ca.12xlwin8.net Open in urlscan Pro
2606:4700:3031::6815:6b3 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://storage.googleapis.com/hqyoqzatqthj/aemmfcylvxeo.html#QORHNZC44FT4.QORHNZC44FT4?dYCTywccxr3jcxxrmcdcKBdmc5D6qfcJVcbbb4M
Effective URL:
https://ca.12xlwin8.net/index.php?v=5012
Submission: On March 21 via manual (March 21st 2024, 2:13:17 pm UTC) from CA — Scanned from CA

Summary HTTP 10 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 3 countries across 6 domains to perform 10 HTTP transactions. The main IP is 2606:4700:3031::6815:6b3, located in United States and belongs to CLOUDFLARENET, US. The main domain is ca.12xlwin8.net.
TLS certificate: Issued by E1 on February 21st 2024. Valid for: 3 months.

This is the only time ca.12xlwin8.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	2607:f8b0:400... 2607:f8b0:4004:c1d::cf	15169 (GOOGLE) (GOOGLE)
1 1	37.221.121.31 37.221.121.31	204843 (TR-STERLY...) (TR-STERLY_VERI_MERKEZI_YAZILIM_VE_SIBER_GUVENLIK_HIZMETLERI_ANONIM_SIRKETI)
2 2	45.90.13.190 45.90.13.190	212477 (ROYALE-AS) (ROYALE-AS)
1 1	34.239.206.72 34.239.206.72	14618 (AMAZON-AES) (AMAZON-AES)
7	2606:4700:303... 2606:4700:3031::6815:6b3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2607:f8b0:400... 2607:f8b0:4004:c1b::5f	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4004:c1d::5f	15169 (GOOGLE) (GOOGLE)
10	4

1 2607:f8b0:4004:c1d::cf (Washington, United States)

ASN15169 (GOOGLE, US)

storage.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 37.221.121.31 (Bulgaria) 1 redirects

ASN204843 (TR-STERLY_VERI_MERKEZI_YAZILIM_VE_SIBER_GUVENLIK_HIZMETLERI_ANONIM_SIRKETI, TR)
PTR: undefined.hostname.localhost

weatherthisday.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 45.90.13.190 (Netherlands) 2 redirects

ASN212477 (ROYALE-AS, NL)
PTR: hosted-by.royalehosting.net

www.mostratic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.headingur.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.239.206.72 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-239-206-72.compute-1.amazonaws.com

x.trc85.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2606:4700:3031::6815:6b3 (United States)

ASN13335 (CLOUDFLARENET, US)

ca.12xlwin8.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4004:c1b::5f (Washington, United States)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4004:c1d::5f (Washington, United States)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	12xlwin8.net ca.12xlwin8.net	452 KB
3	googleapis.com storage.googleapis.com — Cisco Umbrella Rank: 696 fonts.googleapis.com — Cisco Umbrella Rank: 110 ajax.googleapis.com — Cisco Umbrella Rank: 716	35 KB
1	trc85.com 1 redirects x.trc85.com	2 KB
1	headingur.com 1 redirects www.headingur.com	660 B
1	mostratic.com 1 redirects www.mostratic.com	645 B
1	weatherthisday.com 1 redirects weatherthisday.com	286 B
10	6

	Domain	Requested by
7	ca.12xlwin8.net	storage.googleapis.com ca.12xlwin8.net
1	ajax.googleapis.com	ca.12xlwin8.net
1	fonts.googleapis.com	ca.12xlwin8.net
1	x.trc85.com	1 redirects
1	www.headingur.com	1 redirects
1	www.mostratic.com	1 redirects
1	weatherthisday.com	1 redirects
1	storage.googleapis.com
10	8

This site contains no links.

Subject Issuer	Validity	Valid
storage.googleapis.com GTS CA 1C3	`2024-02-19` - `2024-05-13`	3 months	crt.sh
12xlwin8.net E1	`2024-02-21` - `2024-05-21`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2024-02-19` - `2024-05-13`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://ca.12xlwin8.net/index.php?v=5012
Frame ID: 3A490D81FF222ADDC8AF643C8B2AB67E
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Win $500 PayPal Cash

Page URL History Show full URLs

https://storage.googleapis.com/hqyoqzatqthj/aemmfcylvxeo.html Page URL
https://ca.12xlwin8.net/index.php?v=5012 Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

