au1.xlwin.net Open in urlscan Pro
2a00:1158:1000:500::1d Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://upt.com-sporttickets.com/index.php/campaigns/hs949ea87f97e/track-url/ga6046pz60493/c668c2af580ba4942daed13ef8551d66acf0fb19
Effective URL:
https://au1.xlwin.net/w0.php?v=2673&aff_id=1126&aff_sub=&aff_sub2=&tid=41621765&pl=45&ppgender=&ppemail=&ppfirstname=&...
Submission: On July 27 via manual (July 27th 2018, 12:15:07 am UTC) from AU

Summary HTTP 9 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 4 countries across 7 domains to perform 9 HTTP transactions. The main IP is 2a00:1158:1000:500::1d, located in Germany and belongs to GD-EMEA-DC-SXB1, DE. The main domain is au1.xlwin.net.
TLS certificate: Issued by AlphaSSL CA - SHA256 - G2 on June 21st 2018. Valid for: a year.

This is the only time au1.xlwin.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	93.113.37.27 93.113.37.27	41011 (CH-NET-AS) (CH-NET-AS)
3 3	50.97.244.203 50.97.244.203	36351 (SOFTLAYER) (SOFTLAYER - SoftLayer Technologies Inc.)
1 1	52.205.129.47 52.205.129.47	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
1 1	52.49.0.112 52.49.0.112	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
3	2a00:1158:100... 2a00:1158:1000:500::1d	8972 (GD-EMEA-D...) (GD-EMEA-DC-SXB1)
6	2400:cb00:204... 2400:cb00:2048:1::6818:1902	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
9	2

1 93.113.37.27 (Romania) 1 redirects

ASN41011 (CH-NET-AS, RO)
PTR: 93.113.37.27.ch-center.com

upt.com-sporttickets.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 50.97.244.203 (San Jose, United States) 3 redirects

ASN36351 (SOFTLAYER - SoftLayer Technologies Inc., US)
PTR: clkmg.com

top.european-promos.online	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.clkmg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.205.129.47 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-52-205-129-47.compute-1.amazonaws.com

lg.aivilors.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.49.0.112 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-49-0-112.eu-west-1.compute.amazonaws.com

cli.ckluna.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1158:1000:500::1d (Germany)

ASN8972 (GD-EMEA-DC-SXB1, DE)

au1.xlwin.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2400:cb00:2048:1::6818:1902 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

img17.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	img17.com img17.com	412 KB
3	xlwin.net au1.xlwin.net	19 KB
2	european-promos.online 2 redirects top.european-promos.online	1 KB
1	ckluna.net 1 redirects cli.ckluna.net	2 KB
1	aivilors.com 1 redirects lg.aivilors.com	952 B
1	clkmg.com 1 redirects www.clkmg.com	464 B
1	com-sporttickets.com 1 redirects upt.com-sporttickets.com	509 B
9	7

	Domain	Requested by
6	img17.com	au1.xlwin.net
3	au1.xlwin.net	au1.xlwin.net
2	top.european-promos.online	2 redirects
1	cli.ckluna.net	1 redirects
1	lg.aivilors.com	1 redirects
1	www.clkmg.com	1 redirects
1	upt.com-sporttickets.com	1 redirects
9	7

This site contains no links.

Subject Issuer	Validity	Valid
*.xlwin.net AlphaSSL CA - SHA256 - G2	`2018-06-21` - `2019-06-22`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://au1.xlwin.net/w0.php?v=2673&aff_id=1126&aff_sub=&aff_sub2=&tid=41621765&pl=45&ppgender=&ppemail=&ppfirstname=&pplastname=&udc=Desktop--Google--Chrome--?
Frame ID: 8072B9099D87D992C3458C99925A48D5
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

Page Statistics

9
Requests

33 %
HTTPS

33 %
IPv6

7
Domains

7
Subdomains

2
IPs

4
Countries

431 kB
Transfer

429 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://upt.com-sporttickets.com/index.php/campaigns/hs949ea87f97e/track-url/ga6046pz60493/c668c2af580ba4942daed13ef8551d66acf0fb19 HTTP 301
http://top.european-promos.online/10vvopAlldiAU HTTP 302
http://www.clkmg.com/mtc/?url=http%3a%2f%2ftop.european-promos.online%2f10vvopAlldiAU&vid=306055653 HTTP 302
http://top.european-promos.online/10vvopAlldiAU?clkmtc=1 HTTP 302
http://lg.aivilors.com/t/clk?id=gZRulpXT3lP1soQ4xcR HTTP 302
https://cli.ckluna.net/aff_c?offer_id=140&aff_id=1126&url_id=4588&pl=45&&aff_sub2=71c93d31-4431-49eb-b176-6ce92fb1be24&source=4660_ HTTP 302
https://au1.xlwin.net/gtrax.php?ct=1&v=2673&aff_id=1126&offer_id=140&sub_source=4660_&t1=10272a96e3a1d26e2b758dd86eaacc&t2=&t3=148.251.45.254&udc=Desktop--Google--Chrome--%3F&gender={gender}&email={email}&firstname={firstname}&lastname={lastname}&pl=45

