openvisiting.com Open in urlscan Pro
172.67.202.170 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://harrenmedia.g2afse.com/click?pid=56&offer_id=4139&sub1=$PIXEL&sub2=$AFF
Effective URL:
https://openvisiting.com/3p/?country=Netherlands&device_name=Desktop&domain=mediaservingoc.com&uclick=usqq8w1m&uclickhash...
Submission: On July 02 via manual (July 2nd 2024, 3:58:20 pm UTC) from MX — Scanned from NL

Summary HTTP 27 Redirects Behaviour Indicators

Summary

This website contacted 11 IPs in 5 countries across 14 domains to perform 27 HTTP transactions. The main IP is 172.67.202.170, located in and belongs to . The main domain is openvisiting.com.
TLS certificate: Issued by GTS CA 1P5 on May 16th 2024. Valid for: 3 months.

This is the only time openvisiting.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
6 6	34.91.142.64 34.91.142.64	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 1	104.26.6.190 104.26.6.190	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 4	188.114.97.3 188.114.97.3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	172.67.185.188 172.67.185.188	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	108.178.23.116 108.178.23.116	32475 (SINGLEHOP...) (SINGLEHOP-LLC)
2 3	51.68.82.147 51.68.82.147	16276 (OVH) (OVH)
2	67.212.173.78 67.212.173.78	32475 (SINGLEHOP...) (SINGLEHOP-LLC)
1 1	95.217.42.163 95.217.42.163	24940 (HETZNER-AS) (HETZNER-AS)
8	172.67.202.170 172.67.202.170	() ()
3	34.249.173.68 34.249.173.68	() ()
1	172.67.70.233 172.67.70.233	() ()
1	2a04:4e42::649 2a04:4e42::649	() ()
1	2a00:1450:400... 2a00:1450:4001:81c::200a	() ()
3	2a00:1450:400... 2a00:1450:4001:809::2003	() ()
27	11

6 34.91.142.64 (Groningen, Netherlands) 6 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 64.142.91.34.bc.googleusercontent.com

harrenmedia.g2afse.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.26.6.190 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

armorads.aftrad-visit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 188.114.97.3 (Amsterdam, Netherlands) 1 redirects

ASN13335 (CLOUDFLARENET, US)

fangthatsack.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.67.185.188 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.addlnk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 108.178.23.116 (United States)

ASN32475 (SINGLEHOP-LLC, US)
PTR: server04.com-2.mobi

trk.mtzed.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 51.68.82.147 (United Kingdom) 2 redirects

ASN16276 (OVH, FR)

www.remarsempre.foundation	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 67.212.173.78 (United States)

ASN32475 (SINGLEHOP-LLC, US)
PTR: server04.com-2.mobi

add.tripasecoracao.college	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 95.217.42.163 (Helsinki, Finland) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.163.42.217.95.clients.your-server.de

mediaservingoc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 172.67.202.170 (None, )

ASN- ()

openvisiting.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.249.173.68 (None, )

ASN- ()

wurfl.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.67.70.233 (None, )

ASN- ()

get.geojs.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42::649 (None, )

ASN- ()

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81c::200a (None, )

ASN- ()

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:809::2003 (None, )

ASN- ()

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	openvisiting.com openvisiting.com	69 KB
6	g2afse.com 6 redirects harrenmedia.g2afse.com	1 KB
4	fangthatsack.com 1 redirects fangthatsack.com	6 KB
3	gstatic.com fonts.gstatic.com	47 KB
3	wurfl.io wurfl.io	3 KB
3	remarsempre.foundation 2 redirects www.remarsempre.foundation	5 KB
3	mtzed.com trk.mtzed.com	5 KB
2	tripasecoracao.college add.tripasecoracao.college	3 KB
1	googleapis.com fonts.googleapis.com	1 KB
1	jquery.com code.jquery.com	30 KB
1	geojs.io get.geojs.io	690 B
1	mediaservingoc.com 1 redirects mediaservingoc.com	666 B
1	addlnk.com cdn.addlnk.com — Cisco Umbrella Rank: 423059	1 KB
1	aftrad-visit.com 1 redirects armorads.aftrad-visit.com	430 B
27	14

