venadvstar.com Open in urlscan Pro
2606:4700:3032::ac43:d080 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://quero-cancelar.site/
Effective URL:
https://venadvstar.com/YPN7HdWu-PAuQhKRk8YcGh5qM96SmcLALtu-I_TJLkg/?clck=73aa1250-9454-11ee-9b5d-53d9946961cb&sid=4ac33186
Submission: On December 06 via api (December 6th 2023, 4:28:18 pm UTC) from IN — Scanned from DE

Summary HTTP 9 Redirects Behaviour Indicators

Summary

This website contacted 7 IPs in 3 countries across 8 domains to perform 9 HTTP transactions. The main IP is 2606:4700:3032::ac43:d080, located in United States and belongs to CLOUDFLARENET, US. The main domain is venadvstar.com.
TLS certificate: Issued by GTS CA 1P5 on December 3rd 2023. Valid for: 3 months.

This is the only time venadvstar.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	104.143.9.110 104.143.9.110	399522 (TP) (TP)
1 1	148.135.95.235 148.135.95.235	35916 (MULTA-ASN1) (MULTA-ASN1)
1 1	2a05:d018:e36... 2a05:d018:e36:3910:4eca:3b31:3ec6:23d5	16509 (AMAZON-02) (AMAZON-02)
2	67.212.184.150 67.212.184.150	32475 (SINGLEHOP...) (SINGLEHOP-LLC)
1 2	95.211.26.204 95.211.26.204	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
2	2606:4700:303... 2606:4700:3032::ac43:d080	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:20:... 2606:4700:20::681a:6e4	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a06:98c1:312... 2a06:98c1:3120::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700:20:... 2606:4700:20::681a:7e4	13335 (CLOUDFLAR...) (CLOUDFLARENET)
9	7

1 104.143.9.110 (United States) 1 redirects

ASN399522 (TP, US)

quero-cancelar.site	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 148.135.95.235 (Los Angeles, United States) 1 redirects

ASN35916 (MULTA-ASN1, US)
PTR: 107-26-82-173-dedicated.multacom.com

u.cellreva.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d018:e36:3910:4eca:3b31:3ec6:23d5 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

cddtsecure.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 67.212.184.150 (United States)

ASN32475 (SINGLEHOP-LLC, US)
PTR: server04.com-2.mobi

now.thebestflowingtraff.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 95.211.26.204 (Netherlands) 1 redirects

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)

skyflyors.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:3032::ac43:d080 (United States)

ASN13335 (CLOUDFLARENET, US)

venadvstar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::681a:6e4 (United States)

ASN13335 (CLOUDFLARENET, US)

sdk.ocmhood.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a06:98c1:3120::3 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.ocmtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::681a:7e4 (United States)

ASN13335 (CLOUDFLARENET, US)

t.ocmhood.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	ocmhood.com sdk.ocmhood.com — Cisco Umbrella Rank: 50150 t.ocmhood.com — Cisco Umbrella Rank: 11511	13 KB
2	venadvstar.com venadvstar.com	21 KB
2	skyflyors.com 1 redirects skyflyors.com	2 KB
2	thebestflowingtraff.co now.thebestflowingtraff.co	4 KB
1	ocmtag.com cdn.ocmtag.com — Cisco Umbrella Rank: 52663	704 B
1	cddtsecure.com 1 redirects cddtsecure.com	3 KB
1	cellreva.com 1 redirects u.cellreva.com	336 B
1	quero-cancelar.site 1 redirects quero-cancelar.site	506 B
9	8

	Domain	Requested by
2	t.ocmhood.com	sdk.ocmhood.com
2	venadvstar.com	skyflyors.com venadvstar.com
2	skyflyors.com	1 redirects now.thebestflowingtraff.co
2	now.thebestflowingtraff.co	now.thebestflowingtraff.co
1	cdn.ocmtag.com	sdk.ocmhood.com
1	sdk.ocmhood.com	venadvstar.com
1	cddtsecure.com	1 redirects
1	u.cellreva.com	1 redirects
1	quero-cancelar.site	1 redirects
9	9

This site contains no links.

Subject Issuer	Validity	Valid
now.thebestflowingtraff.co R3	`2023-11-27` - `2024-02-25`	3 months	crt.sh
skyflyors.com R3	`2023-10-06` - `2024-01-04`	3 months	crt.sh
venadvstar.com GTS CA 1P5	`2023-12-03` - `2024-03-02`	3 months	crt.sh
ocmhood.com Cloudflare Inc ECC CA-3	`2023-04-04` - `2024-04-03`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-01-25` - `2024-01-24`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://venadvstar.com/YPN7HdWu-PAuQhKRk8YcGh5qM96SmcLALtu-I_TJLkg/?clck=73aa1250-9454-11ee-9b5d-53d9946961cb&sid=4ac33186
Frame ID: 73E1BD9A768E5E5B0FFCEA07C205C941
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Click Allow

