urlscan.io logo urlscan.io
SecurityTrails logo

pbs.twimg.com Open in urlscan Pro
2606:2800:134:1a0d:1429:742:782:b6  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://3437.kinxlinx.com/ZVC.aspx?gAAAAABkWoaFxvAdlhES9zx1XnWtkrAZk20vExQlR8oy8ZsRA8s6cSWJyVgtxm9UbpnIeh_kG0YVSfPsRgrtNUR...
Effective URL: https://pbs.twimg.com/media/FvuuBf4XoAEzuaY?format=jpg&name=4096x4096
Submission: On May 10 via api from BE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 3 countries across 5 domains to perform 4 HTTP transactions. The main IP is 2606:2800:134:1a0d:1429:742:782:b6, located in and belongs to . The main domain is pbs.twimg.com.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on October 6th 2022. Valid for: a year.
This is the only time pbs.twimg.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 64.137.55.3 3507 (CAPASSOC-AS)
1 172.105.110.127 63949 (AKAMAI-LI...)
2 104.26.13.228 13335 (CLOUDFLAR...)
1 1 192.186.135.128 ()
1 2606:2800:134... ()
4 3
1    64.137.55.3 (Chicago, United States)

ASN3507 (CAPASSOC-AS, ZZ)
3437.kinxlinx.com
1    172.105.110.127 (Toronto, Canada)

ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG)
PTR: 172-105-110-127.ip.linodeusercontent.com
www.newoffershere.com
2    104.26.13.228 (None, )

ASN13335 (CLOUDFLARENET, US)
adsurf.truest.at
1    192.186.135.128 (None, )

ASN- ()
nrjxf.faultlessconnect.com
1    2606:2800:134:1a0d:1429:742:782:b6 (None, )

ASN- ()
pbs.twimg.com
Domain Requested by
2 adsurf.truest.at www.newoffershere.com
adsurf.truest.at
1 pbs.twimg.com adsurf.truest.at
1 nrjxf.faultlessconnect.com 1 redirects
1 www.newoffershere.com
1 3437.kinxlinx.com 1 redirects
4 5

This site contains no links.

Subject Issuer Validity Valid
www.newoffershere.com
R3		 2023-04-26 -
2023-07-25		 3 months crt.sh
truest.at
E1		 2023-04-21 -
2023-07-20		 3 months crt.sh
*.twimg.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-10-06 -
2023-11-06		 a year crt.sh

This page contains 1 frames:

Primary Page: https://pbs.twimg.com/media/FvuuBf4XoAEzuaY?format=jpg&name=4096x4096
Frame ID: 701541838C09B9F32EC9A7D404116673
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://3437.kinxlinx.com/ZVC.aspx?gAAAAABkWoaFxvAdlhES9zx1XnWtkrAZk20vExQlR8oy8ZsRA8s6cSWJyVgtxm9Ubpn... HTTP 302
    https://www.newoffershere.com/TlP9-__3d0AIGMSFQ9F1SghcX6wkMhDmi51mUgPvEO2sG4dZWJXc3puFXXvVj-TIMco9l42nPV1z... Page URL
  2. https://adsurf.truest.at/link/geo-redirect?subid_1=650040&subid_2=1_369312_2742370&subid_3=335409683 Page URL
  3. https://nrjxf.faultlessconnect.com/?kw=650040&s1=335409683&s2=650040&s3=1_369312_2742370 HTTP 301
    https://pbs.twimg.com/media/FvuuBf4XoAEzuaY?format=jpg&name=4096x4096 Page URL

