qjbipy.com Open in urlscan Pro
185.56.234.205 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.104111bank.com.tw/
Effective URL:
https://qjbipy.com/video-14?h=waWQiOjEwODA0MDQsInNpZCI6MTEzMjg2NSwid2lkIjozNzk1MzUsInNyYyI6Mn0=eyJ&si1=&si2=
Submission: On October 14 via automatic, source certstream-suspicious (October 14th 2022, 4:01:33 am UTC) — Scanned from DE

Summary HTTP 12 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 3 countries across 5 domains to perform 12 HTTP transactions. The main IP is 185.56.234.205, located in Netherlands and belongs to ADVANCEDHOSTERS-AS, NL. The main domain is qjbipy.com.
TLS certificate: Issued by R3 on September 22nd 2022. Valid for: 3 months.

This is the only time qjbipy.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	161.8.149.88 161.8.149.88	18978 (ENZUINC-) (ENZUINC-)
4	62.122.171.6 62.122.171.6	50245 (SERVEREL-AS) (SERVEREL-AS)
1 1	149.7.16.231 149.7.16.231	63023 (AS-GLOBAL...) (AS-GLOBALTELEHOST)
7	149.7.16.221 149.7.16.221	63023 (AS-GLOBAL...) (AS-GLOBALTELEHOST)
1 2	185.56.234.205 185.56.234.205	39572 (ADVANCEDH...) (ADVANCEDHOSTERS-AS)
12	4

1 161.8.149.88 (Los Angeles, United States) 1 redirects

ASN18978 (ENZUINC-, US)
PTR: 88.149-8-161.rdns.scalabledns.com

www.104111bank.com.tw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 62.122.171.6 (Netherlands)

ASN50245 (SERVEREL-AS, NL)
PTR: 62.122.171.6.serverel.net

jaavnacsdw.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 149.7.16.231 (London, United Kingdom) 1 redirects

ASN63023 (AS-GLOBALTELEHOST, US)
PTR: 231-16-7-149.clients.gthost.com

news-pitere.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 149.7.16.221 (London, United Kingdom)

ASN63023 (AS-GLOBALTELEHOST, US)
PTR: 221-16-7-149.clients.gthost.com

news-gasolo.cc	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.56.234.205 (Netherlands) 1 redirects

ASN39572 (ADVANCEDHOSTERS-AS, NL)

qjbipy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	news-gasolo.cc news-gasolo.cc	520 KB
4	jaavnacsdw.com jaavnacsdw.com — Cisco Umbrella Rank: 60484	20 KB
2	qjbipy.com 1 redirects qjbipy.com	197 KB
1	news-pitere.com 1 redirects news-pitere.com — Cisco Umbrella Rank: 760319	176 B
1	104111bank.com.tw 1 redirects www.104111bank.com.tw	199 B
12	5

	Domain	Requested by
7	news-gasolo.cc	jaavnacsdw.com news-gasolo.cc
4	jaavnacsdw.com	jaavnacsdw.com
2	qjbipy.com	1 redirects news-gasolo.cc
1	news-pitere.com	1 redirects
1	www.104111bank.com.tw	1 redirects
12	5

This site contains no links.

Subject Issuer	Validity	Valid
jaavnacsdw.com ZeroSSL RSA Domain Secure Site CA	`2022-09-19` - `2022-12-18`	3 months	crt.sh
news-gasolo.cc ZeroSSL ECC Domain Secure Site CA	`2022-09-14` - `2022-12-13`	3 months	crt.sh
qjbipy.com R3	`2022-09-22` - `2022-12-21`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://qjbipy.com/video-14?h=waWQiOjEwODA0MDQsInNpZCI6MTEzMjg2NSwid2lkIjozNzk1MzUsInNyYyI6Mn0=eyJ&si1=&si2=
Frame ID: D3D5B8DD6C04BCD28D79929037A0BA39
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Video

