| | 181.214.58.63 | 200 OK | 162 B |
URL User Request GET HTTP/2IP181.214.58.63:443 ASN#201670 S.c. Infotech-Grup S.r.l.
CertificateIssuerLet's Encrypt Subjecttracker.qu.ax Fingerprint29:07:EF:0B:D0:3C:C8:ED:C9:71:03:8B:22:A8:8B:CF:78:6A:61:F4 ValidityTue, 12 Mar 2024 02:20:23 GMT - Mon, 10 Jun 2024 02:20:22 GMT
File typeHTML document, ASCII text, with CRLF line terminators Hash4f8e702cc244ec5d4de32740c0ecbd97 3adb1f02d5b6054de0046e367c1d687b6cdf7aff 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET / HTTP/1.1
Host: 181.214.58.63
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 08 May 2024 18:48:02 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://181.214.58.63/
|
|
| | 181.214.58.63 | 200 OK | 8.9 kB |
URL User Request GET HTTP/2IP181.214.58.63:443 ASN#201670 S.c. Infotech-Grup S.r.l.
CertificateIssuerLet's Encrypt Subjecttracker.qu.ax Fingerprint29:07:EF:0B:D0:3C:C8:ED:C9:71:03:8B:22:A8:8B:CF:78:6A:61:F4 ValidityTue, 12 Mar 2024 02:20:23 GMT - Mon, 10 Jun 2024 02:20:22 GMT
File typegzip compressed data, max speed, from Unix Hash3a7e3db9a17acdec4abc72a65083b75f 51b58425cf2e26854b62c26919be1e4829117545 c8d9e87d3326e288a0b5abdbdc159dadbee5b77345b9afe5118c9529b161b8d7
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET / HTTP/1.1
Host: 181.214.58.63
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 18:48:03 GMT
content-type: text/html
last-modified: Sun, 17 Mar 2024 09:12:35 GMT
etag: W/"65f6b403-5ac"
alt-svc: h3=":443"; ma=2628000
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 181.214.58.63/style.css | 181.214.58.63 | 200 OK | 823 B |
IP181.214.58.63:443 ASN#201670 S.c. Infotech-Grup S.r.l.
CertificateIssuerLet's Encrypt Subjecttracker.qu.ax Fingerprint29:07:EF:0B:D0:3C:C8:ED:C9:71:03:8B:22:A8:8B:CF:78:6A:61:F4 ValidityTue, 12 Mar 2024 02:20:23 GMT - Mon, 10 Jun 2024 02:20:22 GMT
Hashd4128ce71e0fe9fb0f5d721f8fd8a986 39411a271e93fdcc34751bd772e6579cfd3ee1de 61a97053e9788a4ddd6c74034953970b99027812fab596d97dda4e56526610e4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /style.css HTTP/1.1
Host: 181.214.58.63
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://181.214.58.63/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 18:48:03 GMT
content-type: text/css
content-length: 823
last-modified: Fri, 22 Mar 2024 13:26:46 GMT
etag: "65fd8716-337"
alt-svc: h3=":443"; ma=2628000
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 181.214.58.63/script.js | 181.214.58.63 | 200 OK | 2.5 kB |
IP181.214.58.63:443 ASN#201670 S.c. Infotech-Grup S.r.l.
CertificateIssuerLet's Encrypt Subjecttracker.qu.ax Fingerprint29:07:EF:0B:D0:3C:C8:ED:C9:71:03:8B:22:A8:8B:CF:78:6A:61:F4 ValidityTue, 12 Mar 2024 02:20:23 GMT - Mon, 10 Jun 2024 02:20:22 GMT
Hash8cc1d2cd47155bcb5c62084d9a8251a3 90fb801ff2930ea96de617df9d0bf1b508f9e110 2d7db3bba6220f400332453c20028b1e4cd94fb61fe7712f391c7855ec116d8a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /script.js HTTP/1.1
Host: 181.214.58.63
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://181.214.58.63/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 18:48:03 GMT
content-type: application/javascript
content-length: 2480
last-modified: Fri, 05 Apr 2024 01:03:25 GMT
etag: "660f4ddd-9b0"
alt-svc: h3=":443"; ma=2628000
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 181.214.58.63/muw.woff2 | 181.214.58.63 | 200 OK | 45 kB |
IP181.214.58.63:443 ASN#201670 S.c. Infotech-Grup S.r.l.
