urlscan.io logo urlscan.io
SecurityTrails logo

new-twinks.com Open in urlscan Pro
213.174.132.218  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://mix.work.gd/go.php?link=404~6&ref=wodeemom&t=11103229
Effective URL: http://new-twinks.com/evaback.shtml
Submission: On January 28 via api from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 3 countries across 12 domains to perform 4 HTTP transactions. The main IP is 213.174.132.218, located in Ashburn, United States and belongs to ADVANCEDHOSTERS-AS, NL. The main domain is new-twinks.com.
This is the only time new-twinks.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Downloads These files were downloaded by the website

AppFile_v1.1.exe 3 MB application/x-dosexec
MIME: PE32+ executable (GUI) x86-64, for MS Windows
Size: 3 MB (2877456 bytes, 100% done)
Downloaded from: https://uca8b4c62c71ccf69a61ed7eaef4.dl.dropboxusercontent.com/cd/0/get/CMNtkdQjyHr8doTGwRLRcodi2GIqEGsBiVme-cHvzNLw1E6y-nzbrwUqAKkgKWGBGOMmat_CUMpnn_qA2e-Y4gGLFrFr9hGBnHg5x5FRWwoRqR0CgBbnrNYZFRwsTDq3kvku8-xp0xsaOj5KIdiRYK_B/file?dl=1#

Domain & IP information

IP Address AS Autonomous System
1 1 95.47.161.64 12722 (RECONN)
2 108.165.166.139 8100 (ASN-QUADR...)
1 1 2606:4700:303... 13335 (CLOUDFLAR...)
1 1 2606:4700:303... 13335 (CLOUDFLAR...)
1 1 2606:4700:303... 13335 (CLOUDFLAR...)
1 213.174.132.218 39572 (ADVANCEDH...)
1 1 104.21.63.35 13335 (CLOUDFLAR...)
1 1 2600:1f18:510... 14618 (AMAZON-AES)
1 1 2a00:1d26:c77... 49544 (I3DNET)
1 1 2606:4700:303... 13335 (CLOUDFLAR...)
1 1 2620:100:6019... 19679 (DROPBOX)
1 2620:100:6019... 19679 (DROPBOX)
4 3
1    95.47.161.64 (Donetsk, Ukraine)

ASN12722 (RECONN, RU)
mix.work.gd
2    108.165.166.139 (Los Angeles, United States)

ASN8100 (ASN-QUADRANET-GLOBAL, US)
wodee.mom
1    2606:4700:3033::ac43:ae84 (United States)

ASN13335 (CLOUDFLARENET, US)
onetouch20.com
1    2606:4700:3035::ac43:a6e2 (United States)

ASN13335 (CLOUDFLARENET, US)
wait4hour.info
1    2606:4700:3032::ac43:9c21 (United States)

ASN13335 (CLOUDFLARENET, US)
gstguj.com
1    213.174.132.218 (Ashburn, United States)

ASN39572 (ADVANCEDHOSTERS-AS, NL)
new-twinks.com
1    104.21.63.35 (None, )

ASN13335 (CLOUDFLARENET, US)
terperbelomo.info
1    2600:1f18:510:800:5f5f:5473:16d3:4e58 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
c.srvpcn.com
1    2a00:1d26:c771::12 (Newark, United States)

ASN49544 (I3DNET, NL)
us.justtoo.net
1    2606:4700:3037::6815:447 (United States)

ASN13335 (CLOUDFLARENET, US)
gameplays.shop
1    2620:100:6019:18::a27d:412 (United States)

ASN19679 (DROPBOX, US)
www.dropbox.com
1    2620:100:6019:15::a27d:40f (United States)

ASN19679 (DROPBOX, US)
uca8b4c62c71ccf69a61ed7eaef4.dl.dropboxusercontent.com
Apex Domain
Subdomains		 Transfer
2 wodee.mom
wodee.mom
1 KB
1 dropboxusercontent.com
uca8b4c62c71ccf69a61ed7eaef4.dl.dropboxusercontent.com
1 dropbox.com
www.dropbox.com — Cisco Umbrella Rank: 2717
979 B
1 gameplays.shop
gameplays.shop
841 B
1 justtoo.net
us.justtoo.net — Cisco Umbrella Rank: 153730
376 B
1 srvpcn.com
c.srvpcn.com — Cisco Umbrella Rank: 61633
232 B
1 terperbelomo.info
terperbelomo.info
712 B
1 new-twinks.com
new-twinks.com
381 B
1 gstguj.com
gstguj.com — Cisco Umbrella Rank: 299650
440 B
1 wait4hour.info
wait4hour.info — Cisco Umbrella Rank: 379062
792 B
1 onetouch20.com
onetouch20.com — Cisco Umbrella Rank: 422232
681 B
1 work.gd
mix.work.gd
402 B
4 12
Domain Requested by
2 wodee.mom wodee.mom
1 uca8b4c62c71ccf69a61ed7eaef4.dl.dropboxusercontent.com
1 www.dropbox.com 1 redirects
1 gameplays.shop 1 redirects
1 us.justtoo.net 1 redirects
1 c.srvpcn.com 1 redirects
1 terperbelomo.info 1 redirects
1 new-twinks.com wodee.mom
1 gstguj.com 1 redirects
1 wait4hour.info 1 redirects
1 onetouch20.com 1 redirects
1 mix.work.gd 1 redirects
4 12

This site contains no links.