Page URL History Show full URLs

http://quero-cancelar.site/ HTTP 301
https://u.cellreva.com/c2u6l3k.php?key=54sgs7c9m4qg4z7orf1f&p1ease=Wrench2_Emote_Backboard HTTP 302
https://cddtsecure.com/?a=224010&c=354210&s2=76407gma6e2i47b5 HTTP 302
https://now.thebestflowingtraff.co/?utm_medium=4451766718d6d6af6232cd3e772ffb5117e3cb21&utm_campaign=Main&1=224... Page URL
https://now.thebestflowingtraff.co/proc.php?028190bd84f8f6b6fc802eb594c0dd7bea1887c6 Page URL
https://skyflyors.com/i/49347?clickid=M7309519336870248783&PublisherID=951&PlacementID=951-56dbe9e... HTTP 302
https://skyflyors.com/h/Ya7W8YtTmjAYjsJADrJiSUzBqm_._.5LIGxznwI2W72hd45Tszh5QvFb.wSPER_OklNB3Eo_Ii... Page URL
https://venadvstar.com/YPN7HdWu-PAuQhKRk8YcGh5qM96SmcLALtu-I_TJLkg/?clck=73aa1250-9454-11ee-9b5d-53... Page URL

Page Statistics

9
Requests

100 %
HTTPS

56 %
IPv6

8
Domains

9
Subdomains

7
IPs

3
Countries

40 kB
Transfer

89 kB
Size

18
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://quero-cancelar.site/ HTTP 301
https://u.cellreva.com/c2u6l3k.php?key=54sgs7c9m4qg4z7orf1f&p1ease=Wrench2_Emote_Backboard HTTP 302
https://cddtsecure.com/?a=224010&c=354210&s2=76407gma6e2i47b5 HTTP 302
https://now.thebestflowingtraff.co/?utm_medium=4451766718d6d6af6232cd3e772ffb5117e3cb21&utm_campaign=Main&1=224010&cid=b0208eca20444eecbb846b9f02d6f06d22b88 Page URL
https://now.thebestflowingtraff.co/proc.php?028190bd84f8f6b6fc802eb594c0dd7bea1887c6 Page URL
https://skyflyors.com/i/49347?clickid=M7309519336870248783&PublisherID=951&PlacementID=951-56dbe9e9&subid=M7309519336870248783 HTTP 302
https://skyflyors.com/h/Ya7W8YtTmjAYjsJADrJiSUzBqm_._.5LIGxznwI2W72hd45Tszh5QvFb.wSPER_OklNB3Eo_Iip1XcCQBFX6IcfdBOLOHLKL1MAOEdi8VdFoSAnixXYltvzhZhXD.MT6E4hby9Uys3qZ0Hj5JFuXNJzFkkanQ_zpvqht9koeBeqgsQvvPPp8GM_dmTXxrXnF46.6jdekLEQsRMk_XXvKMlx5wOzPd9v7.Qoudt_w_WLAUee3.Krs_EfcBYP1k6bhA5rMj2IZgXFg6Qhkj6TMgQqq.qqqq.qq Page URL
https://venadvstar.com/YPN7HdWu-PAuQhKRk8YcGh5qM96SmcLALtu-I_TJLkg/?clck=73aa1250-9454-11ee-9b5d-53d9946961cb&sid=4ac33186 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://quero-cancelar.site/ HTTP 301
https://u.cellreva.com/c2u6l3k.php?key=54sgs7c9m4qg4z7orf1f&p1ease=Wrench2_Emote_Backboard HTTP 302
https://cddtsecure.com/?a=224010&c=354210&s2=76407gma6e2i47b5 HTTP 302
https://now.thebestflowingtraff.co/?utm_medium=4451766718d6d6af6232cd3e772ffb5117e3cb21&utm_campaign=Main&1=224010&cid=b0208eca20444eecbb846b9f02d6f06d22b88

Request Chain 2

https://skyflyors.com/i/49347?clickid=M7309519336870248783&PublisherID=951&PlacementID=951-56dbe9e9&subid=M7309519336870248783 HTTP 302
https://skyflyors.com/h/Ya7W8YtTmjAYjsJADrJiSUzBqm_._.5LIGxznwI2W72hd45Tszh5QvFb.wSPER_OklNB3Eo_Iip1XcCQBFX6IcfdBOLOHLKL1MAOEdi8VdFoSAnixXYltvzhZhXD.MT6E4hby9Uys3qZ0Hj5JFuXNJzFkkanQ_zpvqht9koeBeqgsQvvPPp8GM_dmTXxrXnF46.6jdekLEQsRMk_XXvKMlx5wOzPd9v7.Qoudt_w_WLAUee3.Krs_EfcBYP1k6bhA5rMj2IZgXFg6Qhkj6TMgQqq.qqqq.qq

9 HTTP transactions
2 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	/ Show response now.thebestflowingtraff.co/ Redirect Chain http://quero-cancelar.site/ https://u.cellreva.com/c2u6l3k.php?key=54sgs7c9m4qg4z7orf1f&p1ease=Wrench2_Emote_Backboard https://cddtsecure.com/?a=224010&c=354210&s2=76407gma6e2i47b5 https://now.thebestflowingtraff.co/?utm_medium=4451766718d6d6af6232cd3e772ffb5117e3cb21&utm_campaign=Main&1=224010&cid=b0208eca20444eecbb846b9f02d6f06d22b88	9 KB 3 KB	394ms 135ms	Document text/html	67.212.184.150 SINGLEHOP-LLC
General Check archive.org Show headers Download Go to Full URL https://now.thebestflowingtraff.co/?utm_medium=4451766718d6d6af6232cd3e772ffb5117e3cb21&utm_campaign=Main&1=224010&cid=b0208eca20444eecbb846b9f02d6f06d22b88 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 67.212.184.150 , United States, ASN32475 (SINGLEHOP-LLC, US), Reverse DNS server04.com-2.mobi Software nginx / PHP/8.2.12 Resource Hash `988fadc9b9fde81fc9ab2829d212a68a8a4a3932d234e48f5b4011311fcb949b` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers accept-ch Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version cache-control no-store, no-cache, must-revalidate, max-age=0 content-encoding gzip content-type text/html; charset=utf-8 date Wed, 06 Dec 2023 16:28:12 GMT expires Thu, 01 Jan 1970 00:00:00 GMT pragma no-cache server nginx vary Accept-Encoding x-powered-by PHP/8.2.12 Redirect headers access-control-allow-credentials true access-control-allow-headers Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With,X-Auth,Pasha-Jlob access-control-allow-methods GET, POST, PUT, DELETE, OPTIONS access-control-allow-origin * content-language en-US content-type text/html;charset=ISO-8859-1 date Wed, 06 Dec 2023 16:28:12 GMT location https://now.thebestflowingtraff.co/?utm_medium=4451766718d6d6af6232cd3e772ffb5117e3cb21&utm_campaign=Main&1=224010&cid=b0208eca20444eecbb846b9f02d6f06d22b88 server nginx
GET H2	200	proc.php now.thebestflowingtraff.co/	1 KB 1 KB	115ms 114ms	Document text/html	67.212.184.150 SINGLEHOP-LLC
General Check archive.org Show headers Download Go to Full URL https://now.thebestflowingtraff.co/proc.php?028190bd84f8f6b6fc802eb594c0dd7bea1887c6 Requested by Host: now.thebestflowingtraff.co URL: https://now.thebestflowingtraff.co/?utm_medium=4451766718d6d6af6232cd3e772ffb5117e3cb21&utm_campaign=Main&1=224010&cid=b0208eca20444eecbb846b9f02d6f06d22b88 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 67.212.184.150 , United States, ASN32475 (SINGLEHOP-LLC, US), Reverse DNS server04.com-2.mobi Software nginx / PHP/8.2.12 Resource Hash Request headers Referer https://now.thebestflowingtraff.co/?utm_medium=4451766718d6d6af6232cd3e772ffb5117e3cb21&utm_campaign=Main&1=224010&cid=b0208eca20444eecbb846b9f02d6f06d22b88 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers accept-ch Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version cache-control no-store, no-cache, must-revalidate, max-age=0 content-encoding gzip content-type text/html; charset=UTF-8 date Wed, 06 Dec 2023 16:28:13 GMT expires Thu, 01 Jan 1970 00:00:00 GMT location https://skyflyors.com/i/49347?clickid=M7309519336870248783&PublisherID=951&PlacementID=951-56dbe9e9&subid=M7309519336870248783 pragma no-cache server nginx vary Accept-Encoding x-powered-by PHP/8.2.12
GET H/1.1	200 OK	Ya7W8YtTmjAYjsJADrJiSUzBqm_._.5LIGxznwI2W72hd45Tszh5QvFb.wSPER_OklNB3Eo_Iip1XcCQBFX6IcfdBOLOHLKL1MAOEdi8VdFoSAnixXYltvzhZhXD.MT6E4hby9Uys3qZ0Hj5JFuXNJzFkkanQ_zpvqht9koeBeqgsQvvPPp8GM_dmTXxrXnF46.6j... skyflyors.com/h/ Redirect Chain https://skyflyors.com/i/49347?clickid=M7309519336870248783&PublisherID=951&PlacementID=951-56dbe9e9&subid=M7309519336870248783 https://skyflyors.com/h/Ya7W8YtTmjAYjsJADrJiSUzBqm_._.5LIGxznwI2W72hd45Tszh5QvFb.wSPER_OklNB3Eo_Iip1XcCQBFX6IcfdBOLOHLKL1MAOEdi8VdFoSAnixXYltvzhZhXD.MT6E4hby9Uys3qZ0Hj5JFuXNJzFkkanQ_zpvqht9koeBeqgs...	960 B 715 B	13ms 13ms	Document text/html	95.211.26.204 LEASEWEB-NL-AMS-0...
General Check archive.org Show headers Download Go to Full URL https://skyflyors.com/h/Ya7W8YtTmjAYjsJADrJiSUzBqm_._.5LIGxznwI2W72hd45Tszh5QvFb.wSPER_OklNB3Eo_Iip1XcCQBFX6IcfdBOLOHLKL1MAOEdi8VdFoSAnixXYltvzhZhXD.MT6E4hby9Uys3qZ0Hj5JFuXNJzFkkanQ_zpvqht9koeBeqgsQvvPPp8GM_dmTXxrXnF46.6jdekLEQsRMk_XXvKMlx5wOzPd9v7.Qoudt_w_WLAUee3.Krs_EfcBYP1k6bhA5rMj2IZgXFg6Qhkj6TMgQqq.qqqq.qq Requested by Host: now.thebestflowingtraff.co URL: https://now.thebestflowingtraff.co/proc.php?028190bd84f8f6b6fc802eb594c0dd7bea1887c6 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_CBC Server 95.211.26.204 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL), Reverse DNS Software nginx / Resource Hash Request headers Referer https://now.thebestflowingtraff.co/proc.php?028190bd84f8f6b6fc802eb594c0dd7bea1887c6 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Connection keep-alive Content-Encoding gzip Content-Type text/html; charset=UTF-8 Date Wed, 06 Dec 2023 16:28:13 GMT Keep-Alive timeout=20 Server nginx Transfer-Encoding chunked Vary Accept-Encoding Redirect headers Connection keep-alive Content-Encoding gzip Content-Type text/html; charset=UTF-8 Date Wed, 06 Dec 2023 16:28:13 GMT Keep-Alive timeout=20 Location https://skyflyors.com/h/Ya7W8YtTmjAYjsJADrJiSUzBqm_._.5LIGxznwI2W72hd45Tszh5QvFb.wSPER_OklNB3Eo_Iip1XcCQBFX6IcfdBOLOHLKL1MAOEdi8VdFoSAnixXYltvzhZhXD.MT6E4hby9Uys3qZ0Hj5JFuXNJzFkkanQ_zpvqht9koeBeqgsQvvPPp8GM_dmTXxrXnF46.6jdekLEQsRMk_XXvKMlx5wOzPd9v7.Qoudt_w_WLAUee3.Krs_EfcBYP1k6bhA5rMj2IZgXFg6Qhkj6TMgQqq.qqqq.qq Server nginx Transfer-Encoding chunked Vary Accept-Encoding
GET H2	200	Primary Request / Show response venadvstar.com/YPN7HdWu-PAuQhKRk8YcGh5qM96SmcLALtu-I_TJLkg/	37 KB 21 KB	245ms 210ms	Document text/html	2606:4700:3032::ac43:d080 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://venadvstar.com/YPN7HdWu-PAuQhKRk8YcGh5qM96SmcLALtu-I_TJLkg/?clck=73aa1250-9454-11ee-9b5d-53d9946961cb&sid=4ac33186 Requested by Host: skyflyors.com URL: https://skyflyors.com/h/Ya7W8YtTmjAYjsJADrJiSUzBqm_._.5LIGxznwI2W72hd45Tszh5QvFb.wSPER_OklNB3Eo_Iip1XcCQBFX6IcfdBOLOHLKL1MAOEdi8VdFoSAnixXYltvzhZhXD.MT6E4hby9Uys3qZ0Hj5JFuXNJzFkkanQ_zpvqht9koeBeqgsQvvPPp8GM_dmTXxrXnF46.6jdekLEQsRMk_XXvKMlx5wOzPd9v7.Qoudt_w_WLAUee3.Krs_EfcBYP1k6bhA5rMj2IZgXFg6Qhkj6TMgQqq.qqqq.qq Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3032::ac43:d080 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `14fc39b8b8b83df21cb2c58f9a3ed6342f23a8dee3f00d0a77907096e0ed2027` Request headers Referer https://skyflyors.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers accept-ch Sec-CH-UA,Sec-CH-UA-Platform,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform-Version access-control-allow-origin * alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 8315e6980a9c903d-FRA content-encoding br content-type text/html date Wed, 06 Dec 2023 16:28:13 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c4uHjHubnmcn3MwpL7lDXzuMgnW42sTaaeQbq2GGQaqggnhC4WjCfymS6d5x0Zb%2FJi%2BMV7MYkWcmx%2Bo2mrvX%2B%2BfxgzscVuU%2FEO0VPm0lqBpfuKLxeltm7VIABwy0r2yxvkYCi4uJN4MsqV%2FH0w%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding
GET DATA	200 OK	truncated /	3 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `ee3df69641a083faeda162fce068aef31075856f15c43c74eada446496b865f2` Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers Content-Type image/png
GET H2	200	conf.json Show response venadvstar.com/hood/dmVuYWR2c3Rhci5jb20=/	49 B 414 B	201ms 201ms	Fetch application/json	2606:4700:3032::ac43:d080 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://venadvstar.com/hood/dmVuYWR2c3Rhci5jb20=/conf.json Requested by Host: venadvstar.com URL: https://venadvstar.com/YPN7HdWu-PAuQhKRk8YcGh5qM96SmcLALtu-I_TJLkg/?clck=73aa1250-9454-11ee-9b5d-53d9946961cb&sid=4ac33186 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3032::ac43:d080 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `b2a8bfbdb86407809072fa664ba652957f4397d1c98ce2279b0dbb1359b7fb8f` Request headers accept-language de-DE,de;q=0.9 Referer https://venadvstar.com/YPN7HdWu-PAuQhKRk8YcGh5qM96SmcLALtu-I_TJLkg/?clck=73aa1250-9454-11ee-9b5d-53d9946961cb&sid=4ac33186 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers date Wed, 06 Dec 2023 16:28:13 GMT content-encoding gzip cf-cache-status DYNAMIC last-modified Tue, 13 Dec 2022 16:30:26 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"6398a8a2-31" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PDdQTEC%2Bfv3WwwoJBAZOI7u%2B3I%2FCljhoOfTCVnmbZpA0rWUXyj54vNTDBBhcNYdFgZZKzQvHnLFnJNZ1%2FsSoLIrYPe%2BZMAO6deH5QWt1nVD7aYuhWi5waab6Vwilw7nIyR%2BSMxMSfJsgVgD0Sg%3D%3D"}],"group":"cf-nel","max_age":604800} content-type application/json cf-ray 8315e6996c60903d-FRA alt-svc h3=":443"; ma=86400
GET DATA	200 OK	truncated /	9 KB 0		Image image/jpeg
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `260b073c6af7b2e361f1ba7f05d23007587adbdd79de704fc1999c9d64cd737e` Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers Content-Type image/jpeg
GET H2	200	ht.js Show response sdk.ocmhood.com/sdk/	29 KB 12 KB	438ms 31ms	Script application/javascript	2606:4700:20::681a:6e4 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://sdk.ocmhood.com/sdk/ht.js?tag=NjY4ZwSkNAFfmDQ2NiwxNDY4MjE0Nmxl Requested by Host: venadvstar.com URL: https://venadvstar.com/YPN7HdWu-PAuQhKRk8YcGh5qM96SmcLALtu-I_TJLkg/?clck=73aa1250-9454-11ee-9b5d-53d9946961cb&sid=4ac33186 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::681a:6e4 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `63c232511cd1f130faec46a40a0cde0cf7ea83a19b34f01267b793c8695c51b8` Request headers Referer https://venadvstar.com/ Origin https://venadvstar.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers date Wed, 06 Dec 2023 16:28:14 GMT content-encoding br cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 6103 alt-svc h3=":443"; ma=86400 service-worker-allowed / last-modified Fri, 21 Jul 2023 09:35:24 GMT server cloudflare etag W/"64ba515c-2e63" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GdKPY6AcU8XX%2FhWfVtCmlWtir2x9%2FEPsPkn01x1ZsaB1VRSaIg7U7XFtATHsAGwzcG8ghP7iAGcZICS7mFAAyY8tAf8BUnMouU6sD%2FjYjrV1gLYNfBRQLlisrCIbWTv%2Ffy%2F0lbiY5MwvUmw0cA%3D%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript access-control-allow-origin * cache-control max-age=14400 cf-ray 8315e69d3a418fda-FRA
GET H2	200	NjY4ZwSkNAFfmDQ2NiwxNDY4MjE0Nmxl.js Show response cdn.ocmtag.com/tag/	191 B 704 B	53ms 24ms	Script application/javascript	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.ocmtag.com/tag/NjY4ZwSkNAFfmDQ2NiwxNDY4MjE0Nmxl.js Requested by Host: sdk.ocmhood.com URL: https://sdk.ocmhood.com/sdk/ht.js?tag=NjY4ZwSkNAFfmDQ2NiwxNDY4MjE0Nmxl Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `52ab4af643bc4aab5c955ce99d8779d3804217c85a695bfb5c41bb8f90a33036` Request headers accept-language de-DE,de;q=0.9 Referer https://venadvstar.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers date Wed, 06 Dec 2023 16:28:14 GMT content-encoding br cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 6497 alt-svc h3=":443"; ma=86400 service-worker-allowed / last-modified Tue, 13 Dec 2022 16:11:40 GMT server cloudflare etag W/"6398a43c-bf" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NhtKcPfH48j7%2BfxUmjfem%2BDbzc8W%2F%2Fj1MVwmOYLutSCtXVMvCtJRhiiWN%2BZdmjXw7RpJkVkiTde%2Bjnexv4dAbJcLVYo8lnN4gCW0d2bIZfcCNQcswl%2Fu1XIj1QbwIAGw%2BSmsfNYnq4BdZ%2FKqYw%3D%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript access-control-allow-origin * cache-control max-age=14400 cf-ray 8315e69d99ce8fd1-FRA
POST H2	201	activity t.ocmhood.com/v2/	0 265 B	77ms 52ms	Ping application/octet-stream	2606:4700:20::681a:7e4 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://t.ocmhood.com/v2/activity Requested by Host: sdk.ocmhood.com URL: https://sdk.ocmhood.com/sdk/ht.js?tag=NjY4ZwSkNAFfmDQ2NiwxNDY4MjE0Nmxl Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::681a:7e4 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer https://venadvstar.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers date Wed, 06 Dec 2023 16:28:14 GMT cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9jrDybDIESI2Tjw47F0VsEEpYmJrEbaxy1XAcBWhnbBswnwpbiol32mER4GOp8jlLFyxpgBLoXmU3rJvdZhR368opEPWiMYYnK0e%2FRlqWZUw3babFm%2Beei1%2FZTPJ3KaKJ8BxfqCbSFcEgyc%3D"}],"group":"cf-nel","max_age":604800} content-type application/octet-stream cache-control no-cache cf-ray 8315e69dfce05d7f-FRA alt-svc h3=":443"; ma=86400
POST H2	201	activity t.ocmhood.com/v2/	0 435 B	75ms 51ms	Ping application/octet-stream	2606:4700:20::681a:7e4 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://t.ocmhood.com/v2/activity Requested by Host: sdk.ocmhood.com URL: https://sdk.ocmhood.com/sdk/ht.js?tag=NjY4ZwSkNAFfmDQ2NiwxNDY4MjE0Nmxl Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::681a:7e4 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer https://venadvstar.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers date Wed, 06 Dec 2023 16:28:14 GMT cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PUO2y3lJrkNXq4l%2FQZ73aJFR%2FfPLYMCULsbcgG8KATLOWGVKp0eSQV5WcPGVU%2BRJlQ89sQWoFsTrjeL8s5b7o%2F9CYuCfJXsZr2BrYcYL8RHem2elbwOy7FqvhUG0cjIVfcKkQmOTwG8qFBY%3D"}],"group":"cf-nel","max_age":604800} content-type application/octet-stream cache-control no-cache cf-ray 8315e69dfce25d7f-FRA alt-svc h3=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

40 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

18 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
u.cellreva.com/	1970-01-20 16:46:06	Name: uclick Value: gma6e2i4
u.cellreva.com/	1970-01-20 16:46:06	Name: uclickhash Value: gma6e2i4-gma6e2i4-fe-i4-vr-b4-bl-59e368
.cddtsecure.com/	1970-01-20 18:54:16	Name: gdm_suid_v2_1_001 Value: HPfHs3OFxkaNOwO68jCjbQ==
.cddtsecure.com/	1970-01-20 18:54:16	Name: gdm_sid_v1_3_001 Value: w2SWjQLB294gjN9N+kX7aa6V65/ns2M1yzggzkt4LzVFmpO4dTCBQKwJVABXPuh5NIMmf2brHFST4q9GHZLYsD05STN2CvG5KjQoN1Sr+J75RmX/Y3yVYHcdzcVJFkjXz5Zy+zspNV3QNdgxXu0pg9co3wg9mIXoZUsk6zK4Xw0JbB5C+oxP3f8HyCKnDYugau1TxyDvnZpeXUAMoJ9GuyZPeM6eGhxpcCu5Aju2Pxzky/A/eYhpYk+dDwUAKw7Jp52ADIA3xr/cZTtVt7ykquSeoM5nqkdMEAN38HjuMnwXCgWL+33jugslZutK6F1iQdMpxqkxs5zhBHH1ALj7AVj6OzUE3o7uoEgURgzX3Gl11vCfeqIRnCwpYHdJ7NQBJhek4ts5gcS+qzxu80bS1k+LWaxgeleU88SefDUodJk6e/smFxOHH/oCMCS2O8txmCiyPSFW8CtFl6Wgktnzqic/Xljecigg2500Xp5Qk4hkOmJA2X6qBb1qkmgvTw0wfcQ5R8lFBcMAU8Rz/GpuYeCdJwTLjhMfSX5UpwH8KhRV+zUGaQ4hSnkp9nND+kVJQbM7OxpoetjG90X9E7AKJDFI6lZAVRsu4RtrzzRGS6mCGTJTZLjwsW5c66G7QoMAULyBBFDHd0akiCsSw5UgUtEbjFjLjDIjewE4MqgaURxesDCheXOuXmsyZkdLwozA326230X1OcOdC/Z+4rLHfzy06VSxQ0h31DL/ywMsULJYKVz85Z0jHeu8C9QGAxjR9Z3i4VwlbpJHJIlYkUTv2e/NzQ6pXpombSkZOMwAhYDaqVNWZTEN8Oc4p34hEivInd+5+kRRP3c6fRv6mM0DgsbFQpa6zsA5PosNsQdDd8hr3XaIYXJXY/U0sEUmPy2xE2SboeP0EXjHpPUuDZP07VWJtzpWTxepY2PF7TD2Fvg9VnYj4Z60UHfMdgZbQKZDVlNBkeb4lQg68plKkb+nGEVzDT4sn9xVdyCAyIEb5azz/AV9s8OxCxzDmJYN+W/kwh/Z8TpoRnodeUQXWtzYMdwi/7qUDVpRXNahqIILFGvvmDJgQoTmx1RMeWgNYx99o0VGgYr0JOFw9AVyTzoRGVIrLEItdYzIeSjxceLYXYg=
.cddtsecure.com/	1970-01-20 18:54:16	Name: gdm_click_freq_v2_1_001 Value: 4fxtHJpkb8AQiYKRT1UBNmvuQHBFMA+s8SySOa//Gh9Op5GVNWRqWDSzhY61jV7m
.cddtsecure.com/	1970-01-20 18:54:16	Name: gdm_uid_v2_1_001 Value: sMZbZRTdslhBg1CGD6DScFTbENQtRObymsxqIzHdY6jYYXScdwdgk0bgJZdyJXVY
.cddtsecure.com/	1970-01-20 18:54:16	Name: gdm_uid_v1_1_001 Value: sMZbZRTdslhBg1CGD6DScFTbENQtRObymsxqIzHdY6jYYXScdwdgk0bgJZdyJXVY
.cddtsecure.com/	1970-01-20 18:54:16	Name: gdm_sid_v2_3_001 Value: w2SWjQLB294gjN9N+kX7aa6V65/ns2M1yzggzkt4LzVFmpO4dTCBQKwJVABXPuh5NIMmf2brHFST4q9GHZLYsD05STN2CvG5KjQoN1Sr+J75RmX/Y3yVYHcdzcVJFkjXz5Zy+zspNV3QNdgxXu0pg9co3wg9mIXoZUsk6zK4Xw0JbB5C+oxP3f8HyCKnDYugau1TxyDvnZpeXUAMoJ9GuyZPeM6eGhxpcCu5Aju2Pxzky/A/eYhpYk+dDwUAKw7Jp52ADIA3xr/cZTtVt7ykquSeoM5nqkdMEAN38HjuMnwXCgWL+33jugslZutK6F1iQdMpxqkxs5zhBHH1ALj7AVj6OzUE3o7uoEgURgzX3Gl11vCfeqIRnCwpYHdJ7NQBJhek4ts5gcS+qzxu80bS1k+LWaxgeleU88SefDUodJk6e/smFxOHH/oCMCS2O8txmCiyPSFW8CtFl6Wgktnzqic/Xljecigg2500Xp5Qk4hkOmJA2X6qBb1qkmgvTw0wfcQ5R8lFBcMAU8Rz/GpuYeCdJwTLjhMfSX5UpwH8KhRV+zUGaQ4hSnkp9nND+kVJQbM7OxpoetjG90X9E7AKJDFI6lZAVRsu4RtrzzRGS6mCGTJTZLjwsW5c66G7QoMAULyBBFDHd0akiCsSw5UgUtEbjFjLjDIjewE4MqgaURxesDCheXOuXmsyZkdLwozA326230X1OcOdC/Z+4rLHfzy06VSxQ0h31DL/ywMsULJYKVz85Z0jHeu8C9QGAxjR9Z3i4VwlbpJHJIlYkUTv2e/NzQ6pXpombSkZOMwAhYDaqVNWZTEN8Oc4p34hEivInd+5+kRRP3c6fRv6mM0DgsbFQpa6zsA5PosNsQdDd8hr3XaIYXJXY/U0sEUmPy2xE2SboeP0EXjHpPUuDZP07VWJtzpWTxepY2PF7TD2Fvg9VnYj4Z60UHfMdgZbQKZDVlNBkeb4lQg68plKkb+nGEVzDT4sn9xVdyCAyIEb5azz/AV9s8OxCxzDmJYN+W/kwh/Z8TpoRnodeUQXWtzYMdwi/7qUDVpRXNahqIILFGvvmDJgQoTmx1RMeWgNYx99o0VGgYr0JOFw9AVyTzoRGVIrLEItdYzIeSjxceLYXYg=
.cddtsecure.com/	1970-01-20 18:54:16	Name: gdm_suid_v1_1_001 Value: HPfHs3OFxkaNOwO68jCjbQ==
.cddtsecure.com/	1970-01-20 18:54:16	Name: gdm_click_adv_freq_v1_1_001 Value: 9aM1XGpWxsbm63MOQbJksOO/cVeBfncyiJr26Nq3Hd61jK1Dt2KN4naIHb9YlD6u
.cddtsecure.com/	1970-01-20 18:54:16	Name: gdm_click_freq_v1_1_001 Value: 4fxtHJpkb8AQiYKRT1UBNmvuQHBFMA+s8SySOa//Gh9Op5GVNWRqWDSzhY61jV7m
.cddtsecure.com/	1970-01-20 18:54:16	Name: gdm_click_adv_freq_v2_1_001 Value: 9aM1XGpWxsbm63MOQbJksOO/cVeBfncyiJr26Nq3Hd61jK1Dt2KN4naIHb9YlD6u
skyflyors.com/	1970-01-20 16:46:06	Name: TRK_TRG Value: eJxjYGBgEmEXZMosEOQ3NLfQMzQz0jMysNQzNDEUZE5PzRdkcnEV5C5KTc%2FMz4tPzk9JFWR1cdX1CxfkTM4sqYSIcANFfA%2FvySsuSS0SZM4sLhAU8ElNLE4tT01ScE8tyk3MqxTky0stiS8uSE1NAethYxbkyCyOLyjKr6hkYwQAq48lvQ%3D%3D
skyflyors.com/	1970-01-20 16:46:06	Name: TRK_TRU7 Value: eJxjYGBgEuEQZC5NNBVUsEyxTEtOMjAwNzZOtbRIMjFItTROMjdONklNtLQ0szQVZE0qSsxL4RVkzc1PSc3hFeRKKsovL04tis9MYWMU5IfxylKLijPz83gcYg8wgIAga34xSAmLIBeQAZdVYYDIcqeklmUmp8aXVBaksjECAJgHJm8%3D
skyflyors.com/	1970-01-20 18:11:04	Name: trk_cpa_pixel Value: 73aa1250-9454-11ee-9b5d-53d9946961cb
venadvstar.com/	1969-12-31 23:59:59	Name: session Value: Vd_BZ4HV17wpFG-lEl2MoP4bLIV7eJZI
.venadvstar.com/	1970-01-21 01:30:16	Name: _ht_v Value: 1701880094.6219389589
.venadvstar.com/	1970-01-20 16:44:41	Name: _ht_s Value: 1701880094.2

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cddtsecure.com
cdn.ocmtag.com
now.thebestflowingtraff.co
quero-cancelar.site
sdk.ocmhood.com
skyflyors.com
t.ocmhood.com
u.cellreva.com
venadvstar.com
104.143.9.110
148.135.95.235
2606:4700:20::681a:6e4
2606:4700:20::681a:7e4
2606:4700:3032::ac43:d080
2a05:d018:e36:3910:4eca:3b31:3ec6:23d5
2a06:98c1:3120::3
67.212.184.150
95.211.26.204
14fc39b8b8b83df21cb2c58f9a3ed6342f23a8dee3f00d0a77907096e0ed2027
260b073c6af7b2e361f1ba7f05d23007587adbdd79de704fc1999c9d64cd737e
52ab4af643bc4aab5c955ce99d8779d3804217c85a695bfb5c41bb8f90a33036
63c232511cd1f130faec46a40a0cde0cf7ea83a19b34f01267b793c8695c51b8
988fadc9b9fde81fc9ab2829d212a68a8a4a3932d234e48f5b4011311fcb949b
b2a8bfbdb86407809072fa664ba652957f4397d1c98ce2279b0dbb1359b7fb8f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ee3df69641a083faeda162fce068aef31075856f15c43c74eada446496b865f2

venadvstar.com Open in urlscan Pro 2606:4700:3032::ac43:d080 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

9 Requests

100 %HTTPS

56 %IPv6

8 Domains

9 Subdomains

7 IPs

3 Countries

40 kBTransfer

89 kBSize

18 Cookies

0 Outgoing links

Page URL History

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

40 JavaScript Global Variables

18 Cookies

Indicators

venadvstar.com Open in urlscan Pro
2606:4700:3032::ac43:d080 Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

100 %
HTTPS

56 %
IPv6

8
Domains

9
Subdomains

7
IPs

3
Countries

40 kB
Transfer

89 kB
Size

18
Cookies

9 HTTP transactions
2 data transactions