urlscan.io logo urlscan.io
SecurityTrails logo

www.18xl.in Open in urlscan Pro
2600:9000:20bb:f200:1c:421e:f400:93a1  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://ayutokuten.com/
Effective URL: https://www.18xl.in/?affi=2850
Submission: On November 14 via api from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 9 IPs in 3 countries across 9 domains to perform 17 HTTP transactions. The main IP is 2600:9000:20bb:f200:1c:421e:f400:93a1, located in United States and belongs to AMAZON-02 - Amazon.com, Inc., US. The main domain is www.18xl.in.
TLS certificate: Issued by Amazon on August 22nd 2018. Valid for: a year.
This is the only time www.18xl.in was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 2 142.111.87.176 18779 (EGIHOSTING)
2 2 2606:4700:30:... 13335 (CLOUDFLAR...)
2 2606:4700:30:... 13335 (CLOUDFLAR...)
4 2600:9000:20b... 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
4 195.27.31.223 1273 (CW Vodafo...)
2 3 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 13.32.223.207 16509 (AMAZON-02)
1 195.27.31.213 1273 (CW Vodafo...)
17 9
2    142.111.87.176 (San Jose, United States)

ASN18779 (EGIHOSTING - EGIHosting, US)
ayutokuten.com
2    2606:4700:30::681f:5c01 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
www.diyiboji.com
2    2606:4700:30::681f:5d01 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
www.diyiboji.com
4    2600:9000:20bb:f200:1c:421e:f400:93a1 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
www.18xl.in
1    2a00:1450:4001:81a::2008 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
www.googletagmanager.com
4    195.27.31.223 (Frankfurt Am Main, Germany)

ASN1273 (CW Vodafone Group PLC, GB)
img.xletcdn.com
3    2a00:1450:4001:81a::200e (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
www.google-analytics.com
2    2a00:1450:400c:c00::9b (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
stats.g.doubleclick.net
1    13.32.223.207 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-13-32-223-207.fra56.r.cloudfront.net
www.18lckiii.com
1    195.27.31.213 (Frankfurt Am Main, Germany)

ASN1273 (CW Vodafone Group PLC, GB)
cdn.xmkxx.com
Domain Requested by
4 img.xletcdn.com www.18xl.in
4 www.18xl.in www.diyiboji.com
www.18xl.in
4 www.diyiboji.com 2 redirects ayutokuten.com
3 www.google-analytics.com 2 redirects www.googletagmanager.com
2 stats.g.doubleclick.net www.18xl.in
2 ayutokuten.com 1 redirects
1 cdn.xmkxx.com www.18xl.in
1 www.18lckiii.com www.18xl.in
1 www.googletagmanager.com www.18xl.in
17 9
Subject Issuer Validity Valid
sni.cloudflaressl.com
CloudFlare Inc ECC CA-2		 2018-11-09 -
2019-11-09		 a year crt.sh
*.18xl.biz
Amazon		 2018-08-22 -
2019-09-22		 a year crt.sh
*.google-analytics.com
Google Internet Authority G3		 2018-10-30 -
2019-01-22		 3 months crt.sh
img.xletcdn.com
Encryption Everywhere DV TLS CA - G1		 2018-09-17 -
2019-09-17		 a year crt.sh
*.g.doubleclick.net
Google Internet Authority G3		 2018-10-30 -
2019-01-22		 3 months crt.sh
www.18lckiii.com
Amazon		 2017-12-18 -
2019-01-18		 a year crt.sh
cdn.xmkxx.com
Encryption Everywhere DV TLS CA - G1		 2018-08-03 -
2019-08-03		 a year crt.sh

This page contains 1 frames:

Primary Page: https://www.18xl.in/?affi=2850
Frame ID: 49D32C350580CD6E7126D7A85C7BAD1B
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://ayutokuten.com/ HTTP 302
    http://ayutokuten.com/new/fed.php Page URL
  2. https://www.18xl.in/?affi=2850 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|(analytics))\.js/i
  • env /^gaGlobal$/i
Overall confidence: 100%
Detected patterns
  • env /^google_tag_manager$/i
Overall confidence: 100%
Detected patterns
  • script /jquery(?:\-|\.)([\d.]*\d)[^\/]*\.js/i
  • script /jquery.*\.js/i
  • env /^jQuery$/i

Page Statistics

17
Requests

94 %
HTTPS

60 %
IPv6

9
Domains

9
Subdomains

9
IPs

3
Countries

381 kB
Transfer

588 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://ayutokuten.com/ HTTP 302
    http://ayutokuten.com/new/fed.php Page URL
  2. https://www.18xl.in/?affi=2850 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://ayutokuten.com/ HTTP 302
  • http://ayutokuten.com/new/fed.php
Request Chain 1
  • http://www.diyiboji.com/jquery-3.2.1.min.js HTTP 301
  • https://www.diyiboji.com/jquery-3.2.1.min.js
Request Chain 2
  • http://www.diyiboji.com/jquery.js HTTP 301
  • https://www.diyiboji.com/jquery.js
Request Chain 11
  • https://www.google-analytics.com/r/collect?v=1&_v=j72&a=820108567&t=pageview&_s=1&dl=https%3A%2F%2Fwww.18xl.in%2F%3Faffi%3D2850&dr=http%3A%2F%2Fayutokuten.com%2Fnew%2Ffed.php&ul=en-us&de=UTF-8&dt=%E6%96%B0%E5%88%A918luck%20%E5%9C%A8%E7%BA%BF%E5%A8%B1%E4%B9%90%E7%BD%91&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAUAB~&jid=2079850411&gjid=1974391981&cid=1325519009.1542215904&tid=UA-76828495-4&_gid=145011841.1542215904&_r=1&gtm=2ouas3&z=1935909715 HTTP 302
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-76828495-4&cid=1325519009.1542215904&jid=2079850411&_gid=145011841.1542215904&gjid=1974391981&_v=j72&z=1935909715
Request Chain 15
  • https://www.google-analytics.com/r/collect?v=1&_v=j72&a=820108567&t=event&_s=2&dl=https%3A%2F%2Fwww.18xl.in%2F%3Faffi%3D2850&dr=http%3A%2F%2Fayutokuten.com%2Fnew%2Ffed.php&ul=en-us&de=UTF-8&dt=%E6%96%B0%E5%88%A918luck%20%E5%9C%A8%E7%BA%BF%E5%A8%B1%E4%B9%90%E7%BD%91&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=%E7%8D%B2%E5%8F%96%20API&ea=%E7%B3%BB%E7%B5%B1%E4%BA%8B%E4%BB%B6&el=%E6%88%90%E5%8A%9F&_u=KEBAAUAB~&jid=1382399736&gjid=1969980694&cid=1325519009.1542215904&tid=UA-76828495-4&_gid=145011841.1542215904&_r=1&gtm=2ouas3&z=1270414075 HTTP 302
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-76828495-4&cid=1325519009.1542215904&jid=1382399736&_gid=145011841.1542215904&gjid=1969980694&_v=j72&z=1270414075

17 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
fed.php
ayutokuten.com/new/
Redirect Chain
  • http://ayutokuten.com/
  • http://ayutokuten.com/new/fed.php
1 KB
992 B 		Document
General
Check archive.org
Download Go to
Full URL
http://ayutokuten.com/new/fed.php
Protocol
HTTP/1.1
Server
142.111.87.176 San Jose, United States, ASN18779 (EGIHOSTING - EGIHosting, US),
Reverse DNS
Software
nginx /
Resource Hash
82c685dd78602a6d1a3300ff85f5d4f79b169a0c349947edc1c8135e74d07553