9 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Cookie set gtrax.php Show response au1.xlwin.net/ Redirect Chain http://upt.com-sporttickets.com/index.php/campaigns/hs949ea87f97e/track-url/ga6046pz60493/c668c2af580ba4942daed13ef8551d66acf0fb19 http://top.european-promos.online/10vvopAlldiAU http://www.clkmg.com/mtc/?url=http%3a%2f%2ftop.european-promos.online%2f10vvopAlldiAU&vid=306055653 http://top.european-promos.online/10vvopAlldiAU?clkmtc=1 http://lg.aivilors.com/t/clk?id=gZRulpXT3lP1soQ4xcR https://cli.ckluna.net/aff_c?offer_id=140&aff_id=1126&url_id=4588&pl=45&&aff_sub2=71c93d31-4431-49eb-b176-6ce92fb1be24&source=4660_ https://au1.xlwin.net/gtrax.php?ct=1&v=2673&aff_id=1126&offer_id=140&sub_source=4660_&t1=10272a96e3a1d26e2b758dd86eaacc&t2=&t3=148.251.45.254&udc=Desktop--Google--Chrome--%3F&gender={gender}&email=...	0 592 B	166ms 26ms	Document text/html	2a00:1158:1000:500::1d GD-EMEA-DC-SXB1
General Check archive.org Show headers Download Go to Full URL https://au1.xlwin.net/gtrax.php?ct=1&v=2673&aff_id=1126&offer_id=140&sub_source=4660_&t1=10272a96e3a1d26e2b758dd86eaacc&t2=&t3=148.251.45.254&udc=Desktop--Google--Chrome--%3F&gender={gender}&email={email}&firstname={firstname}&lastname={lastname}&pl=45 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2a00:1158:1000:500::1d , Germany, ASN8972 (GD-EMEA-DC-SXB1, DE), Reverse DNS Software Apache/2.4.29 / PHP/5.5.30 Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Host au1.xlwin.net Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 X-DevTools-Emulate-Network-Conditions-Client-Id 8072B9099D87D992C3458C99925A48D5 Response headers Date Fri, 27 Jul 2018 00:14:55 GMT Server Apache/2.4.29 X-Powered-By PHP/5.5.30 Expires Thu, 19 Nov 1981 08:52:00 GMT Cache-Control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma no-cache refresh 0.2;url=w0.php?v=2673&aff_id=1126&aff_sub=&aff_sub2=&tid=41621765&pl=45&ppgender=&ppemail=&ppfirstname=&pplastname=&udc=Desktop--Google--Chrome--? Set-Cookie PHPSESSID=b8af9426c3c79095b1eece64a4212938; path=/ Keep-Alive timeout=5, max=100 Connection Keep-Alive Transfer-Encoding chunked Content-Type text/html; charset=utf-8 Redirect headers Cache-Control no-cache, no-store, must-revalidate Content-Type text/html; charset=iso-8859-1 Date Fri, 27 Jul 2018 00:14:55 GMT Expires Sat, 26 Jul 1997 05:00:00 GMT Location https://au1.xlwin.net/gtrax.php?ct=1&v=2673&aff_id=1126&offer_id=140&sub_source=4660_&t1=10272a96e3a1d26e2b758dd86eaacc&t2=&t3=148.251.45.254&udc=Desktop--Google--Chrome--%3F&gender={gender}&email={email}&firstname={firstname}&lastname={lastname}&pl=45 P3P CP="NOI CUR OUR NOR INT" Pragma no-cache Server nginx/1.13.12 Set-Cookie aff_ran_url_140=4588; expires=Sat, 28 Jul 2018 00:14:55 GMT; path=/; enc_aff_session_140=ENC034885f82fa1062188aabc648cf2a0821024f8a1aa849575cd16c5fc2bdda262c3d3b241163d090c73a84e7f320086d0b9ddd4a525b89f63914010420a60c458e9f666b42518e789b877a73fc75ffc10fde8f11c61c1e1d483bf08c0ddc9b36d943d9b2c6fd88bb6030630ed3b881a7c23c66ae18e18ff71653138d279ef099b431743ddd194e857ab04637f4d7e7fb10c0188c16e89fd6c42271bc27bdcdaf43c2a384385; expires=Mon, 27 Aug 2018 00:14:55 GMT; path=/; ho_mob=eyJtb2JpbGVfZGV2aWNlX29zIjoiRGVza3RvcCIsIm1vYmlsZV9vc192ZXJzaW9uIjoiMCIsIm1vYmlsZV9kZXZpY2VfbW9kZWwiOiJDaHJvbWUiLCJtb2JpbGVfZGV2aWNlX2JyYW5kIjoiR29vZ2xlIiwibW9iaWxlX2Jyb3dzZXIiOiJDaHJvbWUgRGVza3RvcCIsIm1vYmlsZV9icm93c2VyX3ZlcnNpb24iOiI2Ny4wIiwibW9iaWxlX2NhcnJpZXIiOiI/IiwidXNlcl9hZ2VudCI6Ik1vemlsbGEvNS4wIChNYWNpbnRvc2g7IEludGVsIE1hYyBPUyBYIDEwXzEzXzUpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIExpa2UgR2Vja28pIENocm9tZS82Ny4wLjMzOTYuODcgU2FmYXJpLzUzNy4zNiIsImNvbm5lY3Rpb25fc3BlZWQiOiJicm9hZGJhbmQifQ==; expires=Sun, 20 Jun 2021 10:54:55 GMT; path=/; tracking_id 10272a96e3a1d26e2b758dd86eaacc X-Robots-Tag noindex, nofollow Content-Length 488 Connection keep-alive
GET H/1.1	200 OK	Primary Request w0.php Show response au1.xlwin.net/	18 KB 19 KB	27ms 26ms	Document text/html	2a00:1158:1000:500::1d GD-EMEA-DC-SXB1
General Check archive.org Show headers Download Go to Full URL https://au1.xlwin.net/w0.php?v=2673&aff_id=1126&aff_sub=&aff_sub2=&tid=41621765&pl=45&ppgender=&ppemail=&ppfirstname=&pplastname=&udc=Desktop--Google--Chrome--? Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2a00:1158:1000:500::1d , Germany, ASN8972 (GD-EMEA-DC-SXB1, DE), Reverse DNS Software Apache/2.4.29 / PHP/5.5.30 Resource Hash `29b1c8b89bd8d45881b7120000d214eaa0d517e6ab971d2946517144ad89a3dc` Request headers Host au1.xlwin.net Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Referer https://au1.xlwin.net/gtrax.php?ct=1&v=2673&aff_id=1126&offer_id=140&sub_source=4660_&t1=10272a96e3a1d26e2b758dd86eaacc&t2=&t3=148.251.45.254&udc=Desktop--Google--Chrome--%3F&gender={gender}&email={email}&firstname={firstname}&lastname={lastname}&pl=45 Accept-Encoding gzip, deflate Cookie PHPSESSID=b8af9426c3c79095b1eece64a4212938 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 X-DevTools-Emulate-Network-Conditions-Client-Id 8072B9099D87D992C3458C99925A48D5 Referer https://au1.xlwin.net/gtrax.php?ct=1&v=2673&aff_id=1126&offer_id=140&sub_source=4660_&t1=10272a96e3a1d26e2b758dd86eaacc&t2=&t3=148.251.45.254&udc=Desktop--Google--Chrome--%3F&gender={gender}&email={email}&firstname={firstname}&lastname={lastname}&pl=45 Response headers Date Fri, 27 Jul 2018 00:14:56 GMT Server Apache/2.4.29 X-Powered-By PHP/5.5.30 Expires Thu, 19 Nov 1981 08:52:00 GMT Cache-Control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma no-cache Keep-Alive timeout=5, max=99 Connection Keep-Alive Transfer-Encoding chunked Content-Type text/html; charset=utf-8
