ajkyx.qzgxqt.com Open in urlscan Pro
185.56.234.205 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://www.laborlink.es/
Effective URL:
https://ajkyx.qzgxqt.com/loading?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTgsInNyYyI6Mn0=eyJ&si1=steaven&si2=g...
Submission: On August 03 via manual (August 3rd 2023, 1:26:39 pm UTC) from ES — Scanned from ES

Summary HTTP 17 Redirects Behaviour Indicators

Summary

This website contacted 7 IPs in 4 countries across 6 domains to perform 17 HTTP transactions. The main IP is 185.56.234.205, located in Netherlands and belongs to ADVANCEDHOSTERS-AS, NL. The main domain is ajkyx.qzgxqt.com.
TLS certificate: Issued by R3 on June 16th 2023. Valid for: 3 months.

This is the only time ajkyx.qzgxqt.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 2	185.14.56.82 185.14.56.82	202054 (S4N-AS) (S4N-AS)
1 3	2.59.222.122 2.59.222.122	209155 (ONEHOSTPL...) (ONEHOSTPLANET)
1	2.59.222.119 2.59.222.119	209155 (ONEHOSTPL...) (ONEHOSTPLANET)
1 1	2a06:98c1:312... 2a06:98c1:3120::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	185.56.234.205 185.56.234.205	39572 (ADVANCEDH...) (ADVANCEDHOSTERS-AS)
1	2a02:b4a:1:7:... 2a02:b4a:1:7::9273:1	39572 (ADVANCEDH...) (ADVANCEDHOSTERS-AS)
5	2606:4700:303... 2606:4700:3036::6815:49a8	13335 (CLOUDFLAR...) (CLOUDFLARENET)
17	7

2 185.14.56.82 (Spain) 1 redirects

ASN202054 (S4N-AS, ES)
PTR: linux02.dnspropio.com

www.laborlink.es	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2.59.222.122 (Kyiv, Ukraine) 1 redirects

ASN209155 (ONEHOSTPLANET, CZ)

stay.linestoget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
go.linestoget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.59.222.119 (Kyiv, Ukraine)

ASN209155 (ONEHOSTPLANET, CZ)

get.linestoget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a06:98c1:3120::3 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

cqwajn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.56.234.205 (Netherlands)

ASN39572 (ADVANCEDHOSTERS-AS, NL)

qzgxqt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ptu4g.qzgxqt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
qx4b6.qzgxqt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ajkyx.qzgxqt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:b4a:1:7::9273:1 (Netherlands)

ASN39572 (ADVANCEDHOSTERS-AS, NL)

bcuiaw.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700:3036::6815:49a8 (United States)

ASN13335 (CLOUDFLARENET, US)

ulmoyc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	ulmoyc.com ulmoyc.com — Cisco Umbrella Rank: 38947	21 KB
4	qzgxqt.com qzgxqt.com — Cisco Umbrella Rank: 606476 ptu4g.qzgxqt.com qx4b6.qzgxqt.com ajkyx.qzgxqt.com npgrh.qzgxqt.com Failed	48 KB
4	linestoget.com 1 redirects stay.linestoget.com — Cisco Umbrella Rank: 498382 get.linestoget.com — Cisco Umbrella Rank: 630724 go.linestoget.com — Cisco Umbrella Rank: 648364 Failed	3 KB
2	laborlink.es 1 redirects www.laborlink.es	463 B
1	bcuiaw.com bcuiaw.com	101 B
1	cqwajn.com cqwajn.com — Cisco Umbrella Rank: 249438 Failed	542 B
17	6

	Domain	Requested by
5	ulmoyc.com	qzgxqt.com ulmoyc.com ptu4g.qzgxqt.com qx4b6.qzgxqt.com ajkyx.qzgxqt.com
2	go.linestoget.com	get.linestoget.com
2	www.laborlink.es	1 redirects
1	ajkyx.qzgxqt.com	qx4b6.qzgxqt.com
1	qx4b6.qzgxqt.com	ptu4g.qzgxqt.com
1	ptu4g.qzgxqt.com	qzgxqt.com
1	bcuiaw.com	qzgxqt.com
1	qzgxqt.com	go.linestoget.com
1	cqwajn.com	go.linestoget.com
1	get.linestoget.com	stay.linestoget.com
1	stay.linestoget.com	www.laborlink.es
0	npgrh.qzgxqt.com Failed	ajkyx.qzgxqt.com
17	12

This site contains no links.

Subject Issuer	Validity	Valid
laborlink.es R3	`2023-06-23` - `2023-09-21`	3 months	crt.sh
stay.linestoget.com R3	`2023-07-13` - `2023-10-11`	3 months	crt.sh
get.linestoget.com R3	`2023-07-14` - `2023-10-12`	3 months	crt.sh
go.linestoget.com R3	`2023-07-14` - `2023-10-12`	3 months	crt.sh
qzgxqt.com R3	`2023-06-16` - `2023-09-14`	3 months	crt.sh
bcuiaw.com R3	`2023-07-31` - `2023-10-29`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-01-29` - `2024-01-28`	a year	crt.sh

This page contains 1 frames:

Frame: https://npgrh.qzgxqt.com/loading?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTgsInNyYyI6Mn0=eyJ&si1=steaven&si2=garrygoon&i=4
Frame ID: A5527AA544930785468DE5F7B29C4B12
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

## Notification Confirmation ##

Page URL History Show full URLs

http://www.laborlink.es/ HTTP 301
https://www.laborlink.es/ Page URL
https://go.linestoget.com/final.php?id=7457648&sid=34257&lid=576586 HTTP 302
https://go.linestoget.com/go.php?id=776&gid=5578775564 Page URL
https://cqwajn.com/gosl/InNpZCI6MTI0ODg5MSwic21hcnRsaW5rIjp0cnVlfQ==eyJwaWQiOjEwNTQwMzAs?si1=st... HTTP 302
https://qzgxqt.com/loading?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTgsInNyYyI6Mn0=e... Page URL
https://ptu4g.qzgxqt.com/loading?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTgsInNyYyI6Mn0=e... Page URL
https://qx4b6.qzgxqt.com/loading?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTgsInNyYyI6Mn0=e... Page URL
https://ajkyx.qzgxqt.com/loading?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTgsInNyYyI6Mn0=e... Page URL

Page Statistics

17
Requests

82 %
HTTPS

43 %
IPv6

6
Domains

12
Subdomains

7
IPs

4
Countries

73 kB
Transfer

151 kB
Size

4
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.laborlink.es/ HTTP 301
https://www.laborlink.es/ Page URL
https://go.linestoget.com/final.php?id=7457648&sid=34257&lid=576586 HTTP 302
https://go.linestoget.com/go.php?id=776&gid=5578775564 Page URL
https://cqwajn.com/gosl/InNpZCI6MTI0ODg5MSwic21hcnRsaW5rIjp0cnVlfQ==eyJwaWQiOjEwNTQwMzAs?si1=steaven&si2=garrygoon HTTP 302
https://qzgxqt.com/loading?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTgsInNyYyI6Mn0=eyJ&si1=steaven&si2=garrygoon Page URL
https://ptu4g.qzgxqt.com/loading?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTgsInNyYyI6Mn0=eyJ&si1=steaven&si2=garrygoon&i=1 Page URL
https://qx4b6.qzgxqt.com/loading?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTgsInNyYyI6Mn0=eyJ&si1=steaven&si2=garrygoon&i=2 Page URL
https://ajkyx.qzgxqt.com/loading?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTgsInNyYyI6Mn0=eyJ&si1=steaven&si2=garrygoon&i=3 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://www.laborlink.es/ HTTP 301
https://www.laborlink.es/

Request Chain 4

https://go.linestoget.com/final.php?id=7457648&sid=34257&lid=576586 HTTP 302
https://go.linestoget.com/go.php?id=776&gid=5578775564

Request Chain 6

https://cqwajn.com/gosl/InNpZCI6MTI0ODg5MSwic21hcnRsaW5rIjp0cnVlfQ==eyJwaWQiOjEwNTQwMzAs?si1=steaven&si2=garrygoon HTTP 302
https://qzgxqt.com/loading?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTgsInNyYyI6Mn0=eyJ&si1=steaven&si2=garrygoon

17 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

500

/ Show response
www.laborlink.es/
Redirect Chain

http://www.laborlink.es/
https://www.laborlink.es/

560 B
215 B

303ms
209ms

Document
text/html

185.14.56.82
S4N-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.laborlink.es/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.14.56.82 , Spain, ASN202054 (S4N-AS, ES),
Reverse DNS: linux02.dnspropio.com
Software: Apache/2 / PHP/7.4.33
Resource Hash: a0f7de79fdb592c6177bd8098ebf04c8de4765dbabb5f3c70b01682003f84bc6

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
accept-language: es-ES,es;q=0.9

Response headers

content-encoding: gzip
content-length: 90
content-type: text/html; charset=UTF-8
date: Thu, 03 Aug 2023 13:26:30 GMT
server: Apache/2
vary: Accept-Encoding,User-Agent
x-powered-by: PHP/7.4.33

Redirect headers

Connection: Keep-Alive
Content-Length: 233
Content-Type: text/html; charset=iso-8859-1
Date: Thu, 03 Aug 2023 13:26:30 GMT
Keep-Alive: timeout=2, max=100
Location: https://www.laborlink.es/
Server: Apache/2

GET
H2 200 get.js Show response
stay.linestoget.com/scripts/ 3 KB
2 KB 1992ms
88ms Script
application/javascript 2.59.222.122
ONEHOSTPLANET

General

Check archive.org

Show headers Download Go to

Full URL

https://stay.linestoget.com/scripts/get.js?ver=4.2.1

Requested by

Host: www.laborlink.es
URL: https://www.laborlink.es/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.59.222.122 Kyiv, Ukraine, ASN209155 (ONEHOSTPLANET, CZ),

Reverse DNS

Software

nginx /

Resource Hash

53efebc5ac99521dc5b64f1eab51dcdab7bf5d89d999d194bd180502c129a7a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000;

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.laborlink.es/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Thu, 03 Aug 2023 13:26:33 GMT
strict-transport-security: max-age=15768000;
content-encoding: gzip
last-modified: Tue, 01 Aug 2023 06:05:21 GMT
server: nginx
etag: W/"64c8a0a1-db9"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 global.js Show response
get.linestoget.com/scripts/ 3 KB
1 KB 2184ms
87ms Script
application/javascript 2.59.222.119
ONEHOSTPLANET

General

Check archive.org

Show headers Download Go to

Full URL

https://get.linestoget.com/scripts/global.js

Requested by

Host: stay.linestoget.com
URL: https://stay.linestoget.com/scripts/get.js?ver=4.2.1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2.59.222.119 Kyiv, Ukraine, ASN209155 (ONEHOSTPLANET, CZ),

Reverse DNS

Software

nginx /

Resource Hash

928654f09ab57bcd0f95fac16e1f00164c338d127788b1b45906a249eea7afa9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000;

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.laborlink.es/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Thu, 03 Aug 2023 13:26:35 GMT
strict-transport-security: max-age=15768000;
content-encoding: gzip
last-modified: Fri, 14 Jul 2023 10:22:37 GMT
server: nginx
etag: W/"64b121ed-b70"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET final.php
go.linestoget.com/ 0
0

GET
H2

200

go.php
go.linestoget.com/
Redirect Chain

https://go.linestoget.com/final.php?id=7457648&sid=34257&lid=576586
https://go.linestoget.com/go.php?id=776&gid=5578775564

501 B
441 B

89ms
89ms

Document
text/html

2.59.222.122
ONEHOSTPLANET

General

Check archive.org

Show headers Download Go to

Full URL

https://go.linestoget.com/go.php?id=776&gid=5578775564

Requested by

Host: get.linestoget.com
URL: https://get.linestoget.com/scripts/global.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.59.222.122 Kyiv, Ukraine, ASN209155 (ONEHOSTPLANET, CZ),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000;

Request headers

Referer: https://www.laborlink.es/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
accept-language: es-ES,es;q=0.9

Response headers

content-encoding: gzip
content-length: 299
content-type: text/html; charset=UTF-8
date: Thu, 03 Aug 2023 13:26:37 GMT
server: nginx
strict-transport-security: max-age=15768000;
vary: Accept-Encoding

Redirect headers

content-length: 0
content-type: text/html; charset=UTF-8
date: Thu, 03 Aug 2023 13:26:37 GMT
location: https://go.linestoget.com/go.php?id=776&gid=5578775564
server: nginx
strict-transport-security: max-age=15768000;

GET InNpZCI6MTI0ODg5MSwic21hcnRsaW5rIjp0cnVlfQ==eyJwaWQiOjEwNTQwMzAs
cqwajn.com/gosl/ 0
0

GET
H2

200

loading Show response
qzgxqt.com/
Redirect Chain

https://cqwajn.com/gosl/InNpZCI6MTI0ODg5MSwic21hcnRsaW5rIjp0cnVlfQ==eyJwaWQiOjEwNTQwMzAs?si1=steaven&si2=garrygoon
https://qzgxqt.com/loading?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTgsInNyYyI6Mn0=eyJ&si1=steaven&si2=garrygoon

23 KB
12 KB

214ms
62ms

Document
text/html

185.56.234.205
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://qzgxqt.com/loading?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTgsInNyYyI6Mn0=eyJ&si1=steaven&si2=garrygoon
Requested by: Host: go.linestoget.com
URL: https://go.linestoget.com/go.php?id=776&gid=5578775564
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.56.234.205 , Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.21.1 /
Resource Hash: 86fa8347b654b87780a44c896a143b61c3b087004198102db294addc5cdf5aaf

Request headers

Referer: https://go.linestoget.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
accept-language: es-ES,es;q=0.9

Response headers

content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Thu, 03 Aug 2023 13:26:38 GMT
server: nginx/1.21.1
vary: Accept-Encoding
x-zone: eu3

Redirect headers

alt-svc: h3=":443"; ma=86400
cache-control: no-cache
cf-cache-status: DYNAMIC
cf-ray: 7f0ee4b5fe4c8678-MAD
content-type: text/html; charset=UTF-8
date: Thu, 03 Aug 2023 13:26:37 GMT
location: https://qzgxqt.com/loading?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTgsInNyYyI6Mn0=eyJ&si1=steaven&si2=garrygoon
max-age: 0
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9cQGknFbEi45ONI2pgXx03N9xA6LrwDZp47BZNv%2Fmiz3Mlfh5Q05qyfYwy85GX9MFmEILZaMV0PpQCTC%2BTKzLsh5ajxgWM6nuZOGJ9JYIPSxFDAIj9gP9H2CqV%2Flm8m1pnNzvIExgf%2Bx"}],"group":"cf-nel","max_age":604800}
server: cloudflare
x-zone: eu

GET
H2 200 rpe Show response
bcuiaw.com/ 0
101 B 190ms
55ms XHR
text/plain 2a02:b4a:1:7::9273:1
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://bcuiaw.com/rpe?a=1&s=1&act=17&src=2&p=1054030&st=1248891&wd=469098&d=qzgxqt.com&tpl=76&rnd=0.6825269393983802&sbid=steaven&sbid2=garrygoon
Requested by: Host: qzgxqt.com
URL: https://qzgxqt.com/loading?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTgsInNyYyI6Mn0=eyJ&si1=steaven&si2=garrygoon
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 2a02:b4a:1:7::9273:1 , Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://qzgxqt.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 03 Aug 2023 13:26:38 GMT
accept-ch: Sec-CH-UA-Platform-Version
server: nginx/1.18.0
content-length: 0

GET
H2 200 sdk.js Show response
ulmoyc.com/v1/ 13 KB
5 KB 123ms
47ms Script
application/javascript 2606:4700:3036::6815:49a8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ulmoyc.com/v1/sdk.js?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTgsInNyYyI6MiwicG0iOjJ9eyJ&d=qzgxqt.com&tpl=76&pbd=iOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTgsInNpMSI6InN0ZWF2ZW4iLCJzaTIiOiJnYXJyeWdvb24ifQ==eyJwaWQ
Requested by: Host: qzgxqt.com
URL: https://qzgxqt.com/loading?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTgsInNyYyI6Mn0=eyJ&si1=steaven&si2=garrygoon
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::6815:49a8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 474956b3b4c1b34e1ef50b5142bbf31144143853c06fc21082132b95fea7f2d6

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://qzgxqt.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Thu, 03 Aug 2023 13:26:38 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 977
etag: W/"Imj7q9GnQFOF+mcfmqs1/YiuEqE"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n1zpVwNTFBpSoaEysl441g9dP86bf2q8Dna8ZWXdLqpqFaE%2BPVOdBFePTNWv%2FdBSvLhjYZofT10ppC98%2B0MvCcHuv4ZJA1WDwUA602OTqqr%2FEYfyP5PEDb4dAzANtNerakb%2BkRTCIsQb"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: https://qzgxqt.com
cache-control: public, max-age=14400
x-zone: eu
cf-ray: 7f0ee4b8a980866f-MAD
alt-svc: h3=":443"; ma=86400

GET
H2 200 fp.js Show response
ulmoyc.com/ 1 KB
876 B 88ms
87ms Script
application/javascript 2606:4700:3036::6815:49a8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ulmoyc.com/fp.js?d=qzgxqt.com
Requested by: Host: ulmoyc.com
URL: https://ulmoyc.com/v1/sdk.js?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTgsInNyYyI6MiwicG0iOjJ9eyJ&d=qzgxqt.com&tpl=76&pbd=iOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTgsInNpMSI6InN0ZWF2ZW4iLCJzaTIiOiJnYXJyeWdvb24ifQ==eyJwaWQ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::6815:49a8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a6f136f74cdeb12c9222a4a65d0aff1cc76f6b46a9954e938d7829f3f8d47cd1

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://qzgxqt.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Thu, 03 Aug 2023 13:26:38 GMT
content-encoding: br
cf-cache-status: EXPIRED
last-modified: Thu, 03 Aug 2023 13:26:38 GMT
max-age: 0
server: cloudflare
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MQR9qFkgJRKY1cx6ypfnjgHSRKya9GUG9%2BZvbVhA1rN5xWFxoncOhUlSiZrPaoqWzKxgdZBM0qbGqqxl6RzrzG139En9RSXrGcMZ2h5nMaY%2FY9DUIDAR7L%2F5dyy%2Bo2cRb8DUJH22skTk"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: https://qzgxqt.com
cache-control: max-age=14400
x-zone: eu
cf-ray: 7f0ee4b8fa44866f-MAD
alt-svc: h3=":443"; ma=86400

GET
H2 200 loading Show response
ptu4g.qzgxqt.com/ 23 KB
12 KB 121ms
71ms Document
text/html 185.56.234.205
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ptu4g.qzgxqt.com/loading?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTgsInNyYyI6Mn0=eyJ&si1=steaven&si2=garrygoon&i=1
Requested by: Host: qzgxqt.com
URL: https://qzgxqt.com/loading?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTgsInNyYyI6Mn0=eyJ&si1=steaven&si2=garrygoon
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.56.234.205 , Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.21.1 /
Resource Hash: 0f4228580e4f4ee4a25ef1585c05d8c8290a5b1f34736bf3dd33982be67186d3

Request headers

Referer: https://qzgxqt.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
accept-language: es-ES,es;q=0.9

Response headers

content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Thu, 03 Aug 2023 13:26:38 GMT
server: nginx/1.21.1
vary: Accept-Encoding
x-zone: eu4

GET
H3 200 sdk.js Show response
ulmoyc.com/v1/ 13 KB
5 KB 46ms
46ms Script
application/javascript 2606:4700:3036::6815:49a8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ulmoyc.com/v1/sdk.js?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTgsInNyYyI6MiwicG0iOjJ9eyJ&d=qzgxqt.com&tpl=76&pbd=iOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTgsInNpMSI6InN0ZWF2ZW4iLCJzaTIiOiJnYXJyeWdvb24iLCJpIjoiMSJ9eyJwaWQ
Requested by: Host: ptu4g.qzgxqt.com
URL: https://ptu4g.qzgxqt.com/loading?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTgsInNyYyI6Mn0=eyJ&si1=steaven&si2=garrygoon&i=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:49a8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ab77a2d43a1dbe3d8dce752a19ff67e0f1158386ca4c1c5565ccace196ecd671

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://ptu4g.qzgxqt.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Thu, 03 Aug 2023 13:26:38 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 653
etag: W/"ADfFJQKGdXP0o1Rgco/qzjuCabc"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P85Qj4CJn6I9JNLuY%2BWpeu8t6H%2B%2ByF9hnNLwvEtJhj7S1oB%2BYbBzegqBTrggPsAFhIBHDkJR6OyLbWr428ydEjVpQPD5Y1FrAGH95NRP2dUT27QdnKL7ApCkdi%2FH%2FRX1bPzdpAhrVBi7"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: https://qzgxqt.com
cache-control: public, max-age=14400
x-zone: eu
cf-ray: 7f0ee4ba8ed06675-MAD
alt-svc: h3=":443"; ma=86400

GET
H2 200 loading Show response
qx4b6.qzgxqt.com/ 23 KB
12 KB 106ms
61ms Document
text/html 185.56.234.205
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://qx4b6.qzgxqt.com/loading?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTgsInNyYyI6Mn0=eyJ&si1=steaven&si2=garrygoon&i=2
Requested by: Host: ptu4g.qzgxqt.com
URL: https://ptu4g.qzgxqt.com/loading?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTgsInNyYyI6Mn0=eyJ&si1=steaven&si2=garrygoon&i=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.56.234.205 , Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.21.1 /
Resource Hash: 3bb8ccd1f702466bbe33dc28e98cdb89b853fb6a1efe0f53b51a0c74e55a3ff0

Request headers

Referer: https://ptu4g.qzgxqt.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
accept-language: es-ES,es;q=0.9

Response headers

content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Thu, 03 Aug 2023 13:26:38 GMT
server: nginx/1.21.1
vary: Accept-Encoding
x-zone: eu4

GET
H3 200 sdk.js Show response
ulmoyc.com/v1/ 13 KB
5 KB 40ms
40ms Script
application/javascript 2606:4700:3036::6815:49a8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ulmoyc.com/v1/sdk.js?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTgsInNyYyI6MiwicG0iOjJ9eyJ&d=qzgxqt.com&tpl=76&pbd=iOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTgsInNpMSI6InN0ZWF2ZW4iLCJzaTIiOiJnYXJyeWdvb24iLCJpIjoiMiJ9eyJwaWQ
Requested by: Host: qx4b6.qzgxqt.com
URL: https://qx4b6.qzgxqt.com/loading?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTgsInNyYyI6Mn0=eyJ&si1=steaven&si2=garrygoon&i=2
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:49a8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 78f40f3cf6de1bcd0d37d4765e48cf35ab226673c7421733f3edab319b8a1942

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://qx4b6.qzgxqt.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Thu, 03 Aug 2023 13:26:38 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 650
etag: W/"4y5hHdxPhFrltGsDyLoOpRs2Kmc"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eUFzUApWML2%2FUgKGiQNJz6lxdgy1AzNAPKZoQ5fZb%2BQn6UFTrYcI7aaDkp4M771lY1BjLkjPH9a9nqa44B6vtv3eeh7T998U%2F6VNwWN7JvjKCHlRYPYzq0%2BlKRKxVhQQSngq%2FuzBjjXa"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: https://qzgxqt.com
cache-control: public, max-age=14400
x-zone: eu
cf-ray: 7f0ee4bbe9466675-MAD
alt-svc: h3=":443"; ma=86400

GET
H2 200 Primary Request loading Show response
ajkyx.qzgxqt.com/ 23 KB
12 KB 104ms
59ms Document
text/html 185.56.234.205
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ajkyx.qzgxqt.com/loading?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTgsInNyYyI6Mn0=eyJ&si1=steaven&si2=garrygoon&i=3
Requested by: Host: qx4b6.qzgxqt.com
URL: https://qx4b6.qzgxqt.com/loading?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTgsInNyYyI6Mn0=eyJ&si1=steaven&si2=garrygoon&i=2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.56.234.205 , Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.21.1 /
Resource Hash: d6cc86999e8d7757a468e3066d3b45a52af41d6c1175cfc1983f0f8ba33faafc

Request headers

Referer: https://qx4b6.qzgxqt.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
accept-language: es-ES,es;q=0.9

Response headers

content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Thu, 03 Aug 2023 13:26:38 GMT
server: nginx/1.21.1
vary: Accept-Encoding
x-zone: eu3

GET
H3 200 sdk.js Show response
ulmoyc.com/v1/ 13 KB
5 KB 50ms
50ms Script
application/javascript 2606:4700:3036::6815:49a8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ulmoyc.com/v1/sdk.js?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTgsInNyYyI6MiwicG0iOjJ9eyJ&d=qzgxqt.com&tpl=76&pbd=iOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTgsInNpMSI6InN0ZWF2ZW4iLCJzaTIiOiJnYXJyeWdvb24iLCJpIjoiMyJ9eyJwaWQ
Requested by: Host: ajkyx.qzgxqt.com
URL: https://ajkyx.qzgxqt.com/loading?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTgsInNyYyI6Mn0=eyJ&si1=steaven&si2=garrygoon&i=3
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:49a8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8dff2c981b58bac37c1fc1cafb9b847a23353f28fd69aa1296c160c558203991

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://ajkyx.qzgxqt.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Thu, 03 Aug 2023 13:26:39 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 507
etag: W/"FWt44nvZ0vNFetDwaPYee1gAf6E"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aFS1jX1wRDe%2BIeCsqSvKBFbhmjn52Dsp%2FP7W9VCCugwbr7FeAkIRk1drSiP5ipneSZXZeBRLnWBafI5XU4FwtPEG30pvfRrbtFZYroGfVZPsbl8zxY%2FGAsGQwFSZ%2BzFFAnrJE%2BeE8VGd"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: https://qzgxqt.com
cache-control: public, max-age=14400
x-zone: eu
cf-ray: 7f0ee4bdfccd6675-MAD
alt-svc: h3=":443"; ma=86400

GET loading
npgrh.qzgxqt.com/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: go.linestoget.com
URL: https://go.linestoget.com/final.php?id=7457648&sid=34257&lid=576586

Domain: cqwajn.com
URL: https://cqwajn.com/gosl/InNpZCI6MTI0ODg5MSwic21hcnRsaW5rIjp0cnVlfQ==eyJwaWQiOjEwNTQwMzAs?si1=steaven&si2=garrygoon

Domain: npgrh.qzgxqt.com
URL: https://npgrh.qzgxqt.com/loading?h=waWQiOjEwNTQwMzAsInNpZCI6MTI0ODg5MSwid2lkIjo0NjkwOTgsInNyYyI6Mn0=eyJ&si1=steaven&si2=garrygoon&i=4

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| edPushSDK function| _0x2c0e function| _0x2f54

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.laborlink.es/	1970-01-20 13:44:57	Name: wp-dd-muser Value: 1
.qzgxqt.com/	1970-01-20 13:45:55	Name: truniq Value: 1
.qzgxqt.com/	1970-01-20 22:30:05	Name: prompt Value: 1
.qzgxqt.com/	1970-01-20 13:54:33	Name: ufp2 Value: 9e9b3516eb5838139ca8ec85ca238b21dd677d09

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://www.laborlink.es/ Message: Failed to load resource: the server responded with a status of 500 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajkyx.qzgxqt.com
bcuiaw.com
cqwajn.com
get.linestoget.com
go.linestoget.com
npgrh.qzgxqt.com
ptu4g.qzgxqt.com
qx4b6.qzgxqt.com
qzgxqt.com
stay.linestoget.com
ulmoyc.com
www.laborlink.es
cqwajn.com
go.linestoget.com
npgrh.qzgxqt.com
185.14.56.82
185.56.234.205
2.59.222.119
2.59.222.122
2606:4700:3036::6815:49a8
2a02:b4a:1:7::9273:1
2a06:98c1:3120::3
0f4228580e4f4ee4a25ef1585c05d8c8290a5b1f34736bf3dd33982be67186d3
3bb8ccd1f702466bbe33dc28e98cdb89b853fb6a1efe0f53b51a0c74e55a3ff0
474956b3b4c1b34e1ef50b5142bbf31144143853c06fc21082132b95fea7f2d6
53efebc5ac99521dc5b64f1eab51dcdab7bf5d89d999d194bd180502c129a7a1
78f40f3cf6de1bcd0d37d4765e48cf35ab226673c7421733f3edab319b8a1942
86fa8347b654b87780a44c896a143b61c3b087004198102db294addc5cdf5aaf
8dff2c981b58bac37c1fc1cafb9b847a23353f28fd69aa1296c160c558203991
928654f09ab57bcd0f95fac16e1f00164c338d127788b1b45906a249eea7afa9
a0f7de79fdb592c6177bd8098ebf04c8de4765dbabb5f3c70b01682003f84bc6
a6f136f74cdeb12c9222a4a65d0aff1cc76f6b46a9954e938d7829f3f8d47cd1
ab77a2d43a1dbe3d8dce752a19ff67e0f1158386ca4c1c5565ccace196ecd671
d6cc86999e8d7757a468e3066d3b45a52af41d6c1175cfc1983f0f8ba33faafc
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

ajkyx.qzgxqt.com Open in urlscan Pro 185.56.234.205 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

17 Requests

82 %HTTPS

43 %IPv6

6 Domains

12 Subdomains

7 IPs

4 Countries

73 kBTransfer

151 kBSize

4 Cookies

0 Outgoing links

Page URL History

Redirected requests

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

4 Cookies

1 Console Messages

Indicators

ajkyx.qzgxqt.com Open in urlscan Pro
185.56.234.205 Public Scan

Screenshot
Live screenshot

Full Image

17
Requests

82 %
HTTPS

43 %
IPv6

6
Domains

12
Subdomains

7
IPs

4
Countries

73 kB
Transfer

151 kB
Size

4
Cookies

17 HTTP transactions
0 data transactions