urlscan.io logo urlscan.io
SecurityTrails logo

ca.12xlwin8.net Open in urlscan Pro
2606:4700:3031::6815:6b3  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://c.usa-specials.com/re?l=D0I1xgq7amIjeklxi3I0ITm0nsc2im&s=ENBEBDENHBENOBHF
Effective URL: https://ca.12xlwin8.net/index.php?v=5008
Submission: On September 04 via manual from US — Scanned from CA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 2 countries across 7 domains to perform 11 HTTP transactions. The main IP is 2606:4700:3031::6815:6b3, located in United States and belongs to CLOUDFLARENET, US. The main domain is ca.12xlwin8.net.
TLS certificate: Issued by WE1 on August 16th 2024. Valid for: 3 months.
This is the only time ca.12xlwin8.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 2 195.140.186.100 15960 (GLOBALACCESS)
4 4 34.36.47.115 396982 (GOOGLE-CL...)
2 2 191.96.50.15 61317 (ASDETUK w...)
1 1 52.21.71.109 14618 (AMAZON-AES)
1 1 54.165.12.42 14618 (AMAZON-AES)
8 2606:4700:303... 13335 (CLOUDFLAR...)
1 2607:f8b0:400... 15169 (GOOGLE)
1 2607:f8b0:400... 15169 (GOOGLE)
11 4
2    195.140.186.100 (Germany)

ASN15960 (GLOBALACCESS, DE)
PTR: www.l3.ec-messenger.com
c.usa-specials.com
4    34.36.47.115 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 115.47.36.34.bc.googleusercontent.com
www.elitevauxs.com
2    191.96.50.15 (Chicago, United States)

ASN61317 (ASDETUK www.heficed.com, US)
PTR: 191-96-50-15.static.hvvc.us
6w1.sharedlinkconnect.com
6w1.readyspinsconnected.com
1    52.21.71.109 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-21-71-109.compute-1.amazonaws.com
x.trc85.com
1    54.165.12.42 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-165-12-42.compute-1.amazonaws.com
x.trc85.com
8    2606:4700:3031::6815:6b3 (United States)

ASN13335 (CLOUDFLARENET, US)
ca.12xlwin8.net
1    2607:f8b0:4006:80f::200a (United States)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    2607:f8b0:4006:81f::200a (United States)

ASN15169 (GOOGLE, US)
ajax.googleapis.com
Apex Domain
Subdomains		 Transfer
8 12xlwin8.net
ca.12xlwin8.net
701 KB
4 elitevauxs.com
www.elitevauxs.com
1 KB
2 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 110
ajax.googleapis.com — Cisco Umbrella Rank: 641
34 KB
2 trc85.com
x.trc85.com
4 KB
2 usa-specials.com
c.usa-specials.com
362 B
1 readyspinsconnected.com
6w1.readyspinsconnected.com
1 KB
1 sharedlinkconnect.com
6w1.sharedlinkconnect.com
1000 B
11 7
Domain Requested by
8 ca.12xlwin8.net ca.12xlwin8.net
4 www.elitevauxs.com 4 redirects
2 x.trc85.com 2 redirects
2 c.usa-specials.com 2 redirects
1 ajax.googleapis.com ca.12xlwin8.net
1 fonts.googleapis.com ca.12xlwin8.net
1 6w1.readyspinsconnected.com 1 redirects
1 6w1.sharedlinkconnect.com 1 redirects
11 8

This site contains no links.