Page Statistics

4
Requests

100 %
HTTPS

20 %
IPv6

5
Domains

5
Subdomains

3
IPs

3
Countries

17 kB
Transfer

53 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://3437.kinxlinx.com/ZVC.aspx?gAAAAABkWoaFxvAdlhES9zx1XnWtkrAZk20vExQlR8oy8ZsRA8s6cSWJyVgtxm9UbpnIeh_kG0YVSfPsRgrtNURmlHBTNilToMn3hOTQtvfbnPRdNU71yKcgGRIw281MJtIQ2jWVsEfYUGApvWunB9r_zTC9f-syyg== HTTP 302
    https://www.newoffershere.com/TlP9-__3d0AIGMSFQ9F1SghcX6wkMhDmi51mUgPvEO2sG4dZWJXc3puFXXvVj-TIMco9l42nPV1zMTrtcmwfcg~~/1_369312_2742370/2406_6374980_4273507_38/436285413_217-64-151-30$ Page URL
  2. https://adsurf.truest.at/link/geo-redirect?subid_1=650040&subid_2=1_369312_2742370&subid_3=335409683 Page URL
  3. https://nrjxf.faultlessconnect.com/?kw=650040&s1=335409683&s2=650040&s3=1_369312_2742370 HTTP 301
    https://pbs.twimg.com/media/FvuuBf4XoAEzuaY?format=jpg&name=4096x4096 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://3437.kinxlinx.com/ZVC.aspx?gAAAAABkWoaFxvAdlhES9zx1XnWtkrAZk20vExQlR8oy8ZsRA8s6cSWJyVgtxm9UbpnIeh_kG0YVSfPsRgrtNURmlHBTNilToMn3hOTQtvfbnPRdNU71yKcgGRIw281MJtIQ2jWVsEfYUGApvWunB9r_zTC9f-syyg== HTTP 302
  • https://www.newoffershere.com/TlP9-__3d0AIGMSFQ9F1SghcX6wkMhDmi51mUgPvEO2sG4dZWJXc3puFXXvVj-TIMco9l42nPV1zMTrtcmwfcg~~/1_369312_2742370/2406_6374980_4273507_38/436285413_217-64-151-30$

4 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
436285413_217-64-151-30$
www.newoffershere.com/TlP9-__3d0AIGMSFQ9F1SghcX6wkMhDmi51mUgPvEO2sG4dZWJXc3puFXXvVj-TIMco9l42nPV1zMTrtcmwfcg~~/1_369312_2742370/2406_6374980_4273507_38/
Redirect Chain
  • http://3437.kinxlinx.com/ZVC.aspx?gAAAAABkWoaFxvAdlhES9zx1XnWtkrAZk20vExQlR8oy8ZsRA8s6cSWJyVgtxm9UbpnIeh_kG0YVSfPsRgrtNURmlHBTNilToMn3hOTQtvfbnPRdNU71yKcgGRIw281MJtIQ2jWVsEfYUGApvWunB9r_zTC9f-syyg==
  • https://www.newoffershere.com/TlP9-__3d0AIGMSFQ9F1SghcX6wkMhDmi51mUgPvEO2sG4dZWJXc3puFXXvVj-TIMco9l42nPV1zMTrtcmwfcg~~/1_369312_2742370/2406_6374980_4273507_38/436285413_217-64-151-30$
163 B
471 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.newoffershere.com/TlP9-__3d0AIGMSFQ9F1SghcX6wkMhDmi51mUgPvEO2sG4dZWJXc3puFXXvVj-TIMco9l42nPV1zMTrtcmwfcg~~/1_369312_2742370/2406_6374980_4273507_38/436285413_217-64-151-30$
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
172.105.110.127 Toronto, Canada, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS
172-105-110-127.ip.linodeusercontent.com
Software
Apache /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Content-Length
163
Content-Type
text/html; charset=UTF-8
Date
Wed, 10 May 2023 19:17:00 GMT
Server
Apache

Redirect headers

Connection
close
Content-Length
0
Content-Type
text/html; charset=UTF-8
Date
Wed, 10 May 2023 19:17:00 GMT
Location
https://www.newoffershere.com/TlP9-__3d0AIGMSFQ9F1SghcX6wkMhDmi51mUgPvEO2sG4dZWJXc3puFXXvVj-TIMco9l42nPV1zMTrtcmwfcg~~/1_369312_2742370/2406_6374980_4273507_38/436285413_217-64-151-30$
Server
Apache
geo-redirect
adsurf.truest.at/link/ 		37 KB
16 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://adsurf.truest.at/link/geo-redirect?subid_1=650040&subid_2=1_369312_2742370&subid_3=335409683
Requested by
Host: www.newoffershere.com
URL: https://www.newoffershere.com/TlP9-__3d0AIGMSFQ9F1SghcX6wkMhDmi51mUgPvEO2sG4dZWJXc3puFXXvVj-TIMco9l42nPV1zMTrtcmwfcg~~/1_369312_2742370/2406_6374980_4273507_38/436285413_217-64-151-30$
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.228 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2a896326e65d21833c036f45ba27b29d95445222184c866d6d81161401d0cb5c

