nz.12xlwin6k.com Open in urlscan Pro
151.101.2.132 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://headearth.net/rbmdbxgqOC.php5?f1fe1mozuj8dfpwoefdexexmob3l5emnyr7x5ktx82eyhpihcbnm77jitdsrs6axqds5ncgllejlmmm9...
Effective URL:
https://nz.12xlwin6k.com/index.php?v=5068
Submission: On October 19 via api (October 19th 2024, 2:24:18 pm UTC) from BE — Scanned from NZ

Summary HTTP 8 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 5 countries across 7 domains to perform 8 HTTP transactions. The main IP is 151.101.2.132, located in San Francisco, United States and belongs to FASTLY, US. The main domain is nz.12xlwin6k.com.
TLS certificate: Issued by R10 on September 14th 2024. Valid for: 3 months.

This is the only time nz.12xlwin6k.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	103.208.86.115 103.208.86.115	61138 (ZAPPIE-HO...) (ZAPPIE-HOST-AS Zappie Host)
1	51.158.43.12 51.158.43.12	12876 (Online SAS) (Online SAS)
2 2	45.147.195.16 45.147.195.16	49392 (ASBAXETN) (ASBAXETN)
1 1	52.53.103.54 52.53.103.54	16509 (AMAZON-02) (AMAZON-02)
6	151.101.2.132 151.101.2.132	54113 (FASTLY) (FASTLY)
1	2404:6800:400... 2404:6800:4006:814::200a	15169 (GOOGLE) (GOOGLE)
8	3

1 103.208.86.115 (Auckland, New Zealand) 1 redirects

ASN61138 (ZAPPIE-HOST-AS Zappie Host, US)
PTR: headearth.net

headearth.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.158.43.12 (Paris, France)

ASN12876 (Online SAS, FR)
PTR: 51-158-43-12.rev.poneytelecom.eu

placementsocialist.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 45.147.195.16 (Moscow, Russian Federation) 2 redirects

ASN49392 (ASBAXETN, RU)
PTR: overcharge15.professionerinpick.com

1ibeg.suggestedspins.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
1ibeg.spinningfastloop.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.53.103.54 (San Jose, United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-53-103-54.us-west-1.compute.amazonaws.com

x.trc85.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 151.101.2.132 (San Francisco, United States)

ASN54113 (FASTLY, US)

nz.12xlwin6k.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2404:6800:4006:814::200a (Sydney, Australia)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	12xlwin6k.com nz.12xlwin6k.com	295 KB
1	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 412	33 KB
1	trc85.com 1 redirects x.trc85.com	2 KB
1	spinningfastloop.com 1 redirects 1ibeg.spinningfastloop.com	1 KB
1	suggestedspins.com 1 redirects 1ibeg.suggestedspins.com	1006 B
1	placementsocialist.com placementsocialist.com	465 B
1	headearth.net 1 redirects headearth.net	375 B
8	7

	Domain	Requested by
6	nz.12xlwin6k.com	placementsocialist.com nz.12xlwin6k.com
1	ajax.googleapis.com	nz.12xlwin6k.com
1	x.trc85.com	1 redirects
1	1ibeg.spinningfastloop.com	1 redirects
1	1ibeg.suggestedspins.com	1 redirects
1	placementsocialist.com
1	headearth.net	1 redirects
8	7

This site contains no links.

Subject Issuer	Validity	Valid
placementsocialist.com Sectigo RSA Domain Validation Secure Server CA	`2024-03-25` - `2025-04-22`	a year	crt.sh
*.12xlwin6k.com R10	`2024-09-14` - `2024-12-13`	3 months	crt.sh
upload.video.google.com WR2	`2024-09-30` - `2024-12-23`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://nz.12xlwin6k.com/index.php?v=5068
Frame ID: C00C7656E164BCD89424690962259CB2
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

WIN A $500 CALTEX VOUCHER

Page URL History Show full URLs

http://headearth.net/rbmdbxgqOC.php5?f1fe1mozuj8dfpwoefdexexmob3l5emnyr7x5ktx82eyhpihcbnm77jitdsr... HTTP 307
https://headearth.net/rbmdbxgqOC.php5?f1fe1mozuj8dfpwoefdexexmob3l5emnyr7x5ktx82eyhpihcbnm77jitdsr... HTTP 307
http://headearth.net/rbmdbxgqOC.php5?f1fe1mozuj8dfpwoefdexexmob3l5emnyr7x5ktx82eyhpihcbnm77jitdsr... HTTP 302
https://placementsocialist.com/176368fe521b39b0800/3_446863_118440/197_1047479_521899_3/1165976194_snrl9g Page URL
https://nz.12xlwin6k.com/index.php?v=5068 Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

8
Requests

100 %
HTTPS

17 %
IPv6

7
Domains

7
Subdomains

3
IPs

5
Countries

329 kB
Transfer

397 kB
Size

7
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://headearth.net/rbmdbxgqOC.php5?f1fe1mozuj8dfpwoefdexexmob3l5emnyr7x5ktx82eyhpihcbnm77jitdsrs6axqds5ncgllejlmmm9pylolkaluauqusk48kqmvdjlfnmbbqof31ttlzvshbwyasczq2vjl8cf79ymdqe3mqszqnvmsckgxcilwin8z1kimmhhtx2twdv1wd25j5jhx7scr0cioss10vgcz1y5pyqukx6kxw3g8xtzt1yxcnpzxjaxplp7keoseyoivhdlzmzhmsakeuz3ovldugwms7qxhil6r63cu3do7me9twni8or5nkcznpmi9c8bsvglysljt3hzfsdbidhjs5rkdg5knhaebsglx8s3ow5omwmk0jiatddxt4fiq4qxrxq1v5bie6klklxcthjaszediualteikunxyeu3fy5xjwutntxx4wozdtefdojmupxili0wdj04zguxfvzhpfuo8ztcjyjvpqky6qvq02ngeb4mpawr8v6cxqm0iapjihukwms3mrxdjn80mwckzkrmxgc33kzwzcvkhnqycro9rez3wnb90njg3gdefwnls39eptsp5tujieh0j169tg2lyyvvazopsac1kp0z84vslwbcxufz2bls4r8nctrdqwgaogjsu2gmkilpukpuw8diznv3huoux3eogz5pmkn6uq6wkxc67kjfbuuk6iskhusj5lap9z2ogvzafrpvbgxtq5pktddeb1l8d4msgqtgwuqtfwvzpt2nrzdkbaampupmczcbzdxaha3qmj2ers51aaihbkjbxalhqpgeckzehhshvxcjjqkz6eibz2z9ex0zansbh2tdvun8grbhlxu26ueue83jkgqoq8zny0dquwrbjvb8iqk6lovfhdo3yxq2856erfch0fwxtvdpkakh2bww3usngl1f9lmxgbvvynzgnm30kqnw5f1lajaumdpqsys2v3iyji9wkmvow5zqwxytgj62tf1ievbzbmbzvzyhicbbbff3zpjcck2yQcbQNHcfcfNcfcfJb6gmr6cbbbbg HTTP 307
https://headearth.net/rbmdbxgqOC.php5?f1fe1mozuj8dfpwoefdexexmob3l5emnyr7x5ktx82eyhpihcbnm77jitdsrs6axqds5ncgllejlmmm9pylolkaluauqusk48kqmvdjlfnmbbqof31ttlzvshbwyasczq2vjl8cf79ymdqe3mqszqnvmsckgxcilwin8z1kimmhhtx2twdv1wd25j5jhx7scr0cioss10vgcz1y5pyqukx6kxw3g8xtzt1yxcnpzxjaxplp7keoseyoivhdlzmzhmsakeuz3ovldugwms7qxhil6r63cu3do7me9twni8or5nkcznpmi9c8bsvglysljt3hzfsdbidhjs5rkdg5knhaebsglx8s3ow5omwmk0jiatddxt4fiq4qxrxq1v5bie6klklxcthjaszediualteikunxyeu3fy5xjwutntxx4wozdtefdojmupxili0wdj04zguxfvzhpfuo8ztcjyjvpqky6qvq02ngeb4mpawr8v6cxqm0iapjihukwms3mrxdjn80mwckzkrmxgc33kzwzcvkhnqycro9rez3wnb90njg3gdefwnls39eptsp5tujieh0j169tg2lyyvvazopsac1kp0z84vslwbcxufz2bls4r8nctrdqwgaogjsu2gmkilpukpuw8diznv3huoux3eogz5pmkn6uq6wkxc67kjfbuuk6iskhusj5lap9z2ogvzafrpvbgxtq5pktddeb1l8d4msgqtgwuqtfwvzpt2nrzdkbaampupmczcbzdxaha3qmj2ers51aaihbkjbxalhqpgeckzehhshvxcjjqkz6eibz2z9ex0zansbh2tdvun8grbhlxu26ueue83jkgqoq8zny0dquwrbjvb8iqk6lovfhdo3yxq2856erfch0fwxtvdpkakh2bww3usngl1f9lmxgbvvynzgnm30kqnw5f1lajaumdpqsys2v3iyji9wkmvow5zqwxytgj62tf1ievbzbmbzvzyhicbbbff3zpjcck2yQcbQNHcfcfNcfcfJb6gmr6cbbbbg HTTP 307
http://headearth.net/rbmdbxgqOC.php5?f1fe1mozuj8dfpwoefdexexmob3l5emnyr7x5ktx82eyhpihcbnm77jitdsrs6axqds5ncgllejlmmm9pylolkaluauqusk48kqmvdjlfnmbbqof31ttlzvshbwyasczq2vjl8cf79ymdqe3mqszqnvmsckgxcilwin8z1kimmhhtx2twdv1wd25j5jhx7scr0cioss10vgcz1y5pyqukx6kxw3g8xtzt1yxcnpzxjaxplp7keoseyoivhdlzmzhmsakeuz3ovldugwms7qxhil6r63cu3do7me9twni8or5nkcznpmi9c8bsvglysljt3hzfsdbidhjs5rkdg5knhaebsglx8s3ow5omwmk0jiatddxt4fiq4qxrxq1v5bie6klklxcthjaszediualteikunxyeu3fy5xjwutntxx4wozdtefdojmupxili0wdj04zguxfvzhpfuo8ztcjyjvpqky6qvq02ngeb4mpawr8v6cxqm0iapjihukwms3mrxdjn80mwckzkrmxgc33kzwzcvkhnqycro9rez3wnb90njg3gdefwnls39eptsp5tujieh0j169tg2lyyvvazopsac1kp0z84vslwbcxufz2bls4r8nctrdqwgaogjsu2gmkilpukpuw8diznv3huoux3eogz5pmkn6uq6wkxc67kjfbuuk6iskhusj5lap9z2ogvzafrpvbgxtq5pktddeb1l8d4msgqtgwuqtfwvzpt2nrzdkbaampupmczcbzdxaha3qmj2ers51aaihbkjbxalhqpgeckzehhshvxcjjqkz6eibz2z9ex0zansbh2tdvun8grbhlxu26ueue83jkgqoq8zny0dquwrbjvb8iqk6lovfhdo3yxq2856erfch0fwxtvdpkakh2bww3usngl1f9lmxgbvvynzgnm30kqnw5f1lajaumdpqsys2v3iyji9wkmvow5zqwxytgj62tf1ievbzbmbzvzyhicbbbff3zpjcck2yQcbQNHcfcfNcfcfJb6gmr6cbbbbg HTTP 302
https://placementsocialist.com/176368fe521b39b0800/3_446863_118440/197_1047479_521899_3/1165976194_snrl9g Page URL
https://nz.12xlwin6k.com/index.php?v=5068 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://headearth.net/rbmdbxgqOC.php5?f1fe1mozuj8dfpwoefdexexmob3l5emnyr7x5ktx82eyhpihcbnm77jitdsrs6axqds5ncgllejlmmm9pylolkaluauqusk48kqmvdjlfnmbbqof31ttlzvshbwyasczq2vjl8cf79ymdqe3mqszqnvmsckgxcilwin8z1kimmhhtx2twdv1wd25j5jhx7scr0cioss10vgcz1y5pyqukx6kxw3g8xtzt1yxcnpzxjaxplp7keoseyoivhdlzmzhmsakeuz3ovldugwms7qxhil6r63cu3do7me9twni8or5nkcznpmi9c8bsvglysljt3hzfsdbidhjs5rkdg5knhaebsglx8s3ow5omwmk0jiatddxt4fiq4qxrxq1v5bie6klklxcthjaszediualteikunxyeu3fy5xjwutntxx4wozdtefdojmupxili0wdj04zguxfvzhpfuo8ztcjyjvpqky6qvq02ngeb4mpawr8v6cxqm0iapjihukwms3mrxdjn80mwckzkrmxgc33kzwzcvkhnqycro9rez3wnb90njg3gdefwnls39eptsp5tujieh0j169tg2lyyvvazopsac1kp0z84vslwbcxufz2bls4r8nctrdqwgaogjsu2gmkilpukpuw8diznv3huoux3eogz5pmkn6uq6wkxc67kjfbuuk6iskhusj5lap9z2ogvzafrpvbgxtq5pktddeb1l8d4msgqtgwuqtfwvzpt2nrzdkbaampupmczcbzdxaha3qmj2ers51aaihbkjbxalhqpgeckzehhshvxcjjqkz6eibz2z9ex0zansbh2tdvun8grbhlxu26ueue83jkgqoq8zny0dquwrbjvb8iqk6lovfhdo3yxq2856erfch0fwxtvdpkakh2bww3usngl1f9lmxgbvvynzgnm30kqnw5f1lajaumdpqsys2v3iyji9wkmvow5zqwxytgj62tf1ievbzbmbzvzyhicbbbff3zpjcck2yQcbQNHcfcfNcfcfJb6gmr6cbbbbg HTTP 307
https://headearth.net/rbmdbxgqOC.php5?f1fe1mozuj8dfpwoefdexexmob3l5emnyr7x5ktx82eyhpihcbnm77jitdsrs6axqds5ncgllejlmmm9pylolkaluauqusk48kqmvdjlfnmbbqof31ttlzvshbwyasczq2vjl8cf79ymdqe3mqszqnvmsckgxcilwin8z1kimmhhtx2twdv1wd25j5jhx7scr0cioss10vgcz1y5pyqukx6kxw3g8xtzt1yxcnpzxjaxplp7keoseyoivhdlzmzhmsakeuz3ovldugwms7qxhil6r63cu3do7me9twni8or5nkcznpmi9c8bsvglysljt3hzfsdbidhjs5rkdg5knhaebsglx8s3ow5omwmk0jiatddxt4fiq4qxrxq1v5bie6klklxcthjaszediualteikunxyeu3fy5xjwutntxx4wozdtefdojmupxili0wdj04zguxfvzhpfuo8ztcjyjvpqky6qvq02ngeb4mpawr8v6cxqm0iapjihukwms3mrxdjn80mwckzkrmxgc33kzwzcvkhnqycro9rez3wnb90njg3gdefwnls39eptsp5tujieh0j169tg2lyyvvazopsac1kp0z84vslwbcxufz2bls4r8nctrdqwgaogjsu2gmkilpukpuw8diznv3huoux3eogz5pmkn6uq6wkxc67kjfbuuk6iskhusj5lap9z2ogvzafrpvbgxtq5pktddeb1l8d4msgqtgwuqtfwvzpt2nrzdkbaampupmczcbzdxaha3qmj2ers51aaihbkjbxalhqpgeckzehhshvxcjjqkz6eibz2z9ex0zansbh2tdvun8grbhlxu26ueue83jkgqoq8zny0dquwrbjvb8iqk6lovfhdo3yxq2856erfch0fwxtvdpkakh2bww3usngl1f9lmxgbvvynzgnm30kqnw5f1lajaumdpqsys2v3iyji9wkmvow5zqwxytgj62tf1ievbzbmbzvzyhicbbbff3zpjcck2yQcbQNHcfcfNcfcfJb6gmr6cbbbbg HTTP 307
http://headearth.net/rbmdbxgqOC.php5?f1fe1mozuj8dfpwoefdexexmob3l5emnyr7x5ktx82eyhpihcbnm77jitdsrs6axqds5ncgllejlmmm9pylolkaluauqusk48kqmvdjlfnmbbqof31ttlzvshbwyasczq2vjl8cf79ymdqe3mqszqnvmsckgxcilwin8z1kimmhhtx2twdv1wd25j5jhx7scr0cioss10vgcz1y5pyqukx6kxw3g8xtzt1yxcnpzxjaxplp7keoseyoivhdlzmzhmsakeuz3ovldugwms7qxhil6r63cu3do7me9twni8or5nkcznpmi9c8bsvglysljt3hzfsdbidhjs5rkdg5knhaebsglx8s3ow5omwmk0jiatddxt4fiq4qxrxq1v5bie6klklxcthjaszediualteikunxyeu3fy5xjwutntxx4wozdtefdojmupxili0wdj04zguxfvzhpfuo8ztcjyjvpqky6qvq02ngeb4mpawr8v6cxqm0iapjihukwms3mrxdjn80mwckzkrmxgc33kzwzcvkhnqycro9rez3wnb90njg3gdefwnls39eptsp5tujieh0j169tg2lyyvvazopsac1kp0z84vslwbcxufz2bls4r8nctrdqwgaogjsu2gmkilpukpuw8diznv3huoux3eogz5pmkn6uq6wkxc67kjfbuuk6iskhusj5lap9z2ogvzafrpvbgxtq5pktddeb1l8d4msgqtgwuqtfwvzpt2nrzdkbaampupmczcbzdxaha3qmj2ers51aaihbkjbxalhqpgeckzehhshvxcjjqkz6eibz2z9ex0zansbh2tdvun8grbhlxu26ueue83jkgqoq8zny0dquwrbjvb8iqk6lovfhdo3yxq2856erfch0fwxtvdpkakh2bww3usngl1f9lmxgbvvynzgnm30kqnw5f1lajaumdpqsys2v3iyji9wkmvow5zqwxytgj62tf1ievbzbmbzvzyhicbbbff3zpjcck2yQcbQNHcfcfNcfcfJb6gmr6cbbbbg HTTP 302
https://placementsocialist.com/176368fe521b39b0800/3_446863_118440/197_1047479_521899_3/1165976194_snrl9g

Request Chain 1

https://1ibeg.suggestedspins.com/?kw=690301&s1=690301&s2=3_446863_118440&s3=1435245312&s4=45 HTTP 302
https://1ibeg.spinningfastloop.com/o/OM9DVLSI/cf1294da-8e25-11ef-8f1d-79fe8075bc44/cf19179c-8e25-11ef-857b-85c0092d0c87 HTTP 302
http://x.trc85.com/aff_c?offer_id=144&aff_id=1161&url_id=3902&pl=23&aff_sub=cff95da2-8e25-11ef-a39a-2178ef5177f8&source=74698&aff_sub3=b89fd195283& HTTP 307
https://x.trc85.com/aff_c?offer_id=144&aff_id=1161&url_id=3902&pl=23&aff_sub=cff95da2-8e25-11ef-a39a-2178ef5177f8&source=74698&aff_sub3=b89fd195283& HTTP 302
https://nz.12xlwin6k.com/gtrax.php?aff_id=1161&ct=1&v=5068&offer_id=144&sub_source=74698&t1=102cfe52b7bb5cfbc1894361210ed0&t2=cff95da2-8e25-11ef-a39a-2178ef5177f8&&t3=103.75.11.100-AU&udc=Desktop--Google--Chrome--%3F&gender={gender}&email={email}&firstname={firstname}&lastname={lastname}&pl=23

8 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

1165976194_snrl9g
placementsocialist.com/176368fe521b39b0800/3_446863_118440/197_1047479_521899_3/
Redirect Chain

http://headearth.net/rbmdbxgqOC.php5?f1fe1mozuj8dfpwoefdexexmob3l5emnyr7x5ktx82eyhpihcbnm77jitdsrs6axqds5ncgllejlmmm9pylolkaluauqusk48kqmvdjlfnmbbqof31ttlzvshbwyasczq2vjl8cf79ymdqe3mqszqnvmsckgxcil...
https://headearth.net/rbmdbxgqOC.php5?f1fe1mozuj8dfpwoefdexexmob3l5emnyr7x5ktx82eyhpihcbnm77jitdsrs6axqds5ncgllejlmmm9pylolkaluauqusk48kqmvdjlfnmbbqof31ttlzvshbwyasczq2vjl8cf79ymdqe3mqszqnvmsckgxci...
http://headearth.net/rbmdbxgqOC.php5?f1fe1mozuj8dfpwoefdexexmob3l5emnyr7x5ktx82eyhpihcbnm77jitdsrs6axqds5ncgllejlmmm9pylolkaluauqusk48kqmvdjlfnmbbqof31ttlzvshbwyasczq2vjl8cf79ymdqe3mqszqnvmsckgxcil...
https://placementsocialist.com/176368fe521b39b0800/3_446863_118440/197_1047479_521899_3/1165976194_snrl9g

155 B
465 B

2372ms
573ms

Document
text/html

51.158.43.12
Online SAS

General

Check archive.org

Show headers Download Go to

Full URL: https://placementsocialist.com/176368fe521b39b0800/3_446863_118440/197_1047479_521899_3/1165976194_snrl9g
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 51.158.43.12 Paris, France, ASN12876 (Online SAS, FR),
Reverse DNS: 51-158-43-12.rev.poneytelecom.eu
Software: Apache /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

Connection: close
Content-Length: 155
Content-Type: text/html; charset=UTF-8
Date: Sat, 19 Oct 2024 14:24:09 GMT
Server: Apache

Redirect headers

Connection: keep-alive
Content-Type: text/html
Date: Sat, 19 Oct 2024 14:24:07 GMT
Location: https://placementsocialist.com/176368fe521b39b0800/3_446863_118440/197_1047479_521899_3/1165976194_snrl9g
Server: nginx
Transfer-Encoding: chunked
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block

GET
H2

200

gtrax.php Show response
nz.12xlwin6k.com/
Redirect Chain

https://1ibeg.suggestedspins.com/?kw=690301&s1=690301&s2=3_446863_118440&s3=1435245312&s4=45
https://1ibeg.spinningfastloop.com/o/OM9DVLSI/cf1294da-8e25-11ef-8f1d-79fe8075bc44/cf19179c-8e25-11ef-857b-85c0092d0c87
http://x.trc85.com/aff_c?offer_id=144&aff_id=1161&url_id=3902&pl=23&aff_sub=cff95da2-8e25-11ef-a39a-2178ef5177f8&source=74698&aff_sub3=b89fd195283&
https://x.trc85.com/aff_c?offer_id=144&aff_id=1161&url_id=3902&pl=23&aff_sub=cff95da2-8e25-11ef-a39a-2178ef5177f8&source=74698&aff_sub3=b89fd195283&
https://nz.12xlwin6k.com/gtrax.php?aff_id=1161&ct=1&v=5068&offer_id=144&sub_source=74698&t1=102cfe52b7bb5cfbc1894361210ed0&t2=cff95da2-8e25-11ef-a39a-2178ef5177f8&&t3=103.75.11.100-AU&udc=Desktop--...

0
299 B

912ms
673ms

Document
text/html

151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://nz.12xlwin6k.com/gtrax.php?aff_id=1161&ct=1&v=5068&offer_id=144&sub_source=74698&t1=102cfe52b7bb5cfbc1894361210ed0&t2=cff95da2-8e25-11ef-a39a-2178ef5177f8&&t3=103.75.11.100-AU&udc=Desktop--Google--Chrome--%3F&gender={gender}&email={email}&firstname={firstname}&lastname={lastname}&pl=23
Requested by: Host: placementsocialist.com
URL: https://placementsocialist.com/176368fe521b39b0800/3_446863_118440/197_1047479_521899_3/1165976194_snrl9g
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.132 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://placementsocialist.com/176368fe521b39b0800/3_446863_118440/197_1047479_521899_3/1165976194_snrl9g
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
cache-control: no-store, no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=utf-8
date: Sat, 19 Oct 2024 14:24:14 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
refresh: 0.2;url=index.php?v=5068
server: nginx
via: 1.1 varnish
x-cache: MISS
x-cache-hits: 0
x-cache-status: MISS
x-served-by: cache-syd10158-SYD
x-timer: S1729347854.744555,VS0,VE607

Redirect headers

Accept-Ch: Sec-Ch-Dpr, Dpr, Sec-Ch-Ua-Model
Access-Control-Allow-Headers: Tune-SDK-Version
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 534
Content-Type: text/html; charset=iso-8859-1
Date: Sat, 19 Oct 2024 14:24:13 GMT
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Location: https://nz.12xlwin6k.com/gtrax.php?aff_id=1161&ct=1&v=5068&offer_id=144&sub_source=74698&t1=102cfe52b7bb5cfbc1894361210ed0&t2=cff95da2-8e25-11ef-a39a-2178ef5177f8&&t3=103.75.11.100-AU&udc=Desktop--Google--Chrome--%3F&gender={gender}&email={email}&firstname={firstname}&lastname={lastname}&pl=23
P3p: CP="NOI CUR OUR NOR INT"
Pragma: no-cache
Server: nginx
Tracking_id: 102cfe52b7bb5cfbc1894361210ed0
X-Request-Id: 0af12fda9b678b395e10a73da211d19d

GET
H2 200 Primary Request index.php Show response
nz.12xlwin6k.com/ 14 KB
3 KB 683ms
682ms Document
text/html 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://nz.12xlwin6k.com/index.php?v=5068
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.132 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 5207793067c61326fc367d7ba71c4be44fc0f8d4625ab07427a8fd8440eaeef7

Request headers

Referer: https://nz.12xlwin6k.com/gtrax.php?aff_id=1161&ct=1&v=5068&offer_id=144&sub_source=74698&t1=102cfe52b7bb5cfbc1894361210ed0&t2=cff95da2-8e25-11ef-a39a-2178ef5177f8&&t3=103.75.11.100-AU&udc=Desktop--Google--Chrome--%3F&gender={gender}&email={email}&firstname={firstname}&lastname={lastname}&pl=23
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
age: 0
cache-control: no-store, no-cache, must-revalidate
content-encoding: gzip
content-length: 2551
content-type: text/html; charset=UTF-8
date: Sat, 19 Oct 2024 14:24:15 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
server: nginx
vary: Accept-Encoding
via: 1.1 varnish
x-cache: MISS
x-cache-hits: 0
x-cache-status: MISS
x-served-by: cache-syd10158-SYD
x-timer: S1729347854.448273,VS0,VE615

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.8.3/ 91 KB
33 KB 547ms
150ms Script
text/javascript 2404:6800:4006:814::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js

Requested by

Host: nz.12xlwin6k.com
URL: https://nz.12xlwin6k.com/index.php?v=5068

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4006:814::200a Sydney, Australia, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c6caebd23921741fb5ffe6603f16634fca9840c2bf56ac8201e9264d6daccf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://nz.12xlwin6k.com/

Response headers

content-encoding: gzip
age: 361559
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
x-content-type-options: nosniff
expires: Wed, 15 Oct 2025 09:58:16 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 15 Oct 2024 09:58:16 GMT
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
accept-ranges: bytes
access-control-allow-origin: *
content-length: 33593
x-xss-protection: 0
server: sffe

GET
H2 200 img_3643.png
nz.12xlwin6k.com/hostimgpl/ 117 KB
117 KB 1621ms
1621ms Image
image/png 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nz.12xlwin6k.com/hostimgpl/img_3643.png
Requested by: Host: nz.12xlwin6k.com
URL: https://nz.12xlwin6k.com/index.php?v=5068
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.132 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: ea526a1dcc182b1ea3e76fea545fe729e7cf8617047410405b22bfa1651adfaf

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://nz.12xlwin6k.com/index.php?v=5068

Response headers

x-cache-status: MISS
etag: "1d48a-5f8e9133be465"
age: 1
x-timer: S1729347855.135614,VS0,VE1480
via: 1.1 varnish
accept-ranges: bytes
x-cache: MISS
content-length: 119946
date: Sat, 19 Oct 2024 14:24:16 GMT
content-type: image/png
last-modified: Sun, 09 Apr 2023 15:40:17 GMT
server: nginx
x-cache-hits: 0
x-served-by: cache-syd10158-SYD

GET
H2 200 img_3644.png
nz.12xlwin6k.com/hostimgpl/ 134 KB
134 KB 1537ms
1536ms Image
image/png 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nz.12xlwin6k.com/hostimgpl/img_3644.png
Requested by: Host: nz.12xlwin6k.com
URL: https://nz.12xlwin6k.com/index.php?v=5068
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.132 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 4342eb8d7b18af0ad27917d009ecbf4738360cadf79f6a0bb8e61ebdc1fc3f3c

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://nz.12xlwin6k.com/index.php?v=5068

Response headers

x-cache-status: MISS
etag: "2167f-5f8e9133be465"
age: 1
x-timer: S1729347855.135886,VS0,VE1470
via: 1.1 varnish
accept-ranges: bytes
x-cache: MISS
content-length: 136831
date: Sat, 19 Oct 2024 14:24:16 GMT
content-type: image/png
last-modified: Sun, 09 Apr 2023 15:40:17 GMT
server: nginx
x-cache-hits: 0
x-served-by: cache-syd10158-SYD

GET
H2 200 img_8383.png
nz.12xlwin6k.com/hostimgpl/ 96 B
203 B 666ms
666ms Image
image/png 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nz.12xlwin6k.com/hostimgpl/img_8383.png
Requested by: Host: nz.12xlwin6k.com
URL: https://nz.12xlwin6k.com/index.php?v=5068
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.132 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: ef8394171f14b550527591409d335f2a8be22f247ff051709a8b8679b28d4bf9

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://nz.12xlwin6k.com/index.php?v=5068

Response headers

x-cache-status: MISS
etag: "60-5f9267c923a17"
age: 0
x-timer: S1729347855.148570,VS0,VE600
via: 1.1 varnish
accept-ranges: bytes
x-cache: MISS
content-length: 96
date: Sat, 19 Oct 2024 14:24:15 GMT
content-type: image/png
last-modified: Wed, 12 Apr 2023 16:56:17 GMT
server: nginx
x-cache-hits: 0
x-served-by: cache-syd10158-SYD

GET
H2 200 img_8382.png
nz.12xlwin6k.com/hostimgpl/ 41 KB
41 KB 985ms
985ms Image
image/png 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nz.12xlwin6k.com/hostimgpl/img_8382.png
Requested by: Host: nz.12xlwin6k.com
URL: https://nz.12xlwin6k.com/index.php?v=5068
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.132 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 0f006c1dca9d9f39c8492a8e48ca8d39194162b64039f003640b3ee603a33d75

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://nz.12xlwin6k.com/index.php?v=5068

Response headers

x-cache-status: MISS
etag: "a212-5f9267c923a17"
age: 0
x-timer: S1729347855.149335,VS0,VE918
via: 1.1 varnish
accept-ranges: bytes
x-cache: MISS
content-length: 41490
date: Sat, 19 Oct 2024 14:24:16 GMT
content-type: image/png
last-modified: Wed, 12 Apr 2023 16:56:17 GMT
server: nginx
x-cache-hits: 0
x-served-by: cache-syd10158-SYD

