Report - 181.214.58.63/

Report Overview

Submitted URL
181.214.58.63/
IP
181.214.58.63
ASN
#201670 S.c. Infotech-Grup S.r.l.
Submitted
2024-05-08 18:48:28
Access
public
Website Title
qu.ax opentracker live stats
Final URL
181.214.58.63/
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
24

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
181.214.58.63	unknown	unknown	No data	No data	4.2 kB	191 kB	181.214.58.63
plausib.1337.la	unknown	2014-06-15	2023-04-21	2024-03-13	873 B	2.0 kB	88.198.51.12
qu.ax	unknown	2019-10-23	2019-12-22	2024-04-11	412 B	708 B	0.0.0.0

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

Scan Date	Severity	Indicator	Alert
2024-05-08	medium	qu.ax	Sinkholed

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-08	medium	181.214.58.63	Sinkholed
2024-05-08	medium	181.214.58.63	Sinkholed
2024-05-08	medium	181.214.58.63	Sinkholed
2024-05-08	medium	181.214.58.63	Sinkholed
2024-05-08	medium	181.214.58.63	Sinkholed
2024-05-08	medium	181.214.58.63	Sinkholed
2024-05-08	medium	181.214.58.63	Sinkholed
2024-05-08	medium	181.214.58.63	Sinkholed
2024-05-08	medium	181.214.58.63	Sinkholed
2024-05-08	medium	181.214.58.63	Sinkholed
2024-05-08	medium	qu.ax	Sinkholed

ThreatFox

No alerts detected

JavaScript (2)

	URL	Size	First Seen	Last Seen
	181.214.58.63/script.js	2.5 kB	2024-05-08	2024-05-08
Pretty URL 181.214.58.63/script.js IP 181.214.58.63 ASN #201670 S.c. Infotech-Grup S.r.l. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 20:48:35 Last Seen2024-05-08 20:48:35 Times Seen2 Hash 8cc1d2cd47155bcb5c62084d9a8251a3 90fb801ff2930ea96de617df9d0bf1b508f9e110 2d7db3bba6220f400332453c20028b1e4cd94fb61fe7712f391c7855ec116d8a Loading...

	plausib.1337.la/js/script.js	1.3 kB	2023-03-07	2024-05-18
Pretty URL plausib.1337.la/js/script.js IP 88.198.51.12 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:39:51 Last Seen2024-05-18 20:55:28 Times Seen1588 Hash 8210a7fad4cf5a22ec34f49fd6cfa0a4 46cae8011201b868af95b9d91a76839a2ac51a18 ae4216bfc85c99ffd32e7745f0d7d4cd5f57b714f3a4911176b8cd78a176c97c Loading...

HTTP Transactions (13)

URL IP Response Size

181.214.58.63/

181.214.58.63

200 OK

162 B

URL User Request GET HTTP/2
181.214.58.63/
IP
181.214.58.63:443
ASN
#201670 S.c. Infotech-Grup S.r.l.

Certificate
IssuerLet's Encrypt
Subjecttracker.qu.ax
Fingerprint29:07:EF:0B:D0:3C:C8:ED:C9:71:03:8B:22:A8:8B:CF:78:6A:61:F4
ValidityTue, 12 Mar 2024 02:20:23 GMT - Mon, 10 Jun 2024 02:20:22 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
162 B (162 bytes)
Hash
4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: 181.214.58.63
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 08 May 2024 18:48:02 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://181.214.58.63/

181.214.58.63/

181.214.58.63

200 OK

8.9 kB

URL User Request GET HTTP/2
181.214.58.63/
IP
181.214.58.63:443
ASN
#201670 S.c. Infotech-Grup S.r.l.

Certificate
IssuerLet's Encrypt
Subjecttracker.qu.ax
Fingerprint29:07:EF:0B:D0:3C:C8:ED:C9:71:03:8B:22:A8:8B:CF:78:6A:61:F4
ValidityTue, 12 Mar 2024 02:20:23 GMT - Mon, 10 Jun 2024 02:20:22 GMT

File type
gzip compressed data, max speed, from Unix
Size
8.9 kB (8891 bytes)
Hash
3a7e3db9a17acdec4abc72a65083b75f
51b58425cf2e26854b62c26919be1e4829117545
c8d9e87d3326e288a0b5abdbdc159dadbee5b77345b9afe5118c9529b161b8d7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: 181.214.58.63
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 18:48:03 GMT
content-type: text/html
last-modified: Sun, 17 Mar 2024 09:12:35 GMT
etag: W/"65f6b403-5ac"
alt-svc: h3=":443"; ma=2628000
content-encoding: gzip
X-Firefox-Spdy: h2

181.214.58.63/style.css

181.214.58.63

200 OK

823 B

URL GET HTTP/2
181.214.58.63/style.css
IP
181.214.58.63:443
ASN
#201670 S.c. Infotech-Grup S.r.l.

