trk139.zzperform.com Open in urlscan Pro
2606:4700:3034::ac43:d3cd Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://uqisvrddsi.duc.kdns.org/
Effective URL:
https://trk139.zzperform.com/gw.js?source=65798hgddtt&url=https%3A%2F%2Fck.adsjoy.com%2Fads%2Fad.php%3Fzid%3D151753%26opm%3D5...
Submission Tags: krdprod
Submission: On October 18 via api (October 18th 2021, 6:34:47 am UTC) from JP — Scanned from DE

Summary HTTP 9 Redirects Behaviour Indicators

Summary

This website contacted 6 IPs in 4 countries across 9 domains to perform 9 HTTP transactions. The main IP is 2606:4700:3034::ac43:d3cd, located in United States and belongs to CLOUDFLARENET, US. The main domain is trk139.zzperform.com.
TLS certificate: Issued by R3 on October 15th 2021. Valid for: 3 months.

This is the only time trk139.zzperform.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2	2607:fad0:380... 2607:fad0:3801:4::1	32244 (LIQUIDWEB) (LIQUIDWEB)
1 1	198.134.116.30 198.134.116.30	27257 (WEBAIR-IN...) (WEBAIR-INTERNET)
3 3	213.227.135.229 213.227.135.229	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
1	116.202.135.115 116.202.135.115	24940 (HETZNER-AS) (HETZNER-AS)
1	104.21.80.230 104.21.80.230	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	172.67.171.70 172.67.171.70	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	2606:4700:303... 2606:4700:3036::6815:5d52	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 3	2606:4700:303... 2606:4700:3034::ac43:d3cd	13335 (CLOUDFLAR...) (CLOUDFLARENET)
9	6

2 2607:fad0:3801:4::1 (United States)

ASN32244 (LIQUIDWEB, US)

uqisvrddsi.duc.kdns.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 198.134.116.30 (Grapevine, United States) 1 redirects

ASN27257 (WEBAIR-INTERNET, US)

click.expmediadirect1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 213.227.135.229 (Netherlands) 3 redirects

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)

biggerpicture.g2afse.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 116.202.135.115 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.115.135.202.116.clients.your-server.de

armr.trckswrm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.21.80.230 (None, )

ASN13335 (CLOUDFLARENET, US)

bercioles.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.67.171.70 (United States)

ASN13335 (CLOUDFLARENET, US)

poqueras.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3036::6815:5d52 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

sylvinanorrey.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:3034::ac43:d3cd (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

trk139.zzperform.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	zzperform.com 1 redirects trk139.zzperform.com	14 KB
3	g2afse.com 3 redirects biggerpicture.g2afse.com	664 B
2	kdns.org uqisvrddsi.duc.kdns.org	3 KB
1	sylvinanorrey.com 1 redirects sylvinanorrey.com	885 B
1	poqueras.com poqueras.com	1 KB
1	bercioles.com bercioles.com	1 KB
1	trckswrm.com armr.trckswrm.com	288 B
1	expmediadirect1.com 1 redirects click.expmediadirect1.com	282 B
0	mixupdef.com Failed mixupdef.com Failed
9	9

	Domain	Requested by
3	trk139.zzperform.com	1 redirects poqueras.com uqisvrddsi.duc.kdns.org
3	biggerpicture.g2afse.com	3 redirects
2	uqisvrddsi.duc.kdns.org	uqisvrddsi.duc.kdns.org
1	sylvinanorrey.com	1 redirects
1	poqueras.com	bercioles.com
1	bercioles.com	armr.trckswrm.com
1	armr.trckswrm.com	uqisvrddsi.duc.kdns.org
1	click.expmediadirect1.com	1 redirects
0	mixupdef.com Failed	trk139.zzperform.com
9	9

This site contains no links.

Subject Issuer	Validity	Valid
centos7.template.liquidweb.com centos7.template.liquidweb.com	`2017-03-02` - `2018-03-02`	a year	crt.sh
armr.trckswrm.com ZeroSSL RSA Domain Secure Site CA	`2021-10-01` - `2021-12-30`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-10-10` - `2022-10-09`	a year	crt.sh
*.zzperform.com R3	`2021-10-15` - `2022-01-13`	3 months	crt.sh

This page contains 1 frames:

Frame: https://mixupdef.com/i/8759?nsid=o1515175357&partner_subid=8611120100003315175318120450716b27c60506cf
Frame ID: 3BC72D13716A559EBD7A40DDE0A157E7
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://uqisvrddsi.duc.kdns.org/ Page URL
https://uqisvrddsi.duc.kdns.org/page/bouncy.php?&bpae=GbhGdr0mpUx%2Fj3NU5kxnvD5gG%2B8nbyGO9nBIByEXS6hhT%2F9S... Page URL
https://click.expmediadirect1.com/click?i=fJcQi55ZGXY_0 HTTP 302
http://biggerpicture.g2afse.com/sl?id=5dca95883bf47917e8f2530d&pid=112&sub5=[conversion]&sub1=[source] HTTP 302
https://biggerpicture.g2afse.com/sl?id=5dca95883bf47917e8f2530d&pid=112&sub5=[conversion]&sub1=[source] HTTP 302
https://biggerpicture.g2afse.com/click?pid=1&offer_id=188 HTTP 302
https://armr.trckswrm.com/recommendation?rec_link_id=306&pub_id=154 Page URL
http://bercioles.com/redirect?id=82&auth=82ead305c138eb8fefc6187658dc9b5e4d67d425&sid=154&clk=Arr... Page URL
https://poqueras.com/noid/slope?lame=2H9bknzlz6BNNCcn10k5gQ%3D%3D Page URL
https://sylvinanorrey.com/l/12951695aa65a83b3992?source=65798hgddtt&wnw=false HTTP 302
https://trk139.zzperform.com/l/12951695aa65a83b3992.js?source=65798hgddtt&wnw=false Page URL
https://trk139.zzperform.com/l/12951695aa65a83b3992.js?source=65798hgddtt&wnw=false&code=10Y3VvBDU7OTs9PE... HTTP 302
https://trk139.zzperform.com/gw.js?source=65798hgddtt&url=https%3A%2F%2Fck.adsjoy.com%2Fads%2Fad.php%3Fzi... Page URL

