| 1xlite-660473.top/polyfills.js | 178.253.29.47 | 200 OK | 0 B |
URL GET HTTP/21xlite-660473.top/polyfills.js IP178.253.29.47:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerLet's Encrypt Subject1xlite-660473.top FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /polyfills.js HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22LGTNTzSTpCRrxnGhkthx77%22%2C%22LGTNTzSTpCRrxnGhkthx77%22%5D%2C%22site_id%22%3A%22fe627071%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dL2YrqfphP8hOAwd8Ag==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:19:54 GMT
content-type: text/javascript; charset=utf-8
content-length: 0
vary: user-agent
cache-control: public, max-age=2678400, s-maxage=2678400
etag: W/"0-2jmj7l5rSw0yVb/vlWAYkK/YBwk"
x-time-ng: 0.007
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.022
X-Firefox-Spdy: h2
|
|
| affpa.top/L?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions/wheel-bet&click_id=LGTNTzSTpCRrxnGhkthx77 | 83.147.205.153 | 303 See Other | 195 kB |
URL User Request GET HTTP/2affpa.top/L?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions/wheel-bet&click_id=LGTNTzSTpCRrxnGhkthx77 IP83.147.205.153:443 ASN#202492 Silverhill Group Holding Ltd
CertificateIssuerLet's Encrypt Subjectaffpa.top FingerprintCF:8F:2A:A4:27:F8:3C:78:0F:C2:5C:35:53:CF:F0:79:C2:B6:1D:88 ValidityMon, 22 Apr 2024 05:15:50 GMT - Sun, 21 Jul 2024 05:15:49 GMT
Size195 kB (194725 bytes) Hashfe4f1d80812b644a3418f743db50a26d 900b43ae286e6f98ab2a9ccb324c2c4308184e98 c878c04ff8bbea28edc77d200678aff077ebcdb765c2df12556777f1951a1a28
GET /L?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions/wheel-bet&click_id=LGTNTzSTpCRrxnGhkthx77 HTTP/1.1
Host: affpa.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 303 See Other
server: nginx
date: Fri, 26 Apr 2024 13:19:53 GMT
cache-control: private
location: https://1xlite-660473.top:443/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
x-aspnetmvc-version: 5.0
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.006
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/runtime-7c99657f.js | 185.244.209.62 | 200 OK | 15 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/runtime-7c99657f.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (47028), with no line terminators Hashb659d1efb0f3888dcff31d21247f51be 35d500ac97f3b4eb1f95b0f81ec346662f972937 03b5f2f01a0ec967c8560b83f1b9384dbd4d7fb2a0e761373c6df67eb48d16df
GET /_nuxt/desktop/default/runtime-7c99657f.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:19:55 GMT
content-type: application/javascript; charset=utf-8
content-length: 14699
last-modified: Fri, 26 Apr 2024 10:51:29 GMT
etag: "662b8731-396b"
content-encoding: gzip
expires: Sat, 27 Apr 2024 11:27:36 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-8a6d83622896283c7b3eee63902d5b59-6ab0f8485c3b0085-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T11:27:36+00:00, 2024-04-26T11:28:17+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/version.json | 185.244.209.62 | 200 OK | 44 B |
URL GET HTTP/2v3.traincdn.com/version.json IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
Hash2677fe1699935f36e2dec0b920ae6775 6aacbcc989d759c182718547b77eda21b665dd57 df24622b277b22705c70d9e48bb2dc40c5dcd69e570d2ab55e694d02a0161094
GET /version.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:19:55 GMT
content-type: application/json
content-length: 44
last-modified: Fri, 26 Apr 2024 12:33:00 GMT
etag: "662b9efc-2c"
content-encoding: gzip
expires: Fri, 26 Apr 2024 13:00:31 GMT
cache-control: max-age=60, max-age=60, s-maxage=60
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-0c9fb1769559fe2564a06104028ed343-fa587a401bd5dc10-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T13:00:10+00:00, 2024-04-26T13:19:07+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/css/6c310293.css | 185.244.209.62 | 200 OK | 3.2 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/css/6c310293.css IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (31339), with no line terminators Hash3cc47f5bfd7fb2ef96257df775a1b810 bbb36b671dd4a1f6e24cce1a48368724994b3913 18aeb0ed76dd6ce1471582770244ed6c55b69fef2e84ffabdabdbf7f32600326
GET /_nuxt/desktop/default/css/6c310293.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:19:55 GMT
content-type: text/css
content-length: 3225
last-modified: Fri, 26 Apr 2024 10:51:29 GMT
etag: "662b8731-c99"
content-encoding: gzip
expires: Sat, 27 Apr 2024 12:26:53 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-f5b3fa8190fa3c392c1f1cacddfb46d5-924fa21092b088bc-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T12:26:53+00:00, 2024-04-26T12:59:03+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/Layout.SeoModule.Lazy-edf755ae.js | 185.244.209.62 | 200 OK | 2.3 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/Layout.SeoModule.Lazy-edf755ae.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (8037), with no line terminators Hash43df36730b19be5019e384c97ef33f00 29d1e370bad7a78660e26181f5e2671271e1d07d 9c6d3000958d016aba495fc2abb171ada373015a909c3ad2913e189717e0ba43
GET /_nuxt/desktop/default/Layout.SeoModule.Lazy-edf755ae.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:19:55 GMT
content-type: application/javascript; charset=utf-8
content-length: 2264
last-modified: Fri, 26 Apr 2024 10:51:29 GMT
etag: "662b8731-8d8"
content-encoding: gzip
expires: Sat, 27 Apr 2024 11:27:37 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-6eb8e97f1ecf2ba2b8466a5e2b512ae4-4d04daec85a4d681-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T11:27:37+00:00, 2024-04-26T11:28:17+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/css/85148a0b.css | 185.244.209.62 | 200 OK | 4.0 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/css/85148a0b.css IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (32277), with no line terminators Hasheeaf257a8645b90669a2ea93b8fb534e d81289258b7a5c126dd860232760852cc8ad865e 3a170c88ab694ad7552f7a84baa04ddb248c32b7f8ffe16d55dd73685de87aa6
GET /_nuxt/desktop/default/css/85148a0b.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:19:55 GMT
content-type: text/css
content-length: 3964
last-modified: Fri, 26 Apr 2024 10:51:29 GMT
etag: "662b8731-f7c"
content-encoding: gzip
expires: Sat, 27 Apr 2024 12:54:26 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-23d315c59f3b213622bc0031ca8cab11-322b40b634676041-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T12:54:26+00:00, 2024-04-26T13:06:05+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/Layout.FooterComponent.Lazy-d02d3002.js | 185.244.209.62 | 200 OK | 7.8 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/Layout.FooterComponent.Lazy-d02d3002.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (28141), with no line terminators Hash2b787b212e5995fd1d6efb98a8e9ff49 0385a373d7266932f790e9f1fc5d819c6b1ae11e 8446b907a86098b72fe4833a6fa85e6bf928ca4f0ecd127559f2046d94800895
GET /_nuxt/desktop/default/Layout.FooterComponent.Lazy-d02d3002.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:19:55 GMT
content-type: application/javascript; charset=utf-8
content-length: 7784
last-modified: Fri, 26 Apr 2024 10:51:29 GMT
etag: "662b8731-1e68"
content-encoding: gzip
expires: Sat, 27 Apr 2024 11:27:37 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-a0fa2b0f709b3028e6df3640ced02521-45beb8a74ff609b1-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T11:27:37+00:00, 2024-04-26T11:28:17+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/vendors/Layout.FooterComponent.Lazy-8f379800.js | 185.244.209.62 | 200 OK | 8.3 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/vendors/Layout.FooterComponent.Lazy-8f379800.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (29805), with no line terminators Hashde7dd09b3daf0c4fdbad2c9a66cd88c1 a7741bacce7eb22468c0ce361746e7f46ebac508 05906bf9d6dc7fe79400834b8c9b0ccc8c45f1e990990e6da4a13a231c31efce
GET /_nuxt/desktop/default/vendors/Layout.FooterComponent.Lazy-8f379800.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:19:55 GMT
content-type: application/javascript; charset=utf-8
content-length: 8276
last-modified: Fri, 26 Apr 2024 10:51:29 GMT
etag: "662b8731-2054"
content-encoding: gzip
expires: Sat, 27 Apr 2024 11:27:37 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-c34f4ff69bd8551ca409ae13fbbf12a7-de95905a08237c0b-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T11:27:37+00:00, 2024-04-26T11:28:17+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/css/5cfdf959.css | 185.244.209.62 | 200 OK | 1.1 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/css/5cfdf959.css IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (4632), with no line terminators Hashf74d8b7e31b6ab236a9577348874385d 87091e6542649037a05fc137fa449b713c85225d b33d72295f1edbfc13da30236c4b811cffe4ba8ef758a515914cd69cf02edbf8
GET /_nuxt/desktop/default/css/5cfdf959.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:19:55 GMT
content-type: text/css
content-length: 1113
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-459"
content-encoding: gzip
expires: Sat, 27 Apr 2024 06:45:03 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-15933e45b4bd742eae09f5f9eceff9a1-910f5cd9bb5806c4-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T06:45:03+00:00, 2024-04-26T08:01:29+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/site-admin/css_vars/f506188b04c16eaa9c664ed23f7ce58e.css | 185.244.209.62 | 200 OK | 46 B |
URL GET HTTP/2v3.traincdn.com/genfiles/site-admin/css_vars/f506188b04c16eaa9c664ed23f7ce58e.css IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeASCII text, with no line terminators Hashf506188b04c16eaa9c664ed23f7ce58e 08d068d7fa5a84beb06ba924a35d84d6bfdab30a b9bfda0e940104e190b19543b94a10d120643bd1516d3ca2d266a0af6c0966e9
GET /genfiles/site-admin/css_vars/f506188b04c16eaa9c664ed23f7ce58e.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:19:55 GMT
content-type: text/css
content-length: 46
last-modified: Fri, 12 Apr 2024 13:46:52 GMT
etag: "f506188b04c16eaa9c664ed23f7ce58e"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-ba137399475b0439f758e5046c6937fb-66d580d99b7b79af-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-18T12:47:35+00:00, 2024-04-26T12:56:56+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/Layout.FooterComponent.Lazy/Page.Game.Project-072ab8fb.js | 185.244.209.62 | 200 OK | 6.3 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/Layout.FooterComponent.Lazy/Page.Game.Project-072ab8fb.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (20015), with no line terminators Hash489a96a5718886b276241f231b2fdaa4 b094579020447d5758b54327af55018abd2fc685 bb0c15aba4449f97e70e0af72ab21050c6bbe152d38aafd832ab6bccda2e253c
GET /_nuxt/desktop/default/Layout.FooterComponent.Lazy/Page.Game.Project-072ab8fb.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:19:55 GMT
content-type: application/javascript; charset=utf-8
content-length: 6253
last-modified: Fri, 26 Apr 2024 10:51:29 GMT
etag: "662b8731-186d"
content-encoding: gzip
expires: Sat, 27 Apr 2024 11:27:37 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-0a528aebf786638b3836dd6991efbcbf-625766971e7470b5-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T11:27:37+00:00, 2024-04-26T11:28:17+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/css/75bcd414.css | 185.244.209.62 | 200 OK | 2.3 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/css/75bcd414.css IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (9958), with no line terminators Hash76a1e3dd8e25bf9a48bdd896de779d20 38c3643e25808d1f3ab167273201eac8c113c088 aa36f7a0cd4e7059cfef75dda25cd20e0bd1fbbe3d10a4ed0697cb937f009273
GET /_nuxt/desktop/default/css/75bcd414.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:19:55 GMT
content-type: text/css
content-length: 2277
last-modified: Fri, 26 Apr 2024 10:51:29 GMT
etag: "662b8731-8e5"
content-encoding: gzip
expires: Sat, 27 Apr 2024 11:27:36 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-a97c7e18ca8584482c1121367ad23cee-c71bbbf1bb000fed-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T11:27:36+00:00, 2024-04-26T11:28:03+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/css/e1909979.css | 185.244.209.62 | 200 OK | 14 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/css/e1909979.css IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (65536), with no line terminators Hashf65aa8635d82cc4a256125e09f321e9d 1c3b94de4d52fd6f79cdfbe958b66d925863c699 4ad29cf926bd2e32368e66247d53627d4ec761a5707d99ad38622fb571794ffa
GET /_nuxt/desktop/default/css/e1909979.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:19:55 GMT
content-type: text/css
content-length: 13841
last-modified: Fri, 26 Apr 2024 10:51:29 GMT
etag: "662b8731-3611"
content-encoding: gzip
expires: Sat, 27 Apr 2024 11:27:37 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-a3c8e8a94bdd881eabab2efe010911a9-f4129dc4428c7647-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T11:27:37+00:00, 2024-04-26T11:28:03+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/vendors/app-fb158860.js | 185.244.209.62 | 200 OK | 268 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/vendors/app-fb158860.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (61101) Size268 kB (267774 bytes) Hash1c1deca627849071e9e8c38038325677 a829a0057b98d340e106da7dc18b600a936a3709 ddcc9e115145c1d52554320320493606a22edca9d102b2b79a6cd880d2fcad19
GET /_nuxt/desktop/default/vendors/app-fb158860.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:19:55 GMT
content-type: application/javascript; charset=utf-8
content-length: 267774
last-modified: Fri, 26 Apr 2024 10:51:29 GMT
etag: "662b8731-415fe"
content-encoding: gzip
expires: Sat, 27 Apr 2024 11:27:37 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-9e9b39af7234e31f76c8ceb12d56ed96-8a08df918ca7e042-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T11:27:37+00:00, 2024-04-26T11:28:17+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/commons/app-f433f4e5.js | 185.244.209.62 | 200 OK | 47 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/commons/app-f433f4e5.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (65476) Hash5d3e2c224a2000fa0a1e1ec69e0153af a321b90afc0e3d4004f955d717254c252835f7c7 a86722ab8e12c2dbd3e0afae629f6cfad507a201859e2116cb46b49bd9d082c5
GET /_nuxt/desktop/default/commons/app-f433f4e5.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:19:55 GMT
content-type: application/javascript; charset=utf-8
content-length: 46791
last-modified: Fri, 26 Apr 2024 10:51:29 GMT
etag: "662b8731-b6c7"
content-encoding: gzip
expires: Sat, 27 Apr 2024 11:27:37 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-d776077a62ef980468f17e8971d99b33-84a7774c86de740e-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T11:27:37+00:00, 2024-04-26T11:28:17+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/app-3803e6f7.js | 185.244.209.62 | 200 OK | 225 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/app-3803e6f7.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (64966), with no line terminators Size225 kB (224656 bytes) Hash9cf24c6aa2ad7694e090bb298642dda9 7d6507c0d33e02190dfcfd38f57116e23d74b198 346e88a80035e7b808fc68bcc8174388397fe93230af5c4430cb55e28a249351
GET /_nuxt/desktop/default/app-3803e6f7.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:19:55 GMT
content-type: application/javascript; charset=utf-8
content-length: 224656
last-modified: Fri, 26 Apr 2024 10:51:29 GMT
etag: "662b8731-36d90"
content-encoding: gzip
expires: Sat, 27 Apr 2024 11:27:37 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-6dfdefd4cf2adfb7bc903ec05deefd03-d783b4a4a4732a23-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T11:27:37+00:00, 2024-04-26T11:28:17+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2 | 185.244.209.62 | 200 OK | 64 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2 IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 63748, version 1.0 Hash6887b6f24414dbc612dbf42ccdc76b70 8068d3abfbc6cbf35b55919da45b1f4d2d136238 fc5c015fc32518f1ed810fa84ca28941eb9d5a3c81acc8df69a4dbbeedef7b0c
GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:19:55 GMT
content-type: font/woff2
content-length: 63748
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "6887b6f24414dbc612dbf42ccdc76b70"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-eef20397588b87edc03f400a034f9790-fbffa7a029cf34a4-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:13:59+00:00, 2024-04-26T12:20:25+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Medium.woff2 | 185.244.209.62 | 200 OK | 65 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Medium.woff2 IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 64732, version 1.0 Hash3ac5d40d1b3966fc5eb09ecca74d9cbf a69f32357765dd321519889aeacba5e9ca893bb0 3310766b8f58538d07abded74a2babe1acbe1a3ee820d5b8c8265da666f4fb0c
GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Medium.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:19:55 GMT
content-type: font/woff2
content-length: 64732
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "3ac5d40d1b3966fc5eb09ecca74d9cbf"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-e550e555d8e31ddf9299758039fbd019-c70eb78d1282119d-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:56:30+00:00, 2024-04-26T12:38:19+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2 | 185.244.209.62 | 200 OK | 64 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2 IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 63920, version 1.0 Hasha65527fcb58f66a7cfbc0e6b160538b4 45d260e7fa343401b5bb0df982a014f53e2d253b fb13c3a1cbac60649b76f7d7f85c1645d35ac69b85ce5f4eb0692505ecc2cd45
GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Bold.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:19:55 GMT
content-type: font/woff2
content-length: 63920
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "a65527fcb58f66a7cfbc0e6b160538b4"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-231539c8a38ad153f72104bf34a87765-7eed6bf8a112d1fe-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:54:39+00:00, 2024-04-26T13:18:13+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/check-ob.js | 185.244.209.62 | 200 OK | 187 B |
URL GET HTTP/2v3.traincdn.com/_nuxt/check-ob.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text Hashced67278c38d1ce1297c121af69fff8a df6e1531fd84d956263b04254e6f94f5356623f4 2958134c3c00f7c6320858dd66e454c2856e4842821d3523c4cc5e44e1ec8616
GET /_nuxt/check-ob.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:19:55 GMT
content-type: application/javascript; charset=utf-8
content-length: 187
last-modified: Thu, 25 Apr 2024 10:36:21 GMT
etag: "662a3225-bb"
content-encoding: gzip
expires: Fri, 26 Apr 2024 12:52:19 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-373063515899837e5cb8343d40486d18-aa4866be4e6510ac-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T12:52:19+00:00, 2024-04-26T11:36:15+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/1da51baa342984a84ca1ac8dd900998b.png | 185.244.209.62 | 200 OK | 653 B |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/1da51baa342984a84ca1ac8dd900998b.png IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typePNG image data, 32 x 32, 8-bit colormap, non-interlaced Hashe6f0766cbd95db33da44e7a9140648f2 5f196b1bfe8c3f92bd2ebcd67124e72e81ae6aaf c0399d478788d5d483f104a2e8cb7c32f41cb40e9df0c22e831b2bfa2db63ec0
GET /genfiles/cms/1-285/desktop/media_asset/1da51baa342984a84ca1ac8dd900998b.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:19:55 GMT
content-type: image/png
content-length: 653
last-modified: Tue, 25 Apr 2023 13:43:56 GMT
etag: "e6f0766cbd95db33da44e7a9140648f2"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-9f050835dbe1eea5495917199f8785a0-e4b4e052d6a24b87-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:12:59+00:00, 2024-04-26T12:56:53+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.v-tooltip-8022ea7c.js | 185.244.209.62 | 200 OK | 22 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.v-tooltip-8022ea7c.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (65476) Hashcaca89be1e6a1f2ff94c549dbdebb194 dc5f22176416438215b9fc2813dfcebc02387d43 5e392322dfabbe74a8ce7b566207e2c0d5f25416f3de462fdb9dd3c2ed430f7f
GET /_nuxt/desktop/default/vendors/plugins.v-tooltip-8022ea7c.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:19:56 GMT
content-type: application/javascript; charset=utf-8
content-length: 21881
last-modified: Fri, 26 Apr 2024 10:51:29 GMT
etag: "662b8731-5579"
content-encoding: gzip
expires: Sat, 27 Apr 2024 11:27:37 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-d088997154be8d8f090dd0bbf0418905-de5cada1d49958b6-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T11:27:37+00:00, 2024-04-26T11:28:19+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-notification-6faa5a10.js | 185.244.209.62 | 200 OK | 4.6 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-notification-6faa5a10.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (12527), with no line terminators Hash1cc1975036d7d613432986b419c4f933 197f793c823c493643fa3a63441a8dac2e86a7d0 abb7c137964088db8dc1ba6fc12c6a15a4a1f6dadf88c9c595fe4b273bca3359
GET /_nuxt/desktop/default/vendors/plugins.vue-notification-6faa5a10.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:19:56 GMT
content-type: application/javascript; charset=utf-8
content-length: 4556
last-modified: Fri, 26 Apr 2024 10:51:29 GMT
etag: "662b8731-11cc"
content-encoding: gzip
expires: Sat, 27 Apr 2024 11:27:37 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-ccd5a4752fd883e1b9e051a736ecdf4f-0259e30712f9cabf-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T11:27:37+00:00, 2024-04-26T11:28:19+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/css/e5c0e314.css | 185.244.209.62 | 200 OK | 953 B |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/css/e5c0e314.css IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (3352), with no line terminators Hash748da80084597d87b4ff5e98b017b07b db6ad2ec24bfcbe751a23061d935403e1163f471 4eaf4071f43aaa0243a4c6948131b7a3e03fe6ab1f4228da38e8588c15e01f24
GET /_nuxt/desktop/default/css/e5c0e314.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:19:56 GMT
content-type: text/css
content-length: 953
last-modified: Wed, 24 Apr 2024 11:16:26 GMT
etag: "6628ea0a-3b9"
content-encoding: gzip
expires: Fri, 26 Apr 2024 11:04:50 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-e777ff981257968158edc16ba0a5963c-1f6e4b825c2c8827-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T11:04:50+00:00, 2024-04-25T14:51:46+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-js-modal-2742db51.js | 185.244.209.62 | 200 OK | 8.1 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/vendors/plugins.vue-js-modal-2742db51.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (26717), with no line terminators Hashe90b6bb3b92453e083ec5e739e5132b1 7cc4456a8091dd5e8dce5ac477abaf66d05742bf 088a280dd983eac2f46c008fd39b0ba0cebe84b7f2301d55ea588163c4d65800
GET /_nuxt/desktop/default/vendors/plugins.vue-js-modal-2742db51.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:19:56 GMT
content-type: application/javascript; charset=utf-8
content-length: 8055
last-modified: Fri, 26 Apr 2024 10:51:29 GMT
etag: "662b8731-1f77"
content-encoding: gzip
expires: Sat, 27 Apr 2024 11:27:37 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-6696e4504716dce0ffab12638f1e5a9c-415311e893c80404-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T11:27:37+00:00, 2024-04-26T11:28:19+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/date-fns-locale-21-01ed37cf.js | 185.244.209.62 | 200 OK | 2.1 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/date-fns-locale-21-01ed37cf.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (6960), with no line terminators Hash74ce5bf016ae117858ebfe89a35175b8 e36d4ea0bf93ec9fe1747914a42e33ff9a100450 7b642a28afa3285ed36766a4b5698308805b13ff808c881ef9a974c3de5ae3c0
GET /_nuxt/desktop/default/date-fns-locale-21-01ed37cf.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:19:56 GMT
content-type: application/javascript; charset=utf-8
content-length: 2120
last-modified: Fri, 26 Apr 2024 10:51:29 GMT
etag: "662b8731-848"
content-encoding: gzip
expires: Sat, 27 Apr 2024 11:27:39 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-dee0eab4bd3b9e41ba1b9c41cc8da435-f1344e43eb260e3a-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T11:27:40+00:00, 2024-04-26T11:30:39+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/DC-d1fb2018.js | 185.244.209.62 | 200 OK | 999 B |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/DC-d1fb2018.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (2336), with no line terminators Hash5cf1b6cfa7bec127f69186daac9aa30e 8e37a161db7eb37f8fa8e9bee4e1ea818316ee80 37d4c09fbd6f6dcdd9c3e6de2b454865841af4d6f0c918c2091fdcc9af9df2a7
GET /_nuxt/desktop/default/DC-d1fb2018.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:19:56 GMT
content-type: application/javascript; charset=utf-8
content-length: 999
last-modified: Fri, 26 Apr 2024 10:51:29 GMT
etag: "662b8731-3e7"
content-encoding: gzip
expires: Sat, 27 Apr 2024 11:27:37 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-1c710d9ed46989024e32d24411cb5a04-5d8b7dbfaf3ca2e9-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T11:27:37+00:00, 2024-04-26T11:28:19+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-660473.top/version.json?timestamp=1714137596641 | 178.253.29.47 | 200 OK | 44 B |
URL GET HTTP/21xlite-660473.top/version.json?timestamp=1714137596641 IP178.253.29.47:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerLet's Encrypt Subject1xlite-660473.top FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT
Hash2677fe1699935f36e2dec0b920ae6775 6aacbcc989d759c182718547b77eda21b665dd57 df24622b277b22705c70d9e48bb2dc40c5dcd69e570d2ab55e694d02a0161094
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /version.json?timestamp=1714137596641 HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22LGTNTzSTpCRrxnGhkthx77%22%2C%22LGTNTzSTpCRrxnGhkthx77%22%5D%2C%22site_id%22%3A%22fe627071%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dL2YrqfphP8hOAwd8Ag==; SESSION=997daf28e246f35f35cb31ed95423e4f; window_width=1920
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:19:56 GMT
content-type: application/json
content-length: 44
last-modified: Fri, 26 Apr 2024 12:33:00 GMT
vary: Accept-Encoding
etag: "662b9efc-2c"
content-encoding: gzip
expires: Fri, 26 Apr 2024 13:20:56 GMT
access-control-allow-origin: *
cache-control: max-age=60, max-age=60, s-maxage=60
accept-ranges: bytes
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.016
X-Firefox-Spdy: h2
|
|
| 1xlite-660473.top/seo-module-api/api/public/v1/analytics-counters?url=https:%2F%2F1xlite-660473.top&projectId=285 | 178.253.29.47 | 200 OK | 141 B |
URL GET HTTP/21xlite-660473.top/seo-module-api/api/public/v1/analytics-counters?url=https:%2F%2F1xlite-660473.top&projectId=285 IP178.253.29.47:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerLet's Encrypt Subject1xlite-660473.top FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT
Hashbd9be2fa89d26e9e6f1b2e08ffcd0ed6 90eae25ee792254c7ca97e98c5782078f9bdc37f c11510c5556799ec6bf918684e80903d08cf6237d3c4f94d32a8ebf35d067a1d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /seo-module-api/api/public/v1/analytics-counters?url=https:%2F%2F1xlite-660473.top&projectId=285 HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22LGTNTzSTpCRrxnGhkthx77%22%2C%22LGTNTzSTpCRrxnGhkthx77%22%5D%2C%22site_id%22%3A%22fe627071%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dL2YrqfphP8hOAwd8Ag==; SESSION=997daf28e246f35f35cb31ed95423e4f; window_width=1920
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:19:56 GMT
content-type: application/json
content-length: 141
cache-control: max-age=1200, must-revalidate, public, s-maxage=1800, stale-if-error=86400, stale-while-revalidate=300
x-content-digest: enebf83560af95b198ca2d2caf127b1151
age: 640
x-request-id: cc606ad48b397525977ca6c2a2aae24c
x-request-guid: cc606ad48b397525977ca6c2a2aae24c
x-time-ng: 0.002
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: p;dur=1.4691352844238, wf-uht;dur=0.027
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/Betting.Core-1f0cc2bf.js | 185.244.209.62 | 200 OK | 1.4 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/Betting.Core-1f0cc2bf.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (2231), with no line terminators Hashfc47ec3c6757581fa705675062f909d2 113c663338db0c4101bbd085576a7f6ad7f7e6d8 0476b4d4c301e154c41d9a32641397070e6d8d654d6c7bc3cce83e2551b7ca2c
GET /_nuxt/desktop/default/Betting.Core-1f0cc2bf.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:19:56 GMT
content-type: application/javascript; charset=utf-8
content-length: 1409
last-modified: Fri, 26 Apr 2024 10:51:29 GMT
etag: "662b8731-581"
content-encoding: gzip
expires: Sat, 27 Apr 2024 11:27:37 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-5ffae60670286bc3f22de716aa592937-e3c9933557b4260a-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T11:27:37+00:00, 2024-04-26T11:28:19+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/consultant.supHelperV2-36072e1d.js | 185.244.209.62 | 200 OK | 1.5 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/consultant.supHelperV2-36072e1d.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (3229), with no line terminators Hashfa6020f2d4e598b5afa5bb72e0c4d2aa 52c7fb50959707c999f0a3b1a192cd3884319fd1 28a7cee0e15f4c6f9262e16dc900063fcc30017410241306903c852861bb2852
GET /_nuxt/desktop/default/consultant.supHelperV2-36072e1d.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:19:56 GMT
content-type: application/javascript; charset=utf-8
content-length: 1450
last-modified: Fri, 26 Apr 2024 10:51:29 GMT
etag: "662b8731-5aa"
content-encoding: gzip
expires: Sat, 27 Apr 2024 11:27:37 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-d2d3713e6fda6d94d623d731c0146820-5896d2da39236bc4-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T11:27:37+00:00, 2024-04-26T11:28:19+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-660473.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json | 178.253.29.47 | 200 OK | 23 B |
URL POST HTTP/21xlite-660473.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json IP178.253.29.47:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerLet's Encrypt Subject1xlite-660473.top FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT
Hash151229500dc32a1886e8d28e96866a24 91d3b2134f854b0bef9be2aa9eb20c84c8bb475d 05d79b13e713f4346c184cea6b37c21bb1496c1e591fe1ba5f3fa631e3241b2a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
Content-Type: application/json
X-Lang: en
X-Uuid: 9b05e4e5-5416-4ae0-8ee3-6a7d4ac7f9a7
Content-Length: 81
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22LGTNTzSTpCRrxnGhkthx77%22%2C%22LGTNTzSTpCRrxnGhkthx77%22%5D%2C%22site_id%22%3A%22fe627071%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dL2YrqfphP8hOAwd8Ag==; SESSION=997daf28e246f35f35cb31ed95423e4f; window_width=1920
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:19:56 GMT
content-type: application/json
content-length: 23
x-time-ng: 0.003
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.021
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/css/526e44d9.css | 185.244.209.62 | 200 OK | 459 B |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/css/526e44d9.css IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (1526), with no line terminators Hash97fdf5b6e7dfddf6ab251e984133b2c3 bb552fe685c52c34e0ed91e4dfaa9df2675ad086 92fcdb73c544b1f2befe78685340fd3371e920187a2232f8e4bffd73985d40e3
GET /_nuxt/desktop/default/css/526e44d9.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:19:57 GMT
content-type: text/css
content-length: 459
last-modified: Wed, 24 Apr 2024 11:16:26 GMT
etag: "6628ea0a-1cb"
content-encoding: gzip
expires: Fri, 26 Apr 2024 11:05:14 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-35564924adb9a281159a7126a16977c1-b0de8a572ad75c84-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T11:05:14+00:00, 2024-04-25T14:54:44+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/vendors/betting.media-d462d3ce.js | 185.244.209.62 | 200 OK | 17 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/vendors/betting.media-d462d3ce.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (41022), with NEL line terminators Hasha53e75793287bf430c7d81e62a86551c 43ecdd497e27c96d3c886a1ccf72dca7a9f2646b 7692da0b4d0d3168af9ce3f8d1eda4fc5ad04676e7ef7949eeb46d7be78cbeca
GET /_nuxt/desktop/default/vendors/betting.media-d462d3ce.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:19:57 GMT
content-type: application/javascript; charset=utf-8
content-length: 16830
last-modified: Fri, 26 Apr 2024 10:51:29 GMT
etag: "662b8731-41be"
content-encoding: gzip
expires: Sat, 27 Apr 2024 11:27:38 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-5140a0f56c6e4c8b714d3dba6d4cce60-52ea68d3633b1b5a-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T11:27:38+00:00, 2024-04-26T11:28:20+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/css/ff267c5c.css | 185.244.209.62 | 200 OK | 1.5 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/css/ff267c5c.css IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (7000), with no line terminators Hashf379bc6f4b94f34d96f6fe51159bee63 f4c0d4dbef1e1e734e84e05d75e4ff950d06eb60 b2a5bd6495250a19500dd5a6ca62f045c8b70226a668dc63ef40c78883bdae11
GET /_nuxt/desktop/default/css/ff267c5c.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:19:57 GMT
content-type: text/css
content-length: 1486
