openvisiting.com Open in urlscan Pro
2606:4700:3036::6815:e51 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.bever-klophaus.de/
Effective URL:
https://openvisiting.com/3p/?country=Germany&device_name=Apple%20iPhone&domain=mediaservingoc.com&uclick=4kgmd5a6&uclickh...
Submission: On August 28 via manual (August 28th 2024, 2:19:20 pm UTC) from DE — Scanned from DE

Summary HTTP 19 Redirects Behaviour Indicators

Summary

This website contacted 10 IPs in 5 countries across 13 domains to perform 19 HTTP transactions. The main IP is 2606:4700:3036::6815:e51, located in United States and belongs to CLOUDFLARENET, US. The main domain is openvisiting.com.
TLS certificate: Issued by WE1 on July 14th 2024. Valid for: 3 months.

This is the only time openvisiting.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Community Verdicts: Malicious — 1 votes Show Verdicts

Domain & IP information

	IP Address	AS Autonomous System
1 1	2a0a:51c0:0:1... 2a0a:51c0:0:12f::21	48314 (IP-PROJECTS) (IP-PROJECTS)
1 1	2a06:98c1:312... 2a06:98c1:3120::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	172.67.149.102 172.67.149.102	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	198.143.165.219 198.143.165.219	32475 (SINGLEHOP...) (SINGLEHOP-LLC)
2 3	51.68.82.147 51.68.82.147	16276 (OVH) (OVH)
1	108.178.23.116 108.178.23.116	32475 (SINGLEHOP...) (SINGLEHOP-LLC)
1 1	95.217.42.163 95.217.42.163	24940 (HETZNER-AS) (HETZNER-AS)
8	2606:4700:303... 2606:4700:3036::6815:e51	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	13.53.94.205 13.53.94.205	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700:20:... 2606:4700:20::ac43:46e9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a04:4e42:400... 2a04:4e42:400::649	54113 (FASTLY) (FASTLY)
1	2a00:1450:400... 2a00:1450:4001:829::200a	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:827::2003	15169 (GOOGLE) (GOOGLE)
19	10

1 2a0a:51c0:0:12f::21 (Germany) 1 redirects

ASN48314 (IP-PROJECTS, DE)

www.bever-klophaus.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a06:98c1:3120::3 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

infosystemsllc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.67.149.102 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

qltuh.rtb-feed.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 198.143.165.219 (United States)

ASN32475 (SINGLEHOP-LLC, US)
PTR: server04.com-2.mobi

m.tgoalkeeper.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 51.68.82.147 (United Kingdom) 2 redirects

ASN16276 (OVH, FR)

www.pegraneechato.digital	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.178.23.116 (United States)

ASN32475 (SINGLEHOP-LLC, US)
PTR: server04.com-2.mobi

puper.abrelatas.hair	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 95.217.42.163 (Helsinki, Finland) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.163.42.217.95.clients.your-server.de

mediaservingoc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2606:4700:3036::6815:e51 (United States)

ASN13335 (CLOUDFLARENET, US)

openvisiting.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.53.94.205 (Stockholm, Sweden)

ASN16509 (AMAZON-02, US)
PTR: ec2-13-53-94-205.eu-north-1.compute.amazonaws.com

wurfl.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::ac43:46e9 (United States)

ASN13335 (CLOUDFLARENET, US)

get.geojs.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:400::649 (United States)

ASN54113 (FASTLY, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	openvisiting.com openvisiting.com	69 KB
3	gstatic.com fonts.gstatic.com	40 KB
3	pegraneechato.digital www.pegraneechato.digital Failed	5 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 110	1 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 1211	30 KB
1	geojs.io get.geojs.io — Cisco Umbrella Rank: 19497	718 B
1	wurfl.io wurfl.io — Cisco Umbrella Rank: 36722	4 KB
1	mediaservingoc.com 1 redirects mediaservingoc.com	669 B
1	abrelatas.hair puper.abrelatas.hair	2 KB
1	tgoalkeeper.com m.tgoalkeeper.com	2 KB
1	rtb-feed.com 1 redirects qltuh.rtb-feed.com	717 B
1	infosystemsllc.com 1 redirects infosystemsllc.com	513 B
1	bever-klophaus.de 1 redirects www.bever-klophaus.de	217 B
19	13

	Domain	Requested by
8	openvisiting.com	puper.abrelatas.hair openvisiting.com
3	fonts.gstatic.com	fonts.googleapis.com
3	www.pegraneechato.digital	m.tgoalkeeper.com
1	fonts.googleapis.com	openvisiting.com
1	code.jquery.com	openvisiting.com
1	get.geojs.io	openvisiting.com
1	wurfl.io	openvisiting.com
1	mediaservingoc.com	1 redirects
1	puper.abrelatas.hair	www.pegraneechato.digital
1	m.tgoalkeeper.com
1	qltuh.rtb-feed.com	1 redirects
1	infosystemsllc.com	1 redirects
1	www.bever-klophaus.de	1 redirects
19	13

This site contains no links.

