urlscan.io logo urlscan.io
SecurityTrails logo

oferteweb.hexat.com Open in urlscan Pro
54.36.158.41  Public Scan

Go To Rescan Add Verdict Report
URL: https://oferteweb.hexat.com/
Submission: On June 17 via api from US — Scanned from FR
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 3 countries across 7 domains to perform 17 HTTP transactions. The main IP is 54.36.158.41, located in France and belongs to OVH, FR. The main domain is oferteweb.hexat.com.
TLS certificate: Issued by R3 on May 18th 2024. Valid for: 3 months.
This is the only time oferteweb.hexat.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
3 54.36.158.41 16276 (OVH)
1 5 212.117.190.201 7979 (SERVERS-COM)
7 141.94.172.213 16276 (OVH)
2 2620:116:800d... 16509 (AMAZON-02)
1 2600:9000:223... 16509 (AMAZON-02)
1 1 212.117.190.217 7979 (SERVERS-COM)
17 5
3    54.36.158.41 (France)

ASN16276 (OVH, FR)
PTR: lb.xtgem.com
oferteweb.hexat.com
5    212.117.190.201 (Luxembourg, Luxembourg)

ASN7979 (SERVERS-COM, US)
mgyccfrshz.com
7    141.94.172.213 (France)

ASN16276 (OVH, FR)
xtgem.com
5.thumbs.xtstatic.com
enif.images.xtstatic.com
cif.images.xtstatic.com
2    2620:116:800d:21:de2e:c7b3:55c0:d5a0 (United States)

ASN16509 (AMAZON-02, US)
secure.quantserve.com
pixel.quantserve.com
1    2600:9000:223c:e00:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)
rules.quantcount.com
1    212.117.190.217 (Luxembourg, Luxembourg)

ASN7979 (SERVERS-COM, US)
coosync.com
Apex Domain
Subdomains		 Transfer
5 mgyccfrshz.com
mgyccfrshz.com — Cisco Umbrella Rank: 728387
48 KB
4 xtgem.com
xtgem.com — Cisco Umbrella Rank: 483420
3 KB
3 xtstatic.com
5.thumbs.xtstatic.com
enif.images.xtstatic.com
cif.images.xtstatic.com
2 KB
3 hexat.com
oferteweb.hexat.com
31 KB
2 quantserve.com
secure.quantserve.com — Cisco Umbrella Rank: 1587
pixel.quantserve.com — Cisco Umbrella Rank: 1141
10 KB
1 coosync.com
coosync.com — Cisco Umbrella Rank: 28177
499 B
1 quantcount.com
rules.quantcount.com — Cisco Umbrella Rank: 1551
643 B
17 7
Domain Requested by
5 mgyccfrshz.com 1 redirects oferteweb.hexat.com
mgyccfrshz.com
4 xtgem.com oferteweb.hexat.com
3 oferteweb.hexat.com oferteweb.hexat.com
1 coosync.com 1 redirects
1 pixel.quantserve.com oferteweb.hexat.com
1 rules.quantcount.com secure.quantserve.com
1 cif.images.xtstatic.com oferteweb.hexat.com
1 enif.images.xtstatic.com oferteweb.hexat.com
1 secure.quantserve.com oferteweb.hexat.com
1 5.thumbs.xtstatic.com oferteweb.hexat.com
17 10

This site contains links to these domains. Also see Links.

Domain
xtgem.com
pop-star.hi2.ro
2wap.net
Subject Issuer Validity Valid
*.hexat.com
R3		 2024-05-18 -
2024-08-16		 3 months crt.sh

Buypass Class 2 CA 5		 2024-01-09 -
2024-07-06		 6 months crt.sh
*.xtgem.com
R10		 2024-06-15 -
2024-09-13		 3 months crt.sh
xtstatic.com
R3		 2024-04-18 -
2024-07-17		 3 months crt.sh
quantserve.com
R3		 2024-04-25 -
2024-07-24		 3 months crt.sh

This page contains 6 frames:

Primary Page: https://oferteweb.hexat.com/
Frame ID: 80BA8FFA19E5998115D0BE332287E615
Requests: 12 HTTP requests in this frame

Frame: https://enif.images.xtstatic.com/tp.gif
Frame ID: 47C337CAA08BD7A8EB661210A24C4C49
Requests: 1 HTTP requests in this frame

Frame: https://cif.images.xtstatic.com/tp.gif
Frame ID: 1A22A0D11D89ACC82E1C1D425A870BDD
Requests: 1 HTTP requests in this frame