Subject Issuer Validity Valid
12xlwin8.net
WE1		 2024-08-16 -
2024-11-14		 3 months crt.sh
upload.video.google.com
WR2		 2024-08-05 -
2024-10-28		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://ca.12xlwin8.net/index.php?v=5008
Frame ID: 93F053998CA86A94B5C874130931D6CF
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Loblaws Supermarket

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

11
Requests

91 %
HTTPS

38 %
IPv6

7
Domains

8
Subdomains

4
IPs

2
Countries

736 kB
Transfer

803 kB
Size

9
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://c.usa-specials.com/re?l=D0I1xgq7amIjeklxi3I0ITm0nsc2im&s=ENBEBDENHBENOBHF HTTP 307
  • https://c.usa-specials.com/re?l=D0I1xgq7amIjeklxi3I0ITm0nsc2im&s=ENBEBDENHBENOBHF HTTP 302
  • https://www.elitevauxs.com/2BLX7MXD7/2MQJ31J/?sub1=COMCAST&sub2=MAPP&sub3=REC HTTP 302
  • https://www.elitevauxs.com/2BLX7MXD7/D42TT/?__rpt=0&__po=943&__ptid=42604dd739424a2d990583a652bf37d5&__rpa=0&__rc=1&sub1=COMCAST&sub2=MAPP&sub3=REC&sub4=&sub5=&source_id=&__pcd=9 HTTP 302
  • https://6w1.sharedlinkconnect.com/?s1=650010&s2=6dac1aa0b6cc48f080139bdab165c9b9&s3=8 HTTP 307
  • http://c.usa-specials.com/re?l=D0I1xgq7amIjeklxi3I0ITm0nsc2im&s=ENBEBDENHBENOBHF HTTP 302
  • https://www.elitevauxs.com/2BLX7MXD7/2MQJ31J/?sub1=COMCAST&sub2=MAPP&sub3=REC HTTP 302
  • https://www.elitevauxs.com/2BLX7MXD7/D42TT/?__rpt=0&__po=943&__ptid=6d95caced1ed46fba7243687ae757258&__rpa=0&__rc=1&sub1=COMCAST&sub2=MAPP&sub3=REC&sub4=&sub5=&source_id=&__pcd=9 HTTP 302
  • https://6w1.sharedlinkconnect.com/?s1=650010&s2=dce1690b0e63425691b25adb8d946e3d&s3=8 HTTP 302
  • https://6w1.readyspinsconnected.com/o/Y0XVEBNP/fe11c0c2-6ac5-11ef-a5d1-eb3344146e7c/fe1cd3e0-6ac5-11ef-a51d-61a1c4639dd7 HTTP 302
  • http://x.trc85.com/aff_c?offer_id=3498&aff_id=1161&url_id=11012&pl=11&aff_sub=ff188938-6ac5-11ef-8788-39da16696033&source=85287&aff_sub3=15704ff106c& HTTP 307
  • https://x.trc85.com/aff_c?offer_id=3498&aff_id=1161&url_id=11012&pl=11&aff_sub=ff188938-6ac5-11ef-8788-39da16696033&source=85287&aff_sub3=15704ff106c& HTTP 302
  • https://ca.12xlwin8.net/gtrax.php?aff_id=1161&ct=1&v=5008&offer_id=3498&sub_source=85287&t1=10272dbecab00073d472b12e8f10f8&t2=ff188938-6ac5-11ef-8788-39da16696033&t3=166.0.205.70-CA&t4=&udc=Desktop--Google--Chrome--%3F&gender={gender}&email={email}&firstname={firstname}&lastname={lastname}&pl=11 HTTP 307
  • http://x.trc85.com/aff_c?offer_id=3498&aff_id=1161&url_id=11012&pl=11&aff_sub=ff188938-6ac5-11ef-8788-39da16696033&source=85287&aff_sub3=15704ff106c& HTTP 302
  • https://ca.12xlwin8.net/gtrax.php?aff_id=1161&ct=1&v=5008&offer_id=3498&sub_source=85287&t1=102d4a5e4f5f7056dbd27d7e2e1d26&t2=ff188938-6ac5-11ef-8788-39da16696033&t3=166.0.205.70-CA&t4=&udc=Desktop--Google--Chrome--%3F&gender={gender}&email={email}&firstname={firstname}&lastname={lastname}&pl=11