Request headers

Referer
https://www.newoffershere.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
must-revalidate, no-cache, private
cf-cache-status
DYNAMIC
cf-ray
7c5485192e5dbbdd-FRA
content-encoding
br
content-type
text/html; charset=UTF-8
date
Wed, 10 May 2023 19:17:01 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5d6xzp2I3b91h8DmHJyvAlPKZvu5XrY%2BHkWwAEexD9StO28lN6yBXxEHYdT5apnuPr%2F%2BrnEm8UghpY4BiWwpBkrceKmwhwgrc5K1Ds%2B%2FWJAPQ2eRY36y86hHSJJ%2F%2BtryFH4%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
852c40c5-78f5-4d9e-95c7-30d5cc972478
adsurf.truest.at/event/ 		55 B
348 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://adsurf.truest.at/event/852c40c5-78f5-4d9e-95c7-30d5cc972478
Requested by
Host: adsurf.truest.at
URL: https://adsurf.truest.at/link/geo-redirect?subid_1=650040&subid_2=1_369312_2742370&subid_3=335409683
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.13.228 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Access-Control-Allow-Origin
*
Referer
https://adsurf.truest.at/link/geo-redirect?subid_1=650040&subid_2=1_369312_2742370&subid_3=335409683
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type
application/json; charset=utf-8

Response headers

date
Wed, 10 May 2023 19:17:01 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=toBUJ3430VqpaFL5bXE1sBhzLUJoE4auITUiWA0lqTdAUCjBdi3HPhL3M3B5AAhfDgQSKCDzOw643OAbPOmhbnKPI78G6UyRb430AHjekVdEaGWiI%2FGx0N45MsXjzKjcnBU%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/json
access-control-allow-origin
*
cache-control
no-cache, private
cf-ray
7c54851c5a93bbdd-FRA
Primary Request FvuuBf4XoAEzuaY
pbs.twimg.com/media/
Redirect Chain
  • https://nrjxf.faultlessconnect.com/?kw=650040&s1=335409683&s2=650040&s3=1_369312_2742370
  • https://pbs.twimg.com/media/FvuuBf4XoAEzuaY?format=jpg&name=4096x4096
16 KB
0 		Document
General
Check archive.org
Download Go to
Full URL
https://pbs.twimg.com/media/FvuuBf4XoAEzuaY?format=jpg&name=4096x4096
Requested by
Host: adsurf.truest.at
URL: https://adsurf.truest.at/link/geo-redirect?subid_1=650040&subid_2=1_369312_2742370&subid_3=335409683
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:134:1a0d:1429:742:782:b6 -, , ASN (),
Reverse DNS
Software
ECS (amb/6B92) /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff

Request headers

Referer
https://adsurf.truest.at/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
access-control-expose-headers
Content-Length
age
63537
cache-control
max-age=604800, must-revalidate
content-length
278474
content-type
image/jpeg
date
Wed, 10 May 2023 19:17:12 GMT
last-modified
Wed, 10 May 2023 01:25:20 GMT
perf
7626143928
server
ECS (amb/6B92)
server-timing
x-cache;desc= HIT,x-tw-cdn;desc=VZ
strict-transport-security
max-age=631138519
surrogate-key
media media/bucket/5 media/1656108628749819905
timing-allow-origin
https://twitter.com, https://mobile.twitter.com
x-cache
HIT
x-connection-hash
d4152c8915e9d7fc2788683d144a5c307916e8d6627127dac0c8e7783488f024
x-content-type-options
nosniff
x-response-time
236
x-transaction-id
3ece12f51df7c639
x-tw-cdn
VZ

Redirect headers

content-type
text/html; charset=UTF-8
date
Wed, 10 May 2023 19:17:11 GMT
location
https://pbs.twimg.com/media/FvuuBf4XoAEzuaY?format=jpg&name=4096x4096
server
swoole-http-server
strict-transport-security
max-age=15768000
transfer-encoding
chunked
x-redir
true

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless

2 Cookies

Domain/Path Name / Value
.newoffershere.com/ Name: uid550
Value: 335409683-20230510151700-d7d35bbe01796abe471523f374eeb04a-
adsurf.truest.at/ Name: TSEvent
Value: ["852c40c5-78f5-4d9e-95c7-30d5cc972478"]

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

3437.kinxlinx.com
adsurf.truest.at
nrjxf.faultlessconnect.com
pbs.twimg.com
www.newoffershere.com
104.26.13.228
172.105.110.127
192.186.135.128
2606:2800:134:1a0d:1429:742:782:b6
64.137.55.3
2a896326e65d21833c036f45ba27b29d95445222184c866d6d81161401d0cb5c