getxitox.com - urlscan.io

Summary

This website contacted 2 IPs in 2 countries across 4 domains to perform 3 HTTP transactions. The main IP is 3.220.35.156, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is getxitox.com.
TLS certificate: Issued by Amazon RSA 2048 M03 on June 11th 2024. Valid for: a year.

This is the only time getxitox.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2	20.60.102.1 20.60.102.1	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 1	172.67.213.103 172.67.213.103	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	54.193.146.187 54.193.146.187	16509 (AMAZON-02) (AMAZON-02)
1	3.220.35.156 3.220.35.156	14618 (AMAZON-AES) (AMAZON-AES)
3	2

2 20.60.102.1 (Canberra, Australia)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

swhv.blob.core.windows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.67.213.103 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

mwebscope.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.193.146.187 (San Jose, United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-193-146-187.us-west-1.compute.amazonaws.com

tracking.getxitox-at.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.220.35.156 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-220-35-156.compute-1.amazonaws.com

getxitox.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	windows.net swhv.blob.core.windows.net	1 KB
1	getxitox.com getxitox.com	118 B
1	getxitox-at.com 1 redirects tracking.getxitox-at.com	2 KB
1	mwebscope.com 1 redirects mwebscope.com	562 B
3	4

	Domain	Requested by
2	swhv.blob.core.windows.net
1	getxitox.com
1	tracking.getxitox-at.com	1 redirects
1	mwebscope.com	1 redirects
3	4

This site contains no links.

Subject Issuer	Validity	Valid
*.blob.core.windows.net Microsoft Azure RSA TLS Issuing CA 07	`2024-04-01` - `2025-03-27`	a year	crt.sh
getxitox.com Amazon RSA 2048 M03	`2024-06-11` - `2025-07-10`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://getxitox.com/go/indexnoaffprog-maxweb.php?trans=1028734b2f3fc398407f7aa561243d&aff_sub1=198&aff_sub2=&aff_sub3=&aff_sub4=&aff_sub5=8712_sessid2024101322124271&affiliate_id=2629
Frame ID: 230683DCE8D31874FB127290761D9118
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://swhv.blob.core.windows.net/sbwhsw/delsop.html Page URL
https://mwebscope.com/8712/198/3/ HTTP 302
https://tracking.getxitox-at.com/aff_c?offer_id=111&aff_id=2629&url_id=1969&aff_sub5=8712_sessid2024101322124... HTTP 302
http://getxitox.com/go/indexnoaffprog-maxweb.php?trans=1028734b2f3fc398407f7aa561243d&aff_sub1=1... HTTP 307
https://getxitox.com/go/indexnoaffprog-maxweb.php?trans=1028734b2f3fc398407f7aa561243d&aff_sub1=1... Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

3
Requests

100 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

2
IPs

2
Countries

1 kB
Transfer

0 kB
Size

4
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://swhv.blob.core.windows.net/sbwhsw/delsop.html Page URL
https://mwebscope.com/8712/198/3/ HTTP 302
https://tracking.getxitox-at.com/aff_c?offer_id=111&aff_id=2629&url_id=1969&aff_sub5=8712_sessid2024101322124271&aff_sub=198 HTTP 302
http://getxitox.com/go/indexnoaffprog-maxweb.php?trans=1028734b2f3fc398407f7aa561243d&aff_sub1=198&aff_sub2=&aff_sub3=&aff_sub4=&aff_sub5=8712_sessid2024101322124271&affiliate_id=2629 HTTP 307
https://getxitox.com/go/indexnoaffprog-maxweb.php?trans=1028734b2f3fc398407f7aa561243d&aff_sub1=198&aff_sub2=&aff_sub3=&aff_sub4=&aff_sub5=8712_sessid2024101322124271&affiliate_id=2629 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

