urlscan.io logo urlscan.io
SecurityTrails logo

nz.12xlwin6k.com Open in urlscan Pro
151.101.2.132  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://headearth.net/kLXgVYoRws.php5?2didvg05fwdc74y7lox68dmd5epsv4cnwpo7ijgctbj4sdanw2rsynufbx5gcw75je31ps3ixbbxlboi...
Effective URL: https://nz.12xlwin6k.com/index.php?v=5068
Submission: On October 19 via api from BE — Scanned from NZ
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 5 countries across 7 domains to perform 8 HTTP transactions. The main IP is 151.101.2.132, located in San Francisco, United States and belongs to FASTLY, US. The main domain is nz.12xlwin6k.com.
TLS certificate: Issued by R10 on September 14th 2024. Valid for: 3 months.
This is the only time nz.12xlwin6k.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 103.208.86.115 61138 (ZAPPIE-HO...)
1 51.158.43.12 12876 (Online SAS)
2 2 45.147.195.16 49392 (ASBAXETN)
1 1 52.53.103.54 16509 (AMAZON-02)
6 151.101.2.132 54113 (FASTLY)
1 2404:6800:400... 15169 (GOOGLE)
8 3
1    103.208.86.115 (Auckland, New Zealand)

ASN61138 (ZAPPIE-HOST-AS Zappie Host, US)
PTR: headearth.net
headearth.net
1    51.158.43.12 (Paris, France)

ASN12876 (Online SAS, FR)
PTR: 51-158-43-12.rev.poneytelecom.eu
placementsocialist.com
2    45.147.195.16 (Moscow, Russian Federation)

ASN49392 (ASBAXETN, RU)
PTR: overcharge15.professionerinpick.com
1ibeg.suggestedspins.com
1ibeg.spinningfastloop.com
1    52.53.103.54 (San Jose, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-53-103-54.us-west-1.compute.amazonaws.com
x.trc85.com
6    151.101.2.132 (San Francisco, United States)

ASN54113 (FASTLY, US)
nz.12xlwin6k.com
1    2404:6800:4006:812::200a (Sydney, Australia)

ASN15169 (GOOGLE, US)
ajax.googleapis.com
Apex Domain
Subdomains		 Transfer
6 12xlwin6k.com
nz.12xlwin6k.com
295 KB
1 googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 412
33 KB
1 trc85.com
x.trc85.com
2 KB
1 spinningfastloop.com
1ibeg.spinningfastloop.com
1 KB
1 suggestedspins.com
1ibeg.suggestedspins.com
978 B
1 placementsocialist.com
placementsocialist.com
465 B
1 headearth.net
headearth.net
375 B
8 7
Domain Requested by
6 nz.12xlwin6k.com placementsocialist.com
nz.12xlwin6k.com
1 ajax.googleapis.com nz.12xlwin6k.com
1 x.trc85.com 1 redirects
1 1ibeg.spinningfastloop.com 1 redirects
1 1ibeg.suggestedspins.com 1 redirects
1 placementsocialist.com
1 headearth.net 1 redirects
8 7

This site contains no links.

Subject Issuer Validity Valid
placementsocialist.com
Sectigo RSA Domain Validation Secure Server CA		 2024-03-25 -
2025-04-22		 a year crt.sh
*.12xlwin6k.com
R10		 2024-09-14 -
2024-12-13		 3 months crt.sh
upload.video.google.com
WR2		 2024-09-30 -
2024-12-23		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://nz.12xlwin6k.com/index.php?v=5068
Frame ID: D6D90828D06602F39E5817330D1673D7
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

WIN A $500 CALTEX VOUCHER

Page URL History Show full URLs

  1. http://headearth.net/kLXgVYoRws.php5?2didvg05fwdc74y7lox68dmd5epsv4cnwpo7ijgctbj4sdanw2rsynufbx5g... HTTP 307
    https://headearth.net/kLXgVYoRws.php5?2didvg05fwdc74y7lox68dmd5epsv4cnwpo7ijgctbj4sdanw2rsynufbx5g... HTTP 307
    http://headearth.net/kLXgVYoRws.php5?2didvg05fwdc74y7lox68dmd5epsv4cnwpo7ijgctbj4sdanw2rsynufbx5g... HTTP 302
    https://placementsocialist.com/176368fe521b39b0800/3_406663_118440/197_1047479_521914_3/1089688201_snrl9g Page URL
  2. https://nz.12xlwin6k.com/index.php?v=5068 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)
Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

