qps.ru Open in urlscan Pro
193.124.118.141 Public Scan

URL:
http://qps.ru/lAmiK
Submission: On January 10 via manual (January 10th 2019, 6:22:16 am UTC) from NL

Summary HTTP 11 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 9 IPs in 4 countries across 7 domains to perform 11 HTTP transactions. The main IP is 193.124.118.141, located in Russian Federation and belongs to RUWEB, RU. The main domain is qps.ru.

This is the only time qps.ru was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	193.124.118.141 193.124.118.141	49189 (RUWEB) (RUWEB)
1	94.31.29.128 94.31.29.128	12989 (HWNG) (HWNG)
1	188.72.202.174 188.72.202.174	35415 (WEBZILLA) (WEBZILLA)
1 1	78.140.191.84 78.140.191.84	35415 (WEBZILLA) (WEBZILLA)
1	188.72.213.175 188.72.213.175	35415 (WEBZILLA) (WEBZILLA)
1	54.84.122.125 54.84.122.125	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
1 2	88.212.201.196 88.212.201.196	39134 (UNITEDNET) (UNITEDNET)
1	188.72.215.102 188.72.215.102	35415 (WEBZILLA) (WEBZILLA)
4	188.72.213.138 188.72.213.138	35415 (WEBZILLA) (WEBZILLA)
11	9

1 193.124.118.141 (Russian Federation)

ASN49189 (RUWEB, RU)

qps.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 94.31.29.128 (United Kingdom)

ASN12989 (HWNG, NL)
PTR: 94.31.29.128.IPYX-077437-ZYO.above.net

cdn.popcash.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 188.72.202.174 (Netherlands)

ASN35415 (WEBZILLA, NL)

pushance.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 78.140.191.84 (Netherlands) 1 redirects

ASN35415 (WEBZILLA, NL)

go.oclasrv.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 188.72.213.175 (Netherlands)

ASN35415 (WEBZILLA, NL)

cobalten.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.84.122.125 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-54-84-122-125.compute-1.amazonaws.com

dcba.popcash.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 88.212.201.196 (Russian Federation) 1 redirects

ASN39134 (UNITEDNET, RU)
PTR: host196.rax.ru

counter.yadro.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 188.72.215.102 (Netherlands)

ASN35415 (WEBZILLA, NL)

pushance.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 188.72.213.138 (Netherlands)

ASN35415 (WEBZILLA, NL)

pushwhy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	pushwhy.com pushwhy.com	2 KB
2	yadro.ru 1 redirects counter.yadro.ru	958 B
2	pushance.com pushance.com	31 KB
2	popcash.net cdn.popcash.net dcba.popcash.net	26 KB
1	cobalten.com cobalten.com	2 KB
1	oclasrv.com 1 redirects go.oclasrv.com	305 B
1	qps.ru qps.ru	17 KB
11	7

	Domain	Requested by
4	pushwhy.com	pushance.com
2	counter.yadro.ru	1 redirects qps.ru
2	pushance.com	qps.ru pushance.com
1	dcba.popcash.net	cdn.popcash.net
1	cobalten.com	qps.ru
1	go.oclasrv.com	1 redirects
1	cdn.popcash.net	qps.ru
1	qps.ru
11	8

This site contains links to these domains. Also see Links.

Domain
skinsblood.pro
mybb.ru
uploads.ru
www.liveinternet.ru

Subject Issuer	Validity	Valid
*.popcash.net COMODO RSA Domain Validation Secure Server CA	`2017-04-05` - `2020-04-26`	3 years	crt.sh
pushance.com COMODO RSA Domain Validation Secure Server CA	`2018-09-05` - `2019-12-01`	a year	crt.sh
pushwhy.com RapidSSL RSA CA 2018	`2018-06-08` - `2019-06-08`	a year	crt.sh

This page contains 2 frames:

Primary Page: http://qps.ru/lAmiK
Frame ID: 87ED44983513BE19033C796B548167A0
Requests: 11 HTTP requests in this frame

Frame: data://truncated
Frame ID: DB24935758F72A49858A4E97C312DD75
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

11
Requests

55 %
HTTPS

0 %
IPv6

7
Domains

8
Subdomains

9
IPs

4
Countries

77 kB
Transfer

222 kB
Size

1
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://skinsblood.pro/r/inj3ct0r
Title: Нажмите сюда

Search URL Search Domain Scan URL

URL: http://mybb.ru/
Title: Создать форум

Search URL Search Domain Scan URL

URL: http://uploads.ru/
Title: Загрузить фото

Search URL Search Domain Scan URL

URL: http://www.liveinternet.ru/click

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 2

http://go.oclasrv.com/apu.php?zoneid=2053231 HTTP 302
http://cobalten.com/apu.php?zoneid=2053231

Request Chain 4

http://counter.yadro.ru/hit?t26.1;r;s1600*1200*24;uhttp%3A//qps.ru/lAmiK;0.5951817415814782 HTTP 302
http://counter.yadro.ru/hit?q;t26.1;r;s1600*1200*24;uhttp%3A//qps.ru/lAmiK;0.5951817415814782

11 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request Cookie set lAmiK Show response
qps.ru/ 53 KB
17 KB 173ms
60ms Document
text/html 193.124.118.141
RUWEB

General

Check archive.org

Show headers Download Go to

Full URL: http://qps.ru/lAmiK
Protocol: HTTP/1.1
Server: 193.124.118.141 , Russian Federation, ASN49189 (RUWEB, RU),
Reverse DNS
Software: nginx /
Resource Hash: 0644097c8f8434155bbb405f495c02bbf88e9b6aa09d8a3edb03285368428c4b

Request headers

Host: qps.ru
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Server: nginx
Date: Thu, 10 Jan 2019 06:22:00 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=10
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
Set-Cookie: uid=wXx2jVw25IiF/Rbi+0xPAgA=; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/
Content-Encoding: gzip

GET
H/1.1 200
OK pop.js Show response
cdn.popcash.net/ 64 KB
26 KB 42ms
9ms Script
application/javascript 94.31.29.128
HWNG

General

Check archive.org

Show headers Download Go to

Full URL: http://cdn.popcash.net/pop.js
Requested by: Host: qps.ru
URL: http://qps.ru/lAmiK
Protocol: HTTP/1.1
Server: 94.31.29.128 , United Kingdom, ASN12989 (HWNG, NL),
Reverse DNS: 94.31.29.128.IPYX-077437-ZYO.above.net
Software: NetDNA-cache/2.2 /
Resource Hash: b4221c88c806b7201fef40ea006fde86282b2a93a1be048dcfd45b5b1f736160

Request headers

Referer: http://qps.ru/lAmiK
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 10 Jan 2019 06:22:00 GMT
Content-Encoding: gzip
Last-Modified: Tue, 04 Dec 2018 13:11:11 GMT
Server: NetDNA-cache/2.2
ETag: W/"5c067cef-10155"
Vary: Accept-Encoding
X-Cache: HIT
Content-Type: application/javascript
Cache-Control: max-age=86400
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 483e88b704e8c297-FRA
Expires: Fri, 11 Jan 2019 06:22:00 GMT

GET
H/1.1 200
OK ntfc.php Show response
pushance.com/ 12 KB
5 KB 57ms
30ms Script
application/javascript 188.72.202.174
WEBZILLA

General

Check archive.org

Show headers Download Go to

Full URL: http://pushance.com/ntfc.php?p=2053241&tco=1
Requested by: Host: qps.ru
URL: http://qps.ru/lAmiK
Protocol: HTTP/1.1
Server: 188.72.202.174 , Netherlands, ASN35415 (WEBZILLA, NL),
Reverse DNS
Software: nginx /
Resource Hash: 9b5de99b9165355c94372c1683d9fff7e5709c0bf819898e20b51eb250ea56a7

Request headers

Referer: http://qps.ru/lAmiK
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 10 Jan 2019 06:21:52 GMT
Content-Encoding: gzip
Content-Type: application/javascript; charset=utf-8
Server: nginx
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET, POST, OPTIONS
P3P: CP="CUR ADM OUR NOR STA NID"
Access-Control-Max-Age: 86400
Cache-Control: private, max-age=0, no-cache
Access-Control-Allow-Credentials: true
Connection: keep-alive
Timing-Allow-Origin: *
Access-Control-Allow-Headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1

200
OK

apu.php Show response
cobalten.com/
Redirect Chain

http://go.oclasrv.com/apu.php?zoneid=2053231
http://cobalten.com/apu.php?zoneid=2053231

1 KB
2 KB

69ms
47ms

Script
application/x-javascript

188.72.213.175
WEBZILLA

General

Check archive.org

Show headers Download Go to

Full URL

http://cobalten.com/apu.php?zoneid=2053231

Requested by

Host: qps.ru
URL: http://qps.ru/lAmiK

Protocol

HTTP/1.1

Server

188.72.213.175 , Netherlands, ASN35415 (WEBZILLA, NL),

Reverse DNS

Software

nginx /

Resource Hash

c951e135943eb002a5eeeb1dc00dfde4713117871c849521b14dae1750876019

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: http://qps.ru/lAmiK
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 10 Jan 2019 06:22:00 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Content-Type: application/x-javascript
Server: nginx
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=1
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, max-age=0, no-cache
Connection: keep-alive
Timing-Allow-Origin: *, *
Expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date: Thu, 10 Jan 2019 06:22:00 GMT
X-Content-Type-Options: nosniff
Server: nginx
Strict-Transport-Security: max-age=1
Content-Type: text/html
Location: http://cobalten.com/apu.php?zoneid=2053231
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 154

GET
H2 204 znWaa3gu Show response
dcba.popcash.net/ 0
117 B 334ms
98ms XHR
text/plain 54.84.122.125
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://dcba.popcash.net/znWaa3gu
Requested by: Host: cdn.popcash.net
URL: http://cdn.popcash.net/pop.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.84.122.125 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-54-84-122-125.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: http://qps.ru/lAmiK
Origin: http://qps.ru

Response headers

status: 204
pragma: no-cache
date: Thu, 10 Jan 2019 06:22:01 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-origin: *
expires: 0

GET
H/1.1

200
OK

hit
counter.yadro.ru/
Redirect Chain

http://counter.yadro.ru/hit?t26.1;r;s1600*1200*24;uhttp%3A//qps.ru/lAmiK;0.5951817415814782
http://counter.yadro.ru/hit?q;t26.1;r;s1600*1200*24;uhttp%3A//qps.ru/lAmiK;0.5951817415814782

119 B
488 B

57ms
57ms

Image
image/gif

88.212.201.196
UNITEDNET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://counter.yadro.ru/hit?q;t26.1;r;s1600*1200*24;uhttp%3A//qps.ru/lAmiK;0.5951817415814782
Requested by: Host: qps.ru
URL: http://qps.ru/lAmiK
Protocol: HTTP/1.1
Server: 88.212.201.196 , Russian Federation, ASN39134 (UNITEDNET, RU),
Reverse DNS: host196.rax.ru
Software: 0W/0.8c /
Resource Hash: 6e8683af9a1562be54a15204a33238e1d04f7dea2760248a36cca6c88c619165

Request headers

Referer: http://qps.ru/lAmiK
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 10 Jan 2019 06:22:00 GMT
Server: 0W/0.8c
P3P: policyref="/w3c/p3p.xml", CP="UNI"
Cache-control: no-cache
Connection: Close
Content-Type: image/gif
Content-Length: 119
Expires: Tue, 09 Jan 2018 21:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 10 Jan 2019 06:22:00 GMT
Server: 0W/0.8c
P3P: policyref="/w3c/p3p.xml", CP="UNI"
Location: http://counter.yadro.ru/hit?q;t26.1;r;s1600*1200*24;uhttp%3A//qps.ru/lAmiK;0.5951817415814782
Cache-control: no-cache
Content-Type: text/html
Content-Length: 32
Expires: Tue, 09 Jan 2018 21:00:00 GMT

GET
H/1.1 200
OK ntfc.php Show response
pushance.com/ 90 KB
25 KB 107ms
39ms Script
application/javascript 188.72.215.102
WEBZILLA

General

Check archive.org

Show headers Download Go to

Full URL: https://pushance.com/ntfc.php?p=2053241&r=ui&swver=3.0.109
Requested by: Host: pushance.com
URL: http://pushance.com/ntfc.php?p=2053241&tco=1
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 188.72.215.102 , Netherlands, ASN35415 (WEBZILLA, NL),
Reverse DNS
Software: nginx /
Resource Hash: 0a8e7680c3f1e000b1a11d0675cf45c8117a6c640921ccc687b6e4e2368cdb75

Request headers

Referer: http://qps.ru/lAmiK
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 10 Jan 2019 06:21:53 GMT
Content-Encoding: gzip
Server: nginx
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: application/javascript; charset=utf-8
Access-Control-Max-Age: 86400
Cache-Control: private, max-age=86400
Access-Control-Allow-Credentials: true
Connection: keep-alive
Timing-Allow-Origin: *
Access-Control-Allow-Headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type

OPTIONS
H/1.1 200
OK custom Show response
pushwhy.com/ 0
453 B 69ms
13ms XHR
text/plain 188.72.213.138
WEBZILLA

General

Check archive.org

Show headers Download Go to

Full URL: https://pushwhy.com/custom
Requested by: Host: pushance.com
URL: https://pushance.com/ntfc.php?p=2053241&r=ui&swver=3.0.109
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 188.72.213.138 , Netherlands, ASN35415 (WEBZILLA, NL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Access-Control-Request-Method: POST
Origin: http://qps.ru
Referer: http://qps.ru/lAmiK
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Access-Control-Request-Headers: content-type

Response headers

Date: Thu, 10 Jan 2019 06:21:52 GMT
Server: nginx
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: http://qps.ru
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Content-Length: 0

POST
H/1.1 200
OK custom Show response
pushwhy.com/ 38 B
433 B 14ms
14ms XHR
application/json 188.72.213.138
WEBZILLA

General

Check archive.org

Show headers Download Go to

Full URL

https://pushwhy.com/custom

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_128_CBC

Server

188.72.213.138 , Netherlands, ASN35415 (WEBZILLA, NL),

Reverse DNS

Software

nginx /

Resource Hash

304fbd687c9b643bc952d93966b7afd853255ee039f8333da2752b226ed0709c

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: http://qps.ru/lAmiK
Origin: http://qps.ru
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
content-type: application/json

Response headers

Date: Thu, 10 Jan 2019 06:21:52 GMT
X-Content-Type-Options: nosniff
Server: nginx
Strict-Transport-Security: max-age=1
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: http://qps.ru
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Content-Length: 38

OPTIONS
H/1.1 200
OK custom Show response
pushwhy.com/ 0
453 B 14ms
13ms XHR
text/plain 188.72.213.138
WEBZILLA

General

Check archive.org

Show headers Download Go to

Full URL: https://pushwhy.com/custom
Requested by: Host: pushance.com
URL: https://pushance.com/ntfc.php?p=2053241&r=ui&swver=3.0.109
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 188.72.213.138 , Netherlands, ASN35415 (WEBZILLA, NL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Access-Control-Request-Method: POST
Origin: http://qps.ru
Referer: http://qps.ru/lAmiK
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Access-Control-Request-Headers: content-type

Response headers

Date: Thu, 10 Jan 2019 06:21:53 GMT
Server: nginx
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: http://qps.ru
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Content-Length: 0

GET
DATA 200
OK truncated
/ Frame DB24 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0ad770f7303d5654daf4d143d7b1b3bb746700bc1333497c9744f4f03ce42b91

Request headers

Response headers

Content-Type: image/svg+xml

POST
H/1.1 200
OK custom Show response
pushwhy.com/ 38 B
433 B 14ms
14ms XHR
application/json 188.72.213.138
WEBZILLA

General

Check archive.org

Show headers Download Go to

Full URL

https://pushwhy.com/custom

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_128_CBC

Server

188.72.213.138 , Netherlands, ASN35415 (WEBZILLA, NL),

Reverse DNS

Software

nginx /

Resource Hash

304fbd687c9b643bc952d93966b7afd853255ee039f8333da2752b226ed0709c

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: http://qps.ru/lAmiK
Origin: http://qps.ru
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
content-type: application/json

Response headers

Date: Thu, 10 Jan 2019 06:21:53 GMT
X-Content-Type-Options: nosniff
Server: nginx
Strict-Transport-Security: max-age=1
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: http://qps.ru
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Content-Length: 38

Verdicts & Comments Add Verdict or Comment

22 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			qps.ru/	1970-01-25 20:05:16	Name: uid Value: wXx2jVw25IiF/Rbi+0xPAgA=

11 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: http://cdn.popcash.net/pop.js(Line 5) Message: Popunder Script @ popunderjs.com
console-api	log	URL: http://cdn.popcash.net/pop.js(Line 5) Message: Author:
console-api	log	URL: http://cdn.popcash.net/pop.js(Line 5) Message: Version:
console-api	log	URL: http://cdn.popcash.net/pop.js(Line 5) Message: Release:
console-api	log	URL: http://cobalten.com/apu.php?zoneid=2053231(Line 1) Message: 70000
console-api	error	URL: https://pushance.com/ntfc.php?p=2053241&r=ui&swver=3.0.109(Line 1) Message: TypeError: Cannot read property '__PSR_SESSION_1_2053242_false' of null at https://pushance.com/ntfc.php?p=2053241&r=ui&swver=3.0.109:1:86369 at _.(anonymous function) (https://pushance.com/ntfc.php?p=2053241&r=ui&swver=3.0.109:1:21793) at s (https://pushance.com/ntfc.php?p=2053241&r=ui&swver=3.0.109:1:86351) at _.(anonymous function) (https://pushance.com/ntfc.php?p=2053241&r=ui&swver=3.0.109:1:86065) at _.(anonymous function) (https://pushance.com/ntfc.php?p=2053241&r=ui&swver=3.0.109:1:84314) at https://pushance.com/ntfc.php?p=2053241&r=ui&swver=3.0.109:1:67123 at _.(anonymous function) (https://pushance.com/ntfc.php?p=2053241&r=ui&swver=3.0.109:1:34769) at _.(anonymous function) (https://pushance.com/ntfc.php?p=2053241&r=ui&swver=3.0.109:1:67080) at https://pushance.com/ntfc.php?p=2053241&r=ui&swver=3.0.109:1:91205
console-api	error	URL: https://pushance.com/ntfc.php?p=2053241&r=ui&swver=3.0.109(Line 1) Message: TypeError: Cannot set property '__PSR_SESSION_1_2053242_false' of null at https://pushance.com/ntfc.php?p=2053241&r=ui&swver=3.0.109:1:42993 at _.(anonymous function) (https://pushance.com/ntfc.php?p=2053241&r=ui&swver=3.0.109:1:21793) at d (https://pushance.com/ntfc.php?p=2053241&r=ui&swver=3.0.109:1:42974) at _.(anonymous function) (https://pushance.com/ntfc.php?p=2053241&r=ui&swver=3.0.109:1:42911) at _.(anonymous function) (https://pushance.com/ntfc.php?p=2053241&r=ui&swver=3.0.109:1:84485) at https://pushance.com/ntfc.php?p=2053241&r=ui&swver=3.0.109:1:67123 at _.(anonymous function) (https://pushance.com/ntfc.php?p=2053241&r=ui&swver=3.0.109:1:34769) at _.(anonymous function) (https://pushance.com/ntfc.php?p=2053241&r=ui&swver=3.0.109:1:67080) at https://pushance.com/ntfc.php?p=2053241&r=ui&swver=3.0.109:1:91205
console-api	log	URL: http://cdn.popcash.net/pop.js(Line 5) Message: 111
console-api	log	URL: http://cdn.popcash.net/pop.js(Line 5) Message: popunderjs.com:
console-api	log	URL: http://cdn.popcash.net/pop.js(Line 5) Message: popunderjs.com:
console-api	error	URL: https://pushance.com/ntfc.php?p=2053241&r=ui&swver=3.0.109(Line 1) Message: TypeError: Cannot set property '__PSR_SESSION_1_2053242_false' of null at https://pushance.com/ntfc.php?p=2053241&r=ui&swver=3.0.109:1:42993 at _.(anonymous function) (https://pushance.com/ntfc.php?p=2053241&r=ui&swver=3.0.109:1:21793) at d (https://pushance.com/ntfc.php?p=2053241&r=ui&swver=3.0.109:1:42974) at _.(anonymous function) (https://pushance.com/ntfc.php?p=2053241&r=ui&swver=3.0.109:1:42911) at _.(anonymous function) (https://pushance.com/ntfc.php?p=2053241&r=ui&swver=3.0.109:1:84956) at https://pushance.com/ntfc.php?p=2053241&r=ui&swver=3.0.109:1:68975 at _.(anonymous function) (https://pushance.com/ntfc.php?p=2053241&r=ui&swver=3.0.109:1:78990) at y (https://pushance.com/ntfc.php?p=2053241&r=ui&swver=3.0.109:1:68810) at https://pushance.com/ntfc.php?p=2053241&r=ui&swver=3.0.109:1:68398

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.popcash.net
cobalten.com
counter.yadro.ru
dcba.popcash.net
go.oclasrv.com
pushance.com
pushwhy.com
qps.ru
188.72.202.174
188.72.213.138
188.72.213.175
188.72.215.102
193.124.118.141
54.84.122.125
78.140.191.84
88.212.201.196
94.31.29.128
0644097c8f8434155bbb405f495c02bbf88e9b6aa09d8a3edb03285368428c4b
0a8e7680c3f1e000b1a11d0675cf45c8117a6c640921ccc687b6e4e2368cdb75
0ad770f7303d5654daf4d143d7b1b3bb746700bc1333497c9744f4f03ce42b91
304fbd687c9b643bc952d93966b7afd853255ee039f8333da2752b226ed0709c
6e8683af9a1562be54a15204a33238e1d04f7dea2760248a36cca6c88c619165
9b5de99b9165355c94372c1683d9fff7e5709c0bf819898e20b51eb250ea56a7
b4221c88c806b7201fef40ea006fde86282b2a93a1be048dcfd45b5b1f736160
c951e135943eb002a5eeeb1dc00dfde4713117871c849521b14dae1750876019
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

qps.ru Open in urlscan Pro 193.124.118.141 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

11 Requests

55 %HTTPS

0 %IPv6

7 Domains

8 Subdomains

9 IPs

4 Countries

77 kBTransfer

222 kBSize

1 Cookies

4 Outgoing links

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

22 JavaScript Global Variables

1 Cookies

11 Console Messages

Indicators

qps.ru Open in urlscan Pro
193.124.118.141 Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

55 %
HTTPS

0 %
IPv6

7
Domains

8
Subdomains

9
IPs

4
Countries

77 kB
Transfer

222 kB
Size

1
Cookies

11 HTTP transactions
1 data transactions