last-modified: Thu, 25 Apr 2024 10:37:52 GMT
etag: "662a3280-5ce"
content-encoding: gzip
expires: Fri, 26 Apr 2024 14:33:18 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-5f214333b0c8b742a402381e939da7a1-b8d702697b395455-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T14:33:18+00:00, 2024-04-25T16:12:56+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/betting.media-fd9299c8.js | 185.244.209.62 | 200 OK | 4.7 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/betting.media-fd9299c8.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (16761), with no line terminators Hash1c5f0f2576f85aa05256ef8412e1a80e e3fe4363d03125724ee18ca063552d21b11c791f aced4150b67a0055a6baca50f790709de03a987b56a894479db35c63dff31455
GET /_nuxt/desktop/default/betting.media-fd9299c8.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:19:57 GMT
content-type: application/javascript; charset=utf-8
content-length: 4729
last-modified: Fri, 26 Apr 2024 10:51:29 GMT
etag: "662b8731-1279"
content-encoding: gzip
expires: Sat, 27 Apr 2024 11:27:38 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-2811d2d0b53cfe86a37760bcbb23ae99-b532738104e9cd74-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T11:27:38+00:00, 2024-04-26T11:28:20+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-660473.top/service-api/gamespreview/getbanner?whence=55&ref=1&gr=285&lng=en&fCountry=137 | 178.253.29.47 | 200 OK | 155 B |
URL GET HTTP/21xlite-660473.top/service-api/gamespreview/getbanner?whence=55&ref=1&gr=285&lng=en&fCountry=137 IP178.253.29.47:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerLet's Encrypt Subject1xlite-660473.top FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT
Hashd9c4e764d0719887a701a2fd57d2ed20 dd9132eb122454d6202e18dc89cf3f813bd28eea bfb3eb33d14d3606f7ef2f2ebf7194a6eba1837022e2cce1a5adaebff4226d10
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /service-api/gamespreview/getbanner?whence=55&ref=1&gr=285&lng=en&fCountry=137 HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2Fwheel-bet
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22LGTNTzSTpCRrxnGhkthx77%22%2C%22LGTNTzSTpCRrxnGhkthx77%22%5D%2C%22site_id%22%3A%22fe627071%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dL2YrqfphP8hOAwd8Ag==; SESSION=997daf28e246f35f35cb31ed95423e4f; window_width=1280
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:19:57 GMT
content-type: application/json; charset=utf-8
content-length: 155
x-time-ng: 0.003
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.018
X-Firefox-Spdy: h2
|
|
| 1xlite-660473.top/session-api/sessions/user | 178.253.29.47 | 200 OK | 16 B |
URL GET HTTP/21xlite-660473.top/session-api/sessions/user IP178.253.29.47:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerLet's Encrypt Subject1xlite-660473.top FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT
Hash646b2e82b65602d35f7aa6283c387e3a b163a70c5df8e4b0861a23a04f8a6f78393747f4 b68bf12405ee2cb5b76764df21dbc2df0953ddff4072ddc5281d1aab05e8c4ab
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /session-api/sessions/user HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2Fwheel-bet
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22LGTNTzSTpCRrxnGhkthx77%22%2C%22LGTNTzSTpCRrxnGhkthx77%22%5D%2C%22site_id%22%3A%22fe627071%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dL2YrqfphP8hOAwd8Ag==; SESSION=997daf28e246f35f35cb31ed95423e4f; window_width=1280
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:19:57 GMT
content-type: application/json
content-length: 16
cache-control: no-cache, private
x-time-ng: 0.044
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: p;dur=42.295932769775, wf-uht;dur=0.059
X-Firefox-Spdy: h2
|
|
| 1xlite-660473.top/genfiles/cms/desktop/contact/86f18367ce2829388dcdabccb99b1740.svg | 178.253.29.47 | 200 OK | 263 B |
URL GET HTTP/21xlite-660473.top/genfiles/cms/desktop/contact/86f18367ce2829388dcdabccb99b1740.svg IP178.253.29.47:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerLet's Encrypt Subject1xlite-660473.top FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT
File typeSVG Scalable Vector Graphics image Hash28e2c161800b61b985a163f5c492ae51 8845ea940210b4ccb195cca855a598e6aaa58ed0 77c93c24e4eb0f8815a7526d405818c9a38ba6e4317f1fee588fffbc00cb17de
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/desktop/contact/86f18367ce2829388dcdabccb99b1740.svg HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2Fwheel-bet
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22LGTNTzSTpCRrxnGhkthx77%22%2C%22LGTNTzSTpCRrxnGhkthx77%22%5D%2C%22site_id%22%3A%22fe627071%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dL2YrqfphP8hOAwd8Ag==; SESSION=997daf28e246f35f35cb31ed95423e4f; window_width=1280
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:19:57 GMT
content-type: image/svg+xml
content-length: 263
last-modified: Fri, 23 Feb 2024 10:01:24 GMT
etag: "28e2c161800b61b985a163f5c492ae51"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 1xlite-660473.top/genfiles/cms/desktop/contact/dbc1950bbcc8e27b5dbec1f42635e8d0.svg | 178.253.29.47 | 200 OK | 296 B |
URL GET HTTP/21xlite-660473.top/genfiles/cms/desktop/contact/dbc1950bbcc8e27b5dbec1f42635e8d0.svg IP178.253.29.47:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerLet's Encrypt Subject1xlite-660473.top FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT
File typeSVG Scalable Vector Graphics image Hashb1bf63d00887bb0354e9d89c7d790a01 2d64ab25c9afff682abd6732f62ba62a197e972b a6a4fbbd99a0a82de03f05da827ccd9d019574bf3450727530403c2b5ce92df0
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/desktop/contact/dbc1950bbcc8e27b5dbec1f42635e8d0.svg HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2Fwheel-bet
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22LGTNTzSTpCRrxnGhkthx77%22%2C%22LGTNTzSTpCRrxnGhkthx77%22%5D%2C%22site_id%22%3A%22fe627071%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dL2YrqfphP8hOAwd8Ag==; SESSION=997daf28e246f35f35cb31ed95423e4f; window_width=1280
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:19:57 GMT
content-type: image/svg+xml
content-length: 296
last-modified: Fri, 23 Feb 2024 10:03:47 GMT
etag: "b1bf63d00887bb0354e9d89c7d790a01"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 1xlite-660473.top/genfiles/cms/desktop/contact/6726b16cfb4e516989153ce398d4a0e4.svg | 178.253.29.47 | 200 OK | 506 B |
URL GET HTTP/21xlite-660473.top/genfiles/cms/desktop/contact/6726b16cfb4e516989153ce398d4a0e4.svg IP178.253.29.47:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerLet's Encrypt Subject1xlite-660473.top FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT
File typeSVG Scalable Vector Graphics image Hash9c340eae608db0c25657b4a73d769afe 988fbf333a2e9290211cd9e6b7c98c59719012b0 b92e969acd8a1e0f9cfd1f84080ca5ccb8cb49b105299434c275a8813faf841e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/desktop/contact/6726b16cfb4e516989153ce398d4a0e4.svg HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2Fwheel-bet
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22LGTNTzSTpCRrxnGhkthx77%22%2C%22LGTNTzSTpCRrxnGhkthx77%22%5D%2C%22site_id%22%3A%22fe627071%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dL2YrqfphP8hOAwd8Ag==; SESSION=997daf28e246f35f35cb31ed95423e4f; window_width=1280
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:19:57 GMT
content-type: image/svg+xml
content-length: 506
last-modified: Fri, 23 Feb 2024 10:03:36 GMT
etag: "9c340eae608db0c25657b4a73d769afe"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 1xlite-660473.top/checker/redirect/stat/run/ | 178.253.29.47 | 200 OK | 14 B |
URL GET HTTP/21xlite-660473.top/checker/redirect/stat/run/ IP178.253.29.47:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerLet's Encrypt Subject1xlite-660473.top FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT
Hash2de0d0acfd684235f066bd0ec0c9e3df 68d0cb64805a42d7e40f43e8e198986b43dd6b69 9682f312f23e078bb135f23ea5a178b178e75c02d33672f20044d18c6d258928
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /checker/redirect/stat/run/ HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2Fwheel-bet
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22LGTNTzSTpCRrxnGhkthx77%22%2C%22LGTNTzSTpCRrxnGhkthx77%22%5D%2C%22site_id%22%3A%22fe627071%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dL2YrqfphP8hOAwd8Ag==; SESSION=997daf28e246f35f35cb31ed95423e4f; window_width=1280; che_g=4045b7df-70e6-5400-0d3c-1295ada68e8d
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:19:57 GMT
content-type: application/json
content-length: 14
x-time-ng: 0.001
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.017
X-Firefox-Spdy: h2
|
|
| 1xlite-660473.top/bff-api/config/all.json?lang=en | 178.253.29.47 | 200 OK | 28 kB |
URL GET HTTP/21xlite-660473.top/bff-api/config/all.json?lang=en IP178.253.29.47:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerLet's Encrypt Subject1xlite-660473.top FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT
Hashcc0725910c8b997b4cdf1c4c92167f12 7685f0352303240f15087f631814fae24780f139 dd8dfebaddf177441a5f3f42417703130aa85963b1579bff00983227a36efede
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /bff-api/config/all.json?lang=en HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2Fwheel-bet
content-type: application/json
x-requested-with: XMLHttpRequest
is-srv: false
x-geoip2-country-code: ru
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22LGTNTzSTpCRrxnGhkthx77%22%2C%22LGTNTzSTpCRrxnGhkthx77%22%5D%2C%22site_id%22%3A%22fe627071%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dL2YrqfphP8hOAwd8Ag==; SESSION=997daf28e246f35f35cb31ed95423e4f; window_width=1280; che_g=4045b7df-70e6-5400-0d3c-1295ada68e8d; application_locale=en; sh.session.id=e6d0cf13-9326-4e99-bacf-224d824cbf68
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:19:58 GMT
content-type: application/json
cache-control: no-cache, private
content-encoding: br
server-timing: bff;dur=3.33, dt_total;dur=11.545, wf-uht;dur=0.041
traceparent: 00-89ea3798441777e996fa5d80aac42ed4-594c381da4f703a0-01
vary: Accept-Encoding
x-cache-expire: 596
x-cache-hit: 1
x-dt: 285
x-time-ng: 0.003
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-static/shared-assets/__shared_vue_final_modal_XPPMTKII.js | 185.244.209.62 | 200 OK | 15 kB |
URL GET HTTP/2v3.traincdn.com/sys-static/shared-assets/__shared_vue_final_modal_XPPMTKII.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typegzip compressed data, max speed, from Unix Hash98c21aa6ed4bf52d10ff5674f7dad143 dcc545d90b082b5b896bc5327c810380b16a4a8e 3889a7f1cc651b43dfe3c7f961ad0c17113da74510c146ff40bd612d7b3afe5c
GET /sys-static/shared-assets/__shared_vue_final_modal_XPPMTKII.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:19:57 GMT
content-type: text/javascript; charset=utf-8
last-modified: Fri, 26 Apr 2024 11:01:17 GMT
etag: W/"701ad5a22b8ea7213a53e334d0898349"
x-amz-meta-mtime: 1714129125.132949667
content-encoding: gzip
expires: Sat, 27 Apr 2024 12:41:56 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-885ffae9e06be5a5b10dd833aef1c565-4ce5b0dab6990cd2-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T12:41:56+00:00, 2024-04-26T12:44:32+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-static/shared-assets/__shared_localforage_PLMWICWN.js | 185.244.209.62 | 200 OK | 12 kB |
URL GET HTTP/2v3.traincdn.com/sys-static/shared-assets/__shared_localforage_PLMWICWN.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typegzip compressed data, max speed, from Unix Hash5606d55f09571d1afc3512621a661157 de724bd85f5acd380b4724a2c5c9bc742193ed8b b72b18645dfffc0671d37c7b1b4c484ca29c276c6d0940b485e085124e2d3d11
GET /sys-static/shared-assets/__shared_localforage_PLMWICWN.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:19:57 GMT
content-type: text/javascript; charset=utf-8
last-modified: Thu, 25 Apr 2024 13:43:42 GMT
etag: W/"dfa127e93d125d4f6c566203eaf225f2"
x-amz-meta-mtime: 1714052428.630038208
content-encoding: gzip
expires: Fri, 26 Apr 2024 15:18:00 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-02d9f8514b08b5c14d7905207fb185a0-3cc356c585ee7bb8-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T15:18:00+00:00, 2024-04-25T15:50:24+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| widget.suphelper.top/_next/static/chunks/pages/_app-a10a22844227e6a6.js | 104.18.39.72 | 200 OK | 310 kB |
URL GET HTTP/2widget.suphelper.top/_next/static/chunks/pages/_app-a10a22844227e6a6.js IP104.18.39.72:443
Requested byhttps://widget.suphelper.top/ CertificateIssuerGoogle Trust Services LLC Subjectsuphelper.top Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36 ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT
File typegzip compressed data, from Unix Size310 kB (310029 bytes) Hashc187b820e43fd46effa2d5ab1c22f39d c80e1fa04630882744a0628081bd85c9080dd471 4b45650681d4b4b39dfdf9b5254974b622aa993fd83df90899ca179ca612232a
GET /_next/static/chunks/pages/_app-a10a22844227e6a6.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 26 Apr 2024 13:19:58 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Wed, 24 Apr 2024 22:20:24 GMT
etag: W/"f8027-18f12321a97"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 111737
expires: Sat, 26 Apr 2025 13:19:58 GMT
server: cloudflare
cf-ray: 87a6de148fe91bfa-OSL
X-Firefox-Spdy: h2
|
|
| 1xlite-660473.top/bff-api/event-logo/v2/suitable.json?lang=en | 178.253.29.47 | 200 OK | 2 B |
URL GET HTTP/21xlite-660473.top/bff-api/event-logo/v2/suitable.json?lang=en IP178.253.29.47:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerLet's Encrypt Subject1xlite-660473.top FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT
Hashd751713988987e9331980363e24189ce 97d170e1550eee4afc0af065b78cda302a97674c 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /bff-api/event-logo/v2/suitable.json?lang=en HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2Fwheel-bet
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22LGTNTzSTpCRrxnGhkthx77%22%2C%22LGTNTzSTpCRrxnGhkthx77%22%5D%2C%22site_id%22%3A%22fe627071%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dL2YrqfphP8hOAwd8Ag==; SESSION=997daf28e246f35f35cb31ed95423e4f; window_width=1280
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:00 GMT
content-type: application/json
content-length: 2
cache-control: no-cache, private
server-timing: bff;dur=13.19, dt_total;dur=2830.199, wf-uht;dur=2.845
traceparent: 00-a97951cf9d3adcaf536bf0fa6ed7612f-a580aa06c9179e52-01
x-dt: 285
x-time-ng: 2.815
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/version.json | 185.244.209.62 | 200 OK | 44 B |
URL GET HTTP/2v3.traincdn.com/version.json IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
Hash2677fe1699935f36e2dec0b920ae6775 6aacbcc989d759c182718547b77eda21b665dd57 df24622b277b22705c70d9e48bb2dc40c5dcd69e570d2ab55e694d02a0161094
GET /version.json HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:00 GMT
content-type: application/json
content-length: 44
last-modified: Fri, 26 Apr 2024 12:33:00 GMT
etag: "662b9efc-2c"
content-encoding: gzip
expires: Fri, 26 Apr 2024 13:00:31 GMT
cache-control: max-age=60, max-age=60, s-maxage=60
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-3bba3adec91f370e82de635706d4d2d2-f661def383c46010-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T13:00:10+00:00, 2024-04-26T13:19:07+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-660473.top/static-promotion/desktop/default/0f6bc907.modern.js | 178.253.29.47 | | 292 B |
URL 1xlite-660473.top/static-promotion/desktop/default/0f6bc907.modern.js IP178.253.29.47:0 ASN#202492 Silverhill Group Holding Ltd
CertificateIssuerLet's Encrypt Subject1xlite-660473.top FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT
File typeJavaScript source, ASCII text, with no line terminators Hashd2dbedd5bdca70b256dcf1ca2ccbd481 0699135d1a4867a423f6ba7fa56ba706d0a63711 a1c82be738613241d15e7cffc1d55a3ea2a8680a8538decd9490005d84b16af7
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /static-promotion/desktop/default/0f6bc907.modern.js HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/promo-frame/en/promotion/wheel-bet
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22LGTNTzSTpCRrxnGhkthx77%22%2C%22LGTNTzSTpCRrxnGhkthx77%22%5D%2C%22site_id%22%3A%22fe627071%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dL2YrqfphP8hOAwd8Ag==; SESSION=997daf28e246f35f35cb31ed95423e4f; window_width=0; che_g=4045b7df-70e6-5400-0d3c-1295ada68e8d; application_locale=en; sh.session.id=e6d0cf13-9326-4e99-bacf-224d824cbf68
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:00 GMT
content-type: application/javascript; charset=utf-8
content-length: 292
last-modified: Fri, 26 Apr 2024 11:19:41 GMT
etag: "662b8dcd-124"
expires: Sat, 27 Apr 2024 13:20:00 GMT
cache-control: max-age=86400
accept-ranges: bytes
x-time-ng: 0.000, 0.001
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.017
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/gtag/js?id=G-7V60YW2S5H | 142.250.74.72 | | 101 kB |
URL www.googletagmanager.com/gtag/js?id=G-7V60YW2S5H IP142.250.74.72:0
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (5945) Size101 kB (100784 bytes) Hash1d0963df8c2f0400c150de1861519e4c 14274bc259aa141a8d6cb18520617ca74da5b89a 326185e7ad7d97ee8c8e5c9a230921a1c2bf81d79e8badb3e4e970862f0e53a2
GET /gtag/js?id=G-7V60YW2S5H HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 26 Apr 2024 13:20:00 GMT
expires: Fri, 26 Apr 2024 13:20:00 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 100784
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/bg-modal-md.png | 185.244.209.62 | | 33 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/bg-modal-md.png IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typePNG image data, 640 x 241, 8-bit colormap, non-interlaced Hash35a6fc3c5e3c0a8a2edf0afb5f11ae51 d7b150e5d8bda4159c3d8df6cc97bc14aa911faa ff9d73e0cdc7fb6abc3ba688fd99c2c4fa02db23a12367645bdab3e0aa39e605
GET /genfiles/cms/1/desktop/promotions/wheelBet/bg-modal-md.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:01 GMT
content-type: image/png
content-length: 33159
last-modified: Wed, 15 Nov 2023 08:09:46 GMT
etag: "35a6fc3c5e3c0a8a2edf0afb5f11ae51"
x-time-ng: 0.079
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2024-04-21T21:05:04+00:00
traceparent: 00-db4436fce17ca53f9080d64dae803efa-85769f6d1bae63b4-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/available.png | 185.244.209.62 | | 688 B |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/available.png IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typePNG image data, 30 x 34, 8-bit colormap, non-interlaced Hashb01c247e7f1feb121a3cb9f7e5e1a8c7 14651b943be953a0a0ad544107f52b23da09e835 80deb0e19c2739d12cdfb0a0121571b6c72d5f31802b3b3f64c6373997e1200b
GET /genfiles/cms/1/desktop/promotions/wheelBet/available.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:01 GMT
content-type: image/png
content-length: 688
last-modified: Wed, 15 Nov 2023 08:09:46 GMT
etag: "b01c247e7f1feb121a3cb9f7e5e1a8c7"
x-time-ng: 0.048
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2024-04-21T21:07:33+00:00
traceparent: 00-4b7cc50adba37f236b691f4b203028af-ae45449734156bf3-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/bg-modal-sm.png | 185.244.209.62 | | 22 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/bg-modal-sm.png IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typePNG image data, 300 x 384, 8-bit colormap, non-interlaced Hashf3d658114fabe920924c0a04006c99f3 fb2c771f18f033e15518b9613f125d8c6b5974fb 6b6238d18444d496485e783e1b1390ee8d05d15a2faa433e12db43e97c180487
GET /genfiles/cms/1/desktop/promotions/wheelBet/bg-modal-sm.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:01 GMT
content-type: image/png
content-length: 21826
last-modified: Wed, 15 Nov 2023 08:09:45 GMT
etag: "f3d658114fabe920924c0a04006c99f3"
x-time-ng: 0.003
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2024-04-21T21:05:05+00:00
traceparent: 00-3db908c039a3f878225c43b283a6dc87-1738b543e054b59f-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/bg-modal.png | 185.244.209.62 | | 84 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/bg-modal.png IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typePNG image data, 954 x 631, 8-bit colormap, non-interlaced Hash0212b288b8e42c03fb5c998703979369 e0c97fdddabd92ec8b2c75921424ac35ee479021 fc3b7b016ef8f586b9030601f492e2768aa7fa081f7de7284e501aee8909da05
GET /genfiles/cms/1/desktop/promotions/wheelBet/bg-modal.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:01 GMT
content-type: image/png
content-length: 83859
last-modified: Wed, 15 Nov 2023 08:09:46 GMT
etag: "0212b288b8e42c03fb5c998703979369"
x-time-ng: 0.003
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2024-04-21T21:05:05+00:00
traceparent: 00-40ea93683c04916f051115ea47f89d40-4074897e4c30f6b7-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-static/shared-assets/__shared_chunk_Y7BFQXXC.js | 185.244.209.62 | 200 OK | 64 kB |
URL GET HTTP/2v3.traincdn.com/sys-static/shared-assets/__shared_chunk_Y7BFQXXC.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typegzip compressed data, max speed, from Unix Hash761cc79013c2b6cffc3c73ce2d17b76f 3546362dc9b28a5ccaa2ca2df7a8b3d59fbf28a6 fb2151a7fa1bdef95e3a59a6ac2424e6376cd4badca8ecabed3316d0c24d92ff
GET /sys-static/shared-assets/__shared_chunk_Y7BFQXXC.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:19:57 GMT
content-type: text/javascript; charset=utf-8
last-modified: Thu, 25 Apr 2024 13:13:28 GMT
etag: W/"8fecd56fc5520134f3c39b17431fe0c2"
x-amz-meta-mtime: 1714050698.034158118
content-encoding: gzip
expires: Fri, 26 Apr 2024 15:17:53 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-a79165185a6f6269c73ae40e585762e3-59b71886cf8373f9-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T15:17:53+00:00, 2024-04-25T15:53:11+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-660473.top/static-promotion/desktop/default/7fe91d4f.modern.js | 178.253.29.47 | | 307 kB |
URL 1xlite-660473.top/static-promotion/desktop/default/7fe91d4f.modern.js IP178.253.29.47:0 ASN#202492 Silverhill Group Holding Ltd
CertificateIssuerLet's Encrypt Subject1xlite-660473.top FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (60173) Size307 kB (306826 bytes) Hash4d819522bb8da63bd76e4df6e4b4b7b3 517e9cf1291b458491a8398a09761c286afcfd00 7b4ec775522fb3b1c963b95ec9e8faa24d5d6cad09cb1daaf416c65f8a8f5622
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /static-promotion/desktop/default/7fe91d4f.modern.js HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/promo-frame/en/promotion/wheel-bet
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22LGTNTzSTpCRrxnGhkthx77%22%2C%22LGTNTzSTpCRrxnGhkthx77%22%5D%2C%22site_id%22%3A%22fe627071%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dL2YrqfphP8hOAwd8Ag==; SESSION=997daf28e246f35f35cb31ed95423e4f; window_width=1280; che_g=4045b7df-70e6-5400-0d3c-1295ada68e8d; application_locale=en; sh.session.id=e6d0cf13-9326-4e99-bacf-224d824cbf68
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:19:59 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 26 Apr 2024 11:19:41 GMT
vary: Accept-Encoding
etag: W/"662b8dcd-4e8dce"
expires: Sat, 27 Apr 2024 13:19:58 GMT
cache-control: max-age=86400
content-encoding: br
x-time-ng: 0.000, 0.056
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.085
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/not-available.png | 185.244.209.62 | | 741 B |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/not-available.png IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typePNG image data, 30 x 34, 8-bit colormap, non-interlaced Hash20dc9615d00d0b41d165bbd81d27d4eb 15fedf85f294dd472d60a160c7c8f42e23beec3b a06cb168275016f3ef9855789fab4e1573abf0be0b6ae6ba3f8a886922ca11be
GET /genfiles/cms/1/desktop/promotions/wheelBet/not-available.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:01 GMT
content-type: image/png
content-length: 741
last-modified: Wed, 15 Nov 2023 08:09:40 GMT
etag: "20dc9615d00d0b41d165bbd81d27d4eb"
x-time-ng: 0.002
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2024-04-21T21:07:33+00:00
traceparent: 00-38f070d3a8a4186aac772215bd576fca-7cd15baacd4dfb43-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/6a3b01d318b759a5d8cbcd76fd908037.json | 178.253.29.47 | 200 OK | 500 kB |
URL GET HTTP/21xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/6a3b01d318b759a5d8cbcd76fd908037.json IP178.253.29.47:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerLet's Encrypt Subject1xlite-660473.top FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT
Size500 kB (500395 bytes) Hasheec4805fe0f6e17d5ade92a382f5b068 ca6a26fe8ea31e66c0bef88c4e7f489dce9f9a4b b50904054641c30b6b4ee7ed4290b52022825f2e9e9e3a4a060b8ecddf28c898
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/6a3b01d318b759a5d8cbcd76fd908037.json HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22LGTNTzSTpCRrxnGhkthx77%22%2C%22LGTNTzSTpCRrxnGhkthx77%22%5D%2C%22site_id%22%3A%22fe627071%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dL2YrqfphP8hOAwd8Ag==
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:19:56 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Wed, 28 Feb 2024 21:42:45 GMT
etag: W/"eec4805fe0f6e17d5ade92a382f5b068"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.015
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sfiles/games-images/game-animations/game-85-animation.svg | 185.244.209.62 | 200 OK | 78 kB |
URL GET HTTP/2v3.traincdn.com/sfiles/games-images/game-animations/game-85-animation.svg IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typegzip compressed data, max speed, from Unix Hash6c967fb020475d0093bd586401aa4a98 e09566fe61f86141e8dad5e8df0d132b25110a85 36da1299e6249ab8eaffea7d00aa66a05ffc928d0bcf0cfad52b69f44b2ebec5
GET /sfiles/games-images/game-animations/game-85-animation.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:19:57 GMT
content-type: image/svg+xml
last-modified: Wed, 24 Jan 2024 13:34:39 GMT
etag: W/"9e7af5cc8f19e556b8696b1f616368bb"
x-amz-meta-origin-date-iso8601: 2024-01-24T13:05:40.000Z
expires: Fri, 19 Apr 2024 00:06:27 GMT
cache-control: max-age=86400, public
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-13d4e162b586a17fd9a7232eb68247f6-1cbfef3e35e618b7-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-23T03:23:59+00:00, 2024-04-26T00:36:40+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| widget.suphelper.top/ | 104.18.39.72 | 200 OK | 128 kB |
IP104.18.39.72:443
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerGoogle Trust Services LLC Subjectsuphelper.top Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36 ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT
File typegzip compressed data, from Unix Size128 kB (127572 bytes) Hash1efe68d299535ebea86e79720c762c40 20d75e8bee89c7488da36a81ce6369b296aab458 6af23c588c7d81067d8aa850e176370c9d9529fce04b05cf01019e2ff4770a01
GET / HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 26 Apr 2024 13:19:58 GMT
content-type: text/html; charset=utf-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=60, stale-while-revalidate=30
vary: Accept-Encoding
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 87a6de130d981bfa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/line-top.png | 185.244.209.62 | | 7.6 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/line-top.png IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typePNG image data, 631 x 92, 8-bit colormap, non-interlaced Hash65178f3b0a19c75d64d24f22e047664f 5d1f08431e1a60f0d256937ecff6d119c8bdc832 53b9fa530ad8441d60fe627acd4f66720a0479327258df2f9d4dc241315af97a
GET /genfiles/cms/1/desktop/promotions/wheelBet/line-top.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:01 GMT
content-type: image/png
content-length: 7625
last-modified: Wed, 15 Nov 2023 08:09:40 GMT
etag: "65178f3b0a19c75d64d24f22e047664f"
x-time-ng: 0.067
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2024-04-24T23:54:02+00:00
traceparent: 00-f0834343e5586960a8b39ac7ac35ce6b-7685fd3632597e28-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/line-modal-bottom.png | 185.244.209.62 | | 8.4 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/line-modal-bottom.png IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typePNG image data, 662 x 99, 8-bit colormap, non-interlaced Hashfbc8c4ca00e2ca9e3932ef3178152748 94d32d9a2d617636044e46a337b035def017ee72 6163a56401f7b0a01bd8cb02b8c6135a58b8ceaf22543d63c790364dcb45f316
GET /genfiles/cms/1/desktop/promotions/wheelBet/line-modal-bottom.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:01 GMT
content-type: image/png
content-length: 8432
last-modified: Wed, 15 Nov 2023 08:09:41 GMT
etag: "fbc8c4ca00e2ca9e3932ef3178152748"
x-time-ng: 0.079
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2024-04-26T12:55:16+00:00
traceparent: 00-f9cea233baa52a2dbad2dd582c05dbf2-e65e849180700c16-01
x-id: osix-hw-edge-gc4
cache: HIT, MISS
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-static/shared-assets/__shared_chunk_M4D4AAJL.js | 185.244.209.62 | 200 OK | 137 kB |
URL GET HTTP/2v3.traincdn.com/sys-static/shared-assets/__shared_chunk_M4D4AAJL.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typegzip compressed data, max speed, from Unix Size137 kB (137188 bytes) Hash995cd4f6b94f785809d114dd2e968b2b 5f2c3764f2af68c3134ea1af64e221ab76fd6029 eed5330a7043c5c09ef4ddf265c5f56e325bac0484110ddff05c53471e3c505e
GET /sys-static/shared-assets/__shared_chunk_M4D4AAJL.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:19:58 GMT
content-type: text/javascript; charset=utf-8
last-modified: Fri, 26 Apr 2024 11:01:17 GMT
etag: W/"51ddc52774f4e5bd6a6f1c22e9d19674"
x-amz-meta-mtime: 1714129125.128949636
content-encoding: gzip
expires: Sat, 27 Apr 2024 12:41:56 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-0ed11966ed5a967e0128b2f7e8c66f00-3a9e9fb837b541d7-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T12:41:56+00:00, 2024-04-26T12:44:32+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| widget.suphelper.top/_next/static/chunks/framework-49f1e091cbf6b261.js | 104.18.39.72 | 200 OK | 72 kB |
URL GET HTTP/2widget.suphelper.top/_next/static/chunks/framework-49f1e091cbf6b261.js IP104.18.39.72:443
Requested byhttps://widget.suphelper.top/ CertificateIssuerGoogle Trust Services LLC Subjectsuphelper.top Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36 ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT
File typegzip compressed data, from Unix Hash9002d051b5c24eb25cc3c6334a1b22df a9f415ca8129be63168ae0a103f99825e4ca0ae7 0825ce75d59217cb8047874faa29879017b51cdeed26306cb27b6f5059fa9252
GET /_next/static/chunks/framework-49f1e091cbf6b261.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 26 Apr 2024 13:19:58 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 02 Nov 2023 12:45:49 GMT
etag: W/"22695-18b9011853a"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 13512187
expires: Sat, 26 Apr 2025 13:19:58 GMT
server: cloudflare
cf-ray: 87a6de147fe01bfa-OSL
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/line-bottom.png | 185.244.209.62 | | 8.5 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/line-bottom.png IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typePNG image data, 631 x 101, 8-bit colormap, non-interlaced Hash30d68039c4aa17eec5c6851592d09b3a 3efe06ebf6246ea1038b237f06d512dfd5a895e0 f81eabacc8b5e0cf41de56a7d177f5e1848bb5be563f4b98a3e6ebbaa4cb69cc
GET /genfiles/cms/1/desktop/promotions/wheelBet/line-bottom.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:01 GMT
content-type: image/png
content-length: 8530
last-modified: Wed, 15 Nov 2023 08:09:41 GMT
etag: "30d68039c4aa17eec5c6851592d09b3a"
x-time-ng: 0.004
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2024-04-24T23:53:39+00:00
traceparent: 00-768248c6b3114e2762732ee6ff66894f-832358fa3ec30406-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-660473.top/static-promotion/desktop/default/65f0066c.modern.js | 178.253.29.47 | | 107 kB |
URL 1xlite-660473.top/static-promotion/desktop/default/65f0066c.modern.js IP178.253.29.47:0 ASN#202492 Silverhill Group Holding Ltd
CertificateIssuerLet's Encrypt Subject1xlite-660473.top FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size107 kB (106988 bytes) Hash05ed3e98faabeb8cdffd2e23e2399f7b b7ad36b108401497621c0515e33cf8b938869682 3bad09f6a5a05070c2fd790d81b44be44f17e2c19f3fb859fa18207ff9d233da
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /static-promotion/desktop/default/65f0066c.modern.js HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/promo-frame/en/promotion/wheel-bet
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22LGTNTzSTpCRrxnGhkthx77%22%2C%22LGTNTzSTpCRrxnGhkthx77%22%5D%2C%22site_id%22%3A%22fe627071%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dL2YrqfphP8hOAwd8Ag==; SESSION=997daf28e246f35f35cb31ed95423e4f; window_width=0; che_g=4045b7df-70e6-5400-0d3c-1295ada68e8d; application_locale=en; sh.session.id=e6d0cf13-9326-4e99-bacf-224d824cbf68
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:00 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 26 Apr 2024 11:19:41 GMT
vary: Accept-Encoding
etag: W/"662b8dcd-1644e"
expires: Sat, 27 Apr 2024 13:20:00 GMT
cache-control: max-age=86400
content-encoding: br
x-time-ng: 0.000, 0.004
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.020
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/person.png | 185.244.209.62 | | 128 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/person.png IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typePNG image data, 679 x 1396, 8-bit colormap, non-interlaced Size128 kB (128051 bytes) Hash3eca2e5366710fc3f2f799e00986927b 9d372c52d999396e39fb4b5c9b8fff4cacbefff9 29ee5fb61866f6d5afc908865cfa812d0e6050f5684ba33849a7714f324a0d3f