CertificateIssuerLet's Encrypt Subjecttracker.qu.ax Fingerprint29:07:EF:0B:D0:3C:C8:ED:C9:71:03:8B:22:A8:8B:CF:78:6A:61:F4 ValidityTue, 12 Mar 2024 02:20:23 GMT - Mon, 10 Jun 2024 02:20:22 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 44856, version 1.0 Hash565ce506190ad3af920b40baf1794cec ad3cba5d06100e09449a864d3b5e58403b478b3d 8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /muw.woff2 HTTP/1.1
Host: 181.214.58.63
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://181.214.58.63/style.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 18:48:03 GMT
content-type: font/woff2
content-length: 44856
last-modified: Sat, 13 Jan 2024 17:37:24 GMT
etag: "65a2ca54-af38"
alt-svc: h3=":443"; ma=2628000
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 181.214.58.63/tracker_stats_chart.png | 181.214.58.63 | 200 OK | 132 kB |
URL GET HTTP/2181.214.58.63/tracker_stats_chart.png IP181.214.58.63:443 ASN#201670 S.c. Infotech-Grup S.r.l.
CertificateIssuerLet's Encrypt Subjecttracker.qu.ax Fingerprint29:07:EF:0B:D0:3C:C8:ED:C9:71:03:8B:22:A8:8B:CF:78:6A:61:F4 ValidityTue, 12 Mar 2024 02:20:23 GMT - Mon, 10 Jun 2024 02:20:22 GMT
File typePNG image data, 1600 x 800, 8-bit/color RGBA, non-interlaced Size132 kB (131561 bytes) Hash919491c1a1709cbaac147d1e1678d381 099d4a0bd5894e4c594398ef57dae9f348ba17fd e3e90b318acab7e967535458057f0abcf3b1b1faeccd940f0f72998c8c3cbec1
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /tracker_stats_chart.png HTTP/1.1
Host: 181.214.58.63
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://181.214.58.63/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 18:48:03 GMT
content-type: image/png
content-length: 131561
last-modified: Wed, 08 May 2024 18:46:14 GMT
etag: "663bc876-201e9"
alt-svc: h3=":443"; ma=2628000
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 181.214.58.63/stats2?mode=conn | 181.214.58.63 | 200 OK | 110 B |
URL GET HTTP/2181.214.58.63/stats2?mode=conn IP181.214.58.63:443 ASN#201670 S.c. Infotech-Grup S.r.l.
CertificateIssuerLet's Encrypt Subjecttracker.qu.ax Fingerprint29:07:EF:0B:D0:3C:C8:ED:C9:71:03:8B:22:A8:8B:CF:78:6A:61:F4 ValidityTue, 12 Mar 2024 02:20:23 GMT - Mon, 10 Jun 2024 02:20:22 GMT
Hash337e57e21599380e93a05c26c4a64ff0 feb19065add4db7bca999c8f2cea0b4c8ab24467 08128f130f53bae95543c2d733718857cfab5e61ba3a8223e3bb39a020af593e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /stats2?mode=conn HTTP/1.1
Host: 181.214.58.63
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://181.214.58.63/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 18:48:04 GMT
content-type: text/plain
content-length: 110
X-Firefox-Spdy: h2
|
|
| plausib.1337.la/api/event | 88.198.51.12 | 202 Accepted | 2 B |
URL POST HTTP/2plausib.1337.la/api/event IP88.198.51.12:443 ASN#24940 Hetzner Online GmbH
CertificateIssuerLet's Encrypt Subjectplausib.1337.la FingerprintB5:83:3F:63:54:13:32:2D:28:CF:12:09:13:78:EC:0E:F3:0F:05:96 ValidityTue, 12 Mar 2024 15:54:42 GMT - Mon, 10 Jun 2024 15:54:41 GMT
File typeASCII text, with no line terminators Hash444bcb3a3fcf8389296c49467f27e1d6 7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
POST /api/event HTTP/1.1
Host: plausib.1337.la
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 83
Origin: https://181.214.58.63
DNT: 1
Connection: keep-alive
Referer: https://181.214.58.63/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 202 Accepted
server: nginx
date: Wed, 08 May 2024 18:48:04 GMT
content-type: text/plain; charset=utf-8
content-length: 2
access-control-allow-credentials: true
access-control-allow-origin: *
access-control-expose-headers:
cache-control: max-age=0, private, must-revalidate
x-request-id: F82X7pxTWyec_2MAAkOC
X-Firefox-Spdy: h2
|
|
| 181.214.58.63/stats?mode=torr | 181.214.58.63 | 200 OK | 58 B |
URL GET HTTP/2181.214.58.63/stats?mode=torr IP181.214.58.63:443 ASN#201670 S.c. Infotech-Grup S.r.l.
