urlscan.io logo urlscan.io
SecurityTrails logo

secure.ertcoutreach.org Open in urlscan Pro
2a06:98c1:3121::3  Public Scan

Go To Rescan Add Verdict Report
URL: https://secure.ertcoutreach.org/
Submission: On October 02 via automatic, source certstream-suspicious — Scanned from NL
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 11 IPs in 3 countries across 9 domains to perform 25 HTTP transactions. The main IP is 2a06:98c1:3121::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is secure.ertcoutreach.org.
TLS certificate: Issued by GTS CA 1P5 on October 2nd 2022. Valid for: 3 months.
This is the only time secure.ertcoutreach.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 2a06:98c1:312... 13335 (CLOUDFLAR...)
6 2606:4700:20:... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
2 2a03:2880:f01... 32934 (FACEBOOK)
4 2001:4860:480... 15169 (GOOGLE)
1 4 2620:1ec:c11:... 8068 (MICROSOFT...)
2 2a03:2880:f12... 32934 (FACEBOOK)
2 2620:1ec:46::45 8068 (MICROSOFT...)
1 2 20.234.93.27 8075 (MICROSOFT...)
2 20.75.32.255 8075 (MICROSOFT...)
25 11
1    2a06:98c1:3121::3 (United States)

ASN13335 (CLOUDFLARENET, US)
secure.ertcoutreach.org
6    2606:4700:20::681a:1f0 (United States)

ASN13335 (CLOUDFLARENET, US)
fonts.heyflow.cloud
1    2a00:1450:4001:800::2010 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
storage.googleapis.com
1    2a00:1450:4001:82a::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
2    2a03:2880:f01c:8012:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
connect.facebook.net
4    2001:4860:4802:36::36 (United States)

ASN15169 (GOOGLE, US)
europe-west1-niro-tracking.cloudfunctions.net
4    2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
bat.bing.com
c.bing.com
2    2a03:2880:f12d:83:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
www.facebook.com
2    2620:1ec:46::45 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
www.clarity.ms
2    20.234.93.27 (Dublin, Ireland)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
c.clarity.ms
2    20.75.32.255 (Boydton, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
b.clarity.ms
Apex Domain
Subdomains		 Transfer
6 clarity.ms
www.clarity.ms — Cisco Umbrella Rank: 561
c.clarity.ms — Cisco Umbrella Rank: 1017
b.clarity.ms — Cisco Umbrella Rank: 5238
26 KB
6 heyflow.cloud
fonts.heyflow.cloud — Cisco Umbrella Rank: 675698
59 KB
4 bing.com
bat.bing.com — Cisco Umbrella Rank: 378
c.bing.com — Cisco Umbrella Rank: 224
13 KB
4 cloudfunctions.net
europe-west1-niro-tracking.cloudfunctions.net — Cisco Umbrella Rank: 963349
313 B
2 facebook.com
www.facebook.com — Cisco Umbrella Rank: 114
222 B
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 151
111 KB
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 64
51 KB
1 googleapis.com
storage.googleapis.com — Cisco Umbrella Rank: 372
634 KB
1 ertcoutreach.org
secure.ertcoutreach.org
131 KB
25 9
Domain Requested by
6 fonts.heyflow.cloud secure.ertcoutreach.org
fonts.heyflow.cloud
4 europe-west1-niro-tracking.cloudfunctions.net secure.ertcoutreach.org
3 bat.bing.com www.googletagmanager.com
bat.bing.com
secure.ertcoutreach.org
2 b.clarity.ms www.clarity.ms
2 c.clarity.ms 1 redirects
2 www.clarity.ms bat.bing.com
www.clarity.ms
2 www.facebook.com secure.ertcoutreach.org
2 connect.facebook.net secure.ertcoutreach.org
connect.facebook.net
1 c.bing.com 1 redirects
1 www.googletagmanager.com secure.ertcoutreach.org
1 storage.googleapis.com secure.ertcoutreach.org
1 secure.ertcoutreach.org
25 12

This site contains links to these domains. Also see Links.

Domain
ertcoutreach.org
Subject Issuer Validity Valid
secure.ertcoutreach.org
GTS CA 1P5		 2022-10-02 -
2022-12-31		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-04-14 -
2023-04-13		 a year crt.sh
storage.googleapis.com
GTS CA 1C3		 2022-09-12 -
2022-12-05		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2022-09-12 -
2022-12-05		 3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2022-07-11 -
2022-10-09		 3 months crt.sh
misc.google.com
GTS CA 1C3		 2022-09-12 -
2022-12-05		 3 months crt.sh
www.bing.com
Microsoft RSA TLS CA 02		 2022-09-03 -
2023-03-03		 6 months crt.sh
www.clarity.ms
DigiCert TLS RSA SHA256 2020 CA1		 2022-02-27 -
2023-02-27		 a year crt.sh
a.clarity.ms
Microsoft Azure TLS Issuing CA 02		 2022-06-07 -
2023-06-02		 a year crt.sh

This page contains 1 frames:

Primary Page: https://secure.ertcoutreach.org/
Frame ID: F9DB0C6EC88C87F15574780BD39D7B05
Requests: 23 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

ERC Expresscheck-doubleremove-boldperformance-decrease-1warehouse-storageshipment-internationalspace-rocket-2shop-1network-usersstop-signroad-sign-warningresponsive-design-laptop-1warehousequestion-circlehuman-resources-employeetime-clock-threeperformance-decreasecash-briefcasecar-dashboard-speedprofessions-man-bellboygauge-dashboardheadphones-customer-support-humanface-id-approvedpaper-writefloppy-diskheadphones-customer-support-humanoffice-foldercash-briefcasesaving-bankhuman-resources-employeetime-clock-threeoffice-folderpaginate-filter-1paginate-filter-2paginate-filter-3paginate-filter-4cash-shieldshop-1help-wheeloffice-folder

Detected technologies

Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/ns\.html[^>]+></iframe>
  • googletagmanager\.com/gtm\.js

Page Statistics

25
Requests

96 %
HTTPS

82 %
IPv6

9
Domains

12
Subdomains

11
IPs

3
Countries

1025 kB
Transfer

1947 kB
Size

11
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 21
  • https://c.clarity.ms/c.gif HTTP 302
  • https://c.bing.com/c.gif?CtsSyncId=719D471684BF4F6A8DA51FAD989C3B06&RedC=c.clarity.ms&MXFR=0AD83B2E4B9764B01E8C291F4F976A4E HTTP 302
  • https://c.clarity.ms/c.gif?CtsSyncId=719D471684BF4F6A8DA51FAD989C3B06&MUID=25262F17D9C8682E31FA3D26D8626989

25 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
secure.ertcoutreach.org/ 		605 KB
131 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://secure.ertcoutreach.org/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
5c1ad572661a2803e4443967ebcff04f972d4e4a3d6a6d8f323ebb7261dbde31

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
753aa7c30bbbb93e-AMS
content-encoding
br
content-type
text/html
date
Sun, 02 Oct 2022 04:22:09 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n02drfWLleoCEUsG4ssayNCw4D0mog5yQ%2FTtN8sWFS9jQBjxwsB%2FYIqOLaqw3Q%2FtVn0P3AJlVfJvBHsh60JtNdFEjgnEzwr%2Fr%2FOv79jkX44GKP0%2FJTgzPvC60yjtP%2F90J22RPpZyB02fEzdmYrPC4S8s018HAQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-powered-by
Express
icon
fonts.heyflow.cloud/ 		571 B
850 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.heyflow.cloud/icon?family=Material+Icons
Requested by
Host: secure.ertcoutreach.org
URL: https://secure.ertcoutreach.org/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:1f0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
8a54c4ddb40cf230eb072b7f414ce69c752a7ea35f55c995f1ed828eda089307

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://secure.ertcoutreach.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Sun, 02 Oct 2022 04:22:09 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Sun, 02 Oct 2022 04:22:09 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
Express
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bwUqFWGytSr64wSTN0B7ItdX8KOL5f0SxIDd8DJR2Kg6or1YEWvZME1E%2Bo8XtWb39Zmm3lNB%2BBk%2B95Cqzt04O69ODqH1Q0UgXubeQSoGOWaZjq3CmborDaZBkg8LMZVFp32MlynuffSOJdpi9ujHJas%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
x-cloud-trace-context
caec6c3ff950bc44680ba7e81202148d
cache-control
private, max-age=604800
cf-ray
753aa7c4bad81e8d-AMS
css
fonts.heyflow.cloud/ 		29 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.heyflow.cloud/css?family=Open+Sans:300,400,500,600,700,800|Poppins:300,400,500,600,700,800|Epilogue:300,400,500,600,700,800&display=swap
Requested by
Host: secure.ertcoutreach.org
URL: https://secure.ertcoutreach.org/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:1f0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
3f4ffa9f4971c3d721128f0fdd3aedc44f9802767e422e3dbe25ffcf0c0b23e6