Requested by
https://181.214.58.63/
Certificate
IssuerLet's Encrypt
Subjecttracker.qu.ax
Fingerprint29:07:EF:0B:D0:3C:C8:ED:C9:71:03:8B:22:A8:8B:CF:78:6A:61:F4
ValidityTue, 12 Mar 2024 02:20:23 GMT - Mon, 10 Jun 2024 02:20:22 GMT

File type
ASCII text
Size
823 B (823 bytes)
Hash
d4128ce71e0fe9fb0f5d721f8fd8a986
39411a271e93fdcc34751bd772e6579cfd3ee1de
61a97053e9788a4ddd6c74034953970b99027812fab596d97dda4e56526610e4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /style.css HTTP/1.1
Host: 181.214.58.63
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://181.214.58.63/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 18:48:03 GMT
content-type: text/css
content-length: 823
last-modified: Fri, 22 Mar 2024 13:26:46 GMT
etag: "65fd8716-337"
alt-svc: h3=":443"; ma=2628000
accept-ranges: bytes
X-Firefox-Spdy: h2

181.214.58.63/script.js

181.214.58.63

200 OK

2.5 kB

URL GET HTTP/2
181.214.58.63/script.js
IP
181.214.58.63:443
ASN
#201670 S.c. Infotech-Grup S.r.l.

Requested by
https://181.214.58.63/
Certificate
IssuerLet's Encrypt
Subjecttracker.qu.ax
Fingerprint29:07:EF:0B:D0:3C:C8:ED:C9:71:03:8B:22:A8:8B:CF:78:6A:61:F4
ValidityTue, 12 Mar 2024 02:20:23 GMT - Mon, 10 Jun 2024 02:20:22 GMT

File type
ASCII text
Size
2.5 kB (2480 bytes)
Hash
8cc1d2cd47155bcb5c62084d9a8251a3
90fb801ff2930ea96de617df9d0bf1b508f9e110
2d7db3bba6220f400332453c20028b1e4cd94fb61fe7712f391c7855ec116d8a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /script.js HTTP/1.1
Host: 181.214.58.63
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://181.214.58.63/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 18:48:03 GMT
content-type: application/javascript
content-length: 2480
last-modified: Fri, 05 Apr 2024 01:03:25 GMT
etag: "660f4ddd-9b0"
alt-svc: h3=":443"; ma=2628000
accept-ranges: bytes
X-Firefox-Spdy: h2

181.214.58.63/muw.woff2

181.214.58.63

200 OK

45 kB

URL GET HTTP/2
181.214.58.63/muw.woff2
IP
181.214.58.63:443
ASN
#201670 S.c. Infotech-Grup S.r.l.

Requested by
https://181.214.58.63/
Certificate
IssuerLet's Encrypt
Subjecttracker.qu.ax
Fingerprint29:07:EF:0B:D0:3C:C8:ED:C9:71:03:8B:22:A8:8B:CF:78:6A:61:F4
ValidityTue, 12 Mar 2024 02:20:23 GMT - Mon, 10 Jun 2024 02:20:22 GMT

File type
Web Open Font Format (Version 2), TrueType, length 44856, version 1.0
Size
45 kB (44856 bytes)
Hash
565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /muw.woff2 HTTP/1.1
Host: 181.214.58.63
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://181.214.58.63/style.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 18:48:03 GMT
content-type: font/woff2
content-length: 44856
last-modified: Sat, 13 Jan 2024 17:37:24 GMT
etag: "65a2ca54-af38"
alt-svc: h3=":443"; ma=2628000
accept-ranges: bytes
X-Firefox-Spdy: h2

181.214.58.63/tracker_stats_chart.png

181.214.58.63

200 OK

132 kB

URL GET HTTP/2
181.214.58.63/tracker_stats_chart.png
IP
181.214.58.63:443
ASN
#201670 S.c. Infotech-Grup S.r.l.

