Report - Qu.ax

Report Overview

Visitedpublic

2025-07-21 23:19:02

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
fonts.gstatic.com	unknown	2008-02-11	2014-04-02	2025-07-16	1.1 kB	77 kB	142.250.74.35
tianji.1337.la	unknown	2014-06-15	2025-01-02	2025-07-21	1.4 kB	4.2 kB	88.198.51.12
cdn.tailwindcss.com	422202	2017-07-20	2018-07-09	2025-07-19	802 B	815 kB	104.20.19.83
qu.ax	unknown	2019-10-23	2019-12-22	2025-07-16	2.2 kB	95 kB	141.227.180.148
fonts.googleapis.com	8877	2005-01-25	2012-05-23	2025-07-16	464 B	19 kB	142.250.178.106

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2025-07-21 23:18:41	low	Client IP	141.227.180.148	ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (4)

	URL	From	Size	First Seen	Last Seen
	cdn.tailwindcss.com/	ScriptElement	407 kB	2024-12-07	2025-08-01
URL cdn.tailwindcss.com/ IP / ASN 104.20.19.83 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded false Resource Info First Seen 2024-12-07 Last Seen 2025-08-01 Times Seen 3883 Size 407 kB (407279 bytes) MD5 2697bf25afb0982dfa17c73536f934c1 SHA1 7d7db122d0639cd1f1a53eb6018d6d713d312679 SHA256 fb798bb21731986940cf3a9950fbca386e03633e9a45497701e71f9b87d132ea Format Code Loading...

	tianji.1337.la/tracker.js	ScriptElement	2.5 kB	2024-10-25	2025-07-27
URL tianji.1337.la/tracker.js IP / ASN 88.198.51.12 #24940 Hetzner Online GmbH Introduced by ScriptElement Embedded false Resource Info First Seen 2024-10-25 Last Seen 2025-07-27 Times Seen 47 Size 2.5 kB (2519 bytes) MD5 200487c46a5a5e459bedf17b3f92fab6 SHA1 a8fe52bf9380dbba592e118aaee37b76e86c3a2c SHA256 8b9f7ca84af6c55eee1a711cfb597b6d103d26cb846422a7f4f0800986e5900b Format Code Loading...

	qu.ax/	ScriptElement	1.4 kB	2025-03-26	2025-07-27
URL qu.ax/ IP / ASN 141.227.180.148 #0 Introduced by ScriptElement Embedded true Resource Info First Seen 2025-03-26 Last Seen 2025-07-27 Times Seen 8 Size 1.4 kB (1414 bytes) MD5 22e75456592e7a6beaad07c1cfab4d11 SHA1 1b9e4ce685b539f2af78434cb46cdd4116d0ed7a SHA256 fef02d5d099430f9507a7f2d9f4de95b7f5841915f190b5d47a58d3f2d55b4bf Format Code Loading...

	qu.ax/	ScriptElement	20 kB	2025-07-05	2025-07-27
URL qu.ax/ IP / ASN 141.227.180.148 #0 Introduced by ScriptElement Embedded true Resource Info First Seen 2025-07-05 Last Seen 2025-07-27 Times Seen 3 Size 20 kB (19704 bytes) MD5 449351654b56db0ecf67cc4e3bae49b7 SHA1 a71d2d75f016e5242db5719a6725d05b78656e07 SHA256 3fff45a1fe867215046324e9f2a8822801ce124169f2293cfc13416fc4210dcf Format Code Loading...

