urlscan.io logo urlscan.io
SecurityTrails logo

nz.12xlwin6k.com Open in urlscan Pro
151.101.194.132  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://headearth.net/FXlCdqIcQe.php5?agcgcz50ckmrh16hflu9cbexbmvgvhiugmgqyxhanlepgr0dirn1rrp05vaaew6ilbl8lzs0cemzjmdf...
Effective URL: https://nz.12xlwin6k.com/index.php?v=5068
Submission: On October 20 via api from BE — Scanned from NZ
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 5 countries across 7 domains to perform 8 HTTP transactions. The main IP is 151.101.194.132, located in San Francisco, United States and belongs to FASTLY, US. The main domain is nz.12xlwin6k.com.
TLS certificate: Issued by R10 on September 14th 2024. Valid for: 3 months.
This is the only time nz.12xlwin6k.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 103.208.86.115 61138 (ZAPPIE-HO...)
1 51.158.43.12 12876 (Online SAS)
2 2 45.147.195.16 49392 (ASBAXETN)
1 1 52.53.103.54 16509 (AMAZON-02)
6 151.101.194.132 54113 (FASTLY)
1 2404:6800:400... 15169 (GOOGLE)
8 3
1    103.208.86.115 (Auckland, New Zealand)

ASN61138 (ZAPPIE-HOST-AS Zappie Host, US)
PTR: headearth.net
headearth.net
1    51.158.43.12 (Paris, France)

ASN12876 (Online SAS, FR)
PTR: 51-158-43-12.rev.poneytelecom.eu
placementsocialist.com
2    45.147.195.16 (Moscow, Russian Federation)

ASN49392 (ASBAXETN, RU)
PTR: overcharge15.professionerinpick.com
1ibeg.suggestedspins.com
1ibeg.spinningfastloop.com
1    52.53.103.54 (San Jose, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-53-103-54.us-west-1.compute.amazonaws.com
x.trc85.com
6    151.101.194.132 (San Francisco, United States)

ASN54113 (FASTLY, US)
nz.12xlwin6k.com
1    2404:6800:4006:80a::200a (Sydney, Australia)

ASN15169 (GOOGLE, US)
ajax.googleapis.com
Apex Domain
Subdomains		 Transfer
6 12xlwin6k.com
nz.12xlwin6k.com
295 KB
1 googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 412
33 KB
1 trc85.com
x.trc85.com
2 KB
1 spinningfastloop.com
1ibeg.spinningfastloop.com
1 KB
1 suggestedspins.com
1ibeg.suggestedspins.com
1007 B
1 placementsocialist.com
placementsocialist.com
465 B
1 headearth.net
headearth.net
374 B
8 7
Domain Requested by
6 nz.12xlwin6k.com placementsocialist.com
nz.12xlwin6k.com
1 ajax.googleapis.com nz.12xlwin6k.com
1 x.trc85.com 1 redirects
1 1ibeg.spinningfastloop.com 1 redirects
1 1ibeg.suggestedspins.com 1 redirects
1 placementsocialist.com
1 headearth.net 1 redirects
8 7

This site contains no links.

Subject Issuer Validity Valid
placementsocialist.com
Sectigo RSA Domain Validation Secure Server CA		 2024-03-25 -
2025-04-22		 a year crt.sh
*.12xlwin6k.com
R10		 2024-09-14 -
2024-12-13		 3 months crt.sh
upload.video.google.com
WR2		 2024-09-30 -
2024-12-23		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://nz.12xlwin6k.com/index.php?v=5068
Frame ID: A55E539C497D32FFA798A2E549D20A3C
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

WIN A $500 CALTEX VOUCHER

Page URL History Show full URLs

  1. http://headearth.net/FXlCdqIcQe.php5?agcgcz50ckmrh16hflu9cbexbmvgvhiugmgqyxhanlepgr0dirn1rrp05vaa... HTTP 307
    https://headearth.net/FXlCdqIcQe.php5?agcgcz50ckmrh16hflu9cbexbmvgvhiugmgqyxhanlepgr0dirn1rrp05vaa... HTTP 307
    http://headearth.net/FXlCdqIcQe.php5?agcgcz50ckmrh16hflu9cbexbmvgvhiugmgqyxhanlepgr0dirn1rrp05vaa... HTTP 302
    https://placementsocialist.com/176368fe521b39b0800/3_348552_118440/197_1047479_522035_3/980418210_snrl9g Page URL
  2. https://nz.12xlwin6k.com/index.php?v=5068 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)
Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

8
Requests

100 %
HTTPS

17 %
IPv6

7
Domains

7
Subdomains

3
IPs

5
Countries

329 kB
Transfer

397 kB
Size

7
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://headearth.net/FXlCdqIcQe.php5?agcgcz50ckmrh16hflu9cbexbmvgvhiugmgqyxhanlepgr0dirn1rrp05vaaew6ilbl8lzs0cemzjmdfdx682gsledcakiofv94avi71izbz536kdmvkgnd8ngldyppedy9uabrosqdsd2witalfbcbrrlk7cxc8fit3tlqvgwig55ttnahur7bubtleia3yjiztfczph56kcggz6y9nqhsfgopyzpjkpd6bcx56olfhyc4fldciofy5eoh3boph25noqm0ophy5rozmn8enwjbpho4xytajiktpv1bcz6ne5m3flxi1opcsow3pizicadzgbmo4y2vyt5bc5iqc4njiislbr2igm4sd5ayw9wtj6jpqvpbb7ur1usclndx0gkbjchipuy3ti2qt7co7hcsuigc7gpvimocte2qkmb5iuzj5a4nxfoibhrap375bq2gsmajhcaghsbtxplczed9orrkay1shc4uitlvzbgzllgssefyjuzt7chd141maibfwfmdsooachaobrcppfboru7sum5omoj2uncnpn4ue6djm96v0cntxhuvnvuvzmsphopybulhvxw6dicoplvyam1nankmrqvq8qigokg67wnaxczpnf9643qb1rahq3brexihrc776aswpsyohvgof0fwvvfzwakxqga79ihhm5qaenlweis1w1okoiqfzpd2q8luovhhqchtfbwdpqlhvklros59ugcrzxouuscruaw2cbr39qcaapuyf4yu9n928o6xglbaeqp7hqssvyaz1uhm8zu2bnflu3nx8umue8hdvvvu4howdort6ga4xlgsp2dzpiaqmvgfnp954rc8drln7yue9mxnzz2qobdgiwmrlxbjzydxofwlxqzoimxwtcttehjr1nb5s6xg5li3q0jvy1ezjznrlg7apb41z69qgc9icmkfm8ohimu9bm17zn5gmzgcr6nekuzfyhe30el0rsdj2hhdi2bzocbbbd9gHHxcck2yQcbQNHcfcfNcfcfJfkf3TWcbbbbg HTTP 307
    https://headearth.net/FXlCdqIcQe.php5?agcgcz50ckmrh16hflu9cbexbmvgvhiugmgqyxhanlepgr0dirn1rrp05vaaew6ilbl8lzs0cemzjmdfdx682gsledcakiofv94avi71izbz536kdmvkgnd8ngldyppedy9uabrosqdsd2witalfbcbrrlk7cxc8fit3tlqvgwig55ttnahur7bubtleia3yjiztfczph56kcggz6y9nqhsfgopyzpjkpd6bcx56olfhyc4fldciofy5eoh3boph25noqm0ophy5rozmn8enwjbpho4xytajiktpv1bcz6ne5m3flxi1opcsow3pizicadzgbmo4y2vyt5bc5iqc4njiislbr2igm4sd5ayw9wtj6jpqvpbb7ur1usclndx0gkbjchipuy3ti2qt7co7hcsuigc7gpvimocte2qkmb5iuzj5a4nxfoibhrap375bq2gsmajhcaghsbtxplczed9orrkay1shc4uitlvzbgzllgssefyjuzt7chd141maibfwfmdsooachaobrcppfboru7sum5omoj2uncnpn4ue6djm96v0cntxhuvnvuvzmsphopybulhvxw6dicoplvyam1nankmrqvq8qigokg67wnaxczpnf9643qb1rahq3brexihrc776aswpsyohvgof0fwvvfzwakxqga79ihhm5qaenlweis1w1okoiqfzpd2q8luovhhqchtfbwdpqlhvklros59ugcrzxouuscruaw2cbr39qcaapuyf4yu9n928o6xglbaeqp7hqssvyaz1uhm8zu2bnflu3nx8umue8hdvvvu4howdort6ga4xlgsp2dzpiaqmvgfnp954rc8drln7yue9mxnzz2qobdgiwmrlxbjzydxofwlxqzoimxwtcttehjr1nb5s6xg5li3q0jvy1ezjznrlg7apb41z69qgc9icmkfm8ohimu9bm17zn5gmzgcr6nekuzfyhe30el0rsdj2hhdi2bzocbbbd9gHHxcck2yQcbQNHcfcfNcfcfJfkf3TWcbbbbg HTTP 307
    http://headearth.net/FXlCdqIcQe.php5?agcgcz50ckmrh16hflu9cbexbmvgvhiugmgqyxhanlepgr0dirn1rrp05vaaew6ilbl8lzs0cemzjmdfdx682gsledcakiofv94avi71izbz536kdmvkgnd8ngldyppedy9uabrosqdsd2witalfbcbrrlk7cxc8fit3tlqvgwig55ttnahur7bubtleia3yjiztfczph56kcggz6y9nqhsfgopyzpjkpd6bcx56olfhyc4fldciofy5eoh3boph25noqm0ophy5rozmn8enwjbpho4xytajiktpv1bcz6ne5m3flxi1opcsow3pizicadzgbmo4y2vyt5bc5iqc4njiislbr2igm4sd5ayw9wtj6jpqvpbb7ur1usclndx0gkbjchipuy3ti2qt7co7hcsuigc7gpvimocte2qkmb5iuzj5a4nxfoibhrap375bq2gsmajhcaghsbtxplczed9orrkay1shc4uitlvzbgzllgssefyjuzt7chd141maibfwfmdsooachaobrcppfboru7sum5omoj2uncnpn4ue6djm96v0cntxhuvnvuvzmsphopybulhvxw6dicoplvyam1nankmrqvq8qigokg67wnaxczpnf9643qb1rahq3brexihrc776aswpsyohvgof0fwvvfzwakxqga79ihhm5qaenlweis1w1okoiqfzpd2q8luovhhqchtfbwdpqlhvklros59ugcrzxouuscruaw2cbr39qcaapuyf4yu9n928o6xglbaeqp7hqssvyaz1uhm8zu2bnflu3nx8umue8hdvvvu4howdort6ga4xlgsp2dzpiaqmvgfnp954rc8drln7yue9mxnzz2qobdgiwmrlxbjzydxofwlxqzoimxwtcttehjr1nb5s6xg5li3q0jvy1ezjznrlg7apb41z69qgc9icmkfm8ohimu9bm17zn5gmzgcr6nekuzfyhe30el0rsdj2hhdi2bzocbbbd9gHHxcck2yQcbQNHcfcfNcfcfJfkf3TWcbbbbg HTTP 302
    https://placementsocialist.com/176368fe521b39b0800/3_348552_118440/197_1047479_522035_3/980418210_snrl9g Page URL
  2. https://nz.12xlwin6k.com/index.php?v=5068 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://headearth.net/FXlCdqIcQe.php5?agcgcz50ckmrh16hflu9cbexbmvgvhiugmgqyxhanlepgr0dirn1rrp05vaaew6ilbl8lzs0cemzjmdfdx682gsledcakiofv94avi71izbz536kdmvkgnd8ngldyppedy9uabrosqdsd2witalfbcbrrlk7cxc8fit3tlqvgwig55ttnahur7bubtleia3yjiztfczph56kcggz6y9nqhsfgopyzpjkpd6bcx56olfhyc4fldciofy5eoh3boph25noqm0ophy5rozmn8enwjbpho4xytajiktpv1bcz6ne5m3flxi1opcsow3pizicadzgbmo4y2vyt5bc5iqc4njiislbr2igm4sd5ayw9wtj6jpqvpbb7ur1usclndx0gkbjchipuy3ti2qt7co7hcsuigc7gpvimocte2qkmb5iuzj5a4nxfoibhrap375bq2gsmajhcaghsbtxplczed9orrkay1shc4uitlvzbgzllgssefyjuzt7chd141maibfwfmdsooachaobrcppfboru7sum5omoj2uncnpn4ue6djm96v0cntxhuvnvuvzmsphopybulhvxw6dicoplvyam1nankmrqvq8qigokg67wnaxczpnf9643qb1rahq3brexihrc776aswpsyohvgof0fwvvfzwakxqga79ihhm5qaenlweis1w1okoiqfzpd2q8luovhhqchtfbwdpqlhvklros59ugcrzxouuscruaw2cbr39qcaapuyf4yu9n928o6xglbaeqp7hqssvyaz1uhm8zu2bnflu3nx8umue8hdvvvu4howdort6ga4xlgsp2dzpiaqmvgfnp954rc8drln7yue9mxnzz2qobdgiwmrlxbjzydxofwlxqzoimxwtcttehjr1nb5s6xg5li3q0jvy1ezjznrlg7apb41z69qgc9icmkfm8ohimu9bm17zn5gmzgcr6nekuzfyhe30el0rsdj2hhdi2bzocbbbd9gHHxcck2yQcbQNHcfcfNcfcfJfkf3TWcbbbbg HTTP 307
  • https://headearth.net/FXlCdqIcQe.php5?agcgcz50ckmrh16hflu9cbexbmvgvhiugmgqyxhanlepgr0dirn1rrp05vaaew6ilbl8lzs0cemzjmdfdx682gsledcakiofv94avi71izbz536kdmvkgnd8ngldyppedy9uabrosqdsd2witalfbcbrrlk7cxc8fit3tlqvgwig55ttnahur7bubtleia3yjiztfczph56kcggz6y9nqhsfgopyzpjkpd6bcx56olfhyc4fldciofy5eoh3boph25noqm0ophy5rozmn8enwjbpho4xytajiktpv1bcz6ne5m3flxi1opcsow3pizicadzgbmo4y2vyt5bc5iqc4njiislbr2igm4sd5ayw9wtj6jpqvpbb7ur1usclndx0gkbjchipuy3ti2qt7co7hcsuigc7gpvimocte2qkmb5iuzj5a4nxfoibhrap375bq2gsmajhcaghsbtxplczed9orrkay1shc4uitlvzbgzllgssefyjuzt7chd141maibfwfmdsooachaobrcppfboru7sum5omoj2uncnpn4ue6djm96v0cntxhuvnvuvzmsphopybulhvxw6dicoplvyam1nankmrqvq8qigokg67wnaxczpnf9643qb1rahq3brexihrc776aswpsyohvgof0fwvvfzwakxqga79ihhm5qaenlweis1w1okoiqfzpd2q8luovhhqchtfbwdpqlhvklros59ugcrzxouuscruaw2cbr39qcaapuyf4yu9n928o6xglbaeqp7hqssvyaz1uhm8zu2bnflu3nx8umue8hdvvvu4howdort6ga4xlgsp2dzpiaqmvgfnp954rc8drln7yue9mxnzz2qobdgiwmrlxbjzydxofwlxqzoimxwtcttehjr1nb5s6xg5li3q0jvy1ezjznrlg7apb41z69qgc9icmkfm8ohimu9bm17zn5gmzgcr6nekuzfyhe30el0rsdj2hhdi2bzocbbbd9gHHxcck2yQcbQNHcfcfNcfcfJfkf3TWcbbbbg HTTP 307
  • http://headearth.net/FXlCdqIcQe.php5?agcgcz50ckmrh16hflu9cbexbmvgvhiugmgqyxhanlepgr0dirn1rrp05vaaew6ilbl8lzs0cemzjmdfdx682gsledcakiofv94avi71izbz536kdmvkgnd8ngldyppedy9uabrosqdsd2witalfbcbrrlk7cxc8fit3tlqvgwig55ttnahur7bubtleia3yjiztfczph56kcggz6y9nqhsfgopyzpjkpd6bcx56olfhyc4fldciofy5eoh3boph25noqm0ophy5rozmn8enwjbpho4xytajiktpv1bcz6ne5m3flxi1opcsow3pizicadzgbmo4y2vyt5bc5iqc4njiislbr2igm4sd5ayw9wtj6jpqvpbb7ur1usclndx0gkbjchipuy3ti2qt7co7hcsuigc7gpvimocte2qkmb5iuzj5a4nxfoibhrap375bq2gsmajhcaghsbtxplczed9orrkay1shc4uitlvzbgzllgssefyjuzt7chd141maibfwfmdsooachaobrcppfboru7sum5omoj2uncnpn4ue6djm96v0cntxhuvnvuvzmsphopybulhvxw6dicoplvyam1nankmrqvq8qigokg67wnaxczpnf9643qb1rahq3brexihrc776aswpsyohvgof0fwvvfzwakxqga79ihhm5qaenlweis1w1okoiqfzpd2q8luovhhqchtfbwdpqlhvklros59ugcrzxouuscruaw2cbr39qcaapuyf4yu9n928o6xglbaeqp7hqssvyaz1uhm8zu2bnflu3nx8umue8hdvvvu4howdort6ga4xlgsp2dzpiaqmvgfnp954rc8drln7yue9mxnzz2qobdgiwmrlxbjzydxofwlxqzoimxwtcttehjr1nb5s6xg5li3q0jvy1ezjznrlg7apb41z69qgc9icmkfm8ohimu9bm17zn5gmzgcr6nekuzfyhe30el0rsdj2hhdi2bzocbbbd9gHHxcck2yQcbQNHcfcfNcfcfJfkf3TWcbbbbg HTTP 302
  • https://placementsocialist.com/176368fe521b39b0800/3_348552_118440/197_1047479_522035_3/980418210_snrl9g
Request Chain 1
  • https://1ibeg.suggestedspins.com/?kw=690301&s1=690301&s2=3_348552_118440&s3=1435307660&s4=45 HTTP 302
  • https://1ibeg.spinningfastloop.com/o/OM9DVLSI/508c595e-8e78-11ef-b3fd-6b6f96e6c23b/50943afc-8e78-11ef-885c-a5ac9a4a9935 HTTP 302
  • http://x.trc85.com/aff_c?offer_id=144&aff_id=1161&url_id=3902&pl=23&aff_sub=51b49b84-8e78-11ef-828c-57897a264f93&source=74698&aff_sub3=b89fd195283& HTTP 307
  • https://x.trc85.com/aff_c?offer_id=144&aff_id=1161&url_id=3902&pl=23&aff_sub=51b49b84-8e78-11ef-828c-57897a264f93&source=74698&aff_sub3=b89fd195283& HTTP 302
  • https://nz.12xlwin6k.com/gtrax.php?aff_id=1161&ct=1&v=5068&offer_id=144&sub_source=74698&t1=102e31dfde9f5ff355f678518bd54c&t2=51b49b84-8e78-11ef-828c-57897a264f93&&t3=103.75.11.100-AU&udc=Desktop--Google--Chrome--%3F&gender={gender}&email={email}&firstname={firstname}&lastname={lastname}&pl=23

8 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
980418210_snrl9g
placementsocialist.com/176368fe521b39b0800/3_348552_118440/197_1047479_522035_3/
Redirect Chain
  • http://headearth.net/FXlCdqIcQe.php5?agcgcz50ckmrh16hflu9cbexbmvgvhiugmgqyxhanlepgr0dirn1rrp05vaaew6ilbl8lzs0cemzjmdfdx682gsledcakiofv94avi71izbz536kdmvkgnd8ngldyppedy9uabrosqdsd2witalfbcbrrlk7cxc8...
  • https://headearth.net/FXlCdqIcQe.php5?agcgcz50ckmrh16hflu9cbexbmvgvhiugmgqyxhanlepgr0dirn1rrp05vaaew6ilbl8lzs0cemzjmdfdx682gsledcakiofv94avi71izbz536kdmvkgnd8ngldyppedy9uabrosqdsd2witalfbcbrrlk7cxc...
  • http://headearth.net/FXlCdqIcQe.php5?agcgcz50ckmrh16hflu9cbexbmvgvhiugmgqyxhanlepgr0dirn1rrp05vaaew6ilbl8lzs0cemzjmdfdx682gsledcakiofv94avi71izbz536kdmvkgnd8ngldyppedy9uabrosqdsd2witalfbcbrrlk7cxc8...
  • https://placementsocialist.com/176368fe521b39b0800/3_348552_118440/197_1047479_522035_3/980418210_snrl9g
155 B
465 B 		Document
General
Check archive.org
Download Go to
Full URL
https://placementsocialist.com/176368fe521b39b0800/3_348552_118440/197_1047479_522035_3/980418210_snrl9g
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
51.158.43.12 Paris, France, ASN12876 (Online SAS, FR),
Reverse DNS
51-158-43-12.rev.poneytelecom.eu
Software
Apache /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

Connection
close
Content-Length
155
Content-Type
text/html; charset=UTF-8
Date
Sun, 20 Oct 2024 00:14:44 GMT
Server
Apache

Redirect headers

Connection
keep-alive
Content-Type
text/html
Date
Sun, 20 Oct 2024 00:14:42 GMT
Location
https://placementsocialist.com/176368fe521b39b0800/3_348552_118440/197_1047479_522035_3/980418210_snrl9g
Server
nginx
Transfer-Encoding
chunked
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
X-XSS-Protection
1; mode=block
gtrax.php
nz.12xlwin6k.com/
Redirect Chain
  • https://1ibeg.suggestedspins.com/?kw=690301&s1=690301&s2=3_348552_118440&s3=1435307660&s4=45
  • https://1ibeg.spinningfastloop.com/o/OM9DVLSI/508c595e-8e78-11ef-b3fd-6b6f96e6c23b/50943afc-8e78-11ef-885c-a5ac9a4a9935
  • http://x.trc85.com/aff_c?offer_id=144&aff_id=1161&url_id=3902&pl=23&aff_sub=51b49b84-8e78-11ef-828c-57897a264f93&source=74698&aff_sub3=b89fd195283&
  • https://x.trc85.com/aff_c?offer_id=144&aff_id=1161&url_id=3902&pl=23&aff_sub=51b49b84-8e78-11ef-828c-57897a264f93&source=74698&aff_sub3=b89fd195283&
  • https://nz.12xlwin6k.com/gtrax.php?aff_id=1161&ct=1&v=5068&offer_id=144&sub_source=74698&t1=102e31dfde9f5ff355f678518bd54c&t2=51b49b84-8e78-11ef-828c-57897a264f93&&t3=103.75.11.100-AU&udc=Desktop--...
0
299 B 		Document
General
Check archive.org
Download Go to
Full URL
https://nz.12xlwin6k.com/gtrax.php?aff_id=1161&ct=1&v=5068&offer_id=144&sub_source=74698&t1=102e31dfde9f5ff355f678518bd54c&t2=51b49b84-8e78-11ef-828c-57897a264f93&&t3=103.75.11.100-AU&udc=Desktop--Google--Chrome--%3F&gender={gender}&email={email}&firstname={firstname}&lastname={lastname}&pl=23
Requested by
Host: placementsocialist.com
URL: https://placementsocialist.com/176368fe521b39b0800/3_348552_118440/197_1047479_522035_3/980418210_snrl9g
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.194.132 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://placementsocialist.com/176368fe521b39b0800/3_348552_118440/197_1047479_522035_3/980418210_snrl9g
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
cache-control
no-store, no-cache, must-revalidate
content-length
0
content-type
text/html; charset=utf-8
date
Sun, 20 Oct 2024 00:14:50 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
pragma
no-cache
refresh
0.2;url=index.php?v=5068
server
nginx
via
1.1 varnish
x-cache
MISS
x-cache-hits
0
x-cache-status
MISS
x-served-by
cache-akl10333-AKL
x-timer
S1729383290.935400,VS0,VE551

Redirect headers

Accept-Ch
Sec-Ch-Dpr, Dpr, Sec-Ch-Ua-Model
Access-Control-Allow-Headers
Tune-SDK-Version
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
534
Content-Type
text/html; charset=iso-8859-1
Date
Sun, 20 Oct 2024 00:14:49 GMT
Expires
Sat, 26 Jul 1997 05:00:00 GMT
Location
https://nz.12xlwin6k.com/gtrax.php?aff_id=1161&ct=1&v=5068&offer_id=144&sub_source=74698&t1=102e31dfde9f5ff355f678518bd54c&t2=51b49b84-8e78-11ef-828c-57897a264f93&&t3=103.75.11.100-AU&udc=Desktop--Google--Chrome--%3F&gender={gender}&email={email}&firstname={firstname}&lastname={lastname}&pl=23
P3p
CP="NOI CUR OUR NOR INT"
Pragma
no-cache
Server
nginx
Tracking_id
102e31dfde9f5ff355f678518bd54c
X-Request-Id
adb027b6ada84edc6bd167eadf15e448
Primary Request index.php
nz.12xlwin6k.com/ 		14 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://nz.12xlwin6k.com/index.php?v=5068
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.194.132 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
5207793067c61326fc367d7ba71c4be44fc0f8d4625ab07427a8fd8440eaeef7

Request headers

Referer
https://nz.12xlwin6k.com/gtrax.php?aff_id=1161&ct=1&v=5068&offer_id=144&sub_source=74698&t1=102e31dfde9f5ff355f678518bd54c&t2=51b49b84-8e78-11ef-828c-57897a264f93&&t3=103.75.11.100-AU&udc=Desktop--Google--Chrome--%3F&gender={gender}&email={email}&firstname={firstname}&lastname={lastname}&pl=23
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
age
0
cache-control
no-store, no-cache, must-revalidate
content-encoding
gzip
content-length
2551
content-type
text/html; charset=UTF-8
date
Sun, 20 Oct 2024 00:14:51 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
pragma
no-cache
server
nginx
vary
Accept-Encoding
via
1.1 varnish
x-cache
MISS
x-cache-hits
0
x-cache-status
MISS
x-served-by
cache-akl10333-AKL
x-timer
S1729383291.550153,VS0,VE550
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.8.3/ 		91 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js
Requested by
Host: nz.12xlwin6k.com
URL: https://nz.12xlwin6k.com/index.php?v=5068
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4006:80a::200a Sydney, Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c6caebd23921741fb5ffe6603f16634fca9840c2bf56ac8201e9264d6daccf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://nz.12xlwin6k.com/