Page URL History Show full URLs

https://www.104111bank.com.tw/ HTTP 302
https://jaavnacsdw.com/1928708/ Page URL
https://jaavnacsdw.com/?r=dir&zoneid=1928708&pb=19a1d0c50325284ca98c505eea8a263c1665727287&psp=y0f_... Page URL
https://news-pitere.com/tds.php?sid=8053685&p1=1928708&p2=win10&p3=de&p4=chrome HTTP 302
https://news-gasolo.cc/lands/53/?site=8053685&sub1=1928708&sub2=win10&sub3=de&sub4=chrome Page URL
https://qjbipy.com/gosl/InNpZCI6MTEzMjg2NSwic21hcnRsaW5rIjp0cnVlfQ==eyJwaWQiOjEwODA0MDQs?si1=&si2= HTTP 302
https://qjbipy.com/video-14?h=waWQiOjEwODA0MDQsInNpZCI6MTEzMjg2NSwid2lkIjozNzk1MzUsInNyYyI6Mn0=... Page URL

Page Statistics

12
Requests

100 %
HTTPS

0 %
IPv6

5
Domains

5
Subdomains

4
IPs

3
Countries

737 kB
Transfer

1021 kB
Size

8
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.104111bank.com.tw/ HTTP 302
https://jaavnacsdw.com/1928708/ Page URL
https://jaavnacsdw.com/?r=dir&zoneid=1928708&pb=19a1d0c50325284ca98c505eea8a263c1665727287&psp=y0f_Z79SuIvaPLkMFdHdehElu3zrkvkKBBMQS5YYF0KFGFDbe1IVbF4ggksVRcBES7WHZUTRrOofmeVc90eXOnLFAIR8a_IrV9hnYo0jlS7Fsb7NGqcg1f7sHWHZuljs9O0F8aqmrWTX8itRVkjeGN-4bKFWS-_0a3mWZNXWK2-O76T6v-1wHhilzrm6dl1QBwJcl9Ntn2gvqSYnXcAJp5rAWWk3TydNlE3Yz7bA4AdBJMD7WV7Pm4PwwmoFFmDZrvs-CwNAZrkYOPPRRMoAIk4wd8pcVlSLzIvd4now0WmTnvXFP7k7J82Kxpwli0IeKMRT9mtt0FuVBp1wSTgjgQY5nut-asuxdub6GSKCJ-JlfX99MpEiNEfKVcFWhKGffwbJvq-YJJxBbiUgIJsCJ22vB58dRC3_nH8_puknoqGxwmppjV0V1cdqAD8x8hwwCXEdDi_5fyoCGjzTIFCPkeeQUokoragAxvEtGhRV20gq0lgF1Q==&nojs=0&ix=0&abvar=0&t=0&x=1600&y=1200&wcks=1&wgl=1&cnvs=1&os=0&md=0&bb=0&plu=Chrome%20PDF%20Plugin::Chrome%20PDF%20Viewer::Native%20Client&lang=en-US&pf=Win32&cd=24&0&pload=1452&rlp=%5B0%2C8.699999809265137%2C90.70000004768372%2C49.200000047683716%2C2.500000238418579%2C202.60000014305115%2C100.30000019073486%2C56.90000009536743%5D Page URL
https://news-pitere.com/tds.php?sid=8053685&p1=1928708&p2=win10&p3=de&p4=chrome HTTP 302
https://news-gasolo.cc/lands/53/?site=8053685&sub1=1928708&sub2=win10&sub3=de&sub4=chrome Page URL
https://qjbipy.com/gosl/InNpZCI6MTEzMjg2NSwic21hcnRsaW5rIjp0cnVlfQ==eyJwaWQiOjEwODA0MDQs?si1=&si2= HTTP 302
https://qjbipy.com/video-14?h=waWQiOjEwODA0MDQsInNpZCI6MTEzMjg2NSwid2lkIjozNzk1MzUsInNyYyI6Mn0=eyJ&si1=&si2= Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://www.104111bank.com.tw/ HTTP 302
https://jaavnacsdw.com/1928708/

Request Chain 3

https://news-pitere.com/tds.php?sid=8053685&p1=1928708&p2=win10&p3=de&p4=chrome HTTP 302
https://news-gasolo.cc/lands/53/?site=8053685&sub1=1928708&sub2=win10&sub3=de&sub4=chrome