HTTP Transactions (13)

	URL	IP	Response	Size
	GET fonts.gstatic.com/s/opensans/v43/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2	142.250.74.35	200 OK	48 kB
URL fonts.gstatic.com/s/opensans/v43/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 IP / ASN 142.250.74.35 #15169 GOOGLE Requested byhttps://qu.ax/ Resource Info File typeWeb Open Font Format (Version 2), TrueType, length 48332, version 1.0 First Seen2025-05-29 Last Seen2025-08-02 Times Seen31353 Size48 kB (48332 bytes) MD55734e133a619a6ae6ee21a6c00a95eba SHA157c0ac17302d07bd4f968240098afe5ed53d4ad2 SHA256d7a547581722aa055a7fb5b9912aebf3f3e928e1db3e5af9e54cf158cb4c4c4a Certificate Info IssuerGoogle Trust Services Subject.gstatic.com Fingerprint9A:5E:6D:44:D8:FB:03:E5:9A:13:6D:FF:53:DA:1C:8C:EA:3A:A7:AA ValidityMon, 23 Jun 2025 08:41:27 GMT - Mon, 15 Sep 2025 08:41:26 GMT HTTP Headers GET /s/opensans/v43/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1 Host: fonts.gstatic.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: identity Origin: https://qu.ax DNT: 1 Connection: keep-alive Referer: https://fonts.googleapis.com/ Sec-Fetch-Dest: font Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK accept-ranges: bytes access-control-allow-origin: content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy: cross-origin cross-origin-opener-policy: same-origin; report-to="apps-themes" report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} timing-allow-origin: * content-length: 48332 x-content-type-options: nosniff server: sffe x-xss-protection: 0 date: Thu, 17 Jul 2025 10:06:40 GMT expires: Fri, 17 Jul 2026 10:06:40 GMT cache-control: public, max-age=31536000 age: 393122 last-modified: Wed, 28 May 2025 18:06:59 GMT content-type: font/woff2 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	GET fonts.gstatic.com/s/opensans/v43/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTUGmu1aB.woff2	142.250.74.35	200 OK	27 kB
URL fonts.gstatic.com/s/opensans/v43/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTUGmu1aB.woff2 IP / ASN 142.250.74.35 #15169 GOOGLE Requested byhttps://qu.ax/ Resource Info File typeWeb Open Font Format (Version 2), TrueType, length 26596, version 1.0 First Seen2025-05-29 Last Seen2025-08-02 Times Seen5488 Size27 kB (26596 bytes) MD5dae1850484b86d299c31bc08aaa563cf SHA1dca808d6d16965c40bfba4e4b3c8a819f843890d SHA2568f80f993e523f2e6c2d097552740fd26331658da23ffad31d26edcdd3aeec370 Certificate Info IssuerGoogle Trust Services Subject.gstatic.com Fingerprint9A:5E:6D:44:D8:FB:03:E5:9A:13:6D:FF:53:DA:1C:8C:EA:3A:A7:AA ValidityMon, 23 Jun 2025 08:41:27 GMT - Mon, 15 Sep 2025 08:41:26 GMT HTTP Headers GET /s/opensans/v43/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTUGmu1aB.woff2 HTTP/1.1 Host: fonts.gstatic.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: identity Origin: https://qu.ax DNT: 1 Connection: keep-alive Referer: https://fonts.googleapis.com/ Sec-Fetch-Dest: font Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK accept-ranges: bytes access-control-allow-origin: content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy: cross-origin cross-origin-opener-policy: same-origin; report-to="apps-themes" report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} timing-allow-origin: * content-length: 26596 x-content-type-options: nosniff server: sffe x-xss-protection: 0 date: Wed, 16 Jul 2025 22:51:35 GMT expires: Thu, 16 Jul 2026 22:51:35 GMT cache-control: public, max-age=31536000 age: 433627 last-modified: Wed, 28 May 2025 17:52:25 GMT content-type: font/woff2 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	OPTIONS tianji.1337.la/api/website/send	88.198.51.12	204 No Content	0 B
URL tianji.1337.la/api/website/send IP / ASN 88.198.51.12 #24940 Hetzner Online GmbH Requested byhttps://qu.ax/ Resource Info File typeN/A First Seen0001-01-01 Last Seen2025-08-02 Times Seen5605915 Size0 B (0 bytes) MD5d41d8cd98f00b204e9800998ecf8427e SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Certificate Info IssuerLet's Encrypt Subjecttianji.1337.la Fingerprint8A:97:AA:57:EE:60:E3:7D:BE:D6:9E:B1:59:32:9F:ED:5E:87:C8:6B ValidityTue, 01 Jul 2025 01:10:56 GMT - Mon, 29 Sep 2025 01:10:55 GMT HTTP Headers `OPTIONS /api/website/send HTTP/1.1 Host: tianji.1337.la User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type Referer: https://qu.ax/ Origin: https://qu.ax DNT: 1 Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/2 204 No Content server: nginx date: Mon, 21 Jul 2025 23:18:42 GMT access-control-allow-origin: * access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE vary: Access-Control-Request-Headers access-control-allow-headers: content-type alt-svc: h3=":443"; ma=604800 X-Firefox-Spdy: h2`

