armr.trckswrm.com Open in urlscan Pro
5.9.6.177 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://bercioles.com/redirect?auth=eddc7e8612c215574016be364a6410d8b4b90e30&clk=0TyYixCQDahX3xKKvWH9UQi8_1KaNfQsbvxR5...
Effective URL:
https://armr.trckswrm.com/recommendation?rec_link_id=306&pub_id=92&pub_click_id=1_ddb94ed280993a2e32d08e54efc48e7a&pub_sub...
Submission: On October 23 via manual (October 23rd 2022, 5:25:51 am UTC) from SA — Scanned from DE

Summary HTTP 8 Redirects Behaviour Indicators

Summary

This website contacted 8 IPs in 3 countries across 10 domains to perform 8 HTTP transactions. The main IP is 5.9.6.177, located in Germany and belongs to HETZNER-AS, DE. The main domain is armr.trckswrm.com. The Cisco Umbrella rank of the primary domain is 190505.
TLS certificate: Issued by ZeroSSL RSA Domain Secure Site CA on August 19th 2022. Valid for: 3 months.

This is the only time armr.trckswrm.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	172.67.138.217 172.67.138.217	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	188.114.97.3 188.114.97.3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	2a06:98c1:312... 2a06:98c1:3120::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	2606:4700:e4:... 2606:4700:e4::ac40:ab0b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	62.212.87.140 62.212.87.140	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
1	2606:4700:303... 2606:4700:3033::ac43:c5db	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:303... 2606:4700:3033::6815:1446	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	104.248.110.148 104.248.110.148	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
1	5.9.6.177 5.9.6.177	24940 (HETZNER-AS) (HETZNER-AS)
8	8

1 172.67.138.217 (United States)

ASN13335 (CLOUDFLARENET, US)

bercioles.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 188.114.97.3 (Amsterdam, Netherlands)

ASN13335 (CLOUDFLARENET, US)

poqueras.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a06:98c1:3120::3 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

dakotatraff.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:e4::ac40:ab0b (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

trk18.zzzperform.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 62.212.87.140 (Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)

kingsofpush.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3033::ac43:c5db (United States)

ASN13335 (CLOUDFLARENET, US)

fanasti.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3033::6815:1446 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.addlnk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.248.110.148 (North Bergen, United States) 1 redirects

ASN14061 (DIGITALOCEAN-ASN, US)

intrap.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 5.9.6.177 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.177.6.9.5.clients.your-server.de

armr.trckswrm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	zzzperform.com 1 redirects trk18.zzzperform.com	13 KB
1	trckswrm.com armr.trckswrm.com — Cisco Umbrella Rank: 190505	272 B
1	intrap.xyz 1 redirects intrap.xyz	396 B
1	addlnk.com cdn.addlnk.com — Cisco Umbrella Rank: 400192	1 KB
1	fanasti.com fanasti.com	1 KB
1	kingsofpush.com kingsofpush.com	1 KB
1	dakotatraff.com 1 redirects dakotatraff.com — Cisco Umbrella Rank: 96546	574 B
1	poqueras.com poqueras.com — Cisco Umbrella Rank: 88135	1 KB
1	bercioles.com bercioles.com — Cisco Umbrella Rank: 83558	1 KB
0	phoebedraw.com Failed go1.phoebedraw.com Failed
8	10

	Domain	Requested by
2	trk18.zzzperform.com	1 redirects poqueras.com
1	armr.trckswrm.com	fanasti.com
1	intrap.xyz	1 redirects
1	cdn.addlnk.com	fanasti.com
1	fanasti.com	kingsofpush.com
1	kingsofpush.com	bercioles.com
1	dakotatraff.com	1 redirects
1	poqueras.com	bercioles.com
1	bercioles.com
0	go1.phoebedraw.com Failed	armr.trckswrm.com
8	10

This site contains no links.