8
Requests

100 %
HTTPS

17 %
IPv6

7
Domains

7
Subdomains

3
IPs

5
Countries

329 kB
Transfer

397 kB
Size

7
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://headearth.net/kLXgVYoRws.php5?2didvg05fwdc74y7lox68dmd5epsv4cnwpo7ijgctbj4sdanw2rsynufbx5gcw75je31ps3ixbbxlboicfwlhge6jhq6kad9nsifayuvodwduf24qra8fmw2pfesc9q7uz74bmwoeydmedroid2tciagkfe2hsvofndi8k7d6hembijrypu1rljtoayjitfahmgu21g3ytp5koauttmlek8mydmk6s3loh10trtymef3f3uwynjywpd7ris6o2ibjboi3pgmldnkumux3tn0mumdvrow0ghzr77rn7nosidsk0h9s5fq77d899fh0dfmiobucatiujqvdm1yozameelp2zlwh8osndz1pctztvvpz8ggp7cincpcuacivaydontgiletkifxmkry6l3semish9mjhsxnxsw5s1d6iqyj02oqqgqsoertcwzwtgzo9wbl8tdcjvuhqgaoc745oz7ypt23ph5w1vibv0vcbfn7lspepex2chczhwc8xikhrq4eyhljpd2zhyxgzsbnbnk1oslu3uxwomhavbldbwostluy8ygsmngqbsrchwmcforsrjmdx4ekhzakoxikmft3ipgojza52ypb59m9w5gru5ild8dfqyhz0wopderxoynnqyuv912xkyheaemnuhfjhmb9ppyeewqf38dhk4juokoo5fkwvlmlsriua3cwc4tkp32a08yw97ru0soopqvh2fjxehpmlonuavm6b5lth01vq0r8spezl3et0ipo0drtg12jr2deibvyzuz4zdyoj7zkv4j4ul2ffopdgazrlyviwobtjlceaiqayqrqumafnplp606gsfeaeo5kxyw1uawsd734xvtiklr0pl0sgilfcuao1lru3wokzxbf5wgvocyal0w4rv0qg8l88hoyxfeljqvu3f6g257ykee0zvoiqqarjv3odq9kvksemnwxddgemmx8gszukefaed6upbphplqrrqmz0gr5cbbbdScQnwcck2yQcbQNHcfcfNcfcfJbPfTz2cbbbbg HTTP 307
    https://headearth.net/kLXgVYoRws.php5?2didvg05fwdc74y7lox68dmd5epsv4cnwpo7ijgctbj4sdanw2rsynufbx5gcw75je31ps3ixbbxlboicfwlhge6jhq6kad9nsifayuvodwduf24qra8fmw2pfesc9q7uz74bmwoeydmedroid2tciagkfe2hsvofndi8k7d6hembijrypu1rljtoayjitfahmgu21g3ytp5koauttmlek8mydmk6s3loh10trtymef3f3uwynjywpd7ris6o2ibjboi3pgmldnkumux3tn0mumdvrow0ghzr77rn7nosidsk0h9s5fq77d899fh0dfmiobucatiujqvdm1yozameelp2zlwh8osndz1pctztvvpz8ggp7cincpcuacivaydontgiletkifxmkry6l3semish9mjhsxnxsw5s1d6iqyj02oqqgqsoertcwzwtgzo9wbl8tdcjvuhqgaoc745oz7ypt23ph5w1vibv0vcbfn7lspepex2chczhwc8xikhrq4eyhljpd2zhyxgzsbnbnk1oslu3uxwomhavbldbwostluy8ygsmngqbsrchwmcforsrjmdx4ekhzakoxikmft3ipgojza52ypb59m9w5gru5ild8dfqyhz0wopderxoynnqyuv912xkyheaemnuhfjhmb9ppyeewqf38dhk4juokoo5fkwvlmlsriua3cwc4tkp32a08yw97ru0soopqvh2fjxehpmlonuavm6b5lth01vq0r8spezl3et0ipo0drtg12jr2deibvyzuz4zdyoj7zkv4j4ul2ffopdgazrlyviwobtjlceaiqayqrqumafnplp606gsfeaeo5kxyw1uawsd734xvtiklr0pl0sgilfcuao1lru3wokzxbf5wgvocyal0w4rv0qg8l88hoyxfeljqvu3f6g257ykee0zvoiqqarjv3odq9kvksemnwxddgemmx8gszukefaed6upbphplqrrqmz0gr5cbbbdScQnwcck2yQcbQNHcfcfNcfcfJbPfTz2cbbbbg HTTP 307
    http://headearth.net/kLXgVYoRws.php5?2didvg05fwdc74y7lox68dmd5epsv4cnwpo7ijgctbj4sdanw2rsynufbx5gcw75je31ps3ixbbxlboicfwlhge6jhq6kad9nsifayuvodwduf24qra8fmw2pfesc9q7uz74bmwoeydmedroid2tciagkfe2hsvofndi8k7d6hembijrypu1rljtoayjitfahmgu21g3ytp5koauttmlek8mydmk6s3loh10trtymef3f3uwynjywpd7ris6o2ibjboi3pgmldnkumux3tn0mumdvrow0ghzr77rn7nosidsk0h9s5fq77d899fh0dfmiobucatiujqvdm1yozameelp2zlwh8osndz1pctztvvpz8ggp7cincpcuacivaydontgiletkifxmkry6l3semish9mjhsxnxsw5s1d6iqyj02oqqgqsoertcwzwtgzo9wbl8tdcjvuhqgaoc745oz7ypt23ph5w1vibv0vcbfn7lspepex2chczhwc8xikhrq4eyhljpd2zhyxgzsbnbnk1oslu3uxwomhavbldbwostluy8ygsmngqbsrchwmcforsrjmdx4ekhzakoxikmft3ipgojza52ypb59m9w5gru5ild8dfqyhz0wopderxoynnqyuv912xkyheaemnuhfjhmb9ppyeewqf38dhk4juokoo5fkwvlmlsriua3cwc4tkp32a08yw97ru0soopqvh2fjxehpmlonuavm6b5lth01vq0r8spezl3et0ipo0drtg12jr2deibvyzuz4zdyoj7zkv4j4ul2ffopdgazrlyviwobtjlceaiqayqrqumafnplp606gsfeaeo5kxyw1uawsd734xvtiklr0pl0sgilfcuao1lru3wokzxbf5wgvocyal0w4rv0qg8l88hoyxfeljqvu3f6g257ykee0zvoiqqarjv3odq9kvksemnwxddgemmx8gszukefaed6upbphplqrrqmz0gr5cbbbdScQnwcck2yQcbQNHcfcfNcfcfJbPfTz2cbbbbg HTTP 302
    https://placementsocialist.com/176368fe521b39b0800/3_406663_118440/197_1047479_521914_3/1089688201_snrl9g Page URL
  2. https://nz.12xlwin6k.com/index.php?v=5068 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://headearth.net/kLXgVYoRws.php5?2didvg05fwdc74y7lox68dmd5epsv4cnwpo7ijgctbj4sdanw2rsynufbx5gcw75je31ps3ixbbxlboicfwlhge6jhq6kad9nsifayuvodwduf24qra8fmw2pfesc9q7uz74bmwoeydmedroid2tciagkfe2hsvofndi8k7d6hembijrypu1rljtoayjitfahmgu21g3ytp5koauttmlek8mydmk6s3loh10trtymef3f3uwynjywpd7ris6o2ibjboi3pgmldnkumux3tn0mumdvrow0ghzr77rn7nosidsk0h9s5fq77d899fh0dfmiobucatiujqvdm1yozameelp2zlwh8osndz1pctztvvpz8ggp7cincpcuacivaydontgiletkifxmkry6l3semish9mjhsxnxsw5s1d6iqyj02oqqgqsoertcwzwtgzo9wbl8tdcjvuhqgaoc745oz7ypt23ph5w1vibv0vcbfn7lspepex2chczhwc8xikhrq4eyhljpd2zhyxgzsbnbnk1oslu3uxwomhavbldbwostluy8ygsmngqbsrchwmcforsrjmdx4ekhzakoxikmft3ipgojza52ypb59m9w5gru5ild8dfqyhz0wopderxoynnqyuv912xkyheaemnuhfjhmb9ppyeewqf38dhk4juokoo5fkwvlmlsriua3cwc4tkp32a08yw97ru0soopqvh2fjxehpmlonuavm6b5lth01vq0r8spezl3et0ipo0drtg12jr2deibvyzuz4zdyoj7zkv4j4ul2ffopdgazrlyviwobtjlceaiqayqrqumafnplp606gsfeaeo5kxyw1uawsd734xvtiklr0pl0sgilfcuao1lru3wokzxbf5wgvocyal0w4rv0qg8l88hoyxfeljqvu3f6g257ykee0zvoiqqarjv3odq9kvksemnwxddgemmx8gszukefaed6upbphplqrrqmz0gr5cbbbdScQnwcck2yQcbQNHcfcfNcfcfJbPfTz2cbbbbg HTTP 307
  • https://headearth.net/kLXgVYoRws.php5?2didvg05fwdc74y7lox68dmd5epsv4cnwpo7ijgctbj4sdanw2rsynufbx5gcw75je31ps3ixbbxlboicfwlhge6jhq6kad9nsifayuvodwduf24qra8fmw2pfesc9q7uz74bmwoeydmedroid2tciagkfe2hsvofndi8k7d6hembijrypu1rljtoayjitfahmgu21g3ytp5koauttmlek8mydmk6s3loh10trtymef3f3uwynjywpd7ris6o2ibjboi3pgmldnkumux3tn0mumdvrow0ghzr77rn7nosidsk0h9s5fq77d899fh0dfmiobucatiujqvdm1yozameelp2zlwh8osndz1pctztvvpz8ggp7cincpcuacivaydontgiletkifxmkry6l3semish9mjhsxnxsw5s1d6iqyj02oqqgqsoertcwzwtgzo9wbl8tdcjvuhqgaoc745oz7ypt23ph5w1vibv0vcbfn7lspepex2chczhwc8xikhrq4eyhljpd2zhyxgzsbnbnk1oslu3uxwomhavbldbwostluy8ygsmngqbsrchwmcforsrjmdx4ekhzakoxikmft3ipgojza52ypb59m9w5gru5ild8dfqyhz0wopderxoynnqyuv912xkyheaemnuhfjhmb9ppyeewqf38dhk4juokoo5fkwvlmlsriua3cwc4tkp32a08yw97ru0soopqvh2fjxehpmlonuavm6b5lth01vq0r8spezl3et0ipo0drtg12jr2deibvyzuz4zdyoj7zkv4j4ul2ffopdgazrlyviwobtjlceaiqayqrqumafnplp606gsfeaeo5kxyw1uawsd734xvtiklr0pl0sgilfcuao1lru3wokzxbf5wgvocyal0w4rv0qg8l88hoyxfeljqvu3f6g257ykee0zvoiqqarjv3odq9kvksemnwxddgemmx8gszukefaed6upbphplqrrqmz0gr5cbbbdScQnwcck2yQcbQNHcfcfNcfcfJbPfTz2cbbbbg HTTP 307
  • http://headearth.net/kLXgVYoRws.php5?2didvg05fwdc74y7lox68dmd5epsv4cnwpo7ijgctbj4sdanw2rsynufbx5gcw75je31ps3ixbbxlboicfwlhge6jhq6kad9nsifayuvodwduf24qra8fmw2pfesc9q7uz74bmwoeydmedroid2tciagkfe2hsvofndi8k7d6hembijrypu1rljtoayjitfahmgu21g3ytp5koauttmlek8mydmk6s3loh10trtymef3f3uwynjywpd7ris6o2ibjboi3pgmldnkumux3tn0mumdvrow0ghzr77rn7nosidsk0h9s5fq77d899fh0dfmiobucatiujqvdm1yozameelp2zlwh8osndz1pctztvvpz8ggp7cincpcuacivaydontgiletkifxmkry6l3semish9mjhsxnxsw5s1d6iqyj02oqqgqsoertcwzwtgzo9wbl8tdcjvuhqgaoc745oz7ypt23ph5w1vibv0vcbfn7lspepex2chczhwc8xikhrq4eyhljpd2zhyxgzsbnbnk1oslu3uxwomhavbldbwostluy8ygsmngqbsrchwmcforsrjmdx4ekhzakoxikmft3ipgojza52ypb59m9w5gru5ild8dfqyhz0wopderxoynnqyuv912xkyheaemnuhfjhmb9ppyeewqf38dhk4juokoo5fkwvlmlsriua3cwc4tkp32a08yw97ru0soopqvh2fjxehpmlonuavm6b5lth01vq0r8spezl3et0ipo0drtg12jr2deibvyzuz4zdyoj7zkv4j4ul2ffopdgazrlyviwobtjlceaiqayqrqumafnplp606gsfeaeo5kxyw1uawsd734xvtiklr0pl0sgilfcuao1lru3wokzxbf5wgvocyal0w4rv0qg8l88hoyxfeljqvu3f6g257ykee0zvoiqqarjv3odq9kvksemnwxddgemmx8gszukefaed6upbphplqrrqmz0gr5cbbbdScQnwcck2yQcbQNHcfcfNcfcfJbPfTz2cbbbbg HTTP 302
  • https://placementsocialist.com/176368fe521b39b0800/3_406663_118440/197_1047479_521914_3/1089688201_snrl9g
Request Chain 1
  • https://1ibeg.suggestedspins.com/?kw=690301&s1=690301&s2=3_406663_118440&s3=1435295259&s4=45 HTTP 302
  • https://1ibeg.spinningfastloop.com/o/OM9DVLSI/bb4fdd3e-8e68-11ef-b7e4-cdb97d6b8358/bb5781a6-8e68-11ef-b75f-c7841e46af54 HTTP 302
  • http://x.trc85.com/aff_c?offer_id=144&aff_id=1161&url_id=3902&pl=23&aff_sub=bc549774-8e68-11ef-b91e-f3c7397a8030&source=74698&aff_sub3=b89fd195283& HTTP 307
  • https://x.trc85.com/aff_c?offer_id=144&aff_id=1161&url_id=3902&pl=23&aff_sub=bc549774-8e68-11ef-b91e-f3c7397a8030&source=74698&aff_sub3=b89fd195283& HTTP 302
  • https://nz.12xlwin6k.com/gtrax.php?aff_id=1161&ct=1&v=5068&offer_id=144&sub_source=74698&t1=1027cc7e331cadce02fe37b849f5fb&t2=bc549774-8e68-11ef-b91e-f3c7397a8030&&t3=103.75.11.100-AU&udc=Desktop--Google--Chrome--%3F&gender={gender}&email={email}&firstname={firstname}&lastname={lastname}&pl=23

