{"report_id":"2a75b0c5-5b04-47c6-b7b1-5bd4a4ea29b6","version":6,"status":"done","tags":[],"date":"2025-08-07T04:44:52Z","url":{"schema":"http","addr":"l.threads.com/?u=https://qu.ax/KQzNw.mp4\u0026e=AT2yQ3rNPRTrHXDnz7PwL-p7n4pra6NDCpZ92N1z-xbKXETS6cuNxs_WXJ6fihSgGHPJOsfT_rivnvRWAL_E_m3-o4Y1KOKsQRFj1pf9MAa8U9zTAM96AkToEgiOSy3GiCLUhDo","fqdn":"l.threads.com","domain":"threads.com","tld":"com"},"ip":{"addr":"157.240.200.63","port":0,"asn":32934,"as":"FACEBOOK","country":"Denmark","country_code":"DK"},"final":{"url":{"schema":"https","addr":"qu.ax/KQzNw.mp4","fqdn":"qu.ax","domain":"qu.ax","tld":"ax"},"title":"KQzNw.mp4"},"submit":{"url":{"schema":"http","addr":"l.threads.com/?u=https://qu.ax/KQzNw.mp4\u0026e=AT2yQ3rNPRTrHXDnz7PwL-p7n4pra6NDCpZ92N1z-xbKXETS6cuNxs_WXJ6fihSgGHPJOsfT_rivnvRWAL_E_m3-o4Y1KOKsQRFj1pf9MAa8U9zTAM96AkToEgiOSy3GiCLUhDo","fqdn":"l.threads.com","domain":"threads.com","tld":"com"},"ip":{"addr":"157.240.200.63","port":0,"asn":32934,"as":"FACEBOOK","country":"Denmark","country_code":"DK"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-09-11T04:44:52Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":0}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-08-07T04:44:27Z","timestamp":1754541867,"ip_dst":{"addr":"141.227.170.161","port":443,"asn":0,"as":"","country":"France","country_code":"FR"},"ip_src":{"addr":"172.18.0.20","port":59576,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI","source":"{\"timestamp\":\"2025-08-07T04:44:27.860935+0000\",\"flow_id\":830196494869897,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.20\",\"src_port\":59576,\"dest_ip\":\"141.227.170.161\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2048382,\"rev\":1,\"signature\":\"ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2023_10_02\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"reviewed_at\":[\"2023_10_02\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_10_02\"]}},\"tls\":{\"sni\":\"qu.ax\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"15af977ce25de452b96affa2addb1036\",\"string\":\"771,4866,43-51\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":5,\"bytes_toserver\":907,\"bytes_toclient\":3470,\"start\":\"2025-08-07T04:44:27.828809+0000\"}}"}],"analyzer":null,"urlquery":null},"summary":[{"fqdn":"l.threads.com","ip":{"addr":"31.13.72.53","port":443,"asn":32934,"as":"FACEBOOK","country":"Sweden","country_code":"SE"},"domain_registered":"1995-05-05","domain_rank":0,"first_seen":"2025-05-10T09:21:59.414142Z","last_seen":"2025-08-03T00:51:44.079773Z","alert_count":0,"request_count":1,"received_data":4548,"sent_data":646,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"qu.ax","ip":{"addr":"141.227.170.161","port":443,"asn":0,"as":"","country":"France","country_code":"FR"},"domain_registered":"2019-10-23","domain_rank":0,"first_seen":"2019-12-22T19:42:29Z","last_seen":"2025-08-01T03:26:09.629252Z","alert_count":0,"request_count":4,"received_data":1773238,"sent_data":1929,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-08-07T04:44:27Z","timestamp":1754541867,"ip_dst":{"addr":"141.227.170.161","port":443,"asn":0,"as":"","country":"France","country_code":"FR"},"ip_src":{"addr":"172.18.0.20","port":59576,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI","source":"{\"timestamp\":\"2025-08-07T04:44:27.860935+0000\",\"flow_id\":830196494869897,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.20\",\"src_port\":59576,\"dest_ip\":\"141.227.170.161\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2048382,\"rev\":1,\"signature\":\"ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2023_10_02\