| cdnjs.cloudflare.com/ajax/libs/intl-tel-input/17.0.12/css/intlTelInput.min.css |  104.17.25.14 | 200 OK | 1.8 kB |
URL GET HTTP/2cdnjs.cloudflare.com/ajax/libs/intl-tel-input/17.0.12/css/intlTelInput.min.css IP104.17.25.14:443
CertificateIssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT
File typeASCII text, with very long lines (19157), with no line terminators Hash6b7fb2ee130535419a67afb198f41c2b ffb8a25633c4ddeab81d1b1742ac2fd0b442a4c6 c6956e8710cf477f7014440385ae16ee4b8cc7ecfd02fddd4d2f0c6c7fd15845
GET /ajax/libs/intl-tel-input/17.0.12/css/intlTelInput.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pax.tsqwz.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 24 Apr 2024 23:33:01 GMT
content-type: text/css; charset=utf-8
content-length: 1820
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "602836ba-4ad5"
last-modified: Sat, 13 Feb 2021 20:29:46 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 13035512
expires: Mon, 14 Apr 2025 23:33:01 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TYj3G3aYvTwGiuy2kd1Pdx%2BCzPTfAz2OZ1DmYx3zFF9bIqMSB%2FtJQc%2BV2D3yl%2BJtxzxg81yGwLdTdyfv9JvCSYcuNNAjoD2y%2BaRbScOlM638fsIivRcFyfgGLOjKvoa1b62u4oNC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 8799e55c6fd75684-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.8.1/slick.min.js | 104.17.25.14 | 200 OK | 9.3 kB |
URL GET HTTP/2cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.8.1/slick.min.js IP104.17.25.14:443
CertificateIssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (42862) Hashd5a61c749e44e47159af8a6579dda121 3b41b3bc956685015a347a2238e71db29dfa0dbb 0c7178cc6ca34fb18e30f070a5e7a1c287b2d7ccfcba2cfdf06e0f46eda55740
GET /ajax/libs/slick-carousel/1.8.1/slick.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pax.tsqwz.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 24 Apr 2024 23:33:01 GMT
content-type: application/javascript; charset=utf-8
content-length: 9284
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "65999b46-2444"
last-modified: Sat, 06 Jan 2024 19:26:14 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 803842
expires: Mon, 14 Apr 2025 23:33:01 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DQ6uNRlC250naxTrsCkdsWNtwiHbPdnY%2FUofUMa1nVDTs8%2FK92G12A5VRYZ45yzqKtrta3XOdYK23zWHRe0M4ZKYUAetN5Lx8nba2KDCA3gPAa6ydSMtZziAosm0smYTP7K2DMe7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 8799e55c6fd65684-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js | 104.17.25.14 | 200 OK | 28 kB |
URL GET HTTP/2cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js IP104.17.25.14:443
CertificateIssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (65447) Hash8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
GET /ajax/libs/jquery/3.6.0/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pax.tsqwz.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 24 Apr 2024 23:33:01 GMT
content-type: application/javascript; charset=utf-8
content-length: 27938
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "603e8adc-15d9d"
last-modified: Tue, 02 Mar 2021 18:58:36 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 9279
expires: Mon, 14 Apr 2025 23:33:01 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2F%2BaQDzwKEbVMFet8xZiqG8D3dnVlTBule1oXYa0fphPda33yGab%2FoPe9suIFhle%2F10tbPDSx%2Fz7E3%2FF3zNukUkzvRZ3Yu21NVZcmcTEwXstC28%2FLArVNRC1tYkwwiJL6RujToJtZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 8799e55c6fd45684-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| cdnjs.cloudflare.com/ajax/libs/intl-tel-input/17.0.12/js/intlTelInput.min.js | 104.17.25.14 | 200 OK | 9.0 kB |
URL GET HTTP/2cdnjs.cloudflare.com/ajax/libs/intl-tel-input/17.0.12/js/intlTelInput.min.js IP104.17.25.14:443
CertificateIssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (26995) Hash2bb45e43faaa3e0a71c8a3a85e8b16aa 843bf10fef7d4504375501fea375dc80b5a4172d b024339fe00039664fe9d06d5b49f9c7790fd3c0a49fe69b44f77360e71483ef
GET /ajax/libs/intl-tel-input/17.0.12/js/intlTelInput.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pax.tsqwz.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 24 Apr 2024 23:33:01 GMT
content-type: application/javascript; charset=utf-8
content-length: 8967
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "602836ba-7351"
last-modified: Sat, 13 Feb 2021 20:29:46 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 10967
expires: Mon, 14 Apr 2025 23:33:01 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=easADQ%2FURhd9LGsctW%2FwKQmcKTAJc6HPThlNtRM0XwNUxFQiqIib%2FbD1IZ%2B10fL97uZfab9ypFeG1fWXl1u%2FWPPtJC0E6fMRJ5xb3FD1D2%2F9ht3Q%2FRIWoBl%2BiCo%2BLlFl0S%2F2QvuV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 8799e55c7fdc5684-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| cdn.jwplayer.com/players/lvlIBPl4-DZ9rNWWS.js |  143.204.55.18 | 200 OK | 42 kB |
URL GET HTTP/2cdn.jwplayer.com/players/lvlIBPl4-DZ9rNWWS.js IP143.204.55.18:443
CertificateIssuerAmazon Subjectjwplayer.com Fingerprint1E:36:B3:05:8C:13:3B:38:7D:97:0E:97:1E:60:3F:62:06:F3:A6:33 ValidityFri, 27 Oct 2023 00:00:00 GMT - Sat, 23 Nov 2024 23:59:59 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (65108) Hash8801f241ce4ad8695cf0ecd566a21264 b9655cf713bde3fd89babbea1c7afabe5bb30a4f 27488fa74b193ddb73504c55bca415c79b630e1934f187207d25a12322667e7f
GET /players/lvlIBPl4-DZ9rNWWS.js HTTP/1.1
Host: cdn.jwplayer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pax.tsqwz.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
content-length: 42109
access-control-allow-origin: *
cache-control: max-age=180
content-encoding: gzip
date: Wed, 24 Apr 2024 23:33:01 GMT
server: openresty
x-robots-tag: noindex, indexifembedded
x-cache: Miss from cloudfront
via: 1.1 83a23d85c009b0c0e3626072e9f997fe.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: ueb-2fnquUqtCm7WQdOCSLKhM61mGtKKjqj4IFC-hIv6fKnJUYZk0g==
X-Firefox-Spdy: h2
|
|
| pax.tsqwz.xyz/js/script.js |  23.95.186.190 | 200 OK | 48 kB |
URL GET HTTP/2pax.tsqwz.xyz/js/script.js IP23.95.186.190:443 ASN#36352 AS-COLOCROSSING
CertificateIssuerLet's Encrypt Subjectpax.tsqwz.xyz Fingerprint36:39:0C:53:BE:33:A4:37:32:9D:8E:C0:A0:62:DB:CF:F4:8B:7E:D1 ValidityFri, 29 Mar 2024 13:51:51 GMT - Thu, 27 Jun 2024 13:51:50 GMT
File typegzip compressed data, from Unix Hash63e062cc64e22b36caafa010f6335496 b3e38bbcf08fc34cde98f4c1e4967e78807e48fc 2270c7ad6f36bbd29a2325dcbd0777f6834734cb160a66e2409aed04a1719593
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /js/script.js HTTP/1.1
Host: pax.tsqwz.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pax.tsqwz.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: openresty