Frame: https://xtgem.com/__xt_authbar?data=eyJ1cmwiOiJodHRwOlwvXC9vZmVydGV3ZWIuaGV4YXQuY29tXC9pbmRleCIsImxvZ2dlZF9pbiI6ZmFsc2UsImRvbWFpbiI6Im9mZXJ0ZXdlYi5oZXhhdC5jb20iLCJwb3NpdGlvbiI6eyJhYnNvbHV0ZSI6ImZpeGVkIn19
Frame ID: ADEDC8715BB97135162A50E4CFB0280D
Requests: 1 HTTP requests in this frame

Frame: https://mgyccfrshz.com/third.html
Frame ID: EBB2C0B9AEDCA10061839A57E721037D
Requests: 1 HTTP requests in this frame

Frame: https://mgyccfrshz.com/sn/ps/2014799?freq=0&im=1&puid=0&so=1&wcks=1
Frame ID: 195C16669E45B9A192821E277ED25C73
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

oferteweb.hexat.com

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.quantserve\.com/quant\.js

Page Statistics

17
Requests

100 %
HTTPS

33 %
IPv6

7
Domains

10
Subdomains

5
IPs

3
Countries

94 kB
Transfer

181 kB
Size

9
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 14
  • https://mgyccfrshz.com/sn/pr/2014799?p=2014799&jp=_cl5if6lhpb4jxbhx29e10h&nojs=0&abvar=0&febuild=1.0.263&t=0&wcks=1&wgl=1&cnvs=1&os=-120&tz=Europe/Paris&ss=1&ls=1&bb=0&cti=0&fn=2&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=fr-FR&pf=Win32&cd=24&vcv=Intel%20Inc.&vcn=Intel%20Iris%20OpenGL%20Engine&ix=0&x=1600&y=1200&md=0&afid=3208853883445760&eclog=0&im=1&cha=x86&chb=64&chbr=%22Google%20Chrome%22;v=%22126%22,%20%22Not:A-Brand%22;v=%228%22,%20%22Chromium%22;v=%22126%22&chf=%22Not/A)Brand%22;v=%228.0.0.0%22,%20%22Chromium%22;v=%22126.0.6478.61%22,%20%22Google%20Chrome%22;v=%22126.0.6478.61%22&chm=false&chmd=&chp=Win32&chv=10.0.0&cs=5&freq=0&uf=0 HTTP 302
  • https://coosync.com/sn/c?zoneid=2014799&freq=0&srp=welROR11BBV_pN7rW8Hts3YqHjCC034MxANduRbc3eVc-4qAGI7jJA0t5zwo0GP2t3qbxWYyHZdC9ATgoL4uq7f7Cg-x79tjLUhm3caqw8OP&im=1&wcks=1 HTTP 302
  • https://mgyccfrshz.com/sn/ps/2014799?freq=0&im=1&puid=0&so=1&wcks=1

17 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
oferteweb.hexat.com/ 		15 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://oferteweb.hexat.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
54.36.158.41 , France, ASN16276 (OVH, FR),
Reverse DNS
lb.xtgem.com
Software
/
Resource Hash
27d51942268b4b7030273a885d2947544a09d65a4be8bf61c2dee64ba1a2ae4a

Request headers

Accept-Language
fr-FR,fr;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

Cache-Control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Content-Encoding
gzip
Content-Length
4151
Content-Type
text/html;charset=UTF-8
Date
Mon, 17 Jun 2024 00:31:23 GMT
Expires
Wed, 17 Sep 1975 21:32:10 GMT
Pragma
no-cache
Vary
Host,Accept-Encoding
kep.js
mgyccfrshz.com/q/tdl/95/dnt/2014799/ 		100 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://mgyccfrshz.com/q/tdl/95/dnt/2014799/kep.js
Requested by
Host: oferteweb.hexat.com
URL: https://oferteweb.hexat.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
212.117.190.201 Luxembourg, Luxembourg, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software
nginx /
Resource Hash
6fa7cc456f18afeca00f724864c356163cf0e503be670546d039b318200fd6bb

