twitchbot.eluxo.net Open in urlscan Pro
95.216.127.250 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://twitchbot.eluxo.net/
Submission Tags: phishingrod
Submission: On September 24 via api (September 24th 2024, 8:56:31 am UTC) from DE — Scanned from FI

Summary HTTP 9 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 9 HTTP transactions. The main IP is 95.216.127.250, located in Helsinki, Finland and belongs to HETZNER-AS, DE. The main domain is twitchbot.eluxo.net.
TLS certificate: Issued by E6 on September 23rd 2024. Valid for: 3 months.

This is the only time twitchbot.eluxo.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address		AS Autonomous System
5	95.216.127.250 95.216.127.250		24940 (HETZNER-AS) (HETZNER-AS)
9	2

5 95.216.127.250 (Helsinki, Finland)

ASN24940 (HETZNER-AS, DE)
PTR: 95.216.127.250

twitchbot.eluxo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	eluxo.net twitchbot.eluxo.net	799 KB
0	Failed function sub() { [native code] }. Failed
9	2

	Domain	Requested by
5	twitchbot.eluxo.net	twitchbot.eluxo.net
0	localhost Failed	twitchbot.eluxo.net
9	2

This site contains no links.

Subject Issuer	Validity	Valid
twitchbot.eluxo.net E6	`2024-09-23` - `2024-12-22`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://twitchbot.eluxo.net/
Frame ID: 5174811E84915B220465533C72A03428
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Aero Control UI

Page Statistics

9
Requests

56 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

799 kB
Transfer

3719 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
twitchbot.eluxo.net/ 2 KB
2 KB 474ms
112ms Document
text/html 95.216.127.250
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://twitchbot.eluxo.net/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

95.216.127.250 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),

Reverse DNS

95.216.127.250

Software

nginx/1.26.1 / Express

Resource Hash

ab3f229ff243643fd7b6f0851dbdb15ed4c58676e6d5fac19ac5b8bf04234ad3

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net; img-src 'self'; font-src 'self'; frame-src 'self'; media-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: * Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
Access-Control-Allow-Methods: * GET, POST, PUT, DELETE, OPTIONS
Access-Control-Allow-Origin: * https://twitchbot.eluxo.net
Connection: keep-alive
Content-Encoding: gzip
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net; img-src 'self'; font-src 'self'; frame-src 'self'; media-src 'self';
Content-Type: text/html; charset=utf-8
Date: Tue, 24 Sep 2024 08:42:52 GMT
ETag: W/"6b9-srPC606/tUIBaliKRzJ4nN3uGp4"
Server: nginx/1.26.1
Strict-Transport-Security: max-age=31536000; includeSubDomains
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Powered-By: Express
X-Xss-Protection: 1; mode=block

GET
H/1.1 200
OK bundle.js Show response
twitchbot.eluxo.net/static/js/ 4 MB
663 KB 84ms
84ms Script
application/javascript 95.216.127.250
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://twitchbot.eluxo.net/static/js/bundle.js

Requested by

Host: twitchbot.eluxo.net
URL: https://twitchbot.eluxo.net/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

95.216.127.250 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),

Reverse DNS

95.216.127.250

Software

nginx/1.26.1 / Express

Resource Hash

3217cc0945d14038a4d861ed76cf2fb269161cc62af9a779247a6907429ca069

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net; img-src 'self'; font-src 'self'; frame-src 'self'; media-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://twitchbot.eluxo.net/

Response headers

Content-Encoding: gzip
ETag: W/"3804f4-zAuqrgN51Frh5EYaTo9xc+PfT9I"
Access-Control-Allow-Methods: *, GET, POST, PUT, DELETE, OPTIONS
X-Content-Type-Options: nosniff
Date: Tue, 24 Sep 2024 08:42:52 GMT
Content-Type: application/javascript; charset=utf-8
Vary: Accept-Encoding
X-Frame-Options: DENY
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=31536000; includeSubDomains
Access-Control-Allow-Headers: *, Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net; img-src 'self'; font-src 'self'; frame-src 'self'; media-src 'self';
Connection: keep-alive
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Origin: *, https://twitchbot.eluxo.net
X-Xss-Protection: 1; mode=block
X-Powered-By: Express
Server: nginx/1.26.1

GET
H/1.1 200
OK offline.3884ef7cb93d5d1a4ca64110bf82080a.svg
twitchbot.eluxo.net/static/media/ 800 B
2 KB 81ms
80ms Image
image/svg+xml 95.216.127.250
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://twitchbot.eluxo.net/static/media/offline.3884ef7cb93d5d1a4ca64110bf82080a.svg

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

95.216.127.250 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),

Reverse DNS

95.216.127.250

Software

nginx/1.26.1 / Express

Resource Hash

0b89461d3b2683b360a8b750bff627e5cd4ff5457a66c62b74190844274e5a05

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net; img-src 'self'; font-src 'self'; frame-src 'self'; media-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://twitchbot.eluxo.net/

Response headers

ETag: W/"320-hix7OCtkFi2bGId9FyYThGhNMUI"
Access-Control-Allow-Methods: *, GET, POST, PUT, DELETE, OPTIONS
X-Content-Type-Options: nosniff
Date: Tue, 24 Sep 2024 08:42:52 GMT
Content-Type: image/svg+xml
Vary: Accept-Encoding
X-Frame-Options: DENY
Access-Control-Allow-Headers: *, Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net; img-src 'self'; font-src 'self'; frame-src 'self'; media-src 'self';
Connection: keep-alive
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Origin: *, https://twitchbot.eluxo.net
Content-Length: 800
X-Xss-Protection: 1; mode=block
X-Powered-By: Express
Server: nginx/1.26.1

GET /
localhost/socket.io/ 0
0

GET
H/1.1 200
OK bootstrap-icons.b7bcc075b395c14ce8c2.woff2
twitchbot.eluxo.net/static/media/ 127 KB
128 KB 129ms
62ms Font
font/woff2 95.216.127.250
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://twitchbot.eluxo.net/static/media/bootstrap-icons.b7bcc075b395c14ce8c2.woff2

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

95.216.127.250 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),

Reverse DNS

95.216.127.250

Software

nginx/1.26.1 / Express

Resource Hash

476adf42b40325098fcfa8b36ab3e769186bb4f6ce6a249753e2e1a9c22bf99e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net; img-src 'self'; font-src 'self'; frame-src 'self'; media-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://twitchbot.eluxo.net
Referer: https://twitchbot.eluxo.net/

Response headers

ETag: W/"1fd5c-Agw8b5KAoxXoQl1/kuFbzQzdobI"
Access-Control-Allow-Methods: *, GET, POST, PUT, DELETE, OPTIONS
X-Content-Type-Options: nosniff
Date: Tue, 24 Sep 2024 08:42:52 GMT
Content-Type: font/woff2
X-Frame-Options: DENY
Access-Control-Allow-Headers: *, Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net; img-src 'self'; font-src 'self'; frame-src 'self'; media-src 'self';
Connection: keep-alive
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Origin: *, https://twitchbot.eluxo.net
Content-Length: 130396
X-Xss-Protection: 1; mode=block
X-Powered-By: Express
Server: nginx/1.26.1

GET
H/1.1 200
OK favicon.ico
twitchbot.eluxo.net/ 4 KB
5 KB 199ms
65ms Other
image/x-icon 95.216.127.250
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://twitchbot.eluxo.net/favicon.ico

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

95.216.127.250 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),

Reverse DNS

95.216.127.250

Software

nginx/1.26.1 / Express

Resource Hash

3d10f7da6c603178340081668c4ac5b3ae9743ca9a262ab0fcd312fbb9f48bdd

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net; img-src 'self'; font-src 'self'; frame-src 'self'; media-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://twitchbot.eluxo.net/

Response headers

Content-Encoding: gzip
ETag: W/"f1e-19174dad8a9"
Access-Control-Allow-Methods: *, GET, POST, PUT, DELETE, OPTIONS
X-Content-Type-Options: nosniff
Date: Tue, 24 Sep 2024 08:42:52 GMT
Content-Type: image/x-icon
Vary: Accept-Encoding
Last-Modified: Wed, 21 Aug 2024 12:13:05 GMT
Access-Control-Allow-Headers: *, Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Frame-Options: DENY
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net; img-src 'self'; font-src 'self'; frame-src 'self'; media-src 'self';
Cache-Control: public, max-age=0
Connection: keep-alive
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Origin: *, https://twitchbot.eluxo.net
X-Xss-Protection: 1; mode=block
X-Powered-By: Express
Server: nginx/1.26.1

GET /
localhost/socket.io/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: localhost
URL: http://localhost:4000/socket.io/?EIO=4&transport=polling&t=P8ZFmja

Domain: localhost
URL: http://localhost:4000/socket.io/?EIO=4&transport=polling&t=P8ZFmjc

Domain: localhost
URL: http://localhost:4000/socket.io/?EIO=4&transport=polling&t=P8ZFmsr

Domain: localhost
URL: http://localhost:4000/socket.io/?EIO=4&transport=polling&t=P8ZFnbY

Verdicts & Comments Add Verdict or Comment

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://twitchbot.eluxo.net/static/js/bundle.js(Line 47313) Message: Refused to connect to 'wss://twitchbot.eluxo.net:3000/ws' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://twitchbot.eluxo.net/static/js/bundle.js(Line 56153) Message: Refused to connect to 'http://localhost:4000/socket.io/?EIO=4&transport=polling&t=P8ZFmja' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://twitchbot.eluxo.net/static/js/bundle.js(Line 56153) Message: Refused to connect to 'http://localhost:4000/socket.io/?EIO=4&transport=polling&t=P8ZFmjc' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://twitchbot.eluxo.net/static/js/bundle.js(Line 56153) Message: Refused to connect to 'http://localhost:4000/socket.io/?EIO=4&transport=polling&t=P8ZFmsr' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://twitchbot.eluxo.net/static/js/bundle.js(Line 56153) Message: Refused to connect to 'http://localhost:4000/socket.io/?EIO=4&transport=polling&t=P8ZFnbY' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self'; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net; img-src 'self'; font-src 'self'; frame-src 'self'; media-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

localhost
twitchbot.eluxo.net
localhost
95.216.127.250
0b89461d3b2683b360a8b750bff627e5cd4ff5457a66c62b74190844274e5a05
3217cc0945d14038a4d861ed76cf2fb269161cc62af9a779247a6907429ca069
3d10f7da6c603178340081668c4ac5b3ae9743ca9a262ab0fcd312fbb9f48bdd
476adf42b40325098fcfa8b36ab3e769186bb4f6ce6a249753e2e1a9c22bf99e
ab3f229ff243643fd7b6f0851dbdb15ed4c58676e6d5fac19ac5b8bf04234ad3

twitchbot.eluxo.net Open in urlscan Pro 95.216.127.250 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

9 Requests

56 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

1 Countries

799 kBTransfer

3719 kBSize

0 Cookies

0 Outgoing links

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

5 JavaScript Global Variables

0 Cookies

5 Console Messages

Security Headers

Indicators

twitchbot.eluxo.net Open in urlscan Pro
95.216.127.250 Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

56 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

799 kB
Transfer

3719 kB
Size

0
Cookies

9 HTTP transactions
0 data transactions