urlscan.io logo urlscan.io
SecurityTrails logo

new-twinks.com Open in urlscan Pro
213.174.132.218  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://new.run.place/go.php?link=403~11&ref=langkecfd&t=23312
Effective URL: http://new-twinks.com/evaback.shtml
Submission: On January 25 via api from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 3 countries across 12 domains to perform 4 HTTP transactions. The main IP is 213.174.132.218, located in Ashburn, United States and belongs to ADVANCEDHOSTERS-AS, NL. The main domain is new-twinks.com.
This is the only time new-twinks.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Downloads These files were downloaded by the website

AppFile_v1.1.exe 3 MB application/x-dosexec
MIME: PE32+ executable (GUI) x86-64, for MS Windows
Size: 3 MB (2877456 bytes, 100% done)
Downloaded from: https://uc8b005c2bf7048259536566279d.dl.dropboxusercontent.com/cd/0/get/CMD3vWiI5VUa4pBvkG__OnFLczvVTyi-xSLAQsPQNZG3iG-vCQrhoXrvV98N9qWmbV5AimkIESnkdLk08mllByusgWeUZIZdQvPo_9JiDWHWguu9ogYRmwCmGMl8qVk8XS5VaOlplT0WIZbqVzHyRL3i/file?dl=1#

Domain & IP information

IP Address AS Autonomous System
1 1 95.47.161.64 12722 (RECONN)
2 144.172.123.180 14956 (ROUTERHOS...)
1 1 2606:4700:303... 13335 (CLOUDFLAR...)
1 1 2606:4700:303... 13335 (CLOUDFLAR...)
1 1 2606:4700:303... 13335 (CLOUDFLAR...)
1 213.174.132.218 39572 (ADVANCEDH...)
1 1 104.21.63.35 13335 (CLOUDFLAR...)
1 1 2600:1f18:510... 14618 (AMAZON-AES)
1 1 2a00:1d26:c77... 49544 (I3DNET)
1 1 2606:4700:303... 13335 (CLOUDFLAR...)
1 1 2620:100:6019... 19679 (DROPBOX)
1 2620:100:6019... 19679 (DROPBOX)
4 3
1    95.47.161.64 (Donetsk, Ukraine)

ASN12722 (RECONN, RU)
new.run.place
2    144.172.123.180 (Las Vegas, United States)

ASN14956 (ROUTERHOSTING, US)
PTR: 144-172-123-180.static.cloudzy.com
langke.cfd
1    2606:4700:3035::6815:5036 (United States)

ASN13335 (CLOUDFLARENET, US)
onetouch20.com
1    2606:4700:3037::6815:1045 (United States)

ASN13335 (CLOUDFLARENET, US)
wait4hour.info
1    2606:4700:3033::6815:38de (United States)

ASN13335 (CLOUDFLARENET, US)
gstguj.com
1    213.174.132.218 (Ashburn, United States)

ASN39572 (ADVANCEDHOSTERS-AS, NL)
new-twinks.com
1    104.21.63.35 (None, )

ASN13335 (CLOUDFLARENET, US)
terperbelomo.info
1    2600:1f18:510:801:c2dd:2fb7:d31e:67fb (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
c.srvpcn.com
1    2a00:1d26:c771::12 (Newark, United States)

ASN49544 (I3DNET, NL)
us.justtoo.net
1    2606:4700:3037::6815:447 (United States)

ASN13335 (CLOUDFLARENET, US)
gameplays.shop
1    2620:100:6019:18::a27d:412 (United States)

ASN19679 (DROPBOX, US)
www.dropbox.com
1    2620:100:6019:15::a27d:40f (United States)

ASN19679 (DROPBOX, US)
uc8b005c2bf7048259536566279d.dl.dropboxusercontent.com
Apex Domain
Subdomains		 Transfer
2 langke.cfd
langke.cfd
1 KB
1 dropboxusercontent.com
uc8b005c2bf7048259536566279d.dl.dropboxusercontent.com
1 dropbox.com
www.dropbox.com — Cisco Umbrella Rank: 2717
984 B
1 gameplays.shop
gameplays.shop
840 B
1 justtoo.net
us.justtoo.net — Cisco Umbrella Rank: 153730
375 B
1 srvpcn.com
c.srvpcn.com — Cisco Umbrella Rank: 61633
232 B
1 terperbelomo.info
terperbelomo.info
710 B
1 new-twinks.com
new-twinks.com
381 B
1 gstguj.com
gstguj.com — Cisco Umbrella Rank: 299650
445 B
1 wait4hour.info
wait4hour.info — Cisco Umbrella Rank: 379062
798 B
1 onetouch20.com
onetouch20.com — Cisco Umbrella Rank: 422232
680 B
1 run.place
new.run.place
404 B
4 12
Domain Requested by
2 langke.cfd langke.cfd
1 uc8b005c2bf7048259536566279d.dl.dropboxusercontent.com
1 www.dropbox.com 1 redirects
1 gameplays.shop 1 redirects
1 us.justtoo.net 1 redirects
1 c.srvpcn.com 1 redirects
1 terperbelomo.info 1 redirects
1 new-twinks.com langke.cfd
1 gstguj.com 1 redirects
1 wait4hour.info 1 redirects
1 onetouch20.com 1 redirects
1 new.run.place 1 redirects
4 12

This site contains no links.