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://oferteweb.hexat.com/
Accept-Language
fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 17 Jun 2024 00:31:23 GMT
content-encoding
gzip
last-modified
Thu, 13 Jun 2024 14:20:46 GMT
server
nginx
accept-ch
sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
etag
W/"666b003e-190b1"
vary
Accept-Encoding
content-type
application/javascript
x-js-ab2
current
timing-allow-origin
*
Oferte%20web_thumb.png
oferteweb.hexat.com/images/ 		25 KB
26 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://oferteweb.hexat.com/images/Oferte%20web_thumb.png
Requested by
Host: oferteweb.hexat.com
URL: https://oferteweb.hexat.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
54.36.158.41 , France, ASN16276 (OVH, FR),
Reverse DNS
lb.xtgem.com
Software
/
Resource Hash
80d51c7ba140613ee57b6281328b44a23b266a2979650065a7920ca1a9a577d8

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://oferteweb.hexat.com/
Accept-Language
fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Mon, 17 Jun 2024 00:31:23 GMT
X-Ngz
1
Last-Modified
Mon, 29 Mar 2010 09:55:33 GMT
ETag
"65ba-482ed8390af40"
Content-Type
image/png
Cache-Control
max-age=2592000
Content-Length
26042
Expires
Wed, 17 Jul 2024 00:31:23 GMT
france.gif
xtgem.com/images/country_flags/ 		131 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://xtgem.com/images/country_flags/france.gif
Requested by
Host: oferteweb.hexat.com
URL: https://oferteweb.hexat.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
141.94.172.213 , France, ASN16276 (OVH, FR),
Reverse DNS
Software
/
Resource Hash
498c1d557beac14d2e88efb4372a95532b7f8bce3b2af575d60d6850d07b41a6

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://oferteweb.hexat.com/
Accept-Language
fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Mon, 17 Jun 2024 00:31:23 GMT
X-Ngz
1
Last-Modified
Sat, 16 Nov 2019 11:03:28 GMT
ETag
"83-59774aa04e000"
Content-Type
image/gif
Cache-Control
max-age=2592000
Accept-Ranges
bytes
Content-Length
131
Expires
Wed, 17 Jul 2024 00:31:23 GMT
disneyland-1972-love-the-old-s-92184.jpg
5.thumbs.xtstatic.com/100/50/-/5a863a045714f1131d9c0a62603ddf96/backtooldschool.xtgem.com/images/blog/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://5.thumbs.xtstatic.com/100/50/-/5a863a045714f1131d9c0a62603ddf96/backtooldschool.xtgem.com/images/blog/disneyland-1972-love-the-old-s-92184.jpg
Requested by
Host: oferteweb.hexat.com
URL: https://oferteweb.hexat.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
141.94.172.213 , France, ASN16276 (OVH, FR),
Reverse DNS
Software
/
Resource Hash
e8f1b41fac508bd7dd92b9eeb8c6838228e55df5709e6b02e97f0f1b5ad8f2e3

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://oferteweb.hexat.com/
Accept-Language
fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Mon, 17 Jun 2024 00:31:23 GMT
X-Ngz
1
Last-Modified
Mon, 13 May 2024 05:44:06 GMT
ETag
"6b4-0"
Sent-XS
0.000
Content-Type
image/jpeg
Cache-Control
max-age=172800, pre-check=172800
Content-Length
1716
Expires
Wed, 19 Jun 2024 00:31:23 GMT
quant.js
secure.quantserve.com/ 		23 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.quantserve.com/quant.js
Requested by
Host: oferteweb.hexat.com
URL: https://oferteweb.hexat.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800d:21:de2e:c7b3:55c0:d5a0 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
45a4c240a17a4d5f925ef0e125b86d882c6ad7549028d9cbf6f4f06fd1dd897d

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://oferteweb.hexat.com/
Accept-Language
fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 17 Jun 2024 00:31:23 GMT
content-encoding
gzip
etag
"bvEECQq4Zy6gU9J/qv1O6Q=="
vary
Accept-Encoding
content-type
application/javascript
cache-control
private, max-age=604800
accept-ranges
bytes
expires
Mon, 24 Jun 2024 00:31:23 GMT
tp.gif
enif.images.xtstatic.com/ Frame 47C3 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://enif.images.xtstatic.com/tp.gif
Requested by
Host: oferteweb.hexat.com
URL: https://oferteweb.hexat.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
141.94.172.213 , France, ASN16276 (OVH, FR),
Reverse DNS
Software
/
Resource Hash

Request headers

Accept-Language
fr-FR,fr;q=0.9;q=0.9
Referer
https://oferteweb.hexat.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

Accept-Ranges
bytes
Cache-Control
max-age=2592000
Content-Length
42
Content-Type
image/gif
Date
Mon, 17 Jun 2024 00:31:23 GMT
ETag
"2a-59774aa04e000"
Expires
Wed, 17 Jul 2024 00:31:23 GMT
Last-Modified
Sat, 16 Nov 2019 11:03:28 GMT
tp.gif
cif.images.xtstatic.com/ Frame 1A22 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://cif.images.xtstatic.com/tp.gif
Requested by
Host: oferteweb.hexat.com
URL: https://oferteweb.hexat.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
141.94.172.213 , France, ASN16276 (OVH, FR),
Reverse DNS
Software
/
Resource Hash

Request headers

Accept-Language
fr-FR,fr;q=0.9;q=0.9
Referer
https://oferteweb.hexat.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

Accept-Ranges
bytes
Cache-Control
max-age=2592000
Content-Length
42
Content-Type
image/gif
Date
Mon, 17 Jun 2024 00:31:23 GMT
ETag
"2a-59774aa04e000"
Expires
Wed, 17 Jul 2024 00:31:23 GMT
Last-Modified
Sat, 16 Nov 2019 11:03:28 GMT
__xt_authbar
xtgem.com/ Frame ADED 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://xtgem.com/__xt_authbar?data=eyJ1cmwiOiJodHRwOlwvXC9vZmVydGV3ZWIuaGV4YXQuY29tXC9pbmRleCIsImxvZ2dlZF9pbiI6ZmFsc2UsImRvbWFpbiI6Im9mZXJ0ZXdlYi5oZXhhdC5jb20iLCJwb3NpdGlvbiI6eyJhYnNvbHV0ZSI6ImZpeGVkIn19
Requested by
Host: oferteweb.hexat.com
URL: https://oferteweb.hexat.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
141.94.172.213 , France, ASN16276 (OVH, FR),
Reverse DNS
Software
/
Resource Hash

Request headers

Accept-Language
fr-FR,fr;q=0.9;q=0.9
Referer
https://oferteweb.hexat.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Content-Encoding
gzip
Content-Length
2755
Content-Type
text/html; charset=UTF-8
Date
Mon, 17 Jun 2024 00:31:23 GMT
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Pragma
no-cache
Vary
Accept-Encoding
arrow.gif
xtgem.com/images/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://xtgem.com/images/arrow.gif
Requested by
Host: oferteweb.hexat.com
URL: https://oferteweb.hexat.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
141.94.172.213 , France, ASN16276 (OVH, FR),
Reverse DNS
Software
/
Resource Hash
61a65d459daad29e3af0864f54477f26751b184ff83b6510d8c04c0344e86c66

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://oferteweb.hexat.com/
Accept-Language
fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Mon, 17 Jun 2024 00:31:23 GMT
X-Ngz
1
Last-Modified
Sat, 16 Nov 2019 11:03:28 GMT
ETag
"7cd-59774aa04e000"
Content-Type
image/gif
Cache-Control
max-age=2592000
Accept-Ranges
bytes
Content-Length
1997
Expires
Wed, 17 Jul 2024 00:31:23 GMT
close2.png
xtgem.com/images/ 		564 B
843 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://xtgem.com/images/close2.png?v=0.01
Requested by
Host: oferteweb.hexat.com
URL: https://oferteweb.hexat.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
141.94.172.213 , France, ASN16276 (OVH, FR),
Reverse DNS
Software
/
Resource Hash
bc5dcb35fc074321d66b9d7809e286e4afe72c7b08d1e799672126c92150ecd3

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://oferteweb.hexat.com/
Accept-Language
fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Mon, 17 Jun 2024 00:31:23 GMT
X-Ngz
1
Last-Modified
Sat, 16 Nov 2019 11:03:28 GMT
ETag
"234-59774aa04e000"
Content-Type
image/png
Cache-Control
max-age=2592000
Accept-Ranges
bytes
Content-Length
564
Expires
Wed, 17 Jul 2024 00:31:23 GMT
third.html
mgyccfrshz.com/ Frame EBB2 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://mgyccfrshz.com/third.html
Requested by
Host: mgyccfrshz.com
URL: https://mgyccfrshz.com/q/tdl/95/dnt/2014799/kep.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
212.117.190.201 Luxembourg, Luxembourg, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