Subject Issuer Validity Valid
dl.dropbox.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-02-14 -
2024-03-16		 a year crt.sh

This page contains 1 frames:

Frame: https://uca8b4c62c71ccf69a61ed7eaef4.dl.dropboxusercontent.com/cd/0/get/CMNtkdQjyHr8doTGwRLRcodi2GIqEGsBiVme-cHvzNLw1E6y-nzbrwUqAKkgKWGBGOMmat_CUMpnn_qA2e-Y4gGLFrFr9hGBnHg5x5FRWwoRqR0CgBbnrNYZFRwsTDq3kvku8-xp0xsaOj5KIdiRYK_B/file?dl=1
Frame ID: 301205F2E6907333FAE52EC47DE993AE
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://mix.work.gd/go.php?link=404~6&ref=wodeemom&t=11103229 HTTP 302
    http://wodee.mom/ Page URL
  2. https://onetouch20.com/pop-go/40354 HTTP 302
    https://wait4hour.info/w43qhBkY?source=40354&sub_id_1=pops&sub_id_2=bip&sub_id_3={click_age} HTTP 302
    https://gstguj.com/cuhdl?wh=fNucfCSfrNnMQTatucvc5Ni1 HTTP 302
    http://new-twinks.com/evaback.shtml Page URL

Page Statistics

4
Requests

25 %
HTTPS

67 %
IPv6

12
Domains

12
Subdomains

3
IPs

3
Countries

2 kB
Transfer

2 kB
Size

21
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://mix.work.gd/go.php?link=404~6&ref=wodeemom&t=11103229 HTTP 302
    http://wodee.mom/ Page URL
  2. https://onetouch20.com/pop-go/40354 HTTP 302
    https://wait4hour.info/w43qhBkY?source=40354&sub_id_1=pops&sub_id_2=bip&sub_id_3={click_age} HTTP 302
    https://gstguj.com/cuhdl?wh=fNucfCSfrNnMQTatucvc5Ni1 HTTP 302
    http://new-twinks.com/evaback.shtml Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://mix.work.gd/go.php?link=404~6&ref=wodeemom&t=11103229 HTTP 302
  • http://wodee.mom/
Request Chain 2
  • https://terperbelomo.info/redirect?tid=946727 HTTP 302
  • http://c.srvpcn.com/click?id=cmrdgbneq9ac7393n2g0&e=910c1860-b3db-4e71-afa0-4f0097617241&px=135&z=1 HTTP 303
  • https://us.justtoo.net/nty/postback/click?key=v2-1706481710562-4-2645-1267435-e7ea76cb-65b1-92de-58c5-2d56722a094a HTTP 302
  • https://gameplays.shop/ HTTP 302
  • https://www.dropbox.com/scl/fi/f9p4ke2umj2z3ov8ji13b/AppFile_v1.1.exe?rlkey=xqmbn7b7asj9agojdxx9xfz3b&dl=1 HTTP 302
  • https://uca8b4c62c71ccf69a61ed7eaef4.dl.dropboxusercontent.com/cd/0/get/CMNtkdQjyHr8doTGwRLRcodi2GIqEGsBiVme-cHvzNLw1E6y-nzbrwUqAKkgKWGBGOMmat_CUMpnn_qA2e-Y4gGLFrFr9hGBnHg5x5FRWwoRqR0CgBbnrNYZFRwsTDq3kvku8-xp0xsaOj5KIdiRYK_B/file?dl=1

4 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
wodee.mom/
Redirect Chain
  • http://mix.work.gd/go.php?link=404~6&ref=wodeemom&t=11103229
  • http://wodee.mom/
35 B
748 B 		Document
General
Check archive.org
Download Go to
Full URL
http://wodee.mom/
Protocol
HTTP/1.1
Server
108.165.166.139 Los Angeles, United States, ASN8100 (ASN-QUADRANET-GLOBAL, US),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Sun, 28 Jan 2024 22:41:48 GMT
Server
nginx
Transfer-Encoding
chunked
Vary
Accept-Encoding