11 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
gtrax.php
ca.12xlwin8.net/
Redirect Chain
  • http://c.usa-specials.com/re?l=D0I1xgq7amIjeklxi3I0ITm0nsc2im&s=ENBEBDENHBENOBHF
  • https://c.usa-specials.com/re?l=D0I1xgq7amIjeklxi3I0ITm0nsc2im&s=ENBEBDENHBENOBHF
  • https://www.elitevauxs.com/2BLX7MXD7/2MQJ31J/?sub1=COMCAST&sub2=MAPP&sub3=REC
  • https://www.elitevauxs.com/2BLX7MXD7/D42TT/?__rpt=0&__po=943&__ptid=42604dd739424a2d990583a652bf37d5&__rpa=0&__rc=1&sub1=COMCAST&sub2=MAPP&sub3=REC&sub4=&sub5=&source_id=&__pcd=9
  • https://6w1.sharedlinkconnect.com/?s1=650010&s2=6dac1aa0b6cc48f080139bdab165c9b9&s3=8
  • http://c.usa-specials.com/re?l=D0I1xgq7amIjeklxi3I0ITm0nsc2im&s=ENBEBDENHBENOBHF
  • https://www.elitevauxs.com/2BLX7MXD7/2MQJ31J/?sub1=COMCAST&sub2=MAPP&sub3=REC
  • https://www.elitevauxs.com/2BLX7MXD7/D42TT/?__rpt=0&__po=943&__ptid=6d95caced1ed46fba7243687ae757258&__rpa=0&__rc=1&sub1=COMCAST&sub2=MAPP&sub3=REC&sub4=&sub5=&source_id=&__pcd=9
  • https://6w1.sharedlinkconnect.com/?s1=650010&s2=dce1690b0e63425691b25adb8d946e3d&s3=8
  • https://6w1.readyspinsconnected.com/o/Y0XVEBNP/fe11c0c2-6ac5-11ef-a5d1-eb3344146e7c/fe1cd3e0-6ac5-11ef-a51d-61a1c4639dd7
  • http://x.trc85.com/aff_c?offer_id=3498&aff_id=1161&url_id=11012&pl=11&aff_sub=ff188938-6ac5-11ef-8788-39da16696033&source=85287&aff_sub3=15704ff106c&
  • https://x.trc85.com/aff_c?offer_id=3498&aff_id=1161&url_id=11012&pl=11&aff_sub=ff188938-6ac5-11ef-8788-39da16696033&source=85287&aff_sub3=15704ff106c&
  • https://ca.12xlwin8.net/gtrax.php?aff_id=1161&ct=1&v=5008&offer_id=3498&sub_source=85287&t1=10272dbecab00073d472b12e8f10f8&t2=ff188938-6ac5-11ef-8788-39da16696033&t3=166.0.205.70-CA&t4=&udc=Desktop...
  • http://x.trc85.com/aff_c?offer_id=3498&aff_id=1161&url_id=11012&pl=11&aff_sub=ff188938-6ac5-11ef-8788-39da16696033&source=85287&aff_sub3=15704ff106c&
  • https://ca.12xlwin8.net/gtrax.php?aff_id=1161&ct=1&v=5008&offer_id=3498&sub_source=85287&t1=102d4a5e4f5f7056dbd27d7e2e1d26&t2=ff188938-6ac5-11ef-8788-39da16696033&t3=166.0.205.70-CA&t4=&udc=Desktop...
0
544 B 		Document
General
Check archive.org
Download Go to
Full URL
https://ca.12xlwin8.net/gtrax.php?aff_id=1161&ct=1&v=5008&offer_id=3498&sub_source=85287&t1=102d4a5e4f5f7056dbd27d7e2e1d26&t2=ff188938-6ac5-11ef-8788-39da16696033&t3=166.0.205.70-CA&t4=&udc=Desktop--Google--Chrome--%3F&gender={gender}&email={email}&firstname={firstname}&lastname={lastname}&pl=11
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::6815:6b3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
no-store, no-cache, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
8bde812e486ea21a-YYZ
content-encoding
br
content-type
text/html; charset=utf-8
date
Wed, 04 Sep 2024 14:00:13 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
refresh
0.2;url=index.php?v=5008
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8SAbwbiPqOEiT3m8jQCtsa6I6mTiGP%2Fz1sGH%2F65%2BZhsaG2RyEvoK8hLmy0hLA%2FvlC9JAU5GF0CSKvAS9M6CBE18ebHrCEsTla6aWSTmkIK2jOMp3Z%2BA662DjxifgtBjgnkfro8AwQsOy0GUd%2Fqc%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
x-cache-status
MISS

Redirect headers

Accept-CH
Sec-CH-UA-Model, Sec-CH-DPR, DPR
Access-Control-Allow-Headers
Tune-SDK-Version
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
536
Content-Type
text/html; charset=iso-8859-1
Date
Wed, 04 Sep 2024 14:00:13 GMT
Expires
Sat, 26 Jul 1997 05:00:00 GMT
Location
https://ca.12xlwin8.net/gtrax.php?aff_id=1161&ct=1&v=5008&offer_id=3498&sub_source=85287&t1=102d4a5e4f5f7056dbd27d7e2e1d26&t2=ff188938-6ac5-11ef-8788-39da16696033&t3=166.0.205.70-CA&t4=&udc=Desktop--Google--Chrome--%3F&gender={gender}&email={email}&firstname={firstname}&lastname={lastname}&pl=11
P3p
CP="NOI CUR OUR NOR INT"
Pragma
no-cache
Server
nginx
Tracking_id
102d4a5e4f5f7056dbd27d7e2e1d26
X-Request-Id
141643abd855015ea464010e42d93130
Primary Request index.php
ca.12xlwin8.net/ 		15 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ca.12xlwin8.net/index.php?v=5008
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::6815:6b3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
af4e35eba4a2555a9eb6b03b4fc368d0d3af4d7b7f52a22a243b90c857c9014f

Request headers

Referer
https://ca.12xlwin8.net/gtrax.php?aff_id=1161&ct=1&v=5008&offer_id=3498&sub_source=85287&t1=102d4a5e4f5f7056dbd27d7e2e1d26&t2=ff188938-6ac5-11ef-8788-39da16696033&t3=166.0.205.70-CA&t4=&udc=Desktop--Google--Chrome--%3F&gender={gender}&email={email}&firstname={firstname}&lastname={lastname}&pl=11
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
no-store, no-cache, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
8bde81329ba6a21a-YYZ
content-encoding
br
content-type
text/html; charset=UTF-8
date
Wed, 04 Sep 2024 14:00:14 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WRn3EKJ4vwEBdgeC%2Fuan6JRuuo97QkL%2BKm%2B9zxFTsn%2F6zeoC7AeT0993xBsdB%2B3M952i8Ev1Ck0GodK%2FHSJ6mGNMzphWMgIR8Os8mrXR8f2mFFjOHQivFDg%2FPuC7O6yVxKpsbUKHzqeAAdWlM4E%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-cache-status
MISS
favicon.ico
ca.12xlwin8.net/ 		0
0
css
fonts.googleapis.com/ 		2 KB
1001 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto
Requested by
Host: ca.12xlwin8.net
URL: https://ca.12xlwin8.net/index.php?v=5008
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80f::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
158235a454c29707117f6570f40fcc1e7d143f14dc1af1085979b47cf19e4871
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://ca.12xlwin8.net/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Wed, 04 Sep 2024 14:00:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Wed, 04 Sep 2024 13:44:14 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 04 Sep 2024 14:00:15 GMT
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.8.3/ 		91 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js
Requested by
Host: ca.12xlwin8.net
URL: https://ca.12xlwin8.net/index.php?v=5008
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81f::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c6caebd23921741fb5ffe6603f16634fca9840c2bf56ac8201e9264d6daccf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ca.12xlwin8.net/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 31 Aug 2024 01:29:59 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
390616
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
33593
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 31 Aug 2025 01:29:59 GMT
img_3068.png
ca.12xlwin8.net/hostimgpl/ 		189 KB
189 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ca.12xlwin8.net/hostimgpl/img_3068.png
Requested by
Host: ca.12xlwin8.net
URL: https://ca.12xlwin8.net/index.php?v=5008
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::6815:6b3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
62a7751d16893557f58d2f2f0e8c33d6c0856497f54230ddb1a992df24885256

Request headers

Referer
https://ca.12xlwin8.net/index.php?v=5008
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Wed, 04 Sep 2024 14:00:15 GMT
cf-cache-status
REVALIDATED
last-modified
Sun, 09 Apr 2023 15:42:02 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
"2f36f-5f8e91986ec28"
x-cache-status
MISS
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1lAWAkxwFiIDvymufP%2B%2F6omEDxGgPp%2FAAf%2Bp95VmX9H7J7JxtxvCVxnm0RpirkE0%2F5X84NN8QuXD8x6cEE5rRBqUbb48yug3mOUxYoM7lS4hjfJN%2F1x%2BcsedOYihlMDc8lJyHdPxeaiXKwQkUQg%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
8bde8134cd08a21a-YYZ
alt-svc
h3=":443"; ma=86400
content-length
193391
img_3069.png
ca.12xlwin8.net/hostimgpl/ 		207 KB
207 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ca.12xlwin8.net/hostimgpl/img_3069.png
Requested by
Host: ca.12xlwin8.net
URL: https://ca.12xlwin8.net/index.php?v=5008
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::6815:6b3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
43fd1cb749b21c756165f7824c595f1802dbeb7838db6e895ad8df72f058abcf

Request headers

Referer
https://ca.12xlwin8.net/index.php?v=5008
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Wed, 04 Sep 2024 14:00:15 GMT
cf-cache-status
REVALIDATED
last-modified
Sun, 09 Apr 2023 15:42:02 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
"33a23-5f8e91986ec28"
x-cache-status
MISS
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DyfzFmTC8S9DIAWVNi3CgTgREh%2B1X6xlavr9IExvowDYTBBNDQXunXmK9JnGeHP%2B2zpjFNsDEqgvhJ%2Btky6E6NK2VHsQlcVHzvPCsP%2FAU2eOnJBmGwNwvAQG0UcXPq6mR9KhyAquikwF2k0zvE8%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
8bde8134cd09a21a-YYZ
alt-svc
h3=":443"; ma=86400
content-length
211491
img_5549.gif
ca.12xlwin8.net/hostimgpl/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ca.12xlwin8.net/hostimgpl/img_5549.gif
Requested by
Host: ca.12xlwin8.net
URL: https://ca.12xlwin8.net/index.php?v=5008
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::6815:6b3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
92d619282a3d1a329605067fb43a6987b74e454aed2ffbd15974152c07ae7c0a

Request headers

Referer
https://ca.12xlwin8.net/index.php?v=5008
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Wed, 04 Sep 2024 14:00:15 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
2085
x-cache-status
MISS
alt-svc
h3=":443"; ma=86400
content-length
1633
last-modified
Mon, 10 Apr 2023 07:25:56 GMT
server
cloudflare
etag
"661-5f8f649218b85"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AJYi6wuVsWyqWFlDaBIKr%2BV1oVbnZyHAzWS8z8d5J6mOyq4GcfJatbi3s%2FXwwCWIkyeqjKeBoDBtPzH%2B2I5UtqKmne7nizNQbuKX2kTD%2BfCNDMwDgRQJbaAfT4pUrRIjP80xKxQ%2Bm3WrSjUnEWY%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
8bde8137ff77a21a-YYZ
img_3070.png
ca.12xlwin8.net/hostimgpl/ 		175 KB
176 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ca.12xlwin8.net/hostimgpl/img_3070.png
Requested by
Host: ca.12xlwin8.net
URL: https://ca.12xlwin8.net/index.php?v=5008
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::6815:6b3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9d1d900b5f7e78ee84b31da7fd380125b07d2e3bfd851830309314c4309b0beb

