URL: https://xleakers.fans/
Submission Tags: @phish_report
Submission: On November 16 via api from FI — Scanned from FI

Summary

This website contacted 4 IPs in 1 countries across 4 domains to perform 9 HTTP transactions. The main IP is 172.67.166.27, located in United States and belongs to CLOUDFLARENET, US. The main domain is xleakers.fans.
TLS certificate: Issued by WE1 on November 12th 2024. Valid for: 3 months.
This is the only time xleakers.fans was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 172.67.166.27 13335 (CLOUDFLAR...)
4 172.64.153.55 13335 (CLOUDFLAR...)
1 18.244.20.221 16509 (AMAZON-02)
3 172.64.153.109 13335 (CLOUDFLAR...)
9 4
Apex Domain
Subdomains
Transfer
4 website-files.com
assets-global.website-files.com — Cisco Umbrella Rank: 29975
192 KB
3 webflow.com
uploads-ssl.webflow.com — Cisco Umbrella Rank: 27176
413 KB
1 cloudfront.net
d3e54v103j8qbb.cloudfront.net
31 KB
1 xleakers.fans
xleakers.fans
2 KB
9 4
Domain Requested by
4 assets-global.website-files.com xleakers.fans
3 uploads-ssl.webflow.com assets-global.website-files.com
1 d3e54v103j8qbb.cloudfront.net xleakers.fans
1 xleakers.fans
9 4

This site contains no links.

Subject Issuer Validity Valid
xleakers.fans
WE1
2024-11-12 -
2025-02-10
3 months crt.sh
website-files.com
WE1
2024-11-10 -
2025-02-08
3 months crt.sh
*.cloudfront.net
Amazon RSA 2048 M01
2024-07-30 -
2025-07-03
a year crt.sh
uploads-ssl.webflow.com
WE1
2024-09-25 -
2024-12-24
3 months crt.sh

This page contains 1 frames:

Primary Page: https://xleakers.fans/
Frame ID: C1200CFAEE19DA3403EB652C430DBAAA
Requests: 9 HTTP requests in this frame

Screenshot

Page Title

xLeakers.com - The #1 Leaks Shop

Detected technologies

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

9
Requests

100 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

4
IPs

1
Countries

638 kB
Transfer

1175 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
xleakers.fans/
6 KB
2 KB
Document
General
Full URL
https://xleakers.fans/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.166.27 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
ff59c872d6eda43074da2d6cb648924f87e1f939e50b8d95a68d984df7f22393

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=0
cf-cache-status
DYNAMIC
cf-ray
8e335c052f6bc04d-WAW
content-encoding
zstd
content-type
text/html; charset=UTF-8
date
Sat, 16 Nov 2024 00:28:10 GMT
last-modified
Fri, 15 Nov 2024 21:19:50 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ctOosLesbhnkJ31RRIMIQyAO0fl0Wd4wy7e99N7sqf4GGYbUv8bmV9WVlSGgyuXpYvxzGiyWpXfNakkJgFkvXyi1WkRMhO%2FlLZp9HFkiTILkFF4yieHANStorXFVxphN"}],"group":"cf-nel","max_age":604800}
server
cloudflare
server-timing
cfL4;desc="?proto=QUIC&rtt=46999&sent=12&recv=9&lost=0&retrans=0&sent_bytes=4161&recv_bytes=4437&delivery_rate=12387&cwnd=12000&unsent_bytes=0&cid=f920f3d0b389ff37&ts=112&x=1" cfHdrFlush;dur=0
x-powered-by
Express
miami-44baae-fb1698b24a6dda8dbac1757425.webflow.89d43beef.css
assets-global.website-files.com/65423581310e2018e009b88f/css/
89 KB
16 KB
Stylesheet
General
Full URL
https://assets-global.website-files.com/65423581310e2018e009b88f/css/miami-44baae-fb1698b24a6dda8dbac1757425.webflow.89d43beef.css
Requested by
Host: xleakers.fans
URL: https://xleakers.fans/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.153.55 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
42c4cf605e4757ede9ce9cb409b7127ca255340ddc9bcf156d6ed30c48f33ad8

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://xleakers.fans/

Response headers

content-encoding
gzip
cf-cache-status
HIT
etag
"b69ea2b21fff5202c1e85687ca3d4cad"
x-amz-version-id
7I2xyRkYwZ9m.e6_pyrINOfnw324JIx5
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Sat, 16 Nov 2024 00:28:10 GMT
content-type
text/css
last-modified
Mon, 01 Jan 2024 18:35:50 GMT
vary
Accept-Encoding
priority
u=0,i=?0
x-amz-id-2
7HkBoMHKRqVtp8xKe1ecahFqch20GSW8WwHrzu5WGMNzHUAYfWcryvZ6uu3N+6YrDDLRQYqWqrmcpx8P2LRseYFiU4JMKIu/
cache-control
max-age=84600, must-revalidate
x-amz-request-id
EFJKT41HV1VZEW3G
cf-ray
8e335c062ea12e12-ARN
accept-ranges
bytes
access-control-allow-origin
*
content-length
16122
server
cloudflare
x-amz-server-side-encryption
AES256
65423581310e2018e009b8e5_glow-p-800.png
assets-global.website-files.com/65423581310e2018e009b88f/
80 KB
80 KB
Image
General
Full URL
https://assets-global.website-files.com/65423581310e2018e009b88f/65423581310e2018e009b8e5_glow-p-800.png
Requested by
Host: xleakers.fans
URL: https://xleakers.fans/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.153.55 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4aeb36191fae2252e356ff7531f328fe24ec79149ed2c527702257854fb39bda

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://xleakers.fans/

Response headers

cf-cache-status
HIT
etag
"3b2867698d1b5ff3485ee81803426f12"
x-amz-version-id
UrLnTR8oRUkCkVDA42Y_sv_Qlxy2aykS
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Sat, 16 Nov 2024 00:28:10 GMT
content-type
image/png
last-modified
Wed, 01 Nov 2023 11:24:50 GMT
vary
Accept-Encoding
priority
u=2,i
x-amz-id-2
VxowQB53a2UDxS8X8U0VlBzukbc/jCmK4zRPckqIL7LCPw0XWg4Nm00IEp4Z44VwCrMv6mkf8R0=
cache-control
max-age=31536000, must-revalidate
x-amz-request-id
B2E9N49JRDD0SNXC
cf-ray
8e335c062ea32e12-ARN
accept-ranges
bytes
access-control-allow-origin
*
content-length
81490
server
cloudflare
x-amz-server-side-encryption
AES256
jquery-3.5.1.min.dc5e7f18c8.js
d3e54v103j8qbb.cloudfront.net/js/
87 KB
31 KB
Script
General
Full URL
https://d3e54v103j8qbb.cloudfront.net/js/jquery-3.5.1.min.dc5e7f18c8.js?site=65423581310e2018e009b88f
Requested by
Host: xleakers.fans
URL: https://xleakers.fans/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.244.20.221 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-244-20-221.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://xleakers.fans
Referer
https://xleakers.fans/

Response headers

access-control-max-age
3000
content-encoding
gzip
etag
W/"dc5e7f18c8d36ac1d3d4753a87c98d0a"
age
79186
access-control-allow-methods
GET
x-cache
Hit from cloudfront
x-amz-cf-id
s_Wrcy8nrEW5xinV66Bli5dA3a4w0OOdP1YnHXgHVb-2n5lwad_wdQ==
date
Fri, 15 Nov 2024 04:06:33 GMT
content-type
application/javascript
last-modified
Mon, 20 Jul 2020 17:53:02 GMT
vary
accept-encoding
cache-control
max-age=84600, must-revalidate
via
1.1 717c15467a10d8501ae3f6716e2421d8.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-amz-cf-pop
FRA56-P11
server
AmazonS3
webflow.718107e01.js
assets-global.website-files.com/65423581310e2018e009b88f/js/
502 KB
94 KB
Script
General
Full URL
https://assets-global.website-files.com/65423581310e2018e009b88f/js/webflow.718107e01.js
Requested by
Host: xleakers.fans
URL: https://xleakers.fans/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.153.55 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b4099c07deb2d63f2bc67a16cd4ef449c593180da66e3c6143e9a59941451f01