Verdicts & Comments Add Verdict or Comment

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

7 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
placementsocialist.com/	1970-01-21 01:05:39	Name: uid45 Value: 1435245312-20241019102409-916ca436e5dab39e5db7f6bc34663ae8-
1ibeg.suggestedspins.com/	1970-01-21 00:22:35	Name: yredir_session Value: eyJpdiI6ImY5b2lndHZqZzZjZ3d1VkV4a3FlMWc9PSIsInZhbHVlIjoiLzFzRDhYWFRhSUJHQW1kU2ovZ0RVbXM2R0tRbGJSZml1aU4rdzJCeVNsTnU0b0l5WjFId0gvTmJKb1hTQ0o5T0oxa2FaV0NSb0wweXZhMDZZVWdKYitVeThNU3h4QWpWVytQamVFMFlma2YwRDJJd2JNV1RzR2E1MjFDVWtFc0ciLCJtYWMiOiIxMWRmZTBmNjE3YmNlZDE1NDhkMmUxMGIyZjE5MTViZWQxOWMwMjkyNGUxNjU1MGM1NGEyZDNkOWJlMDEwYmI3IiwidGFnIjoiIn0%3D
1ibeg.spinningfastloop.com/	1970-01-21 00:22:35	Name: yredir_session Value: eyJpdiI6Ik1PUVVkMjBaN1NvMTNjdi9FZDJuNVE9PSIsInZhbHVlIjoibnpvRmN0MjJZZG4zNzBwblViR1QzZ2szVVZFUlYwQmtlRFRidzVDU3dVNkM1QnczREpzTmdjelQ2dnQ0RWN2WHNNOSt4RzkycE5PUlRmRUREVWNLWlhMQ2IvNWFDK1FBQ1VFSVFubE00dVU5V3BBeGlRVDhOM1pFS0tCVEI0R3UiLCJtYWMiOiIxMzFiZWNiOTE0ZDAwNzM3ZTZmYzQ0ZmM1MWY0NjEzOTAyZDJkNzlhOTQwZDk2Zjc2MjliOTRlNTFkMjVmZGU4IiwidGFnIjoiIn0%3D
x.trc85.com/	1970-01-21 00:23:54	Name: aff_ran_url_144 Value: 3902
x.trc85.com/	1970-01-21 01:07:06	Name: enc_aff_session_144 Value: ENC038b2a059af0cfa5966a13706491ba97cdd59f32b76e720fd38f0523fbb52eea838996f1fc7d8b42ee85338f7e77decbe732f5c7ad83822772b1f1afe7a2540b7bde64a0281e5e3fa87b168be8ce338c517b4fdbe9b1c8aa8fa2a49864815af9357ebf0ae33f16cd83fe40f44478875aa2959d641bb8f5330f02a91bf567b004cb4ca76146cd199ef6bf335bc57b2a866ede46691260425ec33b54bc6f9b2cc75e2108e38a
x.trc85.com/	1970-01-21 09:58:27	Name: ho_mob Value: eyJtb2JpbGVfZGV2aWNlX29zIjoiRGVza3RvcCIsIm1vYmlsZV9vc192ZXJzaW9uIjoiMCIsIm1vYmlsZV9kZXZpY2VfbW9kZWwiOiJDaHJvbWUiLCJtb2JpbGVfZGV2aWNlX2JyYW5kIjoiR29vZ2xlIiwibW9iaWxlX2Jyb3dzZXIiOiJDaHJvbWUgRGVza3RvcCIsIm1vYmlsZV9icm93c2VyX3ZlcnNpb24iOiIxMjkiLCJtb2JpbGVfY2FycmllciI6Ij8iLCJ1c2VyX2FnZW50IjoiTW96aWxsYS81LjAgKFgxMTsgTGludXggWDg2XzY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBMaWtlIEdlY2tvKSBDaHJvbWUvMTI5LjAuMC4wIFNhZmFyaS81MzcuMzYiLCJhY2NlcHRfbGFuZ3VhZ2UiOiJlbi1OWixlbjtxPTAuOSIsImNvbm5lY3Rpb25fc3BlZWQiOiJicm9hZGJhbmQifQ==
nz.12xlwin6k.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: lj3qcr9bhri1juf6lv1lisok8o

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1ibeg.spinningfastloop.com
1ibeg.suggestedspins.com
ajax.googleapis.com
headearth.net
nz.12xlwin6k.com
placementsocialist.com
x.trc85.com
103.208.86.115
151.101.2.132
2404:6800:4006:814::200a
45.147.195.16
51.158.43.12
52.53.103.54
0f006c1dca9d9f39c8492a8e48ca8d39194162b64039f003640b3ee603a33d75
4342eb8d7b18af0ad27917d009ecbf4738360cadf79f6a0bb8e61ebdc1fc3f3c
5207793067c61326fc367d7ba71c4be44fc0f8d4625ab07427a8fd8440eaeef7
61c6caebd23921741fb5ffe6603f16634fca9840c2bf56ac8201e9264d6daccf
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ea526a1dcc182b1ea3e76fea545fe729e7cf8617047410405b22bfa1651adfaf
ef8394171f14b550527591409d335f2a8be22f247ff051709a8b8679b28d4bf9

nz.12xlwin6k.com Open in urlscan Pro 151.101.2.132 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

8 Requests

100 %HTTPS

17 %IPv6

7 Domains

7 Subdomains

3 IPs

5 Countries

329 kBTransfer

397 kBSize

7 Cookies

0 Outgoing links

Page URL History

Redirected requests

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

5 JavaScript Global Variables

7 Cookies

Indicators

nz.12xlwin6k.com Open in urlscan Pro
151.101.2.132 Public Scan

Screenshot
Live screenshot

Full Image

8
Requests

100 %
HTTPS

17 %
IPv6

7
Domains

7
Subdomains

3
IPs

5
Countries

329 kB
Transfer

397 kB
Size

7
Cookies

8 HTTP transactions
0 data transactions