kB

URL GET
v3.traincdn.com/main-static/62ddcac7/desktop/default/vendors/plugins.vue-notification-82d2bba4.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (12563), with no line terminators
Size
13 kB (12563 bytes)
Hash
80675449a00476e14a2a7d4b74c8fe46
0defece3fd48323a940faeff429b4826ed027b48
dfafa0bbf8b911f1be89941425c7fa9d570e6f4532e8bd4a0192d07696924f33

HTTP Headers

GET /main-static/62ddcac7/desktop/default/vendors/plugins.vue-notification-82d2bba4.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-089702.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 10 May 2025 15:46:03 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-ad6f3adf3ae76c5687013a779d61dfbd-5937e1f2c2e72bd1-01
last-modified: Fri, 09 May 2025 08:29:57 GMT
etag: W/"80675449a00476e14a2a7d4b74c8fe46"
x-amz-meta-mtime: 1746779396.604324466
content-encoding: gzip
expires: Sat, 10 May 2025 09:03:15 GMT
cache-control: max-age=86400
x-time-ng: 0.001
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 24050
cache: HIT
x-cached-since: 2025-05-10T09:05:13+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_coupon/en/dictionary_22c581700f9009d3aa46609a4ffa61d6.json

185.244.209.62

200 OK

24 kB

URL GET
v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_coupon/en/dictionary_22c581700f9009d3aa46609a4ffa61d6.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
24 kB (24300 bytes)
Hash
3a36df93e63e0dd00a4ad628c20f495a
b2005e9725612a2c33530627966d1827f5c3fe8d
0425b9e7cdd4c8f1049dd240ad2a23a45bfa9fb86f95f4790b3e286afe527b40

HTTP Headers

GET /genfiles/web-app-v2/dictionary2/v3_coupon/en/dictionary_22c581700f9009d3aa46609a4ffa61d6.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-089702.top/
Origin: https://1xlite-089702.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 10 May 2025 15:46:03 GMT
content-type: application/json; charset=utf-8
traceparent: 00-b13dcb9816b33ef95d30870bbb657ce2-295b97ae8884c329-01
last-modified: Tue, 22 Apr 2025 12:06:05 GMT
etag: W/"3a36df93e63e0dd00a4ad628c20f495a"
cache-control: max-age=3600
content-encoding: gzip
expires: Tue, 22 Apr 2025 13:25:43 GMT
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 384
cache: HIT
x-cached-since: 2025-05-10T15:39:39+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2

185.244.209.62

200 OK

64 kB

URL GET
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 63920, version 1.0
Size
64 kB (63920 bytes)
Hash
a65527fcb58f66a7cfbc0e6b160538b4
45d260e7fa343401b5bb0df982a014f53e2d253b
fb13c3a1cbac60649b76f7d7f85c1645d35ac69b85ce5f4eb0692505ecc2cd45

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-089702.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 10 May 2025 15:46:13 GMT
content-type: font/woff2
content-length: 63920
traceparent: 00-1b366f8c8ec00b6ff4428c8d80b40977-b4b2d51d90592718-01
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "a65527fcb58f66a7cfbc0e6b160538b4"
expires: Thu, 16 Jan 2025 10:45:34 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 799
cache: HIT
x-cached-since: 2025-05-10T15:32:54+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2

185.244.209.62

200 OK

64 kB

URL GET
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 63748, version 1.0
Size
64 kB (63748 bytes)
Hash
6887b6f24414dbc612dbf42ccdc76b70
8068d3abfbc6cbf35b55919da45b1f4d2d136238
fc5c015fc32518f1ed810fa84ca28941eb9d5a3c81acc8df69a4dbbeedef7b0c

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-089702.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 10 May 2025 15:46:03 GMT
content-type: font/woff2
content-length: 63748
traceparent: 00-8740a13afcf525f250334b30d7d076c0-67e653844562ecc4-01
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "6887b6f24414dbc612dbf42ccdc76b70"
expires: Thu, 16 Jan 2025 10:32:14 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 1520
cache: HIT
x-cached-since: 2025-05-10T15:20:43+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/shared-assets/__shared_vue_deps_SVMMEEZF.js

185.244.209.62

200 OK

21 kB

URL GET
v3.traincdn.com/sys-static/shared-assets/__shared_vue_deps_SVMMEEZF.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (20436)
Size
21 kB (20564 bytes)
Hash
b3ce9215487c615dbe0e474955e1dd39
64d50e6020e3cdfe3156bf52d46c176dfd098fd9
e3c9c6a51511916a872d65993ad41d579fd580f3dd688335924153613e295d43

HTTP Headers

GET /sys-static/shared-assets/__shared_vue_deps_SVMMEEZF.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-089702.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 10 May 2025 15:46:04 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-3f0f7978a1354283ac537149790a5996-fcadd589c5047727-01
last-modified: Fri, 09 May 2025 08:32:04 GMT
etag: W/"b3ce9215487c615dbe0e474955e1dd39"
x-amz-meta-mtime: 1746779387.558592013
content-encoding: gzip
expires: Sat, 10 May 2025 10:44:32 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 17776
cache: HIT
x-cached-since: 2025-05-10T10:49:48+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/62ddcac7/desktop/default/analytics-2a8f5225.js

185.244.209.62

200 OK

7.8 kB

URL GET
v3.traincdn.com/main-static/62ddcac7/desktop/default/analytics-2a8f5225.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (7765), with no line terminators
Size
7.8 kB (7765 bytes)
Hash
a7ab0d3478efff4a7b6dc95b95fd78d0
29fd58ecfad589b7e2324789051fd93f883e8fb1
7952f5f889f4544c562bb59148eb55d0a212f7826843c2c622be04eda26aa490

HTTP Headers

GET /main-static/62ddcac7/desktop/default/analytics-2a8f5225.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-089702.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 10 May 2025 15:46:14 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-93ad5fbb834ca900457b3c24f4f6cbf1-1dbff509d498997b-01
last-modified: Fri, 09 May 2025 08:29:57 GMT
etag: W/"a7ab0d3478efff4a7b6dc95b95fd78d0"
x-amz-meta-mtime: 1746779396.588324419
content-encoding: gzip
expires: Sat, 10 May 2025 09:03:26 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 24050
cache: HIT
x-cached-since: 2025-05-10T09:05:24+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/version.json

185.244.209.62

200 OK

11 B

URL GET
v3.traincdn.com/version.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text
Size
11 B (11 bytes)
Hash
bb3b12105b9a19184b25b451221e7e0e
7f0dc34279b2d5a157311be115dceb4541c23b6d
bec63e9b4ac563a097b3b6051f77d45932de1970f0cd622d3bdd22e75d8f213f

HTTP Headers

GET /version.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-089702.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-089702.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 10 May 2025 15:46:02 GMT
content-type: application/json
content-length: 11
traceparent: 00-1f90c01933d768a2c389972915c6dcf3-7b0800e1a3cb2ae8-01
last-modified: Fri, 09 May 2025 10:29:25 GMT
etag: "bb3b12105b9a19184b25b451221e7e0e"
x-amz-meta-mtime: 1746786565.917534976
expires: Fri, 09 May 2025 10:32:00 GMT
cache-control: max-age=60
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 45
cache: HIT
x-cached-since: 2025-05-10T15:45:17+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/e3ac97c990.js

185.244.209.62

200 OK

2.0 kB

URL GET
v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/e3ac97c990.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with very long lines (1435)
Size
2.0 kB (2047 bytes)
Hash
633a23ac8f2994574a7c8d19f46eee33
70865c9a4e87ef719dfbfb98063b831f92b09994
fb0d2c002aff9eabf98e91ef9b237795503911ddfa40fce737a0dc851d385d8d

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/e3ac97c990.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-089702.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 10 May 2025 15:46:04 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-3c4b624994924463a309adee16e169e0-39187a28271ff3e0-01
last-modified: Wed, 30 Apr 2025 07:29:34 GMT
etag: W/"633a23ac8f2994574a7c8d19f46eee33"
x-amz-meta-mtime: 1745997847.071695411
content-encoding: gzip
expires: Thu, 01 May 2025 07:34:05 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 27561
cache: HIT
x-cached-since: 2025-05-10T08:06:43+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/62ddcac7/desktop/default/app-f96c89dd.js

185.244.209.62

200 OK

512 kB

URL GET
v3.traincdn.com/main-static/62ddcac7/desktop/default/app-f96c89dd.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
512 kB (511702 bytes)
Hash
0dec2a25c2b968439ab5d1031dc51c64
df48197a9df3f46d7131245416737b508ff97556
167e5558cce31248f259b98aed4a1befbfb20b09a79e12f0f38590c362ee30ed

HTTP Headers

GET /main-static/62ddcac7/desktop/default/app-f96c89dd.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-089702.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 10 May 2025 15:46:03 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-be243183bd933e40d047791563c88f5f-2e339d458541e580-01
last-modified: Fri, 09 May 2025 08:29:57 GMT
etag: W/"0dec2a25c2b968439ab5d1031dc51c64"
x-amz-meta-mtime: 1746779396.588324419
content-encoding: gzip
expires: Sat, 10 May 2025 09:03:12 GMT
cache-control: max-age=86400
x-time-ng: 0.003
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 24050
cache: HIT
x-cached-since: 2025-05-10T09:05:13+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/bfa3e9fd30e7d63c0906602f42c13468.json

185.244.209.62

200 OK

182 B

URL GET
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/bfa3e9fd30e7d63c0906602f42c13468.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
182 B (182 bytes)
Hash
0a64a07e9a34e8a5b5e97e80a10888c5
82545cbc39b7dcc031dd10dea841a0b3698243d6
7201497e7e8cdf9d35bf6998e43dcde5feea535f9828ce3ee98785781016126c

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/bfa3e9fd30e7d63c0906602f42c13468.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-089702.top/
Origin: https://1xlite-089702.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 10 May 2025 15:46:03 GMT
content-type: application/json
content-length: 182
traceparent: 00-e3d328456f3f3a20d68622f34ddb88d2-1247e2bcfe0a54db-01
last-modified: Thu, 27 Feb 2025 08:55:26 GMT
etag: "0a64a07e9a34e8a5b5e97e80a10888c5"
expires: Thu, 27 Feb 2025 10:17:13 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 427
cache: HIT
x-cached-since: 2025-05-10T15:38:56+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET 1xlite-089702.top/checker/redirect/stat/run/

83.147.224.6

200 OK

14 B

URL GET
1xlite-089702.top/checker/redirect/stat/run/
IP
83.147.224.6:443
ASN
#0

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerLet's Encrypt
Subject1xlite-089702.top
Fingerprint54:B3:E2:1B:47:8C:65:C3:1C:ED:F1:C8:6E:9B:A3:92:BC:94:C0:AF
ValidityTue, 11 Mar 2025 05:20:05 GMT - Mon, 09 Jun 2025 05:20:04 GMT

File type
JSON text data
Size
14 B (14 bytes)
Hash
2de0d0acfd684235f066bd0ec0c9e3df
68d0cb64805a42d7e40f43e8e198986b43dd6b69
9682f312f23e078bb135f23ea5a178b178e75c02d33672f20044d18c6d258928

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /checker/redirect/stat/run/ HTTP/1.1
Host: 1xlite-089702.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
content-type: application/json
x-requested-with: XMLHttpRequest
x-app-n: v3-nuxt2
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_4299502m_1599c_1w_1wkywe%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_4299502m_1599c_1w_1wkywe; postback_watcher=; auid=U5PgBmgfdLqsu89IAyErAg==; window_width=1280; che_g=55645f11-4340-344c-8034-a6f0583ed4d6
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 10 May 2025 15:46:04 GMT
content-type: application/json
content-length: 14
x-time-ng: 0.000
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.010
X-Firefox-Spdy: h2

POST 1xlite-089702.top/hd-api/external/verify

83.147.224.6

200 OK

715 B

URL POST
1xlite-089702.top/hd-api/external/verify
IP
83.147.224.6:443
ASN
#0

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerLet's Encrypt
Subject1xlite-089702.top
Fingerprint54:B3:E2:1B:47:8C:65:C3:1C:ED:F1:C8:6E:9B:A3:92:BC:94:C0:AF
ValidityTue, 11 Mar 2025 05:20:05 GMT - Mon, 09 Jun 2025 05:20:04 GMT

File type
JSON text data
Size
715 B (715 bytes)
Hash
391b59601603d7f8c5ad610cd115999a
7efdbc7c72b1f09c0a6cce852171520444bf6b0d
50373f77a706e2423c419fe00259c7b0781dd30a5eaa452db8e5eda061e81f8e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /hd-api/external/verify HTTP/1.1
Host: 1xlite-089702.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Content-Type: text/plain;charset=UTF-8
Content-Length: 108709
Origin: https://1xlite-089702.top
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_4299502m_1599c_1w_1wkywe%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_4299502m_1599c_1w_1wkywe; auid=U5PgBmgfdLqsu89IAyErAg==; window_width=1280; che_g=55645f11-4340-344c-8034-a6f0583ed4d6; SESSION=ccb597c614e7236c9a7c9ef88725b820
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 10 May 2025 15:46:14 GMT
content-type: application/json
content-length: 587
content-encoding: gzip
vary: Accept-Encoding
x-dt: 285
x-request-guid: 0a39bb6c9ee2119a3d201669ac306f6f
x-time-ng: 0.017
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.008, wf-uht;dur=0.053
X-Firefox-Spdy: h2

GET radar.cedexis.com/1707728419/stub.js

45.54.49.5

200 OK

390 B

URL GET
radar.cedexis.com/1707728419/stub.js
IP
45.54.49.5:443
ASN
#63911 NetActuate, Inc

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerDigiCert Inc
Subjectradar.cedexis.com
FingerprintA2:3E:30:19:D5:41:3A:11:81:58:E3:B1:6F:F4:D2:78:0B:44:6F:D0
ValidityFri, 07 Mar 2025 00:00:00 GMT - Fri, 06 Mar 2026 23:59:59 GMT