date: Wed, 24 Apr 2024 23:33:01 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| ssl.p.jwpcdn.com/player/v/8.33.2/jwpsrv.js | 151.101.130.114 | 200 OK | 20 kB |
URL GET HTTP/2ssl.p.jwpcdn.com/player/v/8.33.2/jwpsrv.js IP151.101.130.114:443
CertificateIssuerGlobalSign nv-sa Subject*.jwplayer.com FingerprintAB:15:C6:40:38:53:10:D6:CD:12:E9:B3:27:A9:9A:A9:79:8D:B2:9A ValidityWed, 30 Aug 2023 18:09:48 GMT - Mon, 30 Sep 2024 18:09:47 GMT
File typeASCII text, with very long lines (65536), with no line terminators Hashd7f3733c71441c1881fc4eabe9c96086 8db1f2f35489a41d1fb63af5b9aad52388c58735 9f4c0014a4f36c11302077dc073ef529031ce3eebc04c0ca9bc1d7ea0ed95eca
GET /player/v/8.33.2/jwpsrv.js HTTP/1.1
Host: ssl.p.jwpcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pax.tsqwz.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
cache-control: max-age=900, immutable
last-modified: Fri, 19 Apr 2024 18:23:58 GMT
etag: "d7f3733c71441c1881fc4eabe9c96086"
content-type: application/javascript
server: AmazonS3
content-encoding: gzip
accept-ranges: bytes
date: Wed, 24 Apr 2024 23:33:02 GMT
via: 1.1 varnish
age: 14
x-served-by: cache-hel1410024-HEL
x-cache: HIT
x-cache-hits: 14
x-timer: S1714001582.103702,VS0,VE0
vary: Accept-Encoding
access-control-allow-origin: *
content-length: 19879
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa25L7SUc.woff2 | 216.58.207.227 | 200 OK | 80 kB |
URL GET HTTP/2fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa25L7SUc.woff2 IP216.58.207.227:443
CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com FingerprintF5:5C:D9:68:C6:5F:A3:33:5A:73:C3:79:B6:83:FE:44:2E:A4:83:74 ValidityMon, 18 Mar 2024 20:34:25 GMT - Mon, 10 Jun 2024 20:34:24 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 79940, version 1.0 Hash26859342514946edd3e8dceb17f55c92 34ee9d842c0d0e46325ae608fcd75929e7b27269 a2bfd9fe607d28fd07b05046e622818b8b5b94a358d53853a0d3f03e597cdc71
GET /s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa25L7SUc.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://pax.tsqwz.xyz
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 79940
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 23 Apr 2024 00:37:30 GMT
expires: Wed, 23 Apr 2025 00:37:30 GMT
cache-control: public, max-age=31536000
age: 168932
last-modified: Wed, 13 Sep 2023 23:22:52 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| ssl.p.jwpcdn.com/player/v/8.33.2/jwplayer.core.controls.js | 151.101.130.114 | 200 OK | 86 kB |
URL GET HTTP/2ssl.p.jwpcdn.com/player/v/8.33.2/jwplayer.core.controls.js IP151.101.130.114:443
CertificateIssuerGlobalSign nv-sa Subject*.jwplayer.com FingerprintAB:15:C6:40:38:53:10:D6:CD:12:E9:B3:27:A9:9A:A9:79:8D:B2:9A ValidityWed, 30 Aug 2023 18:09:48 GMT - Mon, 30 Sep 2024 18:09:47 GMT
File typeJavaScript source, ASCII text, with very long lines (65143) Hashb7e06b490a4dc2308c5c5a5a89d392c3 8bb6b9cd9595108446a168def97aff4154668f76 41e5b0cc4ca6d28dd2fdcb0fc134193775cf159e1d6e4b969a27324b11e34575
GET /player/v/8.33.2/jwplayer.core.controls.js HTTP/1.1
Host: ssl.p.jwpcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pax.tsqwz.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
cache-control: max-age=31536000, immutable
last-modified: Tue, 26 Mar 2024 00:08:55 GMT
etag: "b7e06b490a4dc2308c5c5a5a89d392c3"
content-type: application/javascript
server: AmazonS3
content-encoding: gzip
accept-ranges: bytes
date: Wed, 24 Apr 2024 23:33:02 GMT
via: 1.1 varnish
age: 2509903
x-served-by: cache-hel1410024-HEL
x-cache: HIT
x-cache-hits: 94188
x-timer: S1714001582.105384,VS0,VE0
vary: Accept-Encoding
access-control-allow-origin: *
content-length: 86006
X-Firefox-Spdy: h2
|
|
| getyourapi.site/api/geolocation |  3.122.218.248 | 200 OK | 102 B |
URL GET HTTP/2getyourapi.site/api/geolocation IP3.122.218.248:443
CertificateIssuerLet's Encrypt Subjectgetyourapi.site Fingerprint5E:24:43:8B:8E:E3:57:4A:19:01:E0:C3:8C:45:B8:23:F5:E0:AD:F6 ValidityFri, 08 Mar 2024 09:11:52 GMT - Thu, 06 Jun 2024 09:11:51 GMT
Hash4eb451b8ec35076295bb4852bf942ce5 413cca64310dc9069ece1c7827bb2ba1c637fa32 4ea16c2bc67e85a837c5d60547aa63cc05d52b8c7603313d26b2c33ad3d24cfd
| Analyzer | Verdict | Alert |
|---|
| mnemonic secure dns | malicious | Sinkholed | | Quad9 DNS | malicious | Sinkholed |
GET /api/geolocation HTTP/1.1
Host: getyourapi.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://pax.tsqwz.xyz
DNT: 1
Connection: keep-alive
Referer: https://pax.tsqwz.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: openresty
date: Wed, 24 Apr 2024 23:33:02 GMT
content-type: application/json; charset=utf-8
content-length: 102
x-powered-by: Express
access-control-allow-origin: https://pax.tsqwz.xyz
access-control-allow-methods: GET, POST, OPTIONS
access-control-max-age: 600
access-control-allow-credentials: true
access-control-allow-headers: origin, content-type, accept, authorization
access-control-expose-headers: content-type, authorization, x-request-id
x-request-id: 881aebaf-e8b3-4ec4-b997-92106439c9ed
etag: W/"66-QTzKZDENyQaezhx4J7srocY3+jI"
X-Firefox-Spdy: h2
|
|
| cdnjs.cloudflare.com/ajax/libs/intl-tel-input/17.0.12/img/flags.png | 104.17.25.14 | | 68 kB |
URL GET cdnjs.cloudflare.com/ajax/libs/intl-tel-input/17.0.12/img/flags.png IP104.17.25.14:0
CertificateIssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT
File typePNG image data, 5652 x 15, 8-bit/color RGBA, non-interlaced Hash3f2a61090de3cfa8a7547876234c9b77 ed2a4500b497eaeceb12ca9fb8183bce2dd19ebe ead4835bb034d3977fd4aa92437a20fac37b2c67e0c22a5debc61468151d08d7
GET /ajax/libs/intl-tel-input/17.0.12/img/flags.png HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cdnjs.cloudflare.com/ajax/libs/intl-tel-input/17.0.12/css/intlTelInput.min.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 23:33:02 GMT
content-type: image/png; charset=utf-8
content-length: 67650
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "602836d0-1083d"
last-modified: Sat, 13 Feb 2021 20:30:08 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1218112
expires: Mon, 14 Apr 2025 23:33:02 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4FqEMJ1PzSGzzzuWJprohx1OePp%2BT6tg0FR%2FfViDQTrdsM4Drpk%2Bf%2F8TEevlvv29yQ6zV%2FJHKGkVoF0gJtPB1dUyAjSCiMVQg47hbgQFeof0cVlq3VKHvrjvotqYJrQ94NSUb%2BlZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 8799e5632ede56ca-OSL
alt-svc: h3=":443"; ma=86400
|
|
| pax.tsqwz.xyz/fonts/Gotham-Medium.woff2 | 23.95.186.190 | 200 OK | 158 kB |
URL GET HTTP/2pax.tsqwz.xyz/fonts/Gotham-Medium.woff2 IP23.95.186.190:443 ASN#36352 AS-COLOCROSSING