	Domain	Requested by
8	openvisiting.com	add.tripasecoracao.college openvisiting.com
6	harrenmedia.g2afse.com	6 redirects
4	fangthatsack.com	1 redirects fangthatsack.com
3	fonts.gstatic.com	fonts.googleapis.com
3	wurfl.io	openvisiting.com wurfl.io
3	www.remarsempre.foundation	2 redirects trk.mtzed.com
3	trk.mtzed.com	fangthatsack.com
2	add.tripasecoracao.college	www.remarsempre.foundation add.tripasecoracao.college
1	fonts.googleapis.com	openvisiting.com
1	code.jquery.com	openvisiting.com
1	get.geojs.io	openvisiting.com
1	mediaservingoc.com	1 redirects
1	cdn.addlnk.com	fangthatsack.com
1	armorads.aftrad-visit.com	1 redirects
27	14

This site contains no links.

Subject Issuer	Validity	Valid
fangthatsack.com WE1	`2024-06-29` - `2024-09-27`	3 months	crt.sh
addlnk.com GTS CA 1P5	`2024-06-01` - `2024-08-30`	3 months	crt.sh
trk.mtzed.com R3	`2024-05-21` - `2024-08-19`	3 months	crt.sh
www.remarsempre.foundation R11	`2024-06-26` - `2024-09-24`	3 months	crt.sh
add.tripasecoracao.college E5	`2024-07-02` - `2024-09-30`	3 months	crt.sh
openvisiting.com GTS CA 1P5	`2024-05-16` - `2024-08-14`	3 months	crt.sh
wurfl.io Amazon RSA 2048 M03	`2024-04-10` - `2025-05-09`	a year	crt.sh
geojs.io E1	`2024-05-09` - `2024-08-07`	3 months	crt.sh
*.jquery.com Sectigo ECC Domain Validation Secure Server CA	`2024-06-25` - `2025-06-25`	a year	crt.sh
upload.video.google.com WR2	`2024-06-13` - `2024-09-05`	3 months	crt.sh
*.gstatic.com WR2	`2024-06-13` - `2024-09-05`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://openvisiting.com/3p/?country=Netherlands&device_name=Desktop&domain=mediaservingoc.com&uclick=usqq8w1m&uclickhash=usqq8w1m-usqq8w1m-ir0-0-523y-ik3y-ikbl-27cb6b
Frame ID: 3A11470D16B3F03E3CB642F5A9F0297B
Requests: 24 HTTP requests in this frame

Frame: https://fangthatsack.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/d2a97f6b6ec9/main.js
Frame ID: 3AD25ABFE5DE86C520328F4181D38E3A
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://harrenmedia.g2afse.com/click?pid=56&offer_id=4139&sub1=$PIXEL&sub2=$AFF HTTP 302
https://harrenmedia.g2afse.com/sl?id=5db1a4743bf47917e8f252cf&pid=2&sub1=$PIXEL&sub2=$AFF&sub3=&sub4=4139&s... HTTP 302
https://admoustache.aftrad-visit.com/track/direct?offer_id=3236&publisher_id=135&network_id=5&click_id=668423954e... HTTP 307
https://harrenmedia.g2afse.com/click?pid=56&offer_id=4139&sub1=$PIXEL&sub2=$AFF HTTP 302
https://harrenmedia.g2afse.com/sl?id=5db1a4743bf47917e8f252cf&pid=2&sub1=$PIXEL&sub2=$AFF&sub3=&sub4=4139&s... HTTP 302
https://armorads.aftrad-visit.com/track/smartlink?smartlink_id=6&publisher_id=106&network_id=1&click_id=668423... