![](/screenshots/3a37fa91-5b98-4ccd-a650-c75a188fb743.png)
trk139.zzperform.com
Open in
urlscan Pro
2606:4700:3034::ac43:d3cd
Public Scan
Effective URL: https://trk139.zzperform.com/gw.js?source=65798hgddtt&url=https%3A%2F%2Fck.adsjoy.com%2Fads%2Fad.php%3Fzid%3D151753%26opm%3D5...
Submission Tags: krdprod
Submission: On October 18 via api from JP — Scanned from DE
Summary
TLS certificate: Issued by R3 on October 15th 2021. Valid for: 3 months.
This is the only time trk139.zzperform.com was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 | 2607:fad0:380... 2607:fad0:3801:4::1 | 32244 (LIQUIDWEB) (LIQUIDWEB) | |
1 1 | 198.134.116.30 198.134.116.30 | 27257 (WEBAIR-IN...) (WEBAIR-INTERNET) | |
3 3 | 213.227.135.229 213.227.135.229 | 60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands) | |
1 | 116.202.135.115 116.202.135.115 | 24940 (HETZNER-AS) (HETZNER-AS) | |
1 | 104.21.80.230 104.21.80.230 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 172.67.171.70 172.67.171.70 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 1 | 2606:4700:303... 2606:4700:3036::6815:5d52 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 3 | 2606:4700:303... 2606:4700:3034::ac43:d3cd | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
9 | 6 |
ASN27257 (WEBAIR-INTERNET, US)
click.expmediadirect1.com |
ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
biggerpicture.g2afse.com |
ASN24940 (HETZNER-AS, DE)
PTR: static.115.135.202.116.clients.your-server.de
armr.trckswrm.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
3 |
zzperform.com
1 redirects
trk139.zzperform.com |
14 KB |
3 |
g2afse.com
3 redirects
biggerpicture.g2afse.com |
664 B |
2 |
kdns.org
uqisvrddsi.duc.kdns.org |
3 KB |
1 |
sylvinanorrey.com
1 redirects
sylvinanorrey.com |
885 B |
1 |
poqueras.com
poqueras.com |
1 KB |
1 |
bercioles.com
bercioles.com |
1 KB |
1 |
trckswrm.com
armr.trckswrm.com |
288 B |
1 |
expmediadirect1.com
1 redirects
click.expmediadirect1.com |
282 B |
0 |
mixupdef.com
Failed
mixupdef.com Failed |
|
9 | 9 |
Domain | Requested by | |
---|---|---|
3 | trk139.zzperform.com |
1 redirects
poqueras.com
uqisvrddsi.duc.kdns.org |
3 | biggerpicture.g2afse.com | 3 redirects |
2 | uqisvrddsi.duc.kdns.org |
uqisvrddsi.duc.kdns.org
|
1 | sylvinanorrey.com | 1 redirects |
1 | poqueras.com |
bercioles.com
|
1 | bercioles.com |
armr.trckswrm.com
|
1 | armr.trckswrm.com |
uqisvrddsi.duc.kdns.org
|
1 | click.expmediadirect1.com | 1 redirects |
0 | mixupdef.com Failed |
trk139.zzperform.com
|
9 | 9 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
centos7.template.liquidweb.com centos7.template.liquidweb.com |
2017-03-02 - 2018-03-02 |
a year | crt.sh |
