gxoaid6.top Open in urlscan Pro
172.67.129.178  Malicious Activity! Public Scan

4 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H3	200	Primary Request / Show response gxoaid6.top/	448 B 690 B	1504ms 949ms	Document text/html	172.67.129.178 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://gxoaid6.top/ Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.129.178 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash bfc0aa57d42c192bd73820501983f83155bd4df35ffb36a2a14bec286a2a16f1 Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 886dc2542f7d9945-FRA content-encoding br content-type text/html date Mon, 20 May 2024 16:38:48 GMT last-modified Mon, 20 May 2024 08:06:40 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cye05Gp3AySCPG2weIZib5jKGmiQBUNa9SBqqo%2BUefiuNDjUjXDd0lspBh7fyAHPEkpOhB%2FmqUxgV%2FVjpMqfeNKGec0gcGlRdvB2Sb%2BLlMWe%2BHgoMM2eaz156%2B3ipA%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding
GET H3	200	components.js Show response gxoaid6.top/assets/js/	579 KB 52 KB	1506ms 1505ms	Script text/javascript	172.67.129.178 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://gxoaid6.top/assets/js/components.js Requested by Host: gxoaid6.top URL: https://gxoaid6.top/ Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.129.178 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 2d325decf224ffd3eaac16f31295a5c8999c84d584a9e7ee3ffceda5ed822df3 Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://gxoaid6.top/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 20 May 2024 16:38:50 GMT content-encoding gzip cf-cache-status MISS last-modified Mon, 20 May 2024 08:06:41 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "90bb4-618de2e791f42-gzip" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YRJ3IojkmfFoyo2rkhOtcaBAPX8bmIN7nwivHNgAjV0iuNP9QdZ2JyT56poU1qTDXtZjR3wZYBSthQLmfnAcSy6nEahZSS6JNIxPQMJcSv3L1heQc7OeV1QO3J2eVQ%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/javascript cache-control max-age=14400 accept-ranges bytes cf-ray 886dc25b4faf9945-FRA alt-svc h3=":443"; ma=86400 content-length 53059
GET H3	200	jquery-3.7.1.min.js Show response gxoaid6.top/assets/js/	174 KB 38 KB	1562ms 1562ms	Script text/javascript	172.67.129.178 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://gxoaid6.top/assets/js/jquery-3.7.1.min.js Requested by Host: gxoaid6.top URL: https://gxoaid6.top/ Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.129.178 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash b5e5747df88266de4e2c0d6c4a4fd889f944de83c5292d0dd23bb72b4a07b367 Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://gxoaid6.top/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 20 May 2024 16:38:50 GMT content-encoding gzip cf-cache-status MISS last-modified Mon, 20 May 2024 08:06:42 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "2b8d2-618de2e839ae1-gzip" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QfQdbsFZh90YDzrt3WwLIxfZPrg%2BP6QlbLIDrVagTN4Vc82%2FZgsG7WDCocLxNyPnx6rogCAWbMSmVnFC2OJ4BAx1k1HiDWhIHqW7qoVT11fauCb%2BlJriI2oPiRBtHg%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/javascript cache-control max-age=14400 accept-ranges bytes cf-ray 886dc25b4fb19945-FRA alt-svc h3=":443"; ma=86400 content-length 38449
GET H3	200	external_load.js Show response gxoaid6.top/assets/js/	2 KB 1 KB	933ms 932ms	XHR text/javascript	172.67.129.178 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://gxoaid6.top/assets/js/external_load.js Requested by Host: gxoaid6.top URL: https://gxoaid6.top/assets/js/jquery-3.7.1.min.js Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.129.178 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6565269bf6f13b8758e7e999ae3fde95166fe4907cc7f6eff4ecdd509109ca6d Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Accept text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01 Referer https://gxoaid6.top/ X-Requested-With XMLHttpRequest sec-ch-ua-platform "Win32" Response headers date Mon, 20 May 2024 16:38:51 GMT content-encoding gzip cf-cache-status MISS last-modified Mon, 20 May 2024 08:06:42 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "792-618de2e7e43ae-gzip" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fQ5kEcSBVjNphjwlHbkjqdmwr3GCREWlz4GV%2F%2FANII7X9T0qLONG4Nql8SOWxbnxiIMDca1OyKUYkJjgn9buNwq8HhT1GwpOMKFk51wha5KZU01kfTUBubXLFbT8Pw%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/javascript cache-control max-age=14400 accept-ranges bytes cf-ray 886dc2659a9c9945-FRA alt-svc h3=":443"; ma=86400 content-length 789
GET H3	200	filename.js Show response gxoaid6.top/assets/download/	84 B 568 B	960ms 960ms	Script text/javascript	172.67.129.178 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://gxoaid6.top/assets/download/filename.js?v=20245201838514yBf5 Requested by Host: gxoaid6.top URL: https://gxoaid6.top/ Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.129.178 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash f66fc082af3c56e9c795bcc442c226954c8cab8c5d579051ad5d78b7814fe961 Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://gxoaid6.top/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 20 May 2024 16:38:52 GMT content-encoding gzip cf-cache-status MISS last-modified Mon, 20 May 2024 08:06:41 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "54-618de2e70f17d-gzip" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=usNP1Nv8Slu3OevKrV2sA56KxzUrwbeGWZ5PEOIlJdRItWVG%2Bf2LU7D2Ec8UaqLH0gfzZ1vYO%2BHTapl0%2Fm%2Bt5mKgDHWVW0sSGFte2j1VQNeVH%2BQxI7P1Xn7Sgeispg%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/javascript cache-control max-age=14400 accept-ranges bytes cf-ray 886dc26b79739945-FRA alt-svc h3=":443"; ma=86400 content-length 101
GET H3	200	layui.js Show response gxoaid6.top/assets/libs/layui/	6 KB 3 KB	954ms 954ms	XHR text/javascript	172.67.129.178 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://gxoaid6.top/assets/libs/layui/layui.js Requested by Host: gxoaid6.top URL: https://gxoaid6.top/assets/js/jquery-3.7.1.min.js Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.129.178 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 925dba69d8f8ec4b57b672407ba10c8b344da2c6af4a9535e33c183d08fbe414 Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Accept text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01 Referer https://gxoaid6.top/ X-Requested-With XMLHttpRequest sec-ch-ua-platform "Win32" Response headers date Mon, 20 May 2024 16:38:52 GMT content-encoding gzip cf-cache-status MISS last-modified Mon, 20 May 2024 08:06:43 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "1988-618de2e934e73-gzip" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zdStP7ONHTLmW5LahwjPXw5DvUOwMZTInjsHeK%2Bju6%2FGsJCKfHqe8QeTSeF1HwbclMxZTsvc7DAEgZcyBk7q42dYBp%2Fb%2B3wur9WGs%2Brror69GcQIWPXY2RxBDdzdOg%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/javascript cache-control max-age=14400 accept-ranges bytes cf-ray 886dc26b79759945-FRA alt-svc h3=":443"; ma=86400 content-length 2866
GET H3	200	jquery-3.7.1.min.js Show response gxoaid6.top/assets/js/	174 KB 0	2ms 2ms	XHR text/javascript	172.67.129.178 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://gxoaid6.top/assets/js/jquery-3.7.1.min.js Requested by Host: gxoaid6.top URL: https://gxoaid6.top/assets/js/jquery-3.7.1.min.js Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.129.178 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash b5e5747df88266de4e2c0d6c4a4fd889f944de83c5292d0dd23bb72b4a07b367 Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Accept text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01 Referer https://gxoaid6.top/ X-Requested-With XMLHttpRequest sec-ch-ua-platform "Win32" Response headers date Mon, 20 May 2024 16:38:50 GMT content-encoding gzip cf-cache-status MISS last-modified Mon, 20 May 2024 08:06:42 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "2b8d2-618de2e839ae1-gzip" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QfQdbsFZh90YDzrt3WwLIxfZPrg%2BP6QlbLIDrVagTN4Vc82%2FZgsG7WDCocLxNyPnx6rogCAWbMSmVnFC2OJ4BAx1k1HiDWhIHqW7qoVT11fauCb%2BlJriI2oPiRBtHg%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/javascript cache-control max-age=14400 accept-ranges bytes cf-ray 886dc25b4fb19945-FRA alt-svc h3=":443"; ma=86400 content-length 38449
GET H3	200	main.js Show response gxoaid6.top/assets/js/	1019 B 1 KB	968ms 968ms	XHR text/javascript	172.67.129.178 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://gxoaid6.top/assets/js/main.js Requested by Host: gxoaid6.top URL: https://gxoaid6.top/assets/js/jquery-3.7.1.min.js Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.129.178 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash c10de123122cda6810b3bf87834e37f717d052dfe696b0cd802d47275f6f053e Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Accept text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01 Referer https://gxoaid6.top/ X-Requested-With XMLHttpRequest sec-ch-ua-platform "Win32" Response headers date Mon, 20 May 2024 16:38:53 GMT content-encoding gzip cf-cache-status MISS last-modified Mon, 20 May 2024 08:15:32 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "3fb-618de4e1d2580-gzip" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OrjW%2BIwlegQz%2Fr05kFZEuam%2BTQRj9owCzMfqtT8atHG3ADsMileYuXYhv8pzeJWqxdSTy6ZUKWvMK2GMMpX4E2uaU8p20WJofD3U%2FFKdMc%2Bu4IaDbfU2FALh%2Bl5F3w%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/javascript cache-control max-age=14400 accept-ranges bytes cf-ray 886dc27188539945-FRA alt-svc h3=":443"; ma=86400 content-length 585
GET H3	200	favicon.ico gxoaid6.top/	5 KB 2 KB	973ms 973ms	Other image/x-icon	172.67.129.178 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://gxoaid6.top/favicon.ico Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.129.178 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770 Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://gxoaid6.top/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 20 May 2024 16:38:54 GMT content-encoding gzip cf-cache-status MISS last-modified Mon, 20 May 2024 07:58:21 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "1536-618de10a1e6f8-gzip" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=10s5bxbrv9ywiXvbGw544MFWCXSymDC4E2QV5WEslSBap6UfTyPZeMo5SW3g%2FFyM8n7Z1FnWrMlEWva5MFRrid5Ve%2B%2F3RKVLBTg%2B8Nc%2BJehNbvthFqZeNIkH1x7MEA%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/x-icon cache-control max-age=14400 accept-ranges bytes cf-ray 886dc2785fa09945-FRA alt-svc h3=":443"; ma=86400 content-length 1517

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Google (Online)

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

string| components function| $ function| jQuery function| generateUniqueId function| makeid object| layui function| validateEmail string| filename string| downloadFileName string| downloadLink

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
recommendation	verbose	URL: https://gxoaid6.top/ Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

gxoaid6.top
172.67.129.178
2d325decf224ffd3eaac16f31295a5c8999c84d584a9e7ee3ffceda5ed822df3
6565269bf6f13b8758e7e999ae3fde95166fe4907cc7f6eff4ecdd509109ca6d
6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
925dba69d8f8ec4b57b672407ba10c8b344da2c6af4a9535e33c183d08fbe414
b5e5747df88266de4e2c0d6c4a4fd889f944de83c5292d0dd23bb72b4a07b367
bfc0aa57d42c192bd73820501983f83155bd4df35ffb36a2a14bec286a2a16f1
c10de123122cda6810b3bf87834e37f717d052dfe696b0cd802d47275f6f053e
f66fc082af3c56e9c795bcc442c226954c8cab8c5d579051ad5d78b7814fe961