Submitted URL: http://headearth.net/YVsUHkDeCY.php5?a6vueqn86vjkwma18xhdoynskiijtt68oxkx4qw5gfkrlby23yhxo76ftqhvjacqtltmledwpth7ngfn...
Effective URL: https://nz.12xlwin6k.com/index.php?v=5068
Submission: On October 20 via api from BE — Scanned from NZ

Summary

This website contacted 3 IPs in 5 countries across 7 domains to perform 8 HTTP transactions. The main IP is 151.101.130.132, located in San Francisco, United States and belongs to FASTLY, US. The main domain is nz.12xlwin6k.com.
TLS certificate: Issued by R10 on September 14th 2024. Valid for: 3 months.
This is the only time nz.12xlwin6k.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 103.208.86.115 61138 (ZAPPIE-HO...)
1 51.158.43.12 12876 (Online SAS)
2 2 45.147.195.16 49392 (ASBAXETN)
1 1 52.53.103.54 16509 (AMAZON-02)
6 151.101.130.132 54113 (FASTLY)
1 2404:6800:400... 15169 (GOOGLE)
8 3
Apex Domain
Subdomains
Transfer
6 12xlwin6k.com
nz.12xlwin6k.com
295 KB
1 googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 412
33 KB
1 trc85.com
x.trc85.com
2 KB
1 spinningfastloop.com
1ibeg.spinningfastloop.com
1 KB
1 suggestedspins.com
1ibeg.suggestedspins.com
1006 B
1 placementsocialist.com
placementsocialist.com
465 B
1 headearth.net
headearth.net
374 B
8 7
Domain Requested by
6 nz.12xlwin6k.com placementsocialist.com
nz.12xlwin6k.com
1 ajax.googleapis.com nz.12xlwin6k.com
1 x.trc85.com 1 redirects
1 1ibeg.spinningfastloop.com 1 redirects
1 1ibeg.suggestedspins.com 1 redirects
1 placementsocialist.com
1 headearth.net 1 redirects
8 7

This site contains no links.

Subject Issuer Validity Valid
placementsocialist.com
Sectigo RSA Domain Validation Secure Server CA
2024-03-25 -
2025-04-22
a year crt.sh
*.12xlwin6k.com
R10
2024-09-14 -
2024-12-13
3 months crt.sh
upload.video.google.com
WR2
2024-09-30 -
2024-12-23
3 months crt.sh

This page contains 1 frames:

Primary Page: https://nz.12xlwin6k.com/index.php?v=5068
Frame ID: ADA099896D081D905AE33C194615D338
Requests: 8 HTTP requests in this frame

Screenshot

Page Title

WIN A $500 CALTEX VOUCHER

Page URL History Show full URLs

  1. http://headearth.net/YVsUHkDeCY.php5?a6vueqn86vjkwma18xhdoynskiijtt68oxkx4qw5gfkrlby23yhxo76ftqhv... HTTP 307
    https://headearth.net/YVsUHkDeCY.php5?a6vueqn86vjkwma18xhdoynskiijtt68oxkx4qw5gfkrlby23yhxo76ftqhv... HTTP 307
    http://headearth.net/YVsUHkDeCY.php5?a6vueqn86vjkwma18xhdoynskiijtt68oxkx4qw5gfkrlby23yhxo76ftqhv... HTTP 302
    https://placementsocialist.com/176368fe521b39b0800/3_406663_118440/197_1047479_521965_3/619347514_snrl9g Page URL
  2. https://nz.12xlwin6k.com/index.php?v=5068 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)

Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

8
Requests

100 %
HTTPS

17 %
IPv6

7
Domains

7
Subdomains

3
IPs

5
Countries

329 kB
Transfer

397 kB
Size

7
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://headearth.net/YVsUHkDeCY.php5?a6vueqn86vjkwma18xhdoynskiijtt68oxkx4qw5gfkrlby23yhxo76ftqhvjacqtltmledwpth7ngfnsoam2rhwbc6gfmniobjiyychpjbvcw3e4dqufihpwrgcxo5cgsd4kcd3jjqoteztsfc1oeilvpjlraddqyvmotobtaokiu3lv3jmrtfkzaftz5izmzd0tewyywiveek30gk0qoidkgib6tjopvw9xbweawwgbqmhmqhlwcmabpponyhyjdhdonssqmhdm06n3dtxbaczymwbaa0myicctyrajzgnkd8m27mqshlmrlffheluwyio0dgyfuqakdxupu3uikhyve515rqd7hteb8kdxfcvdjskhpnxemvngzrhhvnhdsbyakfulsewwzzy8pkg8nfaot6jm9ffcnxgoeezoghd4jfqpkw2xazvw5xcxoy912eufwdzzdzxvo4kzs8orthiz3ivx6ao1x1blypta9pf0i3dmgy6ddf1bah1fudloraakgxs2xkrdgyvkigjq5m6mtdeuw4owiwbllgij1ugxglo7eo2zddzgcoduscwdzravejfgg7przilliropuxr2tooselnwq2xzzrssu7esi40syfa2wayocbanmgez6odepr0ckbdi2cp0fkqaoaytjomvc7oyzqm59wv0ckmjy8tgtqmehz3tnfnzrwozfuhwzqtzlyslcelgaojbnct2jkkqkpx6la9orzonn5rpnggui9kxbegyny0jezuneg05kzyzhljheulell7r4hjdjvpx9exzre8njjcbnn5hlffkmtfmlay07y3ceoobqxhnlf7fqquol3so7ipcrjmhurmrpwl6hc7geuvtqu8rmejcg2ckqipqbhz9jamu0x5bsyu7s6kkcgph8xwcoqx1yx9cwdmetccpshgn0lzhzrluqqa8m5jhlaentewstrmdwzvdngxtj1zjbbzcad7j8pmeern4dw07daacbbbcCHMDjcck2yQcbQNHcfcfNcfcfJcNfTz2cbbbbg HTTP 307
    https://headearth.net/YVsUHkDeCY.php5?a6vueqn86vjkwma18xhdoynskiijtt68oxkx4qw5gfkrlby23yhxo76ftqhvjacqtltmledwpth7ngfnsoam2rhwbc6gfmniobjiyychpjbvcw3e4dqufihpwrgcxo5cgsd4kcd3jjqoteztsfc1oeilvpjlraddqyvmotobtaokiu3lv3jmrtfkzaftz5izmzd0tewyywiveek30gk0qoidkgib6tjopvw9xbweawwgbqmhmqhlwcmabpponyhyjdhdonssqmhdm06n3dtxbaczymwbaa0myicctyrajzgnkd8m27mqshlmrlffheluwyio0dgyfuqakdxupu3uikhyve515rqd7hteb8kdxfcvdjskhpnxemvngzrhhvnhdsbyakfulsewwzzy8pkg8nfaot6jm9ffcnxgoeezoghd4jfqpkw2xazvw5xcxoy912eufwdzzdzxvo4kzs8orthiz3ivx6ao1x1blypta9pf0i3dmgy6ddf1bah1fudloraakgxs2xkrdgyvkigjq5m6mtdeuw4owiwbllgij1ugxglo7eo2zddzgcoduscwdzravejfgg7przilliropuxr2tooselnwq2xzzrssu7esi40syfa2wayocbanmgez6odepr0ckbdi2cp0fkqaoaytjomvc7oyzqm59wv0ckmjy8tgtqmehz3tnfnzrwozfuhwzqtzlyslcelgaojbnct2jkkqkpx6la9orzonn5rpnggui9kxbegyny0jezuneg05kzyzhljheulell7r4hjdjvpx9exzre8njjcbnn5hlffkmtfmlay07y3ceoobqxhnlf7fqquol3so7ipcrjmhurmrpwl6hc7geuvtqu8rmejcg2ckqipqbhz9jamu0x5bsyu7s6kkcgph8xwcoqx1yx9cwdmetccpshgn0lzhzrluqqa8m5jhlaentewstrmdwzvdngxtj1zjbbzcad7j8pmeern4dw07daacbbbcCHMDjcck2yQcbQNHcfcfNcfcfJcNfTz2cbbbbg HTTP 307
    http://headearth.net/YVsUHkDeCY.php5?a6vueqn86vjkwma18xhdoynskiijtt68oxkx4qw5gfkrlby23yhxo76ftqhvjacqtltmledwpth7ngfnsoam2rhwbc6gfmniobjiyychpjbvcw3e4dqufihpwrgcxo5cgsd4kcd3jjqoteztsfc1oeilvpjlraddqyvmotobtaokiu3lv3jmrtfkzaftz5izmzd0tewyywiveek30gk0qoidkgib6tjopvw9xbweawwgbqmhmqhlwcmabpponyhyjdhdonssqmhdm06n3dtxbaczymwbaa0myicctyrajzgnkd8m27mqshlmrlffheluwyio0dgyfuqakdxupu3uikhyve515rqd7hteb8kdxfcvdjskhpnxemvngzrhhvnhdsbyakfulsewwzzy8pkg8nfaot6jm9ffcnxgoeezoghd4jfqpkw2xazvw5xcxoy912eufwdzzdzxvo4kzs8orthiz3ivx6ao1x1blypta9pf0i3dmgy6ddf1bah1fudloraakgxs2xkrdgyvkigjq5m6mtdeuw4owiwbllgij1ugxglo7eo2zddzgcoduscwdzravejfgg7przilliropuxr2tooselnwq2xzzrssu7esi40syfa2wayocbanmgez6odepr0ckbdi2cp0fkqaoaytjomvc7oyzqm59wv0ckmjy8tgtqmehz3tnfnzrwozfuhwzqtzlyslcelgaojbnct2jkkqkpx6la9orzonn5rpnggui9kxbegyny0jezuneg05kzyzhljheulell7r4hjdjvpx9exzre8njjcbnn5hlffkmtfmlay07y3ceoobqxhnlf7fqquol3so7ipcrjmhurmrpwl6hc7geuvtqu8rmejcg2ckqipqbhz9jamu0x5bsyu7s6kkcgph8xwcoqx1yx9cwdmetccpshgn0lzhzrluqqa8m5jhlaentewstrmdwzvdngxtj1zjbbzcad7j8pmeern4dw07daacbbbcCHMDjcck2yQcbQNHcfcfNcfcfJcNfTz2cbbbbg HTTP 302
    https://placementsocialist.com/176368fe521b39b0800/3_406663_118440/197_1047479_521965_3/619347514_snrl9g Page URL
  2. https://nz.12xlwin6k.com/index.php?v=5068 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://headearth.net/YVsUHkDeCY.php5?a6vueqn86vjkwma18xhdoynskiijtt68oxkx4qw5gfkrlby23yhxo76ftqhvjacqtltmledwpth7ngfnsoam2rhwbc6gfmniobjiyychpjbvcw3e4dqufihpwrgcxo5cgsd4kcd3jjqoteztsfc1oeilvpjlraddqyvmotobtaokiu3lv3jmrtfkzaftz5izmzd0tewyywiveek30gk0qoidkgib6tjopvw9xbweawwgbqmhmqhlwcmabpponyhyjdhdonssqmhdm06n3dtxbaczymwbaa0myicctyrajzgnkd8m27mqshlmrlffheluwyio0dgyfuqakdxupu3uikhyve515rqd7hteb8kdxfcvdjskhpnxemvngzrhhvnhdsbyakfulsewwzzy8pkg8nfaot6jm9ffcnxgoeezoghd4jfqpkw2xazvw5xcxoy912eufwdzzdzxvo4kzs8orthiz3ivx6ao1x1blypta9pf0i3dmgy6ddf1bah1fudloraakgxs2xkrdgyvkigjq5m6mtdeuw4owiwbllgij1ugxglo7eo2zddzgcoduscwdzravejfgg7przilliropuxr2tooselnwq2xzzrssu7esi40syfa2wayocbanmgez6odepr0ckbdi2cp0fkqaoaytjomvc7oyzqm59wv0ckmjy8tgtqmehz3tnfnzrwozfuhwzqtzlyslcelgaojbnct2jkkqkpx6la9orzonn5rpnggui9kxbegyny0jezuneg05kzyzhljheulell7r4hjdjvpx9exzre8njjcbnn5hlffkmtfmlay07y3ceoobqxhnlf7fqquol3so7ipcrjmhurmrpwl6hc7geuvtqu8rmejcg2ckqipqbhz9jamu0x5bsyu7s6kkcgph8xwcoqx1yx9cwdmetccpshgn0lzhzrluqqa8m5jhlaentewstrmdwzvdngxtj1zjbbzcad7j8pmeern4dw07daacbbbcCHMDjcck2yQcbQNHcfcfNcfcfJcNfTz2cbbbbg HTTP 307
  • https://headearth.net/YVsUHkDeCY.php5?a6vueqn86vjkwma18xhdoynskiijtt68oxkx4qw5gfkrlby23yhxo76ftqhvjacqtltmledwpth7ngfnsoam2rhwbc6gfmniobjiyychpjbvcw3e4dqufihpwrgcxo5cgsd4kcd3jjqoteztsfc1oeilvpjlraddqyvmotobtaokiu3lv3jmrtfkzaftz5izmzd0tewyywiveek30gk0qoidkgib6tjopvw9xbweawwgbqmhmqhlwcmabpponyhyjdhdonssqmhdm06n3dtxbaczymwbaa0myicctyrajzgnkd8m27mqshlmrlffheluwyio0dgyfuqakdxupu3uikhyve515rqd7hteb8kdxfcvdjskhpnxemvngzrhhvnhdsbyakfulsewwzzy8pkg8nfaot6jm9ffcnxgoeezoghd4jfqpkw2xazvw5xcxoy912eufwdzzdzxvo4kzs8orthiz3ivx6ao1x1blypta9pf0i3dmgy6ddf1bah1fudloraakgxs2xkrdgyvkigjq5m6mtdeuw4owiwbllgij1ugxglo7eo2zddzgcoduscwdzravejfgg7przilliropuxr2tooselnwq2xzzrssu7esi40syfa2wayocbanmgez6odepr0ckbdi2cp0fkqaoaytjomvc7oyzqm59wv0ckmjy8tgtqmehz3tnfnzrwozfuhwzqtzlyslcelgaojbnct2jkkqkpx6la9orzonn5rpnggui9kxbegyny0jezuneg05kzyzhljheulell7r4hjdjvpx9exzre8njjcbnn5hlffkmtfmlay07y3ceoobqxhnlf7fqquol3so7ipcrjmhurmrpwl6hc7geuvtqu8rmejcg2ckqipqbhz9jamu0x5bsyu7s6kkcgph8xwcoqx1yx9cwdmetccpshgn0lzhzrluqqa8m5jhlaentewstrmdwzvdngxtj1zjbbzcad7j8pmeern4dw07daacbbbcCHMDjcck2yQcbQNHcfcfNcfcfJcNfTz2cbbbbg HTTP 307
  • http://headearth.net/YVsUHkDeCY.php5?a6vueqn86vjkwma18xhdoynskiijtt68oxkx4qw5gfkrlby23yhxo76ftqhvjacqtltmledwpth7ngfnsoam2rhwbc6gfmniobjiyychpjbvcw3e4dqufihpwrgcxo5cgsd4kcd3jjqoteztsfc1oeilvpjlraddqyvmotobtaokiu3lv3jmrtfkzaftz5izmzd0tewyywiveek30gk0qoidkgib6tjopvw9xbweawwgbqmhmqhlwcmabpponyhyjdhdonssqmhdm06n3dtxbaczymwbaa0myicctyrajzgnkd8m27mqshlmrlffheluwyio0dgyfuqakdxupu3uikhyve515rqd7hteb8kdxfcvdjskhpnxemvngzrhhvnhdsbyakfulsewwzzy8pkg8nfaot6jm9ffcnxgoeezoghd4jfqpkw2xazvw5xcxoy912eufwdzzdzxvo4kzs8orthiz3ivx6ao1x1blypta9pf0i3dmgy6ddf1bah1fudloraakgxs2xkrdgyvkigjq5m6mtdeuw4owiwbllgij1ugxglo7eo2zddzgcoduscwdzravejfgg7przilliropuxr2tooselnwq2xzzrssu7esi40syfa2wayocbanmgez6odepr0ckbdi2cp0fkqaoaytjomvc7oyzqm59wv0ckmjy8tgtqmehz3tnfnzrwozfuhwzqtzlyslcelgaojbnct2jkkqkpx6la9orzonn5rpnggui9kxbegyny0jezuneg05kzyzhljheulell7r4hjdjvpx9exzre8njjcbnn5hlffkmtfmlay07y3ceoobqxhnlf7fqquol3so7ipcrjmhurmrpwl6hc7geuvtqu8rmejcg2ckqipqbhz9jamu0x5bsyu7s6kkcgph8xwcoqx1yx9cwdmetccpshgn0lzhzrluqqa8m5jhlaentewstrmdwzvdngxtj1zjbbzcad7j8pmeern4dw07daacbbbcCHMDjcck2yQcbQNHcfcfNcfcfJcNfTz2cbbbbg HTTP 302
  • https://placementsocialist.com/176368fe521b39b0800/3_406663_118440/197_1047479_521965_3/619347514_snrl9g
Request Chain 1
  • https://1ibeg.suggestedspins.com/?kw=690301&s1=690301&s2=3_406663_118440&s3=1435307725&s4=45 HTTP 302
  • https://1ibeg.spinningfastloop.com/o/OM9DVLSI/690c0d1c-8e78-11ef-98a1-6d668be0366a/6912d3c2-8e78-11ef-89b5-6fa3eea088ad HTTP 302
  • http://x.trc85.com/aff_c?offer_id=144&aff_id=1161&url_id=3902&pl=23&aff_sub=69d56f5e-8e78-11ef-856e-05122650516b&source=74698&aff_sub3=b89fd195283& HTTP 307
  • https://x.trc85.com/aff_c?offer_id=144&aff_id=1161&url_id=3902&pl=23&aff_sub=69d56f5e-8e78-11ef-856e-05122650516b&source=74698&aff_sub3=b89fd195283& HTTP 302
  • https://nz.12xlwin6k.com/gtrax.php?aff_id=1161&ct=1&v=5068&offer_id=144&sub_source=74698&t1=102c65ddfc967a964a9190d0c99414&t2=69d56f5e-8e78-11ef-856e-05122650516b&&t3=103.75.11.100-AU&udc=Desktop--Google--Chrome--%3F&gender={gender}&email={email}&firstname={firstname}&lastname={lastname}&pl=23

8 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
619347514_snrl9g
placementsocialist.com/176368fe521b39b0800/3_406663_118440/197_1047479_521965_3/
Redirect Chain
  • http://headearth.net/YVsUHkDeCY.php5?a6vueqn86vjkwma18xhdoynskiijtt68oxkx4qw5gfkrlby23yhxo76ftqhvjacqtltmledwpth7ngfnsoam2rhwbc6gfmniobjiyychpjbvcw3e4dqufihpwrgcxo5cgsd4kcd3jjqoteztsfc1oeilvpjlradd...
  • https://headearth.net/YVsUHkDeCY.php5?a6vueqn86vjkwma18xhdoynskiijtt68oxkx4qw5gfkrlby23yhxo76ftqhvjacqtltmledwpth7ngfnsoam2rhwbc6gfmniobjiyychpjbvcw3e4dqufihpwrgcxo5cgsd4kcd3jjqoteztsfc1oeilvpjlrad...
  • http://headearth.net/YVsUHkDeCY.php5?a6vueqn86vjkwma18xhdoynskiijtt68oxkx4qw5gfkrlby23yhxo76ftqhvjacqtltmledwpth7ngfnsoam2rhwbc6gfmniobjiyychpjbvcw3e4dqufihpwrgcxo5cgsd4kcd3jjqoteztsfc1oeilvpjlradd...
  • https://placementsocialist.com/176368fe521b39b0800/3_406663_118440/197_1047479_521965_3/619347514_snrl9g
155 B
465 B
Document
General
Full URL
https://placementsocialist.com/176368fe521b39b0800/3_406663_118440/197_1047479_521965_3/619347514_snrl9g
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
51.158.43.12 Paris, France, ASN12876 (Online SAS, FR),
Reverse DNS
51-158-43-12.rev.poneytelecom.eu
Software
Apache /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

Connection
close
Content-Length
155
Content-Type
text/html; charset=UTF-8
Date
Sun, 20 Oct 2024 00:15:26 GMT
Server
Apache

Redirect headers

Connection
keep-alive
Content-Type
text/html
Date
Sun, 20 Oct 2024 00:15:24 GMT
Location
https://placementsocialist.com/176368fe521b39b0800/3_406663_118440/197_1047479_521965_3/619347514_snrl9g
Server
nginx
Transfer-Encoding
chunked
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
X-XSS-Protection
1; mode=block
gtrax.php
nz.12xlwin6k.com/
Redirect Chain
  • https://1ibeg.suggestedspins.com/?kw=690301&s1=690301&s2=3_406663_118440&s3=1435307725&s4=45
  • https://1ibeg.spinningfastloop.com/o/OM9DVLSI/690c0d1c-8e78-11ef-98a1-6d668be0366a/6912d3c2-8e78-11ef-89b5-6fa3eea088ad
  • http://x.trc85.com/aff_c?offer_id=144&aff_id=1161&url_id=3902&pl=23&aff_sub=69d56f5e-8e78-11ef-856e-05122650516b&source=74698&aff_sub3=b89fd195283&
  • https://x.trc85.com/aff_c?offer_id=144&aff_id=1161&url_id=3902&pl=23&aff_sub=69d56f5e-8e78-11ef-856e-05122650516b&source=74698&aff_sub3=b89fd195283&
  • https://nz.12xlwin6k.com/gtrax.php?aff_id=1161&ct=1&v=5068&offer_id=144&sub_source=74698&t1=102c65ddfc967a964a9190d0c99414&t2=69d56f5e-8e78-11ef-856e-05122650516b&&t3=103.75.11.100-AU&udc=Desktop--...
0
299 B
Document
General
Full URL
https://nz.12xlwin6k.com/gtrax.php?aff_id=1161&ct=1&v=5068&offer_id=144&sub_source=74698&t1=102c65ddfc967a964a9190d0c99414&t2=69d56f5e-8e78-11ef-856e-05122650516b&&t3=103.75.11.100-AU&udc=Desktop--Google--Chrome--%3F&gender={gender}&email={email}&firstname={firstname}&lastname={lastname}&pl=23
Requested by
Host: placementsocialist.com
URL: https://placementsocialist.com/176368fe521b39b0800/3_406663_118440/197_1047479_521965_3/619347514_snrl9g
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.130.132 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

Referer
https://placementsocialist.com/176368fe521b39b0800/3_406663_118440/197_1047479_521965_3/619347514_snrl9g
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
cache-control
no-store, no-cache, must-revalidate
content-length
0
content-type
text/html; charset=utf-8
date
Sun, 20 Oct 2024 00:15:30 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
pragma
no-cache
refresh
0.2;url=index.php?v=5068
server
nginx
via
1.1 varnish
x-cache
MISS
x-cache-hits
0
x-cache-status
MISS
x-served-by
cache-akl10333-AKL
x-timer
S1729383330.413226,VS0,VE278

Redirect headers

Accept-Ch
Sec-Ch-Dpr, Dpr, Sec-Ch-Ua-Model
Access-Control-Allow-Headers
Tune-SDK-Version
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
534
Content-Type
text/html; charset=iso-8859-1
Date
Sun, 20 Oct 2024 00:15:30 GMT
Expires
Sat, 26 Jul 1997 05:00:00 GMT
Location
https://nz.12xlwin6k.com/gtrax.php?aff_id=1161&ct=1&v=5068&offer_id=144&sub_source=74698&t1=102c65ddfc967a964a9190d0c99414&t2=69d56f5e-8e78-11ef-856e-05122650516b&&t3=103.75.11.100-AU&udc=Desktop--Google--Chrome--%3F&gender={gender}&email={email}&firstname={firstname}&lastname={lastname}&pl=23
P3p
CP="NOI CUR OUR NOR INT"
Pragma
no-cache
Server
nginx
Tracking_id
102c65ddfc967a964a9190d0c99414
X-Request-Id
fa4f70a87a60aec543aff3dfa1a22028
Primary Request index.php
nz.12xlwin6k.com/
14 KB
3 KB
Document
General
Full URL
https://nz.12xlwin6k.com/index.php?v=5068
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.130.132 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
5207793067c61326fc367d7ba71c4be44fc0f8d4625ab07427a8fd8440eaeef7

Request headers

Referer
https://nz.12xlwin6k.com/gtrax.php?aff_id=1161&ct=1&v=5068&offer_id=144&sub_source=74698&t1=102c65ddfc967a964a9190d0c99414&t2=69d56f5e-8e78-11ef-856e-05122650516b&&t3=103.75.11.100-AU&udc=Desktop--Google--Chrome--%3F&gender={gender}&email={email}&firstname={firstname}&lastname={lastname}&pl=23
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
age
0
cache-control
no-store, no-cache, must-revalidate
content-encoding
gzip
content-length
2551
content-type
text/html; charset=UTF-8
date
Sun, 20 Oct 2024 00:15:31 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
pragma
no-cache
server
nginx
vary
Accept-Encoding
via
1.1 varnish
x-cache
MISS
x-cache-hits
0
x-cache-status
MISS
x-served-by
cache-akl10333-AKL
x-timer
S1729383331.754257,VS0,VE280
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.8.3/
91 KB
33 KB
Script
General
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js
Requested by
Host: nz.12xlwin6k.com
URL: https://nz.12xlwin6k.com/index.php?v=5068
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4006:80a::200a Sydney, Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c6caebd23921741fb5ffe6603f16634fca9840c2bf56ac8201e9264d6daccf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://nz.12xlwin6k.com/

Response headers

content-encoding
gzip
age
359643
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
x-content-type-options
nosniff
expires
Wed, 15 Oct 2025 20:21:28 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 15 Oct 2024 20:21:28 GMT
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
accept-ranges
bytes
access-control-allow-origin
*
content-length
33593
x-xss-protection
0
server
sffe
img_3643.png
nz.12xlwin6k.com/hostimgpl/
117 KB
117 KB
Image
General
Full URL
https://nz.12xlwin6k.com/hostimgpl/img_3643.png
Requested by
Host: nz.12xlwin6k.com
URL: https://nz.12xlwin6k.com/index.php?v=5068
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.130.132 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
ea526a1dcc182b1ea3e76fea545fe729e7cf8617047410405b22bfa1651adfaf

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://nz.12xlwin6k.com/index.php?v=5068

Response headers

x-cache-status
MISS
etag
"1d48a-5f8e9133be465"
age
3014
x-timer
S1729383331.071739,VS0,VE1
via
1.1 varnish
accept-ranges
bytes
x-cache
HIT
content-length
119946
date
Sun, 20 Oct 2024 00:15:31 GMT
content-type
image/png
last-modified
Sun, 09 Apr 2023 15:40:17 GMT
server
nginx
x-cache-hits
1
x-served-by
cache-akl10333-AKL
img_3644.png
nz.12xlwin6k.com/hostimgpl/
134 KB
134 KB
Image
General
Full URL
https://nz.12xlwin6k.com/hostimgpl/img_3644.png
Requested by
Host: nz.12xlwin6k.com
URL: https://nz.12xlwin6k.com/index.php?v=5068
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.130.132 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
4342eb8d7b18af0ad27917d009ecbf4738360cadf79f6a0bb8e61ebdc1fc3f3c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://nz.12xlwin6k.com/index.php?v=5068

Response headers

x-cache-status
MISS
etag
"2167f-5f8e9133be465"
age
3014
x-timer
S1729383331.071870,VS0,VE1
via
1.1 varnish
accept-ranges
bytes
x-cache
HIT
content-length
136831
date
Sun, 20 Oct 2024 00:15:31 GMT
content-type
image/png
last-modified
Sun, 09 Apr 2023 15:40:17 GMT
server
nginx
x-cache-hits
1
x-served-by
cache-akl10333-AKL
img_8383.png
nz.12xlwin6k.com/hostimgpl/
96 B
193 B
Image
General
Full URL
https://nz.12xlwin6k.com/hostimgpl/img_8383.png
Requested by
Host: nz.12xlwin6k.com
URL: https://nz.12xlwin6k.com/index.php?v=5068
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.130.132 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
ef8394171f14b550527591409d335f2a8be22f247ff051709a8b8679b28d4bf9

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://nz.12xlwin6k.com/index.php?v=5068

Response headers

x-cache-status
MISS
etag
"60-5f9267c923a17"
age
3014
x-timer
S1729383331.082564,VS0,VE1
via
1.1 varnish
accept-ranges
bytes
x-cache
HIT
content-length
96
date
Sun, 20 Oct 2024 00:15:31 GMT
content-type
image/png
last-modified
Wed, 12 Apr 2023 16:56:17 GMT
server
nginx
x-cache-hits
1
x-served-by
cache-akl10333-AKL
img_8382.png
nz.12xlwin6k.com/hostimgpl/
41 KB
41 KB
Image
General
Full URL
https://nz.12xlwin6k.com/hostimgpl/img_8382.png
Requested by
Host: nz.12xlwin6k.com
URL: https://nz.12xlwin6k.com/index.php?v=5068
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.130.132 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
0f006c1dca9d9f39c8492a8e48ca8d39194162b64039f003640b3ee603a33d75

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://nz.12xlwin6k.com/index.php?v=5068

Response headers

x-cache-status
MISS
etag
"a212-5f9267c923a17"
age
3014
x-timer
S1729383331.085064,VS0,VE1
via
1.1 varnish
accept-ranges
bytes
x-cache
HIT
content-length
41490
date
Sun, 20 Oct 2024 00:15:31 GMT
content-type
image/png
last-modified
Wed, 12 Apr 2023 16:56:17 GMT
server
nginx
x-cache-hits
1
x-served-by
cache-akl10333-AKL

Verdicts & Comments Add Verdict or Comment

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| unhide function| hide function| toggle_display function| $ function| jQuery

7 Cookies

Domain/Path Name / Value
placementsocialist.com/ Name: uid45
Value: 1435307725-20241019201526-916ca436e5dab39e5db7f6bc34663ae8-
1ibeg.suggestedspins.com/ Name: yredir_session
Value: eyJpdiI6IkIwL0Vkc0l5aDFBMXFvYnlqQ0lEMXc9PSIsInZhbHVlIjoidUJ4dGQydWYyWHRkQ0xFQ1Z6OUFLcVRQUkovelp6MXB3c3RwWE1vTjUwSlN3SmtQZTVjZVl5TUJFNDRJWWFYRWovTERxaHlOSzZlMFJWVW1VQnZ1V2ZjWHQ4Q1hCbm1xVnJQd2ZPTXpHcEtmTDluaVNwZHB2OXg2MW5PRWVOMFEiLCJtYWMiOiIyNTQ5ZDMzMTlkMDgxNTA3MGU3NTBmODUxYjVmZDU4NzU0MmNkMGUxODA1MjlmN2UyMDFlMGI4MTkzNzU3YjkxIiwidGFnIjoiIn0%3D
1ibeg.spinningfastloop.com/ Name: yredir_session
Value: eyJpdiI6IkFFKzY2czIzUTlRZk9iTGFiSTVCdnc9PSIsInZhbHVlIjoiVjFoZXJkRzB1eWFDR3A3Nyt0NnhPUzNuclpuQnFZTzVlbEpGV3h1dXJ0L1J6THZubEc5NnNYYjFXOUk1a3I0TTVmQmJvb2VLaTlRTThPYWwyMmdvektBVWxzZWNoYXFIL2E4ZTcwSFpYSTRBWmYzOFVOWmZQeTMzVzNSOEhSbmciLCJtYWMiOiJjN2NiOWI2ODdjZjRjMzAxOTc5YmY4ODQ5Yzc2NWZlMDY1MGMyZTlmNTM0MmI2M2MyOGZiMTUwYmYxYzRhYThjIiwidGFnIjoiIn0%3D
x.trc85.com/ Name: aff_ran_url_144
Value: 3902
x.trc85.com/ Name: enc_aff_session_144
Value: ENC034d223ed6287c7030c7b949dfed82fab3c43585271e85b4da49dc09d62e7e0a3adc00fba985690cfd839df2194932d74297c259002fcb13a9167344920ddb9da9e1dbd075646ab49609c5b146ee914e48e3c1f85aa22e704145d4ddd7161124c3ae2a71070e6e8654e80cd110e56792dd0729c1e14986576c18b69c6bc693291c414a3d617f6c0336bf03ea2d83e3320dde738752905f1914ab6612f5845137602417c711
x.trc85.com/ Name: ho_mob
Value: eyJtb2JpbGVfZGV2aWNlX29zIjoiRGVza3RvcCIsIm1vYmlsZV9vc192ZXJzaW9uIjoiMCIsIm1vYmlsZV9kZXZpY2VfbW9kZWwiOiJDaHJvbWUiLCJtb2JpbGVfZGV2aWNlX2JyYW5kIjoiR29vZ2xlIiwibW9iaWxlX2Jyb3dzZXIiOiJDaHJvbWUgRGVza3RvcCIsIm1vYmlsZV9icm93c2VyX3ZlcnNpb24iOiIxMjkiLCJtb2JpbGVfY2FycmllciI6Ij8iLCJ1c2VyX2FnZW50IjoiTW96aWxsYS81LjAgKFgxMTsgTGludXggWDg2XzY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBMaWtlIEdlY2tvKSBDaHJvbWUvMTI5LjAuMC4wIFNhZmFyaS81MzcuMzYiLCJhY2NlcHRfbGFuZ3VhZ2UiOiJlbi1OWixlbjtxPTAuOSIsImNvbm5lY3Rpb25fc3BlZWQiOiJicm9hZGJhbmQifQ==
nz.12xlwin6k.com/ Name: PHPSESSID
Value: 7uhmcjm51naf0b771a5915ppop