Accept-Language
fr-FR,fr;q=0.9;q=0.9
Referer
https://oferteweb.hexat.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

accept-ch
sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding
gzip
content-type
text/html
date
Mon, 17 Jun 2024 00:31:23 GMT
etag
W/"66684e01-226"
last-modified
Tue, 11 Jun 2024 13:15:45 GMT
server
nginx
timing-allow-origin
*
vary
Accept-Encoding
x-js-ab
current
rules-p-0cfM8Oh7M9bVQ.js
rules.quantcount.com/ 		160 B
643 B 		Script
General
Check archive.org
Download Go to
Full URL
https://rules.quantcount.com/rules-p-0cfM8Oh7M9bVQ.js
Requested by
Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223c:e00:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
01e8c64b761cce7a14c9a7f82d4fa2162138e5e6e556350df4730498ea6417bf

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://oferteweb.hexat.com/
Accept-Language
fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 16 Jun 2024 23:51:46 GMT
via
1.1 44b457512f742b4e48fc7f0c87d8ed92.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P2
age
2410
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
160
last-modified
Fri, 14 Oct 2022 00:42:04 GMT
server
AmazonS3
etag
"2440f0fe7f89d580c051f453f7cc5d22"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=3600
accept-ranges
bytes
x-amz-cf-id
bq32_wSU-xSY_1M1AbIf4pFBek8VmvE5FV1HuohPUU7wm---uUk8Bw==
2014799
mgyccfrshz.com/get/ 		12 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://mgyccfrshz.com/get/2014799?p=2014799&jp=_cl5if6lhpb4jxbhx29e10h&nojs=0&abvar=0&febuild=1.0.263&t=0&wcks=1&wgl=1&cnvs=1&os=-120&tz=Europe/Paris&ss=1&ls=1&bb=0&cti=0&fn=2&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=fr-FR&pf=Win32&cd=24&vcv=Intel%20Inc.&vcn=Intel%20Iris%20OpenGL%20Engine&ix=0&x=1600&y=1200&md=0&afid=3208853883445760&eclog=0&im=1&cha=x86&chb=64&chbr=%22Google%20Chrome%22;v=%22126%22,%20%22Not:A-Brand%22;v=%228%22,%20%22Chromium%22;v=%22126%22&chf=%22Not/A)Brand%22;v=%228.0.0.0%22,%20%22Chromium%22;v=%22126.0.6478.61%22,%20%22Google%20Chrome%22;v=%22126.0.6478.61%22&chm=false&chmd=&chp=Win32&chv=10.0.0&cs=5&freq=0&uf=0
Requested by
Host: mgyccfrshz.com
URL: https://mgyccfrshz.com/q/tdl/95/dnt/2014799/kep.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
212.117.190.201 Luxembourg, Luxembourg, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software
nginx /
Resource Hash
544d25d874558d9d430ae1ae9c38a480a9e3f84c4d45369c972fb5bbeeb028ea

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://oferteweb.hexat.com/
Accept-Language
fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 17 Jun 2024 00:31:23 GMT
content-encoding
gzip
server
nginx
accept-ch
sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
x-route-id
config
timing-allow-origin
*
pixel;r=792966425;rf=0;a=p-0cfM8Oh7M9bVQ;url=https%3A%2F%2Foferteweb.hexat.com%2F;uht=2;fpan=1;fpa=P0-1972540554-1718584283750;pbc=;ns=0;ce=1;qjs=1;qv=b70d35e8-20231208114759;cm=;gdpr=0;ref=;d=hexa...
pixel.quantserve.com/ 		35 B
456 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.quantserve.com/pixel;r=792966425;rf=0;a=p-0cfM8Oh7M9bVQ;url=https%3A%2F%2Foferteweb.hexat.com%2F;uht=2;fpan=1;fpa=P0-1972540554-1718584283750;pbc=;ns=0;ce=1;qjs=1;qv=b70d35e8-20231208114759;cm=;gdpr=0;ref=;d=hexat.com;dst=1;et=1718584283862;tzo=-120;ogl=;ses=d13455d3-7e28-4ade-a4fa-022df93362ca;mdl=
Requested by
Host: oferteweb.hexat.com
URL: https://oferteweb.hexat.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800d:21:de2e:c7b3:55c0:d5a0 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://oferteweb.hexat.com/
Accept-Language
fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Mon, 17 Jun 2024 00:31:23 GMT
attribution-reporting-register-trigger
{"event_trigger_data":[{"filters":[],"trigger_data":"1"}]}
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type
image/gif
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
35
expires
Fri, 04 Aug 1978 12:00:00 GMT
2014799
mgyccfrshz.com/sn/ps/ Frame 195C
Redirect Chain
  • https://mgyccfrshz.com/sn/pr/2014799?p=2014799&jp=_cl5if6lhpb4jxbhx29e10h&nojs=0&abvar=0&febuild=1.0.263&t=0&wcks=1&wgl=1&cnvs=1&os=-120&tz=Europe/Paris&ss=1&ls=1&bb=0&cti=0&fn=2&plu=PDF%20Viewer::...
  • https://coosync.com/sn/c?zoneid=2014799&freq=0&srp=welROR11BBV_pN7rW8Hts3YqHjCC034MxANduRbc3eVc-4qAGI7jJA0t5zwo0GP2t3qbxWYyHZdC9ATgoL4uq7f7Cg-x79tjLUhm3caqw8OP&im=1&wcks=1
  • https://mgyccfrshz.com/sn/ps/2014799?freq=0&im=1&puid=0&so=1&wcks=1
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://mgyccfrshz.com/sn/ps/2014799?freq=0&im=1&puid=0&so=1&wcks=1
Requested by
Host: mgyccfrshz.com
URL: https://mgyccfrshz.com/q/tdl/95/dnt/2014799/kep.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
212.117.190.201 Luxembourg, Luxembourg, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

Accept-Language
fr-FR,fr;q=0.9;q=0.9
Referer
https://oferteweb.hexat.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

accept-ch
sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Mon, 17 Jun 2024 00:31:24 GMT
server
nginx
timing-allow-origin
*
vary
Accept-Encoding
x-route-id
cookie.user_id.pre_sync.final

Redirect headers

accept-ch
sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-length
106
content-type
text/html; charset=utf-8
date
Mon, 17 Jun 2024 00:31:23 GMT
location
https://mgyccfrshz.com/sn/ps/2014799?freq=0&im=1&puid=0&so=1&wcks=1
server
nginx
timing-allow-origin
*
x-route-id
cookie.user_id.sync
favicon.ico
oferteweb.hexat.com/ 		0
146 B 		Other
General
Check archive.org
Download Go to
Full URL
https://oferteweb.hexat.com/favicon.ico
Protocol
HTTP/1.0
Security
TLS 1.3, , AES_256_GCM
Server
54.36.158.41 , France, ASN16276 (OVH, FR),
Reverse DNS
lb.xtgem.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://oferteweb.hexat.com/
Accept-Language
fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Mon, 17 Jun 2024 00:31:24 GMT
Connection
keep-alive
Content-Length
0
Content-Type
text/html; charset=UTF-8

Verdicts & Comments Add Verdict or Comment

23 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 undefined| event object| fence object| sharedStorage object| _qevents boolean| cookies number| len function| handleException function| c2ss boolean| zfgloadedcode object| RmVlZEZyZXFDYXBTdG9yYWdl function| quantserve function| __qc object| ezt object| _qoptions number| cs__param function| _cl5if6lhpb4jxbhx29e10h number| puidSyncFrame boolean| zfgloadedpopup

9 Cookies

Domain/Path Name / Value
.hexat.com/ Name: _xta_uid
Value: a07c310b8e7dd915bd52bf8ff4c62562
.hexat.com/ Name: _xta_vid
Value: f2c37a5b1a954c21d46194e8038d1651-1718584283
oferteweb.hexat.com/ Name:
Value: test
mgyccfrshz.com/ Name: cart
Value: 1
mgyccfrshz.com/ Name: cart_p
Value: 2
mgyccfrshz.com/ Name: UID
Value: 240616193134fa03719c8a47be8b2bbdc962
mgyccfrshz.com/ Name: CHCK
Value: 1
.quantserve.com/ Name: mc
Value: 666f83db-d9357-2a641-6aa24
.hexat.com/ Name: __qca
Value: P0-1972540554-1718584283750

3 Console Messages

Source Level URL
Text
security warning URL: https://oferteweb.hexat.com/
Message:
Mixed Content: The page at 'https://oferteweb.hexat.com/' was loaded over HTTPS, but requested an insecure element 'http://xtgem.com/images/country_flags/france.gif'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://oferteweb.hexat.com/(Line 85)
Message:
Mixed Content: The page at 'https://oferteweb.hexat.com/' was loaded over HTTPS, but requested an insecure element 'http://xtgem.com/images/country_flags/france.gif'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
network error URL: https://oferteweb.hexat.com/favicon.ico
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)