File type
JavaScript source, ASCII text
Size
390 B (390 bytes)
Hash
82dec77fd0353c7c71ce053b8601387e
fbbca95419e1d0c042e0a5fdf10f380aca66188c
39f2b7b0fa78d37d0c84d2d6618bd635d86fd683d9bcdd5729850cb2a62522f7

HTTP Headers

GET /1707728419/stub.js HTTP/1.1
Host: radar.cedexis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-089702.top/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 10 May 2025 15:46:15 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 12 Feb 2024 09:51:01 GMT
Vary: Accept-Encoding
ETag: W/"65c9ea05-186"
Expires: Sat, 24 May 2025 15:46:15 GMT
Cache-Control: max-age=1209600, public
Content-Encoding: gzip

GET v3.traincdn.com/main-static/62ddcac7/desktop/default/DC-38482302.js

185.244.209.62

200 OK

2.7 kB

URL GET
v3.traincdn.com/main-static/62ddcac7/desktop/default/DC-38482302.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (2654), with no line terminators
Size
2.7 kB (2654 bytes)
Hash
da38502ad32bc4d042da722f9a083729
5bdc412d09b4cac6348defd5f831903df935bf12
2a0bd746cb4256fc0bf147cf7d1de47011ba12cb22c7ecfdbf7a2472c6371825

HTTP Headers

GET /main-static/62ddcac7/desktop/default/DC-38482302.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-089702.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 10 May 2025 15:46:04 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-d1d527034b378d48c85e49966b49b463-199e49ab818431a6-01
last-modified: Fri, 09 May 2025 08:29:57 GMT
etag: W/"da38502ad32bc4d042da722f9a083729"
x-amz-meta-mtime: 1746779396.584324408
content-encoding: gzip
expires: Sat, 10 May 2025 09:03:19 GMT
cache-control: max-age=86400
x-time-ng: 0.001
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 24050
cache: HIT
x-cached-since: 2025-05-10T09:05:14+00:00
X-Firefox-Spdy: h2

POST 1xlite-089702.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/ab.json

83.147.224.6

200 OK

2 B

URL POST
1xlite-089702.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/ab.json
IP
83.147.224.6:443
ASN
#0

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerLet's Encrypt
Subject1xlite-089702.top
Fingerprint54:B3:E2:1B:47:8C:65:C3:1C:ED:F1:C8:6E:9B:A3:92:BC:94:C0:AF
ValidityTue, 11 Mar 2025 05:20:05 GMT - Mon, 09 Jun 2025 05:20:04 GMT

File type
JSON text data
Size
2 B (2 bytes)
Hash
d751713988987e9331980363e24189ce
97d170e1550eee4afc0af065b78cda302a97674c
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/ab.json HTTP/1.1
Host: 1xlite-089702.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Content-Type: application/json
X-Lang: en
X-Uuid: cb977724-ff70-45ca-9783-34e2f2dfc848
Content-Length: 19
Origin: https://1xlite-089702.top
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_4299502m_1599c_1w_1wkywe%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_4299502m_1599c_1w_1wkywe; postback_watcher=; auid=U5PgBmgfdLqsu89IAyErAg==; window_width=1280; che_g=55645f11-4340-344c-8034-a6f0583ed4d6
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 10 May 2025 15:46:04 GMT
content-type: application/json
content-length: 2
x-dt: 285
x-time-ng: 0.000
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.104, wf-uht;dur=0.011
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/62ddcac7/desktop/default/css/7fe5f71b.css

185.244.209.62

200 OK

3.3 kB

URL GET
v3.traincdn.com/main-static/62ddcac7/desktop/default/css/7fe5f71b.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with very long lines (3313), with no line terminators
Size
3.3 kB (3313 bytes)
Hash
c610b8710368de3bf2f1c5bb581b6a3a
f67bc86785d434adb2e81a356a7926b8818ac567
fad7111846310042401990719146401178f22e2618abf2b058e641b6495e8eba

HTTP Headers

GET /main-static/62ddcac7/desktop/default/css/7fe5f71b.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-089702.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 10 May 2025 15:46:03 GMT
content-type: text/css; charset=utf-8
traceparent: 00-c8daeb76dcd0018e8d2d1ce91d5324a2-ae38c6db600b9ce1-01
last-modified: Fri, 09 May 2025 08:29:58 GMT
etag: W/"c610b8710368de3bf2f1c5bb581b6a3a"
x-amz-meta-mtime: 1746779396.592324431
content-encoding: gzip
expires: Sat, 10 May 2025 09:03:15 GMT
cache-control: max-age=86400
x-time-ng: 0.001
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 24050
cache: HIT
x-cached-since: 2025-05-10T09:05:13+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_game/en/dictionary_633badab13286d149e2e53ba9cddcd56.json

185.244.209.62

200 OK

22 kB

URL GET
v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_game/en/dictionary_633badab13286d149e2e53ba9cddcd56.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (21943), with no line terminators
Size
22 kB (22102 bytes)
Hash
f8e38c106493e25c8d998abca3adbfad
e512c42df5c9eb5704ed7791d70b2ffe1f81a93e
6c63846ee5fc0545cad9e70c5428d69ee73bfcfe4e2670e6963002aacb911909

HTTP Headers

GET /genfiles/web-app-v2/dictionary2/v3_game/en/dictionary_633badab13286d149e2e53ba9cddcd56.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-089702.top/
Origin: https://1xlite-089702.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 10 May 2025 15:46:03 GMT
content-type: application/json; charset=utf-8
traceparent: 00-2557f279255441a89308fe7e78f2675f-285784647cc1a22a-01
last-modified: Wed, 07 May 2025 16:06:34 GMT
etag: W/"895da097d39231b34332842ef0092651"
cache-control: max-age=3600
content-encoding: gzip
expires: Wed, 07 May 2025 17:17:40 GMT
x-time-ng: 0.001
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 384
cache: HIT
x-cached-since: 2025-05-10T15:39:39+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2

185.244.209.62

200 OK

64 kB

URL GET
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 63748, version 1.0
Size
64 kB (63748 bytes)
Hash
6887b6f24414dbc612dbf42ccdc76b70
8068d3abfbc6cbf35b55919da45b1f4d2d136238
fc5c015fc32518f1ed810fa84ca28941eb9d5a3c81acc8df69a4dbbeedef7b0c

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-089702.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 10 May 2025 15:46:13 GMT
content-type: font/woff2
content-length: 63748
traceparent: 00-8e7882cd2625729cef2bcaf6b6741782-15fa1405a354649e-01
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "6887b6f24414dbc612dbf42ccdc76b70"
expires: Thu, 16 Jan 2025 10:32:14 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 1530
cache: HIT
x-cached-since: 2025-05-10T15:20:43+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/62ddcac7/desktop/default/vendors/app-9a795df8.js

185.244.209.62

200 OK

1.4 MB

URL GET
v3.traincdn.com/main-static/62ddcac7/desktop/default/vendors/app-9a795df8.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (63296)
Size
1.4 MB (1389446 bytes)
Hash
285c266c7f9d7053d81dc349efcc5564
565528e5e0147f7bc3024427acd093fe10fb3653
5219100382262de7b72e661866c8aa901c679a268057aec0d9bb9f9918153376

HTTP Headers

GET /main-static/62ddcac7/desktop/default/vendors/app-9a795df8.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-089702.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 10 May 2025 15:46:03 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-f1683dcd4299ea92ce3b693c03ee18e6-9a37de66db76c8d5-01
last-modified: Fri, 09 May 2025 08:29:57 GMT
etag: W/"285c266c7f9d7053d81dc349efcc5564"
x-amz-meta-mtime: 1746779396.600324455
content-encoding: gzip
expires: Sat, 10 May 2025 09:03:12 GMT
cache-control: max-age=86400
x-time-ng: 0.004
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 24050
cache: HIT
x-cached-since: 2025-05-10T09:05:13+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_block_pages/en/dictionary_bc0570f08a28537dc724f4764ecf77e4.json

185.244.209.62

200 OK

2.3 kB

URL GET
v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_block_pages/en/dictionary_bc0570f08a28537dc724f4764ecf77e4.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
2.3 kB (2308 bytes)
Hash
7c12ae6fc08684f50822b3eb56779e29
036c726b8b7b2d24f987391101f3e8d1a2a183cf
a2eac45353675c82733192916712b8876c6b038b7bdbddc24df464e38b67cbfd

HTTP Headers

GET /genfiles/web-app-v2/dictionary2/v3_block_pages/en/dictionary_bc0570f08a28537dc724f4764ecf77e4.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-089702.top/
Origin: https://1xlite-089702.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 10 May 2025 15:46:04 GMT
content-type: application/json; charset=utf-8
traceparent: 00-fdf3468c8ea511596f69b62215e3e622-47aff49d9c9dc0e9-01
last-modified: Tue, 22 Apr 2025 08:06:29 GMT
etag: W/"7c12ae6fc08684f50822b3eb56779e29"
cache-control: max-age=3600
content-encoding: gzip
expires: Tue, 22 Apr 2025 09:26:34 GMT
x-time-ng: 0.001
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 146
cache: HIT
x-cached-since: 2025-05-10T15:43:38+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_reset_password/en/dictionary_612c6e919ca15d39cc751a619a3952c7.json

185.244.209.62

200 OK

765 B

URL GET
v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_reset_password/en/dictionary_612c6e919ca15d39cc751a619a3952c7.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
765 B (765 bytes)
Hash
00f980f23f1b4c1ccee99ed49e0a8feb
4cb07094de9bffff1bf81d94446280b91013b660
bb3be3377fbb8e66a4b5a8a3866dfd865a37cb4a96482ab2f439981e03b57cea

HTTP Headers

GET /genfiles/web-app-v2/dictionary2/v3_reset_password/en/dictionary_612c6e919ca15d39cc751a619a3952c7.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-089702.top/
Origin: https://1xlite-089702.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 10 May 2025 15:46:03 GMT
content-type: application/json; charset=utf-8
content-length: 765
traceparent: 00-ae0a2ec32c92f5d805e59ad69f61efad-278dcb4219579b15-01
last-modified: Wed, 11 Oct 2023 12:52:53 GMT
etag: "00f980f23f1b4c1ccee99ed49e0a8feb"
cache-control: max-age=3600
expires: Thu, 16 Jan 2025 10:53:47 GMT
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 1953
cache: HIT
x-cached-since: 2025-05-10T15:13:30+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/ac02f639a86763a884adc5615fe65e72.json

185.244.209.62

200 OK

14 kB

URL GET
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/ac02f639a86763a884adc5615fe65e72.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
14 kB (14232 bytes)
Hash
811ce3b7877d19901e45430cb6523d62
16a905115a678fdef3923f91c6f76cbab613e84d
10fbb74dbac63abfe9c4f5a77abc03757ef3527a479d4ae70dc977b515eec8cb

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/ac02f639a86763a884adc5615fe65e72.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-089702.top/
Origin: https://1xlite-089702.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 10 May 2025 15:46:03 GMT
content-type: application/json
traceparent: 00-d6d5b08a8f6e2785d6d990b934eb8e49-6de4892bc0d35367-01
last-modified: Thu, 27 Feb 2025 09:04:01 GMT
etag: W/"811ce3b7877d19901e45430cb6523d62"
content-encoding: gzip
expires: Thu, 27 Feb 2025 10:17:13 GMT
cache-control: max-age=3600
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 427
cache: HIT
x-cached-since: 2025-05-10T15:38:56+00:00
X-Firefox-Spdy: h2

GET 1xlite-089702.top/en?tag=d_4299502m_1599c_1w_1wkywe

83.147.224.6

302 Found

266 kB

URL User Request GET
1xlite-089702.top/en?tag=d_4299502m_1599c_1w_1wkywe
IP
83.147.224.6:443
ASN
#0

Certificate
IssuerLet's Encrypt
Subject1xlite-089702.top
Fingerprint54:B3:E2:1B:47:8C:65:C3:1C:ED:F1:C8:6E:9B:A3:92:BC:94:C0:AF
ValidityTue, 11 Mar 2025 05:20:05 GMT - Mon, 09 Jun 2025 05:20:04 GMT

File type

Size
266 kB (266144 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /en?tag=d_4299502m_1599c_1w_1wkywe HTTP/1.1
Host: 1xlite-089702.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: nginx
date: Sat, 10 May 2025 15:46:02 GMT
location: https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
link: <https://v3.traincdn.com/sys-ui/2.3.169/Desktop/Default/client.css>; rel=preload; as=style; crossorigin=anonymous
server-timing: dt_total;dur=0.007, total;dur=25;desc="Nuxt Server Time", wf-uht;dur=0.036
set-cookie: platform_type=desktop; Path=/; Expires=Tue, 13 May 2025 15:46:02 GMT; Secure; SameSite=None; Partitioned
gw-mm=; Path=/; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Secure; SameSite=None; Partitioned
lng=en; Path=/
cookies_agree_type=3; Path=/
tzo=2; Path=/
is12h=0; Path=/
referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_4299502m_1599c_1w_1wkywe%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; Path=/; Expires=Wed, 09 Jul 2025 15:46:02 GMT
reflinkid=d_4299502m_1599c_1w_1wkywe; Path=/; Expires=Sat, 10 May 2025 16:46:02 GMT
postback_watcher=; Path=/; Expires=Sat, 10 May 2025 15:46:06 GMT
auid=U5PgBmgfdLqsu89IAyErAg==; path=/; secure; httponly; samesite=lax
x-dt: 285
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/19f05ee466.css

185.244.209.62

200 OK

15 kB

URL GET
v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/19f05ee466.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with very long lines (15082)
Size
15 kB (15083 bytes)
Hash
967ea13abafaa256ab87710daeab15e3
c35d006df7e93184905785ddd0780675dbf5ea14
21a68512f65cb824cf777ebddc9aa65f5922defc4dfbc969c3c0e37f74636eda