CertificateIssuerLet's Encrypt Subjectpax.tsqwz.xyz Fingerprint36:39:0C:53:BE:33:A4:37:32:9D:8E:C0:A0:62:DB:CF:F4:8B:7E:D1 ValidityFri, 29 Mar 2024 13:51:51 GMT - Thu, 27 Jun 2024 13:51:50 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 32312, version 1.0 Size158 kB (158439 bytes) Hash31e17b10c9e4fcebcaf29d9522290160 ad27a179f20e0e533b374b653c5387ab9575d151 ba19aa5edd1c745d3e02587722822ecbb5128f0f94d2fb0a842ce1270630aa78
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /fonts/Gotham-Medium.woff2 HTTP/1.1
Host: pax.tsqwz.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://pax.tsqwz.xyz/css/style.min.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: openresty
date: Wed, 24 Apr 2024 23:33:02 GMT
content-type: font/woff2
vary: Accept-Encoding
X-Firefox-Spdy: h2
|
|
| ssl.p.jwpcdn.com/player/v/8.33.2/related.js | 151.101.130.114 | 200 OK | 25 kB |
URL GET HTTP/2ssl.p.jwpcdn.com/player/v/8.33.2/related.js IP151.101.130.114:443
CertificateIssuerGlobalSign nv-sa Subject*.jwplayer.com FingerprintAB:15:C6:40:38:53:10:D6:CD:12:E9:B3:27:A9:9A:A9:79:8D:B2:9A ValidityWed, 30 Aug 2023 18:09:48 GMT - Mon, 30 Sep 2024 18:09:47 GMT
File typeJavaScript source, ASCII text, with very long lines (65143) Hash60f4ca4936339df1e511f004d1969cc5 a2a3c4a9e61c31e0365cc35bfbfcb629e6c1d6c2 809623b25d67a821f58ae5567d7eea2c5137753d983d006381580563bb23e092
GET /player/v/8.33.2/related.js HTTP/1.1
Host: ssl.p.jwpcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pax.tsqwz.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
cache-control: max-age=31536000, immutable
last-modified: Tue, 26 Mar 2024 00:09:00 GMT
etag: "60f4ca4936339df1e511f004d1969cc5"
content-type: application/javascript
server: AmazonS3
content-encoding: gzip
accept-ranges: bytes
date: Wed, 24 Apr 2024 23:33:02 GMT
via: 1.1 varnish
age: 2509903
x-served-by: cache-hel1410024-HEL
x-cache: HIT
x-cache-hits: 76097
x-timer: S1714001583.830474,VS0,VE0
vary: Accept-Encoding
access-control-allow-origin: *
content-length: 25135
X-Firefox-Spdy: h2
|
|
| pax.tsqwz.xyz/fonts/sprite.svg | 23.95.186.190 | 200 OK | 27 kB |
URL GET HTTP/2pax.tsqwz.xyz/fonts/sprite.svg IP23.95.186.190:443 ASN#36352 AS-COLOCROSSING
CertificateIssuerLet's Encrypt Subjectpax.tsqwz.xyz Fingerprint36:39:0C:53:BE:33:A4:37:32:9D:8E:C0:A0:62:DB:CF:F4:8B:7E:D1 ValidityFri, 29 Mar 2024 13:51:51 GMT - Thu, 27 Jun 2024 13:51:50 GMT
File typeSVG Scalable Vector Graphics image Hash2d5a69e2d0d8bde849b4549b883f2f23 d2edef554aaede69b68cc0cbf9857c1132a7dd15 10f49b5b7aa4195385e458d876613f897919af7379a75681e28546714c57ff6e
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /fonts/sprite.svg HTTP/1.1
Host: pax.tsqwz.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pax.tsqwz.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: openresty
date: Wed, 24 Apr 2024 23:33:02 GMT
content-type: image/svg+xml
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| pax.tsqwz.xyz/images/header-bcg.webp | 23.95.186.190 | 200 OK | 65 kB |
URL GET HTTP/2pax.tsqwz.xyz/images/header-bcg.webp IP23.95.186.190:443 ASN#36352 AS-COLOCROSSING
CertificateIssuerLet's Encrypt Subjectpax.tsqwz.xyz Fingerprint36:39:0C:53:BE:33:A4:37:32:9D:8E:C0:A0:62:DB:CF:F4:8B:7E:D1 ValidityFri, 29 Mar 2024 13:51:51 GMT - Thu, 27 Jun 2024 13:51:50 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 1440x800, Scaling: [none]x[none], YUV color, decoders should clamp Hashde4a4a8b820b806dfc4366b2f6ccf40e 42d4e94655407e0a260548edf69cd9ae2e1e6910 e519422e5d4312c5018819fa584dce74f9fe7272ad211d34930e1dceb6666e84
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /images/header-bcg.webp HTTP/1.1
Host: pax.tsqwz.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pax.tsqwz.xyz/css/style.min.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: openresty
date: Wed, 24 Apr 2024 23:33:02 GMT
content-type: image/webp
vary: Accept-Encoding
X-Firefox-Spdy: h2
|
|
| cdn.jwplayer.com/v2/media/lvlIBPl4/poster.jpg?width=720 | 143.204.55.18 | | 0 B |
URL GET cdn.jwplayer.com/v2/media/lvlIBPl4/poster.jpg?width=720 IP143.204.55.18:0
CertificateIssuerAmazon Subjectjwplayer.com Fingerprint1E:36:B3:05:8C:13:3B:38:7D:97:0E:97:1E:60:3F:62:06:F3:A6:33 ValidityFri, 27 Oct 2023 00:00:00 GMT - Sat, 23 Nov 2024 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /v2/media/lvlIBPl4/poster.jpg?width=720 HTTP/1.1
Host: cdn.jwplayer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pax.tsqwz.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
content-type: image/jpeg
content-length: 0
location: https://assets-jpcust.jwpsrv.com/thumbnails/n82qapen-720.jpg
access-control-allow-headers: accept-encoding, cache-control, origin, dnt, accept-language
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: max-age=180, max-stale=180
date: Wed, 24 Apr 2024 23:33:02 GMT
server: openresty
x-robots-tag: noindex, indexifembedded
x-cache: Miss from cloudfront
via: 1.1 83a23d85c009b0c0e3626072e9f997fe.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: k3yn7Y_I-EgEk7WOnegZALVmRazpHuACIkgDzvoap1hK2ixrG0kXTQ==
X-Firefox-Spdy: h2
|
|
| assets-jpcust.jwpsrv.com/strips/lvlIBPl4-120.vtt | 151.101.130.114 | 200 OK | 854 B |
URL GET HTTP/2assets-jpcust.jwpsrv.com/strips/lvlIBPl4-120.vtt IP151.101.130.114:443
CertificateIssuerGlobalSign nv-sa Subject*.jwplayer.com FingerprintAB:15:C6:40:38:53:10:D6:CD:12:E9:B3:27:A9:9A:A9:79:8D:B2:9A ValidityWed, 30 Aug 2023 18:09:48 GMT - Mon, 30 Sep 2024 18:09:47 GMT
File typeWebVTT subtitles, ASCII text Hash510468225688b2c740e32f810aad1de4 1d551f33208bc5ff1e9952f103942782c1266096 c7b2199e6eae267170711072df4074b1d5927dcd12aab521eb0529e445b87df7
GET /strips/lvlIBPl4-120.vtt HTTP/1.1
Host: assets-jpcust.jwpsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Referer: https://pax.tsqwz.xyz/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 03 Nov 2022 13:13:15 GMT
etag: "510468225688b2c740e32f810aad1de4"
x-amz-server-side-encryption: AES256
access-control-allow-headers: accept-encoding, cache-control, origin, dnt, accept-language
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=300
content-type: text/vtt
accept-ranges: bytes
age: 53
date: Wed, 24 Apr 2024 23:33:03 GMT
x-served-by: cache-iad-kcgs7200031-IAD, cache-hel1410024-HEL
x-cache: HIT, MISS
x-cache-hits: 25, 0
x-timer: S1714001583.977141,VS0,VE97
vary: Accept-Encoding
server: nginx
content-length: 854
X-Firefox-Spdy: h2
|
|
| assets-jpcust.jwpsrv.com/thumbnails/n82qapen-1280.jpg | 151.101.130.114 | | 11 kB |
URL GET assets-jpcust.jwpsrv.com/thumbnails/n82qapen-1280.jpg IP151.101.130.114:0
CertificateIssuerGlobalSign nv-sa Subject*.jwplayer.com FingerprintAB:15:C6:40:38:53:10:D6:CD:12:E9:B3:27:A9:9A:A9:79:8D:B2:9A ValidityWed, 30 Aug 2023 18:09:48 GMT - Mon, 30 Sep 2024 18:09:47 GMT
File typeJPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, comment: "Lavc57.24.102", baseline, precision 8, 1280x720, components 3 Hashff6b9855092657925308722f3dc070c9 ecded2ee9160ae8b518ad5c227f9f1b9cb55a4a0 636dd9ddde535f865c68f8a1e7dc7b72af07c0e8e0f26a514a06014a6932f8c5
GET /thumbnails/n82qapen-1280.jpg HTTP/1.1
Host: assets-jpcust.jwpsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://pax.tsqwz.xyz/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 03 Nov 2022 13:14:25 GMT
etag: "ff6b9855092657925308722f3dc070c9"
x-amz-server-side-encryption: AES256
access-control-allow-headers: accept-encoding, cache-control, origin, dnt, accept-language
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=900
content-type: image/jpeg
accept-ranges: bytes
age: 372
date: Wed, 24 Apr 2024 23:33:03 GMT
x-served-by: cache-iad-kjyo7100164-IAD, cache-hel1410024-HEL
x-cache: HIT, MISS
x-cache-hits: 4, 0
x-timer: S1714001583.972013,VS0,VE110
vary: Accept-Encoding
server: nginx
content-length: 10950
X-Firefox-Spdy: h2
|
|
| assets-jpcust.jwpsrv.com/thumbnails/n82qapen-720.jpg | 151.101.130.114 | | 7.7 kB |
URL GET assets-jpcust.jwpsrv.com/thumbnails/n82qapen-720.jpg IP151.101.130.114:0
CertificateIssuerGlobalSign nv-sa Subject*.jwplayer.com FingerprintAB:15:C6:40:38:53:10:D6:CD:12:E9:B3:27:A9:9A:A9:79:8D:B2:9A ValidityWed, 30 Aug 2023 18:09:48 GMT - Mon, 30 Sep 2024 18:09:47 GMT
File typeJPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, comment: "Lavc57.24.102", baseline, precision 8, 720x406, components 3 Hash76155b8a27cddd86002c857cd670f29a 42ece8f89ac9e3212dd1a0240c3ed7e1d7dee57c 68997d5c9a143772088e029032b10b5dd238c46c3f2cc6bcbdd25a67b3c6dd42
GET /thumbnails/n82qapen-720.jpg HTTP/1.1
Host: assets-jpcust.jwpsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://pax.tsqwz.xyz/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 03 Nov 2022 13:14:25 GMT
etag: "76155b8a27cddd86002c857cd670f29a"
x-amz-server-side-encryption: AES256
access-control-allow-headers: accept-encoding, cache-control, origin, dnt, accept-language
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=900
content-type: image/jpeg
accept-ranges: bytes
age: 372
date: Wed, 24 Apr 2024 23:33:03 GMT
x-served-by: cache-iad-kiad7000138-IAD, cache-hel1410024-HEL
x-cache: HIT, MISS
x-cache-hits: 31, 0
x-timer: S1714001583.978552,VS0,VE118
vary: Accept-Encoding
server: nginx
content-length: 7672
X-Firefox-Spdy: h2
|
|
| cdn.jwplayer.com/manifests/lvlIBPl4.m3u8 | 143.204.55.18 | 200 OK | 358 B |
URL GET HTTP/2cdn.jwplayer.com/manifests/lvlIBPl4.m3u8 IP143.204.55.18:443
CertificateIssuerAmazon Subjectjwplayer.com Fingerprint1E:36:B3:05:8C:13:3B:38:7D:97:0E:97:1E:60:3F:62:06:F3:A6:33 ValidityFri, 27 Oct 2023 00:00:00 GMT - Sat, 23 Nov 2024 23:59:59 GMT
Hashb51134efa99e06a57c8f4b8de25b5e47 896f99a71b57a25e175fecbde8c6b5a2b78164c8 9bd6b9950a7d8b067ab2ca9f8e976643cf9da555ba5a94a5b45dd4be5ff0c3ba
GET /manifests/lvlIBPl4.m3u8 HTTP/1.1
Host: cdn.jwplayer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://pax.tsqwz.xyz
DNT: 1
Connection: keep-alive
Referer: https://pax.tsqwz.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/vnd.apple.mpegurl; charset=utf-8
content-length: 358
access-control-allow-origin: *
cache-control: max-age=180
content-encoding: gzip
date: Wed, 24 Apr 2024 23:33:03 GMT
server: openresty
x-robots-tag: noindex, indexifembedded
x-cache: Miss from cloudfront
via: 1.1 9ede9483eb891e14681c7c693b47c862.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: X2flZsWpnDhX1Famau8atIH4_xXlkIV5s8iGhc17mEyRZcPOy10xBQ==
X-Firefox-Spdy: h2
|
|
| cdn.jwplayer.com/strips/lvlIBPl4-120.jpg | 143.204.55.18 | | 166 B |
URL GET cdn.jwplayer.com/strips/lvlIBPl4-120.jpg IP143.204.55.18:0
CertificateIssuerAmazon Subjectjwplayer.com Fingerprint1E:36:B3:05:8C:13:3B:38:7D:97:0E:97:1E:60:3F:62:06:F3:A6:33 ValidityFri, 27 Oct 2023 00:00:00 GMT - Sat, 23 Nov 2024 23:59:59 GMT
File typeHTML document, ASCII text, with CRLF line terminators Hash3ea1c8d079b38532a6e01a96216ba5e2 598d3ff91d3e252f1e13df8cf0348b270ff2da3f 87a9323ac85ce28867d5d7ce590c8f29b8d1a999961fca71bb33adef48683691
GET /strips/lvlIBPl4-120.jpg HTTP/1.1
Host: cdn.jwplayer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pax.tsqwz.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 301 Moved Permanently
content-type: text/html
content-length: 166
location: https://assets-jpcust.jwpsrv.com/strips/lvlIBPl4-120.jpg
access-control-allow-origin: *
date: Wed, 24 Apr 2024 23:33:03 GMT
server: openresty
x-robots-tag: noindex, indexifembedded
x-cache: Miss from cloudfront
via: 1.1 83a23d85c009b0c0e3626072e9f997fe.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: PEgGWsiPtL5rdjHszs-p4DWCuw2f1s1-ruqVzXXTijQUnpmg7jqGGw==
X-Firefox-Spdy: h2
|
|
| videos-cloudfront-usp.jwpsrv.com/662a3f6f_c75a92babc4cd35d382491d65b4145ea7b39c19c/site/LzlcdTVT/media/lvlIBPl4/version/lvlIBPl4/manifest.ism/manifest-audio_eng=112024-video_eng=194038.m3u8 | 143.204.55.108 | 200 OK | 3.3 kB |
URL GET HTTP/2videos-cloudfront-usp.jwpsrv.com/662a3f6f_c75a92babc4cd35d382491d65b4145ea7b39c19c/site/LzlcdTVT/media/lvlIBPl4/version/lvlIBPl4/manifest.ism/manifest-audio_eng=112024-video_eng=194038.m3u8 IP143.204.55.108:443
CertificateIssuerAmazon Subjectjwpsrv.com Fingerprint02:F2:3A:55:17:D0:FE:5F:1A:0D:D1:03:79:85:DD:4E:79:AF:27:6B ValiditySat, 17 Feb 2024 00:00:00 GMT - Sun, 16 Mar 2025 23:59:59 GMT
Hash6d701f2b12922272fa83491f2d16645b d3f90c6e25507d1964db8e60751f1b4bac78d670 606e8cbc5cc75ae0986001c2e7f4ae85042ce4028f5f7031e4c4ab6ef3681a91
GET /662a3f6f_c75a92babc4cd35d382491d65b4145ea7b39c19c/site/LzlcdTVT/media/lvlIBPl4/version/lvlIBPl4/manifest.ism/manifest-audio_eng=112024-video_eng=194038.m3u8 HTTP/1.1
Host: videos-cloudfront-usp.jwpsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://pax.tsqwz.xyz
DNT: 1
Connection: keep-alive
Referer: https://pax.tsqwz.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/vnd.apple.mpegurl
content-length: 3258
server: Apache
accept-ranges: bytes
access-control-allow-headers: origin, range, x-cdn-forward
access-control-allow-origin: *
access-control-expose-headers: server,range,date,x-cdn-forward
timing-allow-origin: *
date: Wed, 24 Apr 2024 22:52:07 GMT
cache-control: max-age=2592000
etag: "usp-6E566A35"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 bcd5dadccb0831729969c938747ff79a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: LpVU_Ym6CDAzWKicvt5kXvQDPOl5GmeIiZwi3wpMDTzr7llpYeNZSw==
age: 7985
X-Firefox-Spdy: h2
|
|
| videos-cloudfront-usp.jwpsrv.com/662a3f6f_c75a92babc4cd35d382491d65b4145ea7b39c19c/site/LzlcdTVT/media/lvlIBPl4/version/lvlIBPl4/manifest.ism/manifest-audio_eng=112024-video_eng=194038-1.ts | 143.204.55.108 | 200 OK | 109 kB |
