gotexna.xyz Open in urlscan Pro
104.21.21.192 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://hoi.rexsmasher.eu/login.php
Effective URL:
https://gotexna.xyz/?s=313&q=file-64dcb3&g=91050ee3940836b90a6c4dd2f294e0e2&mode=&hmac=WyJiMzlhY2IyZmQxZTllZjgwYjE1Y...
Submission Tags: krdtest
Submission: On September 08 via api (September 8th 2021, 1:22:27 pm UTC) from JP — Scanned from DE

Summary HTTP 13 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 8 IPs in 4 countries across 10 domains to perform 13 HTTP transactions. The main IP is 104.21.21.192, located in and belongs to CLOUDFLARENET, US. The main domain is gotexna.xyz.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on February 13th 2021. Valid for: a year.

This is the only time gotexna.xyz was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
3	104.21.70.201 104.21.70.201	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	165.22.198.175 165.22.198.175	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
2	213.174.135.24 213.174.135.24	39572 (ADVANCEDH...) (ADVANCEDHOSTERS-AS)
1 2	88.212.201.210 88.212.201.210	39134 (UNITEDNET) (UNITEDNET)
1	104.21.48.230 104.21.48.230	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	213.174.135.25 213.174.135.25	39572 (ADVANCEDH...) (ADVANCEDHOSTERS-AS)
1 2	104.21.21.192 104.21.21.192	13335 (CLOUDFLAR...) (CLOUDFLARENET)
13	8

3 104.21.70.201 (None, )

ASN13335 (CLOUDFLARENET, US)

hoi.rexsmasher.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 165.22.198.175 (Amsterdam, Netherlands)

ASN14061 (DIGITALOCEAN-ASN, US)

lib1.biz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.174.135.24 (Ashburn, United States)

ASN39572 (ADVANCEDHOSTERS-AS, NL)

sw.wpush.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
js.jnkstff.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 88.212.201.210 (Russian Federation) 1 redirects

ASN39134 (UNITEDNET, RU)

counter.yadro.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.21.48.230 (None, )

ASN13335 (CLOUDFLARENET, US)

frezex.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.174.135.25 (Ashburn, United States)

ASN39572 (ADVANCEDHOSTERS-AS, NL)

js.wpushsdk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.21.21.192 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

gotexna.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	rexsmasher.eu hoi.rexsmasher.eu	50 KB
2	gotexna.xyz 1 redirects gotexna.xyz	2 KB
2	wpushsdk.com js.wpushsdk.com	33 KB
2	yadro.ru 1 redirects counter.yadro.ru	1 KB
1	jnkstff.com js.jnkstff.com	339 B
1	frezex.xyz frezex.xyz	1 KB
1	wpush.org sw.wpush.org	25 KB
1	lib1.biz lib1.biz	15 KB
0	ntvpinp.com Failed ntvpinp.com Failed
0	nereserv.com Failed nereserv.com Failed
13	10

	Domain	Requested by
3	hoi.rexsmasher.eu	hoi.rexsmasher.eu
2	gotexna.xyz	1 redirects
2	js.wpushsdk.com	sw.wpush.org js.wpushsdk.com
2	counter.yadro.ru	1 redirects
1	js.jnkstff.com	js.wpushsdk.com
1	frezex.xyz	hoi.rexsmasher.eu
1	sw.wpush.org	hoi.rexsmasher.eu
1	lib1.biz	hoi.rexsmasher.eu
0	ntvpinp.com Failed	js.wpushsdk.com
0	nereserv.com Failed	js.wpushsdk.com
13	10

This site contains links to these domains. Also see Links.

Domain
13.56.188.58

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-11-29` - `2021-11-28`	a year	crt.sh
10.lib2.biz R3	`2021-09-06` - `2021-12-05`	3 months	crt.sh
sw.wpush.org R3	`2021-07-18` - `2021-10-16`	3 months	crt.sh
counter.yadro.ru GoGetSSL ECC DV CA	`2020-02-02` - `2022-05-02`	2 years	crt.sh
js.wpushsdk.com R3	`2021-08-20` - `2021-11-18`	3 months	crt.sh
js.jnkstff.com R3	`2021-08-20` - `2021-11-18`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://gotexna.xyz/?s=313&q=file-64dcb3&g=91050ee3940836b90a6c4dd2f294e0e2&mode=&hmac=WyJiMzlhY2IyZmQxZTllZjgwYjE1YTAxYmEyYjI5ZjFlYzhiOTFhZDgwIiwiMzAzNDI5NGRhYTFiYTM2OWNiMjA3OTVjMzc1NDIyNzUxODY4YmMwMSIsIjIyOGJiZjVjMGM1ZmY0ZDU5ZTM1ZDFlMzNmNTUyODczZGYyNzA4YmQiXQ==
Frame ID: 6E65376D57A885A994A975F7D28773B8
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

...

Page URL History Show full URLs

https://hoi.rexsmasher.eu/login.php Page URL
https://frezex.xyz/?s=313&q=file-64dcb3 Page URL
http://gotexna.xyz/?s=313&q=file-64dcb3&g=91050ee3940836b90a6c4dd2f294e0e2&mode=&hmac=WyJiMzlhY... HTTP 301
https://gotexna.xyz/?s=313&q=file-64dcb3&g=91050ee3940836b90a6c4dd2f294e0e2&mode=&hmac=WyJiMzlhY... Page URL

Page Statistics

13
Requests

85 %
HTTPS

0 %
IPv6

10
Domains

10
Subdomains

8
IPs

4
Countries

126 kB
Transfer

246 kB
Size

3
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: http://13.56.188.58/?6138b912d3b3c=e5bf9e6123831c13ee2412d221e1c0d04a84edbeArray&m=313&q=file-64dcb3&dedica=&
Title: Click if it doesn't redirect automatically in 2 seconds

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://hoi.rexsmasher.eu/login.php Page URL
https://frezex.xyz/?s=313&q=file-64dcb3 Page URL
http://gotexna.xyz/?s=313&q=file-64dcb3&g=91050ee3940836b90a6c4dd2f294e0e2&mode=&hmac=WyJiMzlhY2IyZmQxZTllZjgwYjE1YTAxYmEyYjI5ZjFlYzhiOTFhZDgwIiwiMzAzNDI5NGRhYTFiYTM2OWNiMjA3OTVjMzc1NDIyNzUxODY4YmMwMSIsIjIyOGJiZjVjMGM1ZmY0ZDU5ZTM1ZDFlMzNmNTUyODczZGYyNzA4YmQiXQ== HTTP 301
https://gotexna.xyz/?s=313&q=file-64dcb3&g=91050ee3940836b90a6c4dd2f294e0e2&mode=&hmac=WyJiMzlhY2IyZmQxZTllZjgwYjE1YTAxYmEyYjI5ZjFlYzhiOTFhZDgwIiwiMzAzNDI5NGRhYTFiYTM2OWNiMjA3OTVjMzc1NDIyNzUxODY4YmMwMSIsIjIyOGJiZjVjMGM1ZmY0ZDU5ZTM1ZDFlMzNmNTUyODczZGYyNzA4YmQiXQ== Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 6

https://counter.yadro.ru/hit;other_kobec_new?t52.6;r;s1600*1200*24;uhttps%3A//hoi.rexsmasher.eu/login.php;hAccess%20page;0.08151628445848513 HTTP 302
https://counter.yadro.ru/hit;other_kobec_new?q;t52.6;r;s1600*1200*24;uhttps%3A//hoi.rexsmasher.eu/login.php;hAccess%20page;0.08151628445848513

13 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 login.php Show response
hoi.rexsmasher.eu/ 11 KB
7 KB 161ms
97ms Document
text/html 104.21.70.201
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hoi.rexsmasher.eu/login.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.70.201 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.4.8
Resource Hash: d93215f7fe717931a655fb3c5113f576a1bf064267d9f68494cb2485c98047c7

Request headers

:method: GET
:authority: hoi.rexsmasher.eu
:scheme: https
:path: /login.php
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Wed, 08 Sep 2021 13:22:18 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.4.8
set-cookie: ab_referer=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
access-control-allow-origin: *
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mLXy45N41j9PJjiZHAE%2B8KrbfB9NVsqPuBbql9oPQjffk6qsoppOmalTV25KmLdtJFUbnlG5EbQk0ey182VcxWW%2Fb6mtzodE7206CEYKh5Mjecj7ocTfZZg3DJSG9Tb0e%2FIyRg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 68b87c1e1a69409f-CDG
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 g4zdmy3dgu5ha3ddf4zdkma Show response
lib1.biz/code/ 14 KB
15 KB 5118ms
32ms Script
application/javascript 165.22.198.175
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://lib1.biz/code/g4zdmy3dgu5ha3ddf4zdkma

Requested by

Host: hoi.rexsmasher.eu
URL: https://hoi.rexsmasher.eu/login.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

165.22.198.175 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

nginx /

Resource Hash

07880b2362c9a3da39af74a121b5a4300a01940defb19c6ec0f067661b8cc40d

Security Headers

Name	Value
Content-Security-Policy	img-src https: data:; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hoi.rexsmasher.eu/login.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 08 Sep 2021 13:22:23 GMT
server: nginx
content-security-policy: img-src https: data:; upgrade-insecure-requests
strict-transport-security: max-age=31536000
content-type: application/javascript; charset=UTF-8

GET
H2 200 arrow.png
hoi.rexsmasher.eu/landing/ 7 KB
8 KB 93ms
92ms Image
image/png 104.21.70.201
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hoi.rexsmasher.eu/landing/arrow.png
Requested by: Host: hoi.rexsmasher.eu
URL: https://hoi.rexsmasher.eu/login.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.70.201 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1e33356964f2769244bb45448d9b0680582b69f344b4f09fa85231efaf05adc2

Request headers

:path: /landing/arrow.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: hoi.rexsmasher.eu
referer: https://hoi.rexsmasher.eu/login.php
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://hoi.rexsmasher.eu/login.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 08 Sep 2021 13:22:18 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 7572
last-modified: Mon, 07 Sep 2020 14:18:40 GMT
server: cloudflare
etag: "5f564140-1d94"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cKc0%2F0FakwLI1MWWwOTccJrZNwut2qJz6ATVnHazlnKrA1IjK9DpUIwWFBnII58sW%2FZuj1OUsvuSw4TYEpTDNlTrLnYQV9sqHhk49%2FNM8mnUsOkwEY4iICWF6Ht62%2FdhqRpZYw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 68b87c1eebbf409f-CDG
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 robot-men.png
hoi.rexsmasher.eu/landing/ 35 KB
35 KB 131ms
131ms Image
image/png 104.21.70.201
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hoi.rexsmasher.eu/landing/robot-men.png
Requested by: Host: hoi.rexsmasher.eu
URL: https://hoi.rexsmasher.eu/login.php
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.70.201 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5c3c942fb9cd53092d8fffd0b3fac34138146959b4febc788be7e919232008b9

Request headers

:path: /landing/robot-men.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: hoi.rexsmasher.eu
referer: https://hoi.rexsmasher.eu/login.php
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://hoi.rexsmasher.eu/login.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 08 Sep 2021 13:22:18 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 35511
last-modified: Mon, 07 Sep 2020 14:18:40 GMT
server: cloudflare
etag: "5f564140-8ab7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qE3C3r%2BtSoj3Cux5%2B2pZkb1uWoTfNmSjIoIcj%2FEW0cTXePm27e6MmvMus7mhDNoQG5Sl89%2F7zwPX0PFFRfRQLJPahtGydImHv5mTTTn7pAGI6k%2BisIBIS%2FYydB2kAClsZtmJWA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 68b87c1f8db63a6f-CDG
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 main.js
sw.wpush.org/script/ 75 KB
25 KB 182ms
6ms Script
application/javascript 213.174.135.24
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://sw.wpush.org/script/main.js?promo=24303&tcid=2833&src=1860236680
Requested by: Host: hoi.rexsmasher.eu
URL: https://hoi.rexsmasher.eu/login.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 213.174.135.24 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hoi.rexsmasher.eu/login.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 08 Sep 2021 13:22:23 GMT
content-encoding: gzip
last-modified: Wed, 18 Aug 2021 13:25:45 GMT
server: nginx/1.18.0
etag: W/"611d0a59-12a35"
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
expires: Wed, 08 Sep 2021 14:22:23 GMT
cache-control: max-age=3600
x-proxy-cache: HIT

GET
DATA 200
OK truncated
/ 42 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hoi.rexsmasher.eu/login.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/gif

GET
H/1.1

200
OK

hit;other_kobec_new
counter.yadro.ru/
Redirect Chain

https://counter.yadro.ru/hit;other_kobec_new?t52.6;r;s1600*1200*24;uhttps%3A//hoi.rexsmasher.eu/login.php;hAccess%20page;0.08151628445848513
https://counter.yadro.ru/hit;other_kobec_new?q;t52.6;r;s1600*1200*24;uhttps%3A//hoi.rexsmasher.eu/login.php;hAccess%20page;0.08151628445848513

411 B
897 B

54ms
53ms

Image
image/gif

88.212.201.210
UNITEDNET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://counter.yadro.ru/hit;other_kobec_new?q;t52.6;r;s1600*1200*24;uhttps%3A//hoi.rexsmasher.eu/login.php;hAccess%20page;0.08151628445848513

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

88.212.201.210 , Russian Federation, ASN39134 (UNITEDNET, RU),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hoi.rexsmasher.eu/login.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 08 Sep 2021 13:22:23 GMT
Server: nginx/1.17.9
Strict-Transport-Security: max-age=86400
P3P: policyref="/w3c/p3p.xml", CP="UNI"
Access-Control-Allow-Origin: *
Cache-control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 411
Expires: Mon, 07 Sep 2020 21:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 08 Sep 2021 13:22:23 GMT
Server: nginx/1.17.9
Strict-Transport-Security: max-age=86400
P3P: policyref="/w3c/p3p.xml", CP="UNI"
Location: https://counter.yadro.ru/hit;other_kobec_new?q;t52.6;r;s1600*1200*24;uhttps%3A//hoi.rexsmasher.eu/login.php;hAccess%20page;0.08151628445848513
Cache-control: no-cache
Connection: keep-alive
Content-Type: text/html
Content-Length: 32
Expires: Mon, 07 Sep 2020 21:00:00 GMT

GET
H2 200 / Show response
frezex.xyz/ 3 KB
1 KB 453ms
365ms Document
text/html 104.21.48.230
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://frezex.xyz/?s=313&q=file-64dcb3
Requested by: Host: hoi.rexsmasher.eu
URL: https://hoi.rexsmasher.eu/login.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.48.230 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 313a5a54dcb34cf53d44facd4589f701c61ae17a30f2b187b3014c34ebb6f689

Request headers

:method: GET
:authority: frezex.xyz
:scheme: https
:path: /?s=313&q=file-64dcb3
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://hoi.rexsmasher.eu/login.php
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://hoi.rexsmasher.eu/login.php

Response headers

date: Wed, 08 Sep 2021 13:22:23 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vxP9zawNvt16nmYdm9jclYa8KObPoWJ%2BLiTR5uyztj0qGmbniRSbZjeveR0zKqCWLQhetnhCKr%2B%2B0NHVYIlyMhG5YRmSQSn5vTx5Oa2QiQrx9RUAN41U82qTL%2B9%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 68b87c3fa88239db-CDG
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 npush.js
js.wpushsdk.com/npc/sdk/wpu/ 91 KB
30 KB 119ms
9ms Script
application/javascript 213.174.135.25
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js.wpushsdk.com/npc/sdk/wpu/npush.js
Requested by: Host: sw.wpush.org
URL: https://sw.wpush.org/script/main.js?promo=24303&tcid=2833&src=1860236680
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 213.174.135.25 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hoi.rexsmasher.eu/login.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 08 Sep 2021 13:22:23 GMT
content-encoding: gzip
last-modified: Thu, 02 Sep 2021 09:32:34 GMT
server: nginx/1.18.0
etag: W/"61309a32-16a1b"
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
expires: Wed, 08 Sep 2021 14:22:23 GMT
cache-control: max-age=3600
x-proxy-cache: HIT

GET
H2 200 2833.php
js.jnkstff.com/npc/anpc/ 130 B
339 B 61ms
13ms XHR
text/html 213.174.135.24
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js.jnkstff.com/npc/anpc/2833.php
Requested by: Host: js.wpushsdk.com
URL: https://js.wpushsdk.com/npc/sdk/wpu/npush.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 213.174.135.24 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.18.0 / PHP/7.1.28
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hoi.rexsmasher.eu/login.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 08 Sep 2021 13:22:23 GMT
content-encoding: gzip
server: nginx/1.18.0
x-powered-by: PHP/7.1.28
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
expires: Wed, 08 Sep 2021 14:22:23 GMT
cache-control: max-age=3600
x-proxy-cache: HIT

GET
H2 200 csub.js
js.wpushsdk.com/npc/sdk/wpu/ 8 KB
3 KB 11ms
11ms Script
application/javascript 213.174.135.25
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js.wpushsdk.com/npc/sdk/wpu/csub.js
Requested by: Host: js.wpushsdk.com
URL: https://js.wpushsdk.com/npc/sdk/wpu/npush.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 213.174.135.25 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hoi.rexsmasher.eu/login.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 08 Sep 2021 13:22:23 GMT
content-encoding: gzip
last-modified: Mon, 23 Aug 2021 06:06:24 GMT
server: nginx/1.18.0
etag: W/"61233ae0-1e8b"
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
expires: Wed, 08 Sep 2021 14:22:23 GMT
cache-control: max-age=3600
x-proxy-cache: HIT

GET dip
nereserv.com/in/ 0
0

GET multy
ntvpinp.com/in/ 0
0

GET
H2

200

Primary Request / Show response
gotexna.xyz/
Redirect Chain

http://gotexna.xyz/?s=313&q=file-64dcb3&g=91050ee3940836b90a6c4dd2f294e0e2&mode=&hmac=WyJiMzlhY2IyZmQxZTllZjgwYjE1YTAxYmEyYjI5ZjFlYzhiOTFhZDgwIiwiMzAzNDI5NGRhYTFiYTM2OWNiMjA3OTVjMzc1NDIyNzUxODY4YmM...
https://gotexna.xyz/?s=313&q=file-64dcb3&g=91050ee3940836b90a6c4dd2f294e0e2&mode=&hmac=WyJiMzlhY2IyZmQxZTllZjgwYjE1YTAxYmEyYjI5ZjFlYzhiOTFhZDgwIiwiMzAzNDI5NGRhYTFiYTM2OWNiMjA3OTVjMzc1NDIyNzUxODY4Ym...

2 KB
1 KB

894ms
856ms

Document
text/html

104.21.21.192
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gotexna.xyz/?s=313&q=file-64dcb3&g=91050ee3940836b90a6c4dd2f294e0e2&mode=&hmac=WyJiMzlhY2IyZmQxZTllZjgwYjE1YTAxYmEyYjI5ZjFlYzhiOTFhZDgwIiwiMzAzNDI5NGRhYTFiYTM2OWNiMjA3OTVjMzc1NDIyNzUxODY4YmMwMSIsIjIyOGJiZjVjMGM1ZmY0ZDU5ZTM1ZDFlMzNmNTUyODczZGYyNzA4YmQiXQ==
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.21.192 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d8c99fa5e26388067fa334c637fbd232bf87b63af6b1fe96a5692e217fb3dd2e

Request headers

:method: GET
:authority: gotexna.xyz
:scheme: https
:path: /?s=313&q=file-64dcb3&g=91050ee3940836b90a6c4dd2f294e0e2&mode=&hmac=WyJiMzlhY2IyZmQxZTllZjgwYjE1YTAxYmEyYjI5ZjFlYzhiOTFhZDgwIiwiMzAzNDI5NGRhYTFiYTM2OWNiMjA3OTVjMzc1NDIyNzUxODY4YmMwMSIsIjIyOGJiZjVjMGM1ZmY0ZDU5ZTM1ZDFlMzNmNTUyODczZGYyNzA4YmQiXQ==
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://frezex.xyz/?s=313&q=file-64dcb3

Response headers

date: Wed, 08 Sep 2021 13:22:26 GMT
content-type: text/html; charset=UTF-8
cache-control: must-revalidate, post-check=0, pre-check=0
pragma: no-cache
vary: Accept-Encoding
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BUmjuo0mDZ1KZBRQwN86GKOecP%2FJf%2BfMJXUkt%2FZYf7N7hS0rDxOrlRAgY9OkSg%2BLTnlckcxqaVvz%2BcHEbAMPwOC%2Fo%2Fo%2FSW9U98P8yUNJkx%2FeS%2B2b8QlYQVKmQl7FTA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 68b87c514f4c4093-CDG
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

Redirect headers

Date: Wed, 08 Sep 2021 13:22:25 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Wed, 08 Sep 2021 14:22:25 GMT
Location: https://gotexna.xyz/?s=313&q=file-64dcb3&g=91050ee3940836b90a6c4dd2f294e0e2&mode=&hmac=WyJiMzlhY2IyZmQxZTllZjgwYjE1YTAxYmEyYjI5ZjFlYzhiOTFhZDgwIiwiMzAzNDI5NGRhYTFiYTM2OWNiMjA3OTVjMzc1NDIyNzUxODY4YmMwMSIsIjIyOGJiZjVjMGM1ZmY0ZDU5ZTM1ZDFlMzNmNTUyODczZGYyNzA4YmQiXQ==
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3Hgo1ZzoHkneAjeSJEM0nz9whSCqdYOFNb5ADHZ6jg%2FTUMk4gHH9LYAGzXc62SyoYDErc7Itt%2ByVC8QmvE6Tao5JXsDGcIvol02f6kquuIxUOutAzw1flR8NKtKfyQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 68b87c4fe8783af5-CDG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: nereserv.com
URL: https://nereserv.com/in/dip?wl=0&event_id=535e38cc-c488-46a7-bce6-1857e43aee9b&subid=1860236680&sid=2825916678&spot_id=0&created_at=2021-09-08&timezone=0&ver=2.20.9&is_native=1&site=native-push

Domain: ntvpinp.com
URL: https://ntvpinp.com/in/multy?wl=0&event_id=535e38cc-c488-46a7-bce6-1857e43aee9b&subid=1860236680&sid=2825916678&spot_id=0&created_at=2021-09-08&timezone=0&ver=2.20.9&is_native=1&cid=0&tcid=2833&site=native-push&screen_resolution=1600x1200&tw=0&format=default-r-d&adblock=0&testab=0

Verdicts & Comments Add Verdict or Comment

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect boolean| originAgentCluster

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.lib1.biz/	1970-01-19 21:48:19	Name: uuid Value: 201cd6b7-5dd6-4b6c-9c11-43151f7bb989
.yadro.ru/	1970-01-20 05:49:44	Name: FTID Value: 1XEBaF0CHY891XEBaF0009pw
.yadro.ru/	1970-01-20 05:49:44	Name: VID Value: 1TidjE22epe91XEBaF0009vn

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

counter.yadro.ru
frezex.xyz
gotexna.xyz
hoi.rexsmasher.eu
js.jnkstff.com
js.wpushsdk.com
lib1.biz
nereserv.com
ntvpinp.com
sw.wpush.org
nereserv.com
ntvpinp.com
104.21.21.192
104.21.48.230
104.21.70.201
165.22.198.175
213.174.135.24
213.174.135.25
88.212.201.210
07880b2362c9a3da39af74a121b5a4300a01940defb19c6ec0f067661b8cc40d
1e33356964f2769244bb45448d9b0680582b69f344b4f09fa85231efaf05adc2
313a5a54dcb34cf53d44facd4589f701c61ae17a30f2b187b3014c34ebb6f689
5c3c942fb9cd53092d8fffd0b3fac34138146959b4febc788be7e919232008b9
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
d8c99fa5e26388067fa334c637fbd232bf87b63af6b1fe96a5692e217fb3dd2e
d93215f7fe717931a655fb3c5113f576a1bf064267d9f68494cb2485c98047c7

gotexna.xyz Open in urlscan Pro 104.21.21.192 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

13 Requests

85 %HTTPS

0 %IPv6

10 Domains

10 Subdomains

8 IPs

4 Countries

126 kBTransfer

246 kBSize

3 Cookies

1 Outgoing links

Page URL History

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Failed requests

Verdicts & Comments Add Verdict or Comment

2 JavaScript Global Variables

3 Cookies

Indicators

gotexna.xyz Open in urlscan Pro
104.21.21.192 Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

85 %
HTTPS

0 %
IPv6

10
Domains

10
Subdomains

8
IPs

4
Countries

126 kB
Transfer

246 kB
Size

3
Cookies

13 HTTP transactions
1 data transactions