12 HTTP transactions
2 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	/ Show response jaavnacsdw.com/1928708/ Redirect Chain https://www.104111bank.com.tw/ https://jaavnacsdw.com/1928708/	1 KB 2 KB	143ms 42ms	Document text/html	62.122.171.6 SERVEREL-AS
General Check archive.org Show headers Download Go to Full URL https://jaavnacsdw.com/1928708/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 62.122.171.6 , Netherlands, ASN50245 (SERVEREL-AS, NL), Reverse DNS 62.122.171.6.serverel.net Software nginx / Resource Hash `55627412483176235f224a7c1dff92db85ade4235ff3761f14ba43501b21ba6a` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers accept-ch sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data content-encoding gzip content-type text/html; charset=utf-8 date Fri, 14 Oct 2022 04:01:27 GMT server nginx timing-allow-origin * vary Accept-Encoding x-route-id check.sumbit.dl Redirect headers Connection keep-alive Content-Length 138 Content-Type text/html Date Fri, 14 Oct 2022 04:01:27 GMT Location https://jaavnacsdw.com/1928708/ Server nginx
GET H2	200	submit.min.js Show response jaavnacsdw.com/	33 KB 14 KB	56ms 55ms	Script application/javascript	62.122.171.6 SERVEREL-AS
General Check archive.org Show headers Download Go to Full URL https://jaavnacsdw.com/submit.min.js?abvar= Requested by Host: jaavnacsdw.com URL: https://jaavnacsdw.com/1928708/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 62.122.171.6 , Netherlands, ASN50245 (SERVEREL-AS, NL), Reverse DNS 62.122.171.6.serverel.net Software nginx / Resource Hash `98b17a3320045334d9beae6f37fdb4c8c99a767994de0ba0cf6e18f8c45bd849` Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Fri, 14 Oct 2022 04:01:27 GMT content-encoding gzip last-modified Mon, 10 Oct 2022 09:37:01 GMT server nginx accept-ch sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data x-js-ab current etag W/"6343e7bd-84a0" vary Accept-Encoding content-type application/javascript timing-allow-origin *
GET H2	200	/ jaavnacsdw.com/	6 KB 3 KB	46ms 46ms	Document text/html	62.122.171.6 SERVEREL-AS
General Check archive.org Show headers Download Go to Full URL https://jaavnacsdw.com/?r=dir&zoneid=1928708&pb=19a1d0c50325284ca98c505eea8a263c1665727287&psp=y0f_Z79SuIvaPLkMFdHdehElu3zrkvkKBBMQS5YYF0KFGFDbe1IVbF4ggksVRcBES7WHZUTRrOofmeVc90eXOnLFAIR8a_IrV9hnYo0jlS7Fsb7NGqcg1f7sHWHZuljs9O0F8aqmrWTX8itRVkjeGN-4bKFWS-_0a3mWZNXWK2-O76T6v-1wHhilzrm6dl1QBwJcl9Ntn2gvqSYnXcAJp5rAWWk3TydNlE3Yz7bA4AdBJMD7WV7Pm4PwwmoFFmDZrvs-CwNAZrkYOPPRRMoAIk4wd8pcVlSLzIvd4now0WmTnvXFP7k7J82Kxpwli0IeKMRT9mtt0FuVBp1wSTgjgQY5nut-asuxdub6GSKCJ-JlfX99MpEiNEfKVcFWhKGffwbJvq-YJJxBbiUgIJsCJ22vB58dRC3_nH8_puknoqGxwmppjV0V1cdqAD8x8hwwCXEdDi_5fyoCGjzTIFCPkeeQUokoragAxvEtGhRV20gq0lgF1Q==&nojs=0&ix=0&abvar=0&t=0&x=1600&y=1200&wcks=1&wgl=1&cnvs=1&os=0&md=0&bb=0&plu=Chrome%20PDF%20Plugin::Chrome%20PDF%20Viewer::Native%20Client&lang=en-US&pf=Win32&cd=24&0&pload=1452&rlp=%5B0%2C8.699999809265137%2C90.70000004768372%2C49.200000047683716%2C2.500000238418579%2C202.60000014305115%2C100.30000019073486%2C56.90000009536743%5D Requested by Host: jaavnacsdw.com URL: https://jaavnacsdw.com/submit.min.js?abvar= Protocol H2 Security TLS 1.3, , AES_256_GCM Server 62.122.171.6 , Netherlands, ASN50245 (SERVEREL-AS, NL), Reverse DNS 62.122.171.6.serverel.net Software nginx / Resource Hash Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers accept-ch sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data content-encoding gzip content-type text/html; charset=utf-8 date Fri, 14 Oct 2022 04:01:27 GMT server nginx timing-allow-origin * vary Accept-Encoding x-route-id redirect.dl