8 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
1089688201_snrl9g
placementsocialist.com/176368fe521b39b0800/3_406663_118440/197_1047479_521914_3/
Redirect Chain
  • http://headearth.net/kLXgVYoRws.php5?2didvg05fwdc74y7lox68dmd5epsv4cnwpo7ijgctbj4sdanw2rsynufbx5gcw75je31ps3ixbbxlboicfwlhge6jhq6kad9nsifayuvodwduf24qra8fmw2pfesc9q7uz74bmwoeydmedroid2tciagkfe2hsvo...
  • https://headearth.net/kLXgVYoRws.php5?2didvg05fwdc74y7lox68dmd5epsv4cnwpo7ijgctbj4sdanw2rsynufbx5gcw75je31ps3ixbbxlboicfwlhge6jhq6kad9nsifayuvodwduf24qra8fmw2pfesc9q7uz74bmwoeydmedroid2tciagkfe2hsv...
  • http://headearth.net/kLXgVYoRws.php5?2didvg05fwdc74y7lox68dmd5epsv4cnwpo7ijgctbj4sdanw2rsynufbx5gcw75je31ps3ixbbxlboicfwlhge6jhq6kad9nsifayuvodwduf24qra8fmw2pfesc9q7uz74bmwoeydmedroid2tciagkfe2hsvo...
  • https://placementsocialist.com/176368fe521b39b0800/3_406663_118440/197_1047479_521914_3/1089688201_snrl9g
155 B
465 B 		Document
General
Check archive.org
Download Go to
Full URL
https://placementsocialist.com/176368fe521b39b0800/3_406663_118440/197_1047479_521914_3/1089688201_snrl9g
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
51.158.43.12 Paris, France, ASN12876 (Online SAS, FR),
Reverse DNS
51-158-43-12.rev.poneytelecom.eu
Software
Apache /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

Connection
close
Content-Length
155
Content-Type
text/html; charset=UTF-8
Date
Sat, 19 Oct 2024 22:23:12 GMT
Server
Apache

Redirect headers

Connection
keep-alive
Content-Type
text/html
Date
Sat, 19 Oct 2024 22:23:10 GMT
Location
https://placementsocialist.com/176368fe521b39b0800/3_406663_118440/197_1047479_521914_3/1089688201_snrl9g
Server
nginx
Transfer-Encoding
chunked
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
X-XSS-Protection
1; mode=block
gtrax.php
nz.12xlwin6k.com/
Redirect Chain
  • https://1ibeg.suggestedspins.com/?kw=690301&s1=690301&s2=3_406663_118440&s3=1435295259&s4=45
  • https://1ibeg.spinningfastloop.com/o/OM9DVLSI/bb4fdd3e-8e68-11ef-b7e4-cdb97d6b8358/bb5781a6-8e68-11ef-b75f-c7841e46af54
  • http://x.trc85.com/aff_c?offer_id=144&aff_id=1161&url_id=3902&pl=23&aff_sub=bc549774-8e68-11ef-b91e-f3c7397a8030&source=74698&aff_sub3=b89fd195283&
  • https://x.trc85.com/aff_c?offer_id=144&aff_id=1161&url_id=3902&pl=23&aff_sub=bc549774-8e68-11ef-b91e-f3c7397a8030&source=74698&aff_sub3=b89fd195283&
  • https://nz.12xlwin6k.com/gtrax.php?aff_id=1161&ct=1&v=5068&offer_id=144&sub_source=74698&t1=1027cc7e331cadce02fe37b849f5fb&t2=bc549774-8e68-11ef-b91e-f3c7397a8030&&t3=103.75.11.100-AU&udc=Desktop--...
0
299 B 		Document
General
Check archive.org
Download Go to
Full URL
https://nz.12xlwin6k.com/gtrax.php?aff_id=1161&ct=1&v=5068&offer_id=144&sub_source=74698&t1=1027cc7e331cadce02fe37b849f5fb&t2=bc549774-8e68-11ef-b91e-f3c7397a8030&&t3=103.75.11.100-AU&udc=Desktop--Google--Chrome--%3F&gender={gender}&email={email}&firstname={firstname}&lastname={lastname}&pl=23
Requested by
Host: placementsocialist.com
URL: https://placementsocialist.com/176368fe521b39b0800/3_406663_118440/197_1047479_521914_3/1089688201_snrl9g
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://placementsocialist.com/176368fe521b39b0800/3_406663_118440/197_1047479_521914_3/1089688201_snrl9g
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
cache-control
no-store, no-cache, must-revalidate
content-length
0
content-type
text/html; charset=utf-8
date
Sat, 19 Oct 2024 22:23:17 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
pragma
no-cache
refresh
0.2;url=index.php?v=5068
server
nginx
via
1.1 varnish
x-cache
MISS
x-cache-hits
0
x-cache-status
MISS
x-served-by
cache-syd10183-SYD
x-timer
S1729376597.972718,VS0,VE592

Redirect headers

Accept-Ch
Sec-Ch-Dpr, Dpr, Sec-Ch-Ua-Model
Access-Control-Allow-Headers
Tune-SDK-Version
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
534
Content-Type
text/html; charset=iso-8859-1
Date
Sat, 19 Oct 2024 22:23:16 GMT
Expires
Sat, 26 Jul 1997 05:00:00 GMT
Location
https://nz.12xlwin6k.com/gtrax.php?aff_id=1161&ct=1&v=5068&offer_id=144&sub_source=74698&t1=1027cc7e331cadce02fe37b849f5fb&t2=bc549774-8e68-11ef-b91e-f3c7397a8030&&t3=103.75.11.100-AU&udc=Desktop--Google--Chrome--%3F&gender={gender}&email={email}&firstname={firstname}&lastname={lastname}&pl=23
P3p
CP="NOI CUR OUR NOR INT"
Pragma
no-cache
Server
nginx
Tracking_id
1027cc7e331cadce02fe37b849f5fb
X-Request-Id
37b374f94386170cf17f99f3d4b3be41
Primary Request index.php
nz.12xlwin6k.com/ 		14 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://nz.12xlwin6k.com/index.php?v=5068
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
5207793067c61326fc367d7ba71c4be44fc0f8d4625ab07427a8fd8440eaeef7

Request headers

Referer
https://nz.12xlwin6k.com/gtrax.php?aff_id=1161&ct=1&v=5068&offer_id=144&sub_source=74698&t1=1027cc7e331cadce02fe37b849f5fb&t2=bc549774-8e68-11ef-b91e-f3c7397a8030&&t3=103.75.11.100-AU&udc=Desktop--Google--Chrome--%3F&gender={gender}&email={email}&firstname={firstname}&lastname={lastname}&pl=23
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
age
0
cache-control
no-store, no-cache, must-revalidate
content-encoding
gzip
content-length
2551
content-type
text/html; charset=UTF-8
date
Sat, 19 Oct 2024 22:23:18 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
pragma
no-cache
server
nginx
vary
Accept-Encoding
via
1.1 varnish
x-cache
MISS
x-cache-hits
0
x-cache-status
MISS
x-served-by
cache-syd10183-SYD
x-timer
S1729376598.660859,VS0,VE608
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.8.3/ 		91 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js
Requested by
Host: nz.12xlwin6k.com
URL: https://nz.12xlwin6k.com/index.php?v=5068
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4006:812::200a Sydney, Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c6caebd23921741fb5ffe6603f16634fca9840c2bf56ac8201e9264d6daccf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://nz.12xlwin6k.com/

Response headers

content-encoding
gzip
age
352910
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
x-content-type-options
nosniff
expires
Wed, 15 Oct 2025 20:21:28 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 15 Oct 2024 20:21:28 GMT
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
accept-ranges
bytes
access-control-allow-origin
*
content-length
33593
x-xss-protection
0
server
sffe
img_3643.png
nz.12xlwin6k.com/hostimgpl/ 		117 KB
117 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://nz.12xlwin6k.com/hostimgpl/img_3643.png
Requested by
Host: nz.12xlwin6k.com
URL: https://nz.12xlwin6k.com/index.php?v=5068
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
ea526a1dcc182b1ea3e76fea545fe729e7cf8617047410405b22bfa1651adfaf

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://nz.12xlwin6k.com/index.php?v=5068

Response headers

x-cache-status
MISS
etag
"1d48a-5f8e9133be465"
age
2891
x-timer
S1729376598.340715,VS0,VE1
via
1.1 varnish
accept-ranges
bytes
x-cache
HIT
content-length
119946
date
Sat, 19 Oct 2024 22:23:18 GMT
content-type
image/png
last-modified
Sun, 09 Apr 2023 15:40:17 GMT
server
nginx
x-cache-hits
0
x-served-by
cache-syd10183-SYD
img_3644.png
nz.12xlwin6k.com/hostimgpl/ 		134 KB
134 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://nz.12xlwin6k.com/hostimgpl/img_3644.png
Requested by
Host: nz.12xlwin6k.com
URL: https://nz.12xlwin6k.com/index.php?v=5068
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
4342eb8d7b18af0ad27917d009ecbf4738360cadf79f6a0bb8e61ebdc1fc3f3c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://nz.12xlwin6k.com/index.php?v=5068

Response headers

x-cache-status
MISS
etag
"2167f-5f8e9133be465"
age
2891
x-timer
S1729376598.340676,VS0,VE0
via
1.1 varnish
accept-ranges
bytes
x-cache
HIT
content-length
136831
date
Sat, 19 Oct 2024 22:23:18 GMT
content-type
image/png
last-modified
Sun, 09 Apr 2023 15:40:17 GMT
server
nginx
x-cache-hits
1
x-served-by
cache-syd10183-SYD
img_8383.png
nz.12xlwin6k.com/hostimgpl/ 		96 B
193 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://nz.12xlwin6k.com/hostimgpl/img_8383.png
Requested by
Host: nz.12xlwin6k.com
URL: https://nz.12xlwin6k.com/index.php?v=5068
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
ef8394171f14b550527591409d335f2a8be22f247ff051709a8b8679b28d4bf9

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://nz.12xlwin6k.com/index.php?v=5068

Response headers

x-cache-status
MISS
etag
"60-5f9267c923a17"
age
2891
x-timer
S1729376598.351152,VS0,VE1
via
1.1 varnish
accept-ranges
bytes
x-cache
HIT
content-length
96
date
Sat, 19 Oct 2024 22:23:18 GMT
content-type
image/png
last-modified
Wed, 12 Apr 2023 16:56:17 GMT
server
nginx
x-cache-hits
0
x-served-by
cache-syd10183-SYD
img_8382.png
nz.12xlwin6k.com/hostimgpl/ 		41 KB
41 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://nz.12xlwin6k.com/hostimgpl/img_8382.png
Requested by
Host: nz.12xlwin6k.com
URL: https://nz.12xlwin6k.com/index.php?v=5068
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
0f006c1dca9d9f39c8492a8e48ca8d39194162b64039f003640b3ee603a33d75

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://nz.12xlwin6k.com/index.php?v=5068

Response headers

x-cache-status
MISS
etag
"a212-5f9267c923a17"
age
2891
x-timer
S1729376598.351584,VS0,VE1
via
1.1 varnish
accept-ranges
bytes
x-cache
HIT
content-length
41490
date
Sat, 19 Oct 2024 22:23:18 GMT
content-type
image/png
last-modified
Wed, 12 Apr 2023 16:56:17 GMT
server
nginx
x-cache-hits
0
x-served-by
cache-syd10183-SYD

Verdicts & Comments Add Verdict or Comment

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| unhide function| hide function| toggle_display function| $ function| jQuery

7 Cookies

Domain/Path Name / Value
placementsocialist.com/ Name: uid45
Value: 1435295259-20241019182312-916ca436e5dab39e5db7f6bc34663ae8-
1ibeg.suggestedspins.com/ Name: yredir_session
Value: eyJpdiI6IkwwWldITFFoWjQrOVdEaHl2K1EyWFE9PSIsInZhbHVlIjoiRXdVREVGcllhSUJlMjNDL0dsYk5rVVExbFlBYkI4RnpibXRkTW9EeGpENzJ5bm15aEFqMDV3dVg2eENraVdlZGhQQmNOK1lvd3RpTnlYKzVEOENzVDZJN0JpNHArYWtzeCtBd0RyazVTV0orSVMwOWIrRUhBOE5LeWhZS1FzalMiLCJtYWMiOiI2MjU2ZTllNDQxMmIwNjhhOGE3ZmEyZmUwM2RmODc5ZmE1NDgyNGM4MmMxZmY2MTBlYmUwZjEwNzdiYzQ1OTFiIiwidGFnIjoiIn0%3D
1ibeg.spinningfastloop.com/ Name: yredir_session
Value: eyJpdiI6InBCVlhQbGwwTGtLa1RqVFk4M1BINVE9PSIsInZhbHVlIjoia29RT1gxbnVYTnBrdXI5Rk9GRUpTQUU3dmtqczBkaENjVERTR1lycTlzVUtSRG9IaDVEWlN6WnFZcjIvSGg0SGo0YnlvWHozWnFrdGxPS2VYY3c4Vkx3LzRxWG9rNDJsdExWUzAvVXYzei9INVF1MEtSQVNpL3dnZjhnMURsY3oiLCJtYWMiOiI2Mjg5OWYxOTRmNGU5NGQ1NGZjZmRhMTdlYjU3OGExYWQ5NDljNjc5MzIyMGQ1ZjA2NzA4NTliZDQzNDFmYmRkIiwidGFnIjoiIn0%3D
x.trc85.com/ Name: aff_ran_url_144
Value: 3902
x.trc85.com/ Name: enc_aff_session_144
Value: ENC03ee4f196f13e26263238459ac658fb792723fd083cba1d45e1abd9350b25004f01b29cde70b8f6bb8686151c649bbf202f44d46157b3ea453237252a85f1e3ecc304d308e3e05f84ed66bf75e285e9cf9bc5be6e8a0690ea586127b345d391b33178d756ebfe2c91c9427836bf68cfb39f1b998772319c29799fbfb78365507c22985be394624be310997174f1fcf6e4cb9cca0bfd822ab566c78df2d0d1e197530a97bf4
x.trc85.com/ Name: ho_mob
Value: eyJtb2JpbGVfZGV2aWNlX29zIjoiRGVza3RvcCIsIm1vYmlsZV9vc192ZXJzaW9uIjoiMCIsIm1vYmlsZV9kZXZpY2VfbW9kZWwiOiJDaHJvbWUiLCJtb2JpbGVfZGV2aWNlX2JyYW5kIjoiR29vZ2xlIiwibW9iaWxlX2Jyb3dzZXIiOiJDaHJvbWUgRGVza3RvcCIsIm1vYmlsZV9icm93c2VyX3ZlcnNpb24iOiIxMjkiLCJtb2JpbGVfY2FycmllciI6Ij8iLCJ1c2VyX2FnZW50IjoiTW96aWxsYS81LjAgKFgxMTsgTGludXggWDg2XzY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBMaWtlIEdlY2tvKSBDaHJvbWUvMTI5LjAuMC4wIFNhZmFyaS81MzcuMzYiLCJhY2NlcHRfbGFuZ3VhZ2UiOiJlbi1OWixlbjtxPTAuOSIsImNvbm5lY3Rpb25fc3BlZWQiOiJicm9hZGJhbmQifQ==
nz.12xlwin6k.com/ Name: PHPSESSID
Value: n4rgnmdrkq40s5icf7car4139m