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://secure.ertcoutreach.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Sun, 02 Oct 2022 04:22:09 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Sun, 02 Oct 2022 04:22:09 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
Express
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y8RNy74SB9Ez%2FXvWRYcCHX3xGFkKUOdaYsb0nWJFD97f%2FMFYpl5pu5L9D99ILZGsrzQCsL922JKMmjepZLLkwOmyOhDXL%2B1IZVDgUAnsxsoKqhxeIfFgTK8UQvNF90HuXkZm2m85BkHxY3Lr9tetWes%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
x-cloud-trace-context
70fa19d16da0a44a91e3819b0029047c
cache-control
private, max-age=604800
cf-ray
753aa7c4bad91e8d-AMS
b8967a33-4a4a-436f-883a-c500e3e258ed
storage.googleapis.com/builder.zenflow.de/erc-express/www/assets/ 		633 KB
634 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://storage.googleapis.com/builder.zenflow.de/erc-express/www/assets/b8967a33-4a4a-436f-883a-c500e3e258ed
Requested by
Host: secure.ertcoutreach.org
URL: https://secure.ertcoutreach.org/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2010 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
UploadServer /
Resource Hash
bd79ae974037b522b3c3d356781433c3917b75215867fecfc602e2c038e72a5a

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://secure.ertcoutreach.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Sun, 02 Oct 2022 04:09:02 GMT
content-encoding
gzip
age
787
x-guploader-uploadid
ADPycduGUuB-0H0GVjJrzxQjj0m99emnHL5cYVIgozufp8slGSZ1XzgJTpM9eJVwJ4YLzkgHYtdbKrRs-Ppa_ZEXpl0tqp_Rh82Y
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
2
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
648010
last-modified
Sun, 02 Oct 2022 02:46:01 GMT
server
UploadServer
etag
"c030a6a357e3aa1adfb9434ca6a3939f"
vary
Accept-Encoding
x-goog-generation
1664678761609923
x-goog-hash
crc32c=CrRHlw==, md5=wDCmo1fjqhrfuUNMpqOTnw==
access-control-allow-origin
*
access-control-expose-headers
Content-Type
cache-control
public, max-age=3600
x-goog-stored-content-length
648010
accept-ranges
bytes
content-type
false
expires
Sun, 02 Oct 2022 05:09:02 GMT
gtm.js
www.googletagmanager.com/ 		137 KB
51 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-TRX6GBZ
Requested by
Host: secure.ertcoutreach.org
URL: https://secure.ertcoutreach.org/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
dcc06c954464a9b8bc8397b766806e42605aca64027647558e50ad2270053b11
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://secure.ertcoutreach.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Sun, 02 Oct 2022 04:22:09 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
51280
x-xss-protection
0
last-modified
Sun, 02 Oct 2022 03:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Sun, 02 Oct 2022 04:22:09 GMT
fbevents.js
connect.facebook.net/en_US/ 		101 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: secure.ertcoutreach.org
URL: https://secure.ertcoutreach.org/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
00a92494627ed8f758972b7dc47b3af186497c0637ea867a33fdb604c1548674
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://secure.ertcoutreach.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Sun, 02 Oct 2022 04:22:09 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
26840
x-fb-rlafr
0
x-xss-protection
0
pragma
public
x-fb-debug
tfgkdSt+8+ppzyPxmZmzc1FaAltdp3MFXaW3RxncpnDDTzVvZJ9I8iMm281JMEgibsXW3bJj+bVnGM9gV0Y4Pg==
x-fb-trip-id
686109401
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
cache-control
public, max-age=1200
expires
Sat, 01 Jan 2000 00:00:00 GMT
O4ZRFGj5hxF0EhjimlIksgg.woff2
fonts.heyflow.cloud/s/epilogue/v13/ 		32 KB
33 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.heyflow.cloud/s/epilogue/v13/O4ZRFGj5hxF0EhjimlIksgg.woff2
Requested by
Host: fonts.heyflow.cloud
URL: https://fonts.heyflow.cloud/css?family=Open+Sans:300,400,500,600,700,800|Poppins:300,400,500,600,700,800|Epilogue:300,400,500,600,700,800&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:1f0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
c0283080e7d90793f2e07dd380e73e4089b74bfc8c3a18cec7e936f11f0969f4

Request headers

Referer
https://fonts.heyflow.cloud/css?family=Open+Sans:300,400,500,600,700,800|Poppins:300,400,500,600,700,800|Epilogue:300,400,500,600,700,800&display=swap
Origin
https://secure.ertcoutreach.org
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Sun, 02 Oct 2022 04:22:09 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
25255
x-powered-by
Express
content-length
33104
last-modified
Sat, 01 Oct 2022 21:21:14 GMT
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bO8BROIifyKhLxCvzfw9Vy1qbCJNHomKRMtXm%2FWhvw0xigCYWl%2B6II30cAFh48vVAlKmdhtKBAz4javuML%2Fe1hUGY8PEgRVQ5CmVkVpbA225quEGmAvMPdRBuaAkNgDowqy8PWVR5jmDCGjYkE8VX6c%3D"}],"group":"cf-nel","max_age":604800}
content-type
font/woff2
access-control-allow-origin
*
x-cloud-trace-context
f8af17138ab330b7c60688c5a421b991
cache-control
public, max-age=604800
accept-ranges
bytes
cf-ray
753aa7c5aa32b8e4-AMS
pxiEyp8kv8JHgFVrJJfecg.woff2
fonts.heyflow.cloud/s/poppins/v20/ 		8 KB
8 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.heyflow.cloud/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2
Requested by
Host: fonts.heyflow.cloud
URL: https://fonts.heyflow.cloud/css?family=Open+Sans:300,400,500,600,700,800|Poppins:300,400,500,600,700,800|Epilogue:300,400,500,600,700,800&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:1f0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f

Request headers

Referer
https://fonts.heyflow.cloud/css?family=Open+Sans:300,400,500,600,700,800|Poppins:300,400,500,600,700,800|Epilogue:300,400,500,600,700,800&display=swap
Origin
https://secure.ertcoutreach.org
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Sun, 02 Oct 2022 04:22:09 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
237016
x-powered-by
Express
content-length
7884
last-modified
Thu, 29 Sep 2022 10:31:53 GMT
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jayx8OA5yYHLDR54grTOWbhjQ6FPdX%2FxVKe7zf9tEnBrSF1zaAyEbgBDAF01o%2BOZn7x7l2HUsSO8Q8HV%2FvS%2F4bQ3OPa5GtjmLGYi2nVbx4TEAfmdDRZy0mmyh7SgXp%2FdoANtwT6eWG93kOsauY7uiRs%3D"}],"group":"cf-nel","max_age":604800}
content-type
font/woff2
access-control-allow-origin
*
x-cloud-trace-context
fd72380a47f1429334b4337e1788e0ee
cache-control
public, max-age=604800
accept-ranges
bytes
cf-ray
753aa7c5aa35b8e4-AMS
pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
fonts.heyflow.cloud/s/poppins/v20/ 		8 KB
8 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.heyflow.cloud/s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
Requested by
Host: fonts.heyflow.cloud
URL: https://fonts.heyflow.cloud/css?family=Open+Sans:300,400,500,600,700,800|Poppins:300,400,500,600,700,800|Epilogue:300,400,500,600,700,800&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:1f0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526

Request headers

Referer
https://fonts.heyflow.cloud/css?family=Open+Sans:300,400,500,600,700,800|Poppins:300,400,500,600,700,800|Epilogue:300,400,500,600,700,800&display=swap
Origin
https://secure.ertcoutreach.org
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Sun, 02 Oct 2022 04:22:09 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
419584
x-powered-by
Express
content-length
7816
last-modified
Tue, 27 Sep 2022 07:49:05 GMT
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mosgKRC6U%2BXGpGNyfJiZ9CklwSoJcQJqABBSNJ77k5LDILe7gKecPfjsyqw0Us8lZ6i%2Bz7yRz8ajR%2FzcfyeJzxeODaNraAdocHjtwQ7sMhoYLJ4I7bpCk1WJFlA9PD%2FmiXCekInvtykvjsyXn99XFB0%3D"}],"group":"cf-nel","max_age":604800}
content-type
font/woff2
access-control-allow-origin
*
x-cloud-trace-context
4ca5bad8ce329a1afa12e5da45c66e75
cache-control
public, max-age=604800
accept-ranges
bytes
cf-ray
753aa7c5aa34b8e4-AMS
pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2
fonts.heyflow.cloud/s/poppins/v20/ 		8 KB
8 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.heyflow.cloud/s/poppins/v20/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2
Requested by
Host: fonts.heyflow.cloud
URL: https://fonts.heyflow.cloud/css?family=Open+Sans:300,400,500,600,700,800|Poppins:300,400,500,600,700,800|Epilogue:300,400,500,600,700,800&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:1f0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149