GET H2	200	/ Show response news-gasolo.cc/lands/53/ Redirect Chain https://news-pitere.com/tds.php?sid=8053685&p1=1928708&p2=win10&p3=de&p4=chrome https://news-gasolo.cc/lands/53/?site=8053685&sub1=1928708&sub2=win10&sub3=de&sub4=chrome	20 KB 7 KB	158ms 51ms	Document text/html	149.7.16.221 AS-GLOBALTELEHOST
General Check archive.org Show headers Download Go to Full URL https://news-gasolo.cc/lands/53/?site=8053685&sub1=1928708&sub2=win10&sub3=de&sub4=chrome Requested by Host: jaavnacsdw.com URL: https://jaavnacsdw.com/?r=dir&zoneid=1928708&pb=19a1d0c50325284ca98c505eea8a263c1665727287&psp=y0f_Z79SuIvaPLkMFdHdehElu3zrkvkKBBMQS5YYF0KFGFDbe1IVbF4ggksVRcBES7WHZUTRrOofmeVc90eXOnLFAIR8a_IrV9hnYo0jlS7Fsb7NGqcg1f7sHWHZuljs9O0F8aqmrWTX8itRVkjeGN-4bKFWS-_0a3mWZNXWK2-O76T6v-1wHhilzrm6dl1QBwJcl9Ntn2gvqSYnXcAJp5rAWWk3TydNlE3Yz7bA4AdBJMD7WV7Pm4PwwmoFFmDZrvs-CwNAZrkYOPPRRMoAIk4wd8pcVlSLzIvd4now0WmTnvXFP7k7J82Kxpwli0IeKMRT9mtt0FuVBp1wSTgjgQY5nut-asuxdub6GSKCJ-JlfX99MpEiNEfKVcFWhKGffwbJvq-YJJxBbiUgIJsCJ22vB58dRC3_nH8_puknoqGxwmppjV0V1cdqAD8x8hwwCXEdDi_5fyoCGjzTIFCPkeeQUokoragAxvEtGhRV20gq0lgF1Q==&nojs=0&ix=0&abvar=0&t=0&x=1600&y=1200&wcks=1&wgl=1&cnvs=1&os=0&md=0&bb=0&plu=Chrome%20PDF%20Plugin::Chrome%20PDF%20Viewer::Native%20Client&lang=en-US&pf=Win32&cd=24&0&pload=1452&rlp=%5B0%2C8.699999809265137%2C90.70000004768372%2C49.200000047683716%2C2.500000238418579%2C202.60000014305115%2C100.30000019073486%2C56.90000009536743%5D Protocol H2 Security TLS 1.3, , AES_128_GCM Server 149.7.16.221 London, United Kingdom, ASN63023 (AS-GLOBALTELEHOST, US), Reverse DNS 221-16-7-149.clients.gthost.com Software nginx / Resource Hash `9c1af094d02618705f601225caa85df167cbc60d5f0feacb7aa61cc4d93b260e` Request headers Referer https://jaavnacsdw.com/afu.php?zoneid=1926122&var=1928708 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers cache-control no-cache, must-revalidate content-encoding gzip content-type text/html; charset=UTF-8 date Fri, 14 Oct 2022 04:01:28 GMT pragma no-cache server nginx Redirect headers cache-control no-cache, must-revalidate content-type text/html; charset=UTF-8 date Fri, 14 Oct 2022 04:01:27 GMT location https://news-gasolo.cc/lands/53/?site=8053685&sub1=1928708&sub2=win10&sub3=de&sub4=chrome pragma no-cache server nginx
POST H2	200	dupa.gif jaavnacsdw.com/	43 B 620 B	41ms 41ms	Ping image/gif	62.122.171.6 SERVEREL-AS
General Check archive.org Show headers Download Go to Full URL https://jaavnacsdw.com/dupa.gif?z=1928708&pb=19a1d0c50325284ca98c505eea8a263c1665727287&psp=bubf8OKmSK1DMk1Km_tGMlGNyT8JVmImu5hKb5y65d23zgvNotbS5OBQCSiEEGK0bZERx81WB2cfs1U6aymUG2cFjM0rAXjXgcf0hpwM4H-KOx5oRLH1ItU21tp2Fj08jRr2kckbkEvjw7Oyzu2XdN6XyRVFQ9CvtJ4IMCa7Syzyeo-yPy7nf3ZAECBhEjy7Ua7eliz8_hDI0RN6LoB2JQY0YH940KYxXsC5NDUmyVyXiRqv66CErA0tGwgrQG126CtN36CIbRb1QVBwuaI4ZxlYlTDUESuxfHPXQo5rCv9Se9GMN3uN7zkfbceD2so55eIW3IFzlLHkU5iHH38RSYW_scCBBmsgEK_r-8AYx_TeSVO53lCzQsPdOAAnQwkYJKjWSb-AN63bUX5upMzBa9RVuqb3i3F-UV1zWt4BU__Gy50gcUE14mvfa0rFTOTEB6-ETKg97lHQV3-bOErMb9dOuaurzP0ooNjF3_aSBR-fQ4ZowA==&abvar=0&pload=68&rlp=%5B0%2C0%2C0%2C0%2C-47.299999952316284%2C-0.40000009536743164%2C-1.5%2C0%5D