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"reviewed_at\":[\"2023_10_02\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_10_02\"]}},\"tls\":{\"sni\":\"qu.ax\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"15af977ce25de452b96affa2addb1036\",\"string\":\"771,4866,43-51\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":5,\"bytes_toserver\":907,\"bytes_toclient\":3470,\"start\":\"2025-08-07T04:44:27.828809+0000\"}}"}]}],"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"l.threads.com/?u=https://qu.ax/KQzNw.mp4\u0026e=AT2yQ3rNPRTrHXDnz7PwL-p7n4pra6NDCpZ92N1z-xbKXETS6cuNxs_WXJ6fihSgGHPJOsfT_rivnvRWAL_E_m3-o4Y1KOKsQRFj1pf9MAa8U9zTAM96AkToEgiOSy3GiCLUhDo","fqdn":"l.threads.com","domain":"threads.com","tld":"com"},"ip":{"addr":"31.13.72.53","port":443,"asn":32934,"as":"FACEBOOK","country":"Sweden","country_code":"SE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-08-07T04:44:27.241Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.threads.com","organization":"Meta Platforms, Inc."},"issuer":{"commonName":"DigiCert SHA2 High Assurance Server CA","organization":"DigiCert Inc"},"validity":{"start":"Fri, 16 May 2025 00:00:00 GMT","end":"Thu, 14 Aug 2025 23:59:59 GMT"},"fingerprint":{"sha1":"59:C4:5B:EE:3E:67:9F:BA:88:54:76:DE:10:C5:02:20:D8:47:BF:FA","sha256":"37:42:48:F1:9A:94:73:95:CE:1C:EF:4B:48:5B:51:DE:4B:FF:86:59:A3:CF:5D:6E:96:08:F6:C7:4C:13:08:4D"}}},"request":{"raw":"GET /?u=https://qu.ax/KQzNw.mp4\u0026e=AT2yQ3rNPRTrHXDnz7PwL-p7n4pra6NDCpZ92N1z-xbKXETS6cuNxs_WXJ6fihSgGHPJOsfT_rivnvRWAL_E_m3-o4Y1KOKsQRFj1pf9MAa8U9zTAM96AkToEgiOSy3GiCLUhDo HTTP/1.1\r\nHost: l.threads.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nvary: Accept-Encoding\r\ncontent-encoding: br\r\nrefresh: 1;URL=https://qu.ax/KQzNw.mp4\r\nreferrer-policy: origin\r\nx-robots-tag: noindex, nofollow\r\nreporting-endpoints: coop_report=\"https://www.facebook.com/browser_reporting/coop/?minimize=0\", default=\"https://www.threads.com/ajax/barcelona_error_reports/?device_level=unknown\u0026brsid=7535699938802792476\u0026cpp=C3\u0026cv=1025608782\u0026st=1754541867468\", permissions_policy=\"https://www.threads.com/ajax/barcelona_error_reports/\"\r\nreport-to: {\"max_age\":2592000,\"endpoints\":[{\"url\":\"https:\\/\\/www.facebook.com\\/browser_reporting\\/coop\\/?minimize=0\"}],\"group\":\"coop_report\",\"include_subdomains\":true}, {\"max_age\":259200,\"endpoints\":[{\"url\":\"https:\\/\\/www.threads.com\\/ajax\\/barcelona_error_reports\\/?device_level=unknown\u0026brsid=7535699938802792476\u0026cpp=C3\u0026cv=1025608782\u0026st=1754541867468\"}]}, {\"max_age\":21600,\"endpoints\":[{\"url\":\"https:\\/\\/www.threads.com\\/ajax\\/barcelona_error_reports\\/\"}],\"group\":\"permissions_policy\"}\r\nx-frame-options: DENY\r\ncontent-security-policy: default-src *.threads.com *.threads.net *.instagram.com *.facebook.com *.fbcdn.net blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'nonce-16BMPCm9' blob: 'self' static.cdninstagram.com 'wasm-unsafe-eval';style-src data: blob: 'unsafe-inline' *.fbcdn.net *.threads.com *.threads.net *.facebook.com *.instagram.com static.cdninstagram.com;connect-src *.threads.com *.threads.net wss://*.threads.com:* wss://*.threads.net:* *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* ws://localhost:* blob: *.instagram.com *.cdninstagram.com wss://*.instagram.com:* 'self';font-src data: static.cdninstagram.com;img-src *.threads.com *.threads.net *.instagram.com *.facebook.com *.fbcdn.net *.cdninstagram.com data: blob: about.fb.com engineering.fb.com *.fbsbx.com android-webview-video-poster: *.oculuscdn.com;media-src *.threads.com *.threads.net *.instagram.com *.facebook.com *.fbcdn.net *.cdninstagram.com data: blob: *.fbsbx.com android-webview-video-poster:;child-src *.threads.com *.threads.net *.instagram.com *.facebook.com *.fbcdn.net data: blob:;frame-src *.fbsbx.com 'self';manifest-src *.threads.com *.threads.net *.instagram.com *.facebook.com *.fbcdn.net data: blob:;object-src *.threads.com *.threads.net *.instagram.com *.facebook.com *.fbcdn.net data: blob:;worker-src *.threads.com *.threads.net *.instagram.com *.facebook.com *.fbcdn.net data: blob:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c\u0026minimize=0;require-trusted-types-for 'script';\r\ndocument-policy: force-load-at-top, include-js-call-stacks-in-crash-reports\r\npermissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to=\"permissions_policy\"\r\ncross-origin-resource-policy: same-origin\r\ncross-origin-embedder-policy: require-corp\r\ncross-origin-opener-policy: same-origin-allow-popups\r\npragma: no-cache\r\ncache-control: private, no-cache, no-store, must-revalidate\r\nexpires: Sat, 01 Jan 2000 00:00:00 GMT\r\nx-content-type-options: nosniff\r\nx-xss-protection: 0\r\norigin-agent-cluster: ?1\r\nstrict-transport-security: max-age=31536000; preload; includeSubDomains\r\nx-stack: www\r\ncontent-type: text/html; charset=\"utf-8\"\r\nx-fb-debug: dI1CSuFiIOioLGX1gL0vlRP7Wk4XSF3aGtNJ1jklOG4gxwpQklvM3elK1eUXSx+MikBsqykzQn4qgz2SSKjurA==\r\ndate: Thu, 07 Aug 2025 04:44:27 GMT\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-fb-connection-quality: EXCELLENT; q=0.9, rtt=20, rtx=0, c=16, mss=1380, tbw=3624, tp=-1, tpl=-1, uplat=201, ullat=0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":217,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with no line terminators","md5":"5517d5b6fb9160634d8e7ba6ef0ec5bf","sha1":"a2ecbce967718d5cda117cc6df7cf60bc8e5e45f","sha256":"ae36ea843b3faa9ee857684b6352961952385c56b901db383050c0f11e6f60ff","sha512":"c40b53e35f6c4b5056d31e7fbe31c6f5e57cfffaf844879428e401beb24339614e1f11a776e0a05f7a525b7aac8dc4a0820bc06fcc2bda23f505b1c678eef8a8","ssdeep":"","tlshash":"f0d0a7e72815cc0556d035e0ac73f1681459b0062421dc40a4d430e69599fc6c8076c8","first_seen":"2025-08-07T04:44:54.280115Z","last_seen":"2025-08-07T04:44:54.280115Z","times_seen":1,"resource_available":false,"data":null}},"time_used":454,"timings":{"blocked":116,"dns":15,"connect":20,"send":0,"wait":223,"receive":0,"ssl":77},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"qu.ax/KQzNw.mp4","fqdn":"qu.ax","domain":"qu.ax","tld":"ax"},"ip":{"addr":"141.227.170.161","port":443,"asn":0,"as":"","country":"France","country_code":"FR"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-08-07T04:44:27.821Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.qu.ax","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Thu, 10 Jul 2025 23:44:33 GMT","end":"Wed, 08 Oct 2025 23:44:32 GMT"},"fingerprint":{"sha1":"9B:8E:72:C3:47:4E:B4:9C:83:86:EE:C2:0E:5F:7C:B9:03:C6:8F:3A","sha256":"02:9F:3A:BB:93:0B:DE:D9:72:79:C2:8B:39:E5:18:38:A7:EF:A8:7E:DF:8D:95:FD:6E:40:BF:6B:D7:DA:E8:F0"}}},"request":{"raw":"GET /KQzNw.mp4 HTTP/1.1\r\nHost: qu.ax\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://l.threads.