URL GET HTTP/2videos-cloudfront-usp.jwpsrv.com/662a3f6f_c75a92babc4cd35d382491d65b4145ea7b39c19c/site/LzlcdTVT/media/lvlIBPl4/version/lvlIBPl4/manifest.ism/manifest-audio_eng=112024-video_eng=194038-1.ts IP143.204.55.108:443
CertificateIssuerAmazon Subjectjwpsrv.com Fingerprint02:F2:3A:55:17:D0:FE:5F:1A:0D:D1:03:79:85:DD:4E:79:AF:27:6B ValiditySat, 17 Feb 2024 00:00:00 GMT - Sun, 16 Mar 2025 23:59:59 GMT
File typeMPEG transport stream data Size109 kB (108664 bytes) Hash752b6b43f00c33569529c706af0c45ec ea9501cd45b4fb36cbfb6d752e7bf48a9e41b62b 273e97f9495d2a0a922caffe441c6594a1c78d98bd63b1a311285e9cfd215aaf
GET /662a3f6f_c75a92babc4cd35d382491d65b4145ea7b39c19c/site/LzlcdTVT/media/lvlIBPl4/version/lvlIBPl4/manifest.ism/manifest-audio_eng=112024-video_eng=194038-1.ts HTTP/1.1
Host: videos-cloudfront-usp.jwpsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://pax.tsqwz.xyz
DNT: 1
Connection: keep-alive
Referer: https://pax.tsqwz.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: video/MP2T
content-length: 108664
server: Apache
x-usp-info1: t=1970-01-01T00:00:00Z lookahead=2
accept-ranges: bytes
link: <manifest-audio_eng=112024-video_eng=194038-2.ts>; rel="next"
access-control-allow-headers: origin, range, x-cdn-forward
access-control-allow-origin: *
access-control-expose-headers: server,range,date,x-cdn-forward
timing-allow-origin: *
date: Fri, 19 Apr 2024 13:21:34 GMT
cache-control: max-age=2592000
etag: "usp-5E26BFAC"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 bcd5dadccb0831729969c938747ff79a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: l6xyuCoSXL03EiLOvz-2NrIb9Z3NUxJ3OCCUZDqwOhyYCNm2kihNKA==
age: 468689
X-Firefox-Spdy: h2
|
|
| assets-jpcust.jwpsrv.com/strips/lvlIBPl4-120.jpg | 151.101.130.114 | | 158 kB |
URL GET assets-jpcust.jwpsrv.com/strips/lvlIBPl4-120.jpg IP151.101.130.114:0
CertificateIssuerGlobalSign nv-sa Subject*.jwplayer.com FingerprintAB:15:C6:40:38:53:10:D6:CD:12:E9:B3:27:A9:9A:A9:79:8D:B2:9A ValidityWed, 30 Aug 2023 18:09:48 GMT - Mon, 30 Sep 2024 18:09:47 GMT
File typeJPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, comment: "Lavc57.24.102", baseline, precision 8, 480x1340, components 3 Size158 kB (158004 bytes) Hash303098f5bbc527665ec4cd38fcdccaea 67c15984f43c14de5b58711b5c24864c5313b40c 982f351903fcb0546db2a5a90050a6632ca298d9fb930f752d1eddbf5b935120
GET /strips/lvlIBPl4-120.jpg HTTP/1.1
Host: assets-jpcust.jwpsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://pax.tsqwz.xyz/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 03 Nov 2022 13:13:15 GMT
etag: "303098f5bbc527665ec4cd38fcdccaea"
x-amz-server-side-encryption: AES256
access-control-allow-headers: accept-encoding, cache-control, origin, dnt, accept-language
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=900
content-type: image/jpeg
accept-ranges: bytes
age: 365
date: Wed, 24 Apr 2024 23:33:03 GMT
x-served-by: cache-iad-kcgs7200158-IAD, cache-hel1410024-HEL
x-cache: HIT, MISS
x-cache-hits: 5, 0
x-timer: S1714001583.234287,VS0,VE107
vary: Accept-Encoding
server: nginx
content-length: 158004
X-Firefox-Spdy: h2
|
|
| cdnjs.cloudflare.com/ajax/libs/intl-tel-input/17.0.12/js/utils.min.js | 104.17.25.14 | 200 OK | 45 kB |
URL GET HTTP/3cdnjs.cloudflare.com/ajax/libs/intl-tel-input/17.0.12/js/utils.min.js IP104.17.25.14:443
CertificateIssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hash91b687e42f7561155c0b7113a96b485f 6ff7e72d6e4043d089351461106a3678174cc65d 40be34b828e28a6e711efb10cb00aab537ef9de74abb3864acd2fa59665f6fbf
GET /ajax/libs/intl-tel-input/17.0.12/js/utils.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pax.tsqwz.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 23:33:03 GMT
content-type: application/javascript; charset=utf-8
content-length: 44956
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "6028372e-3bf7a"
last-modified: Sat, 13 Feb 2021 20:31:42 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 798191
expires: Mon, 14 Apr 2025 23:33:03 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8lcbA83VBgPi7vVKEGMEsxZAm3G5hqtrOecmRWbDHmuE%2FW%2BboF9vUaBHVGVcYjfre2trnpUmp1wqFqRd52QRBW8dN%2FS2TZ0wYflJ1wy5eEe2KeGq7uUltjDR%2BJ6LCTgkbdgxDcKf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 8799e56819b056ca-OSL
alt-svc: h3=":443"; ma=86400
|
|
| videos-cloudfront-usp.jwpsrv.com/662a3f6f_c75a92babc4cd35d382491d65b4145ea7b39c19c/site/LzlcdTVT/media/lvlIBPl4/version/lvlIBPl4/manifest.ism/manifest-audio_eng=112024-video_eng=363430.m3u8 | 143.204.55.108 | 200 OK | 3.3 kB |
URL GET HTTP/2videos-cloudfront-usp.jwpsrv.com/662a3f6f_c75a92babc4cd35d382491d65b4145ea7b39c19c/site/LzlcdTVT/media/lvlIBPl4/version/lvlIBPl4/manifest.ism/manifest-audio_eng=112024-video_eng=363430.m3u8 IP143.204.55.108:443
CertificateIssuerAmazon Subjectjwpsrv.com Fingerprint02:F2:3A:55:17:D0:FE:5F:1A:0D:D1:03:79:85:DD:4E:79:AF:27:6B ValiditySat, 17 Feb 2024 00:00:00 GMT - Sun, 16 Mar 2025 23:59:59 GMT
Hash509ea2ac66a3ebf1ce4db55a37f1ecdd 96b204813eb4b42cc27fd0ece83eb417ca95e219 a1d2c96b6e1d9b36da2d19e0e214dbe70fc7f9e68ac6f17f661ade6f06ec0f4e
GET /662a3f6f_c75a92babc4cd35d382491d65b4145ea7b39c19c/site/LzlcdTVT/media/lvlIBPl4/version/lvlIBPl4/manifest.ism/manifest-audio_eng=112024-video_eng=363430.m3u8 HTTP/1.1
Host: videos-cloudfront-usp.jwpsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://pax.tsqwz.xyz
DNT: 1
Connection: keep-alive
Referer: https://pax.tsqwz.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/vnd.apple.mpegurl
content-length: 3258
server: Apache
accept-ranges: bytes
access-control-allow-headers: origin, range, x-cdn-forward
access-control-allow-origin: *
access-control-expose-headers: server,range,date,x-cdn-forward
timing-allow-origin: *
date: Wed, 24 Apr 2024 07:20:50 GMT
cache-control: max-age=2592000
etag: "usp-A407830D"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 bcd5dadccb0831729969c938747ff79a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: _AqV8U5z12nZMxt_FnSAIzleFlXo8DjEaG6z3YKgdNYAnSb7PAGCSA==
age: 60632
X-Firefox-Spdy: h2
|
|
| prd.jwpltx.com/v1/jwplayer6/ping.gif?h=-946281930&e=e&n=3485656969997553&aid=3yKlf0uPEe24AaLjAIT7fw&=0&at=1&c=-1&ccp=0&cp=0&d=0&eb=0&ed=9&emi=al02lv10uf1r&i=0&id=lvlIBPl4&lid=1n3righ1o34c&lsa=set&mt=0&pbd=1&pbr=1&pgi=555h95hnpwfo&ph=3&pid=DZ9rNWWS&pii=0&pl=720&plc=1&pli=ynn9gt17zag4&pp=hlsjs&ppm=VOD&prc=1&ps=4&pss=1&pt=Tesla%20X&pu=https%3A%2F%2Fpax.tsqwz.xyz%2F&pv=8.33.2&pyc=0&s=0&sdk=0&stc=1&stpe=0&t=Teslax%20Pl&tv=4.0.5&vb=0&vi=0&vl=90&wd=1280&ab=1&cae=0&cb=0&cdid=botr_lvlIBPl4_DZ9rNWWS_div&cme=0&dd=1&dnt=1&flc=0&fv=&ga=0&lng=pl&mk=hls&mu=https%3A%2F%2Fcdn.jwplayer.com%2Fmanifests%2FlvlIBPl4.m3u8&pbc=0&pd=2&pdr=&plng=pl&plt=2900&pni=0&po=0&sp=0&st=820&sa=1714001582811 | 54.230.111.45 | 204 No Content | 0 B |