Requested by Host: jaavnacsdw.com URL: https://jaavnacsdw.com/?r=dir&zoneid=1928708&pb=19a1d0c50325284ca98c505eea8a263c1665727287&psp=y0f_Z79SuIvaPLkMFdHdehElu3zrkvkKBBMQS5YYF0KFGFDbe1IVbF4ggksVRcBES7WHZUTRrOofmeVc90eXOnLFAIR8a_IrV9hnYo0jlS7Fsb7NGqcg1f7sHWHZuljs9O0F8aqmrWTX8itRVkjeGN-4bKFWS-_0a3mWZNXWK2-O76T6v-1wHhilzrm6dl1QBwJcl9Ntn2gvqSYnXcAJp5rAWWk3TydNlE3Yz7bA4AdBJMD7WV7Pm4PwwmoFFmDZrvs-CwNAZrkYOPPRRMoAIk4wd8pcVlSLzIvd4now0WmTnvXFP7k7J82Kxpwli0IeKMRT9mtt0FuVBp1wSTgjgQY5nut-asuxdub6GSKCJ-JlfX99MpEiNEfKVcFWhKGffwbJvq-YJJxBbiUgIJsCJ22vB58dRC3_nH8_puknoqGxwmppjV0V1cdqAD8x8hwwCXEdDi_5fyoCGjzTIFCPkeeQUokoragAxvEtGhRV20gq0lgF1Q==&nojs=0&ix=0&abvar=0&t=0&x=1600&y=1200&wcks=1&wgl=1&cnvs=1&os=0&md=0&bb=0&plu=Chrome%20PDF%20Plugin::Chrome%20PDF%20Viewer::Native%20Client&lang=en-US&pf=Win32&cd=24&0&pload=1452&rlp=%5B0%2C8.699999809265137%2C90.70000004768372%2C49.200000047683716%2C2.500000238418579%2C202.60000014305115%2C100.30000019073486%2C56.90000009536743%5D Protocol H2 Security TLS 1.3, , AES_256_GCM Server 62.122.171.6 , Netherlands, ASN50245 (SERVEREL-AS, NL), Reverse DNS 62.122.171.6.serverel.net Software nginx / Resource Hash Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Fri, 14 Oct 2022 04:01:27 GMT x-route-id stats.redirect-pixel server nginx accept-ch sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data timing-allow-origin * content-length 43 content-type image/gif
GET H2	200	revopush.js Show response news-gasolo.cc/	9 KB 9 KB	48ms 48ms	Script application/javascript	149.7.16.221 AS-GLOBALTELEHOST
General Check archive.org Show headers Download Go to Full URL https://news-gasolo.cc/revopush.js?v=4 Requested by Host: news-gasolo.cc URL: https://news-gasolo.cc/lands/53/?site=8053685&sub1=1928708&sub2=win10&sub3=de&sub4=chrome Protocol H2 Security TLS 1.3, , AES_128_GCM Server 149.7.16.221 London, United Kingdom, ASN63023 (AS-GLOBALTELEHOST, US), Reverse DNS 221-16-7-149.clients.gthost.com Software nginx / Resource Hash `32da65acc9ea9ff95f364751b4855731358710ebeb6b25d863a1c5d02dc73bd1` Request headers accept-language de-DE,de;q=0.9 Referer https://news-gasolo.cc/lands/53/?site=8053685&sub1=1928708&sub2=win10&sub3=de&sub4=chrome User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Fri, 14 Oct 2022 04:01:28 GMT last-modified Mon, 29 Aug 2022 09:05:32 GMT server nginx etag "630c815c-22da" content-type application/javascript cache-control max-age=315360000 accept-ranges bytes content-length 8922 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	style.css news-gasolo.cc/lands/53/css/	7 KB 7 KB	50ms 50ms	Stylesheet text/css	149.7.16.221 AS-GLOBALTELEHOST
