verification.gsis.site Open in urlscan Pro
2606:4700:3034::681b:9226 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://micbetuber.gq/
Effective URL:
https://verification.gsis.site/
Submission: On April 15 via automatic, source certstream-suspicious (April 15th 2020, 3:15:53 pm UTC)

Summary HTTP 8 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 4 domains to perform 8 HTTP transactions. The main IP is 2606:4700:3034::681b:9226, located in United States and belongs to CLOUDFLARENET, US. The main domain is verification.gsis.site.
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on December 6th 2019. Valid for: 10 months.

This is the only time verification.gsis.site was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700:303... 2606:4700:3032::681b:b213	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700:303... 2606:4700:3034::681b:9226	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	188.42.162.209 188.42.162.209	35415 (WEBZILLA) (WEBZILLA)
1	2606:4700:10:... 2606:4700:10::6816:3f77	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	4

1 2606:4700:3032::681b:b213 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

micbetuber.gq	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:3034::681b:9226 (United States)

ASN13335 (CLOUDFLARENET, US)

verification.gsis.site	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 188.42.162.209 (Amsterdam, Netherlands)

ASN35415 (WEBZILLA, NL)

ciksolre.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6816:3f77 (United States)

ASN13335 (CLOUDFLARENET, US)

js.pushimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	ciksolre.net ciksolre.net	15 KB
2	gsis.site verification.gsis.site	64 KB
1	pushimg.com js.pushimg.com	42 KB
1	micbetuber.gq 1 redirects micbetuber.gq	340 B
8	4

	Domain	Requested by
5	ciksolre.net	verification.gsis.site ciksolre.net
2	verification.gsis.site	verification.gsis.site
1	js.pushimg.com	ciksolre.net
1	micbetuber.gq	1 redirects
8	4

This site contains no links.

Subject Issuer	Validity	Valid
sni.cloudflaressl.com CloudFlare Inc ECC CA-2	`2019-12-06` - `2020-10-09`	10 months	crt.sh
ciksolre.net Let's Encrypt Authority X3	`2020-03-26` - `2020-06-24`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://verification.gsis.site/
Frame ID: 605E2064BB8AC5CD349BBD7C3927451C
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://micbetuber.gq/ HTTP 301
https://verification.gsis.site/ Page URL

Detected technologies

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Page Statistics

8
Requests

100 %
HTTPS

75 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

121 kB
Transfer

384 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://micbetuber.gq/ HTTP 301
https://verification.gsis.site/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
verification.gsis.site/
Redirect Chain

https://micbetuber.gq/
https://verification.gsis.site/

135 KB
59 KB

497ms
457ms

Document
text/html

2606:4700:3034::681b:9226
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://verification.gsis.site/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::681b:9226 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: abfcd5dca7ac6a92fd100ae3a68e9881c95f8cd4b53937403f6c12cebc6ad7e2

Request headers

:method: GET
:authority: verification.gsis.site
:scheme: https
:path: /
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 200
date: Wed, 15 Apr 2020 15:15:32 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=d7e298beb98ec226e7d832ecfd9b2c6a91586963732; expires=Fri, 15-May-20 15:15:32 GMT; path=/; domain=.gsis.site; HttpOnly; SameSite=Lax
last-modified: Wed, 26 Feb 2020 15:44:52 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 58469f5e28a7c2ae-FRA
content-encoding: br
cf-request-id: 022001eed80000c2aef2072200000001

Redirect headers

status: 301
date: Wed, 15 Apr 2020 15:15:32 GMT
content-type: text/html
set-cookie: __cfduid=daffba99ed69173d4633f6c98d19c6cbc1586963732; expires=Fri, 15-May-20 15:15:32 GMT; path=/; domain=.micbetuber.gq; HttpOnly; SameSite=Lax
location: https://verification.gsis.site/
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 58469f5daeabc2ea-FRA
cf-request-id: 022001ee870000c2eaaf83d200000001

GET
H/1.1 200
OK tag.min.js Show response
ciksolre.net/pfe/current/ 38 KB
12 KB 124ms
29ms Script
application/javascript 188.42.162.209
WEBZILLA

