adp13a.com Open in urlscan Pro
172.64.169.26 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://bercioles.com/redirect?id=728&auth=eddc7e8612c215574016be364a6410d8b4b90e30&sid=DvNVq9uh9m1f63TKPJ2DIAI-&clk=0...
Effective URL:
http://adp13a.com/redirect?sid=60015
Submission: On November 17 via manual (November 17th 2022, 10:43:36 am UTC) from GB — Scanned from GB

Summary HTTP 6 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 4 countries across 10 domains to perform 6 HTTP transactions. The main IP is 172.64.169.26, located in and belongs to . The main domain is adp13a.com.

This is the only time adp13a.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	104.21.81.52 104.21.81.52	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	188.114.96.3 188.114.96.3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	2a06:98c1:312... 2a06:98c1:3120::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 3	2606:4700:e0:... 2606:4700:e0::ac40:6212	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 2	51.161.115.163 51.161.115.163	16276 (OVH) (OVH)
1 1	5.161.78.177 5.161.78.177	213230 (HETZNER-C...) (HETZNER-CLOUD2-AS)
1 1	23.235.251.114 23.235.251.114	() ()
1 1	198.211.113.186 198.211.113.186	() ()
1 1	192.241.144.203 192.241.144.203	() ()
1	172.64.169.26 172.64.169.26	() ()
6	5

1 104.21.81.52 (Shahr, Iran, Islamic Republic Of)

ASN13335 (CLOUDFLARENET, US)

bercioles.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 188.114.96.3 (Amsterdam, Netherlands)

ASN13335 (CLOUDFLARENET, US)

poqueras.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a06:98c1:3120::3 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

dakotatraff.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:e0::ac40:6212 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

trk23.zzzperform.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 51.161.115.163 (Canada) 2 redirects

ASN16276 (OVH, FR)
PTR: ns572483.ip-51-161-115.net

t3.lowtid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
t5.lowtid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 5.161.78.177 (United States) 1 redirects

ASN213230 (HETZNER-CLOUD2-AS, DE)
PTR: static.177.78.161.5.clients.your-server.de

pdxx-7fmavzpxk2xlm-4-2.lowsea.fun	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.235.251.114 (None, ) 1 redirects

ASN- ()

67.us.blowingwind.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 198.211.113.186 (None, ) 1 redirects

ASN- ()

redir.tealwinds.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.241.144.203 (None, ) 1 redirects

ASN- ()

c.mybestclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.64.169.26 (None, )

ASN- ()

adp13a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	zzzperform.com 1 redirects trk23.zzzperform.com	14 KB
2	lowtid.com 2 redirects t3.lowtid.com — Cisco Umbrella Rank: 317417 t5.lowtid.com	700 B
1	adp13a.com adp13a.com	22 KB
1	mybestclick.net 1 redirects c.mybestclick.net	381 B
1	tealwinds.xyz 1 redirects redir.tealwinds.xyz	1 KB
1	blowingwind.xyz 1 redirects 67.us.blowingwind.xyz	3 KB
1	lowsea.fun 1 redirects pdxx-7fmavzpxk2xlm-4-2.lowsea.fun — Cisco Umbrella Rank: 282467	279 B
1	dakotatraff.com 1 redirects dakotatraff.com — Cisco Umbrella Rank: 119695	577 B
1	poqueras.com poqueras.com — Cisco Umbrella Rank: 99161	1 KB
1	bercioles.com bercioles.com — Cisco Umbrella Rank: 95520	1 KB
6	10

	Domain	Requested by
3	trk23.zzzperform.com	1 redirects poqueras.com bercioles.com
1	adp13a.com	trk23.zzzperform.com
1	c.mybestclick.net	1 redirects
1	redir.tealwinds.xyz	1 redirects
1	67.us.blowingwind.xyz	1 redirects
1	t5.lowtid.com	1 redirects
1	pdxx-7fmavzpxk2xlm-4-2.lowsea.fun	1 redirects
1	t3.lowtid.com	1 redirects
1	dakotatraff.com	1 redirects
1	poqueras.com	bercioles.com
1	bercioles.com
6	11

This site contains no links.

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-09-09` - `2023-09-09`	a year	crt.sh
*.zzzperform.com E1	`2022-10-01` - `2022-12-30`	3 months	crt.sh

This page contains 1 frames:

Frame: http://adp13a.com/redirect?cid=ofYoImihjD&http_referer=&sid=60015&subid=&s3=&b657efa1ae941113e514b1af542fd3b8=1&rr=1&id=&t=1668681815&hrf=qhTKcCNOq8%2Fwx7LC3tDSet1Ra2icxmTEHcF5BmuUW83CTxGUZTg%3D&iwx=1600&iwy=1200&owx=1600&owy=1200&isph=0&pbc=0&fp=null&hf=1&op=1&pd=24&tp=%3F&xd=%3F&yd=%3F&pl=3&mt=4&sw=1600&sh=1200&fw=1600&fh=1200&pw=0&ph=0&ow=1600x1200&iw=1600x1200&sd=24&ifr=0&coo=1&m=0&hr=6&ab=1&ua=%257B%2522ef%2522%253A%25224g%2522%252C%2522rtt%2522%253A0%252C%2522down%2522%253A9.4%252C%2522save%2522%253Afalse%257D&npl=Win32&ncpu=%3F&nhc=4&gtz=0&nba=0&nbt=0&nve=Google+Inc.&vapp=Netscape&napv=5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F107.0.5304.110+Safari%2F537.36&ss=1&ls=1&bl=en-US&sl=undefined&dr=Intel%2520Inc.%257CIntel%2520Iris%2520OpenGL%2520Engine%257CWebGL%25201.0%2520%28OpenGL%2520ES%25202.0%2520Chromium%29&is=2139403474&wc=object&msy=undefined&ddm=undefined&ps=20030107&st=0&sp=undefined&mob=0&ifp1=0&ifp2=0&wn=&nap=0&ind=1&opd=0&dab=0&nsb=1&chk1=0&chk2=1&chk3=0&chk4=0
Frame ID: FEB4F6EA07A71525AA7706F0B5980A20
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://bercioles.com/redirect?id=728&auth=eddc7e8612c215574016be364a6410d8b4b90e30&sid=DvNVq9uh9m... Page URL
https://poqueras.com/noid/slope?lame=2H9bknzlz6BNNCcn10k5gQ%3D%3D Page URL
https://dakotatraff.com/l/270226461dc64814f22c?sub={yourClickId}&source=ww&wnw=false HTTP 302
https://trk23.zzzperform.com/l/270226461dc64814f22c.js?sub={yourClickId}&source=ww&wnw=false Page URL
https://trk23.zzzperform.com/l/270226461dc64814f22c.js?sub={yourClickId}&source=ww&wnw=false&code=0fY3VvB... HTTP 302
https://trk23.zzzperform.com/gw.js?sub=%7ByourClickId%7D&source=ww&url=https%3A%2F%2Ft3.lowtid.com%2Fe.ph... Page URL
https://t3.lowtid.com/e.php?p=c:7omnig4vvdmjho1zq&d=635151a79ddd643b302b5908&pid=bmconv_2022111711... HTTP 302
https://pdxx-7fmavzpxk2xlm-4-2.lowsea.fun/emw/v1/dt?sid=67.gb.chrome.&k=bfb&url=https%3A%2F%2Ftrk23.zzzperform.com%2F&... HTTP 307
https://t5.lowtid.com/d.php?p=c:ub_a64rij70pog14q&d=6351542976534b739b5850d5&pid=63761054b65a9413a... HTTP 302
https://67.us.blowingwind.xyz/feed/?link=true&tid=67&subid=67.gb.windows&ref=https%3A%2F%2Ftrk23.zzzperfor... HTTP 301
https://redir.tealwinds.xyz/feed/click/?t1=128&tid=67&uid=14&subid=67.gb.windows&id=73aa2243bca31f4d7c57... HTTP 302
https://c.mybestclick.net/feed/click/?t1=128&tid=3115&uid=4465&subid=67_67.gb.windows&id=0f171f353116a... HTTP 302
http://adp13a.com/redirect?sid=60015 Page URL

Page Statistics

6
Requests

50 %
HTTPS

20 %
IPv6

10
Domains

11
Subdomains

5
IPs

4
Countries

38 kB
Transfer

61 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://bercioles.com/redirect?id=728&auth=eddc7e8612c215574016be364a6410d8b4b90e30&sid=DvNVq9uh9m1f63TKPJ2DIAI-&clk=02YYy1XB74uqAkCo9WQ2ecu5e_196DGKsiiquC3SYRVLr7vjh Page URL
https://poqueras.com/noid/slope?lame=2H9bknzlz6BNNCcn10k5gQ%3D%3D Page URL
https://dakotatraff.com/l/270226461dc64814f22c?sub={yourClickId}&source=ww&wnw=false HTTP 302
https://trk23.zzzperform.com/l/270226461dc64814f22c.js?sub={yourClickId}&source=ww&wnw=false Page URL
https://trk23.zzzperform.com/l/270226461dc64814f22c.js?sub={yourClickId}&source=ww&wnw=false&code=0fY3VvBDU7PD8.QTtDPT8.NzUCdnZoB3B3CYBwfg5ANgFrZ2UGNzgIeXZ-DWR3bjQ0A3hobggIcoEMPUM.MAFrawU2ODc4CWuCDT5EMDECZGwGNzk4OQp-hg4.AGN3bGgGBmpzbgs8DHB5YwIyA3N3dHsJCYB5cA5Vb3Bpb2klT3VrNwpzf3NxAXV0eGkFbHl1CnBseIBzAHZjBFF0gHB0dWs6QTs.IClZbHJpdX57KVhfLD4.LjE9I1tudD08RCqDQkE3IEJyc3BqXWxqVHN-O0JBNy81OSQtUU9cVlY3LHl3a2YiSmlocXYxKU1zfnx7ZTAzMzszNjU9PDo-Oj4-MCFVZGpmeHA3Pj1COkBEAGJ4BDwFanQJQQpsQEAPMDEzMzQ1Bmg8PQs7PA2BZgIyMzQ1Bm1uCjs8PA1xaGUDNARrcn0Jb2t3f3IOY2lvBDU2Nwd0d3EMPT0.MAF1d3ZsBzg5Ojs8PT0Ob3Rlc3kGBnd6bX2Abg5AMDE1MzU1PQdtf3Z5DUBBAHNnaQVtent4fEQ6O319cXZndWV4NGp3djkLfm9xYwIzMzY6Nzg9PApueoF.AQF5cXEGBn5vdYAMVXuCZW0iTHJoNAdrbXEMPT4-MTIzNDU1Njc5Ojo7PT4-MTIzNDU2Nzg5Ojs8PT4.MTIzNDU2Nzg5Ojs7PT4-MTIzNDU2Nzg5Ojs8PT4.MQFlbHkGNzg5OTs8PT4-MTIzNDU2Nzc5OTs8PT4-AHh3dwV8NDdDgDhkQmNkO3gwdThzdHV2RIE5eEF8bm9wPnszej19RIE5UVh7OFcCbnBzbQhtdzdgX0hzbgF0d3gGNgd0ankMDHV6cwIyA3J5Bzg5OTo8PD0-MQF5ZwU2NzdqOwpufoUPQ2l0cnFqJldMTypbeIJ1aW9.bHJ5a3l2anY4fHF0LXdraHtqeEJLcXx6eXIuUEVII1pua35te4Z4dHd0Ym5mamdrcGlqeWtwe3d9ZnBqcmlrbXBtcXRsdUhcYXVreWklSXNxbnh-iHZ8dGZ0cWVxM3VpbHY4fHmDZ2pwA3doagg6PQp.fHEPMjUCZ3R3BzgId21vDT4.AG52cwU2Ow__&_tdf=41 HTTP 302
https://trk23.zzzperform.com/gw.js?sub=%7ByourClickId%7D&source=ww&url=https%3A%2F%2Ft3.lowtid.com%2Fe.php%3Fp%3Dc%3A7omnig4vvdmjho1zq%26d%3D635151a79ddd643b302b5908%26pid%3Dbmconv_20221117114332_c2f04e23_11c6_486f_8f01_3c0829d48697%26s%3D139445_ww&vId=bmconv_20221117114332_c2f04e23_11c6_486f_8f01_3c0829d48697&hash=270226461dc64814f22c&ete=true Page URL
https://t3.lowtid.com/e.php?p=c:7omnig4vvdmjho1zq&d=635151a79ddd643b302b5908&pid=bmconv_20221117114332_c2f04e23_11c6_486f_8f01_3c0829d48697&s=139445_ww HTTP 302
https://pdxx-7fmavzpxk2xlm-4-2.lowsea.fun/emw/v1/dt?sid=67.gb.chrome.&k=bfb&url=https%3A%2F%2Ftrk23.zzzperform.com%2F&xrw=&lid=63761054b65a9413ab747723&fid=67 HTTP 307
https://t5.lowtid.com/d.php?p=c:ub_a64rij70pog14q&d=6351542976534b739b5850d5&pid=63761054b65a9413ab747723&source=67.gb.chrome. HTTP 302
https://67.us.blowingwind.xyz/feed/?link=true&tid=67&subid=67.gb.windows&ref=https%3A%2F%2Ftrk23.zzzperform.com%2F&s1=6376105517029d12ab013bfe HTTP 301
https://redir.tealwinds.xyz/feed/click/?t1=128&tid=67&uid=14&subid=67.gb.windows&id=73aa2243bca31f4d7c57ad15e5b52114:6faf14af1f28314d350337f1b3177b51802abebf773ff51ee15034314712053052bba296d9f69f54634a0105655ef6588f63679c5dc6e99e2070b939d0ce22a0d4fd39616f46e35a4785ca2306318e62fc7cc4ddee87fb2494f2bdecf9c15e603a0593533a433fc6961f9e2c7da0a6b6eb13dd90056718fd1c1e4b29f1d700e458c14e9c8684d7d7a795ec09518f2bdf123931814f73df99ff214c8f94729e8809b5d9543f608c4b0c8091762539e4b9562fa9bd2f89bee63f8afdcb429f42cc5de7faea357edfa7eee57ff716acbee04b6b615164d2872c291d64be0b782f16888f1ff23869b93bd74aa9cf2cf4ee1aa7fce41a99bb23ebcca9895e30839cdfd5b3264030cc2851f1e0d96dbc9c0a96ad06de6282ce87f2cec06ad5db315f8d15051e16cf8f9cf7da63f1a7c4eab18ccdd51c50ef3be19800691f5ddee5c26f077d4d130b34c48156b8f2e6d4813b901c62157212528608923d339b0d5c01826054888e266957667dccc144e41aa796815862a46de6a3202c9558ce7b81e3651a06df8f036badfd071edc77e29d6d71fbe1c5ae27a8863dc8e9c9cfd65280ae39f78ab9acfd0990264bac752056e729d3a047cefc32c78d07e36b4810328f32a2a5969ee40edf994b0311e855965fbf2165d9e910876c84a219bbf3d18cf413f929c7b2879bf47902a17701325e3f32e511d2216b5bc3c31d675a445c2fb03dd687525d2a2dcf72bdca7ac09c15225e4e810ea81a671e71d7c9810d0c56af6c0b5e2b3752568562f4a30a2da1f6b5a9ba55030cee794bfcad608c7233825fb292b1e5991c70a3671c7c1af2469abe2550f8467a5154797a43e0e61a16e54271ad269f9ad5473fd1e8a8655fed13f63c398f6509d0a8290e803bd7c20f6f1a13e33da935d408944fe9bd2db76ae8e95d671c6513e5c071159348544ddba5fc118ef494680fa2933a22b4c454b053e13191bf3625cccf15ea053c663fdd731d94fd30eaf82cdd9e25258b90735984a96fe2f3617fe99e4dac450f2fa4b124c4f60c1fdd029cbd40a43f818e2b259b9059b5497990318d1ca4dfbea66c248754740d85183f263b42b9faa06e49398361a9d3bd1e29ea00d3c6eea765a518f564df3f4f5d0ad11bfedef2fdf6def4d023bc5ea9a8eec79d786cb824f9dd945ced8022c58735deaeaa8bd3303bbe2057402edc305bb7363d3e8ac7e66d9664dde0d7adfe98597f5066eb86dfeb5f125f010dbb505eed382de09ff00e230cc46442c61e4b162a68de422449fe0d5034ec5bea8b7de5fdb4d3158be6b2fbf9cc73fc6cf065c1a84746c192a73fc26852b7c93bf6123078a7a4bafd982d81c742973e6f3da390a57456e4026db25b31ffacc904f8bad9257e086fd82b94f68e037b239feed317eb550eacacaf025c88be03508f4fdc2b18f65e07a26964b9bc1b5c154396f869d57d4c6eba3b23421edba8e19ff77623594a44c0a826349685fb07eeeca0d85477bce9fb9c6554f6531bcf7ba97d1ada64a0a02d0ab408a044972571cd0e94839be845ced9ce35bd28a05f5cea45ca8e214371e624c11ebcaa1769629aca5fc992b9deca4d1b7ad09d884c8a00b1b79c6fda63826f630800961d5ec8fb9924a37fcd684111879110c56defc8812b5a06a06f966f72c048c8f4d9250edf0d4f5559d34a5ed398f79e66b72ddbd75d0ed5a3575aa08fc4c91858f88db697ae9fba4773a25bb1c8444f7b31bf3d38e281bbb4e83e6fd7869a942c3e5bedc3&s1=6376105517029d12ab013bfe HTTP 302
https://c.mybestclick.net/feed/click/?t1=128&tid=3115&uid=4465&subid=67_67.gb.windows&id=0f171f353116af392a063d86272996e1:3fdfb56cf3895542aec46d8301e1cd3d3efe999792bc3fb91f908bf08578c6f0870db20586695f43ed67a265717eb8bfb8dacf8b30fb97363aff51e45e8a6a3070bd4bf5268448e61ed1b2aa8e8a99cd416f86cb1023711baa5bfba03eb6c7fec7f455e4c0084a2b1479e0bf2b99ae162b762b97f663fc5c3db5a724c3b554f75f5a3b4804fcb12ac0d40cce7a2fc1ce6b1c220ad46084c3f3befb3ba6354787ef552930b303c1f4f31da621a54846ac386df3028d0638e295ad8736c75e2419a851506236936f39489c26e117db6290a8f2cfa5c5db0c9b43b6f46845c427d955e3422d24b9b61fce535ddc27dc3436c84dffd0418bc0e053cc4d55a2bc560cf83ea7b92bde90258d0394a6051ea3ffe5e30f204eb43801ef72df0bf3c5acc2c58ea22429df8a2dfbf479bdc3389213d19c9b36093be434f3147a95b1921644616500bf2e3b61e68e15d32e46d53403392eb82b0d43ba740538babf169601111ff68dd47247b9fbbaeb4076f73fb895fa89b3fb50ff29ce70f6124c328a8ce3848b6f28e32118c59c2b6ade23808f80d4705ed22fe55a6f63cba2de522a8353 HTTP 302
http://adp13a.com/redirect?sid=60015 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 2

https://dakotatraff.com/l/270226461dc64814f22c?sub={yourClickId}&source=ww&wnw=false HTTP 302
https://trk23.zzzperform.com/l/270226461dc64814f22c.js?sub={yourClickId}&source=ww&wnw=false

Request Chain 3

https://trk23.zzzperform.com/l/270226461dc64814f22c.js?sub={yourClickId}&source=ww&wnw=false&code=0fY3VvBDU7PD8.QTtDPT8.NzUCdnZoB3B3CYBwfg5ANgFrZ2UGNzgIeXZ-DWR3bjQ0A3hobggIcoEMPUM.MAFrawU2ODc4CWuCDT5EMDECZGwGNzk4OQp-hg4.AGN3bGgGBmpzbgs8DHB5YwIyA3N3dHsJCYB5cA5Vb3Bpb2klT3VrNwpzf3NxAXV0eGkFbHl1CnBseIBzAHZjBFF0gHB0dWs6QTs.IClZbHJpdX57KVhfLD4.LjE9I1tudD08RCqDQkE3IEJyc3BqXWxqVHN-O0JBNy81OSQtUU9cVlY3LHl3a2YiSmlocXYxKU1zfnx7ZTAzMzszNjU9PDo-Oj4-MCFVZGpmeHA3Pj1COkBEAGJ4BDwFanQJQQpsQEAPMDEzMzQ1Bmg8PQs7PA2BZgIyMzQ1Bm1uCjs8PA1xaGUDNARrcn0Jb2t3f3IOY2lvBDU2Nwd0d3EMPT0.MAF1d3ZsBzg5Ojs8PT0Ob3Rlc3kGBnd6bX2Abg5AMDE1MzU1PQdtf3Z5DUBBAHNnaQVtent4fEQ6O319cXZndWV4NGp3djkLfm9xYwIzMzY6Nzg9PApueoF.AQF5cXEGBn5vdYAMVXuCZW0iTHJoNAdrbXEMPT4-MTIzNDU1Njc5Ojo7PT4-MTIzNDU2Nzg5Ojs8PT4.MTIzNDU2Nzg5Ojs7PT4-MTIzNDU2Nzg5Ojs8PT4.MQFlbHkGNzg5OTs8PT4-MTIzNDU2Nzc5OTs8PT4-AHh3dwV8NDdDgDhkQmNkO3gwdThzdHV2RIE5eEF8bm9wPnszej19RIE5UVh7OFcCbnBzbQhtdzdgX0hzbgF0d3gGNgd0ankMDHV6cwIyA3J5Bzg5OTo8PD0-MQF5ZwU2NzdqOwpufoUPQ2l0cnFqJldMTypbeIJ1aW9.bHJ5a3l2anY4fHF0LXdraHtqeEJLcXx6eXIuUEVII1pua35te4Z4dHd0Ym5mamdrcGlqeWtwe3d9ZnBqcmlrbXBtcXRsdUhcYXVreWklSXNxbnh-iHZ8dGZ0cWVxM3VpbHY4fHmDZ2pwA3doagg6PQp.fHEPMjUCZ3R3BzgId21vDT4.AG52cwU2Ow__&_tdf=41 HTTP 302
https://trk23.zzzperform.com/gw.js?sub=%7ByourClickId%7D&source=ww&url=https%3A%2F%2Ft3.lowtid.com%2Fe.php%3Fp%3Dc%3A7omnig4vvdmjho1zq%26d%3D635151a79ddd643b302b5908%26pid%3Dbmconv_20221117114332_c2f04e23_11c6_486f_8f01_3c0829d48697%26s%3D139445_ww&vId=bmconv_20221117114332_c2f04e23_11c6_486f_8f01_3c0829d48697&hash=270226461dc64814f22c&ete=true

6 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	redirect Show response bercioles.com/	1 KB 1 KB	218ms 184ms	Document text/html	104.21.81.52 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://bercioles.com/redirect?id=728&auth=eddc7e8612c215574016be364a6410d8b4b90e30&sid=DvNVq9uh9m1f63TKPJ2DIAI-&clk=02YYy1XB74uqAkCo9WQ2ecu5e_196DGKsiiquC3SYRVLr7vjh Protocol HTTP/1.1 Server 104.21.81.52 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `c5a4b4c997a64b0f4d8e05774ee9c0cad7734e938d725a87ca07f326ad23bc1a` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36 accept-language en-GB,en;q=0.9 Response headers CF-Cache-Status DYNAMIC CF-RAY 76b7dda4efa354b1-MAN Connection keep-alive Content-Encoding gzip Content-Type text/html;charset=utf-8 Date Thu, 17 Nov 2022 10:43:30 GMT NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GBuwnB0nae6iM2HaWVfQ75HVM5I2UfuF50DDIFlS5FBlWMMGSrWAcNJk9dtC%2F9LvxKu6nk%2FfTXSO3o5HeQ9GQouwzN8gTYIUzZLzkjxqvRMZU6qH3z95VMVYnprlD7%2FH"}],"group":"cf-nel","max_age":604800} Server cloudflare Transfer-Encoding chunked alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 referrer-policy origin vary accept-encoding
GET H2	200	slope poqueras.com/noid/	1 KB 1 KB	682ms 64ms	Document text/html	188.114.96.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://poqueras.com/noid/slope?lame=2H9bknzlz6BNNCcn10k5gQ%3D%3D Requested by Host: bercioles.com URL: http://bercioles.com/redirect?id=728&auth=eddc7e8612c215574016be364a6410d8b4b90e30&sid=DvNVq9uh9m1f63TKPJ2DIAI-&clk=02YYy1XB74uqAkCo9WQ2ecu5e_196DGKsiiquC3SYRVLr7vjh Protocol H2 Security TLS 1.3, , AES_128_GCM Server 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Referer http://bercioles.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36 accept-language en-GB,en;q=0.9 Response headers alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cache-control no-store, no-cache cf-cache-status DYNAMIC cf-ray 76b7ddaace4e75c5-LHR content-encoding br content-type text/html;charset=ISO-8859-1 date Thu, 17 Nov 2022 10:43:31 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} referrer-policy origin report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BZC6d%2BFcC48gECcU6CcDZ9YiMaOHfA4WnxDNepXp1je1nPohwDj%2FPsoUJu3TuAjAMjAUPmBidEOZQY7pS%2Fl7naTQFORvsO%2B5w1MIV3TE0jYQhP5vYIfpoD4HfrHTR8I%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary accept-encoding
GET H2	200	270226461dc64814f22c.js Show response trk23.zzzperform.com/l/ Redirect Chain https://dakotatraff.com/l/270226461dc64814f22c?sub={yourClickId}&source=ww&wnw=false https://trk23.zzzperform.com/l/270226461dc64814f22c.js?sub={yourClickId}&source=ww&wnw=false	36 KB 12 KB	202ms 42ms	Document text/html	2606:4700:e0::ac40:6212 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://trk23.zzzperform.com/l/270226461dc64814f22c.js?sub={yourClickId}&source=ww&wnw=false Requested by Host: poqueras.com URL: https://poqueras.com/noid/slope?lame=2H9bknzlz6BNNCcn10k5gQ%3D%3D Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:e0::ac40:6212 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `29eddce2034a37edddd7b743551f12f50cddbdf80690919b7e597bb78e5b416a` Request headers Referer https://poqueras.com/noid/slope?lame=2H9bknzlz6BNNCcn10k5gQ%3D%3D Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36 accept-language en-GB,en;q=0.9 Response headers age 2556 alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cache-control max-age=315360000 cf-cache-status HIT cf-ray 76b7ddad2b70886d-LHR content-encoding br content-type text/html date Thu, 17 Nov 2022 10:43:32 GMT expires Thu, 31 Dec 2037 23:55:55 GMT last-modified Tue, 20 Aug 2019 14:25:19 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xKRY4U0wG77aYi2%2F3PxCfVgsd159rgHwPhcMel0EcJZkxM%2FHZ%2BAKAZiaEyPVrZTGmtyJpk5VJVdk0PQrK24DaX8TZ2eDtDyDTBwBWdUV3mUMg4VWp47cefO0wOj8YuJ4IiCOX7flIGSh5ocbgmVgRM8hTQ%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding Redirect headers alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cache-control private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 cf-ray 76b7ddabcf2c7318-LHR date Thu, 17 Nov 2022 10:43:31 GMT expires Thu, 01 Jan 1970 00:00:01 GMT location https://trk23.zzzperform.com/l/270226461dc64814f22c.js?sub={yourClickId}&source=ww&wnw=false nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=45yCBikVpjOTUMvkUEBXKQ7748f0QTk%2BRdAC1eJAhVVsWpcmUDSUAF1XKXYujEl%2FVFphfwvNsBEBS1YT%2Brvd%2BBQBL99twtkHGjMBUnU1tP2QUtYHfDEB%2F8rVbcNMuejuPb34jhKqVBqYkdgtU%2Bk%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding
GET H3	200	gw.js trk23.zzzperform.com/ Redirect Chain https://trk23.zzzperform.com/l/270226461dc64814f22c.js?sub={yourClickId}&source=ww&wnw=false&code=0fY3VvBDU7PD8.QTtDPT8.NzUCdnZoB3B3CYBwfg5ANgFrZ2UGNzgIeXZ-DWR3bjQ0A3hobggIcoEMPUM.MAFrawU2ODc4CWuCD... https://trk23.zzzperform.com/gw.js?sub=%7ByourClickId%7D&source=ww&url=https%3A%2F%2Ft3.lowtid.com%2Fe.php%3Fp%3Dc%3A7omnig4vvdmjho1zq%26d%3D635151a79ddd643b302b5908%26pid%3Dbmconv_20221117114332_c...	1 KB 1 KB	49ms 49ms	Document text/html	2606:4700:e0::ac40:6212 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://trk23.zzzperform.com/gw.js?sub=%7ByourClickId%7D&source=ww&url=https%3A%2F%2Ft3.lowtid.com%2Fe.php%3Fp%3Dc%3A7omnig4vvdmjho1zq%26d%3D635151a79ddd643b302b5908%26pid%3Dbmconv_20221117114332_c2f04e23_11c6_486f_8f01_3c0829d48697%26s%3D139445_ww&vId=bmconv_20221117114332_c2f04e23_11c6_486f_8f01_3c0829d48697&hash=270226461dc64814f22c&ete=true Requested by Host: bercioles.com URL: http://bercioles.com/redirect?id=728&auth=eddc7e8612c215574016be364a6410d8b4b90e30&sid=DvNVq9uh9m1f63TKPJ2DIAI-&clk=02YYy1XB74uqAkCo9WQ2ecu5e_196DGKsiiquC3SYRVLr7vjh Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:e0::ac40:6212 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Referer https://trk23.zzzperform.com/l/270226461dc64814f22c.js?sub={yourClickId}&source=ww&wnw=false Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36 accept-language en-GB,en;q=0.9 Response headers age 2558 alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cache-control max-age=315360000 cf-cache-status HIT cf-ray 76b7ddae3dec72a2-LHR content-encoding br content-type text/html date Thu, 17 Nov 2022 10:43:32 GMT expires Thu, 31 Dec 2037 23:55:55 GMT last-modified Thu, 15 Oct 2020 14:13:33 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F3XRJKXoafShnPRr4O9rBSp9CZlkuvTJuC8GcZ09b4CunSiVJI1Yx6FAVhC3iPSTiVXNtNBeFxnZwHZQJnlMU1oBM73XG5RIRBBnllhGJdp%2B5XS5xamRVKrD7mESAcwujijEdlZJC%2F94gbB9c5DDFTDx%2BA%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding Redirect headers alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cache-control private, max-age=0, no-cache, no-store, must-revalidate cf-cache-status DYNAMIC cf-ray 76b7ddaddcc2886d-LHR date Thu, 17 Nov 2022 10:43:32 GMT location https://trk23.zzzperform.com/gw.js?sub=%7ByourClickId%7D&source=ww&url=https%3A%2F%2Ft3.lowtid.com%2Fe.php%3Fp%3Dc%3A7omnig4vvdmjho1zq%26d%3D635151a79ddd643b302b5908%26pid%3Dbmconv_20221117114332_c2f04e23_11c6_486f_8f01_3c0829d48697%26s%3D139445_ww&vId=bmconv_20221117114332_c2f04e23_11c6_486f_8f01_3c0829d48697&hash=270226461dc64814f22c&ete=true nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} pragma no-cache report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F2Lru3KUxlob0sDcfaGfhbXwl6HA5csiTAS7aSwRVuLxr%2Br4yVJDxwHjVtinM%2BqzFhoL1YjOo1QM7qQWnut5u%2FJCELB8DXWZCLrJc0coXErzLKrkmzHXNwBU6nUfKViufc689NsVxFfGGkCcOXXUjZgALw%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare
GET H/1.1	200 OK	Primary Request redirect adp13a.com/ Redirect Chain https://t3.lowtid.com/e.php?p=c:7omnig4vvdmjho1zq&d=635151a79ddd643b302b5908&pid=bmconv_20221117114332_c2f04e23_11c6_486f_8f01_3c0829d48697&s=139445_ww https://pdxx-7fmavzpxk2xlm-4-2.lowsea.fun/emw/v1/dt?sid=67.gb.chrome.&k=bfb&url=https%3A%2F%2Ftrk23.zzzperform.com%2F&xrw=&lid=63761054b65a9413ab747723&fid=67 https://t5.lowtid.com/d.php?p=c:ub_a64rij70pog14q&d=6351542976534b739b5850d5&pid=63761054b65a9413ab747723&source=67.gb.chrome. https://67.us.blowingwind.xyz/feed/?link=true&tid=67&subid=67.gb.windows&ref=https%3A%2F%2Ftrk23.zzzperform.com%2F&s1=6376105517029d12ab013bfe https://redir.tealwinds.xyz/feed/click/?t1=128&tid=67&uid=14&subid=67.gb.windows&id=73aa2243bca31f4d7c57ad15e5b52114:6faf14af1f28314d350337f1b3177b51802abebf773ff51ee15034314712053052bba296d9f69f54... https://c.mybestclick.net/feed/click/?t1=128&tid=3115&uid=4465&subid=67_67.gb.windows&id=0f171f353116af392a063d86272996e1:3fdfb56cf3895542aec46d8301e1cd3d3efe999792bc3fb91f908bf08578c6f0870db205866... http://adp13a.com/redirect?sid=60015	21 KB 22 KB	197ms 147ms	Document text/html	172.64.169.26
General Check archive.org Show headers Download Go to Full URL http://adp13a.com/redirect?sid=60015 Requested by Host: trk23.zzzperform.com URL: https://trk23.zzzperform.com/l/270226461dc64814f22c?sub=%7ByourClickId%7D&source=ww&url=https%3A%2F%2Ft3.lowtid.com%2Fe.php%3Fp%3Dc%3A7omnig4vvdmjho1zq%26d%3D635151a79ddd643b302b5908%26pid%3Dbmconv_20221117114332_c2f04e23_11c6_486f_8f01_3c0829d48697%26s%3D139445_ww&vId=bmconv_20221117114332_c2f04e23_11c6_486f_8f01_3c0829d48697&hash=270226461dc64814f22c&ete=true Protocol HTTP/1.1 Server 172.64.169.26 -, , ASN (), Reverse DNS Software cloudflare / Resource Hash Request headers Referer https://trk23.zzzperform.com/l/270226461dc64814f22c?sub=%7ByourClickId%7D&source=ww&url=https%3A%2F%2Ft3.lowtid.com%2Fe.php%3Fp%3Dc%3A7omnig4vvdmjho1zq%26d%3D635151a79ddd643b302b5908%26pid%3Dbmconv_20221117114332_c2f04e23_11c6_486f_8f01_3c0829d48697%26s%3D139445_ww&vId=bmconv_20221117114332_c2f04e23_11c6_486f_8f01_3c0829d48697&hash=270226461dc64814f22c&ete=true Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36 accept-language en-GB,en;q=0.9 Response headers CF-Cache-Status DYNAMIC CF-RAY 76b7ddc5c862887d-LHR Cache-Control no-transform,no-cache Connection keep-alive Content-Length 21811 Content-Type text/html;charset=UTF-8 Date Thu, 17 Nov 2022 10:43:36 GMT NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Pragma no-cache Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cZ%2BfjNzuYTtCeOBXELHB3%2FYaZZQL6jYxY1jhN7KZldLL5oEoc%2BzBLK1oVMCfcOvVrHiY3CFwjmg6optAL%2BpbWyWZRDJIeyB6BM7yMJH1J3g1%2F96PPle0BSCHeMta"}],"group":"cf-nel","max_age":604800} Server cloudflare alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 Redirect headers Cache-Control no-store, no-cache, must-revalidate, proxy-revalidate Connection keep-alive Content-Length 116 Content-Type text/html; charset=utf-8 Date Thu, 17 Nov 2022 10:43:35 GMT Expires 0 Keep-Alive timeout=5 Location http://adp13a.com/redirect?sid=60015 Pragma no-cache Surrogate-Control no-store Vary Accept X-Powered-By Express
GET		redirect adp13a.com/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: adp13a.com
URL: http://adp13a.com/redirect?cid=ofYoImihjD&http_referer=&sid=60015&subid=&s3=&b657efa1ae941113e514b1af542fd3b8=1&rr=1&id=&t=1668681815&hrf=qhTKcCNOq8%2Fwx7LC3tDSet1Ra2icxmTEHcF5BmuUW83CTxGUZTg%3D&iwx=1600&iwy=1200&owx=1600&owy=1200&isph=0&pbc=0&fp=null&hf=1&op=1&pd=24&tp=%3F&xd=%3F&yd=%3F&pl=3&mt=4&sw=1600&sh=1200&fw=1600&fh=1200&pw=0&ph=0&ow=1600x1200&iw=1600x1200&sd=24&ifr=0&coo=1&m=0&hr=6&ab=1&ua=%257B%2522ef%2522%253A%25224g%2522%252C%2522rtt%2522%253A0%252C%2522down%2522%253A9.4%252C%2522save%2522%253Afalse%257D&npl=Win32&ncpu=%3F&nhc=4&gtz=0&nba=0&nbt=0&nve=Google+Inc.&vapp=Netscape&napv=5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F107.0.5304.110+Safari%2F537.36&ss=1&ls=1&bl=en-US&sl=undefined&dr=Intel%2520Inc.%257CIntel%2520Iris%2520OpenGL%2520Engine%257CWebGL%25201.0%2520%28OpenGL%2520ES%25202.0%2520Chromium%29&is=2139403474&wc=object&msy=undefined&ddm=undefined&ps=20030107&st=0&sp=undefined&mob=0&ifp1=0&ifp2=0&wn=&nap=0&ind=1&opd=0&dab=0&nsb=1&chk1=0&chk2=1&chk3=0&chk4=0

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			trk23.zzzperform.com/	1970-01-20 17:07:21	Name: BSESSID Value: trk8fe05e05-82ab-48df-aa3a-6e68cdbbb8a1
			.lowsea.fun/	1970-01-20 16:16:57	Name: emwxcid_4_1 Value: uRRPb2mRFglYOoPpN45AVa5ITcUW17q82einn5yphrrG6mYzZg

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

67.us.blowingwind.xyz
adp13a.com
bercioles.com
c.mybestclick.net
dakotatraff.com
pdxx-7fmavzpxk2xlm-4-2.lowsea.fun
poqueras.com
redir.tealwinds.xyz
t3.lowtid.com
t5.lowtid.com
trk23.zzzperform.com
adp13a.com
104.21.81.52
172.64.169.26
188.114.96.3
192.241.144.203
198.211.113.186
23.235.251.114
2606:4700:e0::ac40:6212
2a06:98c1:3120::3
5.161.78.177
51.161.115.163
29eddce2034a37edddd7b743551f12f50cddbdf80690919b7e597bb78e5b416a
c5a4b4c997a64b0f4d8e05774ee9c0cad7734e938d725a87ca07f326ad23bc1a

adp13a.com Open in urlscan Pro 172.64.169.26 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

6 Requests

50 %HTTPS

20 %IPv6

10 Domains

11 Subdomains

5 IPs

4 Countries

38 kBTransfer

61 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

6 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Failed requests

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

2 Cookies

Indicators

adp13a.com Open in urlscan Pro
172.64.169.26 Public Scan

Screenshot
Live screenshot

Full Image

6
Requests

50 %
HTTPS

20 %
IPv6

10
Domains

11
Subdomains

5
IPs

4
Countries

38 kB
Transfer

61 kB
Size

2
Cookies

6 HTTP transactions
0 data transactions