Request headers

Referer
https://ca.12xlwin8.net/index.php?v=5008
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Wed, 04 Sep 2024 14:00:15 GMT
cf-cache-status
REVALIDATED
last-modified
Sun, 09 Apr 2023 15:42:02 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
"2bd5c-5f8e91986ec28"
x-cache-status
MISS
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CVN96d2x2MI0EH136WWyY8PkCsC%2BPSMYKbGS85%2B1%2FwS3apvskHnVLdzyGULxeaWtVKcrYbmVJ%2F1jS7mGPRuCJ02KreYRoMya3xKeq%2FvKP1RUO%2BFgThNeMF4zR4mMLKxBFzukU%2FMn67l%2F1Otf7MY%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
8bde8137ff79a21a-YYZ
alt-svc
h3=":443"; ma=86400
content-length
179548
img_3067.jpg
ca.12xlwin8.net/hostimgpl/ 		122 KB
122 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ca.12xlwin8.net/hostimgpl/img_3067.jpg
Requested by
Host: ca.12xlwin8.net
URL: https://ca.12xlwin8.net/index.php?v=5008
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::6815:6b3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3a4af4161c2b5e9f68eeed25cc1563668c373e1d65b326a51122dfe687ebdd02

Request headers

Referer
https://ca.12xlwin8.net/index.php?v=5008
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Wed, 04 Sep 2024 14:00:15 GMT
cf-cache-status
REVALIDATED
last-modified
Sun, 09 Apr 2023 15:42:02 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
"1e7d7-5f8e91986ec28"
x-cache-status
MISS
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=P34r7EQGPZ749gYNlfJnCGRhq7NQcN5V9EvLm%2F%2Fo%2FWEK0JL9CwRERlBxnW0RKug2RlcSldROjWbqDW%2FAdGDXhwcVGMFgVMGEGUKANqG9yoeSMvvm6LA89ClSMRw5FEPMGN6yLqQTE6dl9qv7nXk%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
8bde8137ff7da21a-YYZ
alt-svc
h3=":443"; ma=86400
content-length
124887
favicon.ico
ca.12xlwin8.net/ 		196 B
611 B 		Other
General
Check archive.org
Download Go to
Full URL
https://ca.12xlwin8.net/favicon.ico
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::6815:6b3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880

Request headers

Referer
https://ca.12xlwin8.net/index.php?v=5008
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Wed, 04 Sep 2024 14:00:16 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
2
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fQ%2Fn%2B%2FzymZM6Ti6RzIYsOwxiFVQ2PT4l90W7rfPRNpQIScTwbGDpCXKXbXfbQbh9XhA%2F2Lryy6Q3ob72lAIie7%2FsuaVR3bPejtDBlwxHxYE1wT1jnvMQ7RdIE0%2FHHNEctyVhVYziydYyuSbyKBs%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=iso-8859-1
cache-control
max-age=14400
cf-ray
8bde813ccb64a21a-YYZ
alt-svc
h3=":443"; ma=86400

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
ca.12xlwin8.net
URL
https://ca.12xlwin8.net/favicon.ico

Verdicts & Comments Add Verdict or Comment

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery function| unhide function| hide function| toggle_display function| start_checker

9 Cookies

Domain/Path Name / Value
www.elitevauxs.com/ Name: uniqueClick_2MQJ31J
Value: 02e1b942-6c6d-4486-8abc-bfae2a7d24f6:1725458405
www.elitevauxs.com/ Name: uniqueClick_D42TT
Value: 1b3fe6a2-f585-43ec-9197-05515fab6f90:1725458405
www.elitevauxs.com/ Name: transaction_id
Value: 6dac1aa0b6cc48f080139bdab165c9b9|dce1690b0e63425691b25adb8d946e3d
6w1.sharedlinkconnect.com/ Name: yredir_session
Value: eyJpdiI6InZab3puYWJxR2U5MXhGM0lIQUlxNGc9PSIsInZhbHVlIjoibmIwd1lsaU5hTGlFL3Nwc2ljbTBvdTQ3Tkw0NnVuNWlVcTJKdlRlVm4rOHcvNy9jeHpTVkRvSlpzbjNXUHZ6S1g0VFpMdzZZK0hhdzJPaFdybGxVNXhSa1VlaTRVNXNSYzVNemlkV2t5U0tkcE1uZk53TDdPQ0svWlZ2S2pwd3IiLCJtYWMiOiJmNWQ1M2E2ZTY2MjMxOTZhZDFmZjRiNjUzYWRkNjI5YmI4MDZkMGEzOTA4ZmI0ZTgxNmZiNmY2M2FhNmMwOGU3IiwidGFnIjoiIn0%3D
6w1.readyspinsconnected.com/ Name: yredir_session
Value: eyJpdiI6Ik1wbVYxQ1lvajhIZk5hK0IveVluWnc9PSIsInZhbHVlIjoibjJ3a2dlK1NqN3ZocmdqSllxanJvUVR0ZndRbW9vbDhyMzFuUThiWXBxYVFXMmhVbGxWSEFQTHIwS1d5MmtMY3RTMEpRRGhmUTcvVU5sK2lOUlVEV2FETUMrbm5tcU5BRkhKZVBCd1hyZ1pWeFBNSmRhSFl5WVdNK3JZMkgxamkiLCJtYWMiOiI4MmU4NDBiZmQ4NThjMDZjNGQ1ZGMwNmM3ZTdjZTQ5YzE3YWFkMzAwN2YwMjY5ZjA3OGRjMjg2ZjUwOWE0ZWFjIiwidGFnIjoiIn0%3D
x.trc85.com/ Name: aff_ran_url_3498
Value: 11012
x.trc85.com/ Name: enc_aff_session_3498
Value: ENC03f9d6f8f8c1103f58fb12c0665bc6a7f141830a7524888c42839c121c8da1269be303534f304a817ed818911308afed6213ed060c1225d6b752f762ab3734ec184da4e86fefc62643b5b0de13023530e41e07835ebe75064e9087be0b9f17f220c0ed430da9acb3e584797d578cca4d6b2bb7f74a0b175e1052b00a30a449df77d8abc895b948cf68742478fb406365c8721f54561cf5e6b1f69c8d425f852c8c066692e6
x.trc85.com/ Name: ho_mob
Value: eyJtb2JpbGVfZGV2aWNlX29zIjoiRGVza3RvcCIsIm1vYmlsZV9vc192ZXJzaW9uIjoiMCIsIm1vYmlsZV9kZXZpY2VfbW9kZWwiOiJDaHJvbWUiLCJtb2JpbGVfZGV2aWNlX2JyYW5kIjoiR29vZ2xlIiwibW9iaWxlX2Jyb3dzZXIiOiJDaHJvbWUgRGVza3RvcCIsIm1vYmlsZV9icm93c2VyX3ZlcnNpb24iOiIxMjgiLCJtb2JpbGVfY2FycmllciI6Ij8iLCJ1c2VyX2FnZW50IjoiTW96aWxsYS81LjAgKFgxMTsgTGludXggWDg2XzY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBMaWtlIEdlY2tvKSBDaHJvbWUvMTI4LjAuMC4wIFNhZmFyaS81MzcuMzYiLCJhY2NlcHRfbGFuZ3VhZ2UiOiJlbi1DQSxlbjtxPTAuOSIsImNvbm5lY3Rpb25fc3BlZWQiOiJ4ZHNsIn0=
ca.12xlwin8.net/ Name: PHPSESSID
Value: 9536laedfv65nk1p319n6e475h

1 Console Messages

Source Level URL
Text
network error URL: https://ca.12xlwin8.net/favicon.ico
Message:
Failed to load resource: the server responded with a status of 404 ()