General

Check archive.org

Show headers Download Go to

Full URL: https://ciksolre.net/pfe/current/tag.min.js?z=2966981
Requested by: Host: verification.gsis.site
URL: https://verification.gsis.site/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 188.42.162.209 Amsterdam, Netherlands, ASN35415 (WEBZILLA, NL),
Reverse DNS
Software: nginx /
Resource Hash: 73d3489de1d82983d0be83342bd376208e32a049066cbd45760ff547e8529643

Request headers

Referer: https://verification.gsis.site/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 15 Apr 2020 15:15:32 GMT
Content-Encoding: gzip
Last-Modified: Wed, 15 Apr 2020 14:11:02 GMT
Server: nginx
ETag: W/"5e9715f6-976c"
Transfer-Encoding: chunked
Content-Type: application/javascript
Cache-Control: no-cache
Access-Control-Allow-Credentials: true
Connection: keep-alive

GET
DATA 200
OK truncated
/ 4 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 802aefd8e10754f4ae5775eff6e486867aec8d51a9414c6f529b19ae81d1dd6a

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 92934de657322a03d9f88bff17762705054c7b6169d6ec724743d926b01b69c9

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 rb4.png
verification.gsis.site/ 6 KB
6 KB 496ms
495ms Image
image/png 2606:4700:3034::681b:9226
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://verification.gsis.site/rb4.png
Requested by: Host: verification.gsis.site
URL: https://verification.gsis.site/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::681b:9226 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8ce34a22de2bae1861b530e11c7316389e2b3e3efd0a8f03c40c9cb044d77528

Request headers

Referer: https://verification.gsis.site/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 15 Apr 2020 15:15:33 GMT
cf-cache-status: HIT
last-modified: Tue, 05 Nov 2019 15:58:02 GMT
server: cloudflare
age: 2504
etag: "5dc19c0a-1660"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 58469f612970c2ae-FRA
content-length: 5728
cf-request-id: 022001f0b50000c2aef2090200000001

GET
DATA 200
OK truncated
/ 63 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 131aff38074132e524645d8de064418393360de104603d899913b641234bba06

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/gif

GET
H/1.1 200
OK zone Show response
ciksolre.net/ 664 B
1 KB 30ms
30ms Fetch
application/json 188.42.162.209
WEBZILLA

General

Check archive.org

Show headers Download Go to

Full URL

https://ciksolre.net/zone?pub=0&zone_id=2966981&is_mobile=false&domain=verification.gsis.site&var=&ymid=

Requested by

Host: ciksolre.net
URL: https://ciksolre.net/pfe/current/tag.min.js?z=2966981

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_128_CBC

Server

188.42.162.209 Amsterdam, Netherlands, ASN35415 (WEBZILLA, NL),

Reverse DNS

Software

nginx /

Resource Hash

7c78ba21433f6735883fd1ac2c5de61c5cab119e65696b5b59495c1dc774e771

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://verification.gsis.site/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

X-Trace-Id: a07ec8f4701a612aac630b98c0a19e9d
Date: Wed, 15 Apr 2020 15:15:32 GMT
X-Content-Type-Options: nosniff
Server: nginx
Strict-Transport-Security: max-age=1
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://verification.gsis.site
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Content-Length: 664

GET
H2 200 universal.min.js Show response
js.pushimg.com/pfe/current/ 137 KB
42 KB 38ms
21ms Fetch
application/javascript 2606:4700:10::6816:3f77
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.pushimg.com/pfe/current/universal.min.js?v=3.1.209
Requested by: Host: ciksolre.net
URL: https://ciksolre.net/pfe/current/tag.min.js?z=2966981
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:3f77 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1eb3f29eac7becfc4ec71b259135ecb4e49dd45bae395a7690d277c73c58871e

Request headers

Referer: https://verification.gsis.site/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 15 Apr 2020 15:15:32 GMT
content-encoding: gzip
cf-cache-status: MISS
status: 200
cf-request-id: 022001f1400000175ef223e200000001
pragma: no-cache
last-modified: Wed, 15 Apr 2020 14:11:02 GMT
server: cloudflare
etag: W/"5e9715f6-2246b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: https://verification.gsis.site
cache-control: max-age=14400
access-control-allow-credentials: true
cf-ray: 58469f620dee175e-FRA

POST
H/1.1 200
OK custom Show response
ciksolre.net/ 39 B
497 B 28ms
27ms Fetch
application/json 188.42.162.209
WEBZILLA