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-09-09` - `2023-09-09`	a year	crt.sh
*.zzzperform.com E1	`2022-10-01` - `2022-12-30`	3 months	crt.sh
trk.billysrv.com R3	`2022-10-21` - `2023-01-19`	3 months	crt.sh
armr.trckswrm.com ZeroSSL RSA Domain Secure Site CA	`2022-08-19` - `2022-11-17`	3 months	crt.sh

This page contains 1 frames:

Frame: https://go1.phoebedraw.com/click?pid=1057&offer_id=1296324&sub1=BCGow_IAAAGEA03E5wAACzsAAABcAAABMgAAAAAP&sub2=92
Frame ID: 421EC3B266E00CA5324F564C5A89DD11
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://bercioles.com/redirect?auth=eddc7e8612c215574016be364a6410d8b4b90e30&clk=0TyYixCQDahX3xKKv... Page URL
https://poqueras.com/noid/slope?lame=2H9bknzlz6BNNCcn10k5gQ%3D%3D Page URL
https://dakotatraff.com/l/270226461dc64814f22c?sub={yourClickId}&source=ww&wnw=false HTTP 302
https://trk18.zzzperform.com/l/270226461dc64814f22c.js?sub={yourClickId}&source=ww&wnw=false Page URL
https://trk18.zzzperform.com/l/270226461dc64814f22c.js?sub={yourClickId}&source=ww&wnw=false&code=0bY3VvB... HTTP 302
https://kingsofpush.com/gw2.js?sub=%7ByourClickId%7D&source=ww&url=https%3A%2F%2Ffanasti.com%2Frc%2F... Page URL
https://fanasti.com/rc/3d8a3d97e5?affclick=bmconv_20221023072537_a2814dbb_9376_45e6_a0e9_bb5a4bd... Page URL
https://intrap.xyz/redirects?offer_id=13&affiliate_id=9&click_id=pub7703e089ef934116abf5034680d... HTTP 302
https://armr.trckswrm.com/recommendation?rec_link_id=306&pub_id=92&pub_click_id=1_ddb94ed280993a2e32d0... Page URL

Page Statistics

8
Requests

75 %
HTTPS

44 %
IPv6

10
Domains

10
Subdomains

8
IPs

3
Countries

18 kB
Transfer

42 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://bercioles.com/redirect?auth=eddc7e8612c215574016be364a6410d8b4b90e30&clk=0TyYixCQDahX3xKKvWH9UQi8_1KaNfQsbvxR58rVRvgNL391&id=728&sid=AzwRhCBXilYCKN9V1bmZcpCT Page URL
https://poqueras.com/noid/slope?lame=2H9bknzlz6BNNCcn10k5gQ%3D%3D Page URL
https://dakotatraff.com/l/270226461dc64814f22c?sub={yourClickId}&source=ww&wnw=false HTTP 302
https://trk18.zzzperform.com/l/270226461dc64814f22c.js?sub={yourClickId}&source=ww&wnw=false Page URL
https://trk18.zzzperform.com/l/270226461dc64814f22c.js?sub={yourClickId}&source=ww&wnw=false&code=0bY3VvBDU7PD09OTw3NDk5PDkGenpsC2lwAnlpdwc5PglzZGIDNDUFdnN8CmFpbzU1BHlpbwkJc3cCMzk0NQZwcAo7MjEyA2V8Bzg.OToAYmoENTc2Nwh9hAExAmV5bmoICGx1ZQIzA2dwaQg4CXlyb3YEBHt0awlQeW9obmgkTnRqNglyc2dlBHh3e2wIb3xtAmhkcHhrB31qC01wfGxwcWc2PTc6IClZbHJpdX57KVhUITMzMjVBJ19yeDY1PSN8OzowKEp6cG1nWmlnUXB8OD8zODA2OiUuUlBdV0wtIm9tcGsnT25ta3ArI0dteHZ1bjkxMTgxNDM7OTxCODEyOyNXZmxoenI5NTQ5MTc7Bmh.CkIAZW8EPAVnOzsKOjAyMjM0BWc7PAo6MAF1aQU1Njc4CXBmAjM0NAVpb2wKOwBnbnkFa2dze24KY2lvBDU2Nwd0d3EBMjIzNAV5e3pwCzEyMzQ1NjYHd3xtcHYDA3R3anp9awsyMTI2NDY2PghugGxvAzY3BXhsbgpydHVydj40NXd3en9lc2N2Mmh1dDcJfGJkZQQ1NTg8OTo-MwFlcXh1Bwd-d3cBAXlqcHsHUHZ9b2whS3FnMwZqbHALMTIzNDU2Nzg4OToxMjIzNTY3ODk6OzEyMzQ1Njc4OTo6MTIzNDU2Nzg5OjswMjM0NTY3ODk6OzEyMzQ1Njc3OQltaXYDNDU2Njg5OjsxMjM0NTY3ODg6OjEyMzQ1BX18fAqBLjE9ejJePF1eRIEuczZxcnN0Qn83djRvcHFyQH01fD9-O3gwSE9yPl0IdHZuaANocjJbWkNueABzdncFNQZzaXgLAGludgU1BnV8CjsxMTI0NDU3OAiAbgEyMzNmNwZqeoELQ2l0cnFqJldMTypQbXdqbXOCcHZ9b3JvY28xdWptNX9zZXhndT9Ibnl3dm8gUUZJJFtvbH9ufHxuam1qZ3Nrb2xwamNkc2VqdXF3b3locGdpa25rb3JqcztPY3dte2snS3VzZW92f21zemx6d2tsLnBkZ3Ezd3R.cWlvAnZnaQc5PAl9cGUDNTgFand6CjsAb2VnBTY2B3V9egEyNw__&_tdf=29 HTTP 302
https://kingsofpush.com/gw2.js?sub=%7ByourClickId%7D&source=ww&url=https%3A%2F%2Ffanasti.com%2Frc%2F3d8a3d97e5%3Faffclick%3Dbmconv_20221023072537_a2814dbb_9376_45e6_a0e9_bb5a4bd27d6d%26pubid%3D139445_ww&vId=bmconv_20221023072537_a2814dbb_9376_45e6_a0e9_bb5a4bd27d6d&hash=270226461dc64814f22c&ete=true&pn=true Page URL
https://fanasti.com/rc/3d8a3d97e5?affclick=bmconv_20221023072537_a2814dbb_9376_45e6_a0e9_bb5a4bd27d6d&pubid=139445_ww Page URL
https://intrap.xyz/redirects?offer_id=13&affiliate_id=9&click_id=pub7703e089ef934116abf5034680d38949&sub_id=3k4fcald HTTP 302
https://armr.trckswrm.com/recommendation?rec_link_id=306&pub_id=92&pub_click_id=1_ddb94ed280993a2e32d08e54efc48e7a&pub_sub_id=3k4fcald Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 2

https://dakotatraff.com/l/270226461dc64814f22c?sub={yourClickId}&source=ww&wnw=false HTTP 302
https://trk18.zzzperform.com/l/270226461dc64814f22c.js?sub={yourClickId}&source=ww&wnw=false

Request Chain 3

https://trk18.zzzperform.com/l/270226461dc64814f22c.js?sub={yourClickId}&source=ww&wnw=false&code=0bY3VvBDU7PD09OTw3NDk5PDkGenpsC2lwAnlpdwc5PglzZGIDNDUFdnN8CmFpbzU1BHlpbwkJc3cCMzk0NQZwcAo7MjEyA2V8Bzg.OToAYmoENTc2Nwh9hAExAmV5bmoICGx1ZQIzA2dwaQg4CXlyb3YEBHt0awlQeW9obmgkTnRqNglyc2dlBHh3e2wIb3xtAmhkcHhrB31qC01wfGxwcWc2PTc6IClZbHJpdX57KVhUITMzMjVBJ19yeDY1PSN8OzowKEp6cG1nWmlnUXB8OD8zODA2OiUuUlBdV0wtIm9tcGsnT25ta3ArI0dteHZ1bjkxMTgxNDM7OTxCODEyOyNXZmxoenI5NTQ5MTc7Bmh.CkIAZW8EPAVnOzsKOjAyMjM0BWc7PAo6MAF1aQU1Njc4CXBmAjM0NAVpb2wKOwBnbnkFa2dze24KY2lvBDU2Nwd0d3EBMjIzNAV5e3pwCzEyMzQ1NjYHd3xtcHYDA3R3anp9awsyMTI2NDY2PghugGxvAzY3BXhsbgpydHVydj40NXd3en9lc2N2Mmh1dDcJfGJkZQQ1NTg8OTo-MwFlcXh1Bwd-d3cBAXlqcHsHUHZ9b2whS3FnMwZqbHALMTIzNDU2Nzg4OToxMjIzNTY3ODk6OzEyMzQ1Njc4OTo6MTIzNDU2Nzg5OjswMjM0NTY3ODk6OzEyMzQ1Njc3OQltaXYDNDU2Njg5OjsxMjM0NTY3ODg6OjEyMzQ1BX18fAqBLjE9ejJePF1eRIEuczZxcnN0Qn83djRvcHFyQH01fD9-O3gwSE9yPl0IdHZuaANocjJbWkNueABzdncFNQZzaXgLAGludgU1BnV8CjsxMTI0NDU3OAiAbgEyMzNmNwZqeoELQ2l0cnFqJldMTypQbXdqbXOCcHZ9b3JvY28xdWptNX9zZXhndT9Ibnl3dm8gUUZJJFtvbH9ufHxuam1qZ3Nrb2xwamNkc2VqdXF3b3locGdpa25rb3JqcztPY3dte2snS3VzZW92f21zemx6d2tsLnBkZ3Ezd3R.cWlvAnZnaQc5PAl9cGUDNTgFand6CjsAb2VnBTY2B3V9egEyNw__&_tdf=29 HTTP 302
https://kingsofpush.com/gw2.js?sub=%7ByourClickId%7D&source=ww&url=https%3A%2F%2Ffanasti.com%2Frc%2F3d8a3d97e5%3Faffclick%3Dbmconv_20221023072537_a2814dbb_9376_45e6_a0e9_bb5a4bd27d6d%26pubid%3D139445_ww&vId=bmconv_20221023072537_a2814dbb_9376_45e6_a0e9_bb5a4bd27d6d&hash=270226461dc64814f22c&ete=true&pn=true

8 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	redirect Show response bercioles.com/	1 KB 1 KB	163ms 126ms	Document text/html	172.67.138.217 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://bercioles.com/redirect?auth=eddc7e8612c215574016be364a6410d8b4b90e30&clk=0TyYixCQDahX3xKKvWH9UQi8_1KaNfQsbvxR58rVRvgNL391&id=728&sid=AzwRhCBXilYCKN9V1bmZcpCT Protocol HTTP/1.1 Server 172.67.138.217 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `c5a4b4c997a64b0f4d8e05774ee9c0cad7734e938d725a87ca07f326ad23bc1a` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers CF-Cache-Status DYNAMIC CF-RAY 75e80d9aabacb3b0-MUC Connection keep-alive Content-Encoding gzip Content-Type text/html;charset=utf-8 Date Sun, 23 Oct 2022 05:25:37 GMT NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oFR4t77gSEq1is5vd%2BQoFi8SfgYxCkCjxuJIXcSiSfu2LXwxNzPn0d%2FnEgM5RInMeYq1nwddKYvaTN88TXd67PZ6uCdLQUjcVeqAazAfOg3BwAoupDJL1fSHXMrhCxeA"}],"group":"cf-nel","max_age":604800} Server cloudflare Transfer-Encoding chunked alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 referrer-policy origin vary accept-encoding
GET H2	200	slope poqueras.com/noid/	1 KB 1 KB	106ms 46ms	Document text/html	188.114.97.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://poqueras.com/noid/slope?lame=2H9bknzlz6BNNCcn10k5gQ%3D%3D Requested by Host: bercioles.com URL: http://bercioles.com/redirect?auth=eddc7e8612c215574016be364a6410d8b4b90e30&clk=0TyYixCQDahX3xKKvWH9UQi8_1KaNfQsbvxR58rVRvgNL391&id=728&sid=AzwRhCBXilYCKN9V1bmZcpCT Protocol H2 Security TLS 1.3, , AES_128_GCM Server 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Referer http://bercioles.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cache-control no-store, no-cache cf-cache-status DYNAMIC cf-ray 75e80d9c7d4c9bd4-FRA content-encoding br content-type text/html;charset=ISO-8859-1 date Sun, 23 Oct 2022 05:25:37 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} referrer-policy origin report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=V0WPHy2CRSf6EEnGvTByYiiUaIIVPstSaMrvBsIp1Hs4MRKvG81w4ka2RVRSZQ6liH7Wrfk%2B8zXJOlUqF%2FnE5aQp8yKQ4Y7WZMd7htSTcUn18YYzmtrSDrrXhlvmO2c%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding
GET H2	200	270226461dc64814f22c.js Show response trk18.zzzperform.com/l/ Redirect Chain https://dakotatraff.com/l/270226461dc64814f22c?sub={yourClickId}&source=ww&wnw=false https://trk18.zzzperform.com/l/270226461dc64814f22c.js?sub={yourClickId}&source=ww&wnw=false	36 KB 12 KB	100ms 47ms	Document text/html	2606:4700:e4::ac40:ab0b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://trk18.zzzperform.com/l/270226461dc64814f22c.js?sub={yourClickId}&source=ww&wnw=false Requested by Host: poqueras.com URL: https://poqueras.com/noid/slope?lame=2H9bknzlz6BNNCcn10k5gQ%3D%3D Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:e4::ac40:ab0b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `29eddce2034a37edddd7b743551f12f50cddbdf80690919b7e597bb78e5b416a` Request headers Referer https://poqueras.com/noid/slope?lame=2H9bknzlz6BNNCcn10k5gQ%3D%3D Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers age 1487 alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cache-control max-age=315360000 cf-cache-status HIT cf-ray 75e80d9e09249290-FRA content-encoding br content-type text/html date Sun, 23 Oct 2022 05:25:37 GMT expires Thu, 31 Dec 2037 23:55:55 GMT last-modified Fri, 27 Mar 2020 14:29:49 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0BpP2ddNceyOSVCx7l3jPy07jOquCbWZ9us1xMUrwCzoHpoIIYds9TVH8IC0egXcTqxemFIREtW6wmxa3I3BsS7g1e8ahgoH80Z4OAjJgIcooAKusexSHFsMt4Hty%2Fal7JcIkjUTkwkoRgU64FQynlTr%2FQ%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding Redirect headers alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cache-control private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 cf-ray 75e80d9d78b59049-FRA date Sun, 23 Oct 2022 05:25:37 GMT expires Thu, 01 Jan 1970 00:00:01 GMT location https://trk18.zzzperform.com/l/270226461dc64814f22c.js?sub={yourClickId}&source=ww&wnw=false nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oEGw%2Fem2ZE1wgf9myZStVn3OhjSMCurEpAR%2BZHjvF99InHfLO7JtvsGZk%2B7srUuB8Yeun15R3a%2BseoGBXtsWHNdwXJETEvz3yjLhu5l64IkXSdrS%2BYcbvNq2giefo7m0YlfYT1KwN1ZQD0zmYdg%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding
GET H/1.1	200 OK	gw2.js kingsofpush.com/ Redirect Chain https://trk18.zzzperform.com/l/270226461dc64814f22c.js?sub={yourClickId}&source=ww&wnw=false&code=0bY3VvBDU7PD09OTw3NDk5PDkGenpsC2lwAnlpdwc5PglzZGIDNDUFdnN8CmFpbzU1BHlpbwkJc3cCMzk0NQZwcAo7MjEyA2V8B... https://kingsofpush.com/gw2.js?sub=%7ByourClickId%7D&source=ww&url=https%3A%2F%2Ffanasti.com%2Frc%2F3d8a3d97e5%3Faffclick%3Dbmconv_20221023072537_a2814dbb_9376_45e6_a0e9_bb5a4bd27d6d%26pubid%3D1394...	1 KB 1 KB	156ms 27ms	Document text/html	62.212.87.140 LEASEWEB-NL-AMS-0...
General Check archive.org Show headers Download Go to Full URL https://kingsofpush.com/gw2.js?sub=%7ByourClickId%7D&source=ww&url=https%3A%2F%2Ffanasti.com%2Frc%2F3d8a3d97e5%3Faffclick%3Dbmconv_20221023072537_a2814dbb_9376_45e6_a0e9_bb5a4bd27d6d%26pubid%3D139445_ww&vId=bmconv_20221023072537_a2814dbb_9376_45e6_a0e9_bb5a4bd27d6d&hash=270226461dc64814f22c&ete=true&pn=true Requested by Host: bercioles.com URL: http://bercioles.com/redirect?auth=eddc7e8612c215574016be364a6410d8b4b90e30&clk=0TyYixCQDahX3xKKvWH9UQi8_1KaNfQsbvxR58rVRvgNL391&id=728&sid=AzwRhCBXilYCKN9V1bmZcpCT Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 62.212.87.140 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL), Reverse DNS Software / Resource Hash Request headers Referer https://trk18.zzzperform.com/l/270226461dc64814f22c.js?sub={yourClickId}&source=ww&wnw=false Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Cache-Control max-age=315360000 Content-Encoding gzip Content-Type text/html Date Sun, 23 Oct 2022 05:25:37 GMT ETag W/"5d1f2635-589" Expires Thu, 31 Dec 2037 23:55:55 GMT Last-Modified Fri, 05 Jul 2019 10:28:05 GMT Transfer-Encoding chunked Redirect headers alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cache-control private, max-age=0, no-cache, no-store, must-revalidate cf-cache-status DYNAMIC cf-ray 75e80d9eb9ff9290-FRA date Sun, 23 Oct 2022 05:25:37 GMT location https://kingsofpush.com/gw2.js?sub=%7ByourClickId%7D&source=ww&url=https%3A%2F%2Ffanasti.com%2Frc%2F3d8a3d97e5%3Faffclick%3Dbmconv_20221023072537_a2814dbb_9376_45e6_a0e9_bb5a4bd27d6d%26pubid%3D139445_ww&vId=bmconv_20221023072537_a2814dbb_9376_45e6_a0e9_bb5a4bd27d6d&hash=270226461dc64814f22c&ete=true&pn=true nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} pragma no-cache report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q9FsarYJSGKVx1apy6Yuay28qhty8ZwFkbUlRFw7rVKVXTEyeUcUzg48Ezqszag%2BFk6SRJlotXe5wwUO9N1M9M%2FfB54IseiNW2%2FrRPrxCJ6wZUUdWCg0EtlzQgMMDrFdtChb%2BW9xAaRjgpClcNTlae7ybA%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare
GET H2	200	3d8a3d97e5 Show response fanasti.com/rc/	1 KB 1 KB	207ms 146ms	Document text/html	2606:4700:3033::ac43:c5db CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://fanasti.com/rc/3d8a3d97e5?affclick=bmconv_20221023072537_a2814dbb_9376_45e6_a0e9_bb5a4bd27d6d&pubid=139445_ww Requested by Host: kingsofpush.com URL: https://kingsofpush.com/l/270226461dc64814f22c?sub=%7ByourClickId%7D&source=ww&url=https%3A%2F%2Ffanasti.com%2Frc%2F3d8a3d97e5%3Faffclick%3Dbmconv_20221023072537_a2814dbb_9376_45e6_a0e9_bb5a4bd27d6d%26pubid%3D139445_ww&vId=bmconv_20221023072537_a2814dbb_9376_45e6_a0e9_bb5a4bd27d6d&hash=270226461dc64814f22c&ete=true&pn=true Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3033::ac43:c5db , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `2304d756bf567f2643e45fa491338f8389bea6f7723286c8a44c0aa6d9f46b09` Request headers Referer https://kingsofpush.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 75e80da0ae1d9a09-FRA content-encoding br content-language en-us content-type text/html; charset=utf-8 date Sun, 23 Oct 2022 05:25:38 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X5cfeSGPUU0hB5BRz1%2FOc171exiM3jX4uy0kbI7m0b7tiQZsdun7nyp0A43pUdUHw06T1A8RI5TgJxua3oFkkflrsNb1lAKW%2FM5SNfcpbgjyYuL8oOq1R54I6aMHn3%2FQ%2BfILjit0h2desQ%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding, Accept-Language, Cookie
GET H2	200	redirect.css cdn.addlnk.com/	1 KB 1 KB	89ms 29ms	Stylesheet text/css	2606:4700:3033::6815:1446 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.addlnk.com/redirect.css Requested by Host: fanasti.com URL: https://fanasti.com/rc/3d8a3d97e5?affclick=bmconv_20221023072537_a2814dbb_9376_45e6_a0e9_bb5a4bd27d6d&pubid=139445_ww Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3033::6815:1446 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Sun, 23 Oct 2022 05:25:38 GMT content-encoding br cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-amz-request-id SK3KBGMKJ4YWWVBV age 2204 cf-polished origSize=1680 alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 x-amz-id-2 eBDdEZo2g3ixnFPTboxVSgjMRQX3dQ63xWWEjrbl2vu0jkNe5fS7HtGt8F3jGl6QdU4QACxpR9I= cf-bgj minify last-modified Wed, 13 Mar 2019 00:03:12 GMT server cloudflare etag W/"3ae56d32551602b41f9046c14d1cfde2" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t0hnCZmDVTUVwB2QGQ0B%2BQo57%2FFzhkM0q%2Bl%2BQJL2hI7Rot8sE6b9%2Bhpu5mUoO%2FD7k6yRhvW02RI%2FF9aHHGk3bOaM3GtdmyuvSXxC4Mp92puvNz%2BD3SHlSakSa2vamXCI2pjNaWdooIZ87hm6QA%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cf-ray 75e80da2088a9136-FRA
GET H/1.1	200 OK	Primary Request recommendation armr.trckswrm.com/ Redirect Chain https://intrap.xyz/redirects?offer_id=13&affiliate_id=9&click_id=pub7703e089ef934116abf5034680d38949&sub_id=3k4fcald https://armr.trckswrm.com/recommendation?rec_link_id=306&pub_id=92&pub_click_id=1_ddb94ed280993a2e32d08e54efc48e7a&pub_sub_id=3k4fcald	195 B 272 B	94ms 25ms	Document text/html	5.9.6.177 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://armr.trckswrm.com/recommendation?rec_link_id=306&pub_id=92&pub_click_id=1_ddb94ed280993a2e32d08e54efc48e7a&pub_sub_id=3k4fcald Requested by Host: fanasti.com URL: https://fanasti.com/rc/3d8a3d97e5?affclick=bmconv_20221023072537_a2814dbb_9376_45e6_a0e9_bb5a4bd27d6d&pubid=139445_ww Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 5.9.6.177 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.177.6.9.5.clients.your-server.de Software / Resource Hash Request headers Referer https://fanasti.com/rc/3d8a3d97e5?affclick=bmconv_20221023072537_a2814dbb_9376_45e6_a0e9_bb5a4bd27d6d&pubid=139445_ww Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers content-length 195 date Sun, 23 Oct 2022 05:25:39 GMT Redirect headers cache-control max-age=0, must-revalidate, private content-type text/html; charset=UTF-8 date Sun, 23 Oct 2022 05:25:39 GMT expires Sun, 23 Oct 2022 05:25:39 GMT location https://armr.trckswrm.com/recommendation?rec_link_id=306&pub_id=92&pub_click_id=1_ddb94ed280993a2e32d08e54efc48e7a&pub_sub_id=3k4fcald server nginx/1.18.0 (Ubuntu) transfer-encoding chunked
GET		click go1.phoebedraw.com/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: go1.phoebedraw.com
URL: https://go1.phoebedraw.com/click?pid=1057&offer_id=1296324&sub1=BCGow_IAAAGEA03E5wAACzsAAABcAAABMgAAAAAP&sub2=92

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			trk18.zzzperform.com/	1970-01-20 16:31:02	Name: BSESSID Value: trk30979046-a1f0-43c5-8b5b-ec93ba089f3f
			fanasti.com/	1970-01-20 07:05:07	Name: AWSALB Value: hEDyF3FApn5YapvYGtzKTV1K8Px8ei+fSQAhNdOStk2ofLv0Ri6r6Fn8D2Shfa2EGX9FUpDi2KdRwN7viQWTRMfzXNdNgW3YahmkXn9DNyBlkKPkwpRtgVi60cc6

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

armr.trckswrm.com
bercioles.com
cdn.addlnk.com
dakotatraff.com
fanasti.com
go1.phoebedraw.com
intrap.xyz
kingsofpush.com
poqueras.com
trk18.zzzperform.com
go1.phoebedraw.com
104.248.110.148
172.67.138.217
188.114.97.3
2606:4700:3033::6815:1446
2606:4700:3033::ac43:c5db
2606:4700:e4::ac40:ab0b
2a06:98c1:3120::3
5.9.6.177
62.212.87.140
2304d756bf567f2643e45fa491338f8389bea6f7723286c8a44c0aa6d9f46b09
29eddce2034a37edddd7b743551f12f50cddbdf80690919b7e597bb78e5b416a
c5a4b4c997a64b0f4d8e05774ee9c0cad7734e938d725a87ca07f326ad23bc1a

armr.trckswrm.com Open in urlscan Pro 5.9.6.177 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

8 Requests

75 %HTTPS

44 %IPv6

10 Domains

10 Subdomains

8 IPs

3 Countries

18 kBTransfer

42 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Failed requests

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

2 Cookies

Indicators

armr.trckswrm.com Open in urlscan Pro
5.9.6.177 Public Scan

Screenshot
Live screenshot

Full Image

8
Requests

75 %
HTTPS

44 %
IPv6

10
Domains

10
Subdomains

8
IPs

3
Countries

18 kB
Transfer

42 kB
Size

2
Cookies

8 HTTP transactions
0 data transactions