Request headers

Referer
https://fonts.heyflow.cloud/css?family=Open+Sans:300,400,500,600,700,800|Poppins:300,400,500,600,700,800|Epilogue:300,400,500,600,700,800&display=swap
Origin
https://secure.ertcoutreach.org
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Sun, 02 Oct 2022 04:22:09 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
331174
x-powered-by
Express
content-length
8000
last-modified
Wed, 28 Sep 2022 08:22:35 GMT
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oCGjkhXZRSifj%2BvC%2BsxeLoVoHlwR5G3Pnb5A%2BWx1hhy7Q%2B3WhcqRjXoFZx235gG%2BRwTzr2V3jP026e%2BA1H7zHelDOi%2BjCse8HJ7Ps6NOubPMj0foAl1sSE8wQNe1s7xFNN6t5k8UqqCiDSOD3K9WRtw%3D"}],"group":"cf-nel","max_age":604800}
content-type
font/woff2
access-control-allow-origin
*
x-cloud-trace-context
b8965bbcde544b68a00e8a9700474c90
cache-control
public, max-age=604800
accept-ranges
bytes
cf-ray
753aa7c5aa37b8e4-AMS
onEvent
europe-west1-niro-tracking.cloudfunctions.net/ 		2 B
190 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://europe-west1-niro-tracking.cloudfunctions.net/onEvent
Requested by
Host: secure.ertcoutreach.org
URL: https://secure.ertcoutreach.org/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:36::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Frontend / Express
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Accept
application/json, text/plain, */*
Referer
https://secure.ertcoutreach.org/
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type
application/json;charset=UTF-8

Response headers

date
Sun, 02 Oct 2022 04:22:09 GMT
content-encoding
gzip
server
Google Frontend
etag
W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
x-powered-by
Express
vary
Origin
content-type
text/plain; charset=utf-8
access-control-allow-origin
https://secure.ertcoutreach.org
x-cloud-trace-context
022c7cd98885d337477f6c2588d81358
cache-control
private
function-execution-id
rzdalf40ncu9
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
22
onEvent
europe-west1-niro-tracking.cloudfunctions.net/ 		2 B
123 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://europe-west1-niro-tracking.cloudfunctions.net/onEvent
Requested by
Host: secure.ertcoutreach.org
URL: https://secure.ertcoutreach.org/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:36::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Frontend / Express
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Accept
application/json, text/plain, */*
Referer
https://secure.ertcoutreach.org/
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
Content-Type
application/json;charset=UTF-8

Response headers

date
Sun, 02 Oct 2022 04:22:09 GMT
content-encoding
gzip
server
Google Frontend
etag
W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
x-powered-by
Express
vary
Origin
content-type
text/plain; charset=utf-8
access-control-allow-origin
https://secure.ertcoutreach.org
x-cloud-trace-context
e64bb726a84a33ad8c6d2dcf02525757
cache-control
private
function-execution-id
esmzahehn56v
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
22
onEvent
europe-west1-niro-tracking.cloudfunctions.net/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://europe-west1-niro-tracking.cloudfunctions.net/onEvent
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:36::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Frontend / Express
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://secure.ertcoutreach.org
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

access-control-allow-headers
content-type
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin
https://secure.ertcoutreach.org
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
content-type
text/html
date
Sun, 02 Oct 2022 04:22:09 GMT
function-execution-id
esmz0ar2gawl
server
Google Frontend
vary
Origin, Access-Control-Request-Headers
x-cloud-trace-context
6fe28be046d334e2a3ecd5a5e10b082b
x-powered-by
Express
onEvent
europe-west1-niro-tracking.cloudfunctions.net/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://europe-west1-niro-tracking.cloudfunctions.net/onEvent
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:36::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Frontend / Express
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://secure.ertcoutreach.org
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