General

Check archive.org

Show headers Download Go to

Full URL

https://ciksolre.net/custom

Requested by

Host: verification.gsis.site
URL: https://verification.gsis.site/

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_128_CBC

Server

188.42.162.209 Amsterdam, Netherlands, ASN35415 (WEBZILLA, NL),

Reverse DNS

Software

nginx /

Resource Hash

ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://verification.gsis.site/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: application/json

Response headers

X-Trace-Id: 7517af142271b0c6d478dd7ea60b6100
Date: Wed, 15 Apr 2020 15:15:32 GMT
X-Content-Type-Options: nosniff
Server: nginx
Strict-Transport-Security: max-age=1
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://verification.gsis.site
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Content-Length: 39

POST
H/1.1 200
OK custom Show response
ciksolre.net/ 39 B
497 B 50ms
28ms Fetch
application/json 188.42.162.209
WEBZILLA

General

Check archive.org

Show headers Download Go to

Full URL

https://ciksolre.net/custom

Requested by

Host: verification.gsis.site
URL: https://verification.gsis.site/

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_128_CBC

Server

188.42.162.209 Amsterdam, Netherlands, ASN35415 (WEBZILLA, NL),

Reverse DNS

Software

nginx /

Resource Hash

ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://verification.gsis.site/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: application/json

Response headers

X-Trace-Id: 987de70ce4eb9c7b6b7e5506915ab68a
Date: Wed, 15 Apr 2020 15:15:32 GMT
X-Content-Type-Options: nosniff
Server: nginx
Strict-Transport-Security: max-age=1
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://verification.gsis.site
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Content-Length: 39

POST
H/1.1 200
OK custom Show response
ciksolre.net/ 39 B
497 B 31ms
30ms Fetch
application/json 188.42.162.209
WEBZILLA

General

Check archive.org

Show headers Download Go to

Full URL

https://ciksolre.net/custom

Requested by

Host: verification.gsis.site
URL: https://verification.gsis.site/

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_128_CBC

Server

188.42.162.209 Amsterdam, Netherlands, ASN35415 (WEBZILLA, NL),

Reverse DNS

Software

nginx /

Resource Hash

ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://verification.gsis.site/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: application/json

Response headers

X-Trace-Id: c58406266c2943c9b4b1e7aa0e7d1613
Date: Wed, 15 Apr 2020 15:15:33 GMT
X-Content-Type-Options: nosniff
Server: nginx
Strict-Transport-Security: max-age=1
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://verification.gsis.site
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Content-Length: 39

Verdicts & Comments Add Verdict or Comment

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ciksolre.net
js.pushimg.com
micbetuber.gq
verification.gsis.site
188.42.162.209
2606:4700:10::6816:3f77
2606:4700:3032::681b:b213
2606:4700:3034::681b:9226
131aff38074132e524645d8de064418393360de104603d899913b641234bba06
1eb3f29eac7becfc4ec71b259135ecb4e49dd45bae395a7690d277c73c58871e
73d3489de1d82983d0be83342bd376208e32a049066cbd45760ff547e8529643
7c78ba21433f6735883fd1ac2c5de61c5cab119e65696b5b59495c1dc774e771
802aefd8e10754f4ae5775eff6e486867aec8d51a9414c6f529b19ae81d1dd6a
8ce34a22de2bae1861b530e11c7316389e2b3e3efd0a8f03c40c9cb044d77528
92934de657322a03d9f88bff17762705054c7b6169d6ec724743d926b01b69c9
abfcd5dca7ac6a92fd100ae3a68e9881c95f8cd4b53937403f6c12cebc6ad7e2
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

verification.gsis.site Open in urlscan Pro 2606:4700:3034::681b:9226 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

8 Requests

100 %HTTPS

75 %IPv6

4 Domains

4 Subdomains

4 IPs

2 Countries

121 kBTransfer

384 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

15 JavaScript Global Variables

0 Cookies

Indicators

verification.gsis.site Open in urlscan Pro
2606:4700:3034::681b:9226 Public Scan

Screenshot
Live screenshot

Full Image

8
Requests

100 %
HTTPS

75 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

121 kB
Transfer

384 kB
Size

0
Cookies

8 HTTP transactions
3 data transactions