Requested by
https://181.214.58.63/
Certificate
IssuerLet's Encrypt
Subjecttracker.qu.ax
Fingerprint29:07:EF:0B:D0:3C:C8:ED:C9:71:03:8B:22:A8:8B:CF:78:6A:61:F4
ValidityTue, 12 Mar 2024 02:20:23 GMT - Mon, 10 Jun 2024 02:20:22 GMT

File type
PNG image data, 1600 x 800, 8-bit/color RGBA, non-interlaced
Size
132 kB (131561 bytes)
Hash
919491c1a1709cbaac147d1e1678d381
099d4a0bd5894e4c594398ef57dae9f348ba17fd
e3e90b318acab7e967535458057f0abcf3b1b1faeccd940f0f72998c8c3cbec1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /tracker_stats_chart.png HTTP/1.1
Host: 181.214.58.63
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://181.214.58.63/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 18:48:03 GMT
content-type: image/png
content-length: 131561
last-modified: Wed, 08 May 2024 18:46:14 GMT
etag: "663bc876-201e9"
alt-svc: h3=":443"; ma=2628000
accept-ranges: bytes
X-Firefox-Spdy: h2

181.214.58.63/stats2?mode=conn

181.214.58.63

200 OK

110 B

URL GET HTTP/2
181.214.58.63/stats2?mode=conn
IP
181.214.58.63:443
ASN
#201670 S.c. Infotech-Grup S.r.l.

Requested by
https://181.214.58.63/
Certificate
IssuerLet's Encrypt
Subjecttracker.qu.ax
Fingerprint29:07:EF:0B:D0:3C:C8:ED:C9:71:03:8B:22:A8:8B:CF:78:6A:61:F4
ValidityTue, 12 Mar 2024 02:20:23 GMT - Mon, 10 Jun 2024 02:20:22 GMT

File type
ASCII text
Size
110 B (110 bytes)
Hash
337e57e21599380e93a05c26c4a64ff0
feb19065add4db7bca999c8f2cea0b4c8ab24467
08128f130f53bae95543c2d733718857cfab5e61ba3a8223e3bb39a020af593e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /stats2?mode=conn HTTP/1.1
Host: 181.214.58.63
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://181.214.58.63/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 18:48:04 GMT
content-type: text/plain
content-length: 110
X-Firefox-Spdy: h2

plausib.1337.la/api/event

88.198.51.12

202 Accepted

2 B

URL POST HTTP/2
plausib.1337.la/api/event
IP
88.198.51.12:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://181.214.58.63/
Certificate
IssuerLet's Encrypt
Subjectplausib.1337.la
FingerprintB5:83:3F:63:54:13:32:2D:28:CF:12:09:13:78:EC:0E:F3:0F:05:96
ValidityTue, 12 Mar 2024 15:54:42 GMT - Mon, 10 Jun 2024 15:54:41 GMT

File type
ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

HTTP Headers

POST /api/event HTTP/1.1
Host: plausib.1337.la
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 83
Origin: https://181.214.58.63
DNT: 1
Connection: keep-alive
Referer: https://181.214.58.63/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 202 Accepted
server: nginx
date: Wed, 08 May 2024 18:48:04 GMT
content-type: text/plain; charset=utf-8
content-length: 2
access-control-allow-credentials: true
access-control-allow-origin: *
access-control-expose-headers: 
cache-control: max-age=0, private, must-revalidate
x-request-id: F82X7pxTWyec_2MAAkOC
X-Firefox-Spdy: h2

181.214.58.63/stats?mode=torr

181.214.58.63

200 OK

58 B

URL GET HTTP/2
181.214.58.63/stats?mode=torr
IP
181.214.58.63:443
ASN
#201670 S.c. Infotech-Grup S.r.l.

Requested by
https://181.214.58.63/
Certificate
IssuerLet's Encrypt
Subjecttracker.qu.ax
Fingerprint29:07:EF:0B:D0:3C:C8:ED:C9:71:03:8B:22:A8:8B:CF:78:6A:61:F4
ValidityTue, 12 Mar 2024 02:20:23 GMT - Mon, 10 Jun 2024 02:20:22 GMT

File type
ASCII text
Size
58 B (58 bytes)
Hash
38311e7f52db3d412f71700d419a6469
44e8c451d0152dc29882f707bf59caf1aaa4913a
9ec8fbc7ec980d891091d7be0f2c9e5c5c017f9bfd0de4b94e9588d318b18ea8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /stats?mode=torr HTTP/1.1
Host: 181.214.58.63
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://181.214.58.63/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 18:48:12 GMT
content-type: text/plain
content-length: 58
X-Firefox-Spdy: h2

181.214.58.63/stats?mode=conn

181.214.58.63

200 OK

110 B

URL GET HTTP/2
181.214.58.63/stats?mode=conn
IP
181.214.58.63:443
ASN
#201670 S.c. Infotech-Grup S.r.l.