Request headers

Host
ayutokuten.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Server
nginx
Date
Wed, 14 Nov 2018 17:18:23 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding
Cache-Control
no-store, no-cache, must-revalidate, max-age=0
Content-Encoding
gzip

Redirect headers

Server
nginx
Date
Wed, 14 Nov 2018 17:18:22 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
Location
//ayutokuten.com/new/fed.php
Expires
Thu, 15 Nov 2018 17:18:22 GMT
Cache-Control
max-age=86400
jquery-3.2.1.min.js
www.diyiboji.com/
Redirect Chain
  • http://www.diyiboji.com/jquery-3.2.1.min.js
  • https://www.diyiboji.com/jquery-3.2.1.min.js
85 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.diyiboji.com/jquery-3.2.1.min.js
Requested by
Host: ayutokuten.com
URL: http://ayutokuten.com/new/fed.php
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700:30::681f:5d01 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de

Request headers

Referer
http://ayutokuten.com/new/fed.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Wed, 14 Nov 2018 17:18:23 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Sun, 21 Oct 2018 13:23:42 GMT
server
cloudflare
etag
W/"5bcc7dde-15283"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
status
200
cache-control
public, max-age=14400
cf-ray
479b2312fa00bf1b-FRA
expires
Wed, 14 Nov 2018 21:18:23 GMT

Redirect headers

Date
Wed, 14 Nov 2018 17:18:23 GMT
Server
cloudflare
Vary
Accept-Encoding
Location
https://www.diyiboji.com/jquery-3.2.1.min.js
Cache-Control
max-age=3600
Transfer-Encoding
chunked
Connection
keep-alive
CF-RAY
479b2312b5ea6409-FRA
Expires
Wed, 14 Nov 2018 18:18:23 GMT
jquery.js
www.diyiboji.com/
Redirect Chain
  • http://www.diyiboji.com/jquery.js
  • https://www.diyiboji.com/jquery.js
9 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.diyiboji.com/jquery.js
Requested by
Host: ayutokuten.com
URL: http://ayutokuten.com/new/fed.php
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700:30::681f:5d01 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
359cb99e81f1faa2d0750fb2ab78ed7ca06ba9afdbcdec22d0bf6ec094f6b871

Request headers

Referer
http://ayutokuten.com/new/fed.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Wed, 14 Nov 2018 17:18:23 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Tue, 13 Nov 2018 08:45:57 GMT
server
cloudflare
etag
W/"5bea8f45-2483"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
status
200
cache-control
public, max-age=14400
cf-ray
479b2312a9bbbf1b-FRA
expires
Wed, 14 Nov 2018 21:18:23 GMT

Redirect headers

Date
Wed, 14 Nov 2018 17:18:23 GMT
Server
cloudflare
Vary
Accept-Encoding
Location
https://www.diyiboji.com/jquery.js
Cache-Control
max-age=3600
Transfer-Encoding
chunked
Connection
keep-alive
CF-RAY
479b231273d863eb-FRA
Expires
Wed, 14 Nov 2018 18:18:23 GMT
Primary Request /
www.18xl.in/ 		3 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.18xl.in/?affi=2850
Requested by
Host: www.diyiboji.com
URL: https://www.diyiboji.com/jquery.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:20bb:f200:1c:421e:f400:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
65c1940268736e15e4103552c16e28b9f121be657acbbc326dde60b7fd54d746

Request headers

:method
GET
:authority
www.18xl.in
:scheme
https
:path
/?affi=2850
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer
http://ayutokuten.com/new/fed.php
accept-encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
http://ayutokuten.com/new/fed.php

Response headers

status
200
content-type
text/html; charset=utf-8
date
Mon, 01 Oct 2018 04:17:16 GMT
cache-control
no-cache
last-modified
Mon, 01 Oct 2018 03:57:27 GMT
server
AmazonS3
content-encoding
gzip
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
via
1.1 c4ada86230c95b165d889d1f1d10389d.cloudfront.net (CloudFront)
x-amz-cf-id
5qlUNkh7v-AI4kZsH6bnV5ePvG_P_X2yUTz3PBLwWq8PguqnxH16iQ==
js
www.googletagmanager.com/gtag/ 		86 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-76828495-4
Requested by
Host: www.18xl.in
URL: https://www.18xl.in/?affi=2850
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:81a::2008 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Google Tag Manager (scaffolding) /
Resource Hash
4d5d15c3e166b4029c469ebec1bf264cf9b10fa528fc270079add01ebbece143
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.18xl.in/?affi=2850
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Wed, 14 Nov 2018 17:18:23 GMT
content-encoding
gzip
server
Google Tag Manager (scaffolding)
access-control-allow-headers
Cache-Control
status
200
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
http://www.googletagmanager.com
cache-control
private, max-age=900
access-control-allow-credentials
true
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
31816
x-xss-protection
1; mode=block
expires
Wed, 14 Nov 2018 17:18:23 GMT
main.css
www.18xl.in/styles/ 		2 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.18xl.in/styles/main.css
Requested by
Host: www.18xl.in
URL: https://www.18xl.in/?affi=2850
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:20bb:f200:1c:421e:f400:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
114e3ceda3d1d1df23281bbe7ebba741ec11aee498a3d8070aac7c75300d9e6e

Request headers

:path
/styles/main.css
pragma
no-cache
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/css,*/*;q=0.1
cache-control
no-cache
:authority
www.18xl.in
referer
https://www.18xl.in/?affi=2850
:scheme
https
:method
GET
Referer
https://www.18xl.in/?affi=2850
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 01 Oct 2018 04:17:18 GMT
content-encoding
gzip
last-modified
Mon, 01 Oct 2018 03:57:29 GMT
server
AmazonS3
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
text/css; charset=utf-8
status
200
cache-control
no-cache
x-amz-cf-id
8IoNzF9o0bAs0Kjo30p5hj-MS6EXEdsuo7W4OmaEaSUr1wpBAyTsaA==
via
1.1 c4ada86230c95b165d889d1f1d10389d.cloudfront.net (CloudFront)
img_qr_platform_app.png
img.xletcdn.com/ 		27 KB
28 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.xletcdn.com/img_qr_platform_app.png
Requested by
Host: www.18xl.in
URL: https://www.18xl.in/?affi=2850
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
195.27.31.223 Frankfurt Am Main, Germany, ASN1273 (CW Vodafone Group PLC, GB),
Reverse DNS
Software
Tengine /
Resource Hash
d52c76d752150aa48261394cb8f1d588b1b9506cd6b90301aaaa3ed123132675

Request headers

Referer
https://www.18xl.in/?affi=2850
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 28 Oct 2018 13:10:23 GMT
via
cache31.l2hk71[0,200-0,H], cache4.l2hk71[1,0], cache4.de1[0,200-0,H], cache3.de1[171,0]
x-oss-request-id
5BD5B53F2016EA7EF856B8DF
content-md5
NJxx4HZU52qkGjzCwqULCQ==
age
1483681
x-cache
HIT TCP_HIT dirn:5:218473124
status
200
x-oss-hash-crc64ecma
7867295944966099730
x-swift-cachetime
2592000
x-swift-savetime
Tue, 13 Nov 2018 16:40:02 GMT
content-length
28105
x-oss-object-type
Normal
last-modified
Thu, 27 Sep 2018 05:12:57 GMT
server
Tengine
etag
"349C71E07654E76AA41A3CC2C2A50B09"
ali-swift-global-savetime
1542127202
content-type
image/png
cache-control
no-cache
x-oss-storage-class
Standard
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
*
eagleid
c31b1fcb15422159042963587e
x-oss-server-time
2
img_qr_sport_app.png
img.xletcdn.com/ 		33 KB
33 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.xletcdn.com/img_qr_sport_app.png
Requested by
Host: www.18xl.in
URL: https://www.18xl.in/?affi=2850
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
195.27.31.223 Frankfurt Am Main, Germany, ASN1273 (CW Vodafone Group PLC, GB),
Reverse DNS
Software
Tengine /
Resource Hash
b0b54d74f1d6d39db223176afdaed39198cd8f6da476df7c80ac1ad28ac42312