Redirect headers

Connection
keep-alive
Content-Length
0
Content-Type
text/html
Date
Sun, 28 Jan 2024 22:41:47 GMT
Location
http://wodee.mom
Server
nginx/1.20.2
X-Powered-By
PHP/5.4.16
dt.js
wodee.mom/ 		1 KB
749 B 		Script
General
Check archive.org
Download Go to
Full URL
http://wodee.mom/dt.js
Requested by
Host: wodee.mom
URL: http://wodee.mom/
Protocol
HTTP/1.1
Server
108.165.166.139 Los Angeles, United States, ASN8100 (ASN-QUADRANET-GLOBAL, US),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

accept-language
en-US,en;q=0.9
Referer
http://wodee.mom/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date
Sun, 28 Jan 2024 22:41:48 GMT
Content-Encoding
gzip
Last-Modified
Fri, 22 Dec 2023 13:22:34 GMT
Server
nginx
ETag
W/"65858d9a-51a"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=43200
Connection
keep-alive
Expires
Mon, 29 Jan 2024 10:41:48 GMT
Primary Request evaback.shtml
new-twinks.com/
Redirect Chain
  • https://onetouch20.com/pop-go/40354
  • https://wait4hour.info/w43qhBkY?source=40354&sub_id_1=pops&sub_id_2=bip&sub_id_3={click_age}
  • https://gstguj.com/cuhdl?wh=fNucfCSfrNnMQTatucvc5Ni1
  • http://new-twinks.com/evaback.shtml
264 B
381 B 		Document
General
Check archive.org
Download Go to
Full URL
http://new-twinks.com/evaback.shtml
Requested by
Host: wodee.mom
URL: http://wodee.mom/dt.js
Protocol
HTTP/1.1
Server
213.174.132.218 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.8.0 /
Resource Hash
146aaa4a48fd18de89a38150a7b30c2f9b9277fb9a0b3ca7fe7688823beb3d1c

Request headers

Referer
http://wodee.mom/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html
Date
Sun, 28 Jan 2024 22:41:50 GMT
Server
nginx/1.8.0
Transfer-Encoding
chunked
Vary
Accept-Encoding

Redirect headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
84ccbebc2db14bcf-BUF
content-type
text/html; charset=utf-8
date
Sun, 28 Jan 2024 22:41:49 GMT
location
http://new-twinks.com/evaback.shtml
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pIBT213zM5E2HTDGSmc5yTeRQm1zsMk3aOR3GYiSElyOn3CqfU7kKhCDY3VGVHznpcXmhGkPuBnyCdSnAJFXzzqtnQc9DfU6uAauuQdNtVLggL6rEMQk%2Bsba1Tr40dHDW%2BGbFdcemS0r"}],"group":"cf-nel","max_age":604800}
server
cloudflare
file
uca8b4c62c71ccf69a61ed7eaef4.dl.dropboxusercontent.com/cd/0/get/CMNtkdQjyHr8doTGwRLRcodi2GIqEGsBiVme-cHvzNLw1E6y-nzbrwUqAKkgKWGBGOMmat_CUMpnn_qA2e-Y4gGLFrFr9hGBnHg5x5FRWwoRqR0CgBbnrNYZFRwsTDq3kvku8...
Redirect Chain
  • https://terperbelomo.info/redirect?tid=946727
  • http://c.srvpcn.com/click?id=cmrdgbneq9ac7393n2g0&e=910c1860-b3db-4e71-afa0-4f0097617241&px=135&z=1
  • https://us.justtoo.net/nty/postback/click?key=v2-1706481710562-4-2645-1267435-e7ea76cb-65b1-92de-58c5-2d56722a094a
  • https://gameplays.shop/
  • https://www.dropbox.com/scl/fi/f9p4ke2umj2z3ov8ji13b/AppFile_v1.1.exe?rlkey=xqmbn7b7asj9agojdxx9xfz3b&dl=1
  • https://uca8b4c62c71ccf69a61ed7eaef4.dl.dropboxusercontent.com/cd/0/get/CMNtkdQjyHr8doTGwRLRcodi2GIqEGsBiVme-cHvzNLw1E6y-nzbrwUqAKkgKWGBGOMmat_CUMpnn_qA2e-Y4gGLFrFr9hGBnHg5x5FRWwoRqR0CgBbnrNYZFRwsT...
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://uca8b4c62c71ccf69a61ed7eaef4.dl.dropboxusercontent.com/cd/0/get/CMNtkdQjyHr8doTGwRLRcodi2GIqEGsBiVme-cHvzNLw1E6y-nzbrwUqAKkgKWGBGOMmat_CUMpnn_qA2e-Y4gGLFrFr9hGBnHg5x5FRWwoRqR0CgBbnrNYZFRwsTDq3kvku8-xp0xsaOj5KIdiRYK_B/file?dl=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:100:6019:15::a27d:40f , United States, ASN19679 (DROPBOX, US),
Reverse DNS
Software
envoy /
Resource Hash
Security Headers
Name Value
Content-Security-Policy sandbox
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy sandbox
X-Content-Type-Options nosniff