CertificateIssuerLet's Encrypt Subjecttracker.qu.ax Fingerprint29:07:EF:0B:D0:3C:C8:ED:C9:71:03:8B:22:A8:8B:CF:78:6A:61:F4 ValidityTue, 12 Mar 2024 02:20:23 GMT - Mon, 10 Jun 2024 02:20:22 GMT
Hash38311e7f52db3d412f71700d419a6469 44e8c451d0152dc29882f707bf59caf1aaa4913a 9ec8fbc7ec980d891091d7be0f2c9e5c5c017f9bfd0de4b94e9588d318b18ea8
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /stats?mode=torr HTTP/1.1
Host: 181.214.58.63
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://181.214.58.63/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 18:48:12 GMT
content-type: text/plain
content-length: 58
X-Firefox-Spdy: h2
|
|
| 181.214.58.63/stats?mode=conn | 181.214.58.63 | 200 OK | 110 B |
URL GET HTTP/2181.214.58.63/stats?mode=conn IP181.214.58.63:443 ASN#201670 S.c. Infotech-Grup S.r.l.
CertificateIssuerLet's Encrypt Subjecttracker.qu.ax Fingerprint29:07:EF:0B:D0:3C:C8:ED:C9:71:03:8B:22:A8:8B:CF:78:6A:61:F4 ValidityTue, 12 Mar 2024 02:20:23 GMT - Mon, 10 Jun 2024 02:20:22 GMT
Hashe1b8c08fc9900297ff9c0715d1fe47c9 2338d9360cf577cccc27e7ecc29f155f5772b1cf cf13b9a808577ea7220e2e99bed9ed5711a13cf1042c923188a52bcc5aa6ef75
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /stats?mode=conn HTTP/1.1
Host: 181.214.58.63
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://181.214.58.63/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 18:48:12 GMT
content-type: text/plain
content-length: 110
X-Firefox-Spdy: h2
|
|
| 181.214.58.63/stats?mode=peer | 181.214.58.63 | 200 OK | 63 B |
URL GET HTTP/2181.214.58.63/stats?mode=peer IP181.214.58.63:443 ASN#201670 S.c. Infotech-Grup S.r.l.
CertificateIssuerLet's Encrypt Subjecttracker.qu.ax Fingerprint29:07:EF:0B:D0:3C:C8:ED:C9:71:03:8B:22:A8:8B:CF:78:6A:61:F4 ValidityTue, 12 Mar 2024 02:20:23 GMT - Mon, 10 Jun 2024 02:20:22 GMT
Hashf484c53eddfc1df3123af6a7557ce81b fcc23a440139099db0e3b28795f747fb4cb11f27 72399f7cb7d9b99fc83521ed29fc68068d32f29fbf838f280c7e2bbf4bb56b7e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /stats?mode=peer HTTP/1.1
Host: 181.214.58.63
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://181.214.58.63/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 18:48:12 GMT
content-type: text/plain
content-length: 63
X-Firefox-Spdy: h2
|
|
| plausib.1337.la/js/script.js | 88.198.51.12 | 200 OK | 1.3 kB |
URL GET HTTP/2plausib.1337.la/js/script.js IP88.198.51.12:443 ASN#24940 Hetzner Online GmbH
CertificateIssuerLet's Encrypt Subjectplausib.1337.la FingerprintB5:83:3F:63:54:13:32:2D:28:CF:12:09:13:78:EC:0E:F3:0F:05:96 ValidityTue, 12 Mar 2024 15:54:42 GMT - Mon, 10 Jun 2024 15:54:41 GMT
File typeASCII text, with very long lines (1359), with no line terminators Hash58139d3c1ba336257671d8eef068ee7f 03dae2b5a291b49f7345c0a525a2145b7aba417c b42b4f6dd741ff354cbe6d65732681f3a3fd284b859583e76e4a5b581494659f
GET /js/script.js HTTP/1.1
Host: plausib.1337.la
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://181.214.58.63/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 18:48:04 GMT
content-type: application/javascript
vary: Accept-Encoding
access-control-allow-origin: *
cache-control: public, max-age=86400, must-revalidate
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=604800
content-encoding: br
X-Firefox-Spdy: h2
|
|
| qu.ax/favicon.ico | 0.0.0.0 | | 0 B |
IP0.0.0.0:0
CertificateIssuerGoogle Trust Services LLC Subjectqu.ax Fingerprint84:64:EF:4C:9D:CF:6D:73:6C:C6:67:82:14:6B:E8:D6:B7:AF:7D:E2 ValidityTue, 07 May 2024 09:45:30 GMT - Mon, 05 Aug 2024 09:45:29 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: qu.ax
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://181.214.58.63/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 18:48:04 GMT
content-type: image/x-icon
last-modified: Sun, 05 Jun 2022 23:07:17 GMT
x-xss-protection: 1; mode=block
alt-svc: h3=":443"; ma=86400
x-cache-status: HIT
cache-control: max-age=2678400
cf-cache-status: HIT
age: 68585
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HHsdLLSoss22zKpH0EJZT7v0FkfS1C83cl6PfjiZwxrXJ1Az%2FLOjQphuWKnsEPl8Pc8jXPvdmhxiZKSrVMHGvh%2FBwPj6YGpMGIPZxpXIAD%2FS7I3ZYzciBQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880b9f34ac11569c-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|