General Check archive.org Show headers Download Go to Full URL https://news-gasolo.cc/lands/53/css/style.css Requested by Host: news-gasolo.cc URL: https://news-gasolo.cc/lands/53/?site=8053685&sub1=1928708&sub2=win10&sub3=de&sub4=chrome Protocol H2 Security TLS 1.3, , AES_128_GCM Server 149.7.16.221 London, United Kingdom, ASN63023 (AS-GLOBALTELEHOST, US), Reverse DNS 221-16-7-149.clients.gthost.com Software nginx / Resource Hash `a1f4e7ef79d0ff0e7daa8e33bbc20e8a77cfa2893f618fad12a81660ca9e90f4` Request headers accept-language de-DE,de;q=0.9 Referer https://news-gasolo.cc/lands/53/?site=8053685&sub1=1928708&sub2=win10&sub3=de&sub4=chrome User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Fri, 14 Oct 2022 04:01:28 GMT last-modified Fri, 20 Aug 2021 13:24:46 GMT server nginx etag "611fad1e-1a5e" content-type text/css cache-control max-age=315360000 accept-ranges bytes content-length 6750 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	spinning-circles2.svg news-gasolo.cc/lands/53/images/	503 B 682 B	50ms 49ms	Image image/svg+xml	149.7.16.221 AS-GLOBALTELEHOST
General Check archive.org Show headers Download Go to Show image Full URL https://news-gasolo.cc/lands/53/images/spinning-circles2.svg Requested by Host: news-gasolo.cc URL: https://news-gasolo.cc/lands/53/?site=8053685&sub1=1928708&sub2=win10&sub3=de&sub4=chrome Protocol H2 Security TLS 1.3, , AES_128_GCM Server 149.7.16.221 London, United Kingdom, ASN63023 (AS-GLOBALTELEHOST, US), Reverse DNS 221-16-7-149.clients.gthost.com Software nginx / Resource Hash `466d361db2f130d7e3d40a671c935e3e556c3a49567657afee2e44a0a390a84f` Request headers accept-language de-DE,de;q=0.9 Referer https://news-gasolo.cc/lands/53/?site=8053685&sub1=1928708&sub2=win10&sub3=de&sub4=chrome User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Fri, 14 Oct 2022 04:01:28 GMT last-modified Fri, 20 Aug 2021 13:24:46 GMT server nginx etag "611fad1e-1f7" content-type image/svg+xml cache-control max-age=315360000 accept-ranges bytes content-length 503 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	video.gif news-gasolo.cc/lands/53/images/	488 KB 489 KB	56ms 55ms	Image image/gif	149.7.16.221 AS-GLOBALTELEHOST
General Check archive.org Show headers Download Go to Show image Full URL https://news-gasolo.cc/lands/53/images/video.gif Requested by Host: news-gasolo.cc URL: https://news-gasolo.cc/lands/53/?site=8053685&sub1=1928708&sub2=win10&sub3=de&sub4=chrome Protocol H2 Security TLS 1.3, , AES_128_GCM Server 149.7.16.221 London, United Kingdom, ASN63023 (AS-GLOBALTELEHOST, US), Reverse DNS 221-16-7-149.clients.gthost.com Software nginx / Resource Hash Request headers accept-language de-DE,de;q=0.9 Referer https://news-gasolo.cc/lands/53/?site=8053685&sub1=1928708&sub2=win10&sub3=de&sub4=chrome User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Fri, 14 Oct 2022 04:01:28 GMT last-modified Fri, 20 Aug 2021 13:24:46 GMT server nginx etag "611fad1e-7a172" content-type image/gif cache-control max-age=315360000 accept-ranges bytes content-length 500082 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	device.js Show response news-gasolo.cc/lands/53/js/	7 KB 7 KB	49ms 48ms	Script application/javascript	149.7.16.221 AS-GLOBALTELEHOST
General Check archive.org Show headers Download Go to Full URL https://news-gasolo.cc/lands/53/js/device.js Requested by Host: news-gasolo.cc URL: https://news-gasolo.cc/lands/53/?site=8053685&sub1=1928708&sub2=win10&sub3=de&sub4=chrome Protocol H2 Security TLS 1.3, , AES_128_GCM Server 149.7.16.221 London, United Kingdom, ASN63023 (AS-GLOBALTELEHOST, US), Reverse DNS 221-16-7-149.clients.gthost.com Software nginx / Resource Hash `8b4fd7bcadd8d9e95b7aebae2f7b233dab0453cc931ba13add8a313dc3c61033` Request