GET /genfiles/cms/1/desktop/promotions/wheelBet/person.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:01 GMT
content-type: image/png
content-length: 128051
last-modified: Wed, 15 Nov 2023 08:09:38 GMT
etag: "3eca2e5366710fc3f2f799e00986927b"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2024-04-26T13:17:19+00:00
traceparent: 00-1e193a94d44be672704df96202da7829-ce71a9c12ddca409-01
x-id: osix-hw-edge-gc4
cache: HIT, MISS
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| widget.suphelper.top/_next/static/724286ac/_middlewareManifest.js | 104.18.39.72 | 200 OK | 22 kB |
URL GET HTTP/2widget.suphelper.top/_next/static/724286ac/_middlewareManifest.js IP104.18.39.72:443
Requested byhttps://widget.suphelper.top/ CertificateIssuerGoogle Trust Services LLC Subjectsuphelper.top Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36 ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT
File typegzip compressed data, from Unix Hash8736793ab28d43afe16914a450837aa7 bfb4fdb4588133c34995fdadbfdd34330ef2ece2 b7ad2df5b504d2494a3d73735bd475fcf988738854458bf462b367599f9bd448
GET /_next/static/724286ac/_middlewareManifest.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 26 Apr 2024 13:19:58 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Wed, 24 Apr 2024 22:20:24 GMT
etag: W/"5c-18f12321a93"
vary: Accept-Encoding
cf-cache-status: HIT
age: 111737
expires: Sat, 26 Apr 2025 13:19:58 GMT
server: cloudflare
cf-ray: 87a6de14d8371bfa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/wheel-external-md.png | 185.244.209.62 | | 42 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/wheel-external-md.png IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typePNG image data, 508 x 490, 8-bit colormap, non-interlaced Hash14cf7dd6b977a86820688da92be750e7 2a1f5759ce2398b0b52b2807cdf8ddf5e38a019c a75eccad428fa865346dacd05d2dc89a5eda9de0ee5d9b292f943cbe33fd1940
GET /genfiles/cms/1/desktop/promotions/wheelBet/wheel-external-md.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:02 GMT
content-type: image/png
content-length: 41966
last-modified: Wed, 15 Nov 2023 08:08:28 GMT
etag: "14cf7dd6b977a86820688da92be750e7"
x-time-ng: 0.004
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2024-04-26T12:42:17+00:00
traceparent: 00-d4fce951025ffe0eeb155b25add6ef9d-1185569a1c8722e7-01
x-id: osix-hw-edge-gc4
cache: HIT, MISS
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/wheel-inner-sm.png | 185.244.209.62 | | 49 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/wheel-inner-sm.png IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typePNG image data, 345 x 345, 8-bit colormap, non-interlaced Hash76e616589092e2a075a2f9ef294e66b0 712cbbfd77a0d429c981efafa38c68bb53546f39 89008b1fcf47490063c1cc59004a2895af55ba57e9bf166713ab1473903712d7
GET /genfiles/cms/1/desktop/promotions/wheelBet/wheel-inner-sm.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:02 GMT
content-type: image/png
content-length: 48850
last-modified: Wed, 15 Nov 2023 08:08:25 GMT
etag: "76e616589092e2a075a2f9ef294e66b0"
x-time-ng: 0.006
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2024-04-26T12:42:22+00:00
traceparent: 00-7f0b20a970eb8d9baec251613646bb8e-ff4d9c2cbcdba0d1-01
x-id: osix-hw-edge-gc4
cache: HIT, MISS
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| widget.suphelper.top/_next/static/chunks/0c294a17-329dda05de2a378d.js | 104.18.39.72 | 200 OK | 15 kB |
URL GET HTTP/2widget.suphelper.top/_next/static/chunks/0c294a17-329dda05de2a378d.js IP104.18.39.72:443
Requested byhttps://widget.suphelper.top/ CertificateIssuerGoogle Trust Services LLC Subjectsuphelper.top Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36 ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT
File typegzip compressed data, from Unix Hashc34b1e4e8203c8b6b725297c428b75af 2327ebd92904af355f8f45a744c4aac492b4e584 2f4676997bc189bbedf62cccbf34068c856bd6f72c54a9da5b0e3396cb16cd22
GET /_next/static/chunks/0c294a17-329dda05de2a378d.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 26 Apr 2024 13:19:58 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Wed, 17 Jan 2024 06:19:55 GMT
etag: W/"2925-18d161388b8"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 8665001
expires: Sat, 26 Apr 2025 13:19:58 GMT
server: cloudflare
cf-ray: 87a6de14980f1bfa-OSL
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/blik.png | 185.244.209.62 | | 1.3 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/blik.png IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typePNG image data, 103 x 56, 8-bit colormap, non-interlaced Hash9a901afc44d0db8d99560f5fdeac9cd3 c4f63f282c334a0af06fcbf4f10275d3be7b9f87 11f7f4511af8fe7d6292e340517376d7fa7850153dee5953007fe68d21f92f57
GET /genfiles/cms/1/desktop/promotions/wheelBet/blik.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:02 GMT
content-type: image/png
content-length: 1277
last-modified: Wed, 15 Nov 2023 08:09:43 GMT
etag: "9a901afc44d0db8d99560f5fdeac9cd3"
x-time-ng: 0.045
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2024-04-26T13:17:53+00:00
traceparent: 00-1bb53f9417db12f802ba32719cdf5b72-402446b3767f2862-01
x-id: osix-hw-edge-gc4
cache: HIT, MISS
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/bg__desc.webp | 185.244.209.62 | | 118 B |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/bg__desc.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeHTML document, ASCII text, with CRLF line terminators Hashb58d632409efb03916cfef3229576c55 c2fb66483c899f427b0354d52b080ce8bb6b47c4 b0b0fadb436530e81236a3d97058fc501d732eb24768845c5e97ac8ac3c32176
GET /genfiles/cms/1/desktop/promotions/wheelBet/bg__desc.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Fri, 26 Apr 2024 13:20:02 GMT
content-type: text/html; charset=utf-8
content-length: 118
strict-transport-security: max-age=15724800; includeSubDomains
x-id-shield: am3-hw-edge-gc89
traceparent: 00-0165f431fbd72dfc8562624c7c1a394d-0ad5d8e11ffe451f-01
x-id: osix-hw-edge-gc4
cache: MISS, MISS
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/coins-tab-1.webp | 185.244.209.62 | | 12 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/coins-tab-1.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Hash6d8b79282ea938ebc164543780bf6c95 b6d2d84a6848483f92def2ebbe42b2f3e0ae649b 30aae6f5426e82f3124451d70a82798d1b3d0da5066ed6b0ba29d1158988b963
GET /genfiles/cms/1/desktop/promotions/wheelBet/coins-tab-1.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:02 GMT
content-type: image/webp
content-length: 12430
last-modified: Wed, 15 Nov 2023 08:09:42 GMT
etag: "6d8b79282ea938ebc164543780bf6c95"
x-time-ng: 0.046
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2024-04-26T12:41:08+00:00
traceparent: 00-40298dbb83db7e1e31b4c30c1328cc16-ea0be63d8d00b718-01
x-id: osix-hw-edge-gc4
cache: HIT, MISS
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-660473.top/genfiles/web-app-v2/dictionary2/v3_main/en/dictionary_742cb40ca8162947f3c2ce1035390890.json | 178.253.29.47 | | 50 kB |
URL 1xlite-660473.top/genfiles/web-app-v2/dictionary2/v3_main/en/dictionary_742cb40ca8162947f3c2ce1035390890.json IP178.253.29.47:0 ASN#202492 Silverhill Group Holding Ltd
CertificateIssuerLet's Encrypt Subject1xlite-660473.top FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT
Hash7273614537cdc74ec5376bac04e0d0fd d5bf6271410cee23ba382ba1793ffd62160e3f76 f504a41f26190530e5905f2c9cec762761056a6175af343a3a36907fa272afea
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/web-app-v2/dictionary2/v3_main/en/dictionary_742cb40ca8162947f3c2ce1035390890.json HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/promo-frame/en/promotion/wheel-bet
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22LGTNTzSTpCRrxnGhkthx77%22%2C%22LGTNTzSTpCRrxnGhkthx77%22%5D%2C%22site_id%22%3A%22fe627071%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dL2YrqfphP8hOAwd8Ag==; SESSION=997daf28e246f35f35cb31ed95423e4f; window_width=1920; che_g=4045b7df-70e6-5400-0d3c-1295ada68e8d; application_locale=en; sh.session.id=e6d0cf13-9326-4e99-bacf-224d824cbf68
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:00 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
last-modified: Sun, 21 Apr 2024 14:10:06 GMT
etag: W/"7273614537cdc74ec5376bac04e0d0fd"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.064
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-static/sys-promotions-and-bonuses-static/Desktop/Default/44136fa355b3/bcacd1eac43a.css | 185.244.209.62 | 200 OK | 87 kB |
URL GET HTTP/2v3.traincdn.com/sys-static/sys-promotions-and-bonuses-static/Desktop/Default/44136fa355b3/bcacd1eac43a.css IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typegzip compressed data, max speed, from Unix Hashf6636b67948d23ad386581a262060667 2d90e79e91463058e7465ece4c6356e71e7176d9 493e1d5975622e848241f1b4b04e8b0a1a7e0f58f084ee52ccbdda8cdec2d908
GET /sys-static/sys-promotions-and-bonuses-static/Desktop/Default/44136fa355b3/bcacd1eac43a.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:19:55 GMT
content-type: text/css; charset=utf-8
last-modified: Thu, 25 Apr 2024 10:33:38 GMT
etag: W/"e10ff0240cb41456d98910f7ff68efa1"
x-amz-meta-mtime: 1714041101.521667802
content-encoding: gzip
expires: Sat, 27 Apr 2024 08:59:45 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-927272d8bcec555ce6efb1f6815560d8-2783c3adb7fa635a-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T08:59:45+00:00, 2024-04-26T09:48:31+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/site-admin/colors/13f2420925687a194e4c38472ae71214.css | 185.244.209.62 | 200 OK | 450 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/site-admin/colors/13f2420925687a194e4c38472ae71214.css IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typegzip compressed data, max speed, from Unix Size450 kB (450171 bytes) Hash93d53078927053140fc8c7350eed95fa 3409a4e34e9622c4058b2714bf7fb4a609845198 83dd6d98dd0970e32566b4b88dc73501ad34040bc8ea416a9753d5241d767f89
GET /genfiles/site-admin/colors/13f2420925687a194e4c38472ae71214.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:19:55 GMT
content-type: text/css
last-modified: Fri, 05 Apr 2024 07:40:06 GMT
etag: W/"4610c92e7697e57d1149e233ef5edab2"
content-encoding: gzip
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-ffded10982146fcd92469ecc8c9211a3-4c3b285946688d6e-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-05T09:04:13+00:00, 2024-04-26T13:04:21+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/wheel-light.png | 185.244.209.62 | | 36 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/wheel-light.png IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typePNG image data, 604 x 604, 8-bit colormap, non-interlaced Hash2b4eba7f5f5cc445fdb5f527787b5035 62a02ab999f211485a86432d7bf77a19a2cee01d b9e2a1998ff9b48d5f5f32e5edded584d326abd3586cd44bfdae0ba0429ec944
GET /genfiles/cms/1/desktop/promotions/wheelBet/wheel-light.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:02 GMT
content-type: image/png
content-length: 35620
last-modified: Wed, 15 Nov 2023 08:08:23 GMT
etag: "2b4eba7f5f5cc445fdb5f527787b5035"
x-time-ng: 0.003
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2024-04-26T12:45:04+00:00
traceparent: 00-e013e1582fb9a75e9e6bac6d62f55411-ee116b1baf3f7622-01
x-id: osix-hw-edge-gc4
cache: HIT, MISS
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/coins.webp | 185.244.209.62 | | 30 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/coins.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Hashafeb21e89500b7d2f76c11e9c26db33a 1f1aeba726915f8183b9bafa4666008827f4ed6f 989c6db4825fd3d9f125a7915c07de6a672cf08b971c0e60593a1ff192101cf4
GET /genfiles/cms/1/desktop/promotions/wheelBet/coins.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:02 GMT
content-type: image/webp
content-length: 30308
last-modified: Wed, 15 Nov 2023 08:09:41 GMT
etag: "afeb21e89500b7d2f76c11e9c26db33a"
x-time-ng: 0.002
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2024-04-26T12:45:05+00:00
traceparent: 00-c56b34b8f4d09faf51a230462c1483fa-c2738d015c7a4f4a-01
x-id: osix-hw-edge-gc4
cache: HIT, MISS
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/coins-md.webp | 185.244.209.62 | | 11 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/coins-md.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Hash386bde2102de14d58339c852bd38e06a 49bb599bbe5c06d537890cbb2940ab38840258bf 4695fcc638997d404d69d39badf6f480a69addb9d6be026d4a58016f24db7930
GET /genfiles/cms/1/desktop/promotions/wheelBet/coins-md.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:02 GMT
content-type: image/webp
content-length: 11170
last-modified: Wed, 15 Nov 2023 08:09:43 GMT
etag: "386bde2102de14d58339c852bd38e06a"
x-time-ng: 0.003
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2024-04-26T12:45:05+00:00
traceparent: 00-86f845c54e91b27ff886569f6eab53bc-4ba401440d86c071-01
x-id: osix-hw-edge-gc4
cache: HIT, MISS
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/gtag/js?id=UA-131019888-1&l=dataLayer&cx=c | 142.250.74.72 | | 69 kB |
URL www.googletagmanager.com/gtag/js?id=UA-131019888-1&l=dataLayer&cx=c IP142.250.74.72:0
File typeJavaScript source, ASCII text, with very long lines (1763) Hash2e744bef603c6133813630c0d3291afe 41f50bb169583c36b132a7bfe689db4b0911d396 888c8f52b14be49ca9e7075a43561b6124e51ecc3a58a35d922cf5471dd21e22
GET /gtag/js?id=UA-131019888-1&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 26 Apr 2024 13:20:02 GMT
expires: Fri, 26 Apr 2024 13:20:02 GMT
cache-control: private, max-age=900
last-modified: Fri, 26 Apr 2024 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 69246
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/person-tab.webp | 185.244.209.62 | | 86 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/person-tab.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Hash2b31876239d7477574e1f6c28e9226b8 2f0aaab7061b5268da322768b7bb9e2ee4849cda dec68c7ee18d3f0739456ec1f96edec787d39e2b0d67683eca0d537c15bcde41
GET /genfiles/cms/1/desktop/promotions/wheelBet/person-tab.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:02 GMT
content-type: image/webp
content-length: 85822
last-modified: Wed, 15 Nov 2023 08:09:39 GMT
etag: "2b31876239d7477574e1f6c28e9226b8"
x-time-ng: 0.002
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2024-04-26T12:41:09+00:00
traceparent: 00-6fac07f3f35741b5cd85c300cb53c4c1-da91e9eab681308e-01
x-id: osix-hw-edge-gc4
cache: HIT, MISS
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/c6fd0f94684461b018b5d68900173ba3.json | 178.253.29.47 | 200 OK | 473 B |
URL GET HTTP/21xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/c6fd0f94684461b018b5d68900173ba3.json IP178.253.29.47:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerLet's Encrypt Subject1xlite-660473.top FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT
Hashe67aa19ef00fd2285c7b4ecbb6018306 5b01d4786d6fbfbd5de7901eb4359a55466f434a 135c1042c31e3674d8a1b3b9e7179f4f36868048ca6058ea458ff291b8880b5e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/c6fd0f94684461b018b5d68900173ba3.json HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2Fwheel-bet
content-type: application/json
x-requested-with: XMLHttpRequest
is-srv: false
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22LGTNTzSTpCRrxnGhkthx77%22%2C%22LGTNTzSTpCRrxnGhkthx77%22%5D%2C%22site_id%22%3A%22fe627071%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dL2YrqfphP8hOAwd8Ag==; SESSION=997daf28e246f35f35cb31ed95423e4f; window_width=0; che_g=4045b7df-70e6-5400-0d3c-1295ada68e8d; application_locale=en; sh.session.id=e6d0cf13-9326-4e99-bacf-224d824cbf68; _ga_7V60YW2S5H=GS1.1.1714137601.1.0.1714137601.60.0.0; _ga=GA1.1.1321333404.1714137601
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:02 GMT
content-type: application/json
content-length: 473
last-modified: Tue, 06 Jun 2023 13:22:27 GMT
etag: "e67aa19ef00fd2285c7b4ecbb6018306"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.016
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/73ad3e60e189f328e251a53aec716273.json | 178.253.29.47 | 200 OK | 846 B |
URL GET HTTP/21xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/73ad3e60e189f328e251a53aec716273.json IP178.253.29.47:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerLet's Encrypt Subject1xlite-660473.top FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT
Hash730bd58f457e46b6ac3b9f6028a8e162 79d4e964a4de0e58973705ff75bd01d22dd163e5 e167d372543fa4e7e3b4c8a17f67dbfb6a60adc1371ae5c7e7e8ebff97829485
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/73ad3e60e189f328e251a53aec716273.json HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2Fwheel-bet
content-type: application/json
x-requested-with: XMLHttpRequest
is-srv: false
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22LGTNTzSTpCRrxnGhkthx77%22%2C%22LGTNTzSTpCRrxnGhkthx77%22%5D%2C%22site_id%22%3A%22fe627071%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dL2YrqfphP8hOAwd8Ag==; SESSION=997daf28e246f35f35cb31ed95423e4f; window_width=0; che_g=4045b7df-70e6-5400-0d3c-1295ada68e8d; application_locale=en; sh.session.id=e6d0cf13-9326-4e99-bacf-224d824cbf68; _ga_7V60YW2S5H=GS1.1.1714137601.1.0.1714137601.60.0.0; _ga=GA1.1.1321333404.1714137601
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:02 GMT
content-type: application/json
content-length: 846
last-modified: Mon, 07 Aug 2023 13:49:51 GMT
etag: "730bd58f457e46b6ac3b9f6028a8e162"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.015
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-ui/2.2.11/Desktop/Default/client.css | 185.244.209.62 | 200 OK | 216 kB |
URL GET HTTP/2v3.traincdn.com/sys-ui/2.2.11/Desktop/Default/client.css IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typegzip compressed data, max speed, from Unix Size216 kB (216005 bytes) Hash8fc1fb906f9b69c485f575c1761b73c2 5b543cbdb9ff8f9a720fcf16873ea61598f6485d cb8c30ad133778df728c2d828ea61519d70b95941d03bec65f8c60a62ce8865c
GET /sys-ui/2.2.11/Desktop/Default/client.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:19:55 GMT
content-type: text/css; charset=utf-8
last-modified: Tue, 23 Apr 2024 11:41:52 GMT
etag: W/"5be31e73f9aaf3c05331c4f0cd80e4d9"
x-amz-meta-mtime: 1713872392.088051093
content-encoding: gzip
expires: Wed, 24 Apr 2024 14:28:29 GMT
cache-control: max-age=86400
x-time-ng: 0.008
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-ac5b70441005092a46e8e06a4b828ea5-d427f788d5bcde6c-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-23T14:28:29+00:00, 2024-04-25T14:32:54+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/b0276b0a7ae86d0dc87c292efc4ad16c.json | 178.253.29.47 | 200 OK | 884 B |
URL GET HTTP/21xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/b0276b0a7ae86d0dc87c292efc4ad16c.json IP178.253.29.47:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerLet's Encrypt Subject1xlite-660473.top FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT
Hashc2eb16bc46aea587d16e3eb8bff889ad ed5e1e8dfaf6a7f9d067aed73191d522d71f6510 37c40a123ec6f4f9ebd9f26e2ccb1df2cfbfb98cee84ec03bb6153e6351590b9
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/b0276b0a7ae86d0dc87c292efc4ad16c.json HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2Fwheel-bet
content-type: application/json
x-requested-with: XMLHttpRequest
is-srv: false
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22LGTNTzSTpCRrxnGhkthx77%22%2C%22LGTNTzSTpCRrxnGhkthx77%22%5D%2C%22site_id%22%3A%22fe627071%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dL2YrqfphP8hOAwd8Ag==; SESSION=997daf28e246f35f35cb31ed95423e4f; window_width=0; che_g=4045b7df-70e6-5400-0d3c-1295ada68e8d; application_locale=en; sh.session.id=e6d0cf13-9326-4e99-bacf-224d824cbf68; _ga_7V60YW2S5H=GS1.1.1714137601.1.0.1714137601.60.0.0; _ga=GA1.1.1321333404.1714137601
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:02 GMT
content-type: application/json
content-length: 884
last-modified: Thu, 31 Aug 2023 12:36:01 GMT
etag: "c2eb16bc46aea587d16e3eb8bff889ad"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.019
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/wheel-inner-md.webp | 185.244.209.62 | | 7.6 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/wheel-inner-md.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Hash354b99e0ea5d76bf522eb6515388b7c8 7f499a67542efc7faed1f7641b7290f03df3b808 0aa329b474b49084e69d41dc03298dc202a68c2e2286c154ff19eb6641bddfb8
GET /genfiles/cms/1/desktop/promotions/wheelBet/wheel-inner-md.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:02 GMT
content-type: image/webp
content-length: 7572
last-modified: Wed, 15 Nov 2023 08:08:25 GMT
etag: "354b99e0ea5d76bf522eb6515388b7c8"
x-time-ng: 0.003
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2024-04-26T12:45:06+00:00
traceparent: 00-3467775869fae347febe197f450c6f12-b54cd1db9c093a0d-01
x-id: osix-hw-edge-gc4
cache: HIT, MISS
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/person.webp | 185.244.209.62 | | 104 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/person.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Size104 kB (103654 bytes) Hash744d3d08cbd126d56242095da9c56b37 bbd86ca9a1b7a4db623255731f4ec9c9e6a5eae3 2aef83bfe4bd2976deb730c5b892f4b95a4fe74d328b65a35d610cb7aeb3e872
GET /genfiles/cms/1/desktop/promotions/wheelBet/person.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:02 GMT
content-type: image/webp
content-length: 103654
last-modified: Wed, 15 Nov 2023 08:09:38 GMT
etag: "744d3d08cbd126d56242095da9c56b37"
x-time-ng: 0.002
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2024-04-26T12:45:06+00:00
traceparent: 00-d5131ded7d4cd628fbd7bcba9b5be99b-657d2b63345cbbf4-01
x-id: osix-hw-edge-gc4
cache: HIT, MISS
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/9b68ddfb3774b1a7929de6e484aca49a.json | 178.253.29.47 | 200 OK | 167 B |
URL GET HTTP/21xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/9b68ddfb3774b1a7929de6e484aca49a.json IP178.253.29.47:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerLet's Encrypt Subject1xlite-660473.top FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT
Hash03158ff80c6e448da55d5672eb032b77 fc39a273b30415c7431f21fecdc4a5bf2694c7e2 e584a61ab508b69c5b9a4ab2e4dd86e3b7e7094547c4739d048ab1f639a8025c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/9b68ddfb3774b1a7929de6e484aca49a.json HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2Fwheel-bet
content-type: application/json
x-requested-with: XMLHttpRequest
is-srv: false
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22LGTNTzSTpCRrxnGhkthx77%22%2C%22LGTNTzSTpCRrxnGhkthx77%22%5D%2C%22site_id%22%3A%22fe627071%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dL2YrqfphP8hOAwd8Ag==; SESSION=997daf28e246f35f35cb31ed95423e4f; window_width=0; che_g=4045b7df-70e6-5400-0d3c-1295ada68e8d; application_locale=en; sh.session.id=e6d0cf13-9326-4e99-bacf-224d824cbf68; _ga_7V60YW2S5H=GS1.1.1714137601.1.0.1714137601.60.0.0; _ga=GA1.1.1321333404.1714137601
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:02 GMT
content-type: application/json
content-length: 167
last-modified: Tue, 22 Aug 2023 06:44:19 GMT
etag: "03158ff80c6e448da55d5672eb032b77"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.015
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/wheel-external.webp | 185.244.209.62 | | 192 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/wheel-external.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Size192 kB (191936 bytes) Hashd1a1bf3175394f1b5480727d951f9144 f3840ae9f328ac04f31e3b4bb90f8b6c4758ee89 7c9fb1f84cfec05795dacbfbdcda39b58b0a9ea7064bb11766b519a10c29249c
GET /genfiles/cms/1/desktop/promotions/wheelBet/wheel-external.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:02 GMT
content-type: image/webp
content-length: 191936
last-modified: Fri, 15 Dec 2023 11:22:27 GMT
etag: "d1a1bf3175394f1b5480727d951f9144"
x-time-ng: 0.104
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2024-04-26T12:41:09+00:00
traceparent: 00-12344191ee45482e607c41193388502f-9f186a9b073a71f2-01
x-id: osix-hw-edge-gc4
cache: HIT, MISS
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/ab7b4a1bc60033d1ee0be64d0074e4b0.json | 178.253.29.47 | 200 OK | 976 B |
URL GET HTTP/21xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/ab7b4a1bc60033d1ee0be64d0074e4b0.json IP178.253.29.47:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerLet's Encrypt Subject1xlite-660473.top FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT
Hash5004f1883be9a4a8985c93b9323311d3 3d2a8c62126da89fd84c27b59e816d27a3862e07 af74469643e07baba128bf91fdd87f0f255c8503fae04cb3d17961b600f0617d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/ab7b4a1bc60033d1ee0be64d0074e4b0.json HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2Fwheel-bet
content-type: application/json
x-requested-with: XMLHttpRequest
is-srv: false
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22LGTNTzSTpCRrxnGhkthx77%22%2C%22LGTNTzSTpCRrxnGhkthx77%22%5D%2C%22site_id%22%3A%22fe627071%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dL2YrqfphP8hOAwd8Ag==; SESSION=997daf28e246f35f35cb31ed95423e4f; window_width=0; che_g=4045b7df-70e6-5400-0d3c-1295ada68e8d; application_locale=en; sh.session.id=e6d0cf13-9326-4e99-bacf-224d824cbf68; _ga_7V60YW2S5H=GS1.1.1714137601.1.0.1714137601.60.0.0; _ga=GA1.1.1321333404.1714137601
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:02 GMT
content-type: application/json
content-length: 976
last-modified: Wed, 07 Jun 2023 08:08:57 GMT
etag: "5004f1883be9a4a8985c93b9323311d3"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
accept-ranges: bytes
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.016
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/wheel-external-md.webp | 185.244.209.62 | | 44 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/wheel-external-md.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Hash01419e8765b9a2155475a1a4d5c5f050 4ac00539264029113306ed95e7317e500a173780 d9f068635bbc801f2831512588121de1e5acdc5c48c6c2d0a317b914d36c7aaf
GET /genfiles/cms/1/desktop/promotions/wheelBet/wheel-external-md.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:02 GMT
content-type: image/webp
content-length: 43722
last-modified: Fri, 15 Dec 2023 11:22:27 GMT
etag: "01419e8765b9a2155475a1a4d5c5f050"
x-time-ng: 0.003
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2024-04-26T12:37:47+00:00
traceparent: 00-73cf35901e2cc69cb0fa86361c762d2f-666cd1998d517058-01
x-id: osix-hw-edge-gc4
cache: HIT, MISS
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/wheel-inner-sm.webp | 185.244.209.62 | | 8.6 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/wheel-inner-sm.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Hash732ba048fd5210acc34a16b9cb695a81 d5b729ae66784afcdf482904634152e23c9112bb ca91019b23d93d2a2c16ea5cf93b4ac60376c9dc40dad19bd2886cf185b4a6c5
GET /genfiles/cms/1/desktop/promotions/wheelBet/wheel-inner-sm.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:02 GMT
content-type: image/webp
content-length: 8550
last-modified: Wed, 15 Nov 2023 08:08:24 GMT
etag: "732ba048fd5210acc34a16b9cb695a81"
x-time-ng: 0.002
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2024-04-26T12:42:29+00:00
traceparent: 00-f5d76a4e8216ff0939bd162c98125a8a-350f192c4ac32284-01
x-id: osix-hw-edge-gc4
cache: HIT, MISS
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/wheel-inner.webp | 185.244.209.62 | | 14 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/wheel-inner.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Hashf502eacdec6ffdf0ddf5210a4999ac15 a78dfce0d1a01deb7b78bf1555e61690545fad6b d760731175f9c7bf1f5bd8c425fda80462c39e4586119370411e5485a97cc929
GET /genfiles/cms/1/desktop/promotions/wheelBet/wheel-inner.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:02 GMT
content-type: image/webp
content-length: 14290
last-modified: Wed, 15 Nov 2023 08:08:24 GMT
etag: "f502eacdec6ffdf0ddf5210a4999ac15"
x-time-ng: 0.002
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2024-04-26T12:45:06+00:00
traceparent: 00-8693a14d544f57e87b5144fb43b4f199-ea39f3a865d6904c-01
x-id: osix-hw-edge-gc4
cache: HIT, MISS
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/wheel-light-md.webp | 185.244.209.62 | | 17 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/wheel-light-md.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Hash386e2b6405329591c3528dc854b1bcd5 029f4b2de40e7f67778b3cdb020cb6fb2c88411b 9ae570ff70b272591fe9643cf539340c177db56599cc30b9ada0016d9e3fdd66
GET /genfiles/cms/1/desktop/promotions/wheelBet/wheel-light-md.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:02 GMT
content-type: image/webp
content-length: 17374
last-modified: Fri, 15 Dec 2023 11:22:27 GMT
etag: "386e2b6405329591c3528dc854b1bcd5"
x-time-ng: 0.049
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2024-04-26T12:42:29+00:00
traceparent: 00-bb4cd265c6c1fedc294a8bf99f6462b3-4f7b9e171b4e5cf8-01
x-id: osix-hw-edge-gc4
cache: HIT, MISS
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/wheel-btn.webp | 185.244.209.62 | | 4.1 kB |
URL v3.traincdn.com/genfiles/cms/1/desktop/promotions/wheelBet/wheel-btn.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Hash588f3b952822319125d8a21cb3e21469 4c46b0913dfb859fbfe3266b97ef65eea094dcaa afeee16776a05a2b85a4f244c582dcb1b096ba141f000627a7e1563160ecdbdc
GET /genfiles/cms/1/desktop/promotions/wheelBet/wheel-btn.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:02 GMT
content-type: image/webp
content-length: 4104
last-modified: Wed, 15 Nov 2023 08:08:28 GMT
etag: "588f3b952822319125d8a21cb3e21469"
x-time-ng: 0.002
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2024-04-26T13:13:32+00:00
traceparent: 00-65fac22d33900dfbfe07d6b217f69618-361d2c22e0d5e870-01
x-id: osix-hw-edge-gc4
cache: HIT, MISS
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-7V60YW2S5H&cid=1321333404.1714137601>m=45je44o0v893859730za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&z=1645719976 | 142.250.74.163 | | 42 B |
URL www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-7V60YW2S5H&cid=1321333404.1714137601>m=45je44o0v893859730za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&z=1645719976 IP142.250.74.163:0
File typeGIF image data, version 89a, 1 x 1 Hashd89746888da2d9510b64a9f031eaecd5 d5fceb6532643d0d84ffe09c40c481ecdf59e15a ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-7V60YW2S5H&cid=1321333404.1714137601>m=45je44o0v893859730za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&z=1645719976 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 26 Apr 2024 13:20:02 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| region1.analytics.google.com/g/collect?v=2&tid=G-7V60YW2S5H>m=45je44o0v893859730za200&_p=1714137600373&_gaz=1&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=1321333404.1714137601&ul=en-us&sr=1280x1024&pscdl=noapi&_s=1&sid=1714137601&sct=1&seg=0&dl=https%3A%2F%2F1xlite-660473.top%2Fpromo-frame%2Fen%2Fpromotion%2Fwheel-bet&dr=https%3A%2F%2F1xlite-660473.top%2Fen%2Fpromotions%2Fwheel-bet%3Ftag%3Dd_2757227m_18607c_%26pb%3Dfc40969f4a5547868aa12f11866bc762%26click_id%3DLGTNTzSTpCRrxnGhkthx77%26click_id%3DLGTNTzSTpCRrxnGhkthx77%26site_id%3Dfe627071%26partner_id%3D7f99719f-6df0-4574-8194-8edfe800f8f3%26r%3Dpromotions%2Fwheel-bet&dt=Site&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=2597 | 216.239.34.36 | | 0 B |
URL region1.analytics.google.com/g/collect?v=2&tid=G-7V60YW2S5H>m=45je44o0v893859730za200&_p=1714137600373&_gaz=1&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=1321333404.1714137601&ul=en-us&sr=1280x1024&pscdl=noapi&_s=1&sid=1714137601&sct=1&seg=0&dl=https%3A%2F%2F1xlite-660473.top%2Fpromo-frame%2Fen%2Fpromotion%2Fwheel-bet&dr=https%3A%2F%2F1xlite-660473.top%2Fen%2Fpromotions%2Fwheel-bet%3Ftag%3Dd_2757227m_18607c_%26pb%3Dfc40969f4a5547868aa12f11866bc762%26click_id%3DLGTNTzSTpCRrxnGhkthx77%26click_id%3DLGTNTzSTpCRrxnGhkthx77%26site_id%3Dfe627071%26partner_id%3D7f99719f-6df0-4574-8194-8edfe800f8f3%26r%3Dpromotions%2Fwheel-bet&dt=Site&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=2597 IP216.239.34.36:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-7V60YW2S5H>m=45je44o0v893859730za200&_p=1714137600373&_gaz=1&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=1321333404.1714137601&ul=en-us&sr=1280x1024&pscdl=noapi&_s=1&sid=1714137601&sct=1&seg=0&dl=https%3A%2F%2F1xlite-660473.top%2Fpromo-frame%2Fen%2Fpromotion%2Fwheel-bet&dr=https%3A%2F%2F1xlite-660473.top%2Fen%2Fpromotions%2Fwheel-bet%3Ftag%3Dd_2757227m_18607c_%26pb%3Dfc40969f4a5547868aa12f11866bc762%26click_id%3DLGTNTzSTpCRrxnGhkthx77%26click_id%3DLGTNTzSTpCRrxnGhkthx77%26site_id%3Dfe627071%26partner_id%3D7f99719f-6df0-4574-8194-8edfe800f8f3%26r%3Dpromotions%2Fwheel-bet&dt=Site&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=2597 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://1xlite-660473.top
date: Fri, 26 Apr 2024 13:20:02 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| 1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/aa6acd622b31a2a6ee8785b888acb885.json | 178.253.29.47 | 200 OK | 543 B |
URL GET HTTP/21xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/aa6acd622b31a2a6ee8785b888acb885.json IP178.253.29.47:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerLet's Encrypt Subject1xlite-660473.top FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT
Hash2f999350fc2eea344d910e8a01de406d bcfeaa8fadc7ca87115d7e36c955bd0df504b8ad c73c55fa3a522662241013a108e6043dd4cde3fbfa2be0ed4a4940582e26ed36