Subject Issuer	Validity	Valid
m.tgoalkeeper.com E5	`2024-08-21` - `2024-11-19`	3 months	crt.sh
www.pegraneechato.digital R11	`2024-07-24` - `2024-10-22`	3 months	crt.sh
puper.abrelatas.hair E6	`2024-08-27` - `2024-11-25`	3 months	crt.sh
openvisiting.com WE1	`2024-07-14` - `2024-10-12`	3 months	crt.sh
wurfl.io Amazon RSA 2048 M02	`2024-07-22` - `2025-08-19`	a year	crt.sh
geojs.io WE1	`2024-07-07` - `2024-10-05`	3 months	crt.sh
*.jquery.com Sectigo ECC Domain Validation Secure Server CA	`2024-06-25` - `2025-06-25`	a year	crt.sh
upload.video.google.com WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
*.gstatic.com WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://openvisiting.com/3p/?country=Germany&device_name=Apple%20iPhone&domain=mediaservingoc.com&uclick=4kgmd5a6&uclickhash=4kgmd5a6-4kgmd5a6-ir0-0-523y-ik3y-ikbl-529a26
Frame ID: D99ACBCF11B366AC45A0A28DCF913450
Requests: 19 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Action Blocked!

Page URL History Show full URLs

https://www.bever-klophaus.de/ HTTP 302
https://infosystemsllc.com/?cr7j3mqjvq38mvld069g HTTP 302
https://qltuh.rtb-feed.com/dc?pl=IU_akPY_IkiVh2gwYMnp_A&click_id=cr7j3mqjvq38mvld069g HTTP 302
https://m.tgoalkeeper.com/?utm_medium=1ee3c4cf96aca946efa2abdf072e9a1a2fe43dc6&utm_campaign=dc-nobid&1... Page URL
https://www.pegraneechato.digital/?sl=5827986-e6f5d&pub_click_id=M7408194733027098683&site=23891-3d2d4791&pub_... Page URL
https://www.pegraneechato.digital/?sl=5827986-e6f5d&pub_click_id=M7408194733027098683&site=23891-3d2d4791&pub_... HTTP 302
https://www.pegraneechato.digital/?sl=5827986-e6f5d&pub_click_id=M7408194733027098683&site=23891-3d2d4791&pub_... HTTP 302
https://puper.abrelatas.hair/?utm_medium=2c062e07fc4e2f2335b6bf77d8bc24ce9b3ba758&utm_campaign=DE_81e8e7&... Page URL
http://mediaservingoc.com/click.php?key=glg0el5milh3xjhb2jhu&subid=M7408194737322066017&partner_id=209... HTTP 307
https://mediaservingoc.com/click.php?key=glg0el5milh3xjhb2jhu&subid=M7408194737322066017&partner_id=209... HTTP 302
https://openvisiting.com/3p/?country=Germany&device_name=Apple%20iPhone&domain=mediaservingoc.com&ucl... Page URL

Detected technologies

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

19
Requests

95 %
HTTPS

54 %
IPv6

13
Domains

13
Subdomains

10
IPs

5
Countries

154 kB
Transfer

239 kB
Size

3
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.bever-klophaus.de/ HTTP 302
https://infosystemsllc.com/?cr7j3mqjvq38mvld069g HTTP 302
https://qltuh.rtb-feed.com/dc?pl=IU_akPY_IkiVh2gwYMnp_A&click_id=cr7j3mqjvq38mvld069g HTTP 302
https://m.tgoalkeeper.com/?utm_medium=1ee3c4cf96aca946efa2abdf072e9a1a2fe43dc6&utm_campaign=dc-nobid&1=nobid&cid=click_id&np=2 Page URL
https://www.pegraneechato.digital/?sl=5827986-e6f5d&pub_click_id=M7408194733027098683&site=23891-3d2d4791&pub_sub_id=23891 Page URL
https://www.pegraneechato.digital/?sl=5827986-e6f5d&pub_click_id=M7408194733027098683&site=23891-3d2d4791&pub_sub_id=23891&eyeg=26150771f65e929dc0b73ce4d56a6bda&eyer=0.13569043272988446&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=m.tgoalkeeper.com HTTP 302
https://www.pegraneechato.digital/?sl=5827986-e6f5d&pub_click_id=M7408194733027098683&site=23891-3d2d4791&pub_sub_id=23891&eyeg=3&eyer=0.13569043272988446&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=m.tgoalkeeper.com HTTP 302
https://puper.abrelatas.hair/?utm_medium=2c062e07fc4e2f2335b6bf77d8bc24ce9b3ba758&utm_campaign=DE_81e8e7&cid=555974062446833236&2=5827986&3=03&1=mdc_DE Page URL
http://mediaservingoc.com/click.php?key=glg0el5milh3xjhb2jhu&subid=M7408194737322066017&partner_id=20961&pid=20961-30dde1a6-8075f343&campaign_id=9626e6&browser=Chrome+Mobile+on+iOS&device=Apple+iPhone&app_name=unknown&geo=DE&carrier=DE+WiFi&pcid=9626e6_20961-30dde1a6-8075f343&pg=20961-DE HTTP 307
https://mediaservingoc.com/click.php?key=glg0el5milh3xjhb2jhu&subid=M7408194737322066017&partner_id=20961&pid=20961-30dde1a6-8075f343&campaign_id=9626e6&browser=Chrome+Mobile+on+iOS&device=Apple+iPhone&app_name=unknown&geo=DE&carrier=DE+WiFi&pcid=9626e6_20961-30dde1a6-8075f343&pg=20961-DE HTTP 302
https://openvisiting.com/3p/?country=Germany&device_name=Apple%20iPhone&domain=mediaservingoc.com&uclick=4kgmd5a6&uclickhash=4kgmd5a6-4kgmd5a6-ir0-0-523y-ik3y-ikbl-529a26 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://www.bever-klophaus.de/ HTTP 302
https://infosystemsllc.com/?cr7j3mqjvq38mvld069g HTTP 302
https://qltuh.rtb-feed.com/dc?pl=IU_akPY_IkiVh2gwYMnp_A&click_id=cr7j3mqjvq38mvld069g HTTP 302
https://m.tgoalkeeper.com/?utm_medium=1ee3c4cf96aca946efa2abdf072e9a1a2fe43dc6&utm_campaign=dc-nobid&1=nobid&cid=click_id&np=2

Request Chain 1

https://m.tgoalkeeper.com/proc.php?0c5ad55e561b8ef7a0f3a0f8cb3dfb4289b7c221 HTTP 301
https://www.pegraneechato.digital/?sl=5827986-e6f5d&pub_click_id=M7408194733027098683&site=23891-3d2d4791&pub_sub_id=23891

Request Chain 3

https://www.pegraneechato.digital/?sl=5827986-e6f5d&pub_click_id=M7408194733027098683&site=23891-3d2d4791&pub_sub_id=23891&eyeg=26150771f65e929dc0b73ce4d56a6bda&eyer=0.13569043272988446&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=m.tgoalkeeper.com HTTP 302
https://www.pegraneechato.digital/?sl=5827986-e6f5d&pub_click_id=M7408194733027098683&site=23891-3d2d4791&pub_sub_id=23891&eyeg=3&eyer=0.13569043272988446&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=m.tgoalkeeper.com HTTP 302
https://puper.abrelatas.hair/?utm_medium=2c062e07fc4e2f2335b6bf77d8bc24ce9b3ba758&utm_campaign=DE_81e8e7&cid=555974062446833236&2=5827986&3=03&1=mdc_DE

19 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

/ Show response
m.tgoalkeeper.com/
Redirect Chain

https://www.bever-klophaus.de/
https://infosystemsllc.com/?cr7j3mqjvq38mvld069g
https://qltuh.rtb-feed.com/dc?pl=IU_akPY_IkiVh2gwYMnp_A&click_id=cr7j3mqjvq38mvld069g
https://m.tgoalkeeper.com/?utm_medium=1ee3c4cf96aca946efa2abdf072e9a1a2fe43dc6&utm_campaign=dc-nobid&1=nobid&cid=click_id&np=2

6 KB
2 KB

419ms
122ms

Document
text/html

198.143.165.219
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://m.tgoalkeeper.com/?utm_medium=1ee3c4cf96aca946efa2abdf072e9a1a2fe43dc6&utm_campaign=dc-nobid&1=nobid&cid=click_id&np=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

198.143.165.219 , United States, ASN32475 (SINGLEHOP-LLC, US),

Reverse DNS

server04.com-2.mobi

Software

nginx /

Resource Hash

4d0cc90520313623b3010a5c68a1ff2ad85bf972eb5489de3061c9ce657e6f1b

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_6 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/128.0.6613.92 Mobile/15E148 Safari/604.1

Response headers

accept-ch: Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version
alt-svc: h3=":443"; ma=604800; persist=1
cache-control: no-store, no-cache, must-revalidate, max-age=0
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Wed, 28 Aug 2024 14:19:08 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
server: nginx
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Accept-Encoding

Redirect headers

accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
alt-svc: h3=":443"; ma=86400
cache-control: max-age=0, no-cache, no-store, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 8ba4ef3d0a611d8a-FRA
content-length: 0
date: Wed, 28 Aug 2024 14:19:07 GMT
location: https://m.tgoalkeeper.com/?utm_medium=1ee3c4cf96aca946efa2abdf072e9a1a2fe43dc6&utm_campaign=dc-nobid&1=nobid&cid=click_id&np=2
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: no-referrer
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LuCJWfsnaSd9qbCAmTfLPDpfMuJ8jzAA6D90YpWm5ivVPsZKuz6CI3llSrs6azqNYR2fUTS5GKKp9eojXKcs2k4mJuQMBQ4B2Sc4V9c%2F5vTxK5FB9pLSSnAwMJBNdufC5PBC%2FYg%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
x-frame-options: DENY

GET

/
www.pegraneechato.digital/
Redirect Chain

https://m.tgoalkeeper.com/proc.php?0c5ad55e561b8ef7a0f3a0f8cb3dfb4289b7c221
https://www.pegraneechato.digital/?sl=5827986-e6f5d&pub_click_id=M7408194733027098683&site=23891-3d2d4791&pub_sub_id=23891

0
0

GET
H/1.1 200
OK /
www.pegraneechato.digital/ 4 KB
4 KB 191ms
9ms Document
text/html 51.68.82.147
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://www.pegraneechato.digital/?sl=5827986-e6f5d&pub_click_id=M7408194733027098683&site=23891-3d2d4791&pub_sub_id=23891
Requested by: Host: m.tgoalkeeper.com
URL: https://m.tgoalkeeper.com/proc.php?0c5ad55e561b8ef7a0f3a0f8cb3dfb4289b7c221
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 51.68.82.147 , United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://m.tgoalkeeper.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_6 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/128.0.6613.92 Mobile/15E148 Safari/604.1

Response headers

Accept-CH: Sec-CH-UA-Platform-Version
Cache-Control: no-transform
Connection: keep-alive
Content-Type: text/html
Date: Wed, 28 Aug 2024 14:19:08 GMT
Transfer-Encoding: chunked

GET
H2

200

/ Show response
puper.abrelatas.hair/
Redirect Chain

https://www.pegraneechato.digital/?sl=5827986-e6f5d&pub_click_id=M7408194733027098683&site=23891-3d2d4791&pub_sub_id=23891&eyeg=26150771f65e929dc0b73ce4d56a6bda&eyer=0.13569043272988446&eyei=0&eyew...
https://www.pegraneechato.digital/?sl=5827986-e6f5d&pub_click_id=M7408194733027098683&site=23891-3d2d4791&pub_sub_id=23891&eyeg=3&eyer=0.13569043272988446&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=...
https://puper.abrelatas.hair/?utm_medium=2c062e07fc4e2f2335b6bf77d8bc24ce9b3ba758&utm_campaign=DE_81e8e7&cid=555974062446833236&2=5827986&3=03&1=mdc_DE

7 KB
2 KB

609ms
121ms

Document
text/html

108.178.23.116
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://puper.abrelatas.hair/?utm_medium=2c062e07fc4e2f2335b6bf77d8bc24ce9b3ba758&utm_campaign=DE_81e8e7&cid=555974062446833236&2=5827986&3=03&1=mdc_DE

Requested by

Host: www.pegraneechato.digital
URL: https://www.pegraneechato.digital/?sl=5827986-e6f5d&pub_click_id=M7408194733027098683&site=23891-3d2d4791&pub_sub_id=23891

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.178.23.116 , United States, ASN32475 (SINGLEHOP-LLC, US),

Reverse DNS

server04.com-2.mobi

Software

nginx /

Resource Hash

2362ff206d8120d7bb2f942a45751a5c096e7c23f72eebf9b03c5dcba5c14b3c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://www.pegraneechato.digital/?sl=5827986-e6f5d&pub_click_id=M7408194733027098683&site=23891-3d2d4791&pub_sub_id=23891
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_6 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/128.0.6613.92 Mobile/15E148 Safari/604.1

Response headers

accept-ch: Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version
alt-svc: h3=":443"; ma=604800; persist=1
cache-control: no-store, no-cache, must-revalidate, max-age=0
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Wed, 28 Aug 2024 14:19:09 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
server: nginx
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Accept-Encoding

Redirect headers

Cache-Control: no-transform
Connection: keep-alive
Content-Length: 0
Date: Wed, 28 Aug 2024 14:19:09 GMT
Location: https://puper.abrelatas.hair/?utm_medium=2c062e07fc4e2f2335b6bf77d8bc24ce9b3ba758&utm_campaign=DE_81e8e7&cid=555974062446833236&2=5827986&3=03&1=mdc_DE

GET
H3

200

Primary Request / Show response
openvisiting.com/3p/
Redirect Chain

http://mediaservingoc.com/click.php?key=glg0el5milh3xjhb2jhu&subid=M7408194737322066017&partner_id=20961&pid=20961-30dde1a6-8075f343&campaign_id=9626e6&browser=Chrome+Mobile+on+iOS&device=Apple+iPh...
https://mediaservingoc.com/click.php?key=glg0el5milh3xjhb2jhu&subid=M7408194737322066017&partner_id=20961&pid=20961-30dde1a6-8075f343&campaign_id=9626e6&browser=Chrome+Mobile+on+iOS&device=Apple+iP...
https://openvisiting.com/3p/?country=Germany&device_name=Apple%20iPhone&domain=mediaservingoc.com&uclick=4kgmd5a6&uclickhash=4kgmd5a6-4kgmd5a6-ir0-0-523y-ik3y-ikbl-529a26

3 KB
1 KB

221ms
91ms

Document
text/html

2606:4700:3036::6815:e51
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://openvisiting.com/3p/?country=Germany&device_name=Apple%20iPhone&domain=mediaservingoc.com&uclick=4kgmd5a6&uclickhash=4kgmd5a6-4kgmd5a6-ir0-0-523y-ik3y-ikbl-529a26

Requested by

Host: puper.abrelatas.hair
URL: https://puper.abrelatas.hair/?utm_medium=2c062e07fc4e2f2335b6bf77d8bc24ce9b3ba758&utm_campaign=DE_81e8e7&cid=555974062446833236&2=5827986&3=03&1=mdc_DE

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3036::6815:e51 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e163c2fb0760feddfb163cbc41fa52bffa49ce670ac0e198332ef96619f16680

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://puper.abrelatas.hair/?utm_medium=2c062e07fc4e2f2335b6bf77d8bc24ce9b3ba758&utm_campaign=DE_81e8e7&cid=555974062446833236&2=5827986&3=03&1=mdc_DE#0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_6 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/128.0.6613.92 Mobile/15E148 Safari/604.1

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8ba4ef51b9239f5e-AMS
content-encoding: br
content-type: text/html; charset=UTF-8
date: Wed, 28 Aug 2024 14:19:11 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=S8XNLqT8gXjbS44DDdu8CwuIfhSyqQXF33m8Vb8cOE63t1h3GflH0lPOJgexVBvJzfiVd6O2m4ZoE3%2FEEdZBUmptiUkga8ZXb0v3xbSiUSbs3PMSpTTHixfY5DqF%2FK4ttbrMJ8oLuzJkLzKu0hHI"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000

Redirect headers

Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Date: Wed, 28 Aug 2024 14:19:10 GMT
Location: https://openvisiting.com/3p/?country=Germany&device_name=Apple%20iPhone&domain=mediaservingoc.com&uclick=4kgmd5a6&uclickhash=4kgmd5a6-4kgmd5a6-ir0-0-523y-ik3y-ikbl-529a26
Server: nginx/1.26.0
Strict-Transport-Security: max-age=31536000
Transfer-Encoding: chunked

GET
H3 200 script.js Show response
openvisiting.com/3p/ 2 KB
1 KB 29ms
28ms Script
application/javascript 2606:4700:3036::6815:e51
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://openvisiting.com/3p/script.js

Requested by

Host: openvisiting.com
URL: https://openvisiting.com/3p/?country=Germany&device_name=Apple%20iPhone&domain=mediaservingoc.com&uclick=4kgmd5a6&uclickhash=4kgmd5a6-4kgmd5a6-ir0-0-523y-ik3y-ikbl-529a26

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3036::6815:e51 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

252b35641180eb6f5ef167a3abf6dcef81b012f3d902cc0f46bb009fcd6451b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://openvisiting.com/3p/?country=Germany&device_name=Apple%20iPhone&domain=mediaservingoc.com&uclick=4kgmd5a6&uclickhash=4kgmd5a6-4kgmd5a6-ir0-0-523y-ik3y-ikbl-529a26
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_6 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/128.0.6613.92 Mobile/15E148 Safari/604.1

Response headers

date: Wed, 28 Aug 2024 14:19:11 GMT
strict-transport-security: max-age=31536000
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 06 Feb 2024 10:52:54 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 58
etag: W/"65c20f86-7ed"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8EZR6rvNy8SgYn6iR4FjoPjgiTVM7Lnk6e%2B%2FHmxcnbkYeEZKGkoTu%2BrTit5cNzeAFOpthRN4uOn0%2B3gKxBu5bAlaEsg0iyygnDMB0MRwHKMMB4xx84fBEaGCqPihJ0OonunoCi%2BYsZfgKwm%2Fv9S%2B"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 8ba4ef52eadc9f5e-AMS
alt-svc: h3=":443"; ma=86400

GET
H/1.1 200
OK wurfl.js Show response
wurfl.io/ 12 KB
4 KB 160ms
30ms Script
application/json 13.53.94.205
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://wurfl.io/wurfl.js
Requested by: Host: openvisiting.com
URL: https://openvisiting.com/3p/?country=Germany&device_name=Apple%20iPhone&domain=mediaservingoc.com&uclick=4kgmd5a6&uclickhash=4kgmd5a6-4kgmd5a6-ir0-0-523y-ik3y-ikbl-529a26
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.53.94.205 Stockholm, Sweden, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-53-94-205.eu-north-1.compute.amazonaws.com
Software: /
Resource Hash: 637ba5c96bc11aac7b5c8104f5a1cd5904761214d1d1ea41e7db06b6bbc8827c

Request headers

Referer: https://openvisiting.com/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_6 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/128.0.6613.92 Mobile/15E148 Safari/604.1

Response headers

Date: Wed, 28 Aug 2024 14:19:11 GMT
Content-Encoding: br
Accept-Ch: Sec-Ch-Ua, Sec-Ch-Ua-Arch, Sec-Ch-Ua-Bitness, Sec-Ch-Ua-Full-Version, Sec-Ch-Ua-Full-Version-List, Sec-Ch-Ua-Mobile, Sec-Ch-Ua-Model, Sec-Ch-Ua-Platform, Sec-Ch-Ua-Platform-Version
Cross-Origin-Opener-Policy: cross-origin
Cross-Origin-Embedder-Policy: cross-origin
Vary: accept-encoding, user-agent, sec-ch-ua, sec-ch-ua-arch, sec-ch-ua-bitness, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-mobile, sec-ch-ua-model, sec-ch-ua-platform, sec-ch-ua-platform-version
Content-Type: application/json
Cache-Control: no-cache
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Length: 3651

GET
H3 200 country.js Show response
get.geojs.io/v1/ip/ 107 B
718 B 254ms
179ms Script
application/javascript 2606:4700:20::ac43:46e9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://get.geojs.io/v1/ip/country.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:46e9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

99271efc1e4117fe60a72e90c7e99e77b84732407bdceff7bdb1139decb8fde4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://openvisiting.com/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_6 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/128.0.6613.92 Mobile/15E148 Safari/604.1

Response headers

date: Wed, 28 Aug 2024 14:19:11 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
geojs-backend: ash-01
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-request-id: 031dfb94c09680168b5a6dff3b576d12-ASH
pragma: no-cache
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=V4uGWTpU%2BW0LDicxjJeJFdsK47HIeLchsNexWvyOTJW7PXfP38VODGMALAhZHs4L9YGqqzkle3cJ6VJ8EdZdHYMJkWvD40uxvj2zJppXJ%2FW2R2kYnYo1DelFCLgqQ6a1xWlP%2Bnm%2FA4EXzw%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray: 8ba4ef5439ca9fff-AMS

GET
H2 200 jquery-3.7.1.min.js Show response
code.jquery.com/ 85 KB
30 KB 90ms
13ms Script
application/javascript 2a04:4e42:400::649
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.7.1.min.js
Requested by: Host: openvisiting.com
URL: https://openvisiting.com/3p/?country=Germany&device_name=Apple%20iPhone&domain=mediaservingoc.com&uclick=4kgmd5a6&uclickhash=4kgmd5a6-4kgmd5a6-ir0-0-523y-ik3y-ikbl-529a26
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:400::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a

Request headers

Referer: https://openvisiting.com/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_6 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/128.0.6613.92 Mobile/15E148 Safari/604.1

Response headers

date: Wed, 28 Aug 2024 14:19:11 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
age: 2430312
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
content-length: 30336
x-served-by: cache-lga21978-LGA, cache-fra-etou8220078-FRA
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
server: nginx
x-timer: S1724854751.395779,VS0,VE0
etag: W/"28feccc0-155ed"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=604800
accept-ranges: bytes
x-cache-hits: 3, 236275

GET
H3 200 style.css
openvisiting.com/3p/ 4 KB
2 KB 29ms
28ms Stylesheet
text/css 2606:4700:3036::6815:e51
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://openvisiting.com/3p/style.css

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3036::6815:e51 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8cc56e01ec04772b51e8d8a3f8e0cb740a44a501c992a37b10515001cef94d4c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://openvisiting.com/3p/?country=Germany&device_name=Apple%20iPhone&domain=mediaservingoc.com&uclick=4kgmd5a6&uclickhash=4kgmd5a6-4kgmd5a6-ir0-0-523y-ik3y-ikbl-529a26
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_6 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/128.0.6613.92 Mobile/15E148 Safari/604.1

Response headers

date: Wed, 28 Aug 2024 14:19:11 GMT
strict-transport-security: max-age=31536000
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 02 Feb 2024 21:21:55 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 1720
etag: W/"65bd5cf3-ebe"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0yamhQrg30uCKVFJHLCl0%2B5nafksMZHR3kthaZG70p8GhyVH0MKcMV491Rxx7RFZkJ7OakDY4gJeMre0YThdq8kESU4TSY2opRnOrqVo%2BaN1Ep9f6LqDGZx%2FFUWtN1veX2mvrH9cY9t%2Fn3mZWvev"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 8ba4ef52eadf9f5e-AMS
alt-svc: h3=":443"; ma=86400

GET
H2 200 css2
fonts.googleapis.com/ 14 KB
1 KB 106ms
26ms Stylesheet
text/css 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700;900&display=swap

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e80e861a2fa0acf228a197d50245038a83c01823536de4ec06a806e61520e206

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://openvisiting.com/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_6 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/128.0.6613.92 Mobile/15E148 Safari/604.1

Response headers

strict-transport-security: max-age=31536000
date: Wed, 28 Aug 2024 14:19:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
expires: Wed, 28 Aug 2024 14:19:11 GMT

GET
H3 200 logo.png
openvisiting.com/3p/images/ 3 KB
4 KB 29ms
28ms Image
image/png 2606:4700:3036::6815:e51
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://openvisiting.com/3p/images/logo.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3036::6815:e51 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3be024377b052ad72a32aa5de6eabbddf6fd4168d4579cc865c872d8e57fca36

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://openvisiting.com/3p/?country=Germany&device_name=Apple%20iPhone&domain=mediaservingoc.com&uclick=4kgmd5a6&uclickhash=4kgmd5a6-4kgmd5a6-ir0-0-523y-ik3y-ikbl-529a26
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_6 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/128.0.6613.92 Mobile/15E148 Safari/604.1

Response headers

date: Wed, 28 Aug 2024 14:19:11 GMT
strict-transport-security: max-age=31536000
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 6210
alt-svc: h3=":443"; ma=86400
content-length: 3210
last-modified: Sun, 04 Feb 2024 19:21:22 GMT
server: cloudflare
etag: "65bfe3b2-c8a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=M2dLAaO3Nf2WHKnRjvJWH66WEDajvVG%2F9PG0y6XfoNn9aiBpyT4H1CgD%2F8NaE8MC4humbGRiuXgtQ5DGOriiwCw44jLa7QwZiM0Mh2qhX7XyLRPsB3TC5Jmnd7tOb8HAQ1YM2VGqDCOBrJEpY3vI"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 8ba4ef52eae29f5e-AMS

GET
H3 200 check.png
openvisiting.com/3p/images/ 3 KB
3 KB 34ms
33ms Image
image/png 2606:4700:3036::6815:e51
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://openvisiting.com/3p/images/check.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3036::6815:e51 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7879caae870090c87c28a02d608dd25d1988b6887c30f5ea99a3777964d905f5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://openvisiting.com/3p/?country=Germany&device_name=Apple%20iPhone&domain=mediaservingoc.com&uclick=4kgmd5a6&uclickhash=4kgmd5a6-4kgmd5a6-ir0-0-523y-ik3y-ikbl-529a26
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_6 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/128.0.6613.92 Mobile/15E148 Safari/604.1

Response headers

date: Wed, 28 Aug 2024 14:19:11 GMT
strict-transport-security: max-age=31536000
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1451
alt-svc: h3=":443"; ma=86400
content-length: 2649
last-modified: Sun, 04 Feb 2024 19:21:22 GMT
server: cloudflare
etag: "65bfe3b2-a59"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1p2%2FL%2FR1ohZpZxRKxvOOGTjhDcako5szB4XsAkQiIXmmnErpwYqwp7QJ5ZG3NP03bnXqIG7t9acvoLQMdgkJQmW3luj9OkTJFE1H5EyxF0zd%2FCIRGsH3GvQjI4at7PVD5OWLFwVxhdjkqShZfUU3"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 8ba4ef52eae49f5e-AMS

GET
H3 200 arrow.png
openvisiting.com/3p/images/ 3 KB
3 KB 32ms
31ms Image
image/png 2606:4700:3036::6815:e51
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://openvisiting.com/3p/images/arrow.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3036::6815:e51 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

25da48f054c6205c8c98783dcf2ca52813c0448180f5313fd17c95604d2ab901

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://openvisiting.com/3p/?country=Germany&device_name=Apple%20iPhone&domain=mediaservingoc.com&uclick=4kgmd5a6&uclickhash=4kgmd5a6-4kgmd5a6-ir0-0-523y-ik3y-ikbl-529a26
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_6 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/128.0.6613.92 Mobile/15E148 Safari/604.1

Response headers

date: Wed, 28 Aug 2024 14:19:11 GMT
strict-transport-security: max-age=31536000
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3016
alt-svc: h3=":443"; ma=86400
content-length: 2938
last-modified: Sun, 04 Feb 2024 19:21:22 GMT
server: cloudflare
etag: "65bfe3b2-b7a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=n5TP60FWY8rJCNUEDnzm4bB6a4GiG8sR8yfkXukQCu6jICqDpedVBrxDJxgh%2BhvCopsJQuTCxqR3jzvkO6G1OhKO708PFbMbs4MRXExPRROeG59PHqiBAFuNazZnamEm4tcesIbdddBtpmEWR0qv"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 8ba4ef539bcb9f5e-AMS

GET
H3 200 bg.png
openvisiting.com/3p/images/ 54 KB
55 KB 32ms
26ms Image
image/png 2606:4700:3036::6815:e51
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://openvisiting.com/3p/images/bg.png

Requested by

Host: openvisiting.com
URL: https://openvisiting.com/3p/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3036::6815:e51 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

45dc96c114f10246160edc4407b8a4b517b1b27a43e56aedea256906c1c567c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://openvisiting.com/3p/style.css
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_6 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/128.0.6613.92 Mobile/15E148 Safari/604.1

Response headers

date: Wed, 28 Aug 2024 14:19:11 GMT
strict-transport-security: max-age=31536000
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 6786
alt-svc: h3=":443"; ma=86400
content-length: 55530
last-modified: Sun, 04 Feb 2024 19:21:22 GMT
server: cloudflare
etag: "65bfe3b2-d8ea"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XhA%2BOdO106KWnOAd4s%2F8pvpMuVhanxGZGuvz%2BEyVtwIq6EcpOvgm3qRx22c6lw2Jj%2FTk7R8XhsaPnzgUS1QM1K8M%2BuSMYLo%2BdhpnbrFMuqswjmG7kSP8%2BcXWIlV6EGIuxgmaOwt1mjJIJK2u%2BgDM"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 8ba4ef53dc379f5e-AMS

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v32/ 13 KB
14 KB 76ms
33ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700;900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0a7fc3de6341e5ab2853f213dbf792903cd35039daa9530a649a20a877ccac8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://openvisiting.com
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_6 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/128.0.6613.92 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 26 Aug 2024 07:25:43 GMT
x-content-type-options: nosniff
age: 197608
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13408
x-xss-protection: 0
last-modified: Thu, 01 Aug 2024 20:41:26 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 26 Aug 2025 07:25:43 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v32/ 13 KB
13 KB 70ms
32ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700;900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bf9cfe01317e3758dd38982921dc1f26cc7243237d02e7ed90d3830b6f4e8ed0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://openvisiting.com
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_6 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/128.0.6613.92 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 26 Aug 2024 07:58:49 GMT
x-content-type-options: nosniff
age: 195622
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13388
x-xss-protection: 0
last-modified: Thu, 01 Aug 2024 20:41:22 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 26 Aug 2025 07:58:49 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v32/ 13 KB
13 KB 71ms
33ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700;900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0e637574ec102b93795e00daaa92eebdacf1dcee9133b123fb9b56ea8eaf7e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://openvisiting.com
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_6 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/128.0.6613.92 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 26 Aug 2024 07:08:23 GMT
x-content-type-options: nosniff
age: 198648
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13432
x-xss-protection: 0
last-modified: Thu, 01 Aug 2024 20:41:24 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 26 Aug 2025 07:08:23 GMT

GET
H3 404 favicon.ico
openvisiting.com/ 153 B
531 B 27ms
27ms Other
text/html 2606:4700:3036::6815:e51
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://openvisiting.com/favicon.ico
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:e51 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ac121bcb304c5fa62ccd86c96327a12ea0a7b9165fc50123ee55a9030ff41000

Request headers

Referer: https://openvisiting.com/3p/?country=Germany&device_name=Apple%20iPhone&domain=mediaservingoc.com&uclick=4kgmd5a6&uclickhash=4kgmd5a6-4kgmd5a6-ir0-0-523y-ik3y-ikbl-529a26
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_6 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/128.0.6613.92 Mobile/15E148 Safari/604.1

Response headers

date: Wed, 28 Aug 2024 14:19:11 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 142
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PGhnkcUlR4lEjh2XQKvLLxylQshrqO2tMvfQjuaZVLpC48Lco%2BVzK4frTi3klix%2FfEeccYY%2FhptGNW0BntpKKinQPxwrlV5FoUo80Owq12FbyRAxUdA7%2BzAk2P9nIuuZwsdT8dZc9TrFyIcJcVdp"}],"group":"cf-nel","max_age":604800}
content-type: text/html
cache-control: max-age=14400
cf-ray: 8ba4ef5638099f5e-AMS
alt-svc: h3=":443"; ma=86400

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.pegraneechato.digital
URL: https://www.pegraneechato.digital/?sl=5827986-e6f5d&pub_click_id=M7408194733027098683&site=23891-3d2d4791&pub_sub_id=23891

Verdicts & Comments Add Verdict or Comment

Malicious page.url
Submitted on August 28th 2024, 2:25:24 pm UTC — From Germany

Threats: Scam
Comment: Scam redirect see also https://app.any.run/tasks/d288c4f0-7a3f-42f8-94c2-9461b351c5c6

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
qltuh.rtb-feed.com/	1970-01-21 08:43:34	Name: __dcu Value: 30a006ee-9037-4246-9bd0-1367ee17d39b
mediaservingoc.com/	1970-01-20 23:09:01	Name: uclick Value: 4kgmd5a6
mediaservingoc.com/	1970-01-20 23:09:01	Name: uclickhash Value: 4kgmd5a6-4kgmd5a6-ir0-0-523y-ik3y-ikbl-529a26

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://openvisiting.com/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

code.jquery.com
fonts.googleapis.com
fonts.gstatic.com
get.geojs.io
infosystemsllc.com
m.tgoalkeeper.com
mediaservingoc.com
openvisiting.com
puper.abrelatas.hair
qltuh.rtb-feed.com
wurfl.io
www.bever-klophaus.de
www.pegraneechato.digital
www.pegraneechato.digital
108.178.23.116
13.53.94.205
172.67.149.102
198.143.165.219
2606:4700:20::ac43:46e9
2606:4700:3036::6815:e51
2a00:1450:4001:827::2003
2a00:1450:4001:829::200a
2a04:4e42:400::649
2a06:98c1:3120::3
2a0a:51c0:0:12f::21
51.68.82.147
95.217.42.163
0a7fc3de6341e5ab2853f213dbf792903cd35039daa9530a649a20a877ccac8a
0e637574ec102b93795e00daaa92eebdacf1dcee9133b123fb9b56ea8eaf7e14
2362ff206d8120d7bb2f942a45751a5c096e7c23f72eebf9b03c5dcba5c14b3c
252b35641180eb6f5ef167a3abf6dcef81b012f3d902cc0f46bb009fcd6451b5
25da48f054c6205c8c98783dcf2ca52813c0448180f5313fd17c95604d2ab901
3be024377b052ad72a32aa5de6eabbddf6fd4168d4579cc865c872d8e57fca36
45dc96c114f10246160edc4407b8a4b517b1b27a43e56aedea256906c1c567c7
4d0cc90520313623b3010a5c68a1ff2ad85bf972eb5489de3061c9ce657e6f1b
637ba5c96bc11aac7b5c8104f5a1cd5904761214d1d1ea41e7db06b6bbc8827c
7879caae870090c87c28a02d608dd25d1988b6887c30f5ea99a3777964d905f5
8cc56e01ec04772b51e8d8a3f8e0cb740a44a501c992a37b10515001cef94d4c
99271efc1e4117fe60a72e90c7e99e77b84732407bdceff7bdb1139decb8fde4
ac121bcb304c5fa62ccd86c96327a12ea0a7b9165fc50123ee55a9030ff41000
bf9cfe01317e3758dd38982921dc1f26cc7243237d02e7ed90d3830b6f4e8ed0
e163c2fb0760feddfb163cbc41fa52bffa49ce670ac0e198332ef96619f16680
e80e861a2fa0acf228a197d50245038a83c01823536de4ec06a806e61520e206
fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a

openvisiting.com Open in urlscan Pro 2606:4700:3036::6815:e51 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Community Verdicts: Malicious — 1 votes Show Verdicts

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

19 Requests

95 %HTTPS

54 %IPv6

13 Domains

13 Subdomains

10 IPs

5 Countries

154 kBTransfer

239 kBSize

3 Cookies

0 Outgoing links

Page URL History

Redirected requests

19 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Malicious page.url Submitted on August 28th 2024, 2:25:24 pm UTC — From Germany

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

15 JavaScript Global Variables

3 Cookies

1 Console Messages

Security Headers

Indicators

openvisiting.com Open in urlscan Pro
2606:4700:3036::6815:e51 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

19
Requests

95 %
HTTPS

54 %
IPv6

13
Domains

13
Subdomains

10
IPs

5
Countries

154 kB
Transfer

239 kB
Size

3
Cookies

19 HTTP transactions
0 data transactions

Malicious page.url
Submitted on August 28th 2024, 2:25:24 pm UTC — From Germany

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!