	GET cdn.tailwindcss.com/	104.20.19.83	302 Found	407 kB
URL cdn.tailwindcss.com/ IP / ASN 104.20.19.83 #13335 CLOUDFLARENET Requested byhttps://qu.ax/ Resource Info File typeN/A First Seen0001-01-01 Last Seen2025-08-02 Times Seen5605915 Size407 kB (407279 bytes) MD5d41d8cd98f00b204e9800998ecf8427e SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Certificate Info IssuerGoogle Trust Services Subjecttailwindcss.com FingerprintD9:F5:6C:8B:23:AD:83:43:52:AD:FB:E6:17:93:EC:54:CE:F9:17:88 ValidityFri, 30 May 2025 03:30:41 GMT - Thu, 28 Aug 2025 04:30:37 GMT HTTP Headers `GET / HTTP/1.1 Host: cdn.tailwindcss.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://qu.ax/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/2 302 Found date: Mon, 21 Jul 2025 23:18:41 GMT age: 18 cache-control: max-age=14400 location: /3.4.16 server: cloudflare strict-transport-security: max-age=63072000 x-vercel-cache: MISS x-vercel-id: arn1::iad1::lb4pz-1753139902544-30d8df7d4034 cf-cache-status: HIT vary: accept-encoding cf-ray: 962e6b3dbd06b4ee-OSL X-Firefox-Spdy: h2`

	GET tianji.1337.la/tracker.js	88.198.51.12	200 OK	2.5 kB
URL tianji.1337.la/tracker.js IP / ASN 88.198.51.12 #24940 Hetzner Online GmbH Requested byhttps://qu.ax/ Resource Info File typeJavaScript source, ASCII text, with very long lines (2518) First Seen2024-10-25 Last Seen2025-07-27 Times Seen47 Size2.5 kB (2519 bytes) MD5200487c46a5a5e459bedf17b3f92fab6 SHA1a8fe52bf9380dbba592e118aaee37b76e86c3a2c SHA2568b9f7ca84af6c55eee1a711cfb597b6d103d26cb846422a7f4f0800986e5900b Certificate Info IssuerLet's Encrypt Subjecttianji.1337.la Fingerprint8A:97:AA:57:EE:60:E3:7D:BE:D6:9E:B1:59:32:9F:ED:5E:87:C8:6B ValidityTue, 01 Jul 2025 01:10:56 GMT - Mon, 29 Sep 2025 01:10:55 GMT HTTP Headers `GET /tracker.js HTTP/1.1 Host: tianji.1337.la User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://qu.ax/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/2 200 OK server: nginx date: Mon, 21 Jul 2025 23:18:41 GMT content-type: application/javascript; charset=UTF-8 access-control-allow-origin: * accept-ranges: bytes cache-control: public, max-age=604800 last-modified: Fri, 29 Nov 2024 18:44:09 GMT etag: W/"9d7-193793cd0a8" vary: Accept-Encoding, Accept-Encoding content-encoding: gzip alt-svc: h3=":443"; ma=604800 X-Firefox-Spdy: h2`