Response headers

content-encoding
gzip
age
359603
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
x-content-type-options
nosniff
expires
Wed, 15 Oct 2025 20:21:28 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 15 Oct 2024 20:21:28 GMT
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
accept-ranges
bytes
access-control-allow-origin
*
content-length
33593
x-xss-protection
0
server
sffe
img_3643.png
nz.12xlwin6k.com/hostimgpl/ 		117 KB
117 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://nz.12xlwin6k.com/hostimgpl/img_3643.png
Requested by
Host: nz.12xlwin6k.com
URL: https://nz.12xlwin6k.com/index.php?v=5068
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.194.132 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
ea526a1dcc182b1ea3e76fea545fe729e7cf8617047410405b22bfa1651adfaf

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://nz.12xlwin6k.com/index.php?v=5068

Response headers

x-cache-status
MISS
etag
"1d48a-5f8e9133be465"
age
2974
x-timer
S1729383291.136218,VS0,VE1
via
1.1 varnish
accept-ranges
bytes
x-cache
HIT
content-length
119946
date
Sun, 20 Oct 2024 00:14:51 GMT
content-type
image/png
last-modified
Sun, 09 Apr 2023 15:40:17 GMT
server
nginx
x-cache-hits
0
x-served-by
cache-akl10333-AKL
img_3644.png
nz.12xlwin6k.com/hostimgpl/ 		134 KB
134 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://nz.12xlwin6k.com/hostimgpl/img_3644.png
Requested by
Host: nz.12xlwin6k.com
URL: https://nz.12xlwin6k.com/index.php?v=5068
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.194.132 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
4342eb8d7b18af0ad27917d009ecbf4738360cadf79f6a0bb8e61ebdc1fc3f3c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://nz.12xlwin6k.com/index.php?v=5068

Response headers

x-cache-status
MISS
etag
"2167f-5f8e9133be465"
age
2974
x-timer
S1729383291.136191,VS0,VE1
via
1.1 varnish
accept-ranges
bytes
x-cache
HIT
content-length
136831
date
Sun, 20 Oct 2024 00:14:51 GMT
content-type
image/png
last-modified
Sun, 09 Apr 2023 15:40:17 GMT
server
nginx
x-cache-hits
0
x-served-by
cache-akl10333-AKL
img_8383.png
nz.12xlwin6k.com/hostimgpl/ 		96 B
193 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://nz.12xlwin6k.com/hostimgpl/img_8383.png
Requested by
Host: nz.12xlwin6k.com
URL: https://nz.12xlwin6k.com/index.php?v=5068
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.194.132 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
ef8394171f14b550527591409d335f2a8be22f247ff051709a8b8679b28d4bf9

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://nz.12xlwin6k.com/index.php?v=5068

Response headers

x-cache-status
MISS
etag
"60-5f9267c923a17"
age
2974
x-timer
S1729383291.146161,VS0,VE1
via
1.1 varnish
accept-ranges
bytes
x-cache
HIT
content-length
96
date
Sun, 20 Oct 2024 00:14:51 GMT
content-type
image/png
last-modified
Wed, 12 Apr 2023 16:56:17 GMT
server
nginx
x-cache-hits
0
x-served-by
cache-akl10333-AKL
img_8382.png
nz.12xlwin6k.com/hostimgpl/ 		41 KB
41 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://nz.12xlwin6k.com/hostimgpl/img_8382.png
Requested by
Host: nz.12xlwin6k.com
URL: https://nz.12xlwin6k.com/index.php?v=5068
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.194.132 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
0f006c1dca9d9f39c8492a8e48ca8d39194162b64039f003640b3ee603a33d75

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://nz.12xlwin6k.com/index.php?v=5068

Response headers

x-cache-status
MISS
etag
"a212-5f9267c923a17"
age
2974
x-timer
S1729383291.146408,VS0,VE1
via
1.1 varnish
accept-ranges
bytes
x-cache
HIT
content-length
41490
date
Sun, 20 Oct 2024 00:14:51 GMT
content-type
image/png
last-modified
Wed, 12 Apr 2023 16:56:17 GMT
server
nginx
x-cache-hits
0
x-served-by
cache-akl10333-AKL

Verdicts & Comments Add Verdict or Comment

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| unhide function| hide function| toggle_display function| $ function| jQuery

7 Cookies

Domain/Path Name / Value
placementsocialist.com/ Name: uid45
Value: 1435307660-20241019201444-916ca436e5dab39e5db7f6bc34663ae8-
1ibeg.suggestedspins.com/ Name: yredir_session
Value: eyJpdiI6ImQ4aHF1Vzh5RmRLcDJnOUgvbTh6elE9PSIsInZhbHVlIjoicERHeWNaVlJuc092UjdHNWRJaTE3di9TaG5qS3NEUGJqMTVZZWtIMTZRUVdJeXU4U05Wall3Um1GYjFteEFyVUh5Zk12NWpHZ25WQjdVS2oxUU1HMUcyVE9UMFdqU0Vxcm8rbzhjRjZPTnFjbzFEdE1OcEpMMTRmVGZkSUJmRTAiLCJtYWMiOiI2YWM3ZTk1MmQ5YWU0YzMwYzQwNDI2ZWEzYzA0NjkzZjg4MWY0YTBiZDMwNDUzMWU2ZWI4MjQxNGM0MjViZDUyIiwidGFnIjoiIn0%3D
1ibeg.spinningfastloop.com/ Name: yredir_session
Value: eyJpdiI6ImlhbXBZL01vM21ndjV5UHRIWmtmL0E9PSIsInZhbHVlIjoibVpwMFluRnNDM0tJWVNDQ0hHaUwyUGRORFFla3Z2NWZ1QzFBb3IrMXI4M2pWenlUdVBIM1VXTlhBS1J0K3N6Und0d25ZZUxxREFzcGE1Z1F1bnZZZUhDcDNrWUhOcjRLUEtGV2JuaTNaY0VJT3F0emY1b3VrWFNCK2hORVZhaWIiLCJtYWMiOiI2NmQ3NDM1MGIzMDUwZTRjYTgzNDNhMDI0MTUyNDZlYjZlMzg3MDk3NTY0NDFhZDM0OTE3M2UzZWMxODUzYTE1IiwidGFnIjoiIn0%3D
x.trc85.com/ Name: aff_ran_url_144
Value: 3902
x.trc85.com/ Name: enc_aff_session_144
Value: ENC03bdfb77a44f491d7b2f745aca221b7cce8341ab0d1277c81da29d61bee48bb37ddab9015736922adf19e877d08c8406b473ea40d17322a7d68d6f98dbc0abb9c4214d239b3211c666900632b1599353a1605bed2585ae1fdad93bb15d25ce14e5db8b3d7562df240885a08a864d471899e15e3cbb0994d214e17f9897fc29d6659cc8ffffd565eb4d3096bfc6b88dc79df765df4646b27d9cac5a205f2508f9fb0d8f5455
x.trc85.com/ Name: ho_mob
Value: eyJtb2JpbGVfZGV2aWNlX29zIjoiRGVza3RvcCIsIm1vYmlsZV9vc192ZXJzaW9uIjoiMCIsIm1vYmlsZV9kZXZpY2VfbW9kZWwiOiJDaHJvbWUiLCJtb2JpbGVfZGV2aWNlX2JyYW5kIjoiR29vZ2xlIiwibW9iaWxlX2Jyb3dzZXIiOiJDaHJvbWUgRGVza3RvcCIsIm1vYmlsZV9icm93c2VyX3ZlcnNpb24iOiIxMjkiLCJtb2JpbGVfY2FycmllciI6Ij8iLCJ1c2VyX2FnZW50IjoiTW96aWxsYS81LjAgKFgxMTsgTGludXggWDg2XzY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBMaWtlIEdlY2tvKSBDaHJvbWUvMTI5LjAuMC4wIFNhZmFyaS81MzcuMzYiLCJhY2NlcHRfbGFuZ3VhZ2UiOiJlbi1OWixlbjtxPTAuOSIsImNvbm5lY3Rpb25fc3BlZWQiOiJicm9hZGJhbmQifQ==
nz.12xlwin6k.com/ Name: PHPSESSID
Value: 96q9i6614rdr53utlr11hvajrq