10
Requests

100 %
HTTPS

57 %
IPv6

6
Domains

8
Subdomains

4
IPs

3
Countries

487 kB
Transfer

554 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://storage.googleapis.com/hqyoqzatqthj/aemmfcylvxeo.html Page URL
https://ca.12xlwin8.net/index.php?v=5012 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1

http://weatherthisday.com/anchorQORHNZC44FT4.QORHNZC44FT4?dYCTywccxr3jcxxrmcdcKBdmc5D6qfcJVcbbb4M HTTP 302
https://www.mostratic.com/59k8wh9/qmt2lb1/?sub1=2_285891_2580301&sub2=2007_2567350_3746456_61&sub3=750409677_166-0-205-88 HTTP 302
https://www.headingur.com/cmp/3C53WF1/RF39C/?__rpt=0&__po=12236&__ptid=37b1f8f49c8d4c44b673e83640ad5e34&__rpa=1&__rc=1&sub1=2_285891_2580301&sub2=2007_2567350_3746456_61&sub3=750409677_166-0-205-88&sub4=&sub5=&source_id=&__pcd=2 HTTP 302
http://x.trc85.com/aff_c?offer_id=3498&aff_id=2324&url_id=12059&pl=21&source=2656&aff_sub=adb15eada4bb43d9873621bf9bec3a0f HTTP 302
https://ca.12xlwin8.net/gtrax.php?aff_id=2324&ct=1&v=5012&offer_id=3498&sub_source=2656&t1=102ced9213c4794f312ff4cf893967&t2=adb15eada4bb43d9873621bf9bec3a0f&t3=166.0.205.88-US&udc=Desktop--Google--Chrome--%3F&gender={gender}&email={email}&firstname={firstname}&lastname={lastname}&pl=21

10 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 aemmfcylvxeo.html
storage.googleapis.com/hqyoqzatqthj/ 112 B
580 B 620ms
206ms Document
text/html 2607:f8b0:4004:c1d::cf
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://storage.googleapis.com/hqyoqzatqthj/aemmfcylvxeo.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4004:c1d::cf Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: UploadServer /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-length: 112
content-type: text/html
date: Thu, 21 Mar 2024 14:13:06 GMT
etag: "5ea8dcbdee457e4eecc460e5573da042"
expires: Thu, 21 Mar 2024 15:13:06 GMT
last-modified: Thu, 14 Apr 2022 11:29:51 GMT
server: UploadServer
x-goog-generation: 1649935791079442
x-goog-hash: crc32c=m72cOA== md5=Xqjcve5Ffk7sxGDlVz2gQg==
x-goog-metageneration: 1
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 112
x-guploader-uploadid: ABPtcPqAfFdAlR8m_lGRKz9nGbVN49MVb470hVJ3RjTqzSztLnpP5XZCGBCIyDb4Om8nNEyU48I

GET
H2

200

gtrax.php Show response
ca.12xlwin8.net/
Redirect Chain

http://weatherthisday.com/anchorQORHNZC44FT4.QORHNZC44FT4?dYCTywccxr3jcxxrmcdcKBdmc5D6qfcJVcbbb4M
https://www.mostratic.com/59k8wh9/qmt2lb1/?sub1=2_285891_2580301&sub2=2007_2567350_3746456_61&sub3=750409677_166-0-205-88
https://www.headingur.com/cmp/3C53WF1/RF39C/?__rpt=0&__po=12236&__ptid=37b1f8f49c8d4c44b673e83640ad5e34&__rpa=1&__rc=1&sub1=2_285891_2580301&sub2=2007_2567350_3746456_61&sub3=750409677_166-0-205-88...
http://x.trc85.com/aff_c?offer_id=3498&aff_id=2324&url_id=12059&pl=21&source=2656&aff_sub=adb15eada4bb43d9873621bf9bec3a0f
https://ca.12xlwin8.net/gtrax.php?aff_id=2324&ct=1&v=5012&offer_id=3498&sub_source=2656&t1=102ced9213c4794f312ff4cf893967&t2=adb15eada4bb43d9873621bf9bec3a0f&t3=166.0.205.88-US&udc=Desktop--Google-...