armr.trckswrm.com ZeroSSL RSA Domain Secure Site CA |
2021-10-01 - 2021-12-30 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2021-10-10 - 2022-10-09 |
a year | crt.sh |
*.zzperform.com R3 |
2021-10-15 - 2022-01-13 |
3 months | crt.sh |
This page contains 1 frames:
Frame:
https://mixupdef.com/i/8759?nsid=o1515175357&partner_subid=8611120100003315175318120450716b27c60506cf
Frame ID: 3BC72D13716A559EBD7A40DDE0A157E7
Requests: 8 HTTP requests in this frame
Screenshot
![](/screenshots/3a37fa91-5b98-4ccd-a650-c75a188fb743.png)
Page URL History Show full URLs
- https://uqisvrddsi.duc.kdns.org/ Page URL
- https://uqisvrddsi.duc.kdns.org/page/bouncy.php?&bpae=GbhGdr0mpUx%2Fj3NU5kxnvD5gG%2B8nbyGO9nBIByEXS6hhT%2F9S... Page URL
-
https://click.expmediadirect1.com/click?i=fJcQi55ZGXY_0
HTTP 302
http://biggerpicture.g2afse.com/sl?id=5dca95883bf47917e8f2530d&pid=112&sub5=[conversion]&sub1=[source] HTTP 302
https://biggerpicture.g2afse.com/sl?id=5dca95883bf47917e8f2530d&pid=112&sub5=[conversion]&sub1=[source] HTTP 302
https://biggerpicture.g2afse.com/click?pid=1&offer_id=188 HTTP 302
https://armr.trckswrm.com/recommendation?rec_link_id=306&pub_id=154 Page URL
- http://bercioles.com/redirect?id=82&auth=82ead305c138eb8fefc6187658dc9b5e4d67d425&sid=154&clk=Arr... Page URL
- https://poqueras.com/noid/slope?lame=2H9bknzlz6BNNCcn10k5gQ%3D%3D Page URL
-
https://sylvinanorrey.com/l/12951695aa65a83b3992?source=65798hgddtt&wnw=false
HTTP 302
https://trk139.zzperform.com/l/12951695aa65a83b3992.js?source=65798hgddtt&wnw=false Page URL
-
https://trk139.zzperform.com/l/12951695aa65a83b3992.js?source=65798hgddtt&wnw=false&code=10Y3VvBDU7OTs9PE...
HTTP 302
https://trk139.zzperform.com/gw.js?source=65798hgddtt&url=https%3A%2F%2Fck.adsjoy.com%2Fads%2Fad.php%3Fzi... Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://uqisvrddsi.duc.kdns.org/ Page URL
- https://uqisvrddsi.duc.kdns.org/page/bouncy.php?&bpae=GbhGdr0mpUx%2Fj3NU5kxnvD5gG%2B8nbyGO9nBIByEXS6hhT%2F9SRqGLfhyeu8EVHIcoRGBke5F1y3V25nlfNeEF8XEPKx0%2BkKRpstwhkcqT4xYVb8NzFO%2B3vWR1F%2BxFbCsGCVnvbV1oscmcIqwrUPY%2Byvkya2uV6IUGjhukLN4%2BW6usoMXctnvZv2G7kP7AEB%2Becv58MxYjX7fkBpMpsEqFiG4y34yV6wmyWAZw%2FbusmddzXylniK7VWxJamKht3005KzmqIYCuAE519sU6avp6QxPX77eBtJ7ShNQ8dO%2BHF3wrIFAGo4oB1V5JLpNbd8%2F9LcBkEiq80UNgWHkztJ5T%2BSGl1MCZ5Jvo0Q1p6Q0YKfSolc0TG1fa6wma%2Bp9Y1ri0gNgBDIWcMzsCSOpMtELOYesnI%2BCBjlQbs9tC&redirectType=js&inIframe=false&inPopUp=false Page URL
-
https://click.expmediadirect1.com/click?i=fJcQi55ZGXY_0
HTTP 302
http://biggerpicture.g2afse.com/sl?id=5dca95883bf47917e8f2530d&pid=112&sub5=[conversion]&sub1=[source] HTTP 302
https://biggerpicture.g2afse.com/sl?id=5dca95883bf47917e8f2530d&pid=112&sub5=[conversion]&sub1=[source] HTTP 302
https://biggerpicture.g2afse.com/click?pid=1&offer_id=188 HTTP 302
https://armr.trckswrm.com/recommendation?rec_link_id=306&pub_id=154 Page URL
- http://bercioles.com/redirect?id=82&auth=82ead305c138eb8fefc6187658dc9b5e4d67d425&sid=154&clk=ArrOOh4AAAF8khv3pgAAAlEAAACaAAABMg Page URL
- https://poqueras.com/noid/slope?lame=2H9bknzlz6BNNCcn10k5gQ%3D%3D Page URL
-
https://sylvinanorrey.com/l/12951695aa65a83b3992?source=65798hgddtt&wnw=false
HTTP 302
https://trk139.zzperform.com/l/12951695aa65a83b3992.js?source=65798hgddtt&wnw=false Page URL
-
https://trk139.zzperform.com/l/12951695aa65a83b3992.js?source=65798hgddtt&wnw=false&code=10Y3VvBDU7OTs9PEJDQ0ZARzkBdXVnBm92CH9vfQ0-RA9pZWMENTYGd3R9C1d1e4OHIHk6OWM7Ogd8bHIMDHaFEDE3MjMEbm4IOTs6OwxuhRAxNzIzBGZuCDk7OjsMgYgQMAFkeG1pBwdrdG8MPQ1xemMCMgNzd3R7CQmAeXAOVX5vaG5oJE50ajYJcn5ycA.DcnZnA2p3cwhuanZ.cQ2DcAFOcX1tcXJoNz44Oyw1ZXhuZXF6dyVUWyg6Ojk8SC5maW84Nz8lfj08MipMfH16dFdmZE5teTU8O0A4PkItNlpIVU9PMCVycHNuKlJxcHl.KSFFa3Z0c2w3Qj05PDtCRDc4MDk3JVlobmp8dDtCQUYuNDgDZXsHPwhtdwxEDW9DMwIyMzU1NjgIaj4-DT0.D3NnAzM0NTYHbm8LPD09DnJoZQM0BGtyfQlva3d-cg5yaG4DNDU2BnN2cAs8PD0.D3N1dGoFNjc4OTo7Owx8gXJwdgMDdHdqen1rCz08PUE-MTE5A2l7cnUJPD0LfnJ0EGh1dnN3PzU2eHh7gHF-b4IuZHFwMwV4aWtsCzw8P0NAMTY1A2dzencJCYF5eQ4OhmdteARNc3psdClTeW87DnJkaAM0NTY3ODk6Ozs8PT9AMDEzNDU2Nzg5Ojs8PT4-QDEyMzM1Njc4OTo7PD0.Pz8xMjM0NTY3ODk6Ozw9Pj9AMTEzA2duewg5Ojs7PT4-QDEyMzQ1Njc4ODo6PD0.P0AAeHd3BXw0N0OAOGRCY2RKdy90N3JzdHVDgDh3QHt8fW48eTF4O3tCfzdPVnlFZA9rbXBqBWp0NF1cRXB6DYCDdAIyA3BmdQgIcXZ.DT0OfXQCMzQ0NTc3ODo7C4NxD0AxMWQ1BGh4fwlMcn17enMvUEVII1Rxe25xd4Z0eoFzgW5ibjB0aWw0fnJvgnF-SVJoc3FwaSVWS04pYHRxhHOBfG5qbWpnc2tvbHB1bm9.cGVwbHJqdG52bW9xdHF1eHBpPFBkeG58bChMdnRxe4KLaW92aHZzZ3M1d2tueDp.e3Voa3EEeGlrCTs.C399chAyNQJndHcHOAh3bW8NRjxEAG52cwU2Ow__&_tdf=29
HTTP 302
https://trk139.zzperform.com/gw.js?source=65798hgddtt&url=https%3A%2F%2Fck.adsjoy.com%2Fads%2Fad.php%3Fzid%3D151753%26opm%3D5071%26visitor_id%3Dbmconv_20211018083439_e802ccf4_65b7_4ba0_9064_56f407dacef5%26pubid%3D579_65798hgddtt&vId=bmconv_20211018083439_e802ccf4_65b7_4ba0_9064_56f407dacef5&hash=12951695aa65a83b3992&ete=true Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 2- https://click.expmediadirect1.com/click?i=fJcQi55ZGXY_0 HTTP 302
- http://biggerpicture.g2afse.com/sl?id=5dca95883bf47917e8f2530d&pid=112&sub5=[conversion]&sub1=[source] HTTP 302
- https://biggerpicture.g2afse.com/sl?id=5dca95883bf47917e8f2530d&pid=112&sub5=[conversion]&sub1=[source] HTTP 302
- https://biggerpicture.g2afse.com/click?pid=1&offer_id=188 HTTP 302
- https://armr.trckswrm.com/recommendation?rec_link_id=306&pub_id=154
- https://sylvinanorrey.com/l/12951695aa65a83b3992?source=65798hgddtt&wnw=false HTTP 302
- https://trk139.zzperform.com/l/12951695aa65a83b3992.js?source=65798hgddtt&wnw=false
- https://ck.adsjoy.com/ads/ad.php?zid=151753&opm=5071&visitor_id=bmconv_20211018083439_e802ccf4_65b7_4ba0_9064_56f407dacef5&pubid=579_65798hgddtt HTTP 302
- https://mixupdef.com/i/8759?nsid=o1515175357&partner_subid=8611120100003315175318120450716b27c60506cf
9 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
uqisvrddsi.duc.kdns.org/ |
2 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bouncy.php
uqisvrddsi.duc.kdns.org/page/ |
691 B 975 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
recommendation
armr.trckswrm.com/ Redirect Chain
|
211 B 288 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
redirect
bercioles.com/ |
1 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
slope
poqueras.com/noid/ |
1 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
12951695aa65a83b3992.js
trk139.zzperform.com/l/ Redirect Chain
|
36 KB 12 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
gw.js
trk139.zzperform.com/ Redirect Chain
|
1 KB 1004 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
8759
mixupdef.com/i/ Redirect Chain
|
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- mixupdef.com
- URL
- https://mixupdef.com/i/8759?nsid=o1515175357&partner_subid=8611120100003315175318120450716b27c60506cf
Verdicts & Comments Add Verdict or Comment
0 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
4 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
biggerpicture.g2afse.com/ | Name: afclick Value: 616d157eb1e3330001ddb3af |
|
biggerpicture.g2afse.com/ | Name: afoffers Value: {"188":1634538878} |
|
.sylvinanorrey.com/ | Name: __cf_bm Value: .CZlPpWAaWUBEXfQyTn_JiKbQzgq.rtdSIEDlScrTEk-1634538879-0-AbKeWJj6uTUuyKhZ/c4Vny2U5LE5BdU4GQw7BNEBRlw7WfwRN0yZRlzYNiaeJxylxhEimq5uSXvaP+uGldNxueg= |
|
trk139.zzperform.com/ | Name: BSESSID Value: trkbfef82b6-094f-4ffb-a42f-2ca0dd796cd1 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
armr.trckswrm.com
bercioles.com
biggerpicture.g2afse.com
click.expmediadirect1.com
mixupdef.com
poqueras.com
sylvinanorrey.com
trk139.zzperform.com
uqisvrddsi.duc.kdns.org
mixupdef.com
104.21.80.230
116.202.135.115
172.67.171.70
198.134.116.30
213.227.135.229
2606:4700:3034::ac43:d3cd
2606:4700:3036::6815:5d52
2607:fad0:3801:4::1
09ea3d63b4b66da2eb224301392cf796fcdc45fc4144c466eb7b7e23d1f11522
208bd2032680418297a5ae9a376ac87d9b26fafccee98389537d2832669b2e1f
29eddce2034a37edddd7b743551f12f50cddbdf80690919b7e597bb78e5b416a
30c67a9b8b80ba21d840104f832d15ac849cc096f85356d4e12b654bd75d050f
d9177fde3bbea6a2de818825ee0467d9b1758fdfc79e75bbf8029033b215c248
e13ed77dfeaa6337766a94370d26a84f27097e38ef8aeb897f3cdcb5a39e2b4b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855