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://xleakers.fans/

Response headers

content-encoding
gzip
cf-cache-status
HIT
etag
"8418395a044beaa95b9308147c4925ef"
x-amz-version-id
GCV6mWzUFGyAVx3P6hUUbGEEjTStm_t.
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Sat, 16 Nov 2024 00:28:10 GMT
content-type
text/javascript
last-modified
Mon, 01 Jan 2024 18:35:50 GMT
vary
Accept-Encoding
priority
u=2,i=?0
x-amz-id-2
mI3p/tStF0bIJuMpqWdJInywEv/oMrFJn7mjI3njcja7nqlOS7TmUjTnxTNS3IS1q2RZg8D5+MdujfecG7EZDnHlJUqvrcGn
cache-control
max-age=84600, must-revalidate
x-amz-request-id
EFJGXYCSGHQ4RNV9
cf-ray
8e335c062ea52e12-ARN
accept-ranges
bytes
access-control-allow-origin
*
content-length
95937
server
cloudflare
x-amz-server-side-encryption
AES256
65423581310e2018e009b8d3_Inter-Bold.woff
uploads-ssl.webflow.com/65423581310e2018e009b88f/
140 KB
141 KB
Font
General
Full URL
https://uploads-ssl.webflow.com/65423581310e2018e009b88f/65423581310e2018e009b8d3_Inter-Bold.woff
Requested by
Host: assets-global.website-files.com
URL: https://assets-global.website-files.com/65423581310e2018e009b88f/css/miami-44baae-fb1698b24a6dda8dbac1757425.webflow.89d43beef.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.153.109 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c5c7c3cd40865c85a70b44f455d64ad04bf1978627b8afbd3a322ca0cac434ce

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://xleakers.fans
Referer
https://assets-global.website-files.com/

Response headers

access-control-max-age
3000
cf-cache-status
HIT
etag
"895ddea987172f5a34a727cb0b559c9d"
x-amz-version-id
19UCvpBxRCJTNScbpbVmm85ZXPTWBQgc
access-control-allow-methods
GET, HEAD
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Sat, 16 Nov 2024 00:28:10 GMT
content-type
application/x-font-woff
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified
Wed, 01 Nov 2023 11:24:50 GMT
x-amz-id-2
zwMSJFUO/S30/MRS73vI0TEHEl3zGbMRD/VKZlOjjEz0+3GbSDJ/sVodtQbom6o52JBZh0ZBK2H1niUc3kepPdQLLKmDHP7R
priority
u=0,i=?0
cache-control
max-age=31536000, must-revalidate
x-amz-request-id
8829HCACJ1H0WC1J
cf-ray
8e335c074f921685-ARN
accept-ranges
bytes
access-control-allow-origin
*
content-length
143592
server
cloudflare
x-amz-server-side-encryption
AES256
65423581310e2018e009b8b7_Inter-Regular.woff
uploads-ssl.webflow.com/65423581310e2018e009b88f/
131 KB
132 KB
Font
General
Full URL
https://uploads-ssl.webflow.com/65423581310e2018e009b88f/65423581310e2018e009b8b7_Inter-Regular.woff
Requested by
Host: assets-global.website-files.com
URL: https://assets-global.website-files.com/65423581310e2018e009b88f/css/miami-44baae-fb1698b24a6dda8dbac1757425.webflow.89d43beef.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.153.109 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aac36c022c9d50092fe17df27f1fdaf7f0abf6bb00ba13cf20a54c20edba7f12

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://xleakers.fans
Referer
https://assets-global.website-files.com/