GET H/1.1	404 Not Found	style.css au1.xlwin.net/css/	0 0	15ms 10ms	Stylesheet text/html	2a00:1158:1000:500::1d GD-EMEA-DC-SXB1
General Check archive.org Show headers Download Go to Full URL https://au1.xlwin.net/css/style.css Requested by Host: au1.xlwin.net URL: https://au1.xlwin.net/w0.php?v=2673&aff_id=1126&aff_sub=&aff_sub2=&tid=41621765&pl=45&ppgender=&ppemail=&ppfirstname=&pplastname=&udc=Desktop--Google--Chrome--? Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2a00:1158:1000:500::1d , Germany, ASN8972 (GD-EMEA-DC-SXB1, DE), Reverse DNS Software Apache/2.4.29 / Resource Hash Request headers Pragma no-cache Accept-Encoding gzip, deflate Host au1.xlwin.net User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/css,/;q=0.1 Referer https://au1.xlwin.net/w0.php?v=2673&aff_id=1126&aff_sub=&aff_sub2=&tid=41621765&pl=45&ppgender=&ppemail=&ppfirstname=&pplastname=&udc=Desktop--Google--Chrome--? Cookie PHPSESSID=b8af9426c3c79095b1eece64a4212938 Connection keep-alive Cache-Control no-cache Referer https://au1.xlwin.net/w0.php?v=2673&aff_id=1126&aff_sub=&aff_sub2=&tid=41621765&pl=45&ppgender=&ppemail=&ppfirstname=&pplastname=&udc=Desktop--Google--Chrome--? User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Fri, 27 Jul 2018 00:14:56 GMT Last-Modified Sun, 31 Jul 2016 01:29:19 GMT Server Apache/2.4.29 ETag "9-538e4699da21b" Content-Type text/html Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 9
GET S	200	475x450-woolworth.png img17.com/img/1/	265 KB 266 KB	206ms 66ms	Image image/webp	2400:cb00:2048:1::6818:1902 Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL https://img17.com/img/1/475x450-woolworth.png Requested by Host: au1.xlwin.net URL: https://au1.xlwin.net/w0.php?v=2673&aff_id=1126&aff_sub=&aff_sub2=&tid=41621765&pl=45&ppgender=&ppemail=&ppfirstname=&pplastname=&udc=Desktop--Google--Chrome--? Protocol SPDY Server 2400:cb00:2048:1::6818:1902 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `7cc9eeb3d3e73b45a9abb1504818822100a13a0029cf3af2274ea1db7d95d857` Request headers Referer https://au1.xlwin.net/w0.php?v=2673&aff_id=1126&aff_sub=&aff_sub2=&tid=41621765&pl=45&ppgender=&ppemail=&ppfirstname=&pplastname=&udc=Desktop--Google--Chrome--? User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Fri, 27 Jul 2018 00:14:56 GMT cf-cache-status REVALIDATED cf-polished origFmt=png, origSize=382455 status 200 content-disposition inline; filename="475x450-woolworth.webp" content-length 271428 last-modified Thu, 17 May 2018 15:25:21 GMT server cloudflare etag "5d5f7-56c68718e77fc" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept content-type image/webp expires Fri, 27 Jul 2018 04:14:56 GMT cache-control public, max-age=14400 accept-ranges bytes cf-ray 440ae8a1c9cc9768-FRA cf-bgj imgq:85
GET S	200	clock.png img17.com/pl/1/	506 B 632 B	193ms 63ms	Image image/webp	2400:cb00:2048:1::6818:1902 Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL https://img17.com/pl/1/clock.png Requested by Host: au1.xlwin.net URL: https://au1.xlwin.net/w0.php?v=2673&aff_id=1126&aff_sub=&aff_sub2=&tid=41621765&pl=45&ppgender=&ppemail=&ppfirstname=&pplastname=&udc=Desktop--Google--Chrome--? Protocol SPDY Server 2400:cb00:2048:1::6818:1902 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `1d3b2dba194eb1207159c8656e8f42c7102f77e946a283486bd93b78159c0f08` Request headers Referer https://au1.xlwin.net/w0.php?v=2673&aff_id=1126&aff_sub=&aff_sub2=&tid=41621765&pl=45&ppgender=&ppemail=&ppfirstname=&pplastname=&udc=Desktop--Google--Chrome--? User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Fri, 27 Jul 2018 00:14:56 GMT cf-cache-status REVALIDATED cf-polished origFmt=png, origSize=1609 status 200 content-disposition inline; filename="clock.webp" content-length 506 last-modified Thu, 17 May 2018 15:29:12 GMT server cloudflare etag "649-56c687f53c380" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept content-type image/webp expires Fri, 27 Jul 2018 04:14:56 GMT cache-control public, max-age=14400 accept-ranges bytes cf-ray 440ae8a1c9d09768-FRA cf-bgj imgq:85
GET S	200	loader.gif img17.com/pl/1/	764 B 1 KB	149ms 19ms	Image image/webp	2400:cb00:2048:1::6818:1902 Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL https://img17.com/pl/1/loader.gif Requested by Host: au1.xlwin.net URL: https://au1.xlwin.net/w0.php?v=2673&aff_id=1126&aff_sub=&aff_sub2=&tid=41621765&pl=45&ppgender=&ppemail=&ppfirstname=&pplastname=&udc=Desktop--Google--Chrome--? Protocol SPDY Server 2400:cb00:2048:1::6818:1902 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `9555393dedd60498fb82368e50d7645eb5006562e10e016f01ec663e5f59e0cf` Request headers Referer https://au1.xlwin.net/w0.php?v=2673&aff_id=1126&aff_sub=&aff_sub2=&tid=41621765&pl=45&ppgender=&ppemail=&ppfirstname=&pplastname=&udc=Desktop--Google--Chrome--? User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Fri, 27 Jul 2018 00:14:56 GMT cf-cache-status HIT cf-polished origFmt=gif, origSize=1633 status 200 content-disposition inline; filename="loader.webp" content-length 764 last-modified Thu, 17 May 2018 15:29:41 GMT server cloudflare etag "661-56c68810f4ebc" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept content-type image/webp expires Fri, 27 Jul 2018 04:14:56 GMT cache-control public, max-age=14400 accept-ranges bytes cf-ray 440ae8a1c9d19768-FRA cf-bgj imgq:85
GET S	200	1600px-countdown-bg.jpg img17.com/pl/1/	117 KB 117 KB	169ms 41ms	Image image/webp	2400:cb00:2048:1::6818:1902 Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL https://img17.com/pl/1/1600px-countdown-bg.jpg Requested by Host: au1.xlwin.net URL: https://au1.xlwin.net/w0.php?v=2673&aff_id=1126&aff_sub=&aff_sub2=&tid=41621765&pl=45&ppgender=&ppemail=&ppfirstname=&pplastname=&udc=Desktop--Google--Chrome--? Protocol SPDY Server 2400:cb00:2048:1::6818:1902 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `ee81953048c41584cd8135bc4c8a97272215e1d3135cefd94cc4800516362e03` Request headers Referer https://au1.xlwin.net/w0.php?v=2673&aff_id=1126&aff_sub=&aff_sub2=&tid=41621765&pl=45&ppgender=&ppemail=&ppfirstname=&pplastname=&udc=Desktop--Google--Chrome--? User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Fri, 27 Jul 2018 00:14:56 GMT cf-cache-status REVALIDATED cf-polished qual=85, origFmt=jpeg, origSize=203859 status 200 content-disposition inline; filename="1600px-countdown-bg.webp" content-length 119474 last-modified Thu, 17 May 2018 15:27:55 GMT server cloudflare etag "31c53-56c687abee0bd" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept content-type image/webp expires Fri, 27 Jul 2018 04:14:56 GMT cache-control public, max-age=14400 accept-ranges bytes cf-ray 440ae8a1c9cd9768-FRA cf-bgj imgq:85
GET S	200	corner.png img17.com/pl/1/	814 B 965 B	190ms 62ms	Image image/webp	2400:cb00:2048:1::6818:1902 Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL https://img17.com/pl/1/corner.png Requested by Host: au1.xlwin.net URL: https://au1.xlwin.net/w0.php?v=2673&aff_id=1126&aff_sub=&aff_sub2=&tid=41621765&pl=45&ppgender=&ppemail=&ppfirstname=&pplastname=&udc=Desktop--Google--Chrome--? Protocol SPDY Server 2400:cb00:2048:1::6818:1902 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `a6441f0f3a2dc65b57138e8f27117352b410cfc0d6d974f109f451cfa30013b8` Request headers Referer https://au1.xlwin.net/w0.php?v=2673&aff_id=1126&aff_sub=&aff_sub2=&tid=41621765&pl=45&ppgender=&ppemail=&ppfirstname=&pplastname=&udc=Desktop--Google--Chrome--? User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Fri, 27 Jul 2018 00:14:56 GMT cf-cache-status REVALIDATED cf-polished origFmt=png, origSize=1968 status 200 content-disposition inline; filename="corner.webp" content-length 814 last-modified Thu, 17 May 2018 15:29:12 GMT server cloudflare etag "7b0-56c687f5f92f2" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept content-type image/webp expires Fri, 27 Jul 2018 04:14:56 GMT cache-control public, max-age=14400 accept-ranges bytes cf-ray 440ae8a1c9ce9768-FRA cf-bgj imgq:85
GET S	200	1600px-woolworths-top.jpg img17.com/pl/1/	26 KB 27 KB	190ms 63ms	Image image/webp	2400:cb00:2048:1::6818:1902 Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL https://img17.com/pl/1/1600px-woolworths-top.jpg Requested by Host: au1.xlwin.net URL: https://au1.xlwin.net/w0.php?v=2673&aff_id=1126&aff_sub=&aff_sub2=&tid=41621765&pl=45&ppgender=&ppemail=&ppfirstname=&pplastname=&udc=Desktop--Google--Chrome--? Protocol SPDY Server 2400:cb00:2048:1::6818:1902 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `d3def6c74ef14c21a050116a56635e7794f31a54949bb97e7af4346e428b8213` Request headers Referer https://au1.xlwin.net/w0.php?v=2673&aff_id=1126&aff_sub=&aff_sub2=&tid=41621765&pl=45&ppgender=&ppemail=&ppfirstname=&pplastname=&udc=Desktop--Google--Chrome--? User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Fri, 27 Jul 2018 00:14:56 GMT cf-cache-status REVALIDATED cf-polished qual=85, origFmt=jpeg, origSize=41970 status 200 content-disposition inline; filename="1600px-woolworths-top.webp" content-length 27044 last-modified Thu, 17 May 2018 15:27:57 GMT server cloudflare etag "a3f2-56c687adc76fb" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept content-type image/webp expires Fri, 27 Jul 2018 04:14:56 GMT cache-control public, max-age=14400 accept-ranges bytes cf-ray 440ae8a1c9cf9768-FRA cf-bgj imgq:85

Verdicts & Comments Add Verdict or Comment

24 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			au1.xlwin.net/	1969-12-31 23:59:59	Name: PHPSESSID Value: b8af9426c3c79095b1eece64a4212938

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

au1.xlwin.net
cli.ckluna.net
img17.com
lg.aivilors.com
top.european-promos.online
upt.com-sporttickets.com
www.clkmg.com
2400:cb00:2048:1::6818:1902
2a00:1158:1000:500::1d
50.97.244.203
52.205.129.47
52.49.0.112
93.113.37.27
1d3b2dba194eb1207159c8656e8f42c7102f77e946a283486bd93b78159c0f08
29b1c8b89bd8d45881b7120000d214eaa0d517e6ab971d2946517144ad89a3dc
7cc9eeb3d3e73b45a9abb1504818822100a13a0029cf3af2274ea1db7d95d857
9555393dedd60498fb82368e50d7645eb5006562e10e016f01ec663e5f59e0cf
a6441f0f3a2dc65b57138e8f27117352b410cfc0d6d974f109f451cfa30013b8
d3def6c74ef14c21a050116a56635e7794f31a54949bb97e7af4346e428b8213
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ee81953048c41584cd8135bc4c8a97272215e1d3135cefd94cc4800516362e03

au1.xlwin.net Open in urlscan Pro 2a00:1158:1000:500::1d Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

9 Requests

33 %HTTPS

33 %IPv6

7 Domains

7 Subdomains

2 IPs

4 Countries

431 kBTransfer

429 kBSize

1 Cookies

0 Outgoing links

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

24 JavaScript Global Variables

1 Cookies

Indicators

au1.xlwin.net Open in urlscan Pro
2a00:1158:1000:500::1d Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

33 %
HTTPS

33 %
IPv6

7
Domains

7
Subdomains

2
IPs

4
Countries

431 kB
Transfer

429 kB
Size

1
Cookies

9 HTTP transactions
0 data transactions