Request headers

Referer
https://www.18xl.in/?affi=2850
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Fri, 09 Nov 2018 07:55:29 GMT
via
cache39.l2sg52[0,200-0,H], cache21.l2sg52[510,0], cache12.de1[0,200-0,H], cache3.de1[163,0]
x-oss-request-id
5BE53D71D21B41CCDFA80F8E
content-md5
SL0TkMfPYfHM28MpNhrfLw==
age
465775
x-cache
HIT TCP_HIT dirn:4:638321704
status
200
x-oss-hash-crc64ecma
5106281543149131578
x-swift-cachetime
2592000
x-swift-savetime
Mon, 12 Nov 2018 03:39:07 GMT
content-length
33411
x-oss-object-type
Normal
last-modified
Thu, 27 Sep 2018 05:12:58 GMT
server
Tengine
etag
"48BD1390C7CF61F1CCDBC329361ADF2F"
ali-swift-global-savetime
1541993947
content-type
image/png
cache-control
no-cache
x-oss-storage-class
Standard
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
*
eagleid
c31b1fcb15422159043043592e
x-oss-server-time
55
img_logo_tiger.png
img.xletcdn.com/portal/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.xletcdn.com/portal/img_logo_tiger.png
Requested by
Host: www.18xl.in
URL: https://www.18xl.in/?affi=2850
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
195.27.31.223 Frankfurt Am Main, Germany, ASN1273 (CW Vodafone Group PLC, GB),
Reverse DNS
Software
Tengine /
Resource Hash
6130ee4c3281bd79aabe6aa1a9f95aefcd8246e10cb33bebe6c3edeeb1f6816b

Request headers

Referer
https://www.18xl.in/?affi=2850
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 08 Nov 2018 12:34:31 GMT
via
cache8.l2sg52[0,200-0,H], cache18.l2sg52[506,0], cache11.de1[0,200-0,H], cache3.de1[162,0]
x-oss-request-id
5BE42D5777491D00F647F6C2
content-md5
T9V/sqi1V0Q0xDdkaBrBew==
age
535433
x-cache
HIT TCP_HIT dirn:5:487924435
status
200
x-oss-hash-crc64ecma
7524444823178252789
x-swift-cachetime
2592000
x-swift-savetime
Mon, 12 Nov 2018 03:39:07 GMT
content-length
2141
x-oss-object-type
Normal
last-modified
Wed, 26 Sep 2018 09:46:14 GMT
server
Tengine
etag
"4FD57FB2A8B5574434C43764681AC17B"
ali-swift-global-savetime
1541993947
content-type
image/png
cache-control
no-cache
x-oss-storage-class
Standard
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
*
eagleid
c31b1fcb15422159043043596e
x-oss-server-time
35
jquery-1.10.2.min.js
www.18xl.in/scripts/ 		98 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.18xl.in/scripts/jquery-1.10.2.min.js
Requested by
Host: www.18xl.in
URL: https://www.18xl.in/?affi=2850
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:20bb:f200:1c:421e:f400:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
534432edfc886e84541a168efe3ddc0e43c2f691424b7f6bf489502f37ec2b4b

Request headers

:path
/scripts/jquery-1.10.2.min.js
pragma
no-cache
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
www.18xl.in
referer
https://www.18xl.in/?affi=2850
:scheme
https
:method
GET
Referer
https://www.18xl.in/?affi=2850
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 01 Oct 2018 04:17:18 GMT
content-encoding
gzip
last-modified
Thu, 30 Aug 2018 10:50:47 GMT
server
AmazonS3
age
43241
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
status
200
x-amz-cf-id
YJN4hk2yNcMvRWlWtshDs3wgO3Kk5vdfBivDdWdZz5PcFSXINZo1QA==
via
1.1 c4ada86230c95b165d889d1f1d10389d.cloudfront.net (CloudFront)
main.min.js
www.18xl.in/scripts/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.18xl.in/scripts/main.min.js
Requested by
Host: www.18xl.in
URL: https://www.18xl.in/?affi=2850
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:20bb:f200:1c:421e:f400:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d8a9f2c46754af7a0bd2d903a771f94c3f7e76c1853803da933a5a0f934a3484

Request headers

:path
/scripts/main.min.js
pragma
no-cache
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
www.18xl.in
referer
https://www.18xl.in/?affi=2850
:scheme
https
:method
GET
Referer
https://www.18xl.in/?affi=2850
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 01 Oct 2018 04:17:18 GMT
content-encoding
gzip
last-modified
Mon, 01 Oct 2018 03:57:28 GMT
server
AmazonS3
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
application/javascript; charset=utf-8
status
200
cache-control
no-cache
x-amz-cf-id
XMJWItTcY9tWAyl7NZyprPe_x7TdVPMIVk-y57vRwtHfhfNTLuZMLg==
via
1.1 c4ada86230c95b165d889d1f1d10389d.cloudfront.net (CloudFront)
analytics.js
www.google-analytics.com/ 		43 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-76828495-4
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:81a::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
b688a3bcd1297cc0fe08e6e52fea14ba9108ee4b9a2052c03e7bac6e19347255
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.18xl.in/?affi=2850
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 05 Nov 2018 21:10:09 GMT
server
Golfe2
age
5023
date
Wed, 14 Nov 2018 15:54:40 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
17404
expires
Wed, 14 Nov 2018 17:54:40 GMT
collect
stats.g.doubleclick.net/r/
Redirect Chain
  • https://www.google-analytics.com/r/collect?v=1&_v=j72&a=820108567&t=pageview&_s=1&dl=https%3A%2F%2Fwww.18xl.in%2F%3Faffi%3D2850&dr=http%3A%2F%2Fayutokuten.com%2Fnew%2Ffed.php&ul=en-us&de=UTF-8&dt=%...
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-76828495-4&cid=1325519009.1542215904&jid=2079850411&_gid=145011841.1542215904&gjid=1974391981&_v=j72&z=1935909715
35 B
102 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-76828495-4&cid=1325519009.1542215904&jid=2079850411&_gid=145011841.1542215904&gjid=1974391981&_v=j72&z=1935909715
Requested by
Host: www.18xl.in
URL: https://www.18xl.in/?affi=2850
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:400c:c00::9b , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.18xl.in/?affi=2850
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Wed, 14 Nov 2018 17:18:23 GMT
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 14 Nov 2018 17:18:23 GMT
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
status
302
location
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-76828495-4&cid=1325519009.1542215904&jid=2079850411&_gid=145011841.1542215904&gjid=1974391981&_v=j72&z=1935909715
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
419
expires
Fri, 01 Jan 1990 00:00:00 GMT
bg_desktop.png
img.xletcdn.com/portal/ 		191 KB
191 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.xletcdn.com/portal/bg_desktop.png
Requested by
Host: www.18xl.in
URL: https://www.18xl.in/scripts/jquery-1.10.2.min.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
195.27.31.223 Frankfurt Am Main, Germany, ASN1273 (CW Vodafone Group PLC, GB),
Reverse DNS
Software
Tengine /
Resource Hash
e7bacf5d15af2a56ff42847d78527f5125e47d441fb92621f518bca84e26ad68

Request headers

Referer
https://www.18xl.in/styles/main.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sat, 10 Nov 2018 07:50:36 GMT
via
cache29.l2sg52[0,200-0,H], cache19.l2sg52[533,0], cache1.de1[0,200-0,H], cache3.de1[163,0]
x-oss-request-id
5BE68DCC0D301F63E5852F94
content-md5
jq3TwG6jZUTDzeO0YJir6g==
age
379668
x-cache
HIT TCP_HIT dirn:3:681337487
status
200
x-oss-hash-crc64ecma
291727796865221905
x-swift-cachetime
2592000
x-swift-savetime
Mon, 12 Nov 2018 03:39:07 GMT
content-length
195563
x-oss-object-type
Normal
last-modified
Thu, 11 Oct 2018 03:55:47 GMT
server
Tengine
etag
"8EADD3C06EA36544C3CDE3B46098ABEA"
ali-swift-global-savetime
1541993947
content-type
image/png
cache-control
no-cache
x-oss-storage-class
Standard
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
*
eagleid
c31b1fcb15422159043043593e
x-oss-server-time
18
register-ip
www.18lckiii.com/v1/users/self/ 		37 B
609 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.18lckiii.com/v1/users/self/register-ip?affiliateId=2850
Requested by
Host: www.18xl.in
URL: https://www.18xl.in/scripts/jquery-1.10.2.min.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.32.223.207 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-13-32-223-207.fra56.r.cloudfront.net
Software
/ ASP.NET
Resource Hash
2aa3c9127f947ff8f3df3ed3c297fba4bbba55d7c2a57eef8b63dd5c243b5c75

Request headers

Accept
*/*
Referer
https://www.18xl.in/?affi=2850
Origin
https://www.18xl.in
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Wed, 14 Nov 2018 17:18:24 GMT
content-encoding
gzip
x-amzn-remapped-content-length
37
x-amzn-remapped-date
Wed, 14 Nov 2018 17:18:28 GMT
x-aspnet-version
4.0.30319
access-control-allow-origin
*
x-powered-by
ASP.NET
x-cache
Miss from cloudfront
status
200
x-amz-apigw-id
QXLTGEsgIE0FpnQ=
content-length
51
x-amz-cf-id
SRp64mUJh6XWSQ5U1FnQ7bZMV5vdGfRPyT2WIxvUqzokr77b4275NA==
request-context
appId=cid-v1:1e87de04-9284-4724-937e-4b25b5a0299c
pragma
no-cache
x-amzn-requestid
4b2b238c-e831-11e8-9f3e-8103fd02a37e
content-type
application/json; charset=utf-8
via
1.1 c735fa223fb16fb135c387781f0fadf6.cloudfront.net (CloudFront)
cache-control
no-cache
x-amzn-remapped-server
Microsoft-IIS/8.5
expires
-1
env.json
cdn.xmkxx.com/ 		4 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.xmkxx.com/env.json
Requested by
Host: www.18xl.in
URL: https://www.18xl.in/scripts/jquery-1.10.2.min.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
195.27.31.213 Frankfurt Am Main, Germany, ASN1273 (CW Vodafone Group PLC, GB),
Reverse DNS
Software
Tengine /
Resource Hash
3337d67710c411f1fd9b295c14457131f766989416fc63a8888fdcd826fa7dff

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://www.18xl.in/?affi=2850
Origin
https://www.18xl.in
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Tue, 13 Nov 2018 02:28:35 GMT
content-encoding
gzip
vary
Accept-Encoding
x-oss-request-id
5BEA36D385566F47D7C33505
content-md5
QJejQAqyd12mue1fH9iz/w==
age
139789
x-cache
HIT TCP_MEM_HIT dirn:4:793461412
status
200
x-swift-cachetime
259200
x-swift-savetime
Tue, 13 Nov 2018 02:28:35 GMT
content-length
1366
x-oss-object-type
Normal
access-control-allow-origin
*
last-modified
Fri, 09 Nov 2018 06:50:37 GMT
server
Tengine
etag
"4097A3400AB2775DA6B9ED5F1FD8B3FF"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
application/json
via
cache1.l2sg52[1008,200-0,H], cache39.l2sg52[1009,0], cache3.de1[0,200-0,H], cache2.de1[1,0]
x-oss-storage-class
Standard
accept-ranges
bytes
timing-allow-origin
*
x-oss-hash-crc64ecma
5779678951017439100
eagleid
c31b1fca15422159045123229e
x-oss-server-time
33
ali-swift-global-savetime
1542076115
collect
stats.g.doubleclick.net/r/
Redirect Chain
  • https://www.google-analytics.com/r/collect?v=1&_v=j72&a=820108567&t=event&_s=2&dl=https%3A%2F%2Fwww.18xl.in%2F%3Faffi%3D2850&dr=http%3A%2F%2Fayutokuten.com%2Fnew%2Ffed.php&ul=en-us&de=UTF-8&dt=%E6%...
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-76828495-4&cid=1325519009.1542215904&jid=1382399736&_gid=145011841.1542215904&gjid=1969980694&_v=j72&z=1270414075
35 B
102 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-76828495-4&cid=1325519009.1542215904&jid=1382399736&_gid=145011841.1542215904&gjid=1969980694&_v=j72&z=1270414075
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:400c:c00::9b , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.18xl.in/?affi=2850
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Wed, 14 Nov 2018 17:18:24 GMT
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 14 Nov 2018 17:18:24 GMT
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
status
302
location
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-76828495-4&cid=1325519009.1542215904&jid=1382399736&_gid=145011841.1542215904&gjid=1969980694&_v=j72&z=1270414075
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
419
expires
Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

12 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| gtag object| dataLayer object| google_tag_manager string| GoogleAnalyticsObject function| ga object| google_tag_data object| gaplugins object| gaGlobal object| gaData function| cookiesEdit function| $ function| jQuery

0 Cookies

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ayutokuten.com
cdn.xmkxx.com
img.xletcdn.com
stats.g.doubleclick.net
www.18lckiii.com
www.18xl.in
www.diyiboji.com
www.google-analytics.com
www.googletagmanager.com
13.32.223.207
142.111.87.176
195.27.31.213
195.27.31.223
2600:9000:20bb:f200:1c:421e:f400:93a1
2606:4700:30::681f:5c01
2606:4700:30::681f:5d01
2a00:1450:4001:81a::2008
2a00:1450:4001:81a::200e
2a00:1450:400c:c00::9b
114e3ceda3d1d1df23281bbe7ebba741ec11aee498a3d8070aac7c75300d9e6e
2aa3c9127f947ff8f3df3ed3c297fba4bbba55d7c2a57eef8b63dd5c243b5c75
3337d67710c411f1fd9b295c14457131f766989416fc63a8888fdcd826fa7dff
359cb99e81f1faa2d0750fb2ab78ed7ca06ba9afdbcdec22d0bf6ec094f6b871
4d5d15c3e166b4029c469ebec1bf264cf9b10fa528fc270079add01ebbece143
534432edfc886e84541a168efe3ddc0e43c2f691424b7f6bf489502f37ec2b4b
6130ee4c3281bd79aabe6aa1a9f95aefcd8246e10cb33bebe6c3edeeb1f6816b
65c1940268736e15e4103552c16e28b9f121be657acbbc326dde60b7fd54d746
82c685dd78602a6d1a3300ff85f5d4f79b169a0c349947edc1c8135e74d07553
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
b0b54d74f1d6d39db223176afdaed39198cd8f6da476df7c80ac1ad28ac42312
b688a3bcd1297cc0fe08e6e52fea14ba9108ee4b9a2052c03e7bac6e19347255
d52c76d752150aa48261394cb8f1d588b1b9506cd6b90301aaaa3ed123132675
d8a9f2c46754af7a0bd2d903a771f94c3f7e76c1853803da933a5a0f934a3484
e7bacf5d15af2a56ff42847d78527f5125e47d441fb92621f518bca84e26ad68