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/19f05ee466.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-089702.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 10 May 2025 15:46:02 GMT
content-type: text/css; charset=utf-8
traceparent: 00-08e76eda877196ae0b5d3417204fc618-27877ec6250816ad-01
last-modified: Wed, 30 Apr 2025 07:29:34 GMT
etag: W/"967ea13abafaa256ab87710daeab15e3"
x-amz-meta-mtime: 1745997847.069695279
content-encoding: gzip
expires: Thu, 01 May 2025 10:12:15 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 18856
cache: HIT
x-cached-since: 2025-05-10T10:31:46+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_auth/en/dictionary_40c95d7df5bb4b44db14e1193de6c643.json

185.244.209.62

200 OK

9.7 kB

URL GET
v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_auth/en/dictionary_40c95d7df5bb4b44db14e1193de6c643.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
9.7 kB (9668 bytes)
Hash
64c38aa3bf35c1488e63e7c3511af9b0
106f0948d8e3ee6c10526d6b6860d79210a7021b
9bc0749be81f39d2d0aeac92347acc4863f64074382e8819a35b666754eeaf38

HTTP Headers

GET /genfiles/web-app-v2/dictionary2/v3_auth/en/dictionary_40c95d7df5bb4b44db14e1193de6c643.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-089702.top/
Origin: https://1xlite-089702.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 10 May 2025 15:46:03 GMT
content-type: application/json; charset=utf-8
traceparent: 00-06b703a461be4218a17fca1ee4f83117-137949b4f6cc06d0-01
last-modified: Wed, 07 May 2025 14:06:27 GMT
etag: W/"64c38aa3bf35c1488e63e7c3511af9b0"
cache-control: max-age=3600
content-encoding: gzip
expires: Wed, 07 May 2025 15:17:42 GMT
x-time-ng: 0.001
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 1608
cache: HIT
x-cached-since: 2025-05-10T15:19:15+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/a572c043a1.js

185.244.209.62

200 OK

27 kB

URL GET
v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/a572c043a1.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with very long lines (12766)
Size
27 kB (27230 bytes)
Hash
4616600346817a146fab20f3b48d685b
190b06fd9f4b417a26294e440238478e0d305225
9ef9a9d41db770d6ac0f1c385fb3d17688446216b56067099208691afe6640f8

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/a572c043a1.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-089702.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 10 May 2025 15:46:04 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-50fe23a5f070fdc975ddf4f243748377-32848b73c9b33ede-01
last-modified: Wed, 30 Apr 2025 07:29:34 GMT
etag: W/"4616600346817a146fab20f3b48d685b"
x-amz-meta-mtime: 1745997847.068695213
content-encoding: gzip
expires: Thu, 01 May 2025 07:34:05 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 27561
cache: HIT
x-cached-since: 2025-05-10T08:06:43+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/3391a1bcde.js

185.244.209.62

200 OK

134 B

URL GET
v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/3391a1bcde.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
Java source, ASCII text
Size
134 B (134 bytes)
Hash
9cab00381884409f22ed5881f2c6b94e
6cb9dc6ad9f587cac210658052275cc905a83a47
3d2a785e69f540de179b22dc081d4a1645cc79b40a9359da6476cc406cdd76a2

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/3391a1bcde.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-089702.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 10 May 2025 15:46:04 GMT
content-type: text/javascript; charset=utf-8
content-length: 134
traceparent: 00-0c9e411c41f4a9cd1f2667086db25126-bc2b0669b2b2e11b-01
last-modified: Wed, 30 Apr 2025 07:29:34 GMT
etag: "9cab00381884409f22ed5881f2c6b94e"
x-amz-meta-mtime: 1745997847.066695082
expires: Wed, 07 May 2025 20:42:56 GMT
cache-control: max-age=86400
x-time-ng: 0.003
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 67595
cache: HIT
x-cached-since: 2025-05-09T20:59:29+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/shared-assets/Desktop/__shared_css_fd9561.css

185.244.209.62

200 OK

5.0 kB

URL GET
v3.traincdn.com/sys-static/shared-assets/Desktop/__shared_css_fd9561.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with very long lines (4607)
Size
5.0 kB (5030 bytes)
Hash
5498f16be4b5e31fc69b105bd2e086e0
7c3cebacccaaf7d8dd7e3337d96602fba2e6db47
fd95617b284e0e75b0aac92febea4f5fc279fee6281a4dd5e04c053bad2e048e

HTTP Headers

GET /sys-static/shared-assets/Desktop/__shared_css_fd9561.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-089702.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 10 May 2025 15:46:02 GMT
content-type: text/css; charset=utf-8
traceparent: 00-c78bd16c9c5fad6a0137f0b8ba911437-e1ea07023fa7ebca-01
last-modified: Fri, 09 May 2025 08:32:05 GMT
etag: W/"5498f16be4b5e31fc69b105bd2e086e0"
x-amz-meta-mtime: 1746779387.504587261
content-encoding: gzip
expires: Sat, 10 May 2025 08:49:47 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 24918
cache: HIT
x-cached-since: 2025-05-10T08:50:44+00:00
X-Firefox-Spdy: h2

POST 1xlite-089702.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json

83.147.224.6

200 OK

23 B

URL POST
1xlite-089702.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json
IP
83.147.224.6:443
ASN
#0

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerLet's Encrypt
Subject1xlite-089702.top
Fingerprint54:B3:E2:1B:47:8C:65:C3:1C:ED:F1:C8:6E:9B:A3:92:BC:94:C0:AF
ValidityTue, 11 Mar 2025 05:20:05 GMT - Mon, 09 Jun 2025 05:20:04 GMT

File type
JSON text data
Size
23 B (23 bytes)
Hash
f48dab9d6890b082dcd74f3df2684604
8ccab6d404293799052ba05b7e19f97f6f0386cb
d18125409861d6c72305a4de98af0d7fb773c3e94877d1ad8aca96f46dd7af8d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json HTTP/1.1
Host: 1xlite-089702.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Content-Type: application/json
X-Lang: en
X-Uuid: cb977724-ff70-45ca-9783-34e2f2dfc848
Content-Length: 109
Origin: https://1xlite-089702.top
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_4299502m_1599c_1w_1wkywe%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_4299502m_1599c_1w_1wkywe; auid=U5PgBmgfdLqsu89IAyErAg==; window_width=1280; che_g=55645f11-4340-344c-8034-a6f0583ed4d6; SESSION=ccb597c614e7236c9a7c9ef88725b820; _ga_7JGWL9SV66=GS2.1.s1746891974$o1$g0$t1746891974$j60$l0$h2017985883; _ga=GA1.1.264750548.1746891975; _gcl_au=1.1.484305786.1746891975
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 10 May 2025 15:46:15 GMT
content-type: application/json
content-length: 23
x-dt: 285
x-time-ng: 0.001
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.010, wf-uht;dur=0.013
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/46fe3f96f4140750e81ded48911f3e30.json

185.244.209.62

200 OK

747 B

URL GET
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/46fe3f96f4140750e81ded48911f3e30.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
747 B (747 bytes)
Hash
f4e90636ec9cff061c4301b3cefdd0d6
c506efe9c3672c58434ea10021dab0ad81b1ad98
30666f138ccc12735e2f8a6405ddce4a3d8756b9445e3b2732fa2970f14dbcea

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/46fe3f96f4140750e81ded48911f3e30.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-089702.top/
Origin: https://1xlite-089702.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 10 May 2025 15:46:03 GMT
content-type: application/json
content-length: 747
traceparent: 00-15404de87f0c55dfbbf14a11e89c74c9-a55d802cab7c49e6-01
last-modified: Thu, 27 Feb 2025 13:26:35 GMT
etag: "f4e90636ec9cff061c4301b3cefdd0d6"
expires: Thu, 27 Feb 2025 15:00:05 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 624
cache: HIT
x-cached-since: 2025-05-10T15:35:39+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-ui/2.3.169/Desktop/Default/client.css

185.244.209.62

200 OK

614 kB

URL GET
v3.traincdn.com/sys-ui/2.3.169/Desktop/Default/client.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
614 kB (614076 bytes)
Hash
3dc0ea77b73ab7ceb45dbb0e929b0c78
3a2932dec7166620ab3cce1d365a9b5a0f4907ab
aaf46b531e51d699b6ebb91838be288e7267c82d397b66ed47e694c6f1acace5

HTTP Headers

GET /sys-ui/2.3.169/Desktop/Default/client.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-089702.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-089702.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 10 May 2025 15:46:02 GMT
content-type: text/css; charset=utf-8
traceparent: 00-9cddd66565f34f5d39db59f55aa7636a-65030973b6ae23c6-01
last-modified: Thu, 17 Apr 2025 08:46:48 GMT
etag: W/"3dc0ea77b73ab7ceb45dbb0e929b0c78"
x-amz-meta-mtime: 1744879605.570763771
content-encoding: gzip
expires: Sat, 03 May 2025 08:44:45 GMT
cache-control: max-age=86400
x-time-ng: 0.003
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 25044
cache: HIT
x-cached-since: 2025-05-10T08:48:38+00:00
X-Firefox-Spdy: h2

GET 1xlite-089702.top/main-static/62ddcac7/check-ob.js

83.147.224.6

200 OK

219 B

URL GET
1xlite-089702.top/main-static/62ddcac7/check-ob.js
IP
83.147.224.6:443
ASN
#0

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerLet's Encrypt
Subject1xlite-089702.top
Fingerprint54:B3:E2:1B:47:8C:65:C3:1C:ED:F1:C8:6E:9B:A3:92:BC:94:C0:AF
ValidityTue, 11 Mar 2025 05:20:05 GMT - Mon, 09 Jun 2025 05:20:04 GMT

File type
JavaScript source, ASCII text
Size
219 B (219 bytes)
Hash
c065700c9c8c493403359e1f2baa10d9
4630fe729e70bdf63fa7ba6c84ec277fd1f51030
1e61f0c82ae82ffcf503fcd4b4c8ae27b32c11e19b882d5d13f3c44364c893f4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /main-static/62ddcac7/check-ob.js HTTP/1.1
Host: 1xlite-089702.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_4299502m_1599c_1w_1wkywe%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_4299502m_1599c_1w_1wkywe; postback_watcher=; auid=U5PgBmgfdLqsu89IAyErAg==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 10 May 2025 15:46:02 GMT
content-type: text/javascript; charset=utf-8
content-length: 219
last-modified: Fri, 09 May 2025 08:30:50 GMT
etag: "c065700c9c8c493403359e1f2baa10d9"
x-amz-meta-mtime: 1746779449.384478196
expires: Sun, 11 May 2025 15:43:27 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/62ddcac7/desktop/default/vendors/plugins.vue-js-modal-aaff7d67.js

185.244.209.62

200 OK

27 kB

URL GET
v3.traincdn.com/main-static/62ddcac7/desktop/default/vendors/plugins.vue-js-modal-aaff7d67.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (26667), with no line terminators
Size
27 kB (26667 bytes)
Hash
75d1d62e02e06c6b8faedd0408117b2c
1ba582191d375b69b70cb623dda679433026f665
9b4fd88e9862002a4c5b5221a9cce532eea7a8ef98e624784e566445d77930f6

HTTP Headers

GET /main-static/62ddcac7/desktop/default/vendors/plugins.vue-js-modal-aaff7d67.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-089702.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 10 May 2025 15:46:03 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-feb095d090004baec184e61369db0d41-fa5594cb3543782e-01
last-modified: Fri, 09 May 2025 08:29:57 GMT
etag: W/"75d1d62e02e06c6b8faedd0408117b2c"
x-amz-meta-mtime: 1746779396.604324466
content-encoding: gzip
expires: Sat, 10 May 2025 09:03:15 GMT
cache-control: max-age=86400
x-time-ng: 0.001
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 24050
cache: HIT
x-cached-since: 2025-05-10T09:05:13+00:00
X-Firefox-Spdy: h2

GET www.googletagmanager.com/gtag/destination?id=AW-16664555628&cx=c&gtm=45He5571v9180563600za200&tag_exp=101509156~103101750~103101752~103116025~103200001~103233424~103251618~103251620~103284320~103284322~103301114~103301116

142.250.178.104

200 OK

332 kB

URL GET
www.googletagmanager.com/gtag/destination?id=AW-16664555628&cx=c&gtm=45He5571v9180563600za200&tag_exp=101509156~103101750~103101752~103116025~103200001~103233424~103251618~103251620~103284320~103284322~103301114~103301116
IP
142.250.178.104:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint02:7D:56:C0:B9:20:0C:27:A4:AC:B9:8F:9D:45:1D:85:2A:30:50:AD
ValidityMon, 21 Apr 2025 08:40:41 GMT - Mon, 14 Jul 2025 08:40:40 GMT

File type
JavaScript source, ASCII text, with very long lines (5432)
Size
332 kB (332537 bytes)
Hash
cf172b95a44d54069d236945fd64317e
37d0d6bdd104d9a49b6be77bdecd26b4b13ec77d
509d8daee352345f3c320bd403d9c61d1921606b6e7a8bd8f6b5b32e896e7a1e

HTTP Headers

GET /gtag/destination?id=AW-16664555628&cx=c&gtm=45He5571v9180563600za200&tag_exp=101509156~103101750~103101752~103116025~103200001~103233424~103251618~103251620~103284320~103284322~103301114~103301116 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-089702.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 10 May 2025 15:46:14 GMT
expires: Sat, 10 May 2025 15:46:14 GMT
cache-control: private, max-age=900
last-modified: Sat, 10 May 2025 15:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcysghrgc:42:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcysghrgc:42:0
report-to: {"group":"ascgcysghrgc:42:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcysghrgc:42:0"}],}
server: Google Tag Manager
content-length: 114949
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET v3.traincdn.com/sys-ui/2.3.169/Desktop/Default/client.css

185.244.209.62

200 OK

614 kB

URL GET
v3.traincdn.com/sys-ui/2.3.169/Desktop/Default/client.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
614 kB (614076 bytes)
Hash
3dc0ea77b73ab7ceb45dbb0e929b0c78
3a2932dec7166620ab3cce1d365a9b5a0f4907ab
aaf46b531e51d699b6ebb91838be288e7267c82d397b66ed47e694c6f1acace5