3 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	delsop.html Show response swhv.blob.core.windows.net/sbwhsw/	165 B 568 B	48ms 14ms	Document text/html	20.60.102.1 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://swhv.blob.core.windows.net/sbwhsw/delsop.html Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 20.60.102.1 Canberra, Australia, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash `3e505b9cd5c8f0859bcc1d6f67840c3ccfa85a54da6bdef6d0e4c02e7695afce` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Response headers Content-Length 165 Content-MD5 nE4ZN3IQ4jAu4VcmB5Mh3Q== Content-Type text/html Date Sun, 13 Oct 2024 22:12:24 GMT ETag 0x8DCEBAB5680855A Last-Modified Sun, 13 Oct 2024 17:20:30 GMT Server Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 x-ms-blob-type BlockBlob x-ms-lease-status unlocked x-ms-request-id 1b9e9c13-801e-0025-5bbc-1d9046000000 x-ms-version 2009-09-19
GET H2	200	Primary Request indexnoaffprog-maxweb.php Show response getxitox.com/go/ Redirect Chain https://mwebscope.com/8712/198/3/? https://tracking.getxitox-at.com/aff_c?offer_id=111&aff_id=2629&url_id=1969&aff_sub5=8712_sessid2024101322124271&aff_sub=198 http://getxitox.com/go/indexnoaffprog-maxweb.php?trans=1028734b2f3fc398407f7aa561243d&aff_sub1=198&aff_sub2=&aff_sub3=&aff_sub4=&aff_sub5=8712_sessid2024101322124271&affiliate_id=2629 https://getxitox.com/go/indexnoaffprog-maxweb.php?trans=1028734b2f3fc398407f7aa561243d&aff_sub1=198&aff_sub2=&aff_sub3=&aff_sub4=&aff_sub5=8712_sessid2024101322124271&affiliate_id=2629	5 B 118 B	627ms 207ms	Document text/html	3.220.35.156 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://getxitox.com/go/indexnoaffprog-maxweb.php?trans=1028734b2f3fc398407f7aa561243d&aff_sub1=198&aff_sub2=&aff_sub3=&aff_sub4=&aff_sub5=8712_sessid2024101322124271&affiliate_id=2629 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 3.220.35.156 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-3-220-35-156.compute-1.amazonaws.com Software nginx/1.22.1 / PHP/5.6.40 Resource Hash `ca00fccfb408989eddc401062c4d1219a6aceb6b9b55412357f1790862e8f178` Request headers Referer https://swhv.blob.core.windows.net/sbwhsw/delsop.html Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Response headers content-length 5 content-type text/html; charset=UTF-8 date Sun, 13 Oct 2024 22:12:26 GMT server nginx/1.22.1 x-powered-by PHP/5.6.40 Redirect headers Location https://getxitox.com/go/indexnoaffprog-maxweb.php?trans=1028734b2f3fc398407f7aa561243d&aff_sub1=198&aff_sub2=&aff_sub3=&aff_sub4=&aff_sub5=8712_sessid2024101322124271&affiliate_id=2629 Non-Authoritative-Reason HttpsUpgrades
GET H/1.1	400 One of the request inputs is out of range.	favicon.ico swhv.blob.core.windows.net/	226 B 485 B	13ms 13ms	Other application/xml	20.60.102.1 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://swhv.blob.core.windows.net/favicon.ico Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 20.60.102.1 Canberra, Australia, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Blob Service Version 1.0 Microsoft-HTTPAPI/2.0 / Resource Hash Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer https://swhv.blob.core.windows.net/sbwhsw/delsop.html Response headers x-ms-request-id 1b9e9c1a-801e-0025-60bc-1d9046000000 Content-Length 226 Date Sun, 13 Oct 2024 22:12:24 GMT Content-Type application/xml Server Blob Service Version 1.0 Microsoft-HTTPAPI/2.0

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
mwebscope.com/	1970-01-21 00:15:40	Name: __cflb Value: 02DiuDvnJbjKdBkxKLUNnR5XRfWaf6WDLWvFFt7byd32c
tracking.getxitox-at.com/	1970-01-21 00:15:43	Name: aff_ran_url_111 Value: 1969
tracking.getxitox-at.com/	1970-01-21 00:58:55	Name: enc_aff_session_111 Value: ENC034727d4c96c9f8c3679f0936cccc18528cd2a24be1ec20b76e58a1325e210176a724d393e9c202fac7e4e077023fd61032a63974a90e8f8e7d0de2b2166ae394033d5c9927aebb64027c85353023a6e2df8f6457605288d12c514f445f81c93721c3487aa7c97b90390bb71e561efd64fa0db399a559db3f1f219ca011679a89374b928a8ee12083d0a6197a0fd8ab3daa21b990e0f56e89b000f1584138f58d17d1f344466f32d8774bba23e85a6577b0f11ef43963538fc5e46f6cb78e552a51e787c22
tracking.getxitox-at.com/	1970-01-21 09:50:17	Name: ho_mob Value: eyJtb2JpbGVfZGV2aWNlX29zIjoiRGVza3RvcCIsIm1vYmlsZV9vc192ZXJzaW9uIjoiMCIsIm1vYmlsZV9kZXZpY2VfbW9kZWwiOiJDaHJvbWUiLCJtb2JpbGVfZGV2aWNlX2JyYW5kIjoiR29vZ2xlIiwibW9iaWxlX2Jyb3dzZXIiOiJDaHJvbWUgRGVza3RvcCIsIm1vYmlsZV9icm93c2VyX3ZlcnNpb24iOiIxMjkiLCJtb2JpbGVfY2FycmllciI6Ij8iLCJ1c2VyX2FnZW50IjoiTW96aWxsYS81LjAgKFgxMTsgTGludXggWDg2XzY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBMaWtlIEdlY2tvKSBDaHJvbWUvMTI5LjAuMC4wIFNhZmFyaS81MzcuMzYiLCJhY2NlcHRfbGFuZ3VhZ2UiOiJlbi1BVSxlbjtxPTAuOSIsImNvbm5lY3Rpb25fc3BlZWQiOiJicm9hZGJhbmQifQ==

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://swhv.blob.core.windows.net/favicon.ico Message: Failed to load resource: the server responded with a status of 400 (One of the request inputs is out of range.)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

getxitox.com
mwebscope.com
swhv.blob.core.windows.net
tracking.getxitox-at.com
172.67.213.103
20.60.102.1
3.220.35.156
54.193.146.187
3e505b9cd5c8f0859bcc1d6f67840c3ccfa85a54da6bdef6d0e4c02e7695afce
ca00fccfb408989eddc401062c4d1219a6aceb6b9b55412357f1790862e8f178

getxitox.com Open in urlscan Pro 3.220.35.156 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

3 Requests

100 %HTTPS

0 %IPv6

4 Domains

4 Subdomains

2 IPs

2 Countries

1 kBTransfer

0 kBSize

4 Cookies

0 Outgoing links

Page URL History

Redirected requests

3 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

4 Cookies

1 Console Messages

Indicators

getxitox.com Open in urlscan Pro
3.220.35.156 Public Scan

Screenshot
Live screenshot

Full Image

3
Requests

100 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

2
IPs

2
Countries

1 kB
Transfer

0 kB
Size

4
Cookies

3 HTTP transactions
0 data transactions