headers accept-language de-DE,de;q=0.9 Referer https://news-gasolo.cc/lands/53/?site=8053685&sub1=1928708&sub2=win10&sub3=de&sub4=chrome User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Fri, 14 Oct 2022 04:01:28 GMT last-modified Fri, 20 Aug 2021 13:24:46 GMT server nginx etag "611fad1e-1cc4" content-type application/javascript cache-control max-age=315360000 accept-ranges bytes content-length 7364 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	traffback.php news-gasolo.cc/	98 B 248 B	48ms 48ms	XHR text/html	149.7.16.221 AS-GLOBALTELEHOST
General Check archive.org Show headers Download Go to Full URL https://news-gasolo.cc/traffback.php?site=8053685&sub1=1928708&sub2=win10&sub3=de&sub4=chrome&land=53 Requested by Host: news-gasolo.cc URL: https://news-gasolo.cc/revopush.js?v=4 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 149.7.16.221 London, United Kingdom, ASN63023 (AS-GLOBALTELEHOST, US), Reverse DNS 221-16-7-149.clients.gthost.com Software nginx / Resource Hash Request headers accept-language de-DE,de;q=0.9 Referer https://news-gasolo.cc/lands/53/?site=8053685&sub1=1928708&sub2=win10&sub3=de&sub4=chrome User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers pragma no-cache date Fri, 14 Oct 2022 04:01:28 GMT cache-control no-cache, must-revalidate content-encoding gzip server nginx content-type text/html; charset=UTF-8
GET H2	200	Primary Request video-14 Show response qjbipy.com/ Redirect Chain https://qjbipy.com/gosl/InNpZCI6MTEzMjg2NSwic21hcnRsaW5rIjp0cnVlfQ==eyJwaWQiOjEwODA0MDQs?si1=&si2= https://qjbipy.com/video-14?h=waWQiOjEwODA0MDQsInNpZCI6MTEzMjg2NSwid2lkIjozNzk1MzUsInNyYyI6Mn0=eyJ&si1=&si2=	270 KB 197 KB	54ms 54ms	Document text/html	185.56.234.205 ADVANCEDHOSTERS-AS
General Check archive.org Show headers Download Go to Full URL https://qjbipy.com/video-14?h=waWQiOjEwODA0MDQsInNpZCI6MTEzMjg2NSwid2lkIjozNzk1MzUsInNyYyI6Mn0=eyJ&si1=&si2= Requested by Host: news-gasolo.cc URL: https://news-gasolo.cc/revopush.js?v=4 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 185.56.234.205 , Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL), Reverse DNS Software nginx/1.21.1 / Resource Hash `62a314a6d1e564c8a5eee9efa4bbd1d98d5531c8b13d4fee3436f92b41eb62b8` Request headers Referer https://news-gasolo.cc/lands/53/?site=8053685&sub1=1928708&sub2=win10&sub3=de&sub4=chrome Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers content-encoding gzip content-type text/html; charset=UTF-8 date Fri, 14 Oct 2022 04:01:28 GMT server nginx/1.21.1 vary Accept-Encoding x-zone eu3 Redirect headers cache-control no-cache content-type text/html; charset=UTF-8 date Fri, 14 Oct 2022 04:01:28 GMT location https://qjbipy.com/video-14?h=waWQiOjEwODA0MDQsInNpZCI6MTEzMjg2NSwid2lkIjozNzk1MzUsInNyYyI6Mn0=eyJ&si1=&si2= max-age 0 server nginx/1.21.1 x-zone eu3
GET DATA	200 OK	truncated /	2 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `d1f2b9e78325b8538774e6e3b56f2b36fc4a6865f61299d54d51aacbc242e515` Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	178 KB 0		Image image/jpeg
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `9d1737488dc24ad3d825b1ee023b79a7d86b9e120c314a852d1ec542fad35d92` Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers Content-Type image/jpeg

Verdicts & Comments Add Verdict or Comment

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

8 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
jaavnacsdw.com/	1970-01-20 15:27:36	Name: UID Value: 2210132301805ce8c2a19343c6a508ef5169
jaavnacsdw.com/	1970-01-20 07:25:12	Name: OACCAP Value: ACJysgAAAAAAAAAB
jaavnacsdw.com/	1970-01-20 07:25:12	Name: OACBLOCK Value: ACJysgAAAABjRknQ
jaavnacsdw.com/	1970-01-20 06:43:26	Name: OXCCLK Value: ACJysgAAAAAAAAAB
jaavnacsdw.com/	1970-01-20 06:43:26	Name: OXPCLK Value: AAISpAAAAAAAAAAB
jaavnacsdw.com/	1970-01-20 06:43:26	Name: ppucnt Value: 1
news-gasolo.cc/	1970-01-20 06:42:03	Name: clickdata Value: ODA1MzY4NXw6fDUzfDp8MTkyODcwOHw6fHdpbjEwfDp8ZGV8OnxjaHJvbWU%3D
.qjbipy.com/	1970-01-20 06:43:26	Name: truniq Value: 1

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	error	URL: https://news-gasolo.cc/lands/53/?site=8053685&sub1=1928708&sub2=win10&sub3=de&sub4=chrome Message: Chrome currently does not support the Push API in incognito mode (https://crbug.com/401439). There is deliberately no way to feature-detect this, since incognito mode needs to be undetectable by websites.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

jaavnacsdw.com
news-gasolo.cc
news-pitere.com
qjbipy.com
www.104111bank.com.tw
149.7.16.221
149.7.16.231
161.8.149.88
185.56.234.205
62.122.171.6
32da65acc9ea9ff95f364751b4855731358710ebeb6b25d863a1c5d02dc73bd1
466d361db2f130d7e3d40a671c935e3e556c3a49567657afee2e44a0a390a84f
55627412483176235f224a7c1dff92db85ade4235ff3761f14ba43501b21ba6a
62a314a6d1e564c8a5eee9efa4bbd1d98d5531c8b13d4fee3436f92b41eb62b8
8b4fd7bcadd8d9e95b7aebae2f7b233dab0453cc931ba13add8a313dc3c61033
98b17a3320045334d9beae6f37fdb4c8c99a767994de0ba0cf6e18f8c45bd849
9c1af094d02618705f601225caa85df167cbc60d5f0feacb7aa61cc4d93b260e
9d1737488dc24ad3d825b1ee023b79a7d86b9e120c314a852d1ec542fad35d92
a1f4e7ef79d0ff0e7daa8e33bbc20e8a77cfa2893f618fad12a81660ca9e90f4
d1f2b9e78325b8538774e6e3b56f2b36fc4a6865f61299d54d51aacbc242e515

qjbipy.com Open in urlscan Pro 185.56.234.205 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

12 Requests

100 %HTTPS

0 %IPv6

5 Domains

5 Subdomains

4 IPs

3 Countries

737 kBTransfer

1021 kBSize

8 Cookies

0 Outgoing links

Page URL History

Redirected requests

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

10 JavaScript Global Variables

8 Cookies

1 Console Messages

Indicators

qjbipy.com Open in urlscan Pro
185.56.234.205 Public Scan

Screenshot
Live screenshot

Full Image

12
Requests

100 %
HTTPS

0 %
IPv6

5
Domains

5
Subdomains

4
IPs

3
Countries

737 kB
Transfer

1021 kB
Size

8
Cookies

12 HTTP transactions
2 data transactions