	GET qu.ax/img/ShareX_Logo_16.png	141.227.180.148	200 OK	874 B
URL qu.ax/img/ShareX_Logo_16.png IP / ASN 141.227.180.148 #0 Requested byhttps://qu.ax/ Resource Info File typePNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced First Seen2024-12-01 Last Seen2025-07-27 Times Seen17 Size874 B (874 bytes) MD58bfc13add651b05b03d4e2ac1b4e2a38 SHA1d78794f1d1c5ef8ae223828894f1684c7cbed2cf SHA256aa091ba0b7eb8fd1a2b8db83f870ab48c34ea5938d01a8d3984145f652657f8f Certificate Info IssuerLet's Encrypt Subject.qu.ax Fingerprint9B:8E:72:C3:47:4E:B4:9C:83:86:EE:C2:0E:5F:7C:B9:03:C6:8F:3A ValidityThu, 10 Jul 2025 23:44:33 GMT - Wed, 08 Oct 2025 23:44:32 GMT HTTP Headers `GET /img/ShareX_Logo_16.png HTTP/1.1 Host: qu.ax User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: image/avif,image/webp,/* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://qu.ax/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache` `HTTP/3 200 OK server: nginx date: Mon, 21 Jul 2025 23:18:41 GMT content-type: image/png content-length: 874 last-modified: Sat, 13 Jul 2024 11:26:03 GMT x-xss-protection: 1; mode=block alt-svc: h3=":443"; ma=604800 accept-ranges: bytes`

	GET cdn.tailwindcss.com/3.4.16	104.20.19.83	200 OK	407 kB
URL cdn.tailwindcss.com/3.4.16 IP / ASN 104.20.19.83 #13335 CLOUDFLARENET Requested byhttps://qu.ax/ Resource Info File typeJavaScript source, ASCII text, with very long lines (52853) First Seen2024-12-07 Last Seen2025-08-01 Times Seen3883 Size407 kB (407279 bytes) MD52697bf25afb0982dfa17c73536f934c1 SHA17d7db122d0639cd1f1a53eb6018d6d713d312679 SHA256fb798bb21731986940cf3a9950fbca386e03633e9a45497701e71f9b87d132ea Certificate Info IssuerGoogle Trust Services Subjecttailwindcss.com FingerprintD9:F5:6C:8B:23:AD:83:43:52:AD:FB:E6:17:93:EC:54:CE:F9:17:88 ValidityFri, 30 May 2025 03:30:41 GMT - Thu, 28 Aug 2025 04:30:37 GMT HTTP Headers `GET /3.4.16 HTTP/1.1 Host: cdn.tailwindcss.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://qu.ax/ DNT: 1 Connection: keep-alive Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/2 200 OK date: Mon, 21 Jul 2025 23:18:41 GMT content-type: text/javascript server: cloudflare vary: accept-encoding cache-control: max-age=31536000 content-encoding: br strict-transport-security: max-age=63072000 x-vercel-cache: MISS x-vercel-id: cle1::iad1::dtq8q-1752504889240-247de917db3c last-modified: Mon, 14 Jul 2025 14:54:49 GMT cf-cache-status: HIT age: 243357 cf-ray: 962e6b3dcd12b4ee-OSL X-Firefox-Spdy: h2`