Subject Issuer Validity Valid
dl.dropbox.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-02-14 -
2024-03-16		 a year crt.sh

This page contains 1 frames:

Frame: https://uc8b005c2bf7048259536566279d.dl.dropboxusercontent.com/cd/0/get/CMD3vWiI5VUa4pBvkG__OnFLczvVTyi-xSLAQsPQNZG3iG-vCQrhoXrvV98N9qWmbV5AimkIESnkdLk08mllByusgWeUZIZdQvPo_9JiDWHWguu9ogYRmwCmGMl8qVk8XS5VaOlplT0WIZbqVzHyRL3i/file?dl=1
Frame ID: 35337775E3ACBFDD87E45A7DDB11200F
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://new.run.place/go.php?link=403~11&ref=langkecfd&t=23312 HTTP 302
    http://langke.cfd/ Page URL
  2. https://onetouch20.com/pop-go/40354 HTTP 302
    https://wait4hour.info/w43qhBkY?source=40354&sub_id_1=pops&sub_id_2=bip&sub_id_3={click_age} HTTP 302
    https://gstguj.com/cuhdl?wh=fNucfCSfrNnMQTatucvc5Ni1 HTTP 302
    http://new-twinks.com/evaback.shtml Page URL

Page Statistics

4
Requests

25 %
HTTPS

67 %
IPv6

12
Domains

12
Subdomains

3
IPs

3
Countries

2 kB
Transfer

2 kB
Size

21
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://new.run.place/go.php?link=403~11&ref=langkecfd&t=23312 HTTP 302
    http://langke.cfd/ Page URL
  2. https://onetouch20.com/pop-go/40354 HTTP 302
    https://wait4hour.info/w43qhBkY?source=40354&sub_id_1=pops&sub_id_2=bip&sub_id_3={click_age} HTTP 302
    https://gstguj.com/cuhdl?wh=fNucfCSfrNnMQTatucvc5Ni1 HTTP 302
    http://new-twinks.com/evaback.shtml Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://new.run.place/go.php?link=403~11&ref=langkecfd&t=23312 HTTP 302
  • http://langke.cfd/
Request Chain 2
  • https://terperbelomo.info/redirect?tid=946727 HTTP 302
  • http://c.srvpcn.com/click?id=cmpejiha8q1c738nhh20&e=910c1860-b3db-4e71-afa0-4f0097617241&px=135&z=1 HTTP 303
  • https://us.justtoo.net/nty/postback/click?key=v2-1706224074520-4-2645-1267435-695b354a-daaf-072e-bea0-25b9ee0c2ce3 HTTP 302
  • https://gameplays.shop/ HTTP 302
  • https://www.dropbox.com/scl/fi/f9p4ke2umj2z3ov8ji13b/AppFile_v1.1.exe?rlkey=xqmbn7b7asj9agojdxx9xfz3b&dl=1 HTTP 302
  • https://uc8b005c2bf7048259536566279d.dl.dropboxusercontent.com/cd/0/get/CMD3vWiI5VUa4pBvkG__OnFLczvVTyi-xSLAQsPQNZG3iG-vCQrhoXrvV98N9qWmbV5AimkIESnkdLk08mllByusgWeUZIZdQvPo_9JiDWHWguu9ogYRmwCmGMl8qVk8XS5VaOlplT0WIZbqVzHyRL3i/file?dl=1

4 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
langke.cfd/
Redirect Chain
  • http://new.run.place/go.php?link=403~11&ref=langkecfd&t=23312
  • http://langke.cfd/
35 B
748 B 		Document
General
Check archive.org
Download Go to
Full URL
http://langke.cfd/
Protocol
HTTP/1.1
Server
144.172.123.180 Las Vegas, United States, ASN14956 (ROUTERHOSTING, US),
Reverse DNS
144-172-123-180.static.cloudzy.com
Software
nginx /
Resource Hash
14da9571390458a5d144cdacdb59f2a3ad684fb05e5cb4fec82214b3556ee558

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Thu, 25 Jan 2024 23:07:52 GMT
Server
nginx
Transfer-Encoding
chunked
Vary
Accept-Encoding

Redirect headers

Connection
keep-alive
Content-Length
0
Content-Type
text/html
Date
Thu, 25 Jan 2024 23:07:52 GMT
Location
http://langke.cfd
Server
nginx/1.20.2
X-Powered-By
PHP/5.4.16
dt.js
langke.cfd/ 		1 KB
749 B 		Script
General
Check archive.org
Download Go to
Full URL
http://langke.cfd/dt.js
Requested by
Host: langke.cfd
URL: http://langke.cfd/
Protocol
HTTP/1.1
Server
144.172.123.180 Las Vegas, United States, ASN14956 (ROUTERHOSTING, US),
Reverse DNS
144-172-123-180.static.cloudzy.com
Software
nginx /
Resource Hash

Request headers

accept-language
en-US,en;q=0.9
Referer
http://langke.cfd/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date
Thu, 25 Jan 2024 23:07:53 GMT
Content-Encoding
gzip
Last-Modified
Thu, 28 Dec 2023 09:07:49 GMT
Server
nginx
ETag
W/"658d3ae5-51a"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=43200
Connection
keep-alive
Expires
Fri, 26 Jan 2024 11:07:53 GMT
Primary Request evaback.shtml
new-twinks.com/
Redirect Chain
  • https://onetouch20.com/pop-go/40354
  • https://wait4hour.info/w43qhBkY?source=40354&sub_id_1=pops&sub_id_2=bip&sub_id_3={click_age}
  • https://gstguj.com/cuhdl?wh=fNucfCSfrNnMQTatucvc5Ni1
  • http://new-twinks.com/evaback.shtml
264 B
381 B 		Document
General
Check archive.org
Download Go to
Full URL
http://new-twinks.com/evaback.shtml
Requested by
Host: langke.cfd
URL: http://langke.cfd/dt.js
Protocol
HTTP/1.1
Server
213.174.132.218 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.8.0 /
Resource Hash
146aaa4a48fd18de89a38150a7b30c2f9b9277fb9a0b3ca7fe7688823beb3d1c

Request headers

Referer
http://langke.cfd/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html
Date
Thu, 25 Jan 2024 23:07:54 GMT
Server
nginx/1.8.0
Transfer-Encoding
chunked
Vary
Accept-Encoding

Redirect headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
84b42cce8e154bcf-BUF
content-type
text/html; charset=utf-8
date
Thu, 25 Jan 2024 23:07:54 GMT
location
http://new-twinks.com/evaback.shtml
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GNZxX%2F7HLxKOjle6wWAbfKw%2FA3xiMcgRoyHAuKZIEodLLbCkj6mriprnJdmQDhDFz0g5EText5KLsRaZVxfX9ZNzXoDJkGv7L8k2QOzJsVlZP67Yf051fx69zL%2FZO0%2BwVsM9p09el%2F1W"}],"group":"cf-nel","max_age":604800}
server
cloudflare
file
uc8b005c2bf7048259536566279d.dl.dropboxusercontent.com/cd/0/get/CMD3vWiI5VUa4pBvkG__OnFLczvVTyi-xSLAQsPQNZG3iG-vCQrhoXrvV98N9qWmbV5AimkIESnkdLk08mllByusgWeUZIZdQvPo_9JiDWHWguu9ogYRmwCmGMl8qVk8XS5Va...
Redirect Chain
  • https://terperbelomo.info/redirect?tid=946727
  • http://c.srvpcn.com/click?id=cmpejiha8q1c738nhh20&e=910c1860-b3db-4e71-afa0-4f0097617241&px=135&z=1
  • https://us.justtoo.net/nty/postback/click?key=v2-1706224074520-4-2645-1267435-695b354a-daaf-072e-bea0-25b9ee0c2ce3
  • https://gameplays.shop/
  • https://www.dropbox.com/scl/fi/f9p4ke2umj2z3ov8ji13b/AppFile_v1.1.exe?rlkey=xqmbn7b7asj9agojdxx9xfz3b&dl=1
  • https://uc8b005c2bf7048259536566279d.dl.dropboxusercontent.com/cd/0/get/CMD3vWiI5VUa4pBvkG__OnFLczvVTyi-xSLAQsPQNZG3iG-vCQrhoXrvV98N9qWmbV5AimkIESnkdLk08mllByusgWeUZIZdQvPo_9JiDWHWguu9ogYRmwCmGMl8q...
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://uc8b005c2bf7048259536566279d.dl.dropboxusercontent.com/cd/0/get/CMD3vWiI5VUa4pBvkG__OnFLczvVTyi-xSLAQsPQNZG3iG-vCQrhoXrvV98N9qWmbV5AimkIESnkdLk08mllByusgWeUZIZdQvPo_9JiDWHWguu9ogYRmwCmGMl8qVk8XS5VaOlplT0WIZbqVzHyRL3i/file?dl=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:100:6019:15::a27d:40f , United States, ASN19679 (DROPBOX, US),
Reverse DNS
Software
envoy /
Resource Hash
Security Headers
Name Value
Content-Security-Policy sandbox
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy sandbox
X-Content-Type-Options nosniff

Request headers

Referer
http://new-twinks.com/evaback.shtml
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

accept-encoding
identity,gzip
accept-ranges
bytes
cache-control
max-age=60
content-disposition
attachment; filename="AppFile_v1.1.exe"; filename*=UTF-8''AppFile_v1.1.exe
content-length
2877456
content-security-policy
sandbox
content-type
application/binary
date
Thu, 25 Jan 2024 23:07:56 GMT
etag
1705711190381278d
pragma
public
referrer-policy
no-referrer
server
envoy
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
Origin
x-content-security-policy
sandbox
x-content-type-options
nosniff
x-dropbox-request-id
1ed66dba675142d7b89bb638634fc622
x-dropbox-response-origin
far_remote
x-robots-tag
noindex, nofollow, noimageindex
x-server-response-time
234
x-webkit-csp
sandbox

Redirect headers

cache-control
no-cache, no-store
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Thu, 25 Jan 2024 23:07:55 GMT
location
https://uc8b005c2bf7048259536566279d.dl.dropboxusercontent.com/cd/0/get/CMD3vWiI5VUa4pBvkG__OnFLczvVTyi-xSLAQsPQNZG3iG-vCQrhoXrvV98N9qWmbV5AimkIESnkdLk08mllByusgWeUZIZdQvPo_9JiDWHWguu9ogYRmwCmGMl8qVk8XS5VaOlplT0WIZbqVzHyRL3i/file?dl=1#
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
envoy
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
x-content-type-options
nosniff
x-dropbox-request-id
105be5e3cb704d8abb358cd8c4b3da8c
x-dropbox-response-origin
far_remote
x-permitted-cross-domain-policies
none
x-robots-tag
noindex, nofollow, noimageindex
x-xss-protection
1; mode=block

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

21 Cookies

Domain/Path Name / Value
us.justtoo.net/nty/postback Name: platform_user_id
Value: desktop:42b205b826e22f0947ab40cd21489171
us.justtoo.net/nty/postback Name: platform_user_id_3rd_party
Value: desktop:42b205b826e22f0947ab40cd21489171
us.justtoo.net/nty/postback Name: platform_user_id_from_ssp
Value: platform:db78747c055a79b343fb01065a56bd7c
us.justtoo.net/nty/postback Name: platform_user_id_from_ssp_3rd_party
Value: platform:db78747c055a79b343fb01065a56bd7c
new.run.place/ Name: clicks
Value: 1
new.run.place/ Name: langkecfd
Value: visited
new.run.place/ Name: ctime
Value: 1706224072
langke.cfd/ Name: sloth_src
Value: noref
langke.cfd/ Name: sloth_cc
Value: 0
langke.cfd/ Name: sloth_sc
Value: 0
langke.cfd/ Name: sloth_nosend
Value: 65b2e9c8%253A00%253ATnoref%253A
wait4hour.info/ Name: _subid
Value: 10to3g63le6c0f
wait4hour.info/ Name: bc730
Value: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjY5NjNcIjoxNzA2MjI0MDczfSxcImNhbXBhaWduc1wiOntcIjUyOVwiOjE3MDYyMjQwNzN9LFwidGltZVwiOjE3MDYyMjQwNzN9In0.MYBs-_PyLSMhHyck68K6CNsLW3E_h2AZhrOMqrzhovk
terperbelomo.info/ Name: csu
Value: e699238e-84c5-405b-ab46-0f73059a76f5
gameplays.shop/ Name: _subid
Value: 31e67do4tfr7
gameplays.shop/ Name: d1fb8
Value: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjIwMFwiOjE3MDYyMjQwNzV9LFwiY2FtcGFpZ25zXCI6e1wiODVcIjoxNzA2MjI0MDc1fSxcInRpbWVcIjoxNzA2MjI0MDc1fSJ9.mHGkasXTiDpqrerQVXzUbAxenajXedY7hpqmUUepkdA
www.dropbox.com/ Name: gvc
Value: Mjk4MDIyMjU0NjYyMDM5ODA0NTk4MjU5NzMxODYzODUxNTMwMDkw
.dropbox.com/ Name: t
Value: iTrPjKWHGyEokN1OpvYNiPVs
www.dropbox.com/ Name: __Host-js_csrf
Value: iTrPjKWHGyEokN1OpvYNiPVs
www.dropbox.com/ Name: __Host-ss
Value: 8ejWMkFcJ8
.dropbox.com/ Name: locale
Value: en