0
579 B

848ms
466ms

Document
text/html

2606:4700:3031::6815:6b3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ca.12xlwin8.net/gtrax.php?aff_id=2324&ct=1&v=5012&offer_id=3498&sub_source=2656&t1=102ced9213c4794f312ff4cf893967&t2=adb15eada4bb43d9873621bf9bec3a0f&t3=166.0.205.88-US&udc=Desktop--Google--Chrome--%3F&gender={gender}&email={email}&firstname={firstname}&lastname={lastname}&pl=21
Requested by: Host: storage.googleapis.com
URL: https://storage.googleapis.com/hqyoqzatqthj/aemmfcylvxeo.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::6815:6b3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://storage.googleapis.com/hqyoqzatqthj/aemmfcylvxeo.html#QORHNZC44FT4.QORHNZC44FT4?dYCTywccxr3jcxxrmcdcKBdmc5D6qfcJVcbbb4M
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 867e8a873899541f-YYZ
content-encoding: br
content-type: text/html; charset=utf-8
date: Thu, 21 Mar 2024 14:13:11 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
refresh: 0.2;url=index.php?v=5012
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5aEG0yBg7G645My%2BEXIgDp1V%2BcZFYgaYA5QemRpGDiHUohY7ph8Te0E4xcgwk0erz3iS2Et4l1%2FKUFGiQtKiOO6rFSGka5iLYfhyA1ubAx2hb0uFNRn8UP2ZiWqj0otLjToshHPP4W6UK2iADd0%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
x-cache-status: BYPASS

Redirect headers

Access-Control-Allow-Headers: Tune-SDK-Version
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 523
Content-Type: text/html; charset=iso-8859-1
Date: Thu, 21 Mar 2024 14:13:10 GMT
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Location: https://ca.12xlwin8.net/gtrax.php?aff_id=2324&ct=1&v=5012&offer_id=3498&sub_source=2656&t1=102ced9213c4794f312ff4cf893967&t2=adb15eada4bb43d9873621bf9bec3a0f&t3=166.0.205.88-US&udc=Desktop--Google--Chrome--%3F&gender={gender}&email={email}&firstname={firstname}&lastname={lastname}&pl=21
P3p: CP="NOI CUR OUR NOR INT"
Pragma: no-cache
Server: nginx
Tracking_id: 102ced9213c4794f312ff4cf893967
X-Request-Id: 5ed333cf27e92bb0c4ecb20b819f1158
X-Robots-Tag: noindex, nofollow

GET
H2 200 Primary Request index.php Show response
ca.12xlwin8.net/ 14 KB
3 KB 242ms
241ms Document
text/html 2606:4700:3031::6815:6b3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ca.12xlwin8.net/index.php?v=5012
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::6815:6b3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a96caa96fc36c79e521699dd542c87d53d5ea866f4c126b8a4e4e5f97315a35c

Request headers

Referer: https://ca.12xlwin8.net/gtrax.php?aff_id=2324&ct=1&v=5012&offer_id=3498&sub_source=2656&t1=102ced9213c4794f312ff4cf893967&t2=adb15eada4bb43d9873621bf9bec3a0f&t3=166.0.205.88-US&udc=Desktop--Google--Chrome--%3F&gender={gender}&email={email}&firstname={firstname}&lastname={lastname}&pl=21
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 867e8a8b9ffd541f-YYZ
content-encoding: br
content-type: text/html; charset=UTF-8
date: Thu, 21 Mar 2024 14:13:11 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=akDvnCE1lhe2yrW1V1zjwixCO%2Fpts6uBGSqHXHqEKq5uEwb5AGKnYCn0ZXGpsZZv55e%2FgBR%2BHpWWniwXU8bQl7TCw1OXVGAZC8Td1IhrmSAALDJ8wtYR7J%2F41uLsz5%2FF%2FQRGZ4jJgudEFRPJlOk%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-cache-status: BYPASS

GET
H2 200 css
fonts.googleapis.com/ 2 KB
1002 B 557ms
155ms Stylesheet
text/css 2607:f8b0:4004:c1b::5f
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto

Requested by

Host: ca.12xlwin8.net
URL: https://ca.12xlwin8.net/index.php?v=5012

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1b::5f Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

44004199012159c073f8c965213f9e0aecd633dfe1d58641d7f497d3c7423a61

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ca.12xlwin8.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 21 Mar 2024 14:13:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 21 Mar 2024 12:32:35 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 21 Mar 2024 14:13:12 GMT

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.8.3/ 91 KB
33 KB 533ms
126ms Script
text/javascript 2607:f8b0:4004:c1d::5f
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js

Requested by

Host: ca.12xlwin8.net
URL: https://ca.12xlwin8.net/index.php?v=5012

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1d::5f Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c6caebd23921741fb5ffe6603f16634fca9840c2bf56ac8201e9264d6daccf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ca.12xlwin8.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Wed, 20 Mar 2024 09:01:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 105129
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33593
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 20 Mar 2025 09:01:03 GMT

GET
H2 200 img_11379.png
ca.12xlwin8.net/hostimgpl/ 158 KB
159 KB 722ms
722ms Image
image/png 2606:4700:3031::6815:6b3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ca.12xlwin8.net/hostimgpl/img_11379.png
Requested by: Host: ca.12xlwin8.net
URL: https://ca.12xlwin8.net/index.php?v=5012
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::6815:6b3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 99f40bb9178d711c381d8390c0a2fbf44e5e5bf72bb1c0dc0120b30d8c68c699

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ca.12xlwin8.net/index.php?v=5012
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Thu, 21 Mar 2024 14:13:12 GMT
cf-cache-status: MISS
last-modified: Wed, 12 Apr 2023 17:12:39 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "277da-5f926b71761a1"
x-cache-status: BYPASS
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=89UFsGZrQJTJNGBt3MCw7Q8idD8PlZm%2FvwgySnvzjGYGGEOMmXHI2qh1W5gNv%2FoLK0QLm3vD12HUp8fQHpfLggVW%2FphIMUY2sxqtbNo9aIhtJsa%2Bn0INWCeu1d1xG6fO8YXnNi%2BSSE0vlsNkVOk%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 867e8a8d3a4c541f-YYZ
alt-svc: h3=":443"; ma=86400
content-length: 161754

GET
H2 200 img_6214.png
ca.12xlwin8.net/hostimgpl/ 210 KB
211 KB 892ms
891ms Image
image/png 2606:4700:3031::6815:6b3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ca.12xlwin8.net/hostimgpl/img_6214.png
Requested by: Host: ca.12xlwin8.net
URL: https://ca.12xlwin8.net/index.php?v=5012
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::6815:6b3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 43d9cb4cd5f7507834405ac8e37a387c58fde75f4c1dc560fe84404b41faa8e0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ca.12xlwin8.net/index.php?v=5012
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Thu, 21 Mar 2024 14:13:12 GMT
cf-cache-status: MISS
last-modified: Tue, 11 Apr 2023 02:13:23 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "34824-5f90609417059"
x-cache-status: BYPASS
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5%2B9kgQYDS25f%2FDiYhCRnoq%2B9C36a%2BDy5Uvkih3QgmJlNI4pj2KdMaknryYEnkdfL%2FqI5hxXSVrkuyzxLM5KxTNbKcmXEvDn6m1dA%2FQfgtXIpvi5eW%2FXNaeZg%2FcycvLroUPAP5uDySFiE7f3Ed24%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 867e8a8d3a4e541f-YYZ
alt-svc: h3=":443"; ma=86400
content-length: 215076

GET
H3 200 img_5549.gif
ca.12xlwin8.net/hostimgpl/ 2 KB
2 KB 109ms
108ms Image
image/gif 2606:4700:3031::6815:6b3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ca.12xlwin8.net/hostimgpl/img_5549.gif
Requested by: Host: ca.12xlwin8.net
URL: https://ca.12xlwin8.net/index.php?v=5012
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:6b3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 92d619282a3d1a329605067fb43a6987b74e454aed2ffbd15974152c07ae7c0a

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ca.12xlwin8.net/index.php?v=5012
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Thu, 21 Mar 2024 14:13:12 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3485
x-cache-status: MISS
alt-svc: h3=":443"; ma=86400
content-length: 1633
last-modified: Mon, 10 Apr 2023 07:25:56 GMT
server: cloudflare
etag: "661-5f8f649218b85"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fu7ECnG0ePJ%2BMeXCbYEyYd35YWQaTNvmBPXiHlMBDnDg%2Frg4GarMOKiNE6iLbQ6bmP6k8yrKi4xcfAd9HWP%2BzYC8VShBNxR8iHF9%2FRx2fyeMzYyAE6P7b6SYSlt50pLG6S9edBYEJgCn6mewpF0%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 867e8a90fa02a1ea-YYZ

GET
H3 200 img_6215.png
ca.12xlwin8.net/hostimgpl/ 34 KB
34 KB 550ms
549ms Image
image/png 2606:4700:3031::6815:6b3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ca.12xlwin8.net/hostimgpl/img_6215.png
Requested by: Host: ca.12xlwin8.net
URL: https://ca.12xlwin8.net/index.php?v=5012
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:6b3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 42858dd2dc38cb817e33cf5ea4bbe62149024e5f0f59a84d80c1f930cb500a55

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ca.12xlwin8.net/index.php?v=5012
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Thu, 21 Mar 2024 14:13:12 GMT
cf-cache-status: MISS
last-modified: Tue, 11 Apr 2023 02:13:23 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "86f8-5f90609417059"
x-cache-status: BYPASS
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=35jmsSt%2BETiHCyGLS7y56k0xyN4qZ%2BGk3YdvuXfAlALkZUWyBmzmpU2Il0TtrBs%2BuzKKCnc2kgmq%2BeM98IShrCSN21bG%2B0iTQAbF%2FNd4tEk1Zck7AIkS6ABI6g%2BIsCkjGCopwJe65f%2FEvtDmyrA%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 867e8a910a04a1ea-YYZ
alt-svc: h3=":443"; ma=86400
content-length: 34552

GET
H3 200 img_11378.jpg
ca.12xlwin8.net/hostimgpl/ 43 KB
43 KB 738ms
737ms Image
image/jpeg 2606:4700:3031::6815:6b3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ca.12xlwin8.net/hostimgpl/img_11378.jpg
Requested by: Host: ca.12xlwin8.net
URL: https://ca.12xlwin8.net/index.php?v=5012
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:6b3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f0ee5e487a12af04e40897aef18745fb3d3edd98c55cc89b85c1007a2d4c067c

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ca.12xlwin8.net/index.php?v=5012
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Thu, 21 Mar 2024 14:13:13 GMT
cf-cache-status: MISS
last-modified: Wed, 12 Apr 2023 17:12:39 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "ab63-5f926b71761a1"
x-cache-status: BYPASS
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oiXV2lgqwCnDZgk8PfbgXee%2FSMdxZ28H083MYq6FGtTKyK4U0vosNp6WkbhgY8nWi0F9LjPj%2BbqtocKARY%2Fhrbz7ccYTrsr5aFEOZLwULa2VqISeAI55hWPUOHnsb8gTRWyRRmJ%2BuYMYF6CXE%2FI%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 867e8a910a06a1ea-YYZ
alt-svc: h3=":443"; ma=86400
content-length: 43875

Verdicts & Comments Add Verdict or Comment

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			ca.12xlwin8.net/	1969-12-31 23:59:59	Name: PHPSESSID Value: t9lmce6cq17as7tfcq8eegtp83

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
ca.12xlwin8.net
fonts.googleapis.com
storage.googleapis.com
weatherthisday.com
www.headingur.com
www.mostratic.com
x.trc85.com
2606:4700:3031::6815:6b3
2607:f8b0:4004:c1b::5f
2607:f8b0:4004:c1d::5f
2607:f8b0:4004:c1d::cf
34.239.206.72
37.221.121.31
45.90.13.190
42858dd2dc38cb817e33cf5ea4bbe62149024e5f0f59a84d80c1f930cb500a55
43d9cb4cd5f7507834405ac8e37a387c58fde75f4c1dc560fe84404b41faa8e0
44004199012159c073f8c965213f9e0aecd633dfe1d58641d7f497d3c7423a61
61c6caebd23921741fb5ffe6603f16634fca9840c2bf56ac8201e9264d6daccf
92d619282a3d1a329605067fb43a6987b74e454aed2ffbd15974152c07ae7c0a
99f40bb9178d711c381d8390c0a2fbf44e5e5bf72bb1c0dc0120b30d8c68c699
a96caa96fc36c79e521699dd542c87d53d5ea866f4c126b8a4e4e5f97315a35c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f0ee5e487a12af04e40897aef18745fb3d3edd98c55cc89b85c1007a2d4c067c

ca.12xlwin8.net Open in urlscan Pro 2606:4700:3031::6815:6b3 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

10 Requests

100 %HTTPS

57 %IPv6

6 Domains

8 Subdomains

4 IPs

3 Countries

487 kBTransfer

554 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

6 JavaScript Global Variables

1 Cookies

Indicators

ca.12xlwin8.net Open in urlscan Pro
2606:4700:3031::6815:6b3 Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

100 %
HTTPS

57 %
IPv6

6
Domains

8
Subdomains

4
IPs

3
Countries

487 kB
Transfer

554 kB
Size

1
Cookies

10 HTTP transactions
0 data transactions