	GET fonts.googleapis.com/css2?family=Open+Sans:wght@300;400;600&display=swap	142.250.178.106	200 OK	18 kB
URL fonts.googleapis.com/css2?family=Open+Sans:wght@300;400;600&display=swap IP / ASN 142.250.178.106 #15169 GOOGLE Requested byhttps://qu.ax/ Resource Info File typeASCII text, with very long lines (1572) First Seen2025-05-30 Last Seen2025-08-02 Times Seen183 Size18 kB (18042 bytes) MD5bf9714940fcc9e8dc5cab170b06c01ba SHA12d11b3caa1a98cc643090911722a7d8533ade0e9 SHA256f0334a3eefc069b7dcb0833694bce34125cc070f884a024394f94a9fba465f81 Certificate Info IssuerGoogle Trust Services Subjectupload.video.google.com FingerprintDC:40:BF:B1:59:C9:CC:B5:4A:38:2D:D0:16:8D:06:A5:1D:B4:08:8B ValidityMon, 23 Jun 2025 08:41:28 GMT - Mon, 15 Sep 2025 08:41:27 GMT HTTP Headers `GET /css2?family=Open+Sans:wght@300;400;600&display=swap HTTP/1.1 Host: fonts.googleapis.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://qu.ax/ Sec-Fetch-Dest: style Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK content-type: text/css; charset=utf-8 vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site access-control-allow-origin: * timing-allow-origin: * link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin strict-transport-security: max-age=31536000 expires: Mon, 21 Jul 2025 23:18:41 GMT date: Mon, 21 Jul 2025 23:18:41 GMT cache-control: private, max-age=86400 cross-origin-resource-policy: cross-origin cross-origin-opener-policy: same-origin-allow-popups content-encoding: gzip server: ESF x-xss-protection: 0 x-frame-options: SAMEORIGIN x-content-type-options: nosniff alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	GET qu.ax/grill.php	141.227.180.148	302 Found	18 kB
URL qu.ax/grill.php IP / ASN 141.227.180.148 #0 Requested byhttps://qu.ax/ Resource Info File typeN/A First Seen0001-01-01 Last Seen2025-08-02 Times Seen5605915 Size18 kB (18120 bytes) MD5d41d8cd98f00b204e9800998ecf8427e SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Certificate Info IssuerLet's Encrypt Subject.qu.ax Fingerprint9B:8E:72:C3:47:4E:B4:9C:83:86:EE:C2:0E:5F:7C:B9:03:C6:8F:3A ValidityThu, 10 Jul 2025 23:44:33 GMT - Wed, 08 Oct 2025 23:44:32 GMT HTTP Headers `GET /grill.php HTTP/1.1 Host: qu.ax User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: image/avif,image/webp,/* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://qu.ax/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache` `HTTP/3 302 Found server: nginx date: Mon, 21 Jul 2025 23:18:41 GMT content-type: text/html content-length: 138 location: https://qu.ax/img/grills/6.webp`

	GET qu.ax/favicon.ico	141.227.180.148	200 OK	21 kB
URL qu.ax/favicon.ico IP / ASN 141.227.180.148 #0 Requested byhttps://qu.ax/ Resource Info File typePNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced First Seen2023-06-27 Last Seen2025-08-01 Times Seen345 Size21 kB (20601 bytes) MD5b1427ced1520ea9d49dc3ff783f9fc38 SHA1f63057f04bbc9685daef2a5bb5f8b6c0ae483bf0 SHA2569374e3620b1daa8f7ce59acc9250129e15dae90354280f4ce3b8369209ebdd31 Certificate Info IssuerLet's Encrypt Subject.qu.ax Fingerprint9B:8E:72:C3:47:4E:B4:9C:83:86:EE:C2:0E:5F:7C:B9:03:C6:8F:3A ValidityThu, 10 Jul 2025 23:44:33 GMT - Wed, 08 Oct 2025 23:44:32 GMT HTTP Headers `GET /favicon.ico HTTP/1.1 Host: qu.ax User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: image/avif,image/webp,/* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://qu.ax/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache` `HTTP/3 200 OK server: nginx date: Mon, 21 Jul 2025 23:18:42 GMT content-type: image/x-icon last-modified: Wed, 06 Nov 2024 01:25:22 GMT x-xss-protection: 1; mode=block content-encoding: br alt-svc: h3=":443"; ma=604800`

	GET qu.ax/	141.227.180.148	200 OK	36 kB
URL qu.ax/ IP / ASN 141.227.180.148 #0 Requested byN/A Resource Info File typeHTML document, Unicode text, UTF-8 text, with very long lines (1408) First Seen2025-07-05 Last Seen2025-07-27 Times Seen3 Size36 kB (36118 bytes) MD5e2310e91ff8971e8abaec198a339b500 SHA1ff9d0cf84697561dda1df63cfd1f76a0b4aa5caa SHA256bfeb053edbc29ee27aa3bc63ee60d58960e741ffac9bc4eea326a0cbc3528a13 Certificate Info IssuerLet's Encrypt Subject.qu.ax Fingerprint9B:8E:72:C3:47:4E:B4:9C:83:86:EE:C2:0E:5F:7C:B9:03:C6:8F:3A ValidityThu, 10 Jul 2025 23:44:33 GMT - Wed, 08 Oct 2025 23:44:32 GMT HTTP Headers `GET / HTTP/1.1 Host: qu.ax User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/2 200 OK server: nginx date: Mon, 21 Jul 2025 23:18:41 GMT content-type: text/html last-modified: Tue, 01 Jul 2025 11:01:02 GMT x-xss-protection: 1; mode=block content-encoding: br alt-svc: h3=":443"; ma=604800 X-Firefox-Spdy: h2`

