bercioles.com
Open in
urlscan Pro
172.67.155.17
Public Scan
Submitted URL: http://clk.hehemobi.com/click?id=11982692&aff=1148&ost=1643019273&click_id=03530D40354421643020544962788&aff_sub=3&gaid=...
Effective URL: http://bercioles.com/redirect?id=82&auth=82ead305c138eb8fefc6187658dc9b5e4d67d425&sid=116&clk=ArB3-yMAAAF-ldPu4AAAAlE...
Submission: On January 26 via manual from PH — Scanned from DE
Effective URL: http://bercioles.com/redirect?id=82&auth=82ead305c138eb8fefc6187658dc9b5e4d67d425&sid=116&clk=ArB3-yMAAAF-ldPu4AAAAlE...
Submission: On January 26 via manual from PH — Scanned from DE
Summary
This website contacted 3 IPs
in 3 countries
across 6 domains to perform 3 HTTP transactions.
The main IP is 172.67.155.17, located in
United States and
belongs to CLOUDFLARENET, US.
The main domain is bercioles.com.
The Cisco Umbrella rank of the primary domain is 46772.
This is the only time bercioles.com was scanned on urlscan.io!
This is the only time bercioles.com was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 1 | 34.213.11.109 34.213.11.109 | 16509 (AMAZON-02) (AMAZON-02) | |
| 1 1 | 3.129.139.197 3.129.139.197 | 16509 (AMAZON-02) (AMAZON-02) | |
| 2 2 | 212.7.209.75 212.7.209.75 | 60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands) | |
| 1 | 116.202.246.182 116.202.246.182 | 24940 (HETZNER-AS) (HETZNER-AS) | |
| 1 | 172.67.155.17 172.67.155.17 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 1 | 172.67.171.70 172.67.171.70 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 3 | 3 |
1
34.213.11.109
(Boardman, United States)
ASN16509 (AMAZON-02, US)
PTR: ec2-34-213-11-109.us-west-2.compute.amazonaws.com
ASN16509 (AMAZON-02, US)
PTR: ec2-34-213-11-109.us-west-2.compute.amazonaws.com
| clk.hehemobi.com |
1
3.129.139.197
(Columbus, United States)
ASN16509 (AMAZON-02, US)
PTR: ec2-3-129-139-197.us-east-2.compute.amazonaws.com
ASN16509 (AMAZON-02, US)
PTR: ec2-3-129-139-197.us-east-2.compute.amazonaws.com
| track.gourdmobi.com |
2
212.7.209.75
(Netherlands)
ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
| smartass.g2afse.com | |
| thingortwo.g2afse.com |
1
116.202.246.182
(Germany)
ASN24940 (HETZNER-AS, DE)
PTR: static.182.246.202.116.clients.your-server.de
ASN24940 (HETZNER-AS, DE)
PTR: static.182.246.202.116.clients.your-server.de
| armr.trckswrm.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 2 |
g2afse.com
2 redirects
smartass.g2afse.com — Cisco Umbrella Rank: 37188 thingortwo.g2afse.com — Cisco Umbrella Rank: 35786 |
406 B |
| 1 |
poqueras.com
poqueras.com — Cisco Umbrella Rank: 51341 |
532 B |
| 1 |
bercioles.com
bercioles.com — Cisco Umbrella Rank: 46772 |
1 KB |
| 1 |
trckswrm.com
armr.trckswrm.com — Cisco Umbrella Rank: 51159 |
288 B |
| 1 |
gourdmobi.com
1 redirects
track.gourdmobi.com — Cisco Umbrella Rank: 53956 |
370 B |
| 1 |
hehemobi.com
1 redirects
clk.hehemobi.com — Cisco Umbrella Rank: 53029 |
500 B |
| 3 | 6 |
| Domain | Requested by | |
|---|---|---|
| 1 | poqueras.com |
bercioles.com
|
| 1 | bercioles.com |
armr.trckswrm.com
|
| 1 | armr.trckswrm.com | |
| 1 | thingortwo.g2afse.com | 1 redirects |
| 1 | smartass.g2afse.com | 1 redirects |
| 1 | track.gourdmobi.com | 1 redirects |
| 1 | clk.hehemobi.com | 1 redirects |
| 3 | 7 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| armr.trckswrm.com ZeroSSL RSA Domain Secure Site CA |
2021-12-17 - 2022-03-17 |
3 months | crt.sh |
| sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2021-10-10 - 2022-10-09 |
a year | crt.sh |
This page contains 1 frames:
Frame:
https://poqueras.com/noid/slope?lame=2H9bknzlz6BNNCcn10k5gQ%3D%3D
Frame ID: C856B657594498E782B1A83E0601AE06
Requests: 3 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://clk.hehemobi.com/click?id=11982692&aff=1148&ost=1643019273&click_id=03530D4035442164302054496...
HTTP 302
http://track.gourdmobi.com/click?id=2000456088&aff=20110573&click=deb339b66b7e4c02b2eaa7d95718277b-1643... HTTP 302
https://smartass.g2afse.com/click?pid=79&offer_id=2053726&sub1=&sub2=10110520_20110573_1148_3&sub3=N3gBH... HTTP 302
https://thingortwo.g2afse.com/sl?id=5bffbf8000ca309f85166dd2&pid=146&sub2=10110520_20110573_1148_3&sub4=00... HTTP 302
https://armr.trckswrm.com/recommendation?rec_link_id=306&pub_id=116 Page URL
- http://bercioles.com/redirect?id=82&auth=82ead305c138eb8fefc6187658dc9b5e4d67d425&sid=116&clk=ArB... Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://clk.hehemobi.com/click?id=11982692&aff=1148&ost=1643019273&click_id=03530D40354421643020544962788&aff_sub=3&gaid=0041bdf1-875e-47e9-ac4e-eec1bfb32283&app_name=&idfa=0041bdf1-875e-47e9-ac4e-eec1bfb32283&aff_sub3=
HTTP 302
http://track.gourdmobi.com/click?id=2000456088&aff=20110573&click=deb339b66b7e4c02b2eaa7d95718277b-1643191200&aff_sub=1148_3&pkg=&appname=&idfa=0041bdf1-875e-47e9-ac4e-eec1bfb32283&ip=185.213.155.163&lang=&ua=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F97.0.4692.71+Safari%2F537.36 HTTP 302
https://smartass.g2afse.com/click?pid=79&offer_id=2053726&sub1=&sub2=10110520_20110573_1148_3&sub3=N3gBHcZBDsAgCAXREzXhg4Du23MYUXsKDl_TxeSN4QViQE7mUxMEkDJ1_selA6V2ybVDpIVZ-C6TOHiP4aupo7J7XLAiaGCivJ_MI0hcP-iPGS8&sub4=0041bdf1-875e-47e9-ac4e-eec1bfb32283 HTTP 302
https://thingortwo.g2afse.com/sl?id=5bffbf8000ca309f85166dd2&pid=146&sub2=10110520_20110573_1148_3&sub4=0041bdf1-875e-47e9-ac4e-eec1bfb32283&sub5= HTTP 302
https://armr.trckswrm.com/recommendation?rec_link_id=306&pub_id=116 Page URL
- http://bercioles.com/redirect?id=82&auth=82ead305c138eb8fefc6187658dc9b5e4d67d425&sid=116&clk=ArB3-yMAAAF-ldPu4AAAAlEAAAB0AAABMg Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://clk.hehemobi.com/click?id=11982692&aff=1148&ost=1643019273&click_id=03530D40354421643020544962788&aff_sub=3&gaid=0041bdf1-875e-47e9-ac4e-eec1bfb32283&app_name=&idfa=0041bdf1-875e-47e9-ac4e-eec1bfb32283&aff_sub3= HTTP 302
- http://track.gourdmobi.com/click?id=2000456088&aff=20110573&click=deb339b66b7e4c02b2eaa7d95718277b-1643191200&aff_sub=1148_3&pkg=&appname=&idfa=0041bdf1-875e-47e9-ac4e-eec1bfb32283&ip=185.213.155.163&lang=&ua=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F97.0.4692.71+Safari%2F537.36 HTTP 302
- https://smartass.g2afse.com/click?pid=79&offer_id=2053726&sub1=&sub2=10110520_20110573_1148_3&sub3=N3gBHcZBDsAgCAXREzXhg4Du23MYUXsKDl_TxeSN4QViQE7mUxMEkDJ1_selA6V2ybVDpIVZ-C6TOHiP4aupo7J7XLAiaGCivJ_MI0hcP-iPGS8&sub4=0041bdf1-875e-47e9-ac4e-eec1bfb32283 HTTP 302
- https://thingortwo.g2afse.com/sl?id=5bffbf8000ca309f85166dd2&pid=146&sub2=10110520_20110573_1148_3&sub4=0041bdf1-875e-47e9-ac4e-eec1bfb32283&sub5= HTTP 302
- https://armr.trckswrm.com/recommendation?rec_link_id=306&pub_id=116
3 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
recommendation
armr.trckswrm.com/ Redirect Chain
|
211 B 288 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Primary Request
redirect
bercioles.com/ |
1 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
slope
poqueras.com/noid/ |
0 532 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
0 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| thingortwo.g2afse.com/ | Name: afclick Value: 61f11ba144c9800001c9d512 |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
| Source | Level | URL Text |
|---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
armr.trckswrm.com
bercioles.com
clk.hehemobi.com
poqueras.com
smartass.g2afse.com
thingortwo.g2afse.com
track.gourdmobi.com
116.202.246.182
172.67.155.17
172.67.171.70
212.7.209.75
3.129.139.197
34.213.11.109
34149322801fc418dae7f3ee06d79db3d174edfbb829ea41d18ab9f612a9028e
53d81c1354d446ecbf55d9716c242a81a470ecf846bbc8efe3426e716bd9a31e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855