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/aa6acd622b31a2a6ee8785b888acb885.json HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/bonus/rules
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22LGTNTzSTpCRrxnGhkthx77%22%2C%22LGTNTzSTpCRrxnGhkthx77%22%5D%2C%22site_id%22%3A%22fe627071%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dL2YrqfphP8hOAwd8Ag==; SESSION=997daf28e246f35f35cb31ed95423e4f; window_width=0; che_g=4045b7df-70e6-5400-0d3c-1295ada68e8d; application_locale=en; sh.session.id=e6d0cf13-9326-4e99-bacf-224d824cbf68; _ga_7V60YW2S5H=GS1.1.1714137601.1.0.1714137601.60.0.0; _ga=GA1.1.1321333404.1714137601
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:02 GMT
content-type: application/json
content-length: 543
last-modified: Thu, 29 Feb 2024 14:14:28 GMT
etag: "2f999350fc2eea344d910e8a01de406d"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.016
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/392fdb004d073448b345d2db7414a498.json | 178.253.29.47 | 200 OK | 822 B |
URL GET HTTP/21xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/392fdb004d073448b345d2db7414a498.json IP178.253.29.47:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerLet's Encrypt Subject1xlite-660473.top FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT
Hashbe781196159e458a9a157a93f6981363 54b5bb6ddb54aefb6dc1eeeab89afdf48079e959 71bf1763541ee0d4298863f03c291b09029668d448e8077518717b8810ac910f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/392fdb004d073448b345d2db7414a498.json HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/bonus/rules
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22LGTNTzSTpCRrxnGhkthx77%22%2C%22LGTNTzSTpCRrxnGhkthx77%22%5D%2C%22site_id%22%3A%22fe627071%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dL2YrqfphP8hOAwd8Ag==; SESSION=997daf28e246f35f35cb31ed95423e4f; window_width=0; che_g=4045b7df-70e6-5400-0d3c-1295ada68e8d; application_locale=en; sh.session.id=e6d0cf13-9326-4e99-bacf-224d824cbf68; _ga_7V60YW2S5H=GS1.1.1714137601.1.0.1714137601.60.0.0; _ga=GA1.1.1321333404.1714137601
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:02 GMT
content-type: application/json
content-length: 822
last-modified: Mon, 08 Apr 2024 09:13:00 GMT
etag: "be781196159e458a9a157a93f6981363"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.016
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/e06c9d6a2655d78a28144abe88798172.json | 178.253.29.47 | 200 OK | 499 B |
URL GET HTTP/21xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/e06c9d6a2655d78a28144abe88798172.json IP178.253.29.47:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerLet's Encrypt Subject1xlite-660473.top FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT
Hashe3d17d66f9e675ca9273e04470203275 e676da597ad577652921e9af98e79b986ec158ae 5c26acb3823aedc062268da24385061135d42171888bb5f5a0a8f63ba09c67d2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/e06c9d6a2655d78a28144abe88798172.json HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/bonus/rules
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22LGTNTzSTpCRrxnGhkthx77%22%2C%22LGTNTzSTpCRrxnGhkthx77%22%5D%2C%22site_id%22%3A%22fe627071%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dL2YrqfphP8hOAwd8Ag==; SESSION=997daf28e246f35f35cb31ed95423e4f; window_width=0; che_g=4045b7df-70e6-5400-0d3c-1295ada68e8d; application_locale=en; sh.session.id=e6d0cf13-9326-4e99-bacf-224d824cbf68; _ga_7V60YW2S5H=GS1.1.1714137601.1.0.1714137601.60.0.0; _ga=GA1.1.1321333404.1714137601
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:02 GMT
content-type: application/json
content-length: 499
last-modified: Mon, 05 Jun 2023 14:13:26 GMT
etag: "e3d17d66f9e675ca9273e04470203275"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.015
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/aecbb538226cb01dc9a85286edcff171.json | 178.253.29.47 | 200 OK | 182 B |
URL GET HTTP/21xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/aecbb538226cb01dc9a85286edcff171.json IP178.253.29.47:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerLet's Encrypt Subject1xlite-660473.top FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT
Hashe4c69ca8e3916987138c95a26642f53a 411149ef1233c191122618916dc7fa4965a30f7c 9bbbe99b83a20d3d0bd65ab0b343de560c6d437a74a4835786bbd6a58bb0e08e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/aecbb538226cb01dc9a85286edcff171.json HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/bonus/rules
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22LGTNTzSTpCRrxnGhkthx77%22%2C%22LGTNTzSTpCRrxnGhkthx77%22%5D%2C%22site_id%22%3A%22fe627071%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dL2YrqfphP8hOAwd8Ag==; SESSION=997daf28e246f35f35cb31ed95423e4f; window_width=0; che_g=4045b7df-70e6-5400-0d3c-1295ada68e8d; application_locale=en; sh.session.id=e6d0cf13-9326-4e99-bacf-224d824cbf68; _ga_7V60YW2S5H=GS1.1.1714137601.1.0.1714137601.60.0.0; _ga=GA1.1.1321333404.1714137601
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:02 GMT
content-type: application/json
content-length: 182
last-modified: Tue, 11 Apr 2023 17:53:40 GMT
etag: "e4c69ca8e3916987138c95a26642f53a"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.015
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/bd0cfa10966f2d8720b2c5663287c9e0.json | 178.253.29.47 | 200 OK | 958 B |
URL GET HTTP/21xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/bd0cfa10966f2d8720b2c5663287c9e0.json IP178.253.29.47:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerLet's Encrypt Subject1xlite-660473.top FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT
Hash24ec1c171afe6836881e2fba1ed559a0 588a08d22de446d484f8f51402994f37ff2527c2 a0c14f5476683e6eb7381c1820c0e914c02911ab9d24170e61548e661017f96f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/bd0cfa10966f2d8720b2c5663287c9e0.json HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/bonus/rules
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22LGTNTzSTpCRrxnGhkthx77%22%2C%22LGTNTzSTpCRrxnGhkthx77%22%5D%2C%22site_id%22%3A%22fe627071%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dL2YrqfphP8hOAwd8Ag==; SESSION=997daf28e246f35f35cb31ed95423e4f; window_width=0; che_g=4045b7df-70e6-5400-0d3c-1295ada68e8d; application_locale=en; sh.session.id=e6d0cf13-9326-4e99-bacf-224d824cbf68; _ga_7V60YW2S5H=GS1.1.1714137601.1.0.1714137601.60.0.0; _ga=GA1.1.1321333404.1714137601
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:02 GMT
content-type: application/json
content-length: 958
last-modified: Tue, 18 Apr 2023 10:33:32 GMT
etag: "24ec1c171afe6836881e2fba1ed559a0"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.015
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/deee851bab70137a6ff846c91be5a425.json | 178.253.29.47 | 200 OK | 184 B |
URL GET HTTP/21xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/deee851bab70137a6ff846c91be5a425.json IP178.253.29.47:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerLet's Encrypt Subject1xlite-660473.top FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT
Hash36777c63209967831ddd2926e229b69b 7a59de3bd5fd0406a1becbd4fc6bdb49a996a0fa c2087429233dc14f1ad96cf9b7d1f4ecf0f32fabab7fc37999644a488d10dbc2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/deee851bab70137a6ff846c91be5a425.json HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/bonus/rules
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22LGTNTzSTpCRrxnGhkthx77%22%2C%22LGTNTzSTpCRrxnGhkthx77%22%5D%2C%22site_id%22%3A%22fe627071%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dL2YrqfphP8hOAwd8Ag==; SESSION=997daf28e246f35f35cb31ed95423e4f; window_width=0; che_g=4045b7df-70e6-5400-0d3c-1295ada68e8d; application_locale=en; sh.session.id=e6d0cf13-9326-4e99-bacf-224d824cbf68; _ga_7V60YW2S5H=GS1.1.1714137601.1.0.1714137601.60.0.0; _ga=GA1.1.1321333404.1714137601
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:02 GMT
content-type: application/json
content-length: 184
last-modified: Thu, 09 Nov 2023 06:22:56 GMT
etag: "36777c63209967831ddd2926e229b69b"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.015
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 1xlite-660473.top/bonus-api/category?currency=NOK&language=en | 178.253.29.47 | 200 OK | 387 B |
URL GET HTTP/21xlite-660473.top/bonus-api/category?currency=NOK&language=en IP178.253.29.47:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerLet's Encrypt Subject1xlite-660473.top FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT
Hash8ec12807e20d04415b577d36b6ade9e7 e76d2f9a22e9aa0d82238039ecdfa070bc2c0849 af862004a1cd5475f9da3519dd75dc54b871797e0ed59fed4c839dce1fd9332a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /bonus-api/category?currency=NOK&language=en HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/bonus/rules
content-type: application/json
x-requested-with: XMLHttpRequest
is-srv: false
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22LGTNTzSTpCRrxnGhkthx77%22%2C%22LGTNTzSTpCRrxnGhkthx77%22%5D%2C%22site_id%22%3A%22fe627071%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dL2YrqfphP8hOAwd8Ag==; SESSION=997daf28e246f35f35cb31ed95423e4f; window_width=0; che_g=4045b7df-70e6-5400-0d3c-1295ada68e8d; application_locale=en; sh.session.id=e6d0cf13-9326-4e99-bacf-224d824cbf68; _ga_7V60YW2S5H=GS1.1.1714137601.1.0.1714137601.60.0.0; _ga=GA1.1.1321333404.1714137601
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:03 GMT
content-type: application/json
content-length: 387
cache-control: no-cache, private
server-timing: p;dur=141.31498336792, dt_total;dur=162.194, wf-uht;dur=0.178
traceparent: 00-7978861b9dbf815ccc6c62a55730878f-c44bfb30d82d5484-01
x-dt: 285
x-request-id: 1898bae16662acb4e197b80c7696f564
x-time-ng: 0.152
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2
|
|
| 1xlite-660473.top/seo-module-api/api/v1/title?group_id=285&ref_id=1&url=https:%2F%2F1xlite-660473.top%2Fen%2Fbonus%2Frules&geo=no&language=en&domain=1xlite-660473.top&timezone=2&stream=bonus§ion=rules&ref[id]=1&project[id]=285 | 178.253.29.47 | 200 OK | 117 B |
URL GET HTTP/21xlite-660473.top/seo-module-api/api/v1/title?group_id=285&ref_id=1&url=https:%2F%2F1xlite-660473.top%2Fen%2Fbonus%2Frules&geo=no&language=en&domain=1xlite-660473.top&timezone=2&stream=bonus§ion=rules&ref[id]=1&project[id]=285 IP178.253.29.47:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerLet's Encrypt Subject1xlite-660473.top FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT
Hash278a34e9f2663ceff03b36033c61dc7d ebae51cf995f9ad7addfd1eef67366d7ecd451a3 31d565fc97d873336ff3daffb5644c539849168a1ce1bf06913ea696cb796707
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /seo-module-api/api/v1/title?group_id=285&ref_id=1&url=https:%2F%2F1xlite-660473.top%2Fen%2Fbonus%2Frules&geo=no&language=en&domain=1xlite-660473.top&timezone=2&stream=bonus§ion=rules&ref[id]=1&project[id]=285 HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/bonus/rules
content-type: application/json
x-requested-with: XMLHttpRequest
x-geoip2-country-code: ru
sub-request-id: 222b7d232fd84eaab27070bdeea09eec
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22LGTNTzSTpCRrxnGhkthx77%22%2C%22LGTNTzSTpCRrxnGhkthx77%22%5D%2C%22site_id%22%3A%22fe627071%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dL2YrqfphP8hOAwd8Ag==; SESSION=997daf28e246f35f35cb31ed95423e4f; window_width=0; che_g=4045b7df-70e6-5400-0d3c-1295ada68e8d; application_locale=en; sh.session.id=e6d0cf13-9326-4e99-bacf-224d824cbf68; _ga_7V60YW2S5H=GS1.1.1714137601.1.0.1714137601.60.0.0; _ga=GA1.1.1321333404.1714137601
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:03 GMT
content-type: application/json
content-length: 117
cache-control: max-age=1200, must-revalidate, public, s-maxage=1800, stale-if-error=86400, stale-while-revalidate=300
x-content-digest: en15023e35d12b182ce6b6717edf0de8cb
age: 0
x-request-id: adb07abab76a0d428ce1e92fb9f3dd80
x-request-guid: adb07abab76a0d428ce1e92fb9f3dd80
x-time-ng: 0.014
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: p;dur=13.077020645142, wf-uht;dur=0.031
X-Firefox-Spdy: h2
|
|
| 1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/b588fb81207704b9bc3e220b71966696.json | 178.253.29.47 | 200 OK | 5.6 kB |
URL GET HTTP/21xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/b588fb81207704b9bc3e220b71966696.json IP178.253.29.47:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerLet's Encrypt Subject1xlite-660473.top FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT
Hash82be680bc6bd32b65cef0e3bda368678 5f5ac335405d9c792b43b6aee8d5ab64ac42e5ba 12800d3ad8e368dc1541e334f8f6f669549da16f62b4dae2ebb9929bd88322c7
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/b588fb81207704b9bc3e220b71966696.json HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/bonus/rules
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22LGTNTzSTpCRrxnGhkthx77%22%2C%22LGTNTzSTpCRrxnGhkthx77%22%5D%2C%22site_id%22%3A%22fe627071%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dL2YrqfphP8hOAwd8Ag==; SESSION=997daf28e246f35f35cb31ed95423e4f; window_width=0; che_g=4045b7df-70e6-5400-0d3c-1295ada68e8d; application_locale=en; sh.session.id=e6d0cf13-9326-4e99-bacf-224d824cbf68; _ga_7V60YW2S5H=GS1.1.1714137601.1.0.1714137601.60.0.0; _ga=GA1.1.1321333404.1714137601
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:02 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Mon, 30 Oct 2023 14:20:28 GMT
etag: W/"82be680bc6bd32b65cef0e3bda368678"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.016
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-icons/1.0.330/285/common.svg | 185.244.209.62 | 200 OK | 109 kB |
URL GET HTTP/2v3.traincdn.com/sys-icons/1.0.330/285/common.svg IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typegzip compressed data, max speed, from Unix Size109 kB (109137 bytes) Hash2326a46cbe393795876d4041f4927d58 99d90948bebf61ef84ad3fa6f670333f59188c3e fcfdcaabf00af0f247d9b5d3504b27161b1ebb03dc3d330efcccbe92c4309c72
GET /sys-icons/1.0.330/285/common.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:03 GMT
content-type: image/svg+xml
last-modified: Tue, 16 Apr 2024 09:41:01 GMT
etag: W/"7bf3e9e7d79beac942f5e7748a3af2e6"
x-amz-meta-mtime: 1713260458.134664491
content-encoding: gzip
expires: Fri, 19 Apr 2024 12:42:12 GMT
cache-control: max-age=86400
x-time-ng: 0.001
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-872636f2d8361cac7253db695ecd65a7-33793aca6dd98d6f-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-18T12:42:12+00:00, 2024-04-25T13:53:27+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-660473.top/static-promotion/desktop/default/45eeeab6.modern.js | 178.253.29.47 | | 20 kB |
URL 1xlite-660473.top/static-promotion/desktop/default/45eeeab6.modern.js IP178.253.29.47:0 ASN#202492 Silverhill Group Holding Ltd
CertificateIssuerLet's Encrypt Subject1xlite-660473.top FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT
File typeJavaScript source, ASCII text, with very long lines (8953), with no line terminators Hash320757f7418bcd7111bfd01447c3bd14 dbaaacb1a83da0fbaf0eb2dd0e294589b4b820cd 8cd950119c27ba69d2e1fbc1a6384a78df5e2fbc34ae76cbb76c2f1cecc42ecf
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /static-promotion/desktop/default/45eeeab6.modern.js HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/promo-frame/en/promotion/wheel-bet
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22LGTNTzSTpCRrxnGhkthx77%22%2C%22LGTNTzSTpCRrxnGhkthx77%22%5D%2C%22site_id%22%3A%22fe627071%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dL2YrqfphP8hOAwd8Ag==; SESSION=997daf28e246f35f35cb31ed95423e4f; window_width=1280; che_g=4045b7df-70e6-5400-0d3c-1295ada68e8d; application_locale=en; sh.session.id=e6d0cf13-9326-4e99-bacf-224d824cbf68
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:19:58 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 26 Apr 2024 11:19:41 GMT
vary: Accept-Encoding
etag: W/"662b8dcd-22f9"
expires: Sat, 27 Apr 2024 13:19:58 GMT
cache-control: max-age=86400
content-encoding: br
x-time-ng: 0.000, 0.003
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.020
X-Firefox-Spdy: h2
|
|
| 1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/a01e05cae2f5087d31e3dd580b8c1ce3.json | 178.253.29.47 | 200 OK | 178 kB |
URL GET HTTP/21xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/a01e05cae2f5087d31e3dd580b8c1ce3.json IP178.253.29.47:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerLet's Encrypt Subject1xlite-660473.top FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT
Size178 kB (178402 bytes) Hash5f6393bd6febc268d33cb235c7eec194 819eb4409582bcea038e527fd5859dde2d13e0e7 9ae42c0a8d88add1a2d54faab5d819c619cb2a2a1eec7595fe1029a91449efb0
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/a01e05cae2f5087d31e3dd580b8c1ce3.json HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/bonus/rules
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22LGTNTzSTpCRrxnGhkthx77%22%2C%22LGTNTzSTpCRrxnGhkthx77%22%5D%2C%22site_id%22%3A%22fe627071%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dL2YrqfphP8hOAwd8Ag==; SESSION=997daf28e246f35f35cb31ed95423e4f; window_width=0; che_g=4045b7df-70e6-5400-0d3c-1295ada68e8d; application_locale=en; sh.session.id=e6d0cf13-9326-4e99-bacf-224d824cbf68; _ga_7V60YW2S5H=GS1.1.1714137601.1.0.1714137601.60.0.0; _ga=GA1.1.1321333404.1714137601
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:02 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Tue, 14 Nov 2023 06:21:55 GMT
etag: W/"5f6393bd6febc268d33cb235c7eec194"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.016
X-Firefox-Spdy: h2
|
|
| 1xlite-660473.top/web-api/external-api/promotions/wheel-bet | 178.253.29.47 | | 44 kB |
URL 1xlite-660473.top/web-api/external-api/promotions/wheel-bet IP178.253.29.47:0 ASN#202492 Silverhill Group Holding Ltd
CertificateIssuerLet's Encrypt Subject1xlite-660473.top FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT
Hash99914b932bd37a50b983c5e7c90ae93b bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /web-api/external-api/promotions/wheel-bet HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/promo-frame/en/promotion/wheel-bet
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22LGTNTzSTpCRrxnGhkthx77%22%2C%22LGTNTzSTpCRrxnGhkthx77%22%5D%2C%22site_id%22%3A%22fe627071%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dL2YrqfphP8hOAwd8Ag==; SESSION=997daf28e246f35f35cb31ed95423e4f; window_width=0; che_g=4045b7df-70e6-5400-0d3c-1295ada68e8d; application_locale=en; sh.session.id=e6d0cf13-9326-4e99-bacf-224d824cbf68
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 403 Forbidden
server: nginx
date: Fri, 26 Apr 2024 13:20:02 GMT
content-type: application/json
cache-control: no-cache, private
content-encoding: br
server-timing: p;dur=33, dt_total;dur=34.726
traceparent: 00-f5c240e0d533fa5d9a65c718d70e7336-972b041df491aaef-01
vary: Accept-Encoding
x-dt: 285
x-time-ng: 0.035
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2
|
|
| 1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/eaefb9b599e73fcd7b27912e999283fe.json | 178.253.29.47 | 200 OK | 524 B |
URL GET HTTP/21xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/eaefb9b599e73fcd7b27912e999283fe.json IP178.253.29.47:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerLet's Encrypt Subject1xlite-660473.top FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT
Hashdfe0c8d8abf7084df9e624f1f4065e59 6cbd38545e7ff3ee00aca5c80f5eb9847da631b5 e596939ede2be48722c636d78de1ec21e3ab6b65a7d86044ea2cff3fe3e8897f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/eaefb9b599e73fcd7b27912e999283fe.json HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/bonus/rules
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22LGTNTzSTpCRrxnGhkthx77%22%2C%22LGTNTzSTpCRrxnGhkthx77%22%5D%2C%22site_id%22%3A%22fe627071%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dL2YrqfphP8hOAwd8Ag==; SESSION=997daf28e246f35f35cb31ed95423e4f; window_width=0; che_g=4045b7df-70e6-5400-0d3c-1295ada68e8d; application_locale=en; sh.session.id=e6d0cf13-9326-4e99-bacf-224d824cbf68; _ga_7V60YW2S5H=GS1.1.1714137601.1.0.1714137601.60.0.0; _ga=GA1.1.1321333404.1714137601
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:02 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Fri, 26 Apr 2024 11:48:47 GMT
etag: W/"dfe0c8d8abf7084df9e624f1f4065e59"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.015
X-Firefox-Spdy: h2
|
|
| 1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/af2e2c975cf016bc339c96b6992e1e47.json | 178.253.29.47 | 200 OK | 57 kB |
URL GET HTTP/21xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/af2e2c975cf016bc339c96b6992e1e47.json IP178.253.29.47:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerLet's Encrypt Subject1xlite-660473.top FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT
Hashb0a50f5239a6ca38097f89684eae43e4 9610ba54f85b3199d09ccbaf5c3439cff43bf28a 5f96d5a91935d8a7f975d433db80afb8a995edc61ad2d8cbb0161b80dc7aec56
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/af2e2c975cf016bc339c96b6992e1e47.json HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/bonus/rules
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22LGTNTzSTpCRrxnGhkthx77%22%2C%22LGTNTzSTpCRrxnGhkthx77%22%5D%2C%22site_id%22%3A%22fe627071%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dL2YrqfphP8hOAwd8Ag==; SESSION=997daf28e246f35f35cb31ed95423e4f; window_width=0; che_g=4045b7df-70e6-5400-0d3c-1295ada68e8d; application_locale=en; sh.session.id=e6d0cf13-9326-4e99-bacf-224d824cbf68; _ga_7V60YW2S5H=GS1.1.1714137601.1.0.1714137601.60.0.0; _ga=GA1.1.1321333404.1714137601
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:02 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Fri, 12 May 2023 15:17:16 GMT
etag: W/"b0a50f5239a6ca38097f89684eae43e4"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.015
X-Firefox-Spdy: h2
|
|
| 1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/7ed46ee2457f0198b31a2f0e27129049.json | 178.253.29.47 | 200 OK | 86 kB |
URL GET HTTP/21xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/7ed46ee2457f0198b31a2f0e27129049.json IP178.253.29.47:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerLet's Encrypt Subject1xlite-660473.top FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT
Hashf117f2ecd3a10db0e2d79159b68fcf2f c3477f016b8a8001b765835b30c64ef6f6a37c95 59d4508907da1d618732422129b741f7288c7b344d0d0d6236f16e16c0bc257d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/7ed46ee2457f0198b31a2f0e27129049.json HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/bonus/rules
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22LGTNTzSTpCRrxnGhkthx77%22%2C%22LGTNTzSTpCRrxnGhkthx77%22%5D%2C%22site_id%22%3A%22fe627071%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dL2YrqfphP8hOAwd8Ag==; SESSION=997daf28e246f35f35cb31ed95423e4f; window_width=0; che_g=4045b7df-70e6-5400-0d3c-1295ada68e8d; application_locale=en; sh.session.id=e6d0cf13-9326-4e99-bacf-224d824cbf68; _ga_7V60YW2S5H=GS1.1.1714137601.1.0.1714137601.60.0.0; _ga=GA1.1.1321333404.1714137601
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:02 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Mon, 26 Jun 2023 07:10:34 GMT
etag: W/"f117f2ecd3a10db0e2d79159b68fcf2f"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.015
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/bonus-cms/jg5PV_YdYioJAU_-6Y2q-61NVnwVkPXm/315x250.jpg | 185.244.209.62 | 200 OK | 47 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/bonus-cms/jg5PV_YdYioJAU_-6Y2q-61NVnwVkPXm/315x250.jpg IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJPEG image data, progressive, precision 8, 315x250, components 3 Hash216a38d79f9477b9511e8d6e833776c5 c815c57cfd39b9c878cf00fba194565e2f9d83e2 57cbedf6644066e605c780a59efd060413a8a464ff8531fd9334dcd58a2a1658
GET /genfiles/bonus-cms/jg5PV_YdYioJAU_-6Y2q-61NVnwVkPXm/315x250.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:03 GMT
content-type: image/jpeg
content-length: 47326
last-modified: Sat, 13 Jan 2024 19:54:13 GMT
etag: "216a38d79f9477b9511e8d6e833776c5"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2024-01-14T13:18:00+00:00
traceparent: 00-65c87f068a54149cd43d9c9216bcdaa0-57b0fe37a1cecb27-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/bonus-cms/LFICyFaKYJ6xVbTBwk-hRRtuo8QrCKg1/lucky-day.jpg | 185.244.209.62 | 200 OK | 36 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/bonus-cms/LFICyFaKYJ6xVbTBwk-hRRtuo8QrCKg1/lucky-day.jpg IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJPEG image data, progressive, precision 8, 315x250, components 3 Hash614ead8843cf1cfb90fbdfddd277e4a7 94da7323883caa97dc9221cd66c42386ce8027fa 5673d066c858edeb67f5a1ec3f94cc56e263b98b954e1aa045980f785c617c0c
GET /genfiles/bonus-cms/LFICyFaKYJ6xVbTBwk-hRRtuo8QrCKg1/lucky-day.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:03 GMT
content-type: image/jpeg
content-length: 35577
last-modified: Thu, 04 Apr 2024 12:21:49 GMT
etag: "614ead8843cf1cfb90fbdfddd277e4a7"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2024-04-15T10:14:10+00:00
traceparent: 00-8650d0ece191828e0f2f455565967b2c-1315540da4845c6f-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/1st/1-137.jpg | 185.244.209.62 | 404 Not Found | 118 B |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/1st/1-137.jpg IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeHTML document, ASCII text, with CRLF line terminators Hashb58d632409efb03916cfef3229576c55 c2fb66483c899f427b0354d52b080ce8bb6b47c4 b0b0fadb436530e81236a3d97058fc501d732eb24768845c5e97ac8ac3c32176
GET /genfiles/cms/1-285/desktop/bonus/rules/1st/1-137.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Fri, 26 Apr 2024 13:20:03 GMT
content-type: text/html; charset=utf-8
content-length: 118
strict-transport-security: max-age=15724800; includeSubDomains
x-id-shield: am3-hw-edge-gc88
traceparent: 00-1f8fbdcd7f627920675b56faf8908878-6c510a466b464f73-01
x-id: osix-hw-edge-gc4
cache: MISS, MISS
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/slot-first-deposit.jpg | 185.244.209.62 | 200 OK | 46 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/slot-first-deposit.jpg IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJPEG image data, progressive, precision 8, 315x250, components 3 Hashbcd6f81e0f43cbcff60824bb657a8a78 f46f12f28645287c84ea4ada1b287461c54df69e 1575c46481e4e1eb7ad439a451ef4af705a1084196766db5aca4d47790fff484
GET /genfiles/cms/1-285/desktop/bonus/rules/slot-first-deposit.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:03 GMT
content-type: image/jpg
content-length: 45630
last-modified: Tue, 11 Apr 2023 17:52:48 GMT
etag: "bcd6f81e0f43cbcff60824bb657a8a78"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2024-04-15T20:42:36+00:00
traceparent: 00-fe5eb5e13523cffcac95df012174fe98-8d377ea2b6d77359-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/2903bfe80b6e7c82e302d5e50a0c0a15.json | 178.253.29.47 | 200 OK | 36 kB |
URL GET HTTP/21xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/2903bfe80b6e7c82e302d5e50a0c0a15.json IP178.253.29.47:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerLet's Encrypt Subject1xlite-660473.top FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT
Hash4ceca6711e35f002e5d82e7e710000c1 1bd282f8a354b362b4a860ef3fa2fb915f9211a8 cbb3ecf2ae1465a5d387c3e4582a5bafa1368c96db6ad3cdef0951a363dd9f0d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/2903bfe80b6e7c82e302d5e50a0c0a15.json HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/bonus/rules
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22LGTNTzSTpCRrxnGhkthx77%22%2C%22LGTNTzSTpCRrxnGhkthx77%22%5D%2C%22site_id%22%3A%22fe627071%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dL2YrqfphP8hOAwd8Ag==; SESSION=997daf28e246f35f35cb31ed95423e4f; window_width=0; che_g=4045b7df-70e6-5400-0d3c-1295ada68e8d; application_locale=en; sh.session.id=e6d0cf13-9326-4e99-bacf-224d824cbf68; _ga_7V60YW2S5H=GS1.1.1714137601.1.0.1714137601.60.0.0; _ga=GA1.1.1321333404.1714137601
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:02 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Thu, 04 Apr 2024 06:25:42 GMT
etag: W/"4ceca6711e35f002e5d82e7e710000c1"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.015
X-Firefox-Spdy: h2
|
|
| 1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/9ca5a248842d90707684710c016ea5d2.json | 178.253.29.47 | 200 OK | 92 kB |
URL GET HTTP/21xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/9ca5a248842d90707684710c016ea5d2.json IP178.253.29.47:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerLet's Encrypt Subject1xlite-660473.top FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT
Hasha60fb63e7c35ba8cdb1d0851ff960b1b eced63a14d178fbb15f60fcc61e97bc8cfc3fb98 2ddc5a56c47ad52370f349a00393b0cfd6385b858a1f9df75a4e0b39e0a06d53
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/9ca5a248842d90707684710c016ea5d2.json HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/bonus/rules
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22LGTNTzSTpCRrxnGhkthx77%22%2C%22LGTNTzSTpCRrxnGhkthx77%22%5D%2C%22site_id%22%3A%22fe627071%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dL2YrqfphP8hOAwd8Ag==; SESSION=997daf28e246f35f35cb31ed95423e4f; window_width=0; che_g=4045b7df-70e6-5400-0d3c-1295ada68e8d; application_locale=en; sh.session.id=e6d0cf13-9326-4e99-bacf-224d824cbf68; _ga_7V60YW2S5H=GS1.1.1714137601.1.0.1714137601.60.0.0; _ga=GA1.1.1321333404.1714137601
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:02 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Wed, 13 Dec 2023 14:46:07 GMT
etag: W/"a60fb63e7c35ba8cdb1d0851ff960b1b"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.015
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/goalless-football.jpg | 185.244.209.62 | 200 OK | 19 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/goalless-football.jpg IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), default quality", baseline, precision 8, 315x250, components 3 Hash0f36034db1925bb32ff860a66341a87d a9c5c19e733689fc6a9631ff925412c5c78143b0 5766090aff83c3581ef54766d04e3bbb1ecdc2cbc4f7f29b28795432cb1aee37
GET /genfiles/cms/1-285/desktop/bonus/rules/goalless-football.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:03 GMT
content-type: image/jpeg
content-length: 19116
last-modified: Wed, 06 Sep 2023 08:29:12 GMT
etag: "0f36034db1925bb32ff860a66341a87d"
x-time-ng: 0.001
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2024-04-15T20:49:53+00:00
traceparent: 00-a8cd87f671bedc72a59b5a5c41a392c9-23f9564eee4a287b-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/4248ac2021dc04c1d42b10d68aca3b11.json | 178.253.29.47 | 200 OK | 56 kB |
URL GET HTTP/21xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/4248ac2021dc04c1d42b10d68aca3b11.json IP178.253.29.47:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerLet's Encrypt Subject1xlite-660473.top FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT
Hash5696ef1b371a34f9ef6d91bde17f66e7 888943f8c4faf3a9f29cf2fd2933cefa6c01b24f ada4a21a08ddf6bb03d39fcf39bb6c5d988f6697479abffc92096a157064b2af
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/4248ac2021dc04c1d42b10d68aca3b11.json HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2Fwheel-bet
content-type: application/json
x-requested-with: XMLHttpRequest
is-srv: false
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22LGTNTzSTpCRrxnGhkthx77%22%2C%22LGTNTzSTpCRrxnGhkthx77%22%5D%2C%22site_id%22%3A%22fe627071%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dL2YrqfphP8hOAwd8Ag==; SESSION=997daf28e246f35f35cb31ed95423e4f; window_width=0; che_g=4045b7df-70e6-5400-0d3c-1295ada68e8d; application_locale=en; sh.session.id=e6d0cf13-9326-4e99-bacf-224d824cbf68; _ga_7V60YW2S5H=GS1.1.1714137601.1.0.1714137601.60.0.0; _ga=GA1.1.1321333404.1714137601
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:02 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Thu, 04 Apr 2024 11:33:40 GMT
etag: W/"5696ef1b371a34f9ef6d91bde17f66e7"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.015
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/promo-no-risk-bet.jpg | 185.244.209.62 | 200 OK | 67 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/promo-no-risk-bet.jpg IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 315x250, components 3 Hash86748df85b6192deb0227f7fbb0ec839 64583932cc49d07154f426a891e30e4b62af4180 f3129520ed673024f8c76bf85424691c18d3a3c844f6ca642fc542d98bfa7ffa
GET /genfiles/cms/1-285/desktop/bonus/rules/promo-no-risk-bet.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:03 GMT
content-type: image/jpeg
content-length: 67312
last-modified: Tue, 11 Apr 2023 17:52:46 GMT
etag: "86748df85b6192deb0227f7fbb0ec839"
x-time-ng: 0.002
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2024-04-15T20:42:36+00:00
traceparent: 00-e69b34982f8927cd38629140ef65f4f8-3a4226d1c559e0ee-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/blaugrana-crew.jpg | 185.244.209.62 | 200 OK | 92 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/blaugrana-crew.jpg IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJPEG image data, progressive, precision 8, 315x250, components 3 Hash84abd47f4cf44e9163e19d441d0fb8ad 87e3871077d3487223c059812a04c21edd38a33c 99834bcfc7c1f2ff3995cf75ada73478b20ec490713c9e8ccf07ba26c10975bb
GET /genfiles/cms/1-285/desktop/bonus/rules/blaugrana-crew.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:03 GMT
content-type: image/jpeg
content-length: 92498
last-modified: Mon, 02 Oct 2023 07:53:39 GMT
etag: "84abd47f4cf44e9163e19d441d0fb8ad"
x-time-ng: 0.002