	GET qu.ax/img/grills/6.webp	141.227.180.148	200 OK	18 kB
URL qu.ax/img/grills/6.webp IP / ASN 141.227.180.148 #0 Requested byhttps://qu.ax/ Resource Info File typeRIFF (little-endian) data, Web/P image First Seen2024-12-01 Last Seen2025-07-21 Times Seen6 Size18 kB (18120 bytes) MD57c14b157d0c0e550bdbab0b07547b821 SHA1280f2b131d63f8f6863fa325333f514fa55126d7 SHA256adb9c209c48953c7833740358f391328595f08cc25df8f89300922ffe03adb50 Certificate Info IssuerLet's Encrypt Subject.qu.ax Fingerprint9B:8E:72:C3:47:4E:B4:9C:83:86:EE:C2:0E:5F:7C:B9:03:C6:8F:3A ValidityThu, 10 Jul 2025 23:44:33 GMT - Wed, 08 Oct 2025 23:44:32 GMT HTTP Headers `GET /img/grills/6.webp HTTP/1.1 Host: qu.ax User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: image/avif,image/webp,/* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://qu.ax/ DNT: 1 Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache` `HTTP/3 200 OK server: nginx date: Mon, 21 Jul 2025 23:18:41 GMT content-type: image/webp content-length: 18120 last-modified: Wed, 06 Nov 2024 01:25:24 GMT x-xss-protection: 1; mode=block alt-svc: h3=":443"; ma=604800 accept-ranges: bytes`

	POST tianji.1337.la/api/website/send	88.198.51.12	200 OK	676 B
URL tianji.1337.la/api/website/send IP / ASN 88.198.51.12 #24940 Hetzner Online GmbH Requested byhttps://qu.ax/ Resource Info File typeASCII text, with very long lines (676), with no line terminators First Seen2025-07-21 Last Seen2025-07-21 Times Seen1 Size676 B (676 bytes) MD5fc0df28dfa0ea283a8390495614f3a1e SHA17d647b8d4f79658162c28e58b1af022c502cd8c8 SHA256520a668287fea57b3f2df11530e794b4a15ffa5b523986417affee74cdcee23f Certificate Info IssuerLet's Encrypt Subjecttianji.1337.la Fingerprint8A:97:AA:57:EE:60:E3:7D:BE:D6:9E:B1:59:32:9F:ED:5E:87:C8:6B ValidityTue, 01 Jul 2025 01:10:56 GMT - Mon, 29 Sep 2025 01:10:55 GMT HTTP Headers `POST /api/website/send HTTP/1.1 Host: tianji.1337.la User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://qu.ax/ Content-Type: application/json Content-Length: 197 Origin: https://qu.ax DNT: 1 Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/2 200 OK server: nginx date: Mon, 21 Jul 2025 23:18:42 GMT content-type: text/html; charset=utf-8 access-control-allow-origin: * etag: W/"2a4-fWR7jU95ZYFiwo5Ysa8CLFAs2Mg" vary: Accept-Encoding, Accept-Encoding alt-svc: h3=":443"; ma=604800 content-encoding: br X-Firefox-Spdy: h2`

Detections

Host Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (4)

HTTP Transactions (13)

HTTP Headers

HTTP Headers

HTTP Headers

HTTP Headers

HTTP Headers

HTTP Headers

HTTP Headers

HTTP Headers

HTTP Headers

HTTP Headers

HTTP Headers

HTTP Headers

HTTP Headers