Response headers

access-control-max-age
3000
cf-cache-status
HIT
etag
"41cd7069d7f578a69690178b818c0a2c"
x-amz-version-id
i52BseJ1dzsKAs0WQk3PIUIl6l8f73VJ
access-control-allow-methods
GET, HEAD
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Sat, 16 Nov 2024 00:28:10 GMT
content-type
application/x-font-woff
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified
Wed, 01 Nov 2023 11:24:50 GMT
x-amz-id-2
PCw/mGFDlXswnfi7bd/4w8HQPaMOcA25dpG4qcI4FCTlM2BzKwHrHljKcCoN3ibJ4DyfyUIavyw=
priority
u=0,i=?0
cache-control
max-age=31536000, must-revalidate
x-amz-request-id
882F0Y255N7GVFPZ
cf-ray
8e335c074f931685-ARN
accept-ranges
bytes
access-control-allow-origin
*
content-length
134528
server
cloudflare
x-amz-server-side-encryption
AES256
65423581310e2018e009b8d2_Inter-Medium.woff
uploads-ssl.webflow.com/65423581310e2018e009b88f/
139 KB
140 KB
Font
General
Full URL
https://uploads-ssl.webflow.com/65423581310e2018e009b88f/65423581310e2018e009b8d2_Inter-Medium.woff
Requested by
Host: assets-global.website-files.com
URL: https://assets-global.website-files.com/65423581310e2018e009b88f/css/miami-44baae-fb1698b24a6dda8dbac1757425.webflow.89d43beef.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.153.109 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
266d3f14c5e24b3612020e1d23d90444695be74af597b667a1bdcf80a22e2dc6

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://xleakers.fans
Referer
https://assets-global.website-files.com/

Response headers

access-control-max-age
3000
cf-cache-status
HIT
etag
"592a30dc78f8586ad4149dfdc3f73312"
x-amz-version-id
tAGt1p2whRjxKWAOyu5SfwAjNrONEdPo
access-control-allow-methods
GET, HEAD
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Sat, 16 Nov 2024 00:28:10 GMT
content-type
application/x-font-woff
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified
Wed, 01 Nov 2023 11:24:50 GMT
x-amz-id-2
UvqcmO1lYbuQz8EU/1CUfcQlzhT02fjmE49xvzT0xeinF6NGO2OlyTR7GX/Fd3N6Eq6blJcTZilwGjiO0HoiscxPRnnnAyR/
priority
u=0,i=?0
cache-control
max-age=31536000, must-revalidate
x-amz-request-id
8829KAQ12J7H346G
cf-ray
8e335c074f941685-ARN
accept-ranges
bytes
access-control-allow-origin
*
content-length
142736
server
cloudflare
x-amz-server-side-encryption
AES256
65423581310e2018e009b8ec_gg.png
assets-global.website-files.com/65423581310e2018e009b88f/
476 B
885 B
Other
General
Full URL
https://assets-global.website-files.com/65423581310e2018e009b88f/65423581310e2018e009b8ec_gg.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.153.55 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7fba282ea2fd5b2d5b00323b2b03d8aff255c8244d3aa49ed988f4d24ea8112b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://xleakers.fans/

Response headers

cf-cache-status
HIT
etag
"1125e2bc9d07d617ec5590d7e025c6c5"
x-amz-version-id
OBfNRGEnSLE9STFz4SGOYduNfVTlprXe
age
427
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Sat, 16 Nov 2024 00:28:11 GMT
content-type
image/png
last-modified
Wed, 01 Nov 2023 11:24:50 GMT
vary
Accept-Encoding
priority
u=1,i
x-amz-id-2
vzfp3hBLMBEm+XaIhGN5Gwxb6ibqNN+YfTgUbzByaSc1b3/HV8LVuU0Dht9Z6epfsg75ayjlBxY=
cache-control
max-age=31536000, must-revalidate
x-amz-request-id
JV1NTX0C2J3QG31P
cf-ray
8e335c08f81f2e12-ARN
accept-ranges
bytes
access-control-allow-origin
*
content-length
476
server
cloudflare
x-amz-server-side-encryption
AES256

Verdicts & Comments Add Verdict or Comment

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery function| tram object| Webflow function| openDiscordAndRedirect

1 Cookies

Domain/Path Name / Value
.website-files.com/ Name: __cf_bm
Value: RTYynAUhmDrdFwDaGy9iVFyr2xmdwhBCSBfuIOeGsWI-1731716890-1.0.1.1-BxJUzx0D8c8uq6B3njvhqg2FwIzUieFiZ.NJCzVnQzt5LjEJp8ZLtM5uUJm2erEZDXyB80Zk0AWEUn.fAo098w