URL GET HTTP/2prd.jwpltx.com/v1/jwplayer6/ping.gif?h=-946281930&e=e&n=3485656969997553&aid=3yKlf0uPEe24AaLjAIT7fw&=0&at=1&c=-1&ccp=0&cp=0&d=0&eb=0&ed=9&emi=al02lv10uf1r&i=0&id=lvlIBPl4&lid=1n3righ1o34c&lsa=set&mt=0&pbd=1&pbr=1&pgi=555h95hnpwfo&ph=3&pid=DZ9rNWWS&pii=0&pl=720&plc=1&pli=ynn9gt17zag4&pp=hlsjs&ppm=VOD&prc=1&ps=4&pss=1&pt=Tesla%20X&pu=https%3A%2F%2Fpax.tsqwz.xyz%2F&pv=8.33.2&pyc=0&s=0&sdk=0&stc=1&stpe=0&t=Teslax%20Pl&tv=4.0.5&vb=0&vi=0&vl=90&wd=1280&ab=1&cae=0&cb=0&cdid=botr_lvlIBPl4_DZ9rNWWS_div&cme=0&dd=1&dnt=1&flc=0&fv=&ga=0&lng=pl&mk=hls&mu=https%3A%2F%2Fcdn.jwplayer.com%2Fmanifests%2FlvlIBPl4.m3u8&pbc=0&pd=2&pdr=&plng=pl&plt=2900&pni=0&po=0&sp=0&st=820&sa=1714001582811 IP54.230.111.45:443
CertificateIssuerAmazon Subjectjwpltx.com Fingerprint08:F2:27:E1:0C:A3:8D:CD:35:18:A0:B0:21:C0:81:21:CA:75:F4:4F ValidityThu, 12 Oct 2023 00:00:00 GMT - Sat, 09 Nov 2024 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /v1/jwplayer6/ping.gif?h=-946281930&e=e&n=3485656969997553&aid=3yKlf0uPEe24AaLjAIT7fw&=0&at=1&c=-1&ccp=0&cp=0&d=0&eb=0&ed=9&emi=al02lv10uf1r&i=0&id=lvlIBPl4&lid=1n3righ1o34c&lsa=set&mt=0&pbd=1&pbr=1&pgi=555h95hnpwfo&ph=3&pid=DZ9rNWWS&pii=0&pl=720&plc=1&pli=ynn9gt17zag4&pp=hlsjs&ppm=VOD&prc=1&ps=4&pss=1&pt=Tesla%20X&pu=https%3A%2F%2Fpax.tsqwz.xyz%2F&pv=8.33.2&pyc=0&s=0&sdk=0&stc=1&stpe=0&t=Teslax%20Pl&tv=4.0.5&vb=0&vi=0&vl=90&wd=1280&ab=1&cae=0&cb=0&cdid=botr_lvlIBPl4_DZ9rNWWS_div&cme=0&dd=1&dnt=1&flc=0&fv=&ga=0&lng=pl&mk=hls&mu=https%3A%2F%2Fcdn.jwplayer.com%2Fmanifests%2FlvlIBPl4.m3u8&pbc=0&pd=2&pdr=&plng=pl&plt=2900&pni=0&po=0&sp=0&st=820&sa=1714001582811 HTTP/1.1
Host: prd.jwpltx.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pax.tsqwz.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 204 No Content
date: Wed, 24 Apr 2024 23:33:03 GMT
server: nginx
x-cache: Miss from cloudfront
via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: aoAwSU1PYvTKnwLEvmVZD0ZQ5HZf-Nzqi_gg-65C_BWqy_UhE-q6NQ==
X-Firefox-Spdy: h2
|
|
| cdn.jwplayer.com/v2/media/lvlIBPl4/poster.jpg?width=1280 | 0.0.0.0 | | 0 B |
URL GET cdn.jwplayer.com/v2/media/lvlIBPl4/poster.jpg?width=1280 IP0.0.0.0:0
CertificateIssuerAmazon Subjectjwplayer.com Fingerprint1E:36:B3:05:8C:13:3B:38:7D:97:0E:97:1E:60:3F:62:06:F3:A6:33 ValidityFri, 27 Oct 2023 00:00:00 GMT - Sat, 23 Nov 2024 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /v2/media/lvlIBPl4/poster.jpg?width=1280 HTTP/1.1
Host: cdn.jwplayer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pax.tsqwz.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
content-type: image/jpeg
content-length: 0
location: https://assets-jpcust.jwpsrv.com/thumbnails/n82qapen-1280.jpg
access-control-allow-headers: accept-encoding, cache-control, origin, dnt, accept-language
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: max-age=180, max-stale=180
date: Wed, 24 Apr 2024 23:33:02 GMT
server: openresty
x-robots-tag: noindex, indexifembedded
x-cache: Miss from cloudfront
via: 1.1 83a23d85c009b0c0e3626072e9f997fe.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 9fTel6iz0dni6NoG8K7mSIs1aGXI0y-Xo-gYlfNLhxPCRBADz3IRKg==
X-Firefox-Spdy: h2
|
|
| | 23.95.186.190 | 200 OK | 88 kB |
URL User Request GET HTTP/2IP23.95.186.190:443 ASN#36352 AS-COLOCROSSING
CertificateIssuerLet's Encrypt Subjectpax.tsqwz.xyz Fingerprint36:39:0C:53:BE:33:A4:37:32:9D:8E:C0:A0:62:DB:CF:F4:8B:7E:D1 ValidityFri, 29 Mar 2024 13:51:51 GMT - Thu, 27 Jun 2024 13:51:50 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET / HTTP/1.1
Host: pax.tsqwz.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: openresty
date: Wed, 24 Apr 2024 23:33:00 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| pax.tsqwz.xyz/images/india.webp | 23.95.186.190 | 200 OK | 716 B |
URL GET HTTP/2pax.tsqwz.xyz/images/india.webp IP23.95.186.190:443 ASN#36352 AS-COLOCROSSING
CertificateIssuerLet's Encrypt Subjectpax.tsqwz.xyz Fingerprint36:39:0C:53:BE:33:A4:37:32:9D:8E:C0:A0:62:DB:CF:F4:8B:7E:D1 ValidityFri, 29 Mar 2024 13:51:51 GMT - Thu, 27 Jun 2024 13:51:50 GMT
File typeRIFF (little-endian) data, Web/P image Hashfaabef75210aa9ce85cc37283c6ae949 89111d51234164467eaf6f8a0a1abb94bcbda924 f6157311766f7bf14c9fd94eeee62a9c139d451646759f8753978c0e1bfeab5f
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /images/india.webp HTTP/1.1
Host: pax.tsqwz.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pax.tsqwz.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: openresty
date: Wed, 24 Apr 2024 23:33:01 GMT
content-type: image/webp
vary: Accept-Encoding
X-Firefox-Spdy: h2
|
|
| pax.tsqwz.xyz/images/romania.webp | 23.95.186.190 | 200 OK | 400 B |
URL GET HTTP/2pax.tsqwz.xyz/images/romania.webp IP23.95.186.190:443 ASN#36352 AS-COLOCROSSING
CertificateIssuerLet's Encrypt Subjectpax.tsqwz.xyz Fingerprint36:39:0C:53:BE:33:A4:37:32:9D:8E:C0:A0:62:DB:CF:F4:8B:7E:D1 ValidityFri, 29 Mar 2024 13:51:51 GMT - Thu, 27 Jun 2024 13:51:50 GMT
File typeRIFF (little-endian) data, Web/P image Hash8e25d63c4df3dde833069df2b69dcd1d e79b38e7d1c0ffffc300b1db45b80855d92bfe51 cb8aaaf385cc39887832cd2294c655cbeb75bb624e787903df8cb05d11321e31
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /images/romania.webp HTTP/1.1
Host: pax.tsqwz.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pax.tsqwz.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: openresty
date: Wed, 24 Apr 2024 23:33:01 GMT
content-type: image/webp
vary: Accept-Encoding
X-Firefox-Spdy: h2
|
|
| pax.tsqwz.xyz/fonts/arrow-next.svg | 23.95.186.190 | 200 OK | 293 B |
URL GET HTTP/2pax.tsqwz.xyz/fonts/arrow-next.svg IP23.95.186.190:443 ASN#36352 AS-COLOCROSSING
CertificateIssuerLet's Encrypt Subjectpax.tsqwz.xyz Fingerprint36:39:0C:53:BE:33:A4:37:32:9D:8E:C0:A0:62:DB:CF:F4:8B:7E:D1 ValidityFri, 29 Mar 2024 13:51:51 GMT - Thu, 27 Jun 2024 13:51:50 GMT
File typeSVG Scalable Vector Graphics image Hash3929ed355069e08d8e564da178b95fc9 5ae7e1582e05e28a3a07d6aae4175feaae632540 c5d98853cc319bb6138cec76914c93ad8dc77d449668899d6da09b414d9c95c1
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /fonts/arrow-next.svg HTTP/1.1
Host: pax.tsqwz.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pax.tsqwz.xyz/css/style.min.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: openresty
date: Wed, 24 Apr 2024 23:33:02 GMT
content-type: image/svg+xml
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| pax.tsqwz.xyz/css/form-style.css | 23.95.186.190 | 200 OK | 2.9 kB |
URL GET HTTP/2pax.tsqwz.xyz/css/form-style.css IP23.95.186.190:443 ASN#36352 AS-COLOCROSSING