HTTP Headers

GET /sys-ui/2.3.169/Desktop/Default/client.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-089702.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 10 May 2025 15:46:02 GMT
content-type: text/css; charset=utf-8
traceparent: 00-601b3ae28a896b84c133acae6a08e25b-bb855d55a42be476-01
last-modified: Thu, 17 Apr 2025 08:46:48 GMT
etag: W/"3dc0ea77b73ab7ceb45dbb0e929b0c78"
x-amz-meta-mtime: 1744879605.570763771
content-encoding: gzip
expires: Sat, 03 May 2025 08:44:45 GMT
cache-control: max-age=86400
x-time-ng: 0.003
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 25044
cache: HIT
x-cached-since: 2025-05-10T08:48:38+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/4b4d8dc118.js

185.244.209.62

200 OK

2.5 kB

URL GET
v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/4b4d8dc118.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with very long lines (1064)
Size
2.5 kB (2483 bytes)
Hash
0b0bfa4e985d164cc8daea3a5d6ba08f
ff5a04a41e2e72112766ccbc72878afc6eaa9f79
98bc37db78480c22fbe53878ba6a1c4feb09758f2e98394026e2de232124ddf0

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/4b4d8dc118.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-089702.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 10 May 2025 15:46:04 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-6f0fa245f8357c72f6adc166764b0c13-3d6ba349f8b93356-01
last-modified: Wed, 30 Apr 2025 07:29:34 GMT
etag: W/"0b0bfa4e985d164cc8daea3a5d6ba08f"
x-amz-meta-mtime: 1745997847.066695082
content-encoding: gzip
expires: Thu, 01 May 2025 07:34:05 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 27561
cache: HIT
x-cached-since: 2025-05-10T08:06:43+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/62ddcac7/desktop/default/css/f5139760.css

185.244.209.62

200 OK

65 kB

URL GET
v3.traincdn.com/main-static/62ddcac7/desktop/default/css/f5139760.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with very long lines (65410), with no line terminators
Size
65 kB (65410 bytes)
Hash
24ff919a1d261e01ae64676be91308e4
63df3a51e799735627656792c7c8eae29a4863b8
d86444b0f59d973c348e465740cc02a7c1814aeaff09e354eaf9e49132ceb790

HTTP Headers

GET /main-static/62ddcac7/desktop/default/css/f5139760.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-089702.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 10 May 2025 15:46:02 GMT
content-type: text/css; charset=utf-8
traceparent: 00-0f2121ec605c402b556708c604b49443-3af5feba8fff7285-01
last-modified: Fri, 09 May 2025 08:29:58 GMT
etag: W/"24ff919a1d261e01ae64676be91308e4"
x-amz-meta-mtime: 1746779396.596324443
content-encoding: gzip
expires: Sat, 10 May 2025 09:03:11 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 24051
cache: HIT
x-cached-since: 2025-05-10T09:05:11+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/site-admin/css_vars/29b5cda95fa390c124de39b6aeca6d24.css

185.244.209.62

200 OK

46 B

URL GET
v3.traincdn.com/genfiles/site-admin/css_vars/29b5cda95fa390c124de39b6aeca6d24.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
46 B (46 bytes)
Hash
29b5cda95fa390c124de39b6aeca6d24
46f68f69533c1fdc737eb36e8e7af7672178e610
6021ec0aede22eadcb8401fe945d345202320437c7be01b157f0cb282ebe7c88

HTTP Headers

GET /genfiles/site-admin/css_vars/29b5cda95fa390c124de39b6aeca6d24.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-089702.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 10 May 2025 15:46:03 GMT
content-type: text/css
content-length: 46
traceparent: 00-f862eb97ba479489a8924af76a59e715-0d9f2fd067342222-01
last-modified: Thu, 20 Mar 2025 13:29:31 GMT
etag: "29b5cda95fa390c124de39b6aeca6d24"
cache-control: max-age=3600
expires: Thu, 20 Mar 2025 14:32:37 GMT
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 1608
cache: HIT
x-cached-since: 2025-05-10T15:19:15+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET www.googletagmanager.com/gtm.js?id=GTM-KFGPRJ2V

142.250.178.104

200 OK

331 kB

URL GET
www.googletagmanager.com/gtm.js?id=GTM-KFGPRJ2V
IP
142.250.178.104:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint02:7D:56:C0:B9:20:0C:27:A4:AC:B9:8F:9D:45:1D:85:2A:30:50:AD
ValidityMon, 21 Apr 2025 08:40:41 GMT - Mon, 14 Jul 2025 08:40:40 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (4828)
Size
331 kB (330718 bytes)
Hash
e5d149d40571a2c94e4547f51081fd54
bc67042c841fd93f6ab78620d181d9c9545e11b5
4771841227d62b2be8025337319b8361534be51420d2e01fe4b70ed35f04aee8

HTTP Headers

GET /gtm.js?id=GTM-KFGPRJ2V HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-089702.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 10 May 2025 15:46:14 GMT
expires: Sat, 10 May 2025 15:46:14 GMT
cache-control: private, max-age=900
last-modified: Sat, 10 May 2025 15:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1317:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1317:0
report-to: {"group":"ascgcycc:1317:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1317:0"}],}
server: Google Tag Manager
content-length: 115116
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET radar.cedexis.com/1/23802/radar.js

45.54.49.5

302 Moved Temporarily

390 B

URL GET
radar.cedexis.com/1/23802/radar.js
IP
45.54.49.5:443
ASN
#63911 NetActuate, Inc

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerDigiCert Inc
Subjectradar.cedexis.com
FingerprintA2:3E:30:19:D5:41:3A:11:81:58:E3:B1:6F:F4:D2:78:0B:44:6F:D0
ValidityFri, 07 Mar 2025 00:00:00 GMT - Fri, 06 Mar 2026 23:59:59 GMT

File type

Size
390 B (390 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /1/23802/radar.js HTTP/1.1
Host: radar.cedexis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-089702.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Sat, 10 May 2025 15:46:14 GMT
Content-Type: text/html
Content-Length: 138
Connection: keep-alive
Location: /1707728419/stub.js
Expires: Sat, 10 May 2025 15:56:14 GMT
Cache-Control: max-age=600
Vary: User-Agent,DNT

GET v3.traincdn.com/sys-static/shared-assets/__shared_fast_deep_equal_4DKQVMAE.js

185.244.209.62

200 OK

865 B

URL GET
v3.traincdn.com/sys-static/shared-assets/__shared_fast_deep_equal_4DKQVMAE.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (840)
Size
865 B (865 bytes)
Hash
b83f09e2c933f2aafd2e97f88f23d81f
c5c5ff5f8b7cd801781559b42c365a16e6839800
f584585b1dce860bf95b8270b60680af7022244f6723ed8f01fe3967780c6aae

HTTP Headers

GET /sys-static/shared-assets/__shared_fast_deep_equal_4DKQVMAE.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-089702.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 10 May 2025 15:46:04 GMT
content-type: text/javascript; charset=utf-8
content-length: 865
traceparent: 00-5f9081fcd7f8f7539037f4e27f06b915-f064c386b18b441d-01
last-modified: Fri, 09 May 2025 08:32:04 GMT
etag: "b83f09e2c933f2aafd2e97f88f23d81f"
x-amz-meta-mtime: 1746779387.557591925
expires: Sat, 10 May 2025 10:58:33 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 17061
cache: HIT
x-cached-since: 2025-05-10T11:01:43+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66

142.250.178.104

200 OK

455 kB

URL GET
www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66
IP
142.250.178.104:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint02:7D:56:C0:B9:20:0C:27:A4:AC:B9:8F:9D:45:1D:85:2A:30:50:AD
ValidityMon, 21 Apr 2025 08:40:41 GMT - Mon, 14 Jul 2025 08:40:40 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (12571)
Size
455 kB (454644 bytes)
Hash
6b1ff18480fa7c88461ea45ad1944031
a3ce4d1fe5c2005e07a2cb65e92cac3310eafcaa
9ece776dc8894694360fb6c35ac3f8878029ce3ff0716cff96492d4b7f1d8c08

HTTP Headers

GET /gtag/js?id=G-7JGWL9SV66 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-089702.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 10 May 2025 15:46:14 GMT
expires: Sat, 10 May 2025 15:46:14 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1075:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1075:0
report-to: {"group":"ascgcycc:1075:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1075:0"}],}
server: Google Tag Manager
content-length: 146498
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

POST 1xlite-089702.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/ab.json

83.147.224.6

200 OK

2 B

URL POST
1xlite-089702.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/ab.json
IP
83.147.224.6:443
ASN
#0

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerLet's Encrypt
Subject1xlite-089702.top
Fingerprint54:B3:E2:1B:47:8C:65:C3:1C:ED:F1:C8:6E:9B:A3:92:BC:94:C0:AF
ValidityTue, 11 Mar 2025 05:20:05 GMT - Mon, 09 Jun 2025 05:20:04 GMT

File type
JSON text data
Size
2 B (2 bytes)
Hash
d751713988987e9331980363e24189ce
97d170e1550eee4afc0af065b78cda302a97674c
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/ab.json HTTP/1.1
Host: 1xlite-089702.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Content-Type: application/json
X-Lang: en
X-Uuid: cb977724-ff70-45ca-9783-34e2f2dfc848
Content-Length: 19
Origin: https://1xlite-089702.top
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_4299502m_1599c_1w_1wkywe%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_4299502m_1599c_1w_1wkywe; postback_watcher=; auid=U5PgBmgfdLqsu89IAyErAg==
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 10 May 2025 15:46:03 GMT
content-type: application/json
content-length: 2
x-dt: 285
x-time-ng: 0.001
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.010, wf-uht;dur=0.013
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/entry-d0ce2ba8a2.js

185.244.209.62

200 OK

28 kB

URL GET
v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/entry-d0ce2ba8a2.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (2969)
Size
28 kB (27591 bytes)
Hash
feb598e3059a193eccbaa750d5abb764
8e97a33f00c356963a11b44edccad3e720a8f286
71d4552fff174538787abc9e1070b5731e2a8911d019f7e8a143e0448826f2c5

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/entry-d0ce2ba8a2.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-089702.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-089702.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 10 May 2025 15:46:04 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-422e76ad1549de0d2383cf699427d807-dfc93e9486b65411-01
last-modified: Wed, 30 Apr 2025 07:29:34 GMT
etag: W/"feb598e3059a193eccbaa750d5abb764"
x-amz-meta-mtime: 1745997847.069695279
content-encoding: gzip
expires: Thu, 01 May 2025 07:34:04 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 27562
cache: HIT
x-cached-since: 2025-05-10T08:06:42+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/shared-assets/__shared_popper_js_EEH7JIJK.js

185.244.209.62

200 OK

21 kB

URL GET
v3.traincdn.com/sys-static/shared-assets/__shared_popper_js_EEH7JIJK.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (21232)
Size
21 kB (21252 bytes)
Hash
65baa1e0e10c3b0e4763d35e76999e25
a21b6807691f637324b24296803e05b64fc4c694
610516103d1262a5c7d3f5481f3f54328723386634607085bf0cfc631ad0ab3f

HTTP Headers

GET /sys-static/shared-assets/__shared_popper_js_EEH7JIJK.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-089702.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 10 May 2025 15:46:04 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-155030b8f58f8cab9b9ed350ae1f03d9-eaf18477f84412fe-01
last-modified: Fri, 09 May 2025 08:32:04 GMT
etag: W/"65baa1e0e10c3b0e4763d35e76999e25"
x-amz-meta-mtime: 1746779387.558592013
content-encoding: gzip
expires: Sat, 10 May 2025 15:55:16 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 85848
cache: HIT
x-cached-since: 2025-05-09T15:55:16+00:00
X-Firefox-Spdy: h2

GET 1xlite-089702.top/captcha-api/assets/hunt-captcha.js

83.147.224.6

200 OK

84 kB

URL GET
1xlite-089702.top/captcha-api/assets/hunt-captcha.js
IP
83.147.224.6:443
ASN
#0

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerLet's Encrypt
Subject1xlite-089702.top
Fingerprint54:B3:E2:1B:47:8C:65:C3:1C:ED:F1:C8:6E:9B:A3:92:BC:94:C0:AF
ValidityTue, 11 Mar 2025 05:20:05 GMT - Mon, 09 Jun 2025 05:20:04 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
84 kB (83583 bytes)
Hash
be79c7224b26aecc4360524e88e8b1c8
83823bfb5014be1ff5fd565c182ce625f216a655
82f66c5a82eac3b54409b44f787da4e66a8c0cae1ad18c9685cc75cf604713f4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /captcha-api/assets/hunt-captcha.js HTTP/1.1
Host: 1xlite-089702.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_4299502m_1599c_1w_1wkywe%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_4299502m_1599c_1w_1wkywe; auid=U5PgBmgfdLqsu89IAyErAg==; window_width=1280; che_g=55645f11-4340-344c-8034-a6f0583ed4d6; SESSION=ccb597c614e7236c9a7c9ef88725b820
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 10 May 2025 15:46:12 GMT
content-type: text/javascript; charset=utf-8
cache-control: public, max-age=300
content-encoding: br
vary: Accept-Encoding
x-dt: 455
x-request-id: 4989794d9122c015fd68bb4ef773e1d7
x-time-ng: 0.004
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.010, wf-uht;dur=
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/62ddcac7/desktop/default/Page.Block-8205f2da.js

185.244.209.62

200 OK

476 B

URL GET
v3.traincdn.com/main-static/62ddcac7/desktop/default/Page.Block-8205f2da.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (476), with no line terminators
Size
476 B (476 bytes)
Hash
e86306810b548e42f2e7815c1b75121d
346bbfd46ceb2300dc259150a11670b68f8281e9
980db9cdb7d3b824645bdf19ae79a9a64b06a38880966b44e9ebe3ec7ee20d71

HTTP Headers

GET /main-static/62ddcac7/desktop/default/Page.Block-8205f2da.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-089702.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 10 May 2025 15:46:03 GMT
content-type: text/javascript; charset=utf-8
content-length: 476
traceparent: 00-7f448ce1b12c4a8762c740a9f37b4f2d-d80fef0776617245-01
last-modified: Fri, 09 May 2025 08:29:57 GMT
etag: "e86306810b548e42f2e7815c1b75121d"
x-amz-meta-mtime: 1746779396.584324408
expires: Sat, 10 May 2025 09:03:18 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 24015
cache: HIT
x-cached-since: 2025-05-10T09:05:48+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET 1xlite-089702.top/web-api/session

83.147.224.6

204 No Content

0 B

URL GET
1xlite-089702.top/web-api/session
IP
83.147.224.6:443
ASN
#0

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerLet's Encrypt
Subject1xlite-089702.top
Fingerprint54:B3:E2:1B:47:8C:65:C3:1C:ED:F1:C8:6E:9B:A3:92:BC:94:C0:AF
ValidityTue, 11 Mar 2025 05:20:05 GMT - Mon, 09 Jun 2025 05:20:04 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /web-api/session HTTP/1.1
Host: 1xlite-089702.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
content-type: application/json
x-requested-with: XMLHttpRequest
x-app-n: v3-nuxt2
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_4299502m_1599c_1w_1wkywe%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_4299502m_1599c_1w_1wkywe; auid=U5PgBmgfdLqsu89IAyErAg==; window_width=1280; che_g=55645f11-4340-344c-8034-a6f0583ed4d6
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
server: nginx
date: Sat, 10 May 2025 15:46:12 GMT
cache-control: no-cache, private
server-timing: dt_total;dur=0.006, p;dur=20.159, wf-uht;dur=0.032
set-cookie: ua=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
SESSION=ccb597c614e7236c9a7c9ef88725b820; path=/; secure; httponly; samesite=lax
x-dt: 285
x-time-ng: 0.022, 0.022
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

GET www.googletagmanager.com/gtag/destination?id=DC-14030178&cx=c&gtm=45He5571v9180563600za200&tag_exp=101509156~103101750~103101752~103116025~103200001~103233424~103251618~103251620~103284320~103284322~103301114~103301116

142.250.178.104

200 OK

288 kB

URL GET
www.googletagmanager.com/gtag/destination?id=DC-14030178&cx=c&gtm=45He5571v9180563600za200&tag_exp=101509156~103101750~103101752~103116025~103200001~103233424~103251618~103251620~103284320~103284322~103301114~103301116
IP
142.250.178.104:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint02:7D:56:C0:B9:20:0C:27:A4:AC:B9:8F:9D:45:1D:85:2A:30:50:AD
ValidityMon, 21 Apr 2025 08:40:41 GMT - Mon, 14 Jul 2025 08:40:40 GMT

File type
JavaScript source, ASCII text, with very long lines (5432)
Size
288 kB (288074 bytes)
Hash
d9200c9294e58be37ac714b5e79d3ca1
df518cd5e5a72bdf65d157f0d48bd803c03127e2
00d15eca5b3c10fe090deea7ffa9dc49a68f4f2ddf2ad85ede6c0b06b53aec9d

HTTP Headers

GET /gtag/destination?id=DC-14030178&cx=c&gtm=45He5571v9180563600za200&tag_exp=101509156~103101750~103101752~103116025~103200001~103233424~103251618~103251620~103284320~103284322~103301114~103301116 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-089702.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 10 May 2025 15:46:14 GMT
expires: Sat, 10 May 2025 15:46:14 GMT
cache-control: private, max-age=900
last-modified: Sat, 10 May 2025 15:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcysghrgc:42:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcysghrgc:42:0
report-to: {"group":"ascgcysghrgc:42:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcysghrgc:42:0"}],}
server: Google Tag Manager
content-length: 101738
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/b5cd9a5e87d930de856c92da15aa121e.png

185.244.209.62

200 OK

653 B

URL GET
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/b5cd9a5e87d930de856c92da15aa121e.png
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
PNG image data, 32 x 32, 8-bit colormap, non-interlaced
Size
653 B (653 bytes)
Hash
e6f0766cbd95db33da44e7a9140648f2
5f196b1bfe8c3f92bd2ebcd67124e72e81ae6aaf
c0399d478788d5d483f104a2e8cb7c32f41cb40e9df0c22e831b2bfa2db63ec0

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/b5cd9a5e87d930de856c92da15aa121e.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-089702.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 10 May 2025 15:46:03 GMT
content-type: image/png
content-length: 653
traceparent: 00-7253e784e1be088ebe9e295142cd205d-2fa84ef10b72dfe4-01
last-modified: Wed, 26 Jun 2024 08:18:02 GMT
etag: "e6f0766cbd95db33da44e7a9140648f2"
expires: Thu, 16 Jan 2025 10:46:36 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 2451
cache: HIT
x-cached-since: 2025-05-10T15:05:12+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/62ddcac7/desktop/default/vendors/plugins.v-tooltip-b5cb60af.js

185.244.209.62

200 OK

77 kB

URL GET
v3.traincdn.com/main-static/62ddcac7/desktop/default/vendors/plugins.v-tooltip-b5cb60af.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65476)
Size
77 kB (76622 bytes)
Hash
d202605644cb1a962c2ea9edfa17418b
ad3743f9070fdb9ea7bf2b3b32458ff4a7b45b35
645c7eda5803dd79632d37d9e9ded3b5462329a57ebe4a7c9bbdc471deb9d41d

HTTP Headers

GET /main-static/62ddcac7/desktop/default/vendors/plugins.v-tooltip-b5cb60af.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-089702.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 10 May 2025 15:46:03 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-41add3c97ecb66daece12e781b90d2ad-3fc591278a1e46e4-01
last-modified: Fri, 09 May 2025 08:29:57 GMT
etag: W/"d202605644cb1a962c2ea9edfa17418b"
x-amz-meta-mtime: 1746779396.604324466
content-encoding: gzip
expires: Sat, 10 May 2025 09:03:15 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 24050
cache: HIT
x-cached-since: 2025-05-10T09:05:13+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/593f1a6d4223015f3145bf447897f4f2.json

185.244.209.62

200 OK

241 B

URL GET
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/593f1a6d4223015f3145bf447897f4f2.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
241 B (241 bytes)
Hash
39257fbb62736206d5245e08925d7b60
4c11e3cb6a16b884772b88acdba30a2ad98e86b8
3a3cf0f5c60899ffb49d9825516aec475fd7b78cea8ae0b5b58dfb4e658f041e

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/593f1a6d4223015f3145bf447897f4f2.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-089702.top/
Origin: https://1xlite-089702.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 10 May 2025 15:46:04 GMT
content-type: application/json
content-length: 241
traceparent: 00-7825a36e319b1a65a03cba9e4cf972f4-e2f3bf21c4054d54-01
last-modified: Thu, 27 Feb 2025 13:24:25 GMT
etag: "39257fbb62736206d5245e08925d7b60"
expires: Thu, 27 Feb 2025 14:48:35 GMT
cache-control: max-age=3600
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
cache: REVALIDATED
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/283b76f48d045151d369ffabf3fbf49f.json

185.244.209.62

200 OK

2.9 kB

URL GET
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/283b76f48d045151d369ffabf3fbf49f.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
2.9 kB (2853 bytes)
Hash
c163e08f04217198adf89b6af95e8ff6
4f45163b22f2cb4d66d287eb4acc54345ee814f8
d5af82911b446075abf5a86e262c5d8210894f80f8e6140d771e6d3effe7c7a1

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/283b76f48d045151d369ffabf3fbf49f.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-089702.top/
Origin: https://1xlite-089702.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 10 May 2025 15:46:04 GMT
content-type: application/json
traceparent: 00-7376a4cf6d17348c76bdda8f0bab191d-e04b8d4057bced92-01
last-modified: Thu, 08 May 2025 12:53:06 GMT
etag: W/"c163e08f04217198adf89b6af95e8ff6"
content-encoding: gzip
expires: Thu, 08 May 2025 14:19:48 GMT
cache-control: max-age=3600
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
cache: REVALIDATED
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/62ddcac7/desktop/default/css/684d7545.css

185.244.209.62

200 OK

14 kB

URL GET
v3.traincdn.com/main-static/62ddcac7/desktop/default/css/684d7545.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with very long lines (14391), with no line terminators
Size
14 kB (14391 bytes)
Hash
a552d5db890b7f16e370b33cc587e807
a9dc47737b3e1d8ef6fcbb48c7c0b026c6fda545
0d7e00204297499711ae1da574d4635b31d8238ab4a663b382c44d850d24f3ec

HTTP Headers

GET /main-static/62ddcac7/desktop/default/css/684d7545.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-089702.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 10 May 2025 15:46:02 GMT
content-type: text/css; charset=utf-8
traceparent: 00-57a2f512a4aca4f91ad2966e256eab9b-13d9274dc60c0274-01
last-modified: Fri, 09 May 2025 08:29:58 GMT
etag: W/"a552d5db890b7f16e370b33cc587e807"
x-amz-meta-mtime: 1746779396.592324431
content-encoding: gzip
expires: Sat, 10 May 2025 09:03:11 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 24051
cache: HIT
x-cached-since: 2025-05-10T09:05:11+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/62ddcac7/desktop/default/runtime-b6dc95f8.js

185.244.209.62

200 OK

20 kB

URL GET
v3.traincdn.com/main-static/62ddcac7/desktop/default/runtime-b6dc95f8.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (19720), with no line terminators
Size
20 kB (19720 bytes)
Hash
097e517ba5e727312c8520b55e892e17
34643a5885d3fffb02b6aacd0203d392eb270d37
b66f8a4fdca078113b9b7ce4fdd74bb9c417c167b18f915ee31eec8f72efa489

HTTP Headers

GET /main-static/62ddcac7/desktop/default/runtime-b6dc95f8.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-089702.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 10 May 2025 15:46:03 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-43653e8d05c383e6278a7ec1886cf913-bae209b7cef167ed-01
last-modified: Fri, 09 May 2025 08:29:57 GMT
etag: W/"097e517ba5e727312c8520b55e892e17"
x-amz-meta-mtime: 1746779396.608324478
content-encoding: gzip
expires: Sat, 10 May 2025 09:03:12 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 24050
cache: HIT
x-cached-since: 2025-05-10T09:05:13+00:00
X-Firefox-Spdy: h2

POST www.google.com/gmp/conversion;src=14030178;type=xbet;cat=uniqu0;ord=1;num=5036140023120;npa=1;auiddc=484305786.1746891975;pscdl=noapi;frm=0;_tu=KpA;gtm=45fe5571v9190735530z89180563600za201zb9180563600;gcd=13l3l3l2l1l1;dma_cps=syphamo;dma=1;dc_fmt=4;tag_exp=101509156~103101750~103101752~103116026~103200004~103233424~103251618~103251620~103284320~103284322~103301114~103301116;ptag_exp=101509156~103101750~103101752~103116025~103200001~103233424~103251618~103251620~103284320~103284322~103301114~103301116;epver=2;dc_random=1746891975034;~oref=https%3A%2F%2F1xlite-089702.top%2Fen%2Fblock%3FredirectedFrom%3Dfebfcfd952501b35ef8ab19b1e78f8b4?

142.250.74.68

200 OK

42 B

URL POST
www.google.com/gmp/conversion;src=14030178;type=xbet;cat=uniqu0;ord=1;num=5036140023120;npa=1;auiddc=484305786.1746891975;pscdl=noapi;frm=0;_tu=KpA;gtm=45fe5571v9190735530z89180563600za201zb9180563600;gcd=13l3l3l2l1l1;dma_cps=syphamo;dma=1;dc_fmt=4;tag_exp=101509156~103101750~103101752~103116026~103200004~103233424~103251618~103251620~103284320~103284322~103301114~103301116;ptag_exp=101509156~103101750~103101752~103116025~103200001~103233424~103251618~103251620~103284320~103284322~103301114~103301116;epver=2;dc_random=1746891975034;~oref=https%3A%2F%2F1xlite-089702.top%2Fen%2Fblock%3FredirectedFrom%3Dfebfcfd952501b35ef8ab19b1e78f8b4?
IP
142.250.74.68:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerGoogle Trust Services
Subjectwww.google.com
FingerprintC0:9B:21:A5:10:36:7E:DC:25:8D:0B:AB:4B:D9:D7:AD:92:06:96:49
ValidityMon, 21 Apr 2025 08:42:35 GMT - Mon, 14 Jul 2025 08:42:34 GMT

File type
GIF image data, version 89a, 1 x 1
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

POST /gmp/conversion;src=14030178;type=xbet;cat=uniqu0;ord=1;num=5036140023120;npa=1;auiddc=484305786.1746891975;pscdl=noapi;frm=0;_tu=KpA;gtm=45fe5571v9190735530z89180563600za201zb9180563600;gcd=13l3l3l2l1l1;dma_cps=syphamo;dma=1;dc_fmt=4;tag_exp=101509156~103101750~103101752~103116026~103200004~103233424~103251618~103251620~103284320~103284322~103301114~103301116;ptag_exp=101509156~103101750~103101752~103116025~103200001~103233424~103251618~103251620~103284320~103284322~103301114~103301116;epver=2;dc_random=1746891975034;~oref=https%3A%2F%2F1xlite-089702.top%2Fen%2Fblock%3FredirectedFrom%3Dfebfcfd952501b35ef8ab19b1e78f8b4? HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-089702.top/
Origin: https://1xlite-089702.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 10 May 2025 15:46:15 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
access-control-allow-origin: https://1xlite-089702.top
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/shared-assets/__shared_localforage_H7M2CI7V.js

185.244.209.62

200 OK

30 kB

URL GET
v3.traincdn.com/sys-static/shared-assets/__shared_localforage_H7M2CI7V.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (30255)
Size
30 kB (30277 bytes)
Hash
8c858b7ed9e89233e182c6824388b15d
72b5da96c3735591317ee5d7a77733f3ee2e4f5b
ff626e5d8a3bf634c1577b920a448b6da177e7e0e164a3cce4d270ff78bb7d23

HTTP Headers

GET /sys-static/shared-assets/__shared_localforage_H7M2CI7V.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-089702.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 10 May 2025 15:46:04 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-e960c0663d1c0da484bbae7bf8d4565f-1447d03e1e4a5009-01
last-modified: Fri, 09 May 2025 08:32:04 GMT
etag: W/"8c858b7ed9e89233e182c6824388b15d"
x-amz-meta-mtime: 1746779387.558592013
content-encoding: gzip
expires: Sat, 10 May 2025 10:58:29 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 17061
cache: HIT
x-cached-since: 2025-05-10T11:01:43+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/20c4fa5118.js

185.244.209.62

200 OK

5.3 kB

URL GET
v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/20c4fa5118.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with very long lines (2176)
Size
5.3 kB (5322 bytes)
Hash
8b0f099a7e76b4c927fd26cb53407364
9f6d3e740fc38b6414dba6d949443e6660f00089
d733afd40054ce8437c2bd1c0a72a80cc936d6d85b259228ae7d6378235e87eb

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/20c4fa5118.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-089702.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 10 May 2025 15:46:04 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-f3ec1d8b5239bb300861cb78f057f16c-5bccfb7b792abd8f-01
last-modified: Wed, 30 Apr 2025 07:29:34 GMT
etag: W/"8b0f099a7e76b4c927fd26cb53407364"
x-amz-meta-mtime: 1745997847.067695148
content-encoding: gzip
expires: Thu, 01 May 2025 07:34:05 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 27561
cache: HIT
x-cached-since: 2025-05-10T08:06:43+00:00
X-Firefox-Spdy: h2

GET 1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4

83.147.224.6

203 Non Authoritative

266 kB

URL User Request GET
1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
IP
83.147.224.6:443
ASN
#0

Certificate
IssuerLet's Encrypt
Subject1xlite-089702.top
Fingerprint54:B3:E2:1B:47:8C:65:C3:1C:ED:F1:C8:6E:9B:A3:92:BC:94:C0:AF
ValidityTue, 11 Mar 2025 05:20:05 GMT - Mon, 09 Jun 2025 05:20:04 GMT

File type
HTML document, ASCII text, with very long lines (57799)
Size
266 kB (266144 bytes)
Hash
405a168e18bfb5e0d8d251e154f09dc8
ca4a9971c007a9677bde3a6cb4d514637ca28850
4dbeeed57d5da2dce9c24d1adc241db15d8013420dfe17439ee756c1f1c88bcb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4 HTTP/1.1
Host: 1xlite-089702.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_4299502m_1599c_1w_1wkywe%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_4299502m_1599c_1w_1wkywe; postback_watcher=; auid=U5PgBmgfdLqsu89IAyErAg==
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 203 Non Authoritative
server: nginx
date: Sat, 10 May 2025 15:46:02 GMT
content-type: text/html; charset=utf-8
content-length: 266144
accept-ranges: none
link: <https://v3.traincdn.com/sys-ui/2.3.169/Desktop/Default/client.css>; rel=preload; as=style; crossorigin=anonymous
server-timing: dt_total;dur=0.004, total;dur=73;desc="Nuxt Server Time"
set-cookie: gw-mm=; Path=/; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Secure; SameSite=None; Partitioned
lng=en; Path=/
cookies_agree_type=3; Path=/
tzo=2; Path=/
is12h=0; Path=/
x-dt: 285
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/shared-assets/__shared_chunk_KSBWA3N2.js

185.244.209.62

200 OK

610 B

URL GET
v3.traincdn.com/sys-static/shared-assets/__shared_chunk_KSBWA3N2.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (609)
Size
610 B (610 bytes)
Hash
464c50409850b3095783d5b3b9a1b00d
7d5c3f49bd0689d72dddceee68afd229f4168ed5
71cbc8847b4abb3782fe515be3e9e1f3fb639f801b337a2a3612616151ec250d

HTTP Headers

GET /sys-static/shared-assets/__shared_chunk_KSBWA3N2.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-089702.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 10 May 2025 15:46:04 GMT
content-type: text/javascript; charset=utf-8
content-length: 610
traceparent: 00-4a2564969de2f69061dd9191db36397d-6f1be853a4f37ece-01
last-modified: Fri, 09 May 2025 08:32:04 GMT
etag: "464c50409850b3095783d5b3b9a1b00d"
x-amz-meta-mtime: 1746779387.557591925
expires: Sat, 10 May 2025 10:58:57 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 17035
cache: HIT
x-cached-since: 2025-05-10T11:02:09+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/site-admin/colors/73c1e50506faab2d495c95d31b820a22.css

185.244.209.62

200 OK

40 kB

URL GET
v3.traincdn.com/genfiles/site-admin/colors/73c1e50506faab2d495c95d31b820a22.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with very long lines (39662), with no line terminators
Size
40 kB (39662 bytes)
Hash
73c1e50506faab2d495c95d31b820a22
c0f2744dc4b187b6667f6aa6a9b4013cf1f0dcd3
4ea05001192895400e75d7cd8c07c56ed203c40a1aed77be2534e7bd42135566

HTTP Headers

GET /genfiles/site-admin/colors/73c1e50506faab2d495c95d31b820a22.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-089702.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 10 May 2025 15:46:03 GMT
content-type: text/css
traceparent: 00-5cb5c9c314d0fdf082256df56cf2ed7f-e314217cc2321ae4-01
last-modified: Wed, 30 Apr 2025 07:00:46 GMT
etag: W/"73c1e50506faab2d495c95d31b820a22"
cache-control: max-age=3600
content-encoding: gzip
expires: Wed, 30 Apr 2025 09:47:52 GMT
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 3314
cache: HIT
x-cached-since: 2025-05-10T14:50:49+00:00
X-Firefox-Spdy: h2

POST region1.analytics.google.com/g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je5571v897130004za200&_p=1746891974122&em=tv.1~em.ODS1igyfeIhzOTHENqwIfH1sb8t0oxg8FT6iY2YCmeo&_gaz=1&gcd=13l3lPl2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101509157~103101750~103101752~103116025~103200001~103233427~103251618~103251620~103284320~103284322~103301114~103301116&cid=264750548.1746891975&ecid=2017985883&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&ec_mode=a&_s=1&sid=1746891974&sct=1&seg=0&dl=https%3A%2F%2F1xlite-089702.top%2Fen%2Fblock%3FredirectedFrom%3Dfebfcfd952501b35ef8ab19b1e78f8b4&dt=1xBet&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.optimize_id=GTM-5R4MT54&upn.ref_id=1&tfd=13354

216.239.32.36

204 No Content

0 B

URL POST
region1.analytics.google.com/g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je5571v897130004za200&_p=1746891974122&em=tv.1~em.ODS1igyfeIhzOTHENqwIfH1sb8t0oxg8FT6iY2YCmeo&_gaz=1&gcd=13l3lPl2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101509157~103101750~103101752~103116025~103200001~103233427~103251618~103251620~103284320~103284322~103301114~103301116&cid=264750548.1746891975&ecid=2017985883&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&ec_mode=a&_s=1&sid=1746891974&sct=1&seg=0&dl=https%3A%2F%2F1xlite-089702.top%2Fen%2Fblock%3FredirectedFrom%3Dfebfcfd952501b35ef8ab19b1e78f8b4&dt=1xBet&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.optimize_id=GTM-5R4MT54&upn.ref_id=1&tfd=13354
IP
216.239.32.36:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint02:7D:56:C0:B9:20:0C:27:A4:AC:B9:8F:9D:45:1D:85:2A:30:50:AD
ValidityMon, 21 Apr 2025 08:40:41 GMT - Mon, 14 Jul 2025 08:40:40 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-7JGWL9SV66&gtm=45je5571v897130004za200&_p=1746891974122&em=tv.1~em.ODS1igyfeIhzOTHENqwIfH1sb8t0oxg8FT6iY2YCmeo&_gaz=1&gcd=13l3lPl2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101509157~103101750~103101752~103116025~103200001~103233427~103251618~103251620~103284320~103284322~103301114~103301116&cid=264750548.1746891975&ecid=2017985883&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&ec_mode=a&_s=1&sid=1746891974&sct=1&seg=0&dl=https%3A%2F%2F1xlite-089702.top%2Fen%2Fblock%3FredirectedFrom%3Dfebfcfd952501b35ef8ab19b1e78f8b4&dt=1xBet&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.optimize_id=GTM-5R4MT54&upn.ref_id=1&tfd=13354 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-089702.top/
Origin: https://1xlite-089702.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: https://1xlite-089702.top
date: Sat, 10 May 2025 15:46:15 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:153:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsggc:153:0
report-to: {"group":"ascnsrsggc:153:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:153:0"}],}
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET 1xlite-089702.top/seo-module-api/api/public/v1/analytics-counters?project[id]=285&domain[host]=1xlite-089702.top

83.147.224.6

200 OK

105 B

URL GET
1xlite-089702.top/seo-module-api/api/public/v1/analytics-counters?project[id]=285&domain[host]=1xlite-089702.top
IP
83.147.224.6:443
ASN
#0

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerLet's Encrypt
Subject1xlite-089702.top
Fingerprint54:B3:E2:1B:47:8C:65:C3:1C:ED:F1:C8:6E:9B:A3:92:BC:94:C0:AF
ValidityTue, 11 Mar 2025 05:20:05 GMT - Mon, 09 Jun 2025 05:20:04 GMT

File type
JSON text data
Size
105 B (105 bytes)
Hash
6abfe5f6641fddde82c2ca29cf5c6a7a
958379bc84073d266358a27b3cf86b15484f5f6d
ede01772dfd8da2cc82f245e454ce360b2ceb13b7d1c330bbc1d68fe41255c19

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /seo-module-api/api/public/v1/analytics-counters?project[id]=285&domain[host]=1xlite-089702.top HTTP/1.1
Host: 1xlite-089702.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
content-type: application/json
x-requested-with: XMLHttpRequest
x-app-n: v3-nuxt2
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_4299502m_1599c_1w_1wkywe%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_4299502m_1599c_1w_1wkywe; postback_watcher=; auid=U5PgBmgfdLqsu89IAyErAg==; window_width=1280
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 10 May 2025 15:46:04 GMT
content-type: application/json
content-length: 107
cache-control: max-age=1200, must-revalidate, public, s-maxage=1800, stale-if-error=86400, stale-while-revalidate=300
x-content-digest: en6d0e5d6e0146a49c358c0eaad1d2ef38
age: 1149
x-request-id: 896561fa40bd86c3637bda7351d3e4e9
x-request-guid: 896561fa40bd86c3637bda7351d3e4e9
content-encoding: br
x-time-ng: 0.002
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: p;dur=0.72479248046875, wf-uht;dur=0.011
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/shared-assets/__shared_libphonenumber_js_4IISRMA4.js

185.244.209.62

200 OK

159 kB

URL GET
v3.traincdn.com/sys-static/shared-assets/__shared_libphonenumber_js_4IISRMA4.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with very long lines (65509)
Size
159 kB (158815 bytes)
Hash
4673edf4e262d0703069c59915cde01f
da52ee1e0d3f5967a58218500593537f8e33621e
4e24e1b83813d014e5a44217a142123c8f95be42d2a9594b535155630e1adf45

HTTP Headers

GET /sys-static/shared-assets/__shared_libphonenumber_js_4IISRMA4.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-089702.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 10 May 2025 15:46:04 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-4b4f0b39ba9a237c21a9e77e167fc1bc-c7c583575676e139-01
last-modified: Fri, 09 May 2025 08:32:04 GMT
etag: W/"4673edf4e262d0703069c59915cde01f"
x-amz-meta-mtime: 1746779387.557591925
content-encoding: gzip
expires: Sat, 10 May 2025 10:58:29 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 17061
cache: HIT
x-cached-since: 2025-05-10T11:01:43+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/56f58c6d078ff0e8f698576f33bb478d.json

185.244.209.62

200 OK

3.6 kB

URL GET
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/56f58c6d078ff0e8f698576f33bb478d.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
3.6 kB (3557 bytes)
Hash
4b08975411699bcd7464f49777e866bf
2a9b0a0f3eadf5f3e1ef688bacd9560dd59c73d2
b6208d18413f8988db2e0040ff72516c0cb5e06d3d9692b5b098808ab46fc378

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/56f58c6d078ff0e8f698576f33bb478d.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-089702.top/
Origin: https://1xlite-089702.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 10 May 2025 15:46:04 GMT
content-type: application/json
traceparent: 00-51c537d14f18624b5fa798b7f37f4194-4e0a08221287cd5b-01
last-modified: Thu, 27 Feb 2025 09:06:12 GMT
etag: W/"4b08975411699bcd7464f49777e866bf"
content-encoding: gzip
expires: Thu, 27 Feb 2025 10:17:14 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
cache: REVALIDATED
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/ca0b35c4fc049f15180d875f935913b8.json

185.244.209.62

200 OK

9.3 kB

URL GET
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/ca0b35c4fc049f15180d875f935913b8.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
9.3 kB (9330 bytes)
Hash
ca7f8dc261bfa0bedbe26c6196957093
201939c20640df2ad6fbe79bc165b2e2d19bc65b
9d7da7f9fd8b6eb344298507d3e2afd038623c0e46dee2a018c0e3ecd667f203

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/ca0b35c4fc049f15180d875f935913b8.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-089702.top/
Origin: https://1xlite-089702.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 10 May 2025 15:46:03 GMT
content-type: application/json
traceparent: 00-5d2cddfb1c58905785662ef79f833320-7d03e75ed2019620-01
last-modified: Wed, 20 Nov 2024 09:20:07 GMT
etag: W/"ca7f8dc261bfa0bedbe26c6196957093"
content-encoding: gzip
expires: Thu, 16 Jan 2025 10:57:42 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 427
cache: HIT
x-cached-since: 2025-05-10T15:38:56+00:00
X-Firefox-Spdy: h2

GET refpa3740576.top/l?tag=d_4299502m_1599c_1w_1wkywe&site=4299502&ad=1599

178.253.15.167

303 See Other

266 kB

URL User Request GET
refpa3740576.top/l?tag=d_4299502m_1599c_1w_1wkywe&site=4299502&ad=1599
IP
178.253.15.167:443
ASN
#202492 Silverhill Group Holding Ltd

Certificate
IssuerLet's Encrypt
Subjectrefpa3740576.top
Fingerprint0D:8C:F9:86:04:A5:3B:1F:6A:F3:DA:FA:85:B8:F2:E5:8A:F5:E8:95
ValidityMon, 31 Mar 2025 05:21:08 GMT - Sun, 29 Jun 2025 05:21:07 GMT

File type

Size
266 kB (266144 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /l?tag=d_4299502m_1599c_1w_1wkywe&site=4299502&ad=1599 HTTP/1.1
Host: refpa3740576.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 303 See Other
server: nginx
date: Sat, 10 May 2025 15:46:01 GMT
location: https://1xlite-089702.top:443/en?tag=d_4299502m_1599c_1w_1wkywe
set-cookie: A_1599_v=0; expires=Sun, 11 May 2025 15:46:01 GMT; path=/; secure
A_1599_c=1; expires=Sun, 11 May 2025 15:46:01 GMT; path=/; secure
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.010
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-ui/3.3.197/Desktop/Default/merged.css

185.244.209.62

200 OK

939 kB

URL GET
v3.traincdn.com/sys-ui/3.3.197/Desktop/Default/merged.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
939 kB (938845 bytes)
Hash
f52991ea7bb76b9ddc72b913dfc83299
ca8b5d46d2e7410a8135d0c95622fec171bf3556
e2ac549362bdd8175475fae965fbc7f7edf43348a7fcf8d48ad1c31d8d9bdea5

HTTP Headers

GET /sys-ui/3.3.197/Desktop/Default/merged.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-089702.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 10 May 2025 15:46:02 GMT
content-type: text/css; charset=utf-8
traceparent: 00-6eef81cbe2a7592a4505ac4d4da808bb-29f208db7d5c4ba6-01
last-modified: Sat, 10 May 2025 10:53:14 GMT
etag: W/"f52991ea7bb76b9ddc72b913dfc83299"
x-amz-meta-mtime: 1746874355.186762576
content-encoding: gzip
expires: Sun, 11 May 2025 10:57:46 GMT
cache-control: max-age=86400
x-time-ng: 0.003
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 17089
cache: HIT
x-cached-since: 2025-05-10T11:01:13+00:00
X-Firefox-Spdy: h2

POST 1xlite-089702.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json

83.147.224.6

200 OK

23 B

URL POST
1xlite-089702.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json
IP
83.147.224.6:443
ASN
#0

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerLet's Encrypt
Subject1xlite-089702.top
Fingerprint54:B3:E2:1B:47:8C:65:C3:1C:ED:F1:C8:6E:9B:A3:92:BC:94:C0:AF
ValidityTue, 11 Mar 2025 05:20:05 GMT - Mon, 09 Jun 2025 05:20:04 GMT

File type
JSON text data
Size
23 B (23 bytes)
Hash
5ebee9c93831b249c472606dbf415b47
8ee3b94c28a65f56e8bd21a08d2af33a5a9bfaa9
7595be348d53657d901d23c0ec7759674e176bc665779503d230618f2ca8a4af

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json HTTP/1.1
Host: 1xlite-089702.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Content-Type: application/json
X-Lang: en
X-Uuid: cb977724-ff70-45ca-9783-34e2f2dfc848
Content-Length: 48
Origin: https://1xlite-089702.top
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_4299502m_1599c_1w_1wkywe%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_4299502m_1599c_1w_1wkywe; postback_watcher=; auid=U5PgBmgfdLqsu89IAyErAg==; window_width=1920
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 10 May 2025 15:46:03 GMT
content-type: application/json
content-length: 23
x-dt: 285
x-time-ng: 0.000
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.066, wf-uht;dur=0.012
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/62ddcac7/desktop/default/Betting.Core-e26aeba3.js

185.244.209.62

200 OK

2.1 kB

URL GET
v3.traincdn.com/main-static/62ddcac7/desktop/default/Betting.Core-e26aeba3.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (2145), with no line terminators
Size
2.1 kB (2145 bytes)
Hash
ad8b702f43e8488b2f83d2591e11cc73
8a0fc892a4f1bb60446fdfb48474e713ab24d012
280be10eba734661bd87ecaf27c95576732e8f196db87a8b1c3402b311cd45be

HTTP Headers

GET /main-static/62ddcac7/desktop/default/Betting.Core-e26aeba3.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-089702.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 10 May 2025 15:46:04 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-92312eb12feaaf9506bf21c141cc1bb7-09602ddce41c08ed-01
last-modified: Fri, 09 May 2025 08:29:57 GMT
etag: W/"ad8b702f43e8488b2f83d2591e11cc73"
x-amz-meta-mtime: 1746779396.584324408
content-encoding: gzip
expires: Sat, 10 May 2025 09:03:19 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 24050
cache: HIT
x-cached-since: 2025-05-10T09:05:14+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/fc03516ae4c718991727836d377493ff.json

185.244.209.62

200 OK

13 kB

URL GET
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/fc03516ae4c718991727836d377493ff.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
13 kB (13278 bytes)
Hash
2b474bcc2f009b70e64e2b5a95dd50a4
1fd5ee2d54da7dfbf61e67efd938a89c548fc866
f86d880575f3f65ddaaf9e8a0e3746bbbefcefe7e6c0c4441e9e20ceffdca237

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/fc03516ae4c718991727836d377493ff.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-089702.top/
Origin: https://1xlite-089702.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 10 May 2025 15:46:04 GMT
content-type: application/json
traceparent: 00-26c3c529d1a1920b55377a372e60b359-dd925f894361ab57-01
last-modified: Wed, 12 Mar 2025 09:35:22 GMT
etag: W/"2b474bcc2f009b70e64e2b5a95dd50a4"
content-encoding: gzip
expires: Wed, 12 Mar 2025 11:03:31 GMT
cache-control: max-age=3600
x-time-ng: 0.001
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
cache: REVALIDATED
X-Firefox-Spdy: h2

GET www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-7JGWL9SV66&cid=264750548.1746891975&gtm=45je5571v897130004za200&aip=1&dma=1&dma_cps=syphamo&gcd=13l3lPl2l1l1&npa=1&frm=0&tag_exp=101509157~103101750~103101752~103116025~103200001~103233427~103251618~103251620~103284320~103284322~103301114~103301116&tag_exp=101509157~103101750~103101752~103116025~103200001~103233427~103251618~103251620~103284320~103284322~103301114~103301116&z=399138827

142.250.74.131

200 OK

42 B

URL GET
www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-7JGWL9SV66&cid=264750548.1746891975&gtm=45je5571v897130004za200&aip=1&dma=1&dma_cps=syphamo&gcd=13l3lPl2l1l1&npa=1&frm=0&tag_exp=101509157~103101750~103101752~103116025~103200001~103233427~103251618~103251620~103284320~103284322~103301114~103301116&tag_exp=101509157~103101750~103101752~103116025~103200001~103233427~103251618~103251620~103284320~103284322~103301114~103301116&z=399138827
IP
142.250.74.131:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerGoogle Trust Services
Subject*.google.no
Fingerprint66:A3:1A:F5:73:DE:8E:7D:0E:AA:01:69:6B:5C:DA:3F:F8:63:CD:5F
ValidityMon, 21 Apr 2025 08:43:35 GMT - Mon, 14 Jul 2025 08:43:34 GMT

File type
GIF image data, version 89a, 1 x 1
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-7JGWL9SV66&cid=264750548.1746891975&gtm=45je5571v897130004za200&aip=1&dma=1&dma_cps=syphamo&gcd=13l3lPl2l1l1&npa=1&frm=0&tag_exp=101509157~103101750~103101752~103116025~103200001~103233427~103251618~103251620~103284320~103284322~103301114~103301116&tag_exp=101509157~103101750~103101752~103116025~103200001~103233427~103251618~103251620~103284320~103284322~103301114~103301116&z=399138827 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-089702.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 10 May 2025 15:46:15 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/346ba7cb7f.css

185.244.209.62

200 OK

650 B

URL GET
v3.traincdn.com/sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/346ba7cb7f.css
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
ASCII text, with very long lines (649)
Size
650 B (650 bytes)
Hash
d1fd527117bc7f6ab34dfb21f73eff21
3cd449f00b04eaf0e19ace8e68cd5ca39b43cfa8
4aa6713aa401bfab91d607e5d75483215ae8c34f840d55b2e7bef9cc3cc0cd28

HTTP Headers

GET /sys-static/sys-technical-pages-app-static/Desktop/Default/44136fa355b3/346ba7cb7f.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-089702.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 10 May 2025 15:46:02 GMT
content-type: text/css; charset=utf-8
content-length: 650
traceparent: 00-3bd1ab93a05d98a81953ab08e8f374b4-f0afe7c5e80a079a-01
last-modified: Wed, 30 Apr 2025 07:29:34 GMT
etag: "d1fd527117bc7f6ab34dfb21f73eff21"
x-amz-meta-mtime: 1745997847.066695082
expires: Thu, 01 May 2025 09:21:56 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 21720
cache: HIT
x-cached-since: 2025-05-10T09:44:02+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2

185.244.209.62

200 OK

64 kB

URL GET
v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 63920, version 1.0
Size
64 kB (63920 bytes)
Hash
a65527fcb58f66a7cfbc0e6b160538b4
45d260e7fa343401b5bb0df982a014f53e2d253b
fb13c3a1cbac60649b76f7d7f85c1645d35ac69b85ce5f4eb0692505ecc2cd45

HTTP Headers

GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-089702.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 10 May 2025 15:46:03 GMT
content-type: font/woff2
content-length: 63920
traceparent: 00-41af1624fcda872c29409165ed2e4ee4-3ef31d08ca0e3d90-01
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "a65527fcb58f66a7cfbc0e6b160538b4"
expires: Thu, 16 Jan 2025 10:45:34 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 789
cache: HIT
x-cached-since: 2025-05-10T15:32:54+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/main-static/62ddcac7/desktop/default/commons/app-6cee1b54.js

185.244.209.62

200 OK

138 kB

URL GET
v3.traincdn.com/main-static/62ddcac7/desktop/default/commons/app-6cee1b54.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65476)
Size
138 kB (138079 bytes)
Hash
d76951ff0952b11ad5f228dd59e3440c
8e7aa237896f6fa259609de20e31566959afe1c2
56e30a9244acd3ebfa556a91683b65ef46bd00f1a4b4f4086df628abfcd4d2ca

HTTP Headers

GET /main-static/62ddcac7/desktop/default/commons/app-6cee1b54.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-089702.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 10 May 2025 15:46:03 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-cd502c1d8f93886c5e227c3a8cba4abb-b611ec9ede1ade20-01
last-modified: Fri, 09 May 2025 08:29:57 GMT
etag: W/"d76951ff0952b11ad5f228dd59e3440c"
x-amz-meta-mtime: 1746779396.588324419
content-encoding: gzip
expires: Sat, 10 May 2025 09:03:12 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 24050
cache: HIT
x-cached-since: 2025-05-10T09:05:13+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/shared-assets/Desktop/__shared_base-app_210b6fa8a8.js

185.244.209.62

200 OK

799 kB

URL GET
v3.traincdn.com/sys-static/shared-assets/Desktop/__shared_base-app_210b6fa8a8.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (22765)
Size
799 kB (798806 bytes)
Hash
b388efb9d1e0486ae5f4eefc048c6f92
312d9a68daac4023901700e92fd94786348c6926
8c5a3904a9ea820b8dc76874370cd5f6b773885167b63b2ed97d39ff33aaaa12

HTTP Headers

GET /sys-static/shared-assets/Desktop/__shared_base-app_210b6fa8a8.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-089702.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 10 May 2025 15:46:04 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-6c3109ec8eb80e4e823f077b4aced537-02b581e86a41a3c3-01
last-modified: Wed, 07 May 2025 13:34:00 GMT
etag: W/"b388efb9d1e0486ae5f4eefc048c6f92"
x-amz-meta-mtime: 1746624743.201927296
content-encoding: gzip
expires: Fri, 09 May 2025 10:12:58 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 19774
cache: HIT
x-cached-since: 2025-05-10T10:16:30+00:00
X-Firefox-Spdy: h2

GET 1xlite-089702.top/hd-api/external/assets/hdf.js

83.147.224.6

200 OK

4.1 kB

URL GET
1xlite-089702.top/hd-api/external/assets/hdf.js
IP
83.147.224.6:443
ASN
#0

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerLet's Encrypt
Subject1xlite-089702.top
Fingerprint54:B3:E2:1B:47:8C:65:C3:1C:ED:F1:C8:6E:9B:A3:92:BC:94:C0:AF
ValidityTue, 11 Mar 2025 05:20:05 GMT - Mon, 09 Jun 2025 05:20:04 GMT

File type
C++ source, ASCII text, with very long lines (874)
Size
4.1 kB (4078 bytes)
Hash
2f26a679e9d54a65e6578e947cc5bdf2
1b984864aa7b3e28231ac7cea3c199435dbdc6bf
1e3c4bd81a1cd9ee02e42a42802d5c18cbdb3f3a11c0b2732eb11bd12263020c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hd-api/external/assets/hdf.js HTTP/1.1
Host: 1xlite-089702.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_4299502m_1599c_1w_1wkywe%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_4299502m_1599c_1w_1wkywe; auid=U5PgBmgfdLqsu89IAyErAg==; window_width=1280; che_g=55645f11-4340-344c-8034-a6f0583ed4d6; SESSION=ccb597c614e7236c9a7c9ef88725b820
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 10 May 2025 15:46:12 GMT
content-type: text/javascript; charset=utf-8
content-length: 1622
cache-control: public, max-age=300
content-encoding: gzip
etag: 2f26a679e9d54a65e6578e947cc5bdf2
vary: Accept-Encoding
x-dt: 455
x-request-guid: 32aa2f9d8cff36c8e01b508613de5c84
x-time-ng: 0.001
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.010, wf-uht;dur=
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/sys-static/shared-assets/__shared_accept_language_parser_FZZ6RWIK.js

185.244.209.62

200 OK

1.3 kB

URL GET
v3.traincdn.com/sys-static/shared-assets/__shared_accept_language_parser_FZZ6RWIK.js
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (1265)
Size
1.3 kB (1297 bytes)
Hash
fc1c44ae9e4954ae02c484125b7a6a1e
484eb92dd5bb166e7a06c1cf2dce2400bb3055e3
fa015c22854d009fd3436cac0b3958a3616d67d9c633c61d0ae309c114ab9f04

HTTP Headers

GET /sys-static/shared-assets/__shared_accept_language_parser_FZZ6RWIK.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-089702.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 10 May 2025 15:46:04 GMT
content-type: text/javascript; charset=utf-8
traceparent: 00-0b4a8238de9c2d569d997b5194de3665-1a9ab14370b159d2-01
last-modified: Fri, 09 May 2025 08:32:04 GMT
etag: W/"fc1c44ae9e4954ae02c484125b7a6a1e"
x-amz-meta-mtime: 1746779387.556591837
content-encoding: gzip
expires: Sat, 10 May 2025 11:01:40 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 17061
cache: HIT
x-cached-since: 2025-05-10T11:01:43+00:00
X-Firefox-Spdy: h2

GET 1xlite-089702.top/hd-api/external/0196bae0-1e59-7995-9cfc-a889a66a2291.js

83.147.224.6

200 OK

364 kB

URL GET
1xlite-089702.top/hd-api/external/0196bae0-1e59-7995-9cfc-a889a66a2291.js
IP
83.147.224.6:443
ASN
#0

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerLet's Encrypt
Subject1xlite-089702.top
Fingerprint54:B3:E2:1B:47:8C:65:C3:1C:ED:F1:C8:6E:9B:A3:92:BC:94:C0:AF
ValidityTue, 11 Mar 2025 05:20:05 GMT - Mon, 09 Jun 2025 05:20:04 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
364 kB (364185 bytes)
Hash
3d728c5f70a131cdc0e1ded6584fff8d
bfc1cc7be77b312b57e92ee977254ce691accd16
127593915c963826c52f8861a3e946b924131f6f58ee223ab4eeb465215a686e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /hd-api/external/0196bae0-1e59-7995-9cfc-a889a66a2291.js HTTP/1.1
Host: 1xlite-089702.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_4299502m_1599c_1w_1wkywe%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_4299502m_1599c_1w_1wkywe; auid=U5PgBmgfdLqsu89IAyErAg==; window_width=1280; che_g=55645f11-4340-344c-8034-a6f0583ed4d6; SESSION=ccb597c614e7236c9a7c9ef88725b820
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 10 May 2025 15:46:12 GMT
content-type: text/javascript; charset=utf-8
cache-control: private, max-age=0, must-revalidate
content-encoding: gzip
vary: Accept-Encoding
x-dt: 285
x-hd-trace-id: a610f4f0-b1ce-41cf-b413-64f35f27746d
x-request-guid: a4f0c45c72f97d4c9a2c59f61b5029a3
x-time-ng: 0.003
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.016, wf-uht;dur=0.027
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_registration/en/dictionary_a43bac30ab8d58daed30a965e5b4dcb8.json

185.244.209.62

200 OK

21 kB

URL GET
v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_registration/en/dictionary_a43bac30ab8d58daed30a965e5b4dcb8.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (20013), with no line terminators
Size
21 kB (21192 bytes)
Hash
3ea158caa42388288a5a2fdc71d7792a
2bc27c4a5312408320e8335499d0e149a871b0f9
c6f91e5dcb957ec38709a6d3eee30ab404f474030364be4f7e5e576a2c8453af

HTTP Headers

GET /genfiles/web-app-v2/dictionary2/v3_registration/en/dictionary_a43bac30ab8d58daed30a965e5b4dcb8.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-089702.top/
Origin: https://1xlite-089702.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 10 May 2025 15:46:03 GMT
content-type: application/json; charset=utf-8
traceparent: 00-75a7183eb08487118541f31ffb2e85d1-cb98c6cb4b56e6c1-01
last-modified: Fri, 09 May 2025 08:06:11 GMT
etag: W/"46973699a05a1c24f569f550be848554"
cache-control: max-age=3600
content-encoding: gzip
expires: Fri, 09 May 2025 09:17:45 GMT
x-time-ng: 0.002
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 2322
cache: HIT
x-cached-since: 2025-05-10T15:07:21+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_forgot_password/en/dictionary_28cb4e6b9a8be3afbcbc2a6b22ab3393.json

185.244.209.62

200 OK

3.5 kB

URL GET
v3.traincdn.com/genfiles/web-app-v2/dictionary2/v3_forgot_password/en/dictionary_28cb4e6b9a8be3afbcbc2a6b22ab3393.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
3.5 kB (3497 bytes)
Hash
273bec90c875f74d2f5ef70f9e32db45
f46d2fe53dbb25c9b9ddc3cabb5731ca38f8f1e7
cd0f959ce14dedb8fd75b1844e40ba237d747c2bb83a87dcabd0d71564eaed21

HTTP Headers

GET /genfiles/web-app-v2/dictionary2/v3_forgot_password/en/dictionary_28cb4e6b9a8be3afbcbc2a6b22ab3393.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-089702.top/
Origin: https://1xlite-089702.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 10 May 2025 15:46:03 GMT
content-type: application/json; charset=utf-8
traceparent: 00-a62ab9808da58bc3becca0ed3dab21d0-2afd15cf3020e112-01
last-modified: Tue, 03 Dec 2024 08:05:32 GMT
etag: W/"273bec90c875f74d2f5ef70f9e32db45"
cache-control: max-age=3600
content-encoding: gzip
expires: Thu, 16 Jan 2025 10:56:28 GMT
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 2320
cache: HIT
x-cached-since: 2025-05-10T15:07:23+00:00
X-Firefox-Spdy: h2

POST 1xlite-089702.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json

83.147.224.6

200 OK

23 B

URL POST
1xlite-089702.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json
IP
83.147.224.6:443
ASN
#0

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerLet's Encrypt
Subject1xlite-089702.top
Fingerprint54:B3:E2:1B:47:8C:65:C3:1C:ED:F1:C8:6E:9B:A3:92:BC:94:C0:AF
ValidityTue, 11 Mar 2025 05:20:05 GMT - Mon, 09 Jun 2025 05:20:04 GMT

File type
JSON text data
Size
23 B (23 bytes)
Hash
538c7f766d054860e72a44ee03d34393
8bf2c24cd50f369e034badf6de8b0eb141d7ffe1
ff3e0b247a89e813322aaad4d6d5d831276b824e582fca0f441a5c14000dda45

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json HTTP/1.1
Host: 1xlite-089702.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Content-Type: application/json
X-Lang: en
X-Uuid: cb977724-ff70-45ca-9783-34e2f2dfc848
Content-Length: 72
Origin: https://1xlite-089702.top
DNT: 1
Connection: keep-alive
Cookie: platform_type=desktop; lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_4299502m_1599c_1w_1wkywe%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_4299502m_1599c_1w_1wkywe; postback_watcher=; auid=U5PgBmgfdLqsu89IAyErAg==; window_width=1280; che_g=55645f11-4340-344c-8034-a6f0583ed4d6
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 10 May 2025 15:46:04 GMT
content-type: application/json
content-length: 23
x-dt: 285
x-time-ng: 0.000
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=0.112, wf-uht;dur=0.036
X-Firefox-Spdy: h2

POST www.google.com/ccm/collect?en=page_view&dl=https%3A%2F%2F1xlite-089702.top%2Fen%2Fblock&scrsrc=www.googletagmanager.com&frm=0&rnd=1134775664.1746891975&dt=1xBet&auid=484305786.1746891975&navt=n&npa=1&gtm=45He5571v9180563600za200&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101509156~103101750~103101752~103116025~103200001~103233424~103251618~103251620~103284320~103284322~103301114~103301116&tft=1746891974814&tfd=13330&apve=1

142.250.74.68

200 OK

0 B

URL POST
www.google.com/ccm/collect?en=page_view&dl=https%3A%2F%2F1xlite-089702.top%2Fen%2Fblock&scrsrc=www.googletagmanager.com&frm=0&rnd=1134775664.1746891975&dt=1xBet&auid=484305786.1746891975&navt=n&npa=1&gtm=45He5571v9180563600za200&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101509156~103101750~103101752~103116025~103200001~103233424~103251618~103251620~103284320~103284322~103301114~103301116&tft=1746891974814&tfd=13330&apve=1
IP
142.250.74.68:443
ASN
#15169 GOOGLE

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerGoogle Trust Services
Subjectwww.google.com
FingerprintC0:9B:21:A5:10:36:7E:DC:25:8D:0B:AB:4B:D9:D7:AD:92:06:96:49
ValidityMon, 21 Apr 2025 08:42:35 GMT - Mon, 14 Jul 2025 08:42:34 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /ccm/collect?en=page_view&dl=https%3A%2F%2F1xlite-089702.top%2Fen%2Fblock&scrsrc=www.googletagmanager.com&frm=0&rnd=1134775664.1746891975&dt=1xBet&auid=484305786.1746891975&navt=n&npa=1&gtm=45He5571v9180563600za200&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101509156~103101750~103101752~103116025~103200001~103233424~103251618~103251620~103284320~103284322~103301114~103301116&tft=1746891974814&tfd=13330&apve=1 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-089702.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-089702.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 200 OK
cache-control: no-cache, no-store, must-revalidate
date: Sat, 10 May 2025 15:46:15 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
content-type: text/plain
vary: Origin, X-Origin, Referer
server: scaffolding on HTTPServer2
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://1xlite-089702.top
access-control-expose-headers: date,vary,vary,vary,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/d9842b87b9dabdc4cdc248c062355299.json

185.244.209.62

200 OK

7.3 kB

URL GET
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/d9842b87b9dabdc4cdc248c062355299.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
7.3 kB (7321 bytes)
Hash
0614058b667e6dfa1cdecc6e0e53131c
4f20f88c436fb5cbd82cf1dcfeaa14e52195a369
be16474b0f19b7536ebdd3d0f8867b151eaa4638411ddb46845f887a5d51a653

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/d9842b87b9dabdc4cdc248c062355299.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-089702.top/
Origin: https://1xlite-089702.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 10 May 2025 15:46:03 GMT
content-type: application/json
traceparent: 00-d1659205e397a3c02296b235bfa31041-5f1af0ed5ef83074-01
last-modified: Thu, 23 Jan 2025 13:19:10 GMT
etag: W/"0614058b667e6dfa1cdecc6e0e53131c"
content-encoding: gzip
expires: Thu, 23 Jan 2025 14:50:28 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 427
cache: HIT
x-cached-since: 2025-05-10T15:38:56+00:00
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/8192228305b202797f207eeb6842287c.png

185.244.209.62

200 OK

5.2 kB

URL GET
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/8192228305b202797f207eeb6842287c.png
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
PNG image data, 514 x 514, 8-bit colormap, non-interlaced
Size
5.2 kB (5202 bytes)
Hash
b9a636eef54b2844b571fe7de49184a7
bf653690790ced40eb3189da075a275d951d1607
001bfcdd52b658d46543a1aec889d35b73b3909b47097cc011b95e96fc9e3743

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/8192228305b202797f207eeb6842287c.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-089702.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 10 May 2025 15:46:04 GMT
content-type: image/png
content-length: 5202
traceparent: 00-297624004260f79292e04cb676cd827f-4bb151cfb44fb0d5-01
last-modified: Wed, 26 Jun 2024 08:22:59 GMT
etag: "b9a636eef54b2844b571fe7de49184a7"
expires: Thu, 16 Jan 2025 11:18:57 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
age: 3559
cache: HIT
x-cached-since: 2025-05-10T14:46:45+00:00
accept-ranges: bytes
X-Firefox-Spdy: h2

GET v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/1c0cd0740fccd19a9816be06e69f0a1b.json

185.244.209.62

200 OK

473 B

URL GET
v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/1c0cd0740fccd19a9816be06e69f0a1b.json
IP
185.244.209.62:443
ASN
#199524 G-Core Labs S.A.

Requested by
https://1xlite-089702.top/en/block?redirectedFrom=febfcfd952501b35ef8ab19b1e78f8b4
Certificate
IssuerSectigo Limited
Subject*.traincdn.com
Fingerprint71:CC:F4:85:58:3C:F4:8C:55:97:B4:2F:47:54:D1:16:BE:D5:A3:CA
ValidityTue, 26 Nov 2024 00:00:00 GMT - Fri, 26 Dec 2025 23:59:59 GMT

File type
JSON text data
Size
473 B (473 bytes)
Hash
e67aa19ef00fd2285c7b4ecbb6018306
5b01d4786d6fbfbd5de7901eb4359a55466f434a
135c1042c31e3674d8a1b3b9e7179f4f36868048ca6058ea458ff291b8880b5e

HTTP Headers

GET /genfiles/cms/1-285/desktop/media_asset/1c0cd0740fccd19a9816be06e69f0a1b.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-089702.top/
Origin: https://1xlite-089702.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 10 May 2025 15:46:04 GMT
content-type: application/json
content-length: 473
traceparent: 00-2d93446dfb78a8d881b0603935893f94-c2660fd37b37e054-01
last-modified: Thu, 16 May 2024 20:41:30 GMT
etag: "e67aa19ef00fd2285c7b4ecbb6018306"
expires: Thu, 16 Jan 2025 11:19:55 GMT
cache-control: max-age=3600
x-time-ng: 0.000
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
x-id: osix-hw-edge-gc4
cache: REVALIDATED
accept-ranges: bytes
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (55)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML