urlscan.io logo urlscan.io
SecurityTrails logo

au.12xlwin5n.com Open in urlscan Pro
151.101.66.132  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://cca.li/1Bd
Effective URL: https://au.12xlwin5n.com/w0.php?v=5077&aff_id=1040&aff_sub=&aff_sub2=&tid=55970164&pl=185&ppgender=&ppemail=&ppfirstname=...
Submission: On August 31 via manual from AU — Scanned from AU
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 3 countries across 5 domains to perform 5 HTTP transactions. The main IP is 151.101.66.132, located in United States and belongs to FASTLY, US. The main domain is au.12xlwin5n.com.
TLS certificate: Issued by R3 on July 14th 2022. Valid for: 3 months.
This is the only time au.12xlwin5n.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 54.234.43.111 14618 (AMAZON-AES)
1 1 34.76.75.249 396982 (GOOGLE-CL...)
1 1 52.210.26.68 16509 (AMAZON-02)
2 151.101.66.132 54113 (FASTLY)
3 104.26.3.111 13335 (CLOUDFLAR...)
5 2
1    54.234.43.111 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-234-43-111.compute-1.amazonaws.com
cca.li
1    34.76.75.249 (Brussels, Belgium)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 249.75.76.34.bc.googleusercontent.com
goodwolder.com
1    52.210.26.68 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-210-26-68.eu-west-1.compute.amazonaws.com
x.trc85.com
2    151.101.66.132 (United States)

ASN54113 (FASTLY, US)
au.12xlwin5n.com
3    104.26.3.111 (United States)

ASN13335 (CLOUDFLARENET, US)
img17.com
Apex Domain
Subdomains		 Transfer
3 img17.com
img17.com
277 KB
2 12xlwin5n.com
au.12xlwin5n.com
7 KB
1 trc85.com
x.trc85.com
2 KB
1 goodwolder.com
goodwolder.com
783 B
1 cca.li
cca.li
284 B
5 5
Domain Requested by
3 img17.com au.12xlwin5n.com
2 au.12xlwin5n.com
1 x.trc85.com 1 redirects
1 goodwolder.com 1 redirects
1 cca.li 1 redirects
5 5

This site contains no links.

Subject Issuer Validity Valid
*.12xlwin5n.com
R3		 2022-07-14 -
2022-10-12		 3 months crt.sh
*.img17.com
E1		 2022-08-14 -
2022-11-12		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://au.12xlwin5n.com/w0.php?v=5077&aff_id=1040&aff_sub=&aff_sub2=&tid=55970164&pl=185&ppgender=&ppemail=&ppfirstname=&pplastname=&udc=Desktop--Google--Chrome--?
Frame ID: 64FA539ACF8075E3AA57402D2DC8210F
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Aldi Supermarket

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)

Page Statistics

5
Requests

100 %
HTTPS

0 %
IPv6

5
Domains

5
Subdomains

2
IPs

3
Countries

284 kB
Transfer

282 kB
Size

4
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://cca.li/1Bd HTTP 301
  • https://goodwolder.com/?a=1223&oc=9574&c=27821&m=3&s1= HTTP 302
  • http://x.trc85.com/aff_c?offer_id=3193&aff_id=1040&url_id=10057&pl=185&source=1223123_Aldi&aff_sub2=263599586&aff_sub3=1223 HTTP 302
  • https://au.12xlwin5n.com/gtrax.php?aff_id=1040&ct=1&v=5077&offer_id=3193&sub_source=1223123_Aldi&t1=102e86f32c1c91837ff79b3721b3fc&t2=&t3=173.245.209.63-AU&udc=Desktop--Google--Chrome--%3F&gender={gender}&email={email}&firstname={firstname}&lastname={lastname}&pl=185

5 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
gtrax.php
au.12xlwin5n.com/
Redirect Chain
  • http://cca.li/1Bd
  • https://goodwolder.com/?a=1223&oc=9574&c=27821&m=3&s1=
  • http://x.trc85.com/aff_c?offer_id=3193&aff_id=1040&url_id=10057&pl=185&source=1223123_Aldi&aff_sub2=263599586&aff_sub3=1223
  • https://au.12xlwin5n.com/gtrax.php?aff_id=1040&ct=1&v=5077&offer_id=3193&sub_source=1223123_Aldi&t1=102e86f32c1c91837ff79b3721b3fc&t2=&t3=173.245.209.63-AU&udc=Desktop--Google--Chrome--%3F&gender={...
0
412 B 		Document
General
Check archive.org
Download Go to
Full URL
https://au.12xlwin5n.com/gtrax.php?aff_id=1040&ct=1&v=5077&offer_id=3193&sub_source=1223123_Aldi&t1=102e86f32c1c91837ff79b3721b3fc&t2=&t3=173.245.209.63-AU&udc=Desktop--Google--Chrome--%3F&gender={gender}&email={email}&firstname={firstname}&lastname={lastname}&pl=185
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.66.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Apache / PHP/7.3.10
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

accept-ranges
bytes
cache-control
no-store, no-cache, must-revalidate
content-type
text/html; charset=utf-8
date
Wed, 31 Aug 2022 20:53:03 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
pragma
no-cache
refresh
0.2;url=w0.php?v=5077&aff_id=1040&aff_sub=&aff_sub2=&tid=55970164&pl=185&ppgender=&ppemail=&ppfirstname=&pplastname=&udc=Desktop--Google--Chrome--?
server
Apache
strict-transport-security
max-age=300
via
1.1 varnish
x-cache
MISS
x-cache-hits
0
x-powered-by
PHP/7.3.10
x-served-by
cache-syd10122-SYD
x-timer
S1661979183.040474,VS0,VE618

Redirect headers

Access-Control-Allow-Headers
Tune-SDK-Version
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
503
Content-Type
text/html; charset=iso-8859-1
Date
Wed, 31 Aug 2022 20:53:02 GMT
Expires
Sat, 26 Jul 1997 05:00:00 GMT
Location
https://au.12xlwin5n.com/gtrax.php?aff_id=1040&ct=1&v=5077&offer_id=3193&sub_source=1223123_Aldi&t1=102e86f32c1c91837ff79b3721b3fc&t2=&t3=173.245.209.63-AU&udc=Desktop--Google--Chrome--%3F&gender={gender}&email={email}&firstname={firstname}&lastname={lastname}&pl=185
P3p
CP="NOI CUR OUR NOR INT"
Pragma
no-cache
Server
nginx
Tracking_id
102e86f32c1c91837ff79b3721b3fc
X-Request-Id
7a11a5fbcb6e6254da9b4459b6f270d4
X-Robots-Tag
noindex, nofollow
Primary Request w0.php
au.12xlwin5n.com/ 		6 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://au.12xlwin5n.com/w0.php?v=5077&aff_id=1040&aff_sub=&aff_sub2=&tid=55970164&pl=185&ppgender=&ppemail=&ppfirstname=&pplastname=&udc=Desktop--Google--Chrome--?
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.66.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Apache / PHP/7.3.10
Resource Hash
ce48017ffd9b0420ebc64fc8360f1c097dc320e8ca5a7c2a757cb3192be51b7a
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://au.12xlwin5n.com/gtrax.php?aff_id=1040&ct=1&v=5077&offer_id=3193&sub_source=1223123_Aldi&t1=102e86f32c1c91837ff79b3721b3fc&t2=&t3=173.245.209.63-AU&udc=Desktop--Google--Chrome--%3F&gender={gender}&email={email}&firstname={firstname}&lastname={lastname}&pl=185
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

accept-ranges
bytes
age
0
cache-control
no-store, no-cache, must-revalidate
content-length
6178
content-type
text/html; charset=UTF-8
date
Wed, 31 Aug 2022 20:53:04 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
pragma
no-cache
server
Apache
strict-transport-security
max-age=300
via
1.1 varnish
x-cache
MISS
x-cache-hits
0
x-powered-by
PHP/7.3.10
x-served-by
cache-syd10122-SYD
x-timer
S1661979184.983891,VS0,VE619
sign.png
img17.com/pl/1/ 		11 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img17.com/pl/1/sign.png
Requested by
Host: au.12xlwin5n.com
URL: https://au.12xlwin5n.com/w0.php?v=5077&aff_id=1040&aff_sub=&aff_sub2=&tid=55970164&pl=185&ppgender=&ppemail=&ppfirstname=&pplastname=&udc=Desktop--Google--Chrome--?
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.3.111 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bcab7aacb65b677b34743e6d79da9509a41a220f569fa624bf9821aea7c94a43

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://au.12xlwin5n.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date
Wed, 31 Aug 2022 20:53:05 GMT
cf-cache-status
REVALIDATED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished
origFmt=png, origSize=18466
content-disposition
inline; filename="sign.webp"
content-length
10876
last-modified
Wed, 08 Jan 2020 10:20:58 GMT
server
cloudflare
etag
"4822-59b9e3f9dd680"
vary
Accept
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vJc5aWIFtr0S%2FK9XTVkzDB5ZY9%2FtoD9ImqpmoM0ChFQO3jpdql91j8wHBdy0Tc9SGSa5EM%2FQJsFxOxTWz4WnU%2FSEbp3AIuYQPsmh81Tn%2BBys7jea3jcFtSa1Rw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
7438a751cbe4a883-SYD
cf-bgj
imgq:100,h2pri
aldigiftcard.png
img17.com/pl/1/ 		113 KB
114 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img17.com/pl/1/aldigiftcard.png
Requested by
Host: au.12xlwin5n.com
URL: https://au.12xlwin5n.com/w0.php?v=5077&aff_id=1040&aff_sub=&aff_sub2=&tid=55970164&pl=185&ppgender=&ppemail=&ppfirstname=&pplastname=&udc=Desktop--Google--Chrome--?
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.3.111 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
80dad7458a6e42a547fb2fa851373a736e0bb442dc10fe1793c33758657ad1d3

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://au.12xlwin5n.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date
Wed, 31 Aug 2022 20:53:05 GMT
cf-cache-status
REVALIDATED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished
origFmt=png, origSize=218843
content-disposition
inline; filename="aldigiftcard.webp"
content-length
116184
last-modified
Wed, 08 Jan 2020 10:20:57 GMT
server
cloudflare
etag
"356db-59b9e3f8e9440"
vary
Accept
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8MnKOs5xaUjZDXQI0nBi2F%2BWCEDme508UzoUB3F5EUTvSqdECtyzkedzM80z5eVYauP3wAaj6FPuhPIUIZ3UD9XEaX5aRikP9wBSbhYK6qfo8cdeSh7237C3nQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
7438a751cbe7a883-SYD
cf-bgj
imgq:100,h2pri
1440x633_veg_bg.jpg
img17.com/pl/1/ 		152 KB
152 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img17.com/pl/1/1440x633_veg_bg.jpg
Requested by
Host: au.12xlwin5n.com
URL: https://au.12xlwin5n.com/w0.php?v=5077&aff_id=1040&aff_sub=&aff_sub2=&tid=55970164&pl=185&ppgender=&ppemail=&ppfirstname=&pplastname=&udc=Desktop--Google--Chrome--?
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.3.111 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
20b789c5ac47cf389497b3ac7eaa649abcf685a74b62db40f80e64e6b46c002f

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://au.12xlwin5n.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date
Wed, 31 Aug 2022 20:53:05 GMT
cf-cache-status
REVALIDATED
last-modified
Wed, 08 Jan 2020 10:20:57 GMT
server
cloudflare
etag
"276e3-59b9e3f8e9440"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Jxssj23kq%2Bd4mn%2FJ82htjN2kPLDkGfMU%2FR90PGX2QinrFZmtMibpPxIHAFeBgmKC9CLSfjNprZ%2BHBFj7iqGDUQNS4l0ypxdzbFK47bFq2jUfKn07Y4cQ1lw7Og%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
7438a751cbe9a883-SYD
content-length
155294
cf-polished
origSize=161507, status=webp_bigger
cf-bgj
imgq:100,h2pri

Verdicts & Comments Add Verdict or Comment

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation object| elems function| fn

4 Cookies

Domain/Path Name / Value
.goodwolder.com/ Name: sfd
Value: vPlIBfnMcy26vwUowVjAMJpqiC28g8zC2lG9a+fo36twy1wEmuOX4w==
.goodwolder.com/ Name: tib
Value: nJRG2JNydNWTto9OgDd2eppqiC28g8zC2lG9a+fo36twy1wEmuOX4w==
.goodwolder.com/ Name: c9554
Value: vPlIBfnMcy0N7ML+qdsqoPtmp/9+pJjkHmQ1Cyjel1vEJqwiiX0zeQ==
au.12xlwin5n.com/ Name: PHPSESSID
Value: 99202227e2fb5c7ff1e410044034b5e7

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=300