Page Statistics

9
Requests

44 %
HTTPS

38 %
IPv6

9
Domains

9
Subdomains

6
IPs

4
Countries

19 kB
Transfer

43 kB
Size

4
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://uqisvrddsi.duc.kdns.org/ Page URL
https://uqisvrddsi.duc.kdns.org/page/bouncy.php?&bpae=GbhGdr0mpUx%2Fj3NU5kxnvD5gG%2B8nbyGO9nBIByEXS6hhT%2F9SRqGLfhyeu8EVHIcoRGBke5F1y3V25nlfNeEF8XEPKx0%2BkKRpstwhkcqT4xYVb8NzFO%2B3vWR1F%2BxFbCsGCVnvbV1oscmcIqwrUPY%2Byvkya2uV6IUGjhukLN4%2BW6usoMXctnvZv2G7kP7AEB%2Becv58MxYjX7fkBpMpsEqFiG4y34yV6wmyWAZw%2FbusmddzXylniK7VWxJamKht3005KzmqIYCuAE519sU6avp6QxPX77eBtJ7ShNQ8dO%2BHF3wrIFAGo4oB1V5JLpNbd8%2F9LcBkEiq80UNgWHkztJ5T%2BSGl1MCZ5Jvo0Q1p6Q0YKfSolc0TG1fa6wma%2Bp9Y1ri0gNgBDIWcMzsCSOpMtELOYesnI%2BCBjlQbs9tC&redirectType=js&inIframe=false&inPopUp=false Page URL
https://click.expmediadirect1.com/click?i=fJcQi55ZGXY_0 HTTP 302
http://biggerpicture.g2afse.com/sl?id=5dca95883bf47917e8f2530d&pid=112&sub5=[conversion]&sub1=[source] HTTP 302
https://biggerpicture.g2afse.com/sl?id=5dca95883bf47917e8f2530d&pid=112&sub5=[conversion]&sub1=[source] HTTP 302
https://biggerpicture.g2afse.com/click?pid=1&offer_id=188 HTTP 302
https://armr.trckswrm.com/recommendation?rec_link_id=306&pub_id=154 Page URL
http://bercioles.com/redirect?id=82&auth=82ead305c138eb8fefc6187658dc9b5e4d67d425&sid=154&clk=ArrOOh4AAAF8khv3pgAAAlEAAACaAAABMg Page URL
https://poqueras.com/noid/slope?lame=2H9bknzlz6BNNCcn10k5gQ%3D%3D Page URL
https://sylvinanorrey.com/l/12951695aa65a83b3992?source=65798hgddtt&wnw=false HTTP 302
https://trk139.zzperform.com/l/12951695aa65a83b3992.js?source=65798hgddtt&wnw=false Page URL
https://trk139.zzperform.com/l/12951695aa65a83b3992.js?source=65798hgddtt&wnw=false&code=10Y3VvBDU7OTs9PEJDQ0ZARzkBdXVnBm92CH9vfQ0-RA9pZWMENTYGd3R9C1d1e4OHIHk6OWM7Ogd8bHIMDHaFEDE3MjMEbm4IOTs6OwxuhRAxNzIzBGZuCDk7OjsMgYgQMAFkeG1pBwdrdG8MPQ1xemMCMgNzd3R7CQmAeXAOVX5vaG5oJE50ajYJcn5ycA.DcnZnA2p3cwhuanZ.cQ2DcAFOcX1tcXJoNz44Oyw1ZXhuZXF6dyVUWyg6Ojk8SC5maW84Nz8lfj08MipMfH16dFdmZE5teTU8O0A4PkItNlpIVU9PMCVycHNuKlJxcHl.KSFFa3Z0c2w3Qj05PDtCRDc4MDk3JVlobmp8dDtCQUYuNDgDZXsHPwhtdwxEDW9DMwIyMzU1NjgIaj4-DT0.D3NnAzM0NTYHbm8LPD09DnJoZQM0BGtyfQlva3d-cg5yaG4DNDU2BnN2cAs8PD0.D3N1dGoFNjc4OTo7Owx8gXJwdgMDdHdqen1rCz08PUE-MTE5A2l7cnUJPD0LfnJ0EGh1dnN3PzU2eHh7gHF-b4IuZHFwMwV4aWtsCzw8P0NAMTY1A2dzencJCYF5eQ4OhmdteARNc3psdClTeW87DnJkaAM0NTY3ODk6Ozs8PT9AMDEzNDU2Nzg5Ojs8PT4-QDEyMzM1Njc4OTo7PD0.Pz8xMjM0NTY3ODk6Ozw9Pj9AMTEzA2duewg5Ojs7PT4-QDEyMzQ1Njc4ODo6PD0.P0AAeHd3BXw0N0OAOGRCY2RKdy90N3JzdHVDgDh3QHt8fW48eTF4O3tCfzdPVnlFZA9rbXBqBWp0NF1cRXB6DYCDdAIyA3BmdQgIcXZ.DT0OfXQCMzQ0NTc3ODo7C4NxD0AxMWQ1BGh4fwlMcn17enMvUEVII1Rxe25xd4Z0eoFzgW5ibjB0aWw0fnJvgnF-SVJoc3FwaSVWS04pYHRxhHOBfG5qbWpnc2tvbHB1bm9.cGVwbHJqdG52bW9xdHF1eHBpPFBkeG58bChMdnRxe4KLaW92aHZzZ3M1d2tueDp.e3Voa3EEeGlrCTs.C399chAyNQJndHcHOAh3bW8NRjxEAG52cwU2Ow__&_tdf=29 HTTP 302
https://trk139.zzperform.com/gw.js?source=65798hgddtt&url=https%3A%2F%2Fck.adsjoy.com%2Fads%2Fad.php%3Fzid%3D151753%26opm%3D5071%26visitor_id%3Dbmconv_20211018083439_e802ccf4_65b7_4ba0_9064_56f407dacef5%26pubid%3D579_65798hgddtt&vId=bmconv_20211018083439_e802ccf4_65b7_4ba0_9064_56f407dacef5&hash=12951695aa65a83b3992&ete=true Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 2

https://click.expmediadirect1.com/click?i=fJcQi55ZGXY_0 HTTP 302
http://biggerpicture.g2afse.com/sl?id=5dca95883bf47917e8f2530d&pid=112&sub5=[conversion]&sub1=[source] HTTP 302
https://biggerpicture.g2afse.com/sl?id=5dca95883bf47917e8f2530d&pid=112&sub5=[conversion]&sub1=[source] HTTP 302
https://biggerpicture.g2afse.com/click?pid=1&offer_id=188 HTTP 302
https://armr.trckswrm.com/recommendation?rec_link_id=306&pub_id=154

Request Chain 5

https://sylvinanorrey.com/l/12951695aa65a83b3992?source=65798hgddtt&wnw=false HTTP 302
https://trk139.zzperform.com/l/12951695aa65a83b3992.js?source=65798hgddtt&wnw=false

Request Chain 6

https://ck.adsjoy.com/ads/ad.php?zid=151753&opm=5071&visitor_id=bmconv_20211018083439_e802ccf4_65b7_4ba0_9064_56f407dacef5&pubid=579_65798hgddtt HTTP 302
https://mixupdef.com/i/8759?nsid=o1515175357&partner_subid=8611120100003315175318120450716b27c60506cf