CertificateIssuerLet's Encrypt Subjectpax.tsqwz.xyz Fingerprint36:39:0C:53:BE:33:A4:37:32:9D:8E:C0:A0:62:DB:CF:F4:8B:7E:D1 ValidityFri, 29 Mar 2024 13:51:51 GMT - Thu, 27 Jun 2024 13:51:50 GMT
File typeASCII text, with very long lines (3234), with no line terminators Hashc32c15a85b0786efe5cd597c2cb6605a 8f4998b8383a29f86074423c91f3e4e6d1dd61f6 0f1fc1f2adb094fa494362afce263a5cb3a845defdcff1c8db3482f49532ce2a
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /css/form-style.css HTTP/1.1
Host: pax.tsqwz.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pax.tsqwz.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: openresty
date: Wed, 24 Apr 2024 23:33:01 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| cdn.jwplayer.com/v2/sites/LzlcdTVT/media/lvlIBPl4/playback.json?recommendations_playlist_id=z6et6XYN | 143.204.55.18 | 200 OK | 2.0 kB |
URL GET HTTP/2cdn.jwplayer.com/v2/sites/LzlcdTVT/media/lvlIBPl4/playback.json?recommendations_playlist_id=z6et6XYN IP143.204.55.18:443
CertificateIssuerAmazon Subjectjwplayer.com Fingerprint1E:36:B3:05:8C:13:3B:38:7D:97:0E:97:1E:60:3F:62:06:F3:A6:33 ValidityFri, 27 Oct 2023 00:00:00 GMT - Sat, 23 Nov 2024 23:59:59 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (2191), with no line terminators Hashe1230a5fb6795b6c8f3a518fb7c4c6bc 7b067a0278d0407006d78c699715250c995bef56 1efe99c8b8d7009a2bac904a231952c6d1d325b72957ee53d4f8887af8bb7031
GET /v2/sites/LzlcdTVT/media/lvlIBPl4/playback.json?recommendations_playlist_id=z6et6XYN HTTP/1.1
Host: cdn.jwplayer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://pax.tsqwz.xyz
DNT: 1
Connection: keep-alive
Referer: https://pax.tsqwz.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/json
date: Wed, 24 Apr 2024 23:33:02 GMT
access-control-allow-origin: *
x-robots-tag: none, indexifembedded
server: uvicorn
cache-control: max-age=180
content-encoding: gzip
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 9ede9483eb891e14681c7c693b47c862.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 8Rvn3EVs0yXDccsTSTCKHpsN1G23ClGTj-6rUs7Pg1TtDDZOsflZdg==
X-Firefox-Spdy: h2
|
|
| pax.tsqwz.xyz/images/phone-bcg.webp | 23.95.186.190 | 200 OK | 146 kB |
URL GET HTTP/2pax.tsqwz.xyz/images/phone-bcg.webp IP23.95.186.190:443 ASN#36352 AS-COLOCROSSING
CertificateIssuerLet's Encrypt Subjectpax.tsqwz.xyz Fingerprint36:39:0C:53:BE:33:A4:37:32:9D:8E:C0:A0:62:DB:CF:F4:8B:7E:D1 ValidityFri, 29 Mar 2024 13:51:51 GMT - Thu, 27 Jun 2024 13:51:50 GMT
File typeRIFF (little-endian) data, Web/P image Size146 kB (145500 bytes) Hash297c90759accc28b175d50c122a65aa9 a466a2b9b9c1235b91e1c8d39ff250488b61d404 204de636267e938ccf3ca022793e7a037a797e3abb8f29090f9a4702f9841b1b
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /images/phone-bcg.webp HTTP/1.1
Host: pax.tsqwz.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pax.tsqwz.xyz/css/style.min.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: openresty
date: Wed, 24 Apr 2024 23:33:02 GMT
content-type: image/webp
vary: Accept-Encoding
X-Firefox-Spdy: h2
|
|
| pax.tsqwz.xyz/images/ukraine.webp | 23.95.186.190 | 200 OK | 364 B |
URL GET HTTP/2pax.tsqwz.xyz/images/ukraine.webp IP23.95.186.190:443 ASN#36352 AS-COLOCROSSING
CertificateIssuerLet's Encrypt Subjectpax.tsqwz.xyz Fingerprint36:39:0C:53:BE:33:A4:37:32:9D:8E:C0:A0:62:DB:CF:F4:8B:7E:D1 ValidityFri, 29 Mar 2024 13:51:51 GMT - Thu, 27 Jun 2024 13:51:50 GMT
File typeRIFF (little-endian) data, Web/P image Hash23aa722cc9f33aa69c73b7e791afaa92 3f4c568908a123d542644205e713ccba720f5f4d 834b7718a375061cfea3a0433edc1a1d7b7c94c834a2ab20d592c6e86af4f02c
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /images/ukraine.webp HTTP/1.1
Host: pax.tsqwz.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pax.tsqwz.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: openresty
date: Wed, 24 Apr 2024 23:33:01 GMT
content-type: image/webp
vary: Accept-Encoding
X-Firefox-Spdy: h2
|
|
| pax.tsqwz.xyz/images/action-bcg.webp | 23.95.186.190 | 200 OK | 55 kB |
URL GET HTTP/2pax.tsqwz.xyz/images/action-bcg.webp IP23.95.186.190:443 ASN#36352 AS-COLOCROSSING
CertificateIssuerLet's Encrypt Subjectpax.tsqwz.xyz Fingerprint36:39:0C:53:BE:33:A4:37:32:9D:8E:C0:A0:62:DB:CF:F4:8B:7E:D1 ValidityFri, 29 Mar 2024 13:51:51 GMT - Thu, 27 Jun 2024 13:51:50 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 1440x800, Scaling: [none]x[none], YUV color, decoders should clamp Hash0535f11aa8188a20a69589b202662efc b5f4f1801ff5dc8983419914a0a2791c29a5d616 b19794e39e32323d4e8863ee6b776d36da648bfeb44a29b93c4eb7291b586b4b
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /images/action-bcg.webp HTTP/1.1
Host: pax.tsqwz.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pax.tsqwz.xyz/css/style.min.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: openresty
date: Wed, 24 Apr 2024 23:33:02 GMT
content-type: image/webp
vary: Accept-Encoding
X-Firefox-Spdy: h2
|
|
| pax.tsqwz.xyz/fonts/arrow-prev.svg | 23.95.186.190 | 200 OK | 292 B |
URL GET HTTP/2pax.tsqwz.xyz/fonts/arrow-prev.svg IP23.95.186.190:443 ASN#36352 AS-COLOCROSSING
CertificateIssuerLet's Encrypt Subjectpax.tsqwz.xyz Fingerprint36:39:0C:53:BE:33:A4:37:32:9D:8E:C0:A0:62:DB:CF:F4:8B:7E:D1 ValidityFri, 29 Mar 2024 13:51:51 GMT - Thu, 27 Jun 2024 13:51:50 GMT
File typeSVG Scalable Vector Graphics image Hash8dafb22eaaa8b9e0c547c08e11759624 4cd1e3edb46be61dc5b9da6a5054309b81927c2c f60fa659b2bc0eda712fc048f81ec97d6d678890dc4f61d40578472018851bc4
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /fonts/arrow-prev.svg HTTP/1.1
Host: pax.tsqwz.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pax.tsqwz.xyz/css/style.min.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: openresty
date: Wed, 24 Apr 2024 23:33:02 GMT
content-type: image/svg+xml
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| pax.tsqwz.xyz/fonts/logo.svg | 23.95.186.190 | 200 OK | 2.7 kB |
URL GET HTTP/2pax.tsqwz.xyz/fonts/logo.svg IP23.95.186.190:443 ASN#36352 AS-COLOCROSSING
CertificateIssuerLet's Encrypt Subjectpax.tsqwz.xyz Fingerprint36:39:0C:53:BE:33:A4:37:32:9D:8E:C0:A0:62:DB:CF:F4:8B:7E:D1 ValidityFri, 29 Mar 2024 13:51:51 GMT - Thu, 27 Jun 2024 13:51:50 GMT
File typeSVG Scalable Vector Graphics image Hash7faf27f9329795a77ab8841d87ba63df 4ba1f1d8a4961637f6a553e99ceda25c8d4696a6 c303e28f17ded2bec3e442994b382a58c4b651483f3ae4f9d996f91036286ddb
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /fonts/logo.svg HTTP/1.1
Host: pax.tsqwz.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pax.tsqwz.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: openresty
date: Wed, 24 Apr 2024 23:33:01 GMT
content-type: image/svg+xml
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2 | 216.58.207.227 | 200 OK | 47 kB |