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 07 Aug 2025 04:44:27 GMT\r\ncontent-type: video/mp4\r\ncontent-length: 14768076\r\nlast-modified: Sun, 27 Jul 2025 14:28:41 GMT\r\nx-xss-protection: 1; mode=block\r\nalt-svc: h3=\":443\"; ma=604800, h3=\":443\"; ma=604800\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1114112,"size_decoded":0,"mime_type":"video/mp4","magic":"ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]","md5":"42ce00caeb9ba96a12b02a3da2849286","sha1":"dd28561a6d34824bddb7ef7e3fc662b1c714d83c","sha256":"7a26d2e82b33cb09c0cfc0377319a4b26b720ba1bb15637aa6eb91b810adf000","sha512":"4fdb027a3a0651bb0d846b73012ad40dfef10f877b485f9a246ae556bad011f9a3dce452753daff71a257eb7cb2d8603c973ae6f9f57c9a88f4c8359f4f1ba1a","ssdeep":"24576:mg6vSTiMVSVx9cH6xKiOnzaMrLe/gm8d0B:mBMS9p9OnOMr6/gm8d0B","tlshash":"a72533bc9a08d6f7e03acb7929dadb03fa39580135c879d388266f4f5768057901663f","first_seen":"2025-08-07T04:44:54.281757Z","last_seen":"2025-08-07T04:44:54.281757Z","times_seen":1,"resource_available":false,"data":null}},"time_used":363,"timings":{"blocked":46,"dns":11,"connect":14,"send":0,"wait":26,"receive":241,"ssl":21},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"qu.ax/KQzNw.mp4","fqdn":"qu.ax","domain":"qu.ax","tld":"ax"},"ip":{"addr":"141.227.170.161","port":443,"asn":0,"as":"","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://qu.ax/KQzNw.mp4","date":"2025-08-07T04:44:28.210Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.qu.ax","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Thu, 10 Jul 2025 23:44:33 GMT","end":"Wed, 08 Oct 2025 23:44:32 GMT"},"fingerprint":{"sha1":"9B:8E:72:C3:47:4E:B4:9C:83:86:EE:C2:0E:5F:7C:B9:03:C6:8F:3A","sha256":"02:9F:3A:BB:93:0B:DE:D9:72:79:C2:8B:39:E5:18:38:A7:EF:A8:7E:DF:8D:95:FD:6E:40:BF:6B:D7:DA:E8:F0"}}},"request":{"raw":"GET /KQzNw.mp4 HTTP/1.1\r\nHost: qu.ax\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.5\r\nRange: bytes=14745600-\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://qu.ax/KQzNw.mp4\r\nSec-Fetch-Dest: video\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nAccept-Encoding: identity\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 206 Partial Content\r\nserver: nginx\r\ndate: Thu, 07 Aug 2025 04:44:28 GMT\r\ncontent-type: video/mp4\r\ncontent-length: 22476\r\nlast-modified: Sun, 27 Jul 2025 14:28:41 GMT\r\nx-xss-protection: 1; mode=block\r\nalt-svc: h3=\":443\"; ma=604800, h3=\":443\"; ma=604800\r\ncontent-range: bytes 14745600-14768075/14768076\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"Partial Content","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":22476,"size_decoded":0,"mime_type":"video/mp4","magic":"data","md5":"01bc9caca79b61dd56ed2bea242d30a3","sha1":"30606a5bab3861cb48a9e5aaf93b463a2c8363af","sha256":"439e33a03af3b580fdf9a85eaf7dad4803f84a4f7664458c330f23047bfc7b1d","sha512":"c4da165dea8cf7975e2420c3ae70853c4650e599a9cb8ab34dda08d131bc94533be7e45416933df02e76fd4bc79eccfaab18c48711a326600435d075b3ac9bf9","ssdeep":"384:hz4CA2mJxmIsQwKythpwZrAvCnY5OY4MipIbEOml0bwKCypZOxdvoji1JhcaJ:uCuAIYhbxmlgpYpt1JhpJ","tlshash":"95a2a3d173ac2917f6526b7a61f23764bb38d93117a3d6eb40a043ae0cd87e4c7161d2","first_seen":"2025-08-07T04:44:54.28477Z","last_seen":"2025-08-07T04:44:54.28477Z","times_seen":1,"resource_available":false,"data":null}},"time_used":16,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":15,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"qu.ax/KQzNw.mp4","fqdn":"qu.ax","domain":"qu.ax","tld":"ax"},"ip":{"addr":"141.227.170.161","port":443,"asn":0,"as":"","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://qu.ax/KQzNw.mp4","date":"2025-08-07T04:44:28.317Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.qu.ax","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Thu, 10 Jul 2025 23:44:33 GMT","end":"Wed, 08 Oct 2025 23:44:32 GMT"},"fingerprint":{"sha1":"9B:8E:72:C3:47:4E:B4:9C:83:86:EE:C2:0E:5F:7C:B9:03:C6:8F:3A","sha256":"02:9F:3A:BB:93:0B:DE:D9:72:79:C2:8B:39:E5:18:38:A7:EF:A8:7E:DF:8D:95:FD:6E:40:BF:6B:D7:DA:E8:F0"}}},"request":{"raw":"GET /KQzNw.mp4 HTTP/1.1\r\nHost: qu.ax\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.5\r\nRange: bytes=1114112-\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://qu.ax/KQzNw.mp4\r\nSec-Fetch-Dest: video\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nAccept-Encoding: identity\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 206 Partial Content\r\nserver: nginx\r\ndate: Thu, 07 Aug 2025 04:44:28 GMT\r\ncontent-type: video/mp4\r\ncontent-length: 13653964\r\nlast-modified: Sun, 27 Jul 2025 14:28:41 GMT\r\nx-xss-protection: 1; mode=block\r\nalt-svc: h3=\":443\"; ma=604800, h3=\":443\"; ma=604800\r\ncontent-range: bytes 1114112-14768075/14768076\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"Partial Content","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":614880,"size_decoded":0,"mime_type":"video/mp4","magic":"data","md5":"7577efff80ad88618017a9115c0f21c5","sha1":"d37ead5de8f972207fe167407faceced3e7743e5","sha256":"99157e7c877f2097cb9ec8970b010cc55a3602d00ca78903d71718f1b6f7c96c","sha512":"816503fd7aff031b001c1e7738f542ad3252fbd444d85646c0a3160b95483625b1d2facb75a9d9da12404f318e2e653ef09bc412f31820592650b3e52f769e21","ssdeep":"12288:5jjVcopCmERCqx9c+2rVgGZxKJOn+czdVxbutK+xznlPTkcYZIaaB:9qYfqxogGKYRGKYRTktIN","tlshash":"b8d4235a1d147b2c0dcb8b6066ecae15ebe47cce0056839595db26003c337bdb6b38da","first_seen":"2025-08-07T04:44:54.288127Z","last_seen":"2025-08-07T04:44:54.288127Z","times_seen":1,"resource_available":false,"data":null}},"time_used":60,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":16,"receive":44,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"qu.ax/favicon.ico","fqdn":"qu.ax","domain":"qu.ax","tld":"ax"},"ip":{"addr":"141.227.170.161","port":443,"asn":0,"as":"","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://qu.ax/KQzNw.mp4","date":"2025-08-07T04:44:28.942Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.qu.ax","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Thu, 10 Jul 2025 23:44:33 GMT","end":"Wed, 08 Oct 2025 23:44:32 GMT"},"fingerprint":{"sha1":"9B:8E:72:C3:47:4E:B4:9C:83:86:EE:C2:0E:5F:7C:B9:03:C6:8F:3A","sha256":"02:9F:3A:BB:93:0B:DE:D9:72:79:C2:8B:39:E5:18:38:A7:EF:A8:7E:DF:8D:95:FD:6E:40:BF:6B:D7:DA:E8:F0"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: qu.ax\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://qu.ax/KQzNw.mp4\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: nginx\r\ndate: Thu, 07 Aug 2025 04:44:28 GMT\r\ncontent-type: image/x-icon\r\nlast-modified: Wed, 06 Nov 2024 01:25:22 GMT\r\nx-xss-protection: 1; mode=block\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=604800, h3=\":443\"; ma=604800\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":20601,"size_decoded":0,"mime_type":"image/x-icon","magic":"PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced","md5":"b1427ced1520ea9d49dc3ff783f9fc38","sha1":"f63057f04bbc9685daef2a5bb5f8b6c0ae483bf0","sha256":"9374e3620b1daa8f7ce59acc9250129e15dae90354280f4ce3b8369209ebdd31","sha512":"af6d02903058ba9e2164e0b77ca0b870331e4e85bfe79c62abe2731b7997b39a11f6835137c8fe23b8b2a03b3425a528f612378aaabe2280b59a3f31aae72f6f","ssdeep":"384:RovOhmplLJz/ZlUgmTZPkx1B6ffc9XdP+z1ZJ7BuuWbzzqf69mKThIUHkjNrH8i:Ro6y3ggsMXBkc94zD2z24mKThIUyNrH/","tlshash":"bd92d18641398eed5da19297f842662fc6d82b36a87449fe141f1c918cb297c1a3f24b","first_seen":"2023-06-27T16:50:02Z","last_seen":"2026-05-30T15:08:11.202631Z","times_seen":422,"resource_available":false,"data":null}},"time_used":16,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":16,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}