9 HTTP transactions
-1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	/ Show response uqisvrddsi.duc.kdns.org/	2 KB 2 KB	794ms 417ms	Document text/html	2607:fad0:3801:4::1 LIQUIDWEB
General Check archive.org Show headers Download Go to Full URL https://uqisvrddsi.duc.kdns.org/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2607:fad0:3801:4::1 , United States, ASN32244 (LIQUIDWEB, US), Reverse DNS Software Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 / PHP/5.4.16 Resource Hash `09ea3d63b4b66da2eb224301392cf796fcdc45fc4144c466eb7b7e23d1f11522` Request headers Host uqisvrddsi.duc.kdns.org Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept-Language de-DE,de;q=0.9 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site none Sec-Fetch-Mode navigate Sec-Fetch-User ?1 Sec-Fetch-Dest document Accept-Encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept-Language de-DE,de;q=0.9 Response headers Date Mon, 18 Oct 2021 06:34:37 GMT Server Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 X-Powered-By PHP/5.4.16 Keep-Alive timeout=5, max=100 Connection Keep-Alive Transfer-Encoding chunked Content-Type text/html; charset=UTF-8
GET H/1.1	200 OK	bouncy.php Show response uqisvrddsi.duc.kdns.org/page/	691 B 975 B	135ms 135ms	Document text/html	2607:fad0:3801:4::1 LIQUIDWEB
General Check archive.org Show headers Download Go to Full URL https://uqisvrddsi.duc.kdns.org/page/bouncy.php?&bpae=GbhGdr0mpUx%2Fj3NU5kxnvD5gG%2B8nbyGO9nBIByEXS6hhT%2F9SRqGLfhyeu8EVHIcoRGBke5F1y3V25nlfNeEF8XEPKx0%2BkKRpstwhkcqT4xYVb8NzFO%2B3vWR1F%2BxFbCsGCVnvbV1oscmcIqwrUPY%2Byvkya2uV6IUGjhukLN4%2BW6usoMXctnvZv2G7kP7AEB%2Becv58MxYjX7fkBpMpsEqFiG4y34yV6wmyWAZw%2FbusmddzXylniK7VWxJamKht3005KzmqIYCuAE519sU6avp6QxPX77eBtJ7ShNQ8dO%2BHF3wrIFAGo4oB1V5JLpNbd8%2F9LcBkEiq80UNgWHkztJ5T%2BSGl1MCZ5Jvo0Q1p6Q0YKfSolc0TG1fa6wma%2Bp9Y1ri0gNgBDIWcMzsCSOpMtELOYesnI%2BCBjlQbs9tC&redirectType=js&inIframe=false&inPopUp=false Requested by Host: uqisvrddsi.duc.kdns.org URL: https://uqisvrddsi.duc.kdns.org/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2607:fad0:3801:4::1 , United States, ASN32244 (LIQUIDWEB, US), Reverse DNS Software Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 / PHP/5.4.16 Resource Hash `208bd2032680418297a5ae9a376ac87d9b26fafccee98389537d2832669b2e1f` Request headers Host uqisvrddsi.duc.kdns.org Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept-Language de-DE,de;q=0.9 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site same-origin Sec-Fetch-Mode navigate Sec-Fetch-Dest document Referer https://uqisvrddsi.duc.kdns.org/ Accept-Encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://uqisvrddsi.duc.kdns.org/ Response headers Date Mon, 18 Oct 2021 06:34:38 GMT Server Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 X-Powered-By PHP/5.4.16 Keep-Alive timeout=5, max=99 Connection Keep-Alive Transfer-Encoding chunked Content-Type text/html; charset=UTF-8
GET H/1.1	200 OK	recommendation Show response armr.trckswrm.com/ Redirect Chain https://click.expmediadirect1.com/click?i=fJcQi55ZGXY_0 http://biggerpicture.g2afse.com/sl?id=5dca95883bf47917e8f2530d&pid=112&sub5=[conversion]&sub1=[source] https://biggerpicture.g2afse.com/sl?id=5dca95883bf47917e8f2530d&pid=112&sub5=[conversion]&sub1=[source] https://biggerpicture.g2afse.com/click?pid=1&offer_id=188 https://armr.trckswrm.com/recommendation?rec_link_id=306&pub_id=154	211 B 288 B	25ms 3ms	Document text/html	116.202.135.115 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://armr.trckswrm.com/recommendation?rec_link_id=306&pub_id=154 Requested by Host: uqisvrddsi.duc.kdns.org URL: https://uqisvrddsi.duc.kdns.org/page/bouncy.php?&bpae=GbhGdr0mpUx%2Fj3NU5kxnvD5gG%2B8nbyGO9nBIByEXS6hhT%2F9SRqGLfhyeu8EVHIcoRGBke5F1y3V25nlfNeEF8XEPKx0%2BkKRpstwhkcqT4xYVb8NzFO%2B3vWR1F%2BxFbCsGCVnvbV1oscmcIqwrUPY%2Byvkya2uV6IUGjhukLN4%2BW6usoMXctnvZv2G7kP7AEB%2Becv58MxYjX7fkBpMpsEqFiG4y34yV6wmyWAZw%2FbusmddzXylniK7VWxJamKht3005KzmqIYCuAE519sU6avp6QxPX77eBtJ7ShNQ8dO%2BHF3wrIFAGo4oB1V5JLpNbd8%2F9LcBkEiq80UNgWHkztJ5T%2BSGl1MCZ5Jvo0Q1p6Q0YKfSolc0TG1fa6wma%2Bp9Y1ri0gNgBDIWcMzsCSOpMtELOYesnI%2BCBjlQbs9tC&redirectType=js&inIframe=false&inPopUp=false Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 116.202.135.115 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.115.135.202.116.clients.your-server.de Software / Resource Hash `30c67a9b8b80ba21d840104f832d15ac849cc096f85356d4e12b654bd75d050f` Request headers Host armr.trckswrm.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept-Language de-DE,de;q=0.9 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site cross-site Sec-Fetch-Mode navigate Sec-Fetch-Dest document Accept-Encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://uqisvrddsi.duc.kdns.org/page/bouncy.php?&bpae=GbhGdr0mpUx%2Fj3NU5kxnvD5gG%2B8nbyGO9nBIByEXS6hhT%2F9SRqGLfhyeu8EVHIcoRGBke5F1y3V25nlfNeEF8XEPKx0%2BkKRpstwhkcqT4xYVb8NzFO%2B3vWR1F%2BxFbCsGCVnvbV1oscmcIqwrUPY%2Byvkya2uV6IUGjhukLN4%2BW6usoMXctnvZv2G7kP7AEB%2Becv58MxYjX7fkBpMpsEqFiG4y34yV6wmyWAZw%2FbusmddzXylniK7VWxJamKht3005KzmqIYCuAE519sU6avp6QxPX77eBtJ7ShNQ8dO%2BHF3wrIFAGo4oB1V5JLpNbd8%2F9LcBkEiq80UNgWHkztJ5T%2BSGl1MCZ5Jvo0Q1p6Q0YKfSolc0TG1fa6wma%2Bp9Y1ri0gNgBDIWcMzsCSOpMtELOYesnI%2BCBjlQbs9tC&redirectType=js&inIframe=false&inPopUp=false Response headers content-length 211 date Mon, 18 Oct 2021 06:34:38 GMT Redirect headers server nginx date Mon, 18 Oct 2021 06:34:38 GMT content-length 0 location https://armr.trckswrm.com/recommendation?rec_link_id=306&pub_id=154 set-cookie afclick=616d157eb1e3330001ddb3af; expires=Tue, 18 Oct 2022 06:34:38 GMT; secure; SameSite=None afoffers={"188":1634538878}; expires=Tue, 18 Oct 2022 06:34:38 GMT; secure; SameSite=None access-control-allow-origin *
GET H/1.1	200 OK	redirect Show response bercioles.com/	1 KB 1 KB	125ms 114ms	Document text/html	104.21.80.230 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://bercioles.com/redirect?id=82&auth=82ead305c138eb8fefc6187658dc9b5e4d67d425&sid=154&clk=ArrOOh4AAAF8khv3pgAAAlEAAACaAAABMg Requested by Host: armr.trckswrm.com URL: https://armr.trckswrm.com/recommendation?rec_link_id=306&pub_id=154 Protocol HTTP/1.1 Server 104.21.80.230 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `d9177fde3bbea6a2de818825ee0467d9b1758fdfc79e75bbf8029033b215c248` Request headers Host bercioles.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept-Language de-DE,de;q=0.9 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept-Language de-DE,de;q=0.9 Response headers Date Mon, 18 Oct 2021 06:34:39 GMT Content-Type text/html;charset=utf-8 Transfer-Encoding chunked Connection keep-alive referrer-policy origin vary accept-encoding CF-Cache-Status DYNAMIC Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jghnEzFnEL48HuBMiG%2FcdGBv9luveoLXLlSabNZcKCmCb2h3IjWQ63%2BT0XTz8CWGo1uuN5Q91lVwJ97nnW86QoXhr%2B9bvW9kZ3A3U3ZqAyQfU38ZCcPS0WqADxaaM24l"}],"group":"cf-nel","max_age":604800} NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server cloudflare CF-RAY 69ffbdf958a15c6e-FRA Content-Encoding gzip alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
GET H2	200	slope poqueras.com/noid/	1 KB 1 KB	56ms 30ms	Document text/html	172.67.171.70 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://poqueras.com/noid/slope?lame=2H9bknzlz6BNNCcn10k5gQ%3D%3D Requested by Host: bercioles.com URL: http://bercioles.com/redirect?id=82&auth=82ead305c138eb8fefc6187658dc9b5e4d67d425&sid=154&clk=ArrOOh4AAAF8khv3pgAAAlEAAACaAAABMg Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.171.70 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers :method GET :authority poqueras.com :scheme https :path /noid/slope?lame=2H9bknzlz6BNNCcn10k5gQ%3D%3D pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 accept-language de-DE,de;q=0.9 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate sec-fetch-dest document referer http://bercioles.com/ accept-encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer http://bercioles.com/ Response headers date Mon, 18 Oct 2021 06:34:39 GMT content-type text/html;charset=ISO-8859-1 referrer-policy origin cache-control no-store, no-cache vary accept-encoding cf-cache-status DYNAMIC expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vc90tfzN2NBlK%2BMv6bM9ELx3ziJILMLS9%2Fm9ozpT5wqLX5KQTvmMrGd1QrLFNNmWJ77IFChT3kjlfgKQCZluxpoHQw4zmZzMrT6O6zpWOUD6CU3%2F%2B7ehstW9jI2zhbQ%3D"}],"group":"cf-nel","max_age":604800} nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare cf-ray 69ffbdfaad7242e1-FRA content-encoding br alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
GET H2	200	12951695aa65a83b3992.js Show response trk139.zzperform.com/l/ Redirect Chain https://sylvinanorrey.com/l/12951695aa65a83b3992?source=65798hgddtt&wnw=false https://trk139.zzperform.com/l/12951695aa65a83b3992.js?source=65798hgddtt&wnw=false	36 KB 12 KB	53ms 16ms	Document text/html	2606:4700:3034::ac43:d3cd CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://trk139.zzperform.com/l/12951695aa65a83b3992.js?source=65798hgddtt&wnw=false Requested by Host: poqueras.com URL: https://poqueras.com/noid/slope?lame=2H9bknzlz6BNNCcn10k5gQ%3D%3D Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3034::ac43:d3cd , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `29eddce2034a37edddd7b743551f12f50cddbdf80690919b7e597bb78e5b416a` Request headers :method GET :authority trk139.zzperform.com :scheme https :path /l/12951695aa65a83b3992.js?source=65798hgddtt&wnw=false pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 accept-language de-DE,de;q=0.9 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate sec-fetch-dest document referer https://poqueras.com/ accept-encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://poqueras.com/noid/slope?lame=2H9bknzlz6BNNCcn10k5gQ%3D%3D Response headers date Mon, 18 Oct 2021 06:34:39 GMT content-type text/html last-modified Fri, 08 Jan 2021 14:59:37 GMT expires Thu, 31 Dec 2037 23:55:55 GMT cache-control max-age=315360000 cf-cache-status HIT age 2048 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fGS0E1zHNHXsVuGXffO3N2A2%2BbrXHbcYCI%2F1EdvohY4EVsEhd%2FouBxqSpbkT%2FRXPOqjeJaLeYqs11NfxEFTXD39I7RCciL4SOpKmJ051dcdATMBt0J%2BIQ1CzU2g0C3HgPvnhvxX5%2BFtAtP14IGbH7yTJMA%3D%3D"}],"group":"cf-nel","max_age":604800} nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary Accept-Encoding server cloudflare cf-ray 69ffbdfb7c284ed9-FRA content-encoding br alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Redirect headers date Mon, 18 Oct 2021 06:34:39 GMT cache-control private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 expires Thu, 01 Jan 1970 00:00:01 GMT location https://trk139.zzperform.com/l/12951695aa65a83b3992.js?source=65798hgddtt&wnw=false expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" set-cookie __cf_bm=.CZlPpWAaWUBEXfQyTn_JiKbQzgq.rtdSIEDlScrTEk-1634538879-0-AbKeWJj6uTUuyKhZ/c4Vny2U5LE5BdU4GQw7BNEBRlw7WfwRN0yZRlzYNiaeJxylxhEimq5uSXvaP+uGldNxueg=; path=/; expires=Mon, 18-Oct-21 07:04:39 GMT; domain=.sylvinanorrey.com; HttpOnly; Secure; SameSite=None report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wKCG3qfeoyAkm5Hn%2Bz3ejczEwRguPUjrAX2TyvKBzBuwCCy16QwcD3Hgbe4BOiUS4iq3ANeIkZAwW7mwegZ7PaKDKDAhu8TDi%2FcJwl2sj3i1TDOQFssHubWDZc%2BH0FR0WUqEkEDWk%2FQE6EbLgqR9Kg%3D%3D"}],"group":"cf-nel","max_age":604800} nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary Accept-Encoding server cloudflare cf-ray 69ffbdfb2ff5704b-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
GET H2	200	Primary Request gw.js Show response trk139.zzperform.com/ Redirect Chain https://trk139.zzperform.com/l/12951695aa65a83b3992.js?source=65798hgddtt&wnw=false&code=10Y3VvBDU7OTs9PEJDQ0ZARzkBdXVnBm92CH9vfQ0-RA9pZWMENTYGd3R9C1d1e4OHIHk6OWM7Ogd8bHIMDHaFEDE3MjMEbm4IOTs6OwxuhR... https://trk139.zzperform.com/gw.js?source=65798hgddtt&url=https%3A%2F%2Fck.adsjoy.com%2Fads%2Fad.php%3Fzid%3D151753%26opm%3D5071%26visitor_id%3Dbmconv_20211018083439_e802ccf4_65b7_4ba0_9064_56f407d...	1 KB 1004 B	14ms 13ms	Document text/html	2606:4700:3034::ac43:d3cd CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://trk139.zzperform.com/gw.js?source=65798hgddtt&url=https%3A%2F%2Fck.adsjoy.com%2Fads%2Fad.php%3Fzid%3D151753%26opm%3D5071%26visitor_id%3Dbmconv_20211018083439_e802ccf4_65b7_4ba0_9064_56f407dacef5%26pubid%3D579_65798hgddtt&vId=bmconv_20211018083439_e802ccf4_65b7_4ba0_9064_56f407dacef5&hash=12951695aa65a83b3992&ete=true Requested by Host: uqisvrddsi.duc.kdns.org URL: https://uqisvrddsi.duc.kdns.org/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3034::ac43:d3cd , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `e13ed77dfeaa6337766a94370d26a84f27097e38ef8aeb897f3cdcb5a39e2b4b` Request headers :method GET :authority trk139.zzperform.com :scheme https :path /gw.js?source=65798hgddtt&url=https%3A%2F%2Fck.adsjoy.com%2Fads%2Fad.php%3Fzid%3D151753%26opm%3D5071%26visitor_id%3Dbmconv_20211018083439_e802ccf4_65b7_4ba0_9064_56f407dacef5%26pubid%3D579_65798hgddtt&vId=bmconv_20211018083439_e802ccf4_65b7_4ba0_9064_56f407dacef5&hash=12951695aa65a83b3992&ete=true pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 accept-language de-DE,de;q=0.9 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site same-origin sec-fetch-mode navigate sec-fetch-dest document referer https://trk139.zzperform.com/l/12951695aa65a83b3992.js?source=65798hgddtt&wnw=false accept-encoding gzip, deflate, br cookie BSESSID=trkbfef82b6-094f-4ffb-a42f-2ca0dd796cd1 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://trk139.zzperform.com/l/12951695aa65a83b3992.js?source=65798hgddtt&wnw=false Response headers date Mon, 18 Oct 2021 06:34:39 GMT content-type text/html last-modified Fri, 27 Mar 2020 14:30:13 GMT expires Thu, 31 Dec 2037 23:55:55 GMT cache-control max-age=315360000 cf-cache-status HIT age 2069 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HZUjgmLx1t%2ByinvwoZ5rScW83pZhEUPYC8zJoeuFpqdEBp94q4YNNMP3HpJdto4tdcBhqoXICddZk6AueINxmRPPTuYjXIiE1KQELYK%2F1IDLP06JDqRqRnNbsQSBGUYi64SaL8Y7CNKT7kz6QrpaCHbghA%3D%3D"}],"group":"cf-nel","max_age":604800} nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary Accept-Encoding server cloudflare cf-ray 69ffbdfc2d544ed9-FRA content-encoding br alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Redirect headers date Mon, 18 Oct 2021 06:34:39 GMT location https://trk139.zzperform.com/gw.js?source=65798hgddtt&url=https%3A%2F%2Fck.adsjoy.com%2Fads%2Fad.php%3Fzid%3D151753%26opm%3D5071%26visitor_id%3Dbmconv_20211018083439_e802ccf4_65b7_4ba0_9064_56f407dacef5%26pubid%3D579_65798hgddtt&vId=bmconv_20211018083439_e802ccf4_65b7_4ba0_9064_56f407dacef5&hash=12951695aa65a83b3992&ete=true cache-control private, max-age=0, no-cache, no-store, must-revalidate pragma no-cache set-cookie BSESSID=trkbfef82b6-094f-4ffb-a42f-2ca0dd796cd1; Max-Age=63072000; Expires=Wed, 18 Oct 2023 06:34:39 GMT; Path=/ cf-cache-status DYNAMIC expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=58FC6OYrS%2FM6eE2AudN2ZOcHqPaf7b40FvQB48s5GoZdH8bJwgXdLraowwxaV%2FaN8uxrTCqv0kdrA7fk2qoPeG9Mw1QTO%2BbvDSd19yMoVYiZ74iLIgNXLBNTr6Ry%2FCnZhSz0avEIszCGfL8zi9M2hURcBQ%3D%3D"}],"group":"cf-nel","max_age":604800} nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare cf-ray 69ffbdfbecdf4ed9-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
GET		8759 mixupdef.com/i/ Redirect Chain https://ck.adsjoy.com/ads/ad.php?zid=151753&opm=5071&visitor_id=bmconv_20211018083439_e802ccf4_65b7_4ba0_9064_56f407dacef5&pubid=579_65798hgddtt https://mixupdef.com/i/8759?nsid=o1515175357&partner_subid=8611120100003315175318120450716b27c60506cf	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: mixupdef.com
URL: https://mixupdef.com/i/8759?nsid=o1515175357&partner_subid=8611120100003315175318120450716b27c60506cf

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
biggerpicture.g2afse.com/	1970-01-20 06:47:54	Name: afclick Value: 616d157eb1e3330001ddb3af
biggerpicture.g2afse.com/	1970-01-20 06:47:54	Name: afoffers Value: {"188":1634538878}
.sylvinanorrey.com/	1970-01-19 22:02:20	Name: __cf_bm Value: .CZlPpWAaWUBEXfQyTn_JiKbQzgq.rtdSIEDlScrTEk-1634538879-0-AbKeWJj6uTUuyKhZ/c4Vny2U5LE5BdU4GQw7BNEBRlw7WfwRN0yZRlzYNiaeJxylxhEimq5uSXvaP+uGldNxueg=
trk139.zzperform.com/	1970-01-20 15:33:30	Name: BSESSID Value: trkbfef82b6-094f-4ffb-a42f-2ca0dd796cd1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

armr.trckswrm.com
bercioles.com
biggerpicture.g2afse.com
click.expmediadirect1.com
mixupdef.com
poqueras.com
sylvinanorrey.com
trk139.zzperform.com
uqisvrddsi.duc.kdns.org
mixupdef.com
104.21.80.230
116.202.135.115
172.67.171.70
198.134.116.30
213.227.135.229
2606:4700:3034::ac43:d3cd
2606:4700:3036::6815:5d52
2607:fad0:3801:4::1
09ea3d63b4b66da2eb224301392cf796fcdc45fc4144c466eb7b7e23d1f11522
208bd2032680418297a5ae9a376ac87d9b26fafccee98389537d2832669b2e1f
29eddce2034a37edddd7b743551f12f50cddbdf80690919b7e597bb78e5b416a
30c67a9b8b80ba21d840104f832d15ac849cc096f85356d4e12b654bd75d050f
d9177fde3bbea6a2de818825ee0467d9b1758fdfc79e75bbf8029033b215c248
e13ed77dfeaa6337766a94370d26a84f27097e38ef8aeb897f3cdcb5a39e2b4b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

trk139.zzperform.com Open in urlscan Pro 2606:4700:3034::ac43:d3cd Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

9 Requests

44 %HTTPS

38 %IPv6

9 Domains

9 Subdomains

6 IPs

4 Countries

19 kBTransfer

43 kBSize

4 Cookies

0 Outgoing links

Page URL History

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all -1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Failed requests

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

4 Cookies

Indicators

trk139.zzperform.com Open in urlscan Pro
2606:4700:3034::ac43:d3cd Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

44 %
HTTPS

38 %
IPv6

9
Domains

9
Subdomains

6
IPs

4
Countries

19 kB
Transfer

43 kB
Size

4
Cookies

9 HTTP transactions
-1 data transactions