URL GET HTTP/2fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2 IP216.58.207.227:443
CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com FingerprintF5:5C:D9:68:C6:5F:A3:33:5A:73:C3:79:B6:83:FE:44:2E:A4:83:74 ValidityMon, 18 Mar 2024 20:34:25 GMT - Mon, 10 Jun 2024 20:34:24 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 46704, version 1.0 Hash30a274cd01b6eeb0b082c918b0697f1e 393311bde26b99a4ad935fa55bad1dce7994388b 88df0b5a7bc397dbc13a26bb8b3742cc62cd1c9b0dded57da7832416d6f52f42
GET /s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://pax.tsqwz.xyz
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 46704
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 23 Apr 2024 07:14:19 GMT
expires: Wed, 23 Apr 2025 07:14:19 GMT
cache-control: public, max-age=31536000
age: 145123
last-modified: Wed, 13 Sep 2023 23:49:07 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| pax.tsqwz.xyz/css/style.min.css | 23.95.186.190 | 200 OK | 31 kB |
URL GET HTTP/2pax.tsqwz.xyz/css/style.min.css IP23.95.186.190:443 ASN#36352 AS-COLOCROSSING
CertificateIssuerLet's Encrypt Subjectpax.tsqwz.xyz Fingerprint36:39:0C:53:BE:33:A4:37:32:9D:8E:C0:A0:62:DB:CF:F4:8B:7E:D1 ValidityFri, 29 Mar 2024 13:51:51 GMT - Thu, 27 Jun 2024 13:51:50 GMT
File typeassembler source, ASCII text Hashe4faeab2deb2d58c38e60b0d5c77c93d 4286ff9bb75de6dee76aa6d9a5fec2a13991a754 4fbdec87143a17ef81ec23025628e04cf6c6817db8770f90893766cff385e5c4
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /css/style.min.css HTTP/1.1
Host: pax.tsqwz.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pax.tsqwz.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: openresty
date: Wed, 24 Apr 2024 23:33:01 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| cdn.jwplayer.com/strips/lvlIBPl4-120.vtt | 143.204.55.18 | 301 Moved Permanently | 4.9 kB |
URL GET HTTP/2cdn.jwplayer.com/strips/lvlIBPl4-120.vtt IP143.204.55.18:443
CertificateIssuerAmazon Subjectjwplayer.com Fingerprint1E:36:B3:05:8C:13:3B:38:7D:97:0E:97:1E:60:3F:62:06:F3:A6:33 ValidityFri, 27 Oct 2023 00:00:00 GMT - Sat, 23 Nov 2024 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /strips/lvlIBPl4-120.vtt HTTP/1.1
Host: cdn.jwplayer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://pax.tsqwz.xyz
DNT: 1
Connection: keep-alive
Referer: https://pax.tsqwz.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 301 Moved Permanently
content-type: text/html
content-length: 166
location: https://assets-jpcust.jwpsrv.com/strips/lvlIBPl4-120.vtt
access-control-allow-origin: *
date: Wed, 24 Apr 2024 23:33:02 GMT
server: openresty
x-robots-tag: noindex, indexifembedded
x-cache: Miss from cloudfront
via: 1.1 9ede9483eb891e14681c7c693b47c862.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: iLjFBgNQE8_b_IZkguTcjmchLmpefFNQerKLlqC1-8bnIRkwNigziw==
X-Firefox-Spdy: h2
|
|
| pax.tsqwz.xyz/favicon.ico | 23.95.186.190 | 200 OK | 1.2 kB |
URL GET HTTP/2pax.tsqwz.xyz/favicon.ico IP23.95.186.190:443 ASN#36352 AS-COLOCROSSING
CertificateIssuerLet's Encrypt Subjectpax.tsqwz.xyz Fingerprint36:39:0C:53:BE:33:A4:37:32:9D:8E:C0:A0:62:DB:CF:F4:8B:7E:D1 ValidityFri, 29 Mar 2024 13:51:51 GMT - Thu, 27 Jun 2024 13:51:50 GMT
File typeMS Windows icon resource - 1 icon, 16x16, 32 bits/pixel Hash7ef4ec4e1027943715492f24a985be25 8454da94176311c5c390d2d1a37155611d4524e1 58ec991677746be80baaff8347d8372a31c9bfbbb5dafa5e0cefae36a8d95f21
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: pax.tsqwz.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pax.tsqwz.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: openresty
date: Wed, 24 Apr 2024 23:33:03 GMT
content-type: image/x-icon
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| fonts.googleapis.com/css2?family=Inter:wght@400;500&display=swap | 142.250.74.106 | 200 OK | 4.8 kB |
URL GET HTTP/2fonts.googleapis.com/css2?family=Inter:wght@400;500&display=swap IP142.250.74.106:443
CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint15:CB:F7:AC:18:3F:DC:1E:F9:4E:94:D1:98:40:40:61:53:17:28:F2 ValidityMon, 18 Mar 2024 20:35:28 GMT - Mon, 10 Jun 2024 20:35:27 GMT
File typeASCII text, with very long lines (4954), with no line terminators Hash8595860a9745b852cbb7b9adfc1f712b de24e3b4c9554be1d99fcdac36516f55bb90db19 37c4cdf35e74be1890d574d42e656a50cd42d8dac66018b0e0bb744bca1a5c55
GET /css2?family=Inter:wght@400;500&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pax.tsqwz.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 24 Apr 2024 23:33:01 GMT
date: Wed, 24 Apr 2024 23:33:01 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| pax.tsqwz.xyz/fonts/Gotham-Book.woff2 | 23.95.186.190 | 200 OK | 32 kB |
URL GET HTTP/2pax.tsqwz.xyz/fonts/Gotham-Book.woff2 IP23.95.186.190:443 ASN#36352 AS-COLOCROSSING
CertificateIssuerLet's Encrypt Subjectpax.tsqwz.xyz Fingerprint36:39:0C:53:BE:33:A4:37:32:9D:8E:C0:A0:62:DB:CF:F4:8B:7E:D1 ValidityFri, 29 Mar 2024 13:51:51 GMT - Thu, 27 Jun 2024 13:51:50 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 32284, version 1.0 Hash0e2700e8385f5168dea51cef4c845397 444970e7d62f8e903eb2f3af35b99034297cf2b8 6cfb95f43f56a12f133ef9045eaf536509f0978017480a848cd1f8766a04b5fc
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /fonts/Gotham-Book.woff2 HTTP/1.1
Host: pax.tsqwz.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://pax.tsqwz.xyz/css/style.min.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: openresty
date: Wed, 24 Apr 2024 23:33:02 GMT
content-type: font/woff2
vary: Accept-Encoding
X-Firefox-Spdy: h2
|
|
| ssl.p.jwpcdn.com/player/v/8.33.2/provider.hlsjs.js | 151.101.130.114 | 200 OK | 423 kB |
URL GET HTTP/2ssl.p.jwpcdn.com/player/v/8.33.2/provider.hlsjs.js IP151.101.130.114:443
CertificateIssuerGlobalSign nv-sa Subject*.jwplayer.com FingerprintAB:15:C6:40:38:53:10:D6:CD:12:E9:B3:27:A9:9A:A9:79:8D:B2:9A ValidityWed, 30 Aug 2023 18:09:48 GMT - Mon, 30 Sep 2024 18:09:47 GMT
Size423 kB (422921 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /player/v/8.33.2/provider.hlsjs.js HTTP/1.1
Host: ssl.p.jwpcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://pax.tsqwz.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
cache-control: max-age=31536000, immutable
last-modified: Tue, 26 Mar 2024 00:08:58 GMT
etag: "7098f82647dfd12955fb3e193b1e5f7d"
content-type: application/javascript
server: AmazonS3
content-encoding: gzip
accept-ranges: bytes
date: Wed, 24 Apr 2024 23:33:02 GMT
via: 1.1 varnish
age: 2509904
x-served-by: cache-hel1410024-HEL
x-cache: HIT
x-cache-hits: 69686
x-timer: S1714001583.583494,VS0,VE0
vary: Accept-Encoding
access-control-allow-origin: *
content-length: 126127
X-Firefox-Spdy: h2
|
|