access-control-allow-headers
content-type
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin
https://secure.ertcoutreach.org
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
content-type
text/html
date
Sun, 02 Oct 2022 04:22:09 GMT
function-execution-id
sutemy3nq5na
server
Google Frontend
vary
Origin, Access-Control-Request-Headers
x-cloud-trace-context
1cab3cbb138b3d0722ed6ce8acf906f4
x-powered-by
Express
5102142313206717
connect.facebook.net/signals/config/ 		293 KB
84 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/5102142313206717?v=2.9.84&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
577ba57f21942b4c6eaed13ff9cbf6bbb6b1a80fcca8f78f48b240255984ac95
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://secure.ertcoutreach.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Sun, 02 Oct 2022 04:22:09 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
x-fb-rlafr
0
x-xss-protection
0
pragma
public
x-fb-debug
eoKWe1RYdPdtaB0uVoUJHX+lRgZd5LzSFCSBUxziI/tMIl1cz8MrSfUoGFFUf0suXYXRmDMIxIOXyG1ITcGhEg==
x-fb-trip-id
686109401
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
cache-control
public, max-age=1200
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
bat.js
bat.bing.com/ 		38 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/bat.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TRX6GBZ
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
30153b15b4cb898c421e657f6de21dc27435cb990e7888367bdee12e06398da7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://secure.ertcoutreach.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
date
Sun, 02 Oct 2022 04:22:09 GMT
last-modified
Thu, 28 Jul 2022 17:32:37 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 2A7FC808EEC740A9A9DE3FDA568E1074 Ref B: DUS30EDGE0811 Ref C: 2022-10-02T04:22:09Z
etag
"80a8697a8a2d81:0"
vary
Accept-Encoding
x-cache
CONFIG_NOCACHE
content-type
application/javascript
access-control-allow-origin
*
cache-control
private,max-age=1800
accept-ranges
bytes
content-length
11367
/
www.facebook.com/tr/ 		0
204 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=5102142313206717&ev=PageView&dl=https%3A%2F%2Fsecure.ertcoutreach.org%2F%23welcome&rl=&if=false&ts=1664684529781&cd[event]=render&cd[flow_id]=erc-express&cd[host]=secure.ertcoutreach.org&cd[path]=%2F&cd[origin]=https%3A%2F%2Fsecure.ertcoutreach.org&cd[title]=ERC%20Express&cd[hash]=%23welcome&cd[screen_width]=1600&cd[screen_height]=1200&cd[user_id]=_8oyddl&cd[screen_id]=start&cd[session_id]=kdsoev&sw=1600&sh=1200&v=2.9.84&r=stable&ec=0&o=30&fbp=fb.1.1664684529780.1285243779&it=1664684529629&coo=false&eid=fahycdi8pxzx&rqm=GET
Requested by
Host: secure.ertcoutreach.org
URL: https://secure.ertcoutreach.org/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://secure.ertcoutreach.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Sun, 02 Oct 2022 04:22:09 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
0
27036194.js
bat.bing.com/p/action/ 		1 KB
844 B 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/p/action/27036194.js
Requested by
Host: bat.bing.com
URL: https://bat.bing.com/bat.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
72bc67e37f1433828c9a336362b59591c5572efc3aa048423bc683a29f12dc09
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://secure.ertcoutreach.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
date
Sun, 02 Oct 2022 04:22:09 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: B36F7937EC24435DA1232EE5E16A3E45 Ref B: DUS30EDGE0811 Ref C: 2022-10-02T04:22:09Z
vary
Accept-Encoding
x-cache
CONFIG_NOCACHE
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
private,max-age=60
content-length
667
0
bat.bing.com/action/ 		0
177 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bat.bing.com/action/0?ti=27036194&tm=gtm002&Ver=2&mid=5d0f69ff-69c9-43c4-9218-2c70d253e724&sid=c824f7a0420911edb5a8c33e7619d130&vid=c8251270420911eda678cd9c37a50f4a&vids=1&msclkid=N&gtm_tag_source=1&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=ERC%20Express&p=https%3A%2F%2Fsecure.ertcoutreach.org%2F%23welcome&r=&lt=723&evt=pageLoad&sv=1&rn=531830
Requested by
Host: secure.ertcoutreach.org
URL: https://secure.ertcoutreach.org/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://secure.ertcoutreach.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Sun, 02 Oct 2022 04:22:09 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: AFB0FCCE5FA84499B5BAE184ABFD7418 Ref B: DUS30EDGE0811 Ref C: 2022-10-02T04:22:09Z
x-cache
CONFIG_NOCACHE
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
expires
Fri, 01 Jan 1990 00:00:00 GMT
27036194
www.clarity.ms/tag/uet/ 		1 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.clarity.ms/tag/uet/27036194
Requested by
Host: bat.bing.com
URL: https://bat.bing.com/p/action/27036194.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:46::45 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/ ASP.NET
Resource Hash
7ef3dec0d66436a7b4777c466bd804379ded7bfef5835cfc40e3516de424cc01

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://secure.ertcoutreach.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

request-context
appId=cid-v1:9c7c879b-c51a-427e-9701-218438da5f81
date
Sun, 02 Oct 2022 04:22:09 GMT
x-powered-by
ASP.NET
x-azure-ref
08hE5YwAAAABCA4kI4R3HT6hN/I0njC2ZQU1TMDRFREdFMTkxMQA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
x-cache
CONFIG_NOCACHE
content-type
application/x-javascript
cache-control
no-cache, no-store
content-length
1495
expires
-1
clarity.js
www.clarity.ms/eus2/s/0.6.42/ 		53 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.clarity.ms/eus2/s/0.6.42/clarity.js
Requested by
Host: www.clarity.ms
URL: https://www.clarity.ms/tag/uet/27036194
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:46::45 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/ ASP.NET
Resource Hash
d97ca913935c9897ac4e255d17e14c8a3f0d8513681fe5b6736c4921fc5dd078

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://secure.ertcoutreach.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Sun, 02 Oct 2022 04:22:09 GMT
content-encoding
br
last-modified
Wed, 01 Jun 2022 12:22:22 GMT
etag
"1d8d4495324d7d4"
x-powered-by
ASP.NET
vary
Accept-Encoding
x-cache
CONFIG_NOCACHE
content-type
application/javascript;charset=utf-8
x-azure-ref
08hE5YwAAAADBvk8RkG5bQbLcGHzMzoDdQU1TMDRFREdFMTkxMQA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
cache-control
public,max-age=86400
accept-ranges
bytes
request-context
appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64
/
www.facebook.com/tr/ 		0
18 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=5102142313206717&ev=Microdata&dl=https%3A%2F%2Fsecure.ertcoutreach.org%2F%23welcome&rl=&if=false&ts=1664684530283&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22ERC%20Express%22%2C%22meta%3Adescription%22%3A%22%22%7D&cd[OpenGraph]=%7B%22og%3Atype%22%3A%22website%22%2C%22og%3Atitle%22%3A%22ERC%20Express%22%2C%22og%3Adescription%22%3A%22Built%20with%20Heyflow%22%2C%22og%3Aimage%22%3A%22https%3A%2F%2Fstorage.googleapis.com%2Fheyflow-eu-static%2Fmeta-image%2Fdefault.png%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.84&r=stable&ec=1&o=30&fbp=fb.1.1664684529780.1285243779&it=1664684529629&coo=false&es=automatic&tm=3&rqm=GET
Requested by
Host: secure.ertcoutreach.org
URL: https://secure.ertcoutreach.org/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://secure.ertcoutreach.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Sun, 02 Oct 2022 04:22:10 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
0
priority
u=3,i
c.gif
c.clarity.ms/
Redirect Chain
  • https://c.clarity.ms/c.gif
  • https://c.bing.com/c.gif?CtsSyncId=719D471684BF4F6A8DA51FAD989C3B06&RedC=c.clarity.ms&MXFR=0AD83B2E4B9764B01E8C291F4F976A4E
  • https://c.clarity.ms/c.gif?CtsSyncId=719D471684BF4F6A8DA51FAD989C3B06&MUID=25262F17D9C8682E31FA3D26D8626989
42 B
368 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.clarity.ms/c.gif?CtsSyncId=719D471684BF4F6A8DA51FAD989C3B06&MUID=25262F17D9C8682E31FA3D26D8626989
Protocol
H2
Server
20.234.93.27 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://secure.ertcoutreach.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 02 Oct 2022 04:22:10 GMT
last-modified
Tue, 13 Sep 2022 19:54:52 GMT
server
Microsoft-IIS/10.0
etag
"8d3298b0aac7d81:0"
x-powered-by
ASP.NET
content-type
image/gif
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control
private, no-cache, proxy-revalidate, no-store
accept-ranges
bytes
content-length
42

Redirect headers

pragma
no-cache
date
Sun, 02 Oct 2022 04:22:10 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: A3A3E5AEEBFF4755840DAE0E7F49C980 Ref B: DUS30EDGE0811 Ref C: 2022-10-02T04:22:10Z
x-powered-by
ASP.NET
x-cache
CONFIG_NOCACHE
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location
https://c.clarity.ms/c.gif?CtsSyncId=719D471684BF4F6A8DA51FAD989C3B06&MUID=25262F17D9C8682E31FA3D26D8626989
cache-control
private, no-cache, proxy-revalidate, no-store
content-length
0
collect
b.clarity.ms/ 		0
180 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://b.clarity.ms/collect
Requested by
Host: www.clarity.ms
URL: https://www.clarity.ms/eus2/s/0.6.42/clarity.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.75.32.255 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/x-clarity-gzip
Referer
https://secure.ertcoutreach.org/
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

access-control-allow-origin
https://secure.ertcoutreach.org
date
Sun, 02 Oct 2022 04:22:10 GMT
access-control-allow-credentials
true
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
request-context
appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64
collect
b.clarity.ms/ 		0
25 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://b.clarity.ms/collect
Requested by
Host: www.clarity.ms
URL: https://www.clarity.ms/eus2/s/0.6.42/clarity.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.75.32.255 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/x-clarity-gzip
Referer
https://secure.ertcoutreach.org/
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

access-control-allow-origin
https://secure.ertcoutreach.org
date
Sun, 02 Oct 2022 04:22:10 GMT
access-control-allow-credentials
true
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
request-context
appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64

Verdicts & Comments Add Verdict or Comment

26 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation object| heyflow object| dataLayer function| fbq function| _fbq object| windowConstants object| regeneratorRuntime function| Awesomplete function| Cleave function| onLessReady object| Client object| google_tag_manager function| UET function| UET_init function| UET_push object| ueto_5b27d41342 object| uetq function| clarity

11 Cookies

Domain/Path Name / Value
.ertcoutreach.org/ Name: _fbp
Value: fb.1.1664684529780.1285243779
.bing.com/ Name: MUID
Value: 25262F17D9C8682E31FA3D26D8626989
.ertcoutreach.org/ Name: _uetsid
Value: c824f7a0420911edb5a8c33e7619d130
.ertcoutreach.org/ Name: _uetvid
Value: c8251270420911eda678cd9c37a50f4a
www.clarity.ms/ Name: CLID
Value: ad29f55a44434b7e98c01197213e4899.20221002.20231002
.ertcoutreach.org/ Name: _clck
Value: gkeif1|1|f5d|0
.c.bing.com/ Name: SRM_B
Value: 25262F17D9C8682E31FA3D26D8626989
.c.clarity.ms/ Name: SM
Value: C
.clarity.ms/ Name: MUID
Value: 25262F17D9C8682E31FA3D26D8626989
.c.clarity.ms/ Name: ANONCHK
Value: 0
.ertcoutreach.org/ Name: _clsk
Value: 1sc8557|1664684530808|1|1|b.clarity.ms/collect

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

b.clarity.ms
bat.bing.com
c.bing.com
c.clarity.ms
connect.facebook.net
europe-west1-niro-tracking.cloudfunctions.net
fonts.heyflow.cloud
secure.ertcoutreach.org
storage.googleapis.com
www.clarity.ms
www.facebook.com
www.googletagmanager.com
20.234.93.27
20.75.32.255
2001:4860:4802:36::36
2606:4700:20::681a:1f0
2620:1ec:46::45
2620:1ec:c11::200
2a00:1450:4001:800::2010
2a00:1450:4001:82a::2008
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f12d:83:face:b00c:0:25de
2a06:98c1:3121::3
00a92494627ed8f758972b7dc47b3af186497c0637ea867a33fdb604c1548674
30153b15b4cb898c421e657f6de21dc27435cb990e7888367bdee12e06398da7
3f4ffa9f4971c3d721128f0fdd3aedc44f9802767e422e3dbe25ffcf0c0b23e6
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
577ba57f21942b4c6eaed13ff9cbf6bbb6b1a80fcca8f78f48b240255984ac95
5c1ad572661a2803e4443967ebcff04f972d4e4a3d6a6d8f323ebb7261dbde31
72bc67e37f1433828c9a336362b59591c5572efc3aa048423bc683a29f12dc09
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
7ef3dec0d66436a7b4777c466bd804379ded7bfef5835cfc40e3516de424cc01
8a54c4ddb40cf230eb072b7f414ce69c752a7ea35f55c995f1ed828eda089307
9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
bd79ae974037b522b3c3d356781433c3917b75215867fecfc602e2c038e72a5a
c0283080e7d90793f2e07dd380e73e4089b74bfc8c3a18cec7e936f11f0969f4
d97ca913935c9897ac4e255d17e14c8a3f0d8513681fe5b6736c4921fc5dd078
dcc06c954464a9b8bc8397b766806e42605aca64027647558e50ad2270053b11
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149