Request headers

Referer
http://new-twinks.com/evaback.shtml
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

accept-encoding
identity,gzip
accept-ranges
bytes
cache-control
max-age=60
content-disposition
attachment; filename="AppFile_v1.1.exe"; filename*=UTF-8''AppFile_v1.1.exe
content-length
2877456
content-security-policy
sandbox
content-type
application/binary
date
Sun, 28 Jan 2024 22:41:52 GMT
etag
1705711190381278d
pragma
public
referrer-policy
no-referrer
server
envoy
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
Origin
x-content-security-policy
sandbox
x-content-type-options
nosniff
x-dropbox-request-id
16ad0c33fea44d159539908f245af5fe
x-dropbox-response-origin
far_remote
x-robots-tag
noindex, nofollow, noimageindex
x-server-response-time
162
x-webkit-csp
sandbox

Redirect headers

cache-control
no-cache, no-store
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Sun, 28 Jan 2024 22:41:51 GMT
location
https://uca8b4c62c71ccf69a61ed7eaef4.dl.dropboxusercontent.com/cd/0/get/CMNtkdQjyHr8doTGwRLRcodi2GIqEGsBiVme-cHvzNLw1E6y-nzbrwUqAKkgKWGBGOMmat_CUMpnn_qA2e-Y4gGLFrFr9hGBnHg5x5FRWwoRqR0CgBbnrNYZFRwsTDq3kvku8-xp0xsaOj5KIdiRYK_B/file?dl=1#
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
envoy
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
x-content-type-options
nosniff
x-dropbox-request-id
88b4227093f5494fa129385afb51831c
x-dropbox-response-origin
far_remote
x-permitted-cross-domain-policies
none
x-robots-tag
noindex, nofollow, noimageindex
x-xss-protection
1; mode=block

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

21 Cookies

Domain/Path Name / Value
us.justtoo.net/nty/postback Name: platform_user_id
Value: desktop:d053fe2e9e2082f14652659df9c40138
us.justtoo.net/nty/postback Name: platform_user_id_3rd_party
Value: desktop:d053fe2e9e2082f14652659df9c40138
us.justtoo.net/nty/postback Name: platform_user_id_from_ssp
Value: platform:2b8164c2298051de085bed65435e7dac
us.justtoo.net/nty/postback Name: platform_user_id_from_ssp_3rd_party
Value: platform:2b8164c2298051de085bed65435e7dac
mix.work.gd/ Name: clicks
Value: 1
mix.work.gd/ Name: wodeemom
Value: visited
mix.work.gd/ Name: ctime
Value: 1706481707
wodee.mom/ Name: sloth_src
Value: noref
wodee.mom/ Name: sloth_cc
Value: 0
wodee.mom/ Name: sloth_sc
Value: 0
wodee.mom/ Name: sloth_nosend
Value: 65b6d82c%253A00%253ATnoref%253A
wait4hour.info/ Name: _subid
Value: 10to3g63m8f2b1
wait4hour.info/ Name: bc730
Value: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjY5NjNcIjoxNzA2NDgxNzA5fSxcImNhbXBhaWduc1wiOntcIjUyOVwiOjE3MDY0ODE3MDl9LFwidGltZVwiOjE3MDY0ODE3MDl9In0.c4AyVV-aQNnA3v4XkyCV345PVHxJhhRMklx8oNcATBE
terperbelomo.info/ Name: csu
Value: 25c5e31a-f3be-49cf-ab54-4ecac59b8b86
gameplays.shop/ Name: _subid
Value: 31e67do5dahd
gameplays.shop/ Name: d1fb8
Value: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjIwMFwiOjE3MDY0ODE3MTF9LFwiY2FtcGFpZ25zXCI6e1wiODVcIjoxNzA2NDgxNzExfSxcInRpbWVcIjoxNzA2NDgxNzExfSJ9.ODc__Ny6vDfa7ShLD_60r2WlEiNna9M2tCZIswPKdj8
www.dropbox.com/ Name: gvc
Value: MjQ0NDA3NzQxNjg4MDk5ODU5NzA2Mzk1NjkzNzE0NzU2ODAzODk=
.dropbox.com/ Name: t
Value: 0ZTT1TYLgj5hxdpjhid2ahLE
www.dropbox.com/ Name: __Host-js_csrf
Value: 0ZTT1TYLgj5hxdpjhid2ahLE
www.dropbox.com/ Name: __Host-ss
Value: jX-C0vXfr8
.dropbox.com/ Name: locale
Value: en