Requested by
https://181.214.58.63/
Certificate
IssuerLet's Encrypt
Subjecttracker.qu.ax
Fingerprint29:07:EF:0B:D0:3C:C8:ED:C9:71:03:8B:22:A8:8B:CF:78:6A:61:F4
ValidityTue, 12 Mar 2024 02:20:23 GMT - Mon, 10 Jun 2024 02:20:22 GMT

File type
ASCII text
Size
110 B (110 bytes)
Hash
e1b8c08fc9900297ff9c0715d1fe47c9
2338d9360cf577cccc27e7ecc29f155f5772b1cf
cf13b9a808577ea7220e2e99bed9ed5711a13cf1042c923188a52bcc5aa6ef75

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /stats?mode=conn HTTP/1.1
Host: 181.214.58.63
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://181.214.58.63/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 18:48:12 GMT
content-type: text/plain
content-length: 110
X-Firefox-Spdy: h2

181.214.58.63/stats?mode=peer

181.214.58.63

200 OK

63 B

URL GET HTTP/2
181.214.58.63/stats?mode=peer
IP
181.214.58.63:443
ASN
#201670 S.c. Infotech-Grup S.r.l.

Requested by
https://181.214.58.63/
Certificate
IssuerLet's Encrypt
Subjecttracker.qu.ax
Fingerprint29:07:EF:0B:D0:3C:C8:ED:C9:71:03:8B:22:A8:8B:CF:78:6A:61:F4
ValidityTue, 12 Mar 2024 02:20:23 GMT - Mon, 10 Jun 2024 02:20:22 GMT

File type
ASCII text
Size
63 B (63 bytes)
Hash
f484c53eddfc1df3123af6a7557ce81b
fcc23a440139099db0e3b28795f747fb4cb11f27
72399f7cb7d9b99fc83521ed29fc68068d32f29fbf838f280c7e2bbf4bb56b7e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /stats?mode=peer HTTP/1.1
Host: 181.214.58.63
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://181.214.58.63/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 18:48:12 GMT
content-type: text/plain
content-length: 63
X-Firefox-Spdy: h2

plausib.1337.la/js/script.js

88.198.51.12

200 OK

1.3 kB

URL GET HTTP/2
plausib.1337.la/js/script.js
IP
88.198.51.12:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://181.214.58.63/
Certificate
IssuerLet's Encrypt
Subjectplausib.1337.la
FingerprintB5:83:3F:63:54:13:32:2D:28:CF:12:09:13:78:EC:0E:F3:0F:05:96
ValidityTue, 12 Mar 2024 15:54:42 GMT - Mon, 10 Jun 2024 15:54:41 GMT

File type
ASCII text, with very long lines (1359), with no line terminators
Size
1.3 kB (1321 bytes)
Hash
58139d3c1ba336257671d8eef068ee7f
03dae2b5a291b49f7345c0a525a2145b7aba417c
b42b4f6dd741ff354cbe6d65732681f3a3fd284b859583e76e4a5b581494659f

HTTP Headers

GET /js/script.js HTTP/1.1
Host: plausib.1337.la
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://181.214.58.63/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 18:48:04 GMT
content-type: application/javascript
vary: Accept-Encoding
access-control-allow-origin: *
cache-control: public, max-age=86400, must-revalidate
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=604800
content-encoding: br
X-Firefox-Spdy: h2

qu.ax/favicon.ico

0.0.0.0

0 B

URL GET
qu.ax/favicon.ico
IP
0.0.0.0:0
ASN
#0

Requested by
https://181.214.58.63/
Certificate
IssuerGoogle Trust Services LLC
Subjectqu.ax
Fingerprint84:64:EF:4C:9D:CF:6D:73:6C:C6:67:82:14:6B:E8:D6:B7:AF:7D:E2
ValidityTue, 07 May 2024 09:45:30 GMT - Mon, 05 Aug 2024 09:45:29 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: qu.ax
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://181.214.58.63/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 08 May 2024 18:48:04 GMT
content-type: image/x-icon
last-modified: Sun, 05 Jun 2022 23:07:17 GMT
x-xss-protection: 1; mode=block
alt-svc: h3=":443"; ma=86400
x-cache-status: HIT
cache-control: max-age=2678400
cf-cache-status: HIT
age: 68585
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HHsdLLSoss22zKpH0EJZT7v0FkfS1C83cl6PfjiZwxrXJ1Az%2FLOjQphuWKnsEPl8Pc8jXPvdmhxiZKSrVMHGvh%2FBwPj6YGpMGIPZxpXIAD%2FS7I3ZYzciBQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b9f34ac11569c-OSL
content-encoding: br
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (2)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (13)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2