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2024-04-15T20:42:36+00:00
traceparent: 00-8cb92a37b9d6bfa418cefc539ce5c50d-cc09243815c3a583-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/56fc6e674daa655b283b3497c88a92cb.json | 178.253.29.47 | 200 OK | 22 kB |
URL GET HTTP/21xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/56fc6e674daa655b283b3497c88a92cb.json IP178.253.29.47:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerLet's Encrypt Subject1xlite-660473.top FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT
Hashe5e68fdba731c76ec0a416e7799cf4f9 b8b3233ff91489cdd2ad056073cfd625bd4715a5 a7221bf33f5f39552a192e8357d466bd30b0530bddc89aad0d35de565a26b6df
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/56fc6e674daa655b283b3497c88a92cb.json HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2Fwheel-bet
content-type: application/json
x-requested-with: XMLHttpRequest
is-srv: false
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22LGTNTzSTpCRrxnGhkthx77%22%2C%22LGTNTzSTpCRrxnGhkthx77%22%5D%2C%22site_id%22%3A%22fe627071%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dL2YrqfphP8hOAwd8Ag==; SESSION=997daf28e246f35f35cb31ed95423e4f; window_width=0; che_g=4045b7df-70e6-5400-0d3c-1295ada68e8d; application_locale=en; sh.session.id=e6d0cf13-9326-4e99-bacf-224d824cbf68; _ga_7V60YW2S5H=GS1.1.1714137601.1.0.1714137601.60.0.0; _ga=GA1.1.1321333404.1714137601
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:02 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Tue, 11 Apr 2023 17:53:23 GMT
etag: W/"e5e68fdba731c76ec0a416e7799cf4f9"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.015
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-ui/3.2.3/Desktop/Default/client.css | 185.244.209.62 | 200 OK | 220 kB |
URL GET HTTP/2v3.traincdn.com/sys-ui/3.2.3/Desktop/Default/client.css IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typegzip compressed data, max speed, from Unix Size220 kB (219789 bytes) Hash1e82c2092cab473ceb8a35a06a58014d 86845189074daf6b732dd553c72a2de8e7dc52d5 1076657e560c5d838bc0ac28b102b83aaba297cd1e1c12a2fd646bb2cb993ef9
GET /sys-ui/3.2.3/Desktop/Default/client.css HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:19:55 GMT
content-type: text/css; charset=utf-8
last-modified: Fri, 19 Apr 2024 10:53:25 GMT
etag: W/"64d292a033c097211f9f4c21ffbcb2b0"
x-amz-meta-mtime: 1713523729.13591556
content-encoding: gzip
expires: Wed, 24 Apr 2024 12:54:48 GMT
cache-control: max-age=86400
x-time-ng: 0.003
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-57cb1491d73f88ff437e15ab3666d293-4f7a2f7d0de64527-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-23T12:54:48+00:00, 2024-04-25T13:45:09+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/promo-store.webp | 185.244.209.62 | 200 OK | 22 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/promo-store.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 315x250, Scaling: [none]x[none], YUV color, decoders should clamp Hash376807f6eceb28fcc2624716e09fbbd9 baf70080537063c8b9df5d817edd6f97d2b66a37 66ccd156391c11311536fe220c908a69687ae95701c6ae2a24e139938dcb70e7
GET /genfiles/cms/1-285/desktop/bonus/rules/promo-store.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:03 GMT
content-type: image/webp
content-length: 22354
last-modified: Tue, 16 May 2023 09:09:04 GMT
etag: "376807f6eceb28fcc2624716e09fbbd9"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-cf9fe2a1cc73876daa49cfbdd08e51b2-f154c3a6a9df6330-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T08:27:23+00:00, 2024-04-26T13:11:45+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/d2dc12263f6f8823abe288bb1ce1a420.json | 178.253.29.47 | 200 OK | 32 kB |
URL GET HTTP/21xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/d2dc12263f6f8823abe288bb1ce1a420.json IP178.253.29.47:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerLet's Encrypt Subject1xlite-660473.top FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT
Hashee702cdbc65faf50843762bd9534a1aa 5c78ac8aa3155597543f63349686b02926eecd36 ec388b1801623dbd0e1f497cb6a898425222ea538c039b2a8dafc7720cceea28
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/d2dc12263f6f8823abe288bb1ce1a420.json HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2Fwheel-bet
content-type: application/json
x-requested-with: XMLHttpRequest
is-srv: false
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22LGTNTzSTpCRrxnGhkthx77%22%2C%22LGTNTzSTpCRrxnGhkthx77%22%5D%2C%22site_id%22%3A%22fe627071%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dL2YrqfphP8hOAwd8Ag==; SESSION=997daf28e246f35f35cb31ed95423e4f; window_width=0; che_g=4045b7df-70e6-5400-0d3c-1295ada68e8d; application_locale=en; sh.session.id=e6d0cf13-9326-4e99-bacf-224d824cbf68; _ga_7V60YW2S5H=GS1.1.1714137601.1.0.1714137601.60.0.0; _ga=GA1.1.1321333404.1714137601
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:02 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Fri, 02 Feb 2024 09:29:23 GMT
etag: W/"ee702cdbc65faf50843762bd9534a1aa"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.016
X-Firefox-Spdy: h2
|
|
| 1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/6383baf4fc61037b3c4990e9b55f947b.json | 178.253.29.47 | 200 OK | 11 kB |
URL GET HTTP/21xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/6383baf4fc61037b3c4990e9b55f947b.json IP178.253.29.47:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerLet's Encrypt Subject1xlite-660473.top FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT
Hash5964e3e4fd5fa89ee9aee228e1572aa9 a2496d82f9dd777e1095c853e4fe281f33ce131f 6483a840daa604ea63da72f2defeb1cc09e4e4ee09243966f7d7ba49e351e940
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/6383baf4fc61037b3c4990e9b55f947b.json HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2Fwheel-bet
content-type: application/json
x-requested-with: XMLHttpRequest
is-srv: false
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22LGTNTzSTpCRrxnGhkthx77%22%2C%22LGTNTzSTpCRrxnGhkthx77%22%5D%2C%22site_id%22%3A%22fe627071%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dL2YrqfphP8hOAwd8Ag==; SESSION=997daf28e246f35f35cb31ed95423e4f; window_width=0; che_g=4045b7df-70e6-5400-0d3c-1295ada68e8d; application_locale=en; sh.session.id=e6d0cf13-9326-4e99-bacf-224d824cbf68; _ga_7V60YW2S5H=GS1.1.1714137601.1.0.1714137601.60.0.0; _ga=GA1.1.1321333404.1714137601
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:02 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Tue, 05 Dec 2023 11:58:07 GMT
etag: W/"5964e3e4fd5fa89ee9aee228e1572aa9"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.016
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/slot-ten-deposit.webp | 185.244.209.62 | 200 OK | 10 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/slot-ten-deposit.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 315x250, Scaling: [none]x[none], YUV color, decoders should clamp Hasha55f6bc5288f59157c1f4b0d99200c4f 64b37d821bf692cea5cde5734b3230cecd2b1ae0 0f29e044bfb569e9205e03de27030a08d6b32de2da815a72b059dca1cfea8707
GET /genfiles/cms/1-285/desktop/bonus/rules/slot-ten-deposit.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:03 GMT
content-type: application/octet-stream
content-length: 10366
last-modified: Tue, 11 Apr 2023 17:52:48 GMT
etag: "a55f6bc5288f59157c1f4b0d99200c4f"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-7b7a1a5bba38c7ea2ad24f08f8a7ab17-1591bdbba8ba4d82-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T09:03:14+00:00, 2024-04-26T12:31:38+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/bets-by-telegram.webp | 185.244.209.62 | 200 OK | 22 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/bets-by-telegram.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 315x250, Scaling: [none]x[none], YUV color, decoders should clamp Hash39d1dc105345cff4c37199d4ae2857d4 dbeba1282f82a8fbca0045713fee8bf48bd58098 6085511f9d0d73ae4e466fc3392ddad94f271750d945bde6b5abb4143d86d9e9
GET /genfiles/cms/1-285/desktop/bonus/rules/bets-by-telegram.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:03 GMT
content-type: image/webp
content-length: 22154
last-modified: Mon, 15 May 2023 10:48:41 GMT
etag: "39d1dc105345cff4c37199d4ae2857d4"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-c04d01bf689630c85fa01a3205cb9d05-a16d1aec83443c4c-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:27:22+00:00, 2024-04-26T13:20:00+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/bonus-cms/-F4AhdYV5GYOYbffoLsZVIKLXOg1ysIL/candyworks.webp | 185.244.209.62 | 200 OK | 48 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/bonus-cms/-F4AhdYV5GYOYbffoLsZVIKLXOg1ysIL/candyworks.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 315x250, Scaling: [none]x[none], YUV color, decoders should clamp Hasha0339a106d8746d304f69e1b730d2b13 3f2b1c54fda62bd6acad6c8e818ca9b0a242ca4c 0f595c354ed2f9e32665d208359fdc786b20358164171744db96644051e49f4d
GET /genfiles/bonus-cms/-F4AhdYV5GYOYbffoLsZVIKLXOg1ysIL/candyworks.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:03 GMT
content-type: image/webp
content-length: 48058
last-modified: Tue, 28 Nov 2023 14:15:19 GMT
etag: "a0339a106d8746d304f69e1b730d2b13"
x-time-ng: 0.003
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-ed777c489024767ea0f6927ce4b04477-5e25369453ba3f7c-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-22T09:03:01+00:00, 2024-04-26T12:31:38+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/bonus-cms/LFICyFaKYJ6xVbTBwk-hRRtuo8QrCKg1/lucky-day.webp | 185.244.209.62 | 200 OK | 30 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/bonus-cms/LFICyFaKYJ6xVbTBwk-hRRtuo8QrCKg1/lucky-day.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 315x250, Scaling: [none]x[none], YUV color, decoders should clamp Hash127f60172cf16911bf168a7fb61c7ccf 5224ba0a241715cf352c7ea5d2b54d9343cd5877 2c7adb7ce984529f91331d5f8c4d4709471b455e8275d9f8f0fcea7a1b641ee7
GET /genfiles/bonus-cms/LFICyFaKYJ6xVbTBwk-hRRtuo8QrCKg1/lucky-day.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:03 GMT
content-type: image/webp
content-length: 30120
last-modified: Thu, 04 Apr 2024 12:21:49 GMT
etag: "127f60172cf16911bf168a7fb61c7ccf"
x-time-ng: 0.002
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-929340a107a49fa8f48da3a6adda4d7f-4dabfcd1af23ab78-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-15T09:12:58+00:00, 2024-04-26T13:03:08+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/become-legend.webp | 185.244.209.62 | 200 OK | 108 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/become-legend.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Size108 kB (107976 bytes) Hash314b18cfe996f7ac145db7d302dcf1b3 cf49cfe63d75c447b4da918bd06d8938584edbfa cd0f72608f9e60537a3a489e47cc2c2718e23837bd24f1dc502d110ccef6bd3c
GET /genfiles/cms/1-285/desktop/bonus/rules/become-legend.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:03 GMT
content-type: image/webp
content-length: 107976
last-modified: Fri, 01 Mar 2024 08:28:39 GMT
etag: "314b18cfe996f7ac145db7d302dcf1b3"
x-time-ng: 0.002
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-c935a6d49aa47755524fa29c5e2537dc-1d64d66aee7961a6-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-03-01T11:44:46+00:00, 2024-04-26T12:31:38+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/12d8ee2576692fff036a68507fb52970.json | 178.253.29.47 | 200 OK | 3.1 kB |
URL GET HTTP/21xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/12d8ee2576692fff036a68507fb52970.json IP178.253.29.47:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerLet's Encrypt Subject1xlite-660473.top FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT
Hash38f190a4cb1989aed041659da0a372aa eec181f8bddbf93e43c35f7718b3f9dac029bab6 cd2726700d70053e8bc5c7a2c24930598c56856147745eb208722586a17eb6f4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/12d8ee2576692fff036a68507fb52970.json HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2Fwheel-bet
content-type: application/json
x-requested-with: XMLHttpRequest
is-srv: false
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22LGTNTzSTpCRrxnGhkthx77%22%2C%22LGTNTzSTpCRrxnGhkthx77%22%5D%2C%22site_id%22%3A%22fe627071%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dL2YrqfphP8hOAwd8Ag==; SESSION=997daf28e246f35f35cb31ed95423e4f; window_width=0; che_g=4045b7df-70e6-5400-0d3c-1295ada68e8d; application_locale=en; sh.session.id=e6d0cf13-9326-4e99-bacf-224d824cbf68; _ga_7V60YW2S5H=GS1.1.1714137601.1.0.1714137601.60.0.0; _ga=GA1.1.1321333404.1714137601
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:02 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Thu, 14 Mar 2024 18:43:34 GMT
etag: W/"38f190a4cb1989aed041659da0a372aa"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.015
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/express-fight.webp | 185.244.209.62 | 200 OK | 19 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/express-fight.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 315x250, Scaling: [none]x[none], YUV color, decoders should clamp Hashc085b2722d5f4393ec9f415976e7e0d3 31ea126b3ab5a0b4f7da6a9ab294e25b26e91b94 24ebd2fb88924fcbc69092ae958bb942c885295ab784efedfaa38f0301549601
GET /genfiles/cms/1-285/desktop/bonus/rules/express-fight.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:03 GMT
content-type: application/octet-stream
content-length: 19086
last-modified: Tue, 11 Apr 2023 17:52:27 GMT
etag: "c085b2722d5f4393ec9f415976e7e0d3"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-b3b2be40ebfbae311ccdfa634707c44e-2eb5c92aca209a1c-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T09:03:14+00:00, 2024-04-26T12:31:38+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/goalless-football.webp | 185.244.209.62 | 200 OK | 50 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/goalless-football.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Hash2eb5029e4de53b55ebbbcd6f2bc5f4d9 78e0d7382e7196ef120697bd25c86ce971cf1352 4f46fd0d8f32a4585f0c880fa91cbdfce37bc675c645a2d8e84210baba13440b
GET /genfiles/cms/1-285/desktop/bonus/rules/goalless-football.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:03 GMT
content-type: image/webp
content-length: 50494
last-modified: Wed, 06 Sep 2023 08:29:12 GMT
etag: "2eb5029e4de53b55ebbbcd6f2bc5f4d9"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-f4be9a1c2532a303695dc8a436424edb-00bafe71c388eec0-01
x-id: osix-hw-edge-gc4
cache: REVALIDATED, HIT
x-cached-since: 2024-04-26T12:31:38+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/vip-cashback/1-137.webp | 185.244.209.62 | 404 Not Found | 118 B |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/vip-cashback/1-137.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeHTML document, ASCII text, with CRLF line terminators Hashb58d632409efb03916cfef3229576c55 c2fb66483c899f427b0354d52b080ce8bb6b47c4 b0b0fadb436530e81236a3d97058fc501d732eb24768845c5e97ac8ac3c32176
GET /genfiles/cms/1-285/desktop/bonus/rules/vip-cashback/1-137.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Fri, 26 Apr 2024 13:20:03 GMT
content-type: text/html; charset=utf-8
content-length: 118
strict-transport-security: max-age=15724800; includeSubDomains
x-id-shield: am3-hw-edge-gc89
traceparent: 00-7e008fd7cde9c401a8d7453a836f6af2-fecdb1d0f2d6de4c-01
x-id: osix-hw-edge-gc4
cache: MISS, MISS
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/bonus-cms/rlZ6zENhNy4DpXsJufiOH-vpS1bzc_oS/in-pursuit-of-scudetto.webp | 185.244.209.62 | 200 OK | 38 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/bonus-cms/rlZ6zENhNy4DpXsJufiOH-vpS1bzc_oS/in-pursuit-of-scudetto.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 315x250, Scaling: [none]x[none], YUV color, decoders should clamp Hash1d495d767fa8c94066d188431eb797e0 940bc07d4ac6fc836661b6e3d0860509de648b3b e6aff9ac6666aeef484341c417a21fcddc49f9488af30b03a20af0d1a722eb94
GET /genfiles/bonus-cms/rlZ6zENhNy4DpXsJufiOH-vpS1bzc_oS/in-pursuit-of-scudetto.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:03 GMT
content-type: image/webp
content-length: 38184
last-modified: Wed, 10 Jan 2024 05:53:56 GMT
etag: "1d495d767fa8c94066d188431eb797e0"
x-time-ng: 0.002
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2024-01-16T11:30:17+00:00
traceparent: 00-d9195a6441f29b24722730a26e797179-a0b7a6e170cd21d5-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/bonus-cms/jg5PV_YdYioJAU_-6Y2q-61NVnwVkPXm/315x250.webp | 185.244.209.62 | 200 OK | 44 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/bonus-cms/jg5PV_YdYioJAU_-6Y2q-61NVnwVkPXm/315x250.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 315x250, Scaling: [none]x[none], YUV color, decoders should clamp Hash820c2301c27f8e114d81fccc88c8cbee 247adbb42e4149425c90a98095b859347c016ff1 22c6ceb46195434759afbbe5f799723d4cf658d22d312fb7f194c88782a2cda4
GET /genfiles/bonus-cms/jg5PV_YdYioJAU_-6Y2q-61NVnwVkPXm/315x250.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:03 GMT
content-type: image/webp
content-length: 44068
last-modified: Sat, 13 Jan 2024 19:54:13 GMT
etag: "820c2301c27f8e114d81fccc88c8cbee"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2024-01-14T09:54:27+00:00
traceparent: 00-803744a734050b6384923315b79fbee2-6c03b03411e212ba-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/2fd14d386d81a875960a0ebcdabe85a6.json | 178.253.29.47 | 200 OK | 17 kB |
URL GET HTTP/21xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/2fd14d386d81a875960a0ebcdabe85a6.json IP178.253.29.47:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerLet's Encrypt Subject1xlite-660473.top FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT
Hash269ccea9c3f07d37d497b4911e5d6e0b f2cdc5da71758c8d07c2001d17ffe6ca31dccaa0 6b993b69b051271a06e7926be8f63fcdb0923cfad186c57c34320421721dabc6
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/2fd14d386d81a875960a0ebcdabe85a6.json HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/bonus/rules
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22LGTNTzSTpCRrxnGhkthx77%22%2C%22LGTNTzSTpCRrxnGhkthx77%22%5D%2C%22site_id%22%3A%22fe627071%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dL2YrqfphP8hOAwd8Ag==; SESSION=997daf28e246f35f35cb31ed95423e4f; window_width=0; che_g=4045b7df-70e6-5400-0d3c-1295ada68e8d; application_locale=en; sh.session.id=e6d0cf13-9326-4e99-bacf-224d824cbf68; _ga_7V60YW2S5H=GS1.1.1714137601.1.0.1714137601.60.0.0; _ga=GA1.1.1321333404.1714137601
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:02 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Fri, 26 Apr 2024 08:47:45 GMT
etag: W/"269ccea9c3f07d37d497b4911e5d6e0b"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.016
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/promo-no-risk-bet.webp | 185.244.209.62 | 200 OK | 50 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/promo-no-risk-bet.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Hash61884a79292df9a69ea556b9adbdb453 a925df3d537f64ded7c93d6d46719f6933eedaba 6f949e72638072f5014d3710883383047f95344febff58dbe5a6dc47c753d5ff
GET /genfiles/cms/1-285/desktop/bonus/rules/promo-no-risk-bet.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:03 GMT
content-type: image/webp
content-length: 49656
last-modified: Tue, 11 Apr 2023 17:52:46 GMT
etag: "61884a79292df9a69ea556b9adbdb453"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-f4f9f0a6ffba4e9c748d366e1e56ad1e-f7f3df12ef011940-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T09:16:15+00:00, 2024-04-26T12:31:38+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/birthday.webp | 185.244.209.62 | 200 OK | 12 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/birthday.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 315x250, Scaling: [none]x[none], YUV color, decoders should clamp Hash9a12fd308fdcacc0adb16d2476e2efe9 fac9675ec0a1041f757f11413fe0c359edd0b141 f7da0fac7df7744f1812cebabe061252bf8e8cb786e066ad76b48f96f1a17b64
GET /genfiles/cms/1-285/desktop/bonus/rules/birthday.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:03 GMT
content-type: image/webp
content-length: 11684
last-modified: Tue, 11 Apr 2023 17:52:19 GMT
etag: "9a12fd308fdcacc0adb16d2476e2efe9"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-48c49d2759b3f3e2fae43c5d3c3e2728-1a40282d8b1dab8c-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T09:16:15+00:00, 2024-04-26T12:31:38+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/bonus-cms/NrYLPexnCMwMSdX6tC-njSau7U0Isq6k/sticker-hunt_2.webp | 185.244.209.62 | 404 Not Found | 118 B |
URL GET HTTP/2v3.traincdn.com/genfiles/bonus-cms/NrYLPexnCMwMSdX6tC-njSau7U0Isq6k/sticker-hunt_2.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeHTML document, ASCII text, with CRLF line terminators Hashb58d632409efb03916cfef3229576c55 c2fb66483c899f427b0354d52b080ce8bb6b47c4 b0b0fadb436530e81236a3d97058fc501d732eb24768845c5e97ac8ac3c32176
GET /genfiles/bonus-cms/NrYLPexnCMwMSdX6tC-njSau7U0Isq6k/sticker-hunt_2.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Fri, 26 Apr 2024 13:20:04 GMT
content-type: text/html; charset=utf-8
content-length: 118
strict-transport-security: max-age=15724800; includeSubDomains
x-id-shield: am3-hw-edge-gc89
traceparent: 00-bffe1a1ced590b48833ceb4b5c04d6f1-a80c09cf7b9d99a4-01
x-id: osix-hw-edge-gc4
cache: MISS, MISS
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/express.webp | 185.244.209.62 | 200 OK | 26 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/express.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 315x250, Scaling: [none]x[none], YUV color, decoders should clamp Hash76f4f94caeacb3ea3e799f76517c2e77 e4532a2e775a346d81f16c0964b9bfc8cb679842 ac636f011f118593e402c29660bda51edb682670d22b82ca018d05faf7f1e18d
GET /genfiles/cms/1-285/desktop/bonus/rules/express.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:04 GMT
content-type: image/webp
content-length: 26210
last-modified: Fri, 12 May 2023 08:45:56 GMT
etag: "76f4f94caeacb3ea3e799f76517c2e77"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-9cf98d56c451600040bcc2105a7750d3-e0e028188f41e4fc-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T09:16:15+00:00, 2024-04-26T12:31:38+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/doverie.webp | 185.244.209.62 | 200 OK | 6.0 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/doverie.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 315x250, Scaling: [none]x[none], YUV color, decoders should clamp Hash25a2c8bb1250ef2eb614983566886ef4 bb0e43eeee18884437554668b5e1ad56a68e20a4 23852e0d23a0c03d4fd5e5ba37f81083212c85b4c305697ad8b32dd8cef797c1
GET /genfiles/cms/1-285/desktop/bonus/rules/doverie.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:04 GMT
content-type: image/webp
content-length: 6002
last-modified: Tue, 04 Jul 2023 07:20:09 GMT
etag: "25a2c8bb1250ef2eb614983566886ef4"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-3b55e52e78b9680f2cc9e73753b1c858-2a52b8d2c14abd69-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T09:39:07+00:00, 2024-04-26T12:31:38+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/hyper-bonus.webp | 185.244.209.62 | 200 OK | 62 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/hyper-bonus.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 315x250, components 3 Hash5aaddf2c56dd3132a3eb40fd514309c6 74dc6650e0bc516bbefbe1da71fb5e0243e69191 5989764a0ab5e33ea4d229993ff2842fc8d9fe15e6a7ab42de32fc326e28b1c2
GET /genfiles/cms/1-285/desktop/bonus/rules/hyper-bonus.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:04 GMT
content-type: application/octet-stream
content-length: 61571
last-modified: Tue, 11 Apr 2023 17:52:34 GMT
etag: "5aaddf2c56dd3132a3eb40fd514309c6"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-4ed6f178c337b6a5b259b85f165a9f7a-46a37be21158690a-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T09:39:07+00:00, 2024-04-26T12:31:38+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/beatus.webp | 185.244.209.62 | 200 OK | 12 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/beatus.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 315x250, Scaling: [none]x[none], YUV color, decoders should clamp Hashbbd5effd93dd90aeb3587a33e4976b44 13b331c36e7b5a6e7eaee9fabeaa89efc668af89 ab5e828e09e0e3598e23d4570ec7c4c0e66573de6edda8a103b24c16df63f1c1
GET /genfiles/cms/1-285/desktop/bonus/rules/beatus.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:04 GMT
content-type: image/webp
content-length: 12142
last-modified: Fri, 30 Jun 2023 07:38:24 GMT
etag: "bbd5effd93dd90aeb3587a33e4976b44"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-d8388ceaa64b5440ea87b1251195d5aa-e8e380c8c3ff2f2f-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T09:04:50+00:00, 2024-04-26T12:31:38+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/loss20.webp | 185.244.209.62 | 200 OK | 27 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/loss20.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 315x250, Scaling: [none]x[none], YUV color, decoders should clamp Hash0380f55e7529165ae4d1a7711a856e71 62fe2f40e9e20f52c357e54ee693c76bde7f9687 bd318ab4b3134965f5cdc86b6b7b1ef2fd107b2e8607d20a9fbbbf26c9336d89
GET /genfiles/cms/1-285/desktop/bonus/rules/loss20.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:04 GMT
content-type: image/webp
content-length: 27102
last-modified: Tue, 16 May 2023 09:12:24 GMT
etag: "0380f55e7529165ae4d1a7711a856e71"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-2bd1e62529370959839ca2b671ecc08c-708ecf78b567d3b3-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T09:16:15+00:00, 2024-04-26T12:31:38+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/multiply2.webp | 185.244.209.62 | 200 OK | 7.6 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/multiply2.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 315x250, Scaling: [none]x[none], YUV color, decoders should clamp Hash1d8bed36881f95d202cadc9e59f6feac 2e02cd8b9fed8a23983e3fae937046ab3bbf024d 75a1bf27b18d5a283419875af020e3b2f435aba02f1b510b76b2f76f6932c23c
GET /genfiles/cms/1-285/desktop/bonus/rules/multiply2.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:04 GMT
content-type: image/webp
content-length: 7566
last-modified: Tue, 11 Apr 2023 17:52:41 GMT
etag: "1d8bed36881f95d202cadc9e59f6feac"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-89ae7da18e4ab4b9f6b0134b8af92e58-911840a75803093b-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T09:16:15+00:00, 2024-04-26T12:31:38+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/dailytournament.webp | 185.244.209.62 | 200 OK | 41 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/dailytournament.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Hasheacf930d797f369ee8a944b514a4fd6d ea83544e05b4e9712fc8a044dc41e4b64dd42d3f 883351a2289a9fc1075ccaea228649d3ec00383ac6f9ec02d553659e4304d604
GET /genfiles/cms/1-285/desktop/bonus/rules/dailytournament.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:04 GMT
content-type: image/webp
content-length: 40640
last-modified: Thu, 13 Apr 2023 11:50:39 GMT
etag: "eacf930d797f369ee8a944b514a4fd6d"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-e3a7ae77ce4566dc72174756b7a5b070-eba476c1a8e57e05-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T09:03:14+00:00, 2024-04-26T12:31:38+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/bonus-cms/Jru2M7Onwk3E236hEq83sDUnan9VRt2a/super-prize-wheel.webp | 185.244.209.62 | 200 OK | 41 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/bonus-cms/Jru2M7Onwk3E236hEq83sDUnan9VRt2a/super-prize-wheel.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 320x250, Scaling: [none]x[none], YUV color, decoders should clamp Hashdb450552e670bbdad66544b69eb363d9 3cd2f0307c9b7bea0b94cd9337a5cdcf6e396250 dd7368b9f4913ae02e5d49cda2d67a56197e3a92537486470d93de634be5273d
GET /genfiles/bonus-cms/Jru2M7Onwk3E236hEq83sDUnan9VRt2a/super-prize-wheel.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:04 GMT
content-type: image/webp
content-length: 41040
last-modified: Mon, 26 Feb 2024 09:18:12 GMT
etag: "db450552e670bbdad66544b69eb363d9"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-86af280194f3e1732837a4cbf176e11c-0016b1390e660025-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-02-26T11:22:28+00:00, 2024-04-26T12:49:50+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/percentage.webp | 185.244.209.62 | 200 OK | 12 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/percentage.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 320x250, Scaling: [none]x[none], YUV color, decoders should clamp Hash23cdbdab7f6c29d23a3ae864fa3f3d4e 043bafd75f65788716a5be5856ec40299e0ec346 61c7198b963bf41030704724217c3faa3fe4450d7786b18af8782daf6e5dcafc
GET /genfiles/cms/1-285/desktop/bonus/rules/percentage.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:04 GMT
content-type: image/webp
content-length: 11590
last-modified: Thu, 22 Feb 2024 07:23:11 GMT
etag: "23cdbdab7f6c29d23a3ae864fa3f3d4e"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-50e43e77a5b3adf965a525f0b046a51d-c66a1b7e7fe5df63-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-02-22T09:05:18+00:00, 2024-04-26T12:31:38+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/champions-season.webp | 185.244.209.62 | 200 OK | 12 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/champions-season.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Hashbf8cbebb37d6522d39bbb5d6c5d736bf 7dc6cdccb164a0b098f2d9d1f137818f5f38241a 84fd6d05039b9501f02f89baada0ade73918cbc8a65cf09eac1ad95bbccc27ca
GET /genfiles/cms/1-285/desktop/bonus/rules/champions-season.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:04 GMT
content-type: image/webp
content-length: 11908
last-modified: Wed, 06 Sep 2023 12:28:01 GMT
etag: "bf8cbebb37d6522d39bbb5d6c5d736bf"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-7231b68193b96e433e692c2de15e0d5b-fa6a80cc77392bde-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T09:03:14+00:00, 2024-04-26T12:31:38+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/esportsera.webp | 185.244.209.62 | 200 OK | 22 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/esportsera.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 315x250, Scaling: [none]x[none], YUV color, decoders should clamp Hashce497bea4e8d6d98f39094d022ae36b6 412a148e5089893045cb686d35f78ad4f6c0d340 a4fd9bbb5a9e00896e0a9a07090f92797034fbba93193605f498f96ab04d1f28
GET /genfiles/cms/1-285/desktop/bonus/rules/esportsera.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:04 GMT
content-type: image/webp
content-length: 21674
last-modified: Mon, 24 Jul 2023 13:02:29 GMT
etag: "ce497bea4e8d6d98f39094d022ae36b6"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-08e90580bbf435c36e4448b74317db0e-e13448c3503eb050-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T09:03:14+00:00, 2024-04-26T12:31:38+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/formula-one-game.webp | 185.244.209.62 | 200 OK | 26 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/formula-one-game.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 315x250, Scaling: [none]x[none], YUV color, decoders should clamp Hash3529a9950536352cadc5022231d76608 2883dfd254a6b2ac531e7749bd0986dd4c26b077 f9b9979b91624cafcb1f44cdf9b1a3926417ca700046a19466a94335ff8090cf
GET /genfiles/cms/1-285/desktop/bonus/rules/formula-one-game.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:04 GMT
content-type: application/octet-stream
content-length: 26188
last-modified: Tue, 11 Apr 2023 17:52:28 GMT
etag: "3529a9950536352cadc5022231d76608"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-502755b32c935a061dab761775b86281-8c24c601d6b8342a-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T09:03:14+00:00, 2024-04-26T12:31:38+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/lucky-friday.webp | 185.244.209.62 | 200 OK | 18 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/lucky-friday.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image Hash63ffabeefd0ba919618dbdfdd971c45a a4d6ad655ed680ca06e1f98509005b795f195885 c621e44eb52b43f859381b83442a80570ae098356ef5d581a77c84a4417a3671
GET /genfiles/cms/1-285/desktop/bonus/rules/lucky-friday.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:04 GMT
content-type: image/webp
content-length: 18098
last-modified: Wed, 10 May 2023 13:36:26 GMT
etag: "63ffabeefd0ba919618dbdfdd971c45a"
x-time-ng: 0.002
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-17c789554ee5c8fd04e05968834e6d95-054266dca8da2abd-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T09:16:17+00:00, 2024-04-26T12:31:38+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/tv-bet-jackpot.webp | 185.244.209.62 | 200 OK | 9.1 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/tv-bet-jackpot.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 315x250, Scaling: [none]x[none], YUV color, decoders should clamp Hashcf73cf5ee3883706242debc9d5f1c52e e071e466fff51b6bff7edf48405c959865bdbe28 53e6a25ee8451c110b3f96164a7917bb8e6f4dfdcf84ec373eebd5b4dc56d88c
GET /genfiles/cms/1-285/desktop/bonus/rules/tv-bet-jackpot.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:04 GMT
content-type: application/octet-stream
content-length: 9094
last-modified: Tue, 11 Apr 2023 17:52:55 GMT
etag: "cf73cf5ee3883706242debc9d5f1c52e"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-a9c69438562cd12008cf1c941df2fb52-f2516c9805192b49-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T09:39:07+00:00, 2024-04-26T12:31:38+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/race.webp | 185.244.209.62 | 200 OK | 20 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/race.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 315x250, Scaling: [none]x[none], YUV color, decoders should clamp Hashec7e490ee95bbfcbe0960d591252044e 5436d493fbcf370a21f5c3dde65d24d4fd535e9a 8d40342db2cb8b1792f7833eb91a9f7f29f8ce0a5136b2bb944b7e2d2db69722
GET /genfiles/cms/1-285/desktop/bonus/rules/race.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:04 GMT
content-type: image/webp
content-length: 19644
last-modified: Tue, 04 Jul 2023 07:12:14 GMT
etag: "ec7e490ee95bbfcbe0960d591252044e"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-74837ec6455c6f5cf8dfc1c815fe7e4f-e7d4d3b05bd21f85-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T09:16:17+00:00, 2024-04-26T12:49:50+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/top-bins.webp | 185.244.209.62 | 200 OK | 7.6 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/top-bins.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 315x250, Scaling: [none]x[none], YUV color, decoders should clamp Hashd11c77ea0b5452913b78f4119b5dc2a6 51bd74151949ed7bfc8b75c6ff5f06695bdd3501 54b074dd43034216f6d809fd57a81c5ed43a4cee62da841ac1041cc05394cd45
GET /genfiles/cms/1-285/desktop/bonus/rules/top-bins.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:04 GMT
content-type: application/octet-stream
content-length: 7550
last-modified: Tue, 11 Apr 2023 17:52:54 GMT
etag: "d11c77ea0b5452913b78f4119b5dc2a6"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-3006328a63d845de908a31fe15f49003-fd7f5dda648d55cc-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T09:40:49+00:00, 2024-04-26T12:31:38+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/toto-free.webp | 185.244.209.62 | 200 OK | 15 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/toto-free.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 315x250, Scaling: [none]x[none], YUV color, decoders should clamp Hashd1c9cf33b4078a369a2ec162bbc4ec00 8b3a2ec69ed7f3dc2bc597cd49cc4e149c016930 d1dd361e05319a43656238aeb770d4b179ac281cfcbacc4b1f250517fabb442f
GET /genfiles/cms/1-285/desktop/bonus/rules/toto-free.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:04 GMT
content-type: image/webp
content-length: 15338
last-modified: Thu, 29 Jun 2023 09:22:43 GMT
etag: "d1c9cf33b4078a369a2ec162bbc4ec00"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-6780648c7af09b6311b03d800aa341f1-aa57fda61e9db334-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T09:03:14+00:00, 2024-04-26T12:31:38+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/promo-store-slider.webp | 185.244.209.62 | 200 OK | 30 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/promo-store-slider.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 945x370, Scaling: [none]x[none], YUV color, decoders should clamp Hashfb26390b4171564fe0781859fcceda24 06a0c7a3a55e3c6b9a8e1e57727b3c669f322679 5463e432bd75c1aae1935b19c9965dbf5723c16b73fb5d8290e97b879d8364a7
GET /genfiles/cms/1-285/desktop/bonus/rules/promo-store-slider.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:04 GMT
content-type: image/webp
content-length: 30198
last-modified: Fri, 12 May 2023 09:22:20 GMT
etag: "fb26390b4171564fe0781859fcceda24"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-f02a5d8e602ca106489b9b007908f57a-7d37f5ee0cfa2704-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-01-22T02:30:36+00:00, 2024-04-26T13:05:07+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/bonus-cms/ie7Y_ckIGzliiirADc5IH2JBA_dlC7eU/945x370.webp | 185.244.209.62 | 200 OK | 80 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/bonus-cms/ie7Y_ckIGzliiirADc5IH2JBA_dlC7eU/945x370.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 945x370, Scaling: [none]x[none], YUV color, decoders should clamp Hash9fa64a2876ca3248eebece61f020bbe3 4137b2e942470d844316b2b98841153004f796c2 85021bd78912bc1a5d3e09bd922698fc3f5e6d94d36124981015dd3ed036fb19
GET /genfiles/bonus-cms/ie7Y_ckIGzliiirADc5IH2JBA_dlC7eU/945x370.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:04 GMT
content-type: image/webp
content-length: 80336
last-modified: Fri, 12 Apr 2024 12:30:59 GMT
etag: "9fa64a2876ca3248eebece61f020bbe3"
x-time-ng: 0.003
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-b06c8f0c62dfe9f68c683103d6937ded-17d156b9c83cc909-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-23T15:01:25+00:00, 2024-04-26T13:03:05+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/slot-first-deposit-slider.webp | 185.244.209.62 | 200 OK | 34 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/slot-first-deposit-slider.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 945x370, Scaling: [none]x[none], YUV color, decoders should clamp Hashc5774b63275f0389268a7e327d0f407a 81d2fb09c457cd65e2c215244ac5b281a3e6ce77 1099121afbbe2fb3cba7fbd6dd48e0cb8ffaf9191b02278dae692fbbba2a5f86
GET /genfiles/cms/1-285/desktop/bonus/rules/slot-first-deposit-slider.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:04 GMT
content-type: application/octet-stream
content-length: 34112
last-modified: Tue, 11 Apr 2023 17:52:48 GMT
etag: "c5774b63275f0389268a7e327d0f407a"
x-time-ng: 0.001
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-c1712cf9d2110a7aad951dfb978295d5-efb3d613b77b8467-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T09:39:12+00:00, 2024-04-26T12:31:38+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/bonus-cms/zefs6LIEfbtUI44nkGmWQKOz9Mf44P65/315x250.webp | 185.244.209.62 | 200 OK | 36 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/bonus-cms/zefs6LIEfbtUI44nkGmWQKOz9Mf44P65/315x250.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 315x250, Scaling: [none]x[none], YUV color, decoders should clamp Hash66f74329e9044a43bc6b2888ac7f293b a3c599085cb4fd80dca8fa060bc2bd888017696c 8b45e16513005aa85953e81f86b40a79f94badf081c76b3fc037c5d09993ea31
GET /genfiles/bonus-cms/zefs6LIEfbtUI44nkGmWQKOz9Mf44P65/315x250.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:04 GMT
content-type: image/webp
content-length: 35508
last-modified: Mon, 22 Jan 2024 16:34:45 GMT
etag: "66f74329e9044a43bc6b2888ac7f293b"
x-time-ng: 0.009
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2024-04-10T10:44:06+00:00
traceparent: 00-30a37f9ff14eac356d27fd58804a4950-2299f3e7133e700d-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/1st/1-137-slider.webp | 185.244.209.62 | 404 Not Found | 118 B |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/1st/1-137-slider.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeHTML document, ASCII text, with CRLF line terminators Hashb58d632409efb03916cfef3229576c55 c2fb66483c899f427b0354d52b080ce8bb6b47c4 b0b0fadb436530e81236a3d97058fc501d732eb24768845c5e97ac8ac3c32176
GET /genfiles/cms/1-285/desktop/bonus/rules/1st/1-137-slider.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Fri, 26 Apr 2024 13:20:04 GMT
content-type: text/html; charset=utf-8
content-length: 118
strict-transport-security: max-age=15724800; includeSubDomains
x-id-shield: am3-hw-edge-gc89
traceparent: 00-c9bc58af44188b14610f126d9ceed171-d763e55e7b4916ef-01
x-id: osix-hw-edge-gc4
cache: MISS, MISS
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/bonus-cms/zefs6LIEfbtUI44nkGmWQKOz9Mf44P65/945x370_2.webp | 185.244.209.62 | 404 Not Found | 118 B |
URL GET HTTP/2v3.traincdn.com/genfiles/bonus-cms/zefs6LIEfbtUI44nkGmWQKOz9Mf44P65/945x370_2.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeHTML document, ASCII text, with CRLF line terminators Hashb58d632409efb03916cfef3229576c55 c2fb66483c899f427b0354d52b080ce8bb6b47c4 b0b0fadb436530e81236a3d97058fc501d732eb24768845c5e97ac8ac3c32176
GET /genfiles/bonus-cms/zefs6LIEfbtUI44nkGmWQKOz9Mf44P65/945x370_2.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Fri, 26 Apr 2024 13:20:04 GMT
content-type: text/html; charset=utf-8
content-length: 118
strict-transport-security: max-age=15724800; includeSubDomains
x-id-shield: am3-hw-edge-gc88
traceparent: 00-c860dae96966e1b5052e7770517edbb0-74081e724d4d8fc8-01
x-id: osix-hw-edge-gc4
cache: MISS, MISS
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-660473.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json | 178.253.29.47 | 200 OK | 23 B |
URL POST HTTP/21xlite-660473.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json IP178.253.29.47:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerLet's Encrypt Subject1xlite-660473.top FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT
Hash097f193ba1be82acf449a667511f6d87 ca7a43a8573f1d8a9161337e175e9a8b4b227ed0 cb12d2adf06cd9d81f3e7611d5aada0083f2cbcd7960f4150dcd4c714beef070
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/bonus/rules
Content-Type: application/json
X-Lang: en
X-Uuid: 9b05e4e5-5416-4ae0-8ee3-6a7d4ac7f9a7
Content-Length: 316
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22LGTNTzSTpCRrxnGhkthx77%22%2C%22LGTNTzSTpCRrxnGhkthx77%22%5D%2C%22site_id%22%3A%22fe627071%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dL2YrqfphP8hOAwd8Ag==; SESSION=997daf28e246f35f35cb31ed95423e4f; window_width=0; che_g=4045b7df-70e6-5400-0d3c-1295ada68e8d; application_locale=en; sh.session.id=e6d0cf13-9326-4e99-bacf-224d824cbf68; _ga_7V60YW2S5H=GS1.1.1714137601.1.0.1714137601.60.0.0; _ga=GA1.1.1321333404.1714137601
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:04 GMT
content-type: application/json
content-length: 23
x-time-ng: 0.001
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.015
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/1st.webp | 185.244.209.62 | 200 OK | 11 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/1st.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 315x250, Scaling: [none]x[none], YUV color, decoders should clamp Hasha9a36fedcff872396a9f3c7f790713a3 b401c66a5f8b5ab3422964dc1df540bdee8897c8 af610352cfbaf762bac809c78a4cd3c768e412c9bf3a3e2a8f795cded58dc474
GET /genfiles/cms/1-285/desktop/bonus/rules/1st.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:04 GMT
content-type: application/octet-stream
content-length: 10554
last-modified: Tue, 11 Apr 2023 17:52:13 GMT
etag: "a9a36fedcff872396a9f3c7f790713a3"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-c8a5be1b0b1e550061f4183ff4381503-19892be3d35bdc8a-01
x-id: osix-hw-edge-gc4
cache: REVALIDATED, HIT
x-cached-since: 2024-04-26T12:31:38+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/vip-cashback.webp | 185.244.209.62 | 200 OK | 6.2 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/vip-cashback.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 315x250, Scaling: [none]x[none], YUV color, decoders should clamp Hashc92bc7216404cb1bc46cad557d04a4b4 3ad6adb66ed52e54ef1d7adffaec4bf03f51d6df f652aafdaab581a7843ca7939067e4bacfb5c09255a6408c76644187470ca00b
GET /genfiles/cms/1-285/desktop/bonus/rules/vip-cashback.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:04 GMT
content-type: application/octet-stream
content-length: 6224
last-modified: Tue, 11 Apr 2023 17:52:56 GMT
etag: "c92bc7216404cb1bc46cad557d04a4b4"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-656427cc74d020f25e1a19483d4c33ce-c6a913db319ce40f-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T09:06:08+00:00, 2024-04-26T12:31:39+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/bonus-cms/NrYLPexnCMwMSdX6tC-njSau7U0Isq6k/sticker-hunt_2.jpg | 185.244.209.62 | 200 OK | 35 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/bonus-cms/NrYLPexnCMwMSdX6tC-njSau7U0Isq6k/sticker-hunt_2.jpg IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 315x250, components 3 Hashcd68f37caed4fce440617bbfbdc48ed4 ac29fc750245f98996007a7c3484616e10de90b9 0c6bf43c40794a7173623a812f89b868d62c1818e56d29090738cba910af316e
GET /genfiles/bonus-cms/NrYLPexnCMwMSdX6tC-njSau7U0Isq6k/sticker-hunt_2.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:04 GMT
content-type: image/jpeg
content-length: 35001
last-modified: Thu, 07 Mar 2024 10:30:40 GMT
etag: "cd68f37caed4fce440617bbfbdc48ed4"
x-time-ng: 0.003
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-94cbdd25840e588e119ea942d209af8d-6b7db80ff77333df-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-03-07T10:30:51+00:00, 2024-04-26T13:19:11+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/bonus-cms/zefs6LIEfbtUI44nkGmWQKOz9Mf44P65/945x370_2.jpg | 185.244.209.62 | 200 OK | 35 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/bonus-cms/zefs6LIEfbtUI44nkGmWQKOz9Mf44P65/945x370_2.jpg IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), default quality", baseline, precision 8, 945x370, components 3 Hash78c87f02eb2b93a8aecfe7683d746f02 8fbacfead73e116de04b6e60ad07235a993729f4 f2bbd2c04d7e8753dbe2fc0dc4db944b7fe0b5d4cf64f77bca765214846e206f
GET /genfiles/bonus-cms/zefs6LIEfbtUI44nkGmWQKOz9Mf44P65/945x370_2.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:04 GMT
content-type: image/jpeg
content-length: 35060
last-modified: Mon, 22 Jan 2024 16:37:04 GMT
etag: "78c87f02eb2b93a8aecfe7683d746f02"
x-time-ng: 0.002
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-aba8152804368bd06dc27aadb059ee55-360af55f3beaac0f-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-10T10:44:20+00:00, 2024-04-26T13:19:09+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-660473.top/web-api/session | 178.253.29.47 | 204 No Content | 0 B |
URL GET HTTP/21xlite-660473.top/web-api/session IP178.253.29.47:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerLet's Encrypt Subject1xlite-660473.top FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /web-api/session HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/bonus/rules
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22LGTNTzSTpCRrxnGhkthx77%22%2C%22LGTNTzSTpCRrxnGhkthx77%22%5D%2C%22site_id%22%3A%22fe627071%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dL2YrqfphP8hOAwd8Ag==; SESSION=997daf28e246f35f35cb31ed95423e4f; window_width=0; che_g=4045b7df-70e6-5400-0d3c-1295ada68e8d; application_locale=en; sh.session.id=e6d0cf13-9326-4e99-bacf-224d824cbf68; _ga_7V60YW2S5H=GS1.1.1714137601.1.0.1714137601.60.0.0; _ga=GA1.1.1321333404.1714137601
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Fri, 26 Apr 2024 13:20:05 GMT
cache-control: no-cache, private
server-timing: p;dur=17, dt_total;dur=72.199, wf-uht;dur=0.087
traceparent: 00-bc16022fdfc3aae81170b701f0130336-5713061915ddc039-01
x-dt: 285
x-time-ng: 0.062
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/vendors/conversion-000a2948.js | 185.244.209.62 | 200 OK | 67 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/vendors/conversion-000a2948.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators Hash3cad391b1ba090af586203843e8c321d aa49ded6cec16b05de850449016d4161be93b686 140b667c3dc687dc7f10b8f95b4c28f9c4fa7f4c5603479c2e3f6a6d656e9786
GET /_nuxt/desktop/default/vendors/conversion-000a2948.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:05 GMT
content-type: application/javascript; charset=utf-8
content-length: 66631
last-modified: Fri, 26 Apr 2024 10:51:29 GMT
etag: "662b8731-10447"
content-encoding: gzip
expires: Sat, 27 Apr 2024 11:27:55 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-36cdaa2631c802b80253cf92c8ca9055-a11f06aebd7a5b7e-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T11:27:55+00:00, 2024-04-26T11:34:18+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2 | 185.244.209.62 | 200 OK | 64 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2 IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 63748, version 1.0 Hash6887b6f24414dbc612dbf42ccdc76b70 8068d3abfbc6cbf35b55919da45b1f4d2d136238 fc5c015fc32518f1ed810fa84ca28941eb9d5a3c81acc8df69a4dbbeedef7b0c
GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Regular.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:06 GMT
content-type: font/woff2
content-length: 63748
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "6887b6f24414dbc612dbf42ccdc76b70"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-febd8bf6fede3a813a3eeeb2b9a733e9-37fbb39ffddfc8d3-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:13:59+00:00, 2024-04-26T12:20:25+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Medium.woff2 | 185.244.209.62 | 200 OK | 65 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1/desktop/fonts/Roboto/Roboto-Medium.woff2 IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 64732, version 1.0 Hash3ac5d40d1b3966fc5eb09ecca74d9cbf a69f32357765dd321519889aeacba5e9ca893bb0 3310766b8f58538d07abded74a2babe1acbe1a3ee820d5b8c8265da666f4fb0c
GET /genfiles/cms/1/desktop/fonts/Roboto/Roboto-Medium.woff2 HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:06 GMT
content-type: font/woff2
content-length: 64732
last-modified: Wed, 14 Jun 2023 09:49:53 GMT
etag: "3ac5d40d1b3966fc5eb09ecca74d9cbf"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-10e74eac512a96eacedef2d5c109da8b-04d412f039a02fd7-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T07:56:30+00:00, 2024-04-26T12:38:19+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-660473.top/web-api/api/v3/bonuses/first-deposit | 178.253.29.47 | 200 OK | 92 kB |
URL GET HTTP/21xlite-660473.top/web-api/api/v3/bonuses/first-deposit IP178.253.29.47:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerLet's Encrypt Subject1xlite-660473.top FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT
Hash6c497f6fefa1ff03d2b3f026ca9ea1b2 67708749c2923ee8fb64f119bfe6601df89cc754 62d6341764aac9fa45a7c7c304e969a0408d60f679d5142d0faa28e178d132c2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /web-api/api/v3/bonuses/first-deposit HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2Fwheel-bet
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22LGTNTzSTpCRrxnGhkthx77%22%2C%22LGTNTzSTpCRrxnGhkthx77%22%5D%2C%22site_id%22%3A%22fe627071%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dL2YrqfphP8hOAwd8Ag==; SESSION=997daf28e246f35f35cb31ed95423e4f; window_width=1280
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:19:57 GMT
content-type: application/json
cache-control: no-cache, private
content-encoding: br
server-timing: p;dur=41, dt_total;dur=69.517, wf-uht;dur=0.085
traceparent: 00-7d5a26cbbe0a44c1a93f96d33e91160d-6d4a4bcdd4d93faa-01
vary: Accept-Encoding
x-dt: 285
x-time-ng: 0.052
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2
|
|
| 1xlite-660473.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json | 178.253.29.47 | 200 OK | 23 B |
URL POST HTTP/21xlite-660473.top/fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json IP178.253.29.47:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerLet's Encrypt Subject1xlite-660473.top FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT
Hasha682cc4b448aa402e4ce7f479373d527 ef838ac4c7a24454e097b89263f78ea7816c75ff d82a6337ebcdcc6b3c828ac2abe2bd975f413e9d1b35b751fce89606408d2f15
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /fatman-api/a6f69e4388362d761ee5bb073edb23ae3d9341fb/event.json HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/bonus/rules
Content-Type: application/json
X-Lang: en
X-Uuid: 9b05e4e5-5416-4ae0-8ee3-6a7d4ac7f9a7
Content-Length: 99
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22LGTNTzSTpCRrxnGhkthx77%22%2C%22LGTNTzSTpCRrxnGhkthx77%22%5D%2C%22site_id%22%3A%22fe627071%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dL2YrqfphP8hOAwd8Ag==; SESSION=997daf28e246f35f35cb31ed95423e4f; window_width=0; che_g=4045b7df-70e6-5400-0d3c-1295ada68e8d; application_locale=en; sh.session.id=e6d0cf13-9326-4e99-bacf-224d824cbf68; _ga_7V60YW2S5H=GS1.1.1714137601.1.0.1714137601.60.0.0; _ga=GA1.1.1321333404.1714137601
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:06 GMT
content-type: application/json
content-length: 23
x-time-ng: 0.001
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.016
X-Firefox-Spdy: h2
|
|
| 1xlite-660473.top/hd-api/external/api/web/v1/j/8e0d9j0h580j405d082e0bb41d08448d49e8ad92d4b9e8574c29 | 178.253.29.47 | 200 OK | 516 B |
URL POST HTTP/21xlite-660473.top/hd-api/external/api/web/v1/j/8e0d9j0h580j405d082e0bb41d08448d49e8ad92d4b9e8574c29 IP178.253.29.47:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerLet's Encrypt Subject1xlite-660473.top FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT
Hashd3a0bf45ef09f1efdd98019eaf440591 3276eadf31ea442ec60530c854c265673b00d6ad 7e0a6e2c3fb7e0c4fbfca5499a2f542c98c6b0f46f11a5ff3cd6da6c610b003a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /hd-api/external/api/web/v1/j/8e0d9j0h580j405d082e0bb41d08448d49e8ad92d4b9e8574c29 HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/bonus/rules
X-Requested-With: XMLHttpRequest
Content-Type: application/json
Content-Length: 105916
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22LGTNTzSTpCRrxnGhkthx77%22%2C%22LGTNTzSTpCRrxnGhkthx77%22%5D%2C%22site_id%22%3A%22fe627071%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dL2YrqfphP8hOAwd8Ag==; SESSION=997daf28e246f35f35cb31ed95423e4f; window_width=0; che_g=4045b7df-70e6-5400-0d3c-1295ada68e8d; application_locale=en; sh.session.id=e6d0cf13-9326-4e99-bacf-224d824cbf68; _ga_7V60YW2S5H=GS1.1.1714137601.1.0.1714137601.60.0.0; _ga=GA1.1.1321333404.1714137601
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:07 GMT
content-type: application/json
content-length: 516
content-encoding: gzip
traceparent: 00-2c56dacf1a1847e4a7de20f16bbfb0f8-84425b1e5223e105-01
vary: Accept-Encoding
x-dt: 285
x-request-guid: 77ef11691038cc75ae522ef5e2bfd7dc
x-time-ng: 0.010
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=10.557, wf-uht;dur=0.063
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/_nuxt/desktop/default/analytics-1d085c09.js | 185.244.209.62 | 200 OK | 2.4 kB |
URL GET HTTP/2v3.traincdn.com/_nuxt/desktop/default/analytics-1d085c09.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (6444), with no line terminators Hash7c3b6253af0f87ab95db1b7ecb5e071c 4316078471b261fbd6b751a6b9fe613389451dca 15923078094e7c2a29dc16315acfaeed3111e1202f23accb243c9249c03e2095
GET /_nuxt/desktop/default/analytics-1d085c09.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:07 GMT
content-type: application/javascript; charset=utf-8
content-length: 2434
last-modified: Fri, 26 Apr 2024 10:51:29 GMT
etag: "662b8731-982"
content-encoding: gzip
expires: Sat, 27 Apr 2024 11:27:44 GMT
cache-control: max-age=86400
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-d8cf8104ebee50bf9ea9969bdcd6badf-a40216af811758ba-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T11:27:44+00:00, 2024-04-26T11:28:30+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66 | 142.250.74.72 | 200 OK | 105 kB |
URL GET HTTP/3www.googletagmanager.com/gtag/js?id=G-7JGWL9SV66 IP142.250.74.72:443
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com FingerprintFC:B1:16:E0:D8:F3:2B:F3:AB:33:E5:E1:23:57:F4:48:66:FD:4D:52 ValidityMon, 08 Apr 2024 06:34:55 GMT - Mon, 01 Jul 2024 06:34:54 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (10899) Size105 kB (104912 bytes) Hash1ac44dc0c23d6986dc7b4e5bc72ea969 470b8d4a410ad69aed4b639158fa3bb02c18c911 e3d8975dd3f4d4f6f23b9b567b165816984f2637191932cab3d15f4bd83e794b
GET /gtag/js?id=G-7JGWL9SV66 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 26 Apr 2024 13:20:07 GMT
expires: Fri, 26 Apr 2024 13:20:07 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 104912
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| www.googletagmanager.com/gtm.js?id=GTM-KFGPRJ2V | 142.250.74.72 | 200 OK | 63 kB |
URL GET HTTP/3www.googletagmanager.com/gtm.js?id=GTM-KFGPRJ2V IP142.250.74.72:443
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com FingerprintFC:B1:16:E0:D8:F3:2B:F3:AB:33:E5:E1:23:57:F4:48:66:FD:4D:52 ValidityMon, 08 Apr 2024 06:34:55 GMT - Mon, 01 Jul 2024 06:34:54 GMT
File typeJavaScript source, ASCII text, with very long lines (1763) Hash717d2554625cf350c6fd07a3532f85dc ee5d2586b15368172efe5756a173c9c0d59d4daa b996db0842b5493c14ffd3a473575b674b2824a222cd02080af589ed0753d33f
GET /gtm.js?id=GTM-KFGPRJ2V HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 26 Apr 2024 13:20:07 GMT
expires: Fri, 26 Apr 2024 13:20:07 GMT
cache-control: private, max-age=900
last-modified: Fri, 26 Apr 2024 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 62932
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| radar.cedexis.com/1/23802/radar.js | 45.54.49.5 | 302 Moved Temporarily | 154 B |
URL GET HTTP/1.1radar.cedexis.com/1/23802/radar.js IP45.54.49.5:443 ASN#63911 NetActuate, Inc
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerDigiCert Inc Subjectradar.cedexis.com Fingerprint33:58:79:8E:87:A5:C3:05:CA:E2:82:50:61:CF:72:83:BD:64:80:C1 ValidityFri, 29 Mar 2024 00:00:00 GMT - Fri, 28 Mar 2025 23:59:59 GMT
File typeHTML document, ASCII text, with CRLF line terminators Hashcfbeaf604823f038b8b46f0ac862b98c 7b9eb1dac48e74fa5f418bc456cb410f88b81d98 20c1ab602462b7fc0d5b4cbd555cacf127b69a07a737579598ebcbc0f5b21319
GET /1/23802/radar.js HTTP/1.1
Host: radar.cedexis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Fri, 26 Apr 2024 13:20:08 GMT
Content-Type: text/html
Content-Length: 154
Connection: keep-alive
Location: /1707728419/stub.js
Expires: Fri, 26 Apr 2024 13:30:08 GMT
Cache-Control: max-age=600
Vary: User-Agent,DNT
|
|
| www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-7JGWL9SV66&cid=1321333404.1714137601>m=45je44o0v897130004za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&z=1191108918 | 142.250.74.163 | 200 OK | 42 B |
URL GET HTTP/3www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-7JGWL9SV66&cid=1321333404.1714137601>m=45je44o0v897130004za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&z=1191108918 IP142.250.74.163:443
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerGoogle Trust Services LLC Subject*.google.no FingerprintDE:35:DD:F6:8A:FF:6F:9D:0E:3D:27:DD:E2:B8:DE:CE:A4:6A:C8:C9 ValidityMon, 08 Apr 2024 07:44:18 GMT - Mon, 01 Jul 2024 07:44:17 GMT
File typeGIF image data, version 89a, 1 x 1 Hashd89746888da2d9510b64a9f031eaecd5 d5fceb6532643d0d84ffe09c40c481ecdf59e15a ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-7JGWL9SV66&cid=1321333404.1714137601>m=45je44o0v897130004za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&z=1191108918 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 26 Apr 2024 13:20:08 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| radar.cedexis.com/1707728419/stub.js | 45.54.49.5 | 200 OK | 271 B |
URL GET HTTP/1.1radar.cedexis.com/1707728419/stub.js IP45.54.49.5:443 ASN#63911 NetActuate, Inc
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerDigiCert Inc Subjectradar.cedexis.com Fingerprint33:58:79:8E:87:A5:C3:05:CA:E2:82:50:61:CF:72:83:BD:64:80:C1 ValidityFri, 29 Mar 2024 00:00:00 GMT - Fri, 28 Mar 2025 23:59:59 GMT
File typeJavaScript source, ASCII text Hash82dec77fd0353c7c71ce053b8601387e fbbca95419e1d0c042e0a5fdf10f380aca66188c 39f2b7b0fa78d37d0c84d2d6618bd635d86fd683d9bcdd5729850cb2a62522f7
GET /1707728419/stub.js HTTP/1.1
Host: radar.cedexis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 26 Apr 2024 13:20:08 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 12 Feb 2024 09:50:42 GMT
Vary: Accept-Encoding
ETag: W/"65c9e9f2-186"
Expires: Fri, 10 May 2024 13:20:08 GMT
Cache-Control: max-age=1209600, public
Content-Encoding: gzip
|
|
| region1.analytics.google.com/g/collect?v=2&tid=G-7JGWL9SV66>m=45je44o0v897130004za200&_p=1714137607772&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=1321333404.1714137601&ul=en-us&sr=1280x1024&pscdl=noapi&_s=1&sid=1714137608&sct=1&seg=0&dl=https%3A%2F%2F1xlite-660473.top%2Fen%2Fbonus%2Frules&dt=1xBet%20bonus%20%E1%90%89%20All%201xBet%20bonuses%20%E1%90%89%201xlite-660473.top&en=page_view&_fv=1&_ss=1&_ee=1&ep.optimize_id=GTM-5R4MT54&tfd=15295 | 216.239.34.36 | 204 No Content | 0 B |
URL POST HTTP/3region1.analytics.google.com/g/collect?v=2&tid=G-7JGWL9SV66>m=45je44o0v897130004za200&_p=1714137607772&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=1321333404.1714137601&ul=en-us&sr=1280x1024&pscdl=noapi&_s=1&sid=1714137608&sct=1&seg=0&dl=https%3A%2F%2F1xlite-660473.top%2Fen%2Fbonus%2Frules&dt=1xBet%20bonus%20%E1%90%89%20All%201xBet%20bonuses%20%E1%90%89%201xlite-660473.top&en=page_view&_fv=1&_ss=1&_ee=1&ep.optimize_id=GTM-5R4MT54&tfd=15295 IP216.239.34.36:443
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com FingerprintFC:B1:16:E0:D8:F3:2B:F3:AB:33:E5:E1:23:57:F4:48:66:FD:4D:52 ValidityMon, 08 Apr 2024 06:34:55 GMT - Mon, 01 Jul 2024 06:34:54 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-7JGWL9SV66>m=45je44o0v897130004za200&_p=1714137607772&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=1321333404.1714137601&ul=en-us&sr=1280x1024&pscdl=noapi&_s=1&sid=1714137608&sct=1&seg=0&dl=https%3A%2F%2F1xlite-660473.top%2Fen%2Fbonus%2Frules&dt=1xBet%20bonus%20%E1%90%89%20All%201xBet%20bonuses%20%E1%90%89%201xlite-660473.top&en=page_view&_fv=1&_ss=1&_ee=1&ep.optimize_id=GTM-5R4MT54&tfd=15295 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/3 204 No Content
access-control-allow-origin: https://1xlite-660473.top
date: Fri, 26 Apr 2024 13:20:08 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/1st/1-137-slider.webp | 185.244.209.62 | 404 Not Found | 118 B |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/1st/1-137-slider.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeHTML document, ASCII text, with CRLF line terminators Hashb58d632409efb03916cfef3229576c55 c2fb66483c899f427b0354d52b080ce8bb6b47c4 b0b0fadb436530e81236a3d97058fc501d732eb24768845c5e97ac8ac3c32176
GET /genfiles/cms/1-285/desktop/bonus/rules/1st/1-137-slider.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Fri, 26 Apr 2024 13:20:09 GMT
content-type: text/html; charset=utf-8
content-length: 118
strict-transport-security: max-age=15724800; includeSubDomains
x-id-shield: am3-hw-edge-gc89
traceparent: 00-d9c2eda0bcf2730de5ebf76ee87f2820-a57de91fcb709a29-01
x-id: osix-hw-edge-gc4
cache: MISS, MISS
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/1st-slider.webp | 185.244.209.62 | 200 OK | 18 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/1st-slider.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 945x370, Scaling: [none]x[none], YUV color, decoders should clamp Hasha4b243f76ff572881d54d6d590fb7cdf dd97d6d98143012e8adecef2a7fad511f7b6c453 ea844aab8b34dab774ad139535dbdd01f9c3886736e241d34bc2088409ab1f10
GET /genfiles/cms/1-285/desktop/bonus/rules/1st-slider.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:09 GMT
content-type: application/octet-stream
content-length: 18056
last-modified: Tue, 11 Apr 2023 17:52:13 GMT
etag: "a4b243f76ff572881d54d6d590fb7cdf"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-dfe26eca5f4cc2c0c575da4966c92a4b-591f6f578127ed69-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T09:34:29+00:00, 2024-04-26T12:31:44+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-660473.top/bff-api/config/contacts.json?type=2&lang=en | 178.253.29.47 | 200 OK | 3.1 kB |
URL GET HTTP/21xlite-660473.top/bff-api/config/contacts.json?type=2&lang=en IP178.253.29.47:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerLet's Encrypt Subject1xlite-660473.top FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT
Hash5e57488ece417dfb2d0d023a6c9d0423 cc3add288721c1e6c3d3e9413fd0de50a9d38467 8da57ebaa0d0d6ecfbac547e80404973484e6cd38820bb8adfcde943511e4c28
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /bff-api/config/contacts.json?type=2&lang=en HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2Fwheel-bet
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22LGTNTzSTpCRrxnGhkthx77%22%2C%22LGTNTzSTpCRrxnGhkthx77%22%5D%2C%22site_id%22%3A%22fe627071%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dL2YrqfphP8hOAwd8Ag==; SESSION=997daf28e246f35f35cb31ed95423e4f; window_width=1280
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:19:57 GMT
content-type: application/json
cache-control: no-cache, private
content-encoding: br
server-timing: bff;dur=36.18, dt_total;dur=112.146, wf-uht;dur=0.128
traceparent: 00-00d92ab13465a5f967f9d28f472dba06-70399fb1261f4c5f-01
vary: Accept-Encoding
x-dt: 285
x-time-ng: 0.076
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2
|
|
| 1xlite-660473.top/hd-api/external/api/web/v1/converslon/load | 178.253.29.47 | 200 OK | 16 kB |
URL GET HTTP/21xlite-660473.top/hd-api/external/api/web/v1/converslon/load IP178.253.29.47:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerLet's Encrypt Subject1xlite-660473.top FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT
Hash9f9108d23f62d532f3a8d32afdb58cbf e61c2d10a6b3cc09e494134084cc0ff7f29f3713 6f0fafb3e7c8129bb3be98ae57366ac223d330616344751ffa35cdd4eab03637
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /hd-api/external/api/web/v1/converslon/load HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/bonus/rules
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22LGTNTzSTpCRrxnGhkthx77%22%2C%22LGTNTzSTpCRrxnGhkthx77%22%5D%2C%22site_id%22%3A%22fe627071%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dL2YrqfphP8hOAwd8Ag==; SESSION=997daf28e246f35f35cb31ed95423e4f; window_width=0; che_g=4045b7df-70e6-5400-0d3c-1295ada68e8d; application_locale=en; sh.session.id=e6d0cf13-9326-4e99-bacf-224d824cbf68; _ga_7V60YW2S5H=GS1.1.1714137601.1.0.1714137601.60.0.0; _ga=GA1.1.1321333404.1714137601
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:05 GMT
content-type: application/json
content-encoding: gzip
traceparent: 00-a2275180840b2ff74384e4cbc70c29dd-cf1348ea4a053a24-01
vary: Accept-Encoding
x-dt: 285
x-request-guid: 753d5167c5e02d535e21fe7a3ace1e12
x-time-ng: 0.033
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=63.132, wf-uht;dur=0.079
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/slot-ten-deposit-slider.webp | 185.244.209.62 | | 29 kB |
URL v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/slot-ten-deposit-slider.webp IP185.244.209.62:0 ASN#199524 G-Core Labs S.A.
CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 945x370, Scaling: [none]x[none], YUV color, decoders should clamp Hash69e08eb4707e2b55f7a4b0d61b671acd ec908bf196e04dc6300a6eafe0a7f8154eaf134f a35c75862eabf6ecb98f298f765eedaa830e221cea1b1a3e2b1c5bc55dc9ef67
GET /genfiles/cms/1-285/desktop/bonus/rules/slot-ten-deposit-slider.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:19 GMT
content-type: application/octet-stream
content-length: 29294
last-modified: Tue, 11 Apr 2023 17:52:48 GMT
etag: "69e08eb4707e2b55f7a4b0d61b671acd"
x-time-ng: 0.002
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-06949bbca91098ff9eaeac1c4c04995e-052d13d5a201a32b-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-03-11T07:36:41+00:00, 2024-04-26T12:31:54+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| widget.suphelper.top/injector.js | 104.18.39.72 | 200 OK | 208 kB |
URL GET HTTP/2widget.suphelper.top/injector.js IP104.18.39.72:443
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerGoogle Trust Services LLC Subjectsuphelper.top Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36 ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT
Size208 kB (208506 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /injector.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 13:19:57 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=14400
last-modified: Wed, 24 Apr 2024 22:20:24 GMT
etag: W/"32e7a-18f123218ef"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
expires: Fri, 26 Apr 2024 17:19:57 GMT
server: cloudflare
cf-ray: 87a6de115b951bfa-OSL
X-Firefox-Spdy: h2
|
|
| 1xlite-660473.top/promo-frame/en/promotion/wheel-bet | 178.253.29.47 | 200 OK | 4.7 kB |
URL GET HTTP/21xlite-660473.top/promo-frame/en/promotion/wheel-bet IP178.253.29.47:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerLet's Encrypt Subject1xlite-660473.top FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT
File typeHTML document, ASCII text, with very long lines (4846), with no line terminators Hash3f02c3b32d9bcf48624297a6300e54fa 9aa3b0cc6bffa619f34b81a0d87c32a75b776252 6ed555bcbee183e68bfb8ddbee6f19581f16336350742fdd74ab4ad5364b4c54
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /promo-frame/en/promotion/wheel-bet HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions/wheel-bet
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22LGTNTzSTpCRrxnGhkthx77%22%2C%22LGTNTzSTpCRrxnGhkthx77%22%5D%2C%22site_id%22%3A%22fe627071%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dL2YrqfphP8hOAwd8Ag==; SESSION=997daf28e246f35f35cb31ed95423e4f; window_width=1280; che_g=4045b7df-70e6-5400-0d3c-1295ada68e8d; application_locale=en; sh.session.id=e6d0cf13-9326-4e99-bacf-224d824cbf68
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:19:58 GMT
content-type: text/html; charset=utf-8
accept-ranges: none
content-encoding: gzip
etag: "124c-IsF9Qaxk++K5KlenjW10DEBwU5A"
server-timing: total;dur=1;desc="Nuxt Server Time", dt_total;dur=3.285, dt_total;dur=5.510, wf-uht;dur=0.021
traceparent: 00-5a7f0281d0b9c8a23649c8ac0e7d9302-eed8280eac000b7d-01, 00-5a7f0281d0b9c8a23649c8ac0e7d9302-eed8280eac000b7d-01
vary: Accept-Encoding
x-dt: 285, 285
x-time-ng: 0.003, 0.005
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/bonus-cms/zefs6LIEfbtUI44nkGmWQKOz9Mf44P65/315x250.jpg | 0.0.0.0 | | 0 B |
URL GET v3.traincdn.com/genfiles/bonus-cms/zefs6LIEfbtUI44nkGmWQKOz9Mf44P65/315x250.jpg IP0.0.0.0:0
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /genfiles/bonus-cms/zefs6LIEfbtUI44nkGmWQKOz9Mf44P65/315x250.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/become-legend.jpg | 185.244.209.62 | 200 OK | 0 B |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/become-legend.jpg IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /genfiles/cms/1-285/desktop/bonus/rules/become-legend.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:03 GMT
content-type: image/jpeg
content-length: 89964
last-modified: Fri, 01 Mar 2024 08:28:39 GMT
etag: "e0c1361334cb5a6aa3754a26333118d5"
x-time-ng: 0.001
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2024-04-15T20:49:53+00:00
traceparent: 00-c9f9370252f39281a72fb5fcd2c3df6c-2464d42fffdef7c1-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/esportsera.jpg | 0.0.0.0 | | 0 B |
URL GET v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/esportsera.jpg IP0.0.0.0:0
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /genfiles/cms/1-285/desktop/bonus/rules/esportsera.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/multiply2.jpg | 0.0.0.0 | | 0 B |
URL GET v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/multiply2.jpg IP0.0.0.0:0
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /genfiles/cms/1-285/desktop/bonus/rules/multiply2.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/blaugrana-crew.webp | 185.244.209.62 | 200 OK | 16 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/blaugrana-crew.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 315x250, Scaling: [none]x[none], YUV color, decoders should clamp Hash8842d3a0770dc1fa54e2eb4283de9291 5ddc91173e4cf4609f607bac9936a845ffe727f1 15abd87aa7b3db6da681f7912a472c23de1a259e889738db3b1df24c4d2707a3
GET /genfiles/cms/1-285/desktop/bonus/rules/blaugrana-crew.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:03 GMT
content-type: image/webp
content-length: 16192
last-modified: Mon, 02 Oct 2023 07:53:39 GMT
etag: "8842d3a0770dc1fa54e2eb4283de9291"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-9e59c2022ac265b11acf63c796ff7e32-031d7492e337d8ea-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T09:03:14+00:00, 2024-04-26T12:31:38+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/7c43e6fa10d0665cf556d13ff2a1906d.svg | 185.244.209.62 | 200 OK | 1.2 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/7c43e6fa10d0665cf556d13ff2a1906d.svg IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeSVG Scalable Vector Graphics image Hasha436db0af736498349f0127d8e7fab1e b07e2c449cf16ddb052ce40d881db13a0c890b9b 93261a519c1cea62e2c934496d5e0cbd1cbc8f65b4961811316e55d9e7c96ede
GET /genfiles/cms/1-285/desktop/media_asset/7c43e6fa10d0665cf556d13ff2a1906d.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:19:55 GMT
content-type: image/svg+xml
last-modified: Tue, 02 May 2023 10:06:49 GMT
etag: W/"7cca3986f7a5c4c164144ff11df71073"
content-encoding: gzip
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-a1f54a233630ef88c1bfa0a8ba01756e-6d7f7f84d3941cd5-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-01-11T08:32:05+00:00, 2024-04-26T12:47:31+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/tv-bet-jackpot.jpg | 0.0.0.0 | | 0 B |
URL GET v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/tv-bet-jackpot.jpg IP0.0.0.0:0
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /genfiles/cms/1-285/desktop/bonus/rules/tv-bet-jackpot.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/toto-free.jpg | 0.0.0.0 | | 0 B |
URL GET v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/toto-free.jpg IP0.0.0.0:0
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /genfiles/cms/1-285/desktop/bonus/rules/toto-free.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/birthday.jpg | 185.244.209.62 | 200 OK | 0 B |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/birthday.jpg IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /genfiles/cms/1-285/desktop/bonus/rules/birthday.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:03 GMT
content-type: image/jpeg
content-length: 85446
last-modified: Tue, 11 Apr 2023 17:52:19 GMT
etag: "43ca5ca2506dc3fdb17620c8b10fff63"
x-time-ng: 0.003
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2024-04-15T20:42:36+00:00
traceparent: 00-0c2c113fe9145143c8e57899beb1c43e-bea58468643612ff-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| widget.suphelper.top/_next/static/chunks/81.9c6562bba5669b47.js | 104.18.39.72 | 200 OK | 37 kB |
URL GET HTTP/2widget.suphelper.top/_next/static/chunks/81.9c6562bba5669b47.js IP104.18.39.72:443
Requested byhttps://widget.suphelper.top/ CertificateIssuerGoogle Trust Services LLC Subjectsuphelper.top Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36 ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT
File typeJavaScript source, ASCII text, with very long lines (36674), with no line terminators Hash6782c8abf3d14391f6ed5c805a973cf5 a08b255c0084e14d74199f5af64522ffaba14486 88331f3bf38157ecb0e64f22c08a582384dc74c8bae09d9f78b9eab5fe82cfa3
GET /_next/static/chunks/81.9c6562bba5669b47.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 13:19:58 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://file-hosting-api-stage.kube.prod.cons.lan https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 09 Nov 2023 06:03:45 GMT
etag: W/"8f42-18bb2adf0eb"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 13510340
expires: Sat, 26 Apr 2025 13:19:58 GMT
server: cloudflare
cf-ray: 87a6de188bff1bfa-OSL
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/slot-first-deposit.webp | 185.244.209.62 | 200 OK | 9.5 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/slot-first-deposit.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 315x250, Scaling: [none]x[none], YUV color, decoders should clamp Hashe74e38a96e2b86b49bce5a4ecdb2e456 8ed3fce32fa8d91d39bd0bb642e3c45516d8a9eb f7ca5371dc68183854f2893aa3d99bba1e080f3b2d6146a99e7561f9b79dbe87
GET /genfiles/cms/1-285/desktop/bonus/rules/slot-first-deposit.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:03 GMT
content-type: image/webp
content-length: 9528
last-modified: Fri, 12 May 2023 09:54:31 GMT
etag: "e74e38a96e2b86b49bce5a4ecdb2e456"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-ce366859fc78e50674aec6944118e117-9a4af367f56f75bf-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T09:36:29+00:00, 2024-04-26T12:31:38+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-icons/1.0.328/285/logos.svg | 185.244.209.62 | 200 OK | 43 kB |
URL GET HTTP/2v3.traincdn.com/sys-icons/1.0.328/285/logos.svg IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeSVG Scalable Vector Graphics image Hashc45fb3adb3e47bdbd03c88fc4c4309aa 9ce991739a2879970ba12baf56108c8fcdefefb1 61d5aead50750c6e8a7bfde801abbf6f4ab75e387fdcc748ec6784e219e4d727
GET /sys-icons/1.0.328/285/logos.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:19:57 GMT
content-type: image/svg+xml
last-modified: Mon, 15 Apr 2024 07:13:32 GMT
etag: W/"c45fb3adb3e47bdbd03c88fc4c4309aa"
x-amz-meta-mtime: 1713165210.217888091
content-encoding: gzip
expires: Tue, 23 Apr 2024 10:38:05 GMT
cache-control: max-age=86400
x-time-ng: 0.003
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-db78e15e0a2df57fb01dff5afe3bcc14-c7b003da467b4f1f-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-22T10:38:05+00:00, 2024-04-26T11:24:46+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/express.jpg | 0.0.0.0 | | 0 B |
URL GET v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/express.jpg IP0.0.0.0:0
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /genfiles/cms/1-285/desktop/bonus/rules/express.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/formula-one-game.jpg | 0.0.0.0 | | 0 B |
URL GET v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/formula-one-game.jpg IP0.0.0.0:0
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /genfiles/cms/1-285/desktop/bonus/rules/formula-one-game.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/top-bins.jpg | 0.0.0.0 | | 0 B |
URL GET v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/top-bins.jpg IP0.0.0.0:0
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /genfiles/cms/1-285/desktop/bonus/rules/top-bins.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|
|
| widget.suphelper.top/_next/static/chunks/663-81a4add2f1c95639.js | 104.18.39.72 | 200 OK | 373 kB |
URL GET HTTP/2widget.suphelper.top/_next/static/chunks/663-81a4add2f1c95639.js IP104.18.39.72:443
Requested byhttps://widget.suphelper.top/ CertificateIssuerGoogle Trust Services LLC Subjectsuphelper.top Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36 ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size373 kB (372954 bytes) Hash36e4e2c2a2498b008514f1f0250c8018 cfa53d1c8533fb5941d9ff4f1e45e8c831658693 42cd70d177e33b23f4982b671f4bb7f03a966053874a320af3f3ea7b7b7ca1f0
GET /_next/static/chunks/663-81a4add2f1c95639.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 13:19:58 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 28 Mar 2024 06:56:31 GMT
etag: W/"5b0da-18e83d890e3"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 2524692
expires: Sat, 26 Apr 2025 13:19:58 GMT
server: cloudflare
cf-ray: 87a6de14a8141bfa-OSL
X-Firefox-Spdy: h2
|
|
| 1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/e781b67ba2558128946fd2f9d870ffcb.json | 178.253.29.47 | 200 OK | 12 kB |
URL GET HTTP/21xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/e781b67ba2558128946fd2f9d870ffcb.json IP178.253.29.47:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerLet's Encrypt Subject1xlite-660473.top FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT
Hash9e5da15e44d6b6bab0cfc7c07ba9495d 4a67254b45112089d0833028de0c9c81acb930a3 0d51ae7eaa1511001f9b8b562a49d1b55d177a655f26035364485f02d5384af9
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/e781b67ba2558128946fd2f9d870ffcb.json HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/bonus/rules
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22LGTNTzSTpCRrxnGhkthx77%22%2C%22LGTNTzSTpCRrxnGhkthx77%22%5D%2C%22site_id%22%3A%22fe627071%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dL2YrqfphP8hOAwd8Ag==; SESSION=997daf28e246f35f35cb31ed95423e4f; window_width=0; che_g=4045b7df-70e6-5400-0d3c-1295ada68e8d; application_locale=en; sh.session.id=e6d0cf13-9326-4e99-bacf-224d824cbf68; _ga_7V60YW2S5H=GS1.1.1714137601.1.0.1714137601.60.0.0; _ga=GA1.1.1321333404.1714137601
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:02 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Sat, 20 Apr 2024 09:17:16 GMT
etag: W/"9e5da15e44d6b6bab0cfc7c07ba9495d"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.018
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/loss20.jpg | 0.0.0.0 | | 0 B |
URL GET v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/loss20.jpg IP0.0.0.0:0
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /genfiles/cms/1-285/desktop/bonus/rules/loss20.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/express-fight.jpg | 185.244.209.62 | 200 OK | 0 B |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/express-fight.jpg IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /genfiles/cms/1-285/desktop/bonus/rules/express-fight.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:03 GMT
content-type: image/jpg
content-length: 55623
last-modified: Tue, 11 Apr 2023 17:52:27 GMT
etag: "ca1c743728dbf7fa04daf902690f42ef"
x-time-ng: 0.002
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
x-cached-since: 2024-04-15T20:42:36+00:00
traceparent: 00-772eef964ba1be73bbe70e9a842737f6-0fbd3581db694f4c-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/e146d07dba2ed6087cb9b401ce8b1b43.json | 178.253.29.47 | 200 OK | 1.1 kB |
URL GET HTTP/21xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/e146d07dba2ed6087cb9b401ce8b1b43.json IP178.253.29.47:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerLet's Encrypt Subject1xlite-660473.top FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT
File typeASCII text, with very long lines (1205), with no line terminators Hash7e57210fe3f01fd6a726a5ef7750785f 3466d373b62cd3e1c975ca7556e9ed8139f78360 b984b21e94d34c282acae49e1fd192038dd5a8cf2b1ae214fd4ac7ba86ee7048
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/e146d07dba2ed6087cb9b401ce8b1b43.json HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2Fwheel-bet
content-type: application/json
x-requested-with: XMLHttpRequest
is-srv: false
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22LGTNTzSTpCRrxnGhkthx77%22%2C%22LGTNTzSTpCRrxnGhkthx77%22%5D%2C%22site_id%22%3A%22fe627071%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dL2YrqfphP8hOAwd8Ag==; SESSION=997daf28e246f35f35cb31ed95423e4f; window_width=0; che_g=4045b7df-70e6-5400-0d3c-1295ada68e8d; application_locale=en; sh.session.id=e6d0cf13-9326-4e99-bacf-224d824cbf68; _ga_7V60YW2S5H=GS1.1.1714137601.1.0.1714137601.60.0.0; _ga=GA1.1.1321333404.1714137601
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:02 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Fri, 02 Feb 2024 08:33:56 GMT
etag: W/"338264fc869e8f0b86b0d6c9d92102b0"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.015
X-Firefox-Spdy: h2
|
|
| widget.suphelper.top/_next/static/chunks/7413e8b9-8adee4b5b5407a55.js | 104.18.39.72 | 200 OK | 78 kB |
URL GET HTTP/2widget.suphelper.top/_next/static/chunks/7413e8b9-8adee4b5b5407a55.js IP104.18.39.72:443
Requested byhttps://widget.suphelper.top/ CertificateIssuerGoogle Trust Services LLC Subjectsuphelper.top Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36 ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hashdc6852529f28802d37affa5953d07260 4edd220fe8df4b009a1775ebe57f19d40999659f 4aefb18221e4fb46818b0f52302b7c7717e45701e26990726cce645d8c80ed84
GET /_next/static/chunks/7413e8b9-8adee4b5b5407a55.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 13:19:58 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Wed, 17 Jan 2024 06:19:55 GMT
etag: W/"12fe9-18d161388b8"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 8665001
expires: Sat, 26 Apr 2025 13:19:58 GMT
server: cloudflare
cf-ray: 87a6de14980e1bfa-OSL
X-Firefox-Spdy: h2
|
|
| 1xlite-660473.top/web-api/bonus | 178.253.29.47 | 200 OK | 67 kB |
URL GET HTTP/21xlite-660473.top/web-api/bonus IP178.253.29.47:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerLet's Encrypt Subject1xlite-660473.top FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /web-api/bonus HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/bonus/rules
content-type: application/json
x-requested-with: XMLHttpRequest
is-srv: false
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22LGTNTzSTpCRrxnGhkthx77%22%2C%22LGTNTzSTpCRrxnGhkthx77%22%5D%2C%22site_id%22%3A%22fe627071%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dL2YrqfphP8hOAwd8Ag==; SESSION=997daf28e246f35f35cb31ed95423e4f; window_width=0; che_g=4045b7df-70e6-5400-0d3c-1295ada68e8d; application_locale=en; sh.session.id=e6d0cf13-9326-4e99-bacf-224d824cbf68; _ga_7V60YW2S5H=GS1.1.1714137601.1.0.1714137601.60.0.0; _ga=GA1.1.1321333404.1714137601
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:03 GMT
content-type: application/vnd.api+json
vary: Accept-Encoding
cache-control: no-cache, private
server-timing: p;dur=189, dt_total;dur=191.643, wf-uht;dur=0.211
traceparent: 00-59eee82851e89dbf70bc0d9579d8b257-42c9eb8e2269bbc0-01
x-dt: 285
x-time-ng: 0.191
content-encoding: br
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/bonus-cms/-F4AhdYV5GYOYbffoLsZVIKLXOg1ysIL/candyworks.png | 185.244.209.62 | 200 OK | 0 B |
URL GET HTTP/2v3.traincdn.com/genfiles/bonus-cms/-F4AhdYV5GYOYbffoLsZVIKLXOg1ysIL/candyworks.png IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /genfiles/bonus-cms/-F4AhdYV5GYOYbffoLsZVIKLXOg1ysIL/candyworks.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:03 GMT
content-type: image/png
content-length: 175925
last-modified: Tue, 28 Nov 2023 14:15:18 GMT
etag: "084a3ec73888c560ca7b67cd1ff9fb25"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-b6bcbabdb539f036a8f526ed2e4c3b1d-f3012f38a29c9ad3-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-22T12:05:36+00:00, 2024-04-26T13:06:02+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet | 178.253.29.47 | 200 OK | 803 kB |
URL User Request GET HTTP/21xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet IP178.253.29.47:443 ASN#202492 Silverhill Group Holding Ltd
CertificateIssuerLet's Encrypt Subject1xlite-660473.top FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT
Size803 kB (803122 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:19:54 GMT
content-type: text/html; charset=utf-8
content-encoding: br
server-timing: total;dur=1074;desc="Nuxt Server Time", dt_total;dur=1076.643, wf-uht;dur=1.110
set-cookie: lng=en; Path=/
cookies_agree_type=3; Path=/
tzo=2; Path=/
is12h=0; Path=/
referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; Path=/; Expires=Tue, 25 Jun 2024 13:19:53 GMT
reflinkid=d_2757227m_18607c_; Path=/; Expires=Fri, 26 Apr 2024 14:19:53 GMT
postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22LGTNTzSTpCRrxnGhkthx77%22%2C%22LGTNTzSTpCRrxnGhkthx77%22%5D%2C%22site_id%22%3A%22fe627071%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; Path=/; Expires=Sun, 26 May 2024 13:19:53 GMT
platform_type=desktop; Path=/; Expires=Mon, 29 Apr 2024 13:19:54 GMT; Secure; SameSite=None; Partitioned
auid=sv0dL2YrqfphP8hOAwd8Ag==; path=/; secure; httponly; samesite=lax
traceparent: 00-2eb95d5f8f6d7ca1bb304b70ea73f60e-609171500ae9c9a7-01
vary: Accept-Encoding
x-dt: 285
x-frame-options: SAMEORIGIN
x-time-ng: 1.075
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2
|
|
| widget.suphelper.top/_next/static/724286ac/_ssgManifest.js | 104.18.39.72 | 200 OK | 77 B |
URL GET HTTP/2widget.suphelper.top/_next/static/724286ac/_ssgManifest.js IP104.18.39.72:443
Requested byhttps://widget.suphelper.top/ CertificateIssuerGoogle Trust Services LLC Subjectsuphelper.top Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36 ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT
File typeASCII text, with no line terminators Hashb6652df95db52feb4daf4eca35380933 65451d110137761b318c82d9071c042db80c4036 6f5b4aa00d2f8d6aed9935b471806bf7acef464d0c1d390260e5fe27f800c67e
GET /_next/static/724286ac/_ssgManifest.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 13:19:58 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Wed, 24 Apr 2024 22:20:24 GMT
etag: W/"4d-18f12321a93"
vary: Accept-Encoding
cf-cache-status: HIT
age: 111728
expires: Sat, 26 Apr 2025 13:19:58 GMT
server: cloudflare
cf-ray: 87a6de14c8361bfa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/lucky-friday.jpg | 0.0.0.0 | | 0 B |
URL GET v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/lucky-friday.jpg IP0.0.0.0:0
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /genfiles/cms/1-285/desktop/bonus/rules/lucky-friday.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|
|
| v3.traincdn.com/genfiles/bonus-cms/ie7Y_ckIGzliiirADc5IH2JBA_dlC7eU/315x250.webp | 185.244.209.62 | 200 OK | 30 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/bonus-cms/ie7Y_ckIGzliiirADc5IH2JBA_dlC7eU/315x250.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 315x250, Scaling: [none]x[none], YUV color, decoders should clamp Hash905dd1d3172673fc22a835b1cf858948 61c67b62dfcbacb5bd6698d0c2bb154cf7405615 36db7919d6f4f2770823e140becedb8d983a4b0ce1048e0c12cd2557bf668e8c
GET /genfiles/bonus-cms/ie7Y_ckIGzliiirADc5IH2JBA_dlC7eU/315x250.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:03 GMT
content-type: image/webp
content-length: 29872
last-modified: Fri, 12 Apr 2024 12:30:49 GMT
etag: "905dd1d3172673fc22a835b1cf858948"
x-time-ng: 0.003
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-2495cc4df33539fa5c81351b3c011335-5ac755d30582ef91-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-23T15:01:22+00:00, 2024-04-26T12:49:50+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| widget.suphelper.top/services/widget/v2/most-required?projectId=5b61b42ffdf00b25dc78f342&credentials=%7B%22$type%22:%22GuestCredentials%22,%22id%22:%22e6d0cf13-9326-4e99-bacf-224d824cbf68%22%7D | 104.18.39.72 | 200 OK | 24 B |
URL GET HTTP/2widget.suphelper.top/services/widget/v2/most-required?projectId=5b61b42ffdf00b25dc78f342&credentials=%7B%22$type%22:%22GuestCredentials%22,%22id%22:%22e6d0cf13-9326-4e99-bacf-224d824cbf68%22%7D IP104.18.39.72:443
Requested byhttps://widget.suphelper.top/ CertificateIssuerGoogle Trust Services LLC Subjectsuphelper.top Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36 ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT
File typetroff or preprocessor input, ASCII text, with no line terminators Hashd6bacfff68d40ad2744454c2506cc0f9 85f1f094d174fd4d78bd382c7948b95e9db93215 cd0483a083f6c73e9cd006ee073b875188c49f4025f771ecbcb795d40ac980ed
GET /services/widget/v2/most-required?projectId=5b61b42ffdf00b25dc78f342&credentials=%7B%22$type%22:%22GuestCredentials%22,%22id%22:%22e6d0cf13-9326-4e99-bacf-224d824cbf68%22%7D HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 13:19:58 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 87a6de185be31bfa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-static/shared-assets/__shared_popper_js_MO5RLEN3.js | 185.244.209.62 | 200 OK | 21 kB |
URL GET HTTP/2v3.traincdn.com/sys-static/shared-assets/__shared_popper_js_MO5RLEN3.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (21232) Hash598d5481ac96b9bf8013b0eb1413b8e5 cc7e3384da379a215ac43b2385e901e22ceb6327 1488ecc35389c72a3aa26d468420069f6b719db456ea82605762311da663b65f
GET /sys-static/shared-assets/__shared_popper_js_MO5RLEN3.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:19:57 GMT
content-type: text/javascript; charset=utf-8
last-modified: Thu, 25 Apr 2024 14:15:00 GMT
etag: W/"598d5481ac96b9bf8013b0eb1413b8e5"
x-amz-meta-mtime: 1714054361.504148121
content-encoding: gzip
expires: Fri, 26 Apr 2024 15:31:27 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-de76511294cee5e8406bc282a1ff7505-26a68f35c0645b2d-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T15:31:27+00:00, 2024-04-26T12:27:26+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| widget.suphelper.top/_next/static/chunks/main-fa1d3b21fd97b583.js | 104.18.39.72 | 200 OK | 108 kB |
URL GET HTTP/2widget.suphelper.top/_next/static/chunks/main-fa1d3b21fd97b583.js IP104.18.39.72:443
Requested byhttps://widget.suphelper.top/ CertificateIssuerGoogle Trust Services LLC Subjectsuphelper.top Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36 ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size108 kB (107844 bytes) Hash83680ce862de40c43fc92e04b1ad0a3d 67eb6762545f4e1fee446794f4738d0f0577b6b4 e70f39978f08895aef6849daf891af65bff03e476eb9b1384dfb36cd4ac9fe75
GET /_next/static/chunks/main-fa1d3b21fd97b583.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 13:19:58 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://file-hosting-api-stage.kube.prod.cons.lan https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 09 Nov 2023 06:03:45 GMT
etag: W/"1a544-18bb2adf0eb"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 13421065
expires: Sat, 26 Apr 2025 13:19:58 GMT
server: cloudflare
cf-ray: 87a6de148fe71bfa-OSL
X-Firefox-Spdy: h2
|
|
| widget.suphelper.top/_next/static/chunks/pages/index-ed7cd77912c6e3a9.js | 104.18.39.72 | 200 OK | 107 kB |
URL GET HTTP/2widget.suphelper.top/_next/static/chunks/pages/index-ed7cd77912c6e3a9.js IP104.18.39.72:443
Requested byhttps://widget.suphelper.top/ CertificateIssuerGoogle Trust Services LLC Subjectsuphelper.top Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36 ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size107 kB (107186 bytes) Hashd0a7ecc59065580118a9ea8880c58962 21573546ac5011592094ef6aea0696ccdeb2164d e1b09efa81ca44cda394e366b64fbf2b3f0725eab9ad24782839cbb8f66842b5
GET /_next/static/chunks/pages/index-ed7cd77912c6e3a9.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 13:19:58 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Wed, 24 Apr 2024 22:20:24 GMT
etag: W/"1a2b2-18f12321a97"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 111737
expires: Sat, 26 Apr 2025 13:19:58 GMT
server: cloudflare
cf-ray: 87a6de14b8261bfa-OSL
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-static/shared-assets/__shared_sweetalert2_X3CQ7PJQ.js | 185.244.209.62 | 200 OK | 69 kB |
URL GET HTTP/2v3.traincdn.com/sys-static/shared-assets/__shared_sweetalert2_X3CQ7PJQ.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (32238) Hash138de5d55ee831195dd90bbf5c557926 4413082980942643803d8d4567df2f8395c0e868 55a6d9d38b0c68a21367ae7ae43333bfa61e2eddd38b2376eb5b192f0a0383cd
GET /sys-static/shared-assets/__shared_sweetalert2_X3CQ7PJQ.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:19:57 GMT
content-type: text/javascript; charset=utf-8
last-modified: Thu, 25 Apr 2024 14:15:00 GMT
etag: W/"138de5d55ee831195dd90bbf5c557926"
x-amz-meta-mtime: 1714054361.504148121
content-encoding: gzip
expires: Fri, 26 Apr 2024 15:18:02 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-dcbc316df75759312d4cc5ec743a15cd-32227e4cb6dd6f4a-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T15:18:02+00:00, 2024-04-25T15:52:17+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-static/shared-assets/__shared_accept_language_parser_QKZ6ULEV.js | 185.244.209.62 | 200 OK | 1.3 kB |
URL GET HTTP/2v3.traincdn.com/sys-static/shared-assets/__shared_accept_language_parser_QKZ6ULEV.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (1315), with no line terminators Hash59eb3a17023ed081e317722b7fabcddc 5e0908391af13d117ecdd61ef7406f3eb9b0e792 df460865a4a9ae1d3c260be0dd7a8a7eef1bc4a0839fdd09fe22165e3754ba71
GET /sys-static/shared-assets/__shared_accept_language_parser_QKZ6ULEV.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:19:57 GMT
content-type: text/javascript; charset=utf-8
last-modified: Thu, 25 Apr 2024 13:43:42 GMT
etag: W/"518e0ae196483ada8b528a1f2b7df0a1"
x-amz-meta-mtime: 1714052428.630038208
content-encoding: gzip
expires: Fri, 26 Apr 2024 15:18:00 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc89
traceparent: 00-1c300484fcbfe2f670908b5299d40874-2c2555322b68dce5-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T15:18:00+00:00, 2024-04-25T15:47:48+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-static/sys-promotions-and-bonuses-static/Desktop/Default/44136fa355b3/entry-3f9b3d70.js | 185.244.209.62 | 200 OK | 888 kB |
URL GET HTTP/2v3.traincdn.com/sys-static/sys-promotions-and-bonuses-static/Desktop/Default/44136fa355b3/entry-3f9b3d70.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
Size888 kB (888274 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sys-static/sys-promotions-and-bonuses-static/Desktop/Default/44136fa355b3/entry-3f9b3d70.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:19:57 GMT
content-type: text/javascript; charset=utf-8
last-modified: Thu, 25 Apr 2024 10:33:38 GMT
etag: W/"897e37b1f98a1ca906e0b8e249197123"
x-amz-meta-mtime: 1714041101.521667802
content-encoding: gzip
expires: Sat, 27 Apr 2024 09:00:19 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-fa5233296634701d7a9bbcb46132b77c-e77fda364275691b-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T09:00:19+00:00, 2024-04-26T09:48:32+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-icons/1.0.328/285/common.svg | 185.244.209.62 | 200 OK | 147 kB |
URL GET HTTP/2v3.traincdn.com/sys-icons/1.0.328/285/common.svg IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeSVG Scalable Vector Graphics image Size147 kB (146981 bytes) Hash7bf3e9e7d79beac942f5e7748a3af2e6 7c6896ef647506806f2cdbe998d8c9eb845a1754 663e2fc5004af9c6c1969fc5827d7ffdbfeec8d4753efd831208cb179f0a488f
GET /sys-icons/1.0.328/285/common.svg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:19:57 GMT
content-type: image/svg+xml
last-modified: Mon, 15 Apr 2024 07:13:32 GMT
etag: W/"7bf3e9e7d79beac942f5e7748a3af2e6"
x-amz-meta-mtime: 1713165210.217888091
content-encoding: gzip
expires: Tue, 23 Apr 2024 10:38:01 GMT
cache-control: max-age=86400
x-time-ng: 0.002
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-1bda6a53b32ac47f1b52681ef506114b-b3d56d9d600dc607-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-22T10:38:01+00:00, 2024-04-26T11:22:53+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/promo-store.jpg | 185.244.209.62 | 200 OK | 49 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/promo-store.jpg IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 315x250, components 3 Hash1c2fbcd07b32b9cb53fce335a61c25b3 49a90889c78c1a98157fa4f37784ed68c0923bfb 2537e87525f9f356342c592f4ed11dc54833c992f615cf0d7c4f56055908f7b0
GET /genfiles/cms/1-285/desktop/bonus/rules/promo-store.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:03 GMT
content-type: image/jpeg
content-length: 49253
last-modified: Tue, 16 May 2023 09:09:12 GMT
etag: "1c2fbcd07b32b9cb53fce335a61c25b3"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-f8f67426cda88c8a30bc646c6011f941-fa87bb4c2d35de66-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2023-12-18T09:07:45+00:00, 2024-04-26T12:58:36+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-660473.top/web-api/api/web/v1/config/actualDomain | 178.253.29.47 | 200 OK | 269 B |
URL GET HTTP/21xlite-660473.top/web-api/api/web/v1/config/actualDomain IP178.253.29.47:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerLet's Encrypt Subject1xlite-660473.top FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT
File typeASCII text, with very long lines (309), with no line terminators Hash6469b5c07a262f60f11e004ac72262b1 978ec0042baae49cb3bc8a7882055ec9a053e522 459c4cead3579c67475b231f8d8e21e599e27ecf8108d8ba29dd10a558b43f53
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /web-api/api/web/v1/config/actualDomain HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22LGTNTzSTpCRrxnGhkthx77%22%2C%22LGTNTzSTpCRrxnGhkthx77%22%5D%2C%22site_id%22%3A%22fe627071%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dL2YrqfphP8hOAwd8Ag==
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:19:56 GMT
content-type: application/vnd.api+json
vary: Accept-Encoding
cache-control: no-cache, private
server-timing: p;dur=45, dt_total;dur=69.013, wf-uht;dur=0.087
set-cookie: SESSION=997daf28e246f35f35cb31ed95423e4f; path=/; secure; HttpOnly; SameSite=Lax
ua=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
traceparent: 00-e8d7b9e1358f8965a8b1261abb355eef-8f0b24a7aabaa5d0-01
x-dt: 285
x-time-ng: 0.060
content-encoding: br
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/hyper-bonus.jpg | 0.0.0.0 | | 0 B |
URL GET v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/hyper-bonus.jpg IP0.0.0.0:0
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /genfiles/cms/1-285/desktop/bonus/rules/hyper-bonus.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|
|
| widget.suphelper.top/_next/static/chunks/webpack-fb94d2f19425a3e3.js | 104.18.39.72 | 200 OK | 3.8 kB |
URL GET HTTP/2widget.suphelper.top/_next/static/chunks/webpack-fb94d2f19425a3e3.js IP104.18.39.72:443
Requested byhttps://widget.suphelper.top/ CertificateIssuerGoogle Trust Services LLC Subjectsuphelper.top Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36 ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT
File typeJavaScript source, ASCII text, with very long lines (3855), with no line terminators Hash7288e202ab8e4cf1b7f60eed709e0986 c10effeb29bf129a7c81688b9f3a7d5485272e87 56e695b4675b50d55a92f006109771a67da822050f5ae03fd2ad02c1a9565b58
GET /_next/static/chunks/webpack-fb94d2f19425a3e3.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 13:19:58 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://file-hosting-api-stage.kube.prod.cons.lan https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Thu, 09 Nov 2023 06:03:45 GMT
etag: W/"ed0-18bb2adf0eb"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 13512187
expires: Sat, 26 Apr 2025 13:19:58 GMT
server: cloudflare
cf-ray: 87a6de147fdc1bfa-OSL
X-Firefox-Spdy: h2
|
|
| widget.suphelper.top/_next/static/chunks/1743016e-d00d67a74426f155.js | 104.18.39.72 | 200 OK | 481 kB |
URL GET HTTP/2widget.suphelper.top/_next/static/chunks/1743016e-d00d67a74426f155.js IP104.18.39.72:443
Requested byhttps://widget.suphelper.top/ CertificateIssuerGoogle Trust Services LLC Subjectsuphelper.top Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36 ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size481 kB (480579 bytes) Hash46260bb46d51262abee818c0c3bcf1c6 fe3be222aec74704fad1fa2559788b1fa287094a 20700e65659e04d422580d9c792ba811b7b76de4ec1b3163c284af83bd5a7d6c
GET /_next/static/chunks/1743016e-d00d67a74426f155.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 13:19:58 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Wed, 17 Jan 2024 06:19:55 GMT
etag: W/"75543-18d161388b8"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 8662546
expires: Sat, 26 Apr 2025 13:19:58 GMT
server: cloudflare
cf-ray: 87a6de14980b1bfa-OSL
X-Firefox-Spdy: h2
|
|
| widget.suphelper.top/sounds/new-message.mp3 | 104.18.39.72 | 200 OK | 30 kB |
URL GET HTTP/2widget.suphelper.top/sounds/new-message.mp3 IP104.18.39.72:443
Requested byhttps://widget.suphelper.top/ CertificateIssuerGoogle Trust Services LLC Subjectsuphelper.top Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36 ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT
File typeMPEG ADTS, layer III, v1, 192 kbps, 48 kHz, JntStereo Hashef9af24dc7dbd24ffd99c832e1300351 f78744a5013038446c468de14f205f2d52373fd6 5049d7fe87a7327a291441181d1a328a15f46a21081b970502c540406011c9b9
GET /sounds/new-message.mp3 HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 13:19:58 GMT
content-type: audio/mpeg
content-length: 29952
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=14400
last-modified: Wed, 24 Apr 2024 22:20:24 GMT
etag: W/"7500-18f123218ff"
cf-cache-status: HIT
age: 1260
expires: Fri, 26 Apr 2024 17:19:58 GMT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a6de199d381bfa-OSL
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/1st/1-137-slider.jpg | 0.0.0.0 | | 0 B |
URL GET v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/1st/1-137-slider.jpg IP0.0.0.0:0
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /genfiles/cms/1-285/desktop/bonus/rules/1st/1-137-slider.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|
|
| 1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/6cedaf252b67d0dbabeecb596db64871.json | 178.253.29.47 | 200 OK | 1.2 kB |
URL GET HTTP/21xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/6cedaf252b67d0dbabeecb596db64871.json IP178.253.29.47:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerLet's Encrypt Subject1xlite-660473.top FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT
File typeASCII text, with very long lines (1281), with no line terminators Hash7be45652bf30217348c87ec0f0522b0e 9fdb77e688cf5d31dd84502e8f38300d256c6c63 89ab2a1255ed8e83e75dd805a5326393a74bc8f067dbc287208f222ad73c1b98
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/6cedaf252b67d0dbabeecb596db64871.json HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2Fwheel-bet
content-type: application/json
x-requested-with: XMLHttpRequest
is-srv: false
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22LGTNTzSTpCRrxnGhkthx77%22%2C%22LGTNTzSTpCRrxnGhkthx77%22%5D%2C%22site_id%22%3A%22fe627071%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dL2YrqfphP8hOAwd8Ag==; SESSION=997daf28e246f35f35cb31ed95423e4f; window_width=0; che_g=4045b7df-70e6-5400-0d3c-1295ada68e8d; application_locale=en; sh.session.id=e6d0cf13-9326-4e99-bacf-224d824cbf68; _ga_7V60YW2S5H=GS1.1.1714137601.1.0.1714137601.60.0.0; _ga=GA1.1.1321333404.1714137601
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:02 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Fri, 02 Feb 2024 08:24:16 GMT
etag: W/"b26a415353b83bc6b08c1cdab5caee2f"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.016
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/beatus.jpg | 0.0.0.0 | | 0 B |
URL GET v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/beatus.jpg IP0.0.0.0:0
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /genfiles/cms/1-285/desktop/bonus/rules/beatus.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/bets-by-telegram.jpg | 185.244.209.62 | 200 OK | 57 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/bets-by-telegram.jpg IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 315x250, components 3 Hashb36c33ea87fb7182f2f9421abfb72690 580f23b173130d4a62bca8cd1407aec579a53604 3f605506d69c625bc8ea7b0be5ed54a0fa25553c8483d04a9758cbde1ed7c9f4
GET /genfiles/cms/1-285/desktop/bonus/rules/bets-by-telegram.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:03 GMT
content-type: image/jpeg
content-length: 57016
last-modified: Mon, 15 May 2023 10:48:49 GMT
etag: "b36c33ea87fb7182f2f9421abfb72690"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2023-12-18T09:07:45+00:00
traceparent: 00-2870755b5f19f1528e89e21aaab534d1-fee4c4915397484c-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| widget.suphelper.top/_next/static/724286ac/_buildManifest.js | 104.18.39.72 | 200 OK | 519 B |
URL GET HTTP/2widget.suphelper.top/_next/static/724286ac/_buildManifest.js IP104.18.39.72:443
Requested byhttps://widget.suphelper.top/ CertificateIssuerGoogle Trust Services LLC Subjectsuphelper.top Fingerprint41:D3:A3:3C:61:71:CC:56:60:F0:BE:CD:81:3B:5D:26:23:49:8D:36 ValidityTue, 26 Mar 2024 09:53:55 GMT - Mon, 24 Jun 2024 09:53:54 GMT
File typeASCII text, with very long lines (547), with no line terminators Hash063abc9f05b28326f5878dcd728ca1f7 321099ea5d4fa6792974fd44503ffb3e75e5c5b0 73109b74c039aec5fc1e3f4e3c2e15585b1ba094f3e8291b0cd67f51b4b830c4
GET /_next/static/724286ac/_buildManifest.js HTTP/1.1
Host: widget.suphelper.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 13:19:58 GMT
content-type: application/javascript; charset=UTF-8
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';img-src 'self' data: blob: https://cons-suph.com/file-hosting https://cons-suph.com/file-hosting/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ 'report-sample' https://www.gstatic.com/recaptcha/;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;connect-src 'self' wss: ws: https://cons-suph.com/file-hosting/ https://cdn.jsdelivr.net/npm/@emoji-mart/data@latest/i18n/
x-dns-prefetch-control: off
expect-ct: max-age=0
strict-transport-security: max-age=15724800; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
origin-agent-cluster: ?1
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-xss-protection: 0
cache-control: public, max-age=31536000
last-modified: Wed, 24 Apr 2024 22:20:24 GMT
etag: W/"207-18f12321a93"
vary: Accept-Encoding
cf-cache-status: HIT
age: 111737
expires: Sat, 26 Apr 2025 13:19:58 GMT
server: cloudflare
cf-ray: 87a6de14c8321bfa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-static/shared-assets/__shared_vue_deps_OVKZGHR6.js | 185.244.209.62 | 200 OK | 81 kB |
URL GET HTTP/2v3.traincdn.com/sys-static/shared-assets/__shared_vue_deps_OVKZGHR6.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sys-static/shared-assets/__shared_vue_deps_OVKZGHR6.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:19:57 GMT
content-type: text/javascript; charset=utf-8
last-modified: Fri, 26 Apr 2024 11:01:17 GMT
etag: W/"57cd6aae07f98533a066ff8ced38027a"
x-amz-meta-mtime: 1714129125.132949667
content-encoding: gzip
expires: Sat, 27 Apr 2024 12:41:56 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-ba627f62d9d320fbbf4e34f325cccbca-b6d2bd892ccb106f-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-26T12:41:56+00:00, 2024-04-26T12:44:31+00:00
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/bonus-cms/ie7Y_ckIGzliiirADc5IH2JBA_dlC7eU/315x250.jpg | 185.244.209.62 | 200 OK | 14 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/bonus-cms/ie7Y_ckIGzliiirADc5IH2JBA_dlC7eU/315x250.jpg IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), default quality", baseline, precision 8, 315x250, components 3 Hash1b537371544b421d93fecd7788ac461e 5f1a37846aadd99c3086bdfd63b2f5267b7aca6f aa51e52117c2a3313c1cb703b8b9f81a1d30cf287e4721bf29184bc17bb8aa0f
GET /genfiles/bonus-cms/ie7Y_ckIGzliiirADc5IH2JBA_dlC7eU/315x250.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:03 GMT
content-type: image/jpeg
content-length: 13813
last-modified: Fri, 12 Apr 2024 12:30:49 GMT
etag: "1b537371544b421d93fecd7788ac461e"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2024-04-23T15:01:29+00:00
traceparent: 00-ec3afa64112c13ecdd87fc1ccc59f8e0-84ebaef94730265e-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/dailytournament.jpg | 0.0.0.0 | | 0 B |
URL GET v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/dailytournament.jpg IP0.0.0.0:0
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /genfiles/cms/1-285/desktop/bonus/rules/dailytournament.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|
|
| 1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/4e38cdf2b5d77aba4fb2630db5d13097.json | 178.253.29.47 | 200 OK | 14 kB |
URL GET HTTP/21xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/4e38cdf2b5d77aba4fb2630db5d13097.json IP178.253.29.47:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerLet's Encrypt Subject1xlite-660473.top FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT
Hash00016d59394dbec5ec0fb1cc7cc87f70 ac61517dc4d77edd46e06aa66dca8b47e21fc64a d8a350d41a5611bf32b7c03888b7bd9921eb2b016760c22d95fd5f6cb0c2e8ec
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/4e38cdf2b5d77aba4fb2630db5d13097.json HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2Fwheel-bet
content-type: application/json
x-requested-with: XMLHttpRequest
is-srv: false
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22LGTNTzSTpCRrxnGhkthx77%22%2C%22LGTNTzSTpCRrxnGhkthx77%22%5D%2C%22site_id%22%3A%22fe627071%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dL2YrqfphP8hOAwd8Ag==; SESSION=997daf28e246f35f35cb31ed95423e4f; window_width=0; che_g=4045b7df-70e6-5400-0d3c-1295ada68e8d; application_locale=en; sh.session.id=e6d0cf13-9326-4e99-bacf-224d824cbf68; _ga_7V60YW2S5H=GS1.1.1714137601.1.0.1714137601.60.0.0; _ga=GA1.1.1321333404.1714137601
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:02 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Mon, 25 Mar 2024 15:12:10 GMT
etag: W/"00016d59394dbec5ec0fb1cc7cc87f70"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.016
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-static/sys-promotions-and-bonuses-static/Desktop/Default/44136fa355b3/889e24a975d3.js | 185.244.209.62 | 200 OK | 504 B |
URL GET HTTP/2v3.traincdn.com/sys-static/sys-promotions-and-bonuses-static/Desktop/Default/44136fa355b3/889e24a975d3.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (537), with no line terminators Hash734f6fa0fc3510c2bc559dc76918223a 9f17682b426fc7e6bc42baace1f72215cd288d7b 7dd9dcc362d0251f3e959bd698128c76d0cbd9ee01aedf2cfa0e501906c89bbb
GET /sys-static/sys-promotions-and-bonuses-static/Desktop/Default/44136fa355b3/889e24a975d3.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:19:58 GMT
content-type: text/javascript; charset=utf-8
content-length: 504
last-modified: Thu, 25 Apr 2024 08:20:22 GMT
etag: "6744cad4f0f311b4501de403aaf5c21b"
x-amz-meta-mtime: 1714033068.851475738
expires: Fri, 26 Apr 2024 09:00:16 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-d5ac095138cdb6cc61f34b52529b4102-4f9307550bfaa6f9-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T09:00:16+00:00, 2024-04-25T16:22:13+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/champions-season.jpg | 0.0.0.0 | | 0 B |
URL GET v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/champions-season.jpg IP0.0.0.0:0
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /genfiles/cms/1-285/desktop/bonus/rules/champions-season.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/slot-ten-deposit.jpg | 185.244.209.62 | 200 OK | 44 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/slot-ten-deposit.jpg IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJPEG image data, progressive, precision 8, 315x250, components 3 Hashc37fcadea18df30563df3801edbc452e 79ad3ca2442918aa4c8c7647e4cda21081eaaef3 f5cd0b9aff7d896d296fbca52989ef5e15c3ec075d94a08fc5cda37367325858
GET /genfiles/cms/1-285/desktop/bonus/rules/slot-ten-deposit.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:03 GMT
content-type: image/jpg
content-length: 43559
last-modified: Tue, 11 Apr 2023 17:52:48 GMT
etag: "c37fcadea18df30563df3801edbc452e"
x-time-ng: 0.001
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2024-04-15T20:42:36+00:00
traceparent: 00-033081fb14b53c42c004b741993f9ce8-da3b0097eb740937-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/1st/1-137.webp | 185.244.209.62 | 404 Not Found | 0 B |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/1st/1-137.webp IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /genfiles/cms/1-285/desktop/bonus/rules/1st/1-137.webp HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 404 Not Found
server: nginx
date: Fri, 26 Apr 2024 13:20:03 GMT
content-type: text/html; charset=utf-8
content-length: 118
strict-transport-security: max-age=15724800; includeSubDomains
x-id-shield: am3-hw-edge-gc88
traceparent: 00-f23f3f5236aa8af520a6155676a75c96-ae32f0bad8a61533-01
x-id: osix-hw-edge-gc4
cache: MISS, MISS
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/bonus-cms/Jru2M7Onwk3E236hEq83sDUnan9VRt2a/super-prize-wheel.jpg | 185.244.209.62 | 200 OK | 0 B |
URL GET HTTP/2v3.traincdn.com/genfiles/bonus-cms/Jru2M7Onwk3E236hEq83sDUnan9VRt2a/super-prize-wheel.jpg IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /genfiles/bonus-cms/Jru2M7Onwk3E236hEq83sDUnan9VRt2a/super-prize-wheel.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:03 GMT
content-type: image/jpeg
content-length: 20230
last-modified: Mon, 26 Feb 2024 09:18:05 GMT
etag: "6306add15ba4c9bab8b7c4c149702317"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2024-04-15T20:42:36+00:00
traceparent: 00-a348c9993711c7aeca4cbe2b52184ff7-6a73f76e8a03d994-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/percentage.jpg | 0.0.0.0 | | 0 B |
URL GET v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/percentage.jpg IP0.0.0.0:0
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /genfiles/cms/1-285/desktop/bonus/rules/percentage.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|
|
| v3.traincdn.com/genfiles/bonus-cms/rlZ6zENhNy4DpXsJufiOH-vpS1bzc_oS/in-pursuit-of-scudetto.jpg | 185.244.209.62 | 200 OK | 86 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/bonus-cms/rlZ6zENhNy4DpXsJufiOH-vpS1bzc_oS/in-pursuit-of-scudetto.jpg IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeJPEG image data, progressive, precision 8, 315x250, components 3 Hash2fc396782794b1508750e909aadf6216 beb914d4e982077473be5d6e996434dbaadddf6d ecefb37623377491826db90088705488842250612c4001572085f0254304ea4c
GET /genfiles/bonus-cms/rlZ6zENhNy4DpXsJufiOH-vpS1bzc_oS/in-pursuit-of-scudetto.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:03 GMT
content-type: image/jpeg
content-length: 85971
last-modified: Wed, 10 Jan 2024 05:53:56 GMT
etag: "2fc396782794b1508750e909aadf6216"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
x-cached-since: 2024-01-16T11:31:06+00:00
traceparent: 00-faf15011ff0263dd336901bcd9e3132d-ea2a5617f3017590-01
x-id: osix-hw-edge-gc4
cache: HIT, REVALIDATED
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| 1xlite-660473.top/paysystems/information/systems?lang=en&ref_id=1&geo=NO | 178.253.29.47 | 200 OK | 27 kB |
URL GET HTTP/21xlite-660473.top/paysystems/information/systems?lang=en&ref_id=1&geo=NO IP178.253.29.47:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerLet's Encrypt Subject1xlite-660473.top FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT
Hash46681ccbd9d93693790a23387a399db0 1ec5b13eade247d5e30a8272abf23b1b7f26eb65 4d19acdd0cf32e05829574d13aa336bbe95d949669a455b0152c75feba6f3cb9
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /paysystems/information/systems?lang=en&ref_id=1&geo=NO HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2Fwheel-bet
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22LGTNTzSTpCRrxnGhkthx77%22%2C%22LGTNTzSTpCRrxnGhkthx77%22%5D%2C%22site_id%22%3A%22fe627071%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dL2YrqfphP8hOAwd8Ag==; SESSION=997daf28e246f35f35cb31ed95423e4f; window_width=1280
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:19:57 GMT
content-type: application/json
cache-control: max-age=0, must-revalidate, private
content-encoding: br
expires: Fri, 26 Apr 2024 13:19:57 GMT
set-cookie: application_locale=en; expires=Sun, 26-May-2024 13:19:57 GMT; Max-Age=2592000; path=/; secure; samesite=lax
traceparent: 00-1d2604ac86eb28bc9fd4931be793f720-b39faab14e8268e1-01
vary: Accept-Encoding
x-dt: 285
x-time-ng: 0.224, 0.236
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: dt_total;dur=236.931, wf-uht;dur=0.253
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/sys-static/sys-promotions-and-bonuses-static/Desktop/Default/44136fa355b3/d6ed6f737a3a.js | 185.244.209.62 | 200 OK | 715 B |
URL GET HTTP/2v3.traincdn.com/sys-static/sys-promotions-and-bonuses-static/Desktop/Default/44136fa355b3/d6ed6f737a3a.js IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typeASCII text, with very long lines (734), with no line terminators Hash2d2643c6bb7876f3b0c0d1a2a78d2a4a 7a1ca91cb34914db9d922d02aa2cefc32449e66a 76b2363f37de8712960798fa14b48915113139b626cdfd27e3c55c913fab88f4
GET /sys-static/sys-promotions-and-bonuses-static/Desktop/Default/44136fa355b3/d6ed6f737a3a.js HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1xlite-660473.top
DNT: 1
Connection: keep-alive
Referer: https://v3.traincdn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:19:58 GMT
content-type: text/javascript; charset=utf-8
content-length: 715
last-modified: Thu, 25 Apr 2024 08:20:23 GMT
etag: "6f76cc91c8fa717aa34357eea84a0f75"
x-amz-meta-mtime: 1714033068.851475738
expires: Fri, 26 Apr 2024 09:00:16 GMT
cache-control: max-age=86400
x-time-ng: 0.000
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-8a62ff5a8b3ef669c4cddcc4836ab765-3276c061a313f5b7-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-25T09:00:16+00:00, 2024-04-25T16:22:13+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/race.jpg | 0.0.0.0 | | 0 B |
URL GET v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/race.jpg IP0.0.0.0:0
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /genfiles/cms/1-285/desktop/bonus/rules/race.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/doverie.jpg | 0.0.0.0 | | 0 B |
URL GET v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/doverie.jpg IP0.0.0.0:0
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /genfiles/cms/1-285/desktop/bonus/rules/doverie.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/slot-first-deposit-slider.jpg | 0.0.0.0 | | 0 B |
URL GET v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/slot-first-deposit-slider.jpg IP0.0.0.0:0
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /genfiles/cms/1-285/desktop/bonus/rules/slot-first-deposit-slider.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|
|
| 1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/fb98f44e37ba66ce21503d37c8717923.json | 178.253.29.47 | 200 OK | 3.3 kB |
URL GET HTTP/21xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/fb98f44e37ba66ce21503d37c8717923.json IP178.253.29.47:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerLet's Encrypt Subject1xlite-660473.top FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT
File typeASCII text, with very long lines (3653), with no line terminators Hash8bc0581ca207c024d54d75ca53390160 62d322fceed2d7d960548e0b2216a814f68c3b31 a97dc7805fc7bb366b277032e2f95d95418bdde4db7837a7ba9b3b18c9e33e95
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/fb98f44e37ba66ce21503d37c8717923.json HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/bonus/rules
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22LGTNTzSTpCRrxnGhkthx77%22%2C%22LGTNTzSTpCRrxnGhkthx77%22%5D%2C%22site_id%22%3A%22fe627071%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dL2YrqfphP8hOAwd8Ag==; SESSION=997daf28e246f35f35cb31ed95423e4f; window_width=0; che_g=4045b7df-70e6-5400-0d3c-1295ada68e8d; application_locale=en; sh.session.id=e6d0cf13-9326-4e99-bacf-224d824cbf68; _ga_7V60YW2S5H=GS1.1.1714137601.1.0.1714137601.60.0.0; _ga=GA1.1.1321333404.1714137601
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:02 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Thu, 07 Mar 2024 10:41:59 GMT
etag: W/"becb2e7c22d23ed7b8c378c346c643f1"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.015
X-Firefox-Spdy: h2
|
|
| 1xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/7ba58ff9bb84da78ec345b09d297b429.json | 178.253.29.47 | 200 OK | 2.0 kB |
URL GET HTTP/21xlite-660473.top/genfiles/cms/1-285/desktop/media_asset/7ba58ff9bb84da78ec345b09d297b429.json IP178.253.29.47:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerLet's Encrypt Subject1xlite-660473.top FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT
File typeASCII text, with very long lines (2238), with no line terminators Hash9c6d751199ab5a88d2386a29567eb98e 4af37f69630e8f542f1b30280ee561c07c83107f cdc297778845a4c68445e25e9829bb406511d4da094fb4e9ba03fe9704b4ec99
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /genfiles/cms/1-285/desktop/media_asset/7ba58ff9bb84da78ec345b09d297b429.json HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/bonus/rules
content-type: application/json
x-requested-with: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22LGTNTzSTpCRrxnGhkthx77%22%2C%22LGTNTzSTpCRrxnGhkthx77%22%5D%2C%22site_id%22%3A%22fe627071%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dL2YrqfphP8hOAwd8Ag==; SESSION=997daf28e246f35f35cb31ed95423e4f; window_width=0; che_g=4045b7df-70e6-5400-0d3c-1295ada68e8d; application_locale=en; sh.session.id=e6d0cf13-9326-4e99-bacf-224d824cbf68; _ga_7V60YW2S5H=GS1.1.1714137601.1.0.1714137601.60.0.0; _ga=GA1.1.1321333404.1714137601
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:02 GMT
content-type: application/json
vary: Accept-Encoding
last-modified: Tue, 28 Nov 2023 09:26:45 GMT
etag: W/"dad3a9b077bc630619a2f0a6422b65ae"
content-encoding: br
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=63072000; includeSubDomains; preload
server-timing: wf-uht;dur=0.015
X-Firefox-Spdy: h2
|
|
| 1xlite-660473.top/bonus-api/bonus?currency=NOK&language=en | 178.253.29.47 | 200 OK | 5.7 kB |
URL GET HTTP/21xlite-660473.top/bonus-api/bonus?currency=NOK&language=en IP178.253.29.47:443 ASN#202492 Silverhill Group Holding Ltd
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerLet's Encrypt Subject1xlite-660473.top FingerprintAE:C9:7E:01:65:F2:2B:09:5E:F8:15:42:9A:94:F9:44:A4:7F:F2:5D ValidityTue, 26 Mar 2024 09:13:24 GMT - Mon, 24 Jun 2024 09:13:23 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (6352), with no line terminators Hashe333350364e89413823991f8bf871a65 4934a086b5a5028c60e1ad16aa7aecfd8d1c7d11 78c3143faa4df057655b95bb577d7915394a42e0e5984c4897930872241b2c5a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /bonus-api/bonus?currency=NOK&language=en HTTP/1.1
Host: 1xlite-660473.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1xlite-660473.top/en/bonus/rules
content-type: application/json
x-requested-with: XMLHttpRequest
is-srv: false
DNT: 1
Connection: keep-alive
Cookie: lng=en; cookies_agree_type=3; tzo=2; is12h=0; referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_2757227m_18607c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%7D%7D; reflinkid=d_2757227m_18607c_; postback_watcher=%7B%22tag%22%3A%22d_2757227m_18607c_%22%2C%22pb%22%3A%22fc40969f4a5547868aa12f11866bc762%22%2C%22click_id%22%3A%5B%22LGTNTzSTpCRrxnGhkthx77%22%2C%22LGTNTzSTpCRrxnGhkthx77%22%5D%2C%22site_id%22%3A%22fe627071%22%2C%22partner_id%22%3A%227f99719f-6df0-4574-8194-8edfe800f8f3%22%2C%22r%22%3A%22promotions%2Fwheel-bet%22%7D; platform_type=desktop; auid=sv0dL2YrqfphP8hOAwd8Ag==; SESSION=997daf28e246f35f35cb31ed95423e4f; window_width=0; che_g=4045b7df-70e6-5400-0d3c-1295ada68e8d; application_locale=en; sh.session.id=e6d0cf13-9326-4e99-bacf-224d824cbf68; _ga_7V60YW2S5H=GS1.1.1714137601.1.0.1714137601.60.0.0; _ga=GA1.1.1321333404.1714137601
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:20:03 GMT
content-type: application/json
cache-control: no-cache, private
content-encoding: br
server-timing: p;dur=186.22183799744, dt_total;dur=188.202, wf-uht;dur=0.204
traceparent: 00-8fb4aff51c9c071220c1a7066e7fb878-0f413d05720b3479-01
vary: Accept-Encoding
x-dt: 285
x-request-id: 01d599742adeb00443f8792460d033c0
x-time-ng: 0.188
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/c65c754d498ddb25accb3498c1e7540b.png | 185.244.209.62 | 200 OK | 5.2 kB |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1-285/desktop/media_asset/c65c754d498ddb25accb3498c1e7540b.png IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
File typePNG image data, 514 x 514, 8-bit colormap, non-interlaced Hashb9a636eef54b2844b571fe7de49184a7 bf653690790ced40eb3189da075a275d951d1607 001bfcdd52b658d46543a1aec889d35b73b3909b47097cc011b95e96fc9e3743
GET /genfiles/cms/1-285/desktop/media_asset/c65c754d498ddb25accb3498c1e7540b.png HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 13:19:58 GMT
content-type: image/png
content-length: 5202
last-modified: Wed, 28 Feb 2024 07:52:20 GMT
etag: "b9a636eef54b2844b571fe7de49184a7"
x-time-ng: 0.000
cache-control: public,max-age=3600,s-maxage=3600
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
x-id-shield: am3-hw-edge-gc88
traceparent: 00-2615c944ced503d6bc134041e16af160-6d7f61ab232f9732-01
x-id: osix-hw-edge-gc4
cache: HIT, HIT
x-cached-since: 2024-04-03T07:12:40+00:00, 2024-04-26T13:01:15+00:00
accept-ranges: bytes
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|
| v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/vip-cashback/1-137.jpg | 185.244.209.62 | 404 Not Found | 0 B |
URL GET HTTP/2v3.traincdn.com/genfiles/cms/1-285/desktop/bonus/rules/vip-cashback/1-137.jpg IP185.244.209.62:443 ASN#199524 G-Core Labs S.A.
Requested byhttps://1xlite-660473.top/en/promotions/wheel-bet?tag=d_2757227m_18607c_&pb=fc40969f4a5547868aa12f11866bc762&click_id=LGTNTzSTpCRrxnGhkthx77&click_id=LGTNTzSTpCRrxnGhkthx77&site_id=fe627071&partner_id=7f99719f-6df0-4574-8194-8edfe800f8f3&r=promotions%2fwheel-bet CertificateIssuerSectigo Limited Subject*.traincdn.com FingerprintC8:8E:2A:E6:0A:C8:1B:3E:56:D0:F0:37:75:5F:40:9B:EF:44:C8:73 ValidityThu, 02 Nov 2023 00:00:00 GMT - Mon, 02 Dec 2024 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /genfiles/cms/1-285/desktop/bonus/rules/vip-cashback/1-137.jpg HTTP/1.1
Host: v3.traincdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1xlite-660473.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 404 Not Found
server: nginx
date: Fri, 26 Apr 2024 13:20:03 GMT
content-type: text/html; charset=utf-8
content-length: 118
strict-transport-security: max-age=15724800; includeSubDomains
x-id-shield: am3-hw-edge-gc89
traceparent: 00-111f49d75ac2e1000bf2652c677c6986-82ebb37e0db59517-01
x-id: osix-hw-edge-gc4
cache: MISS, MISS
x-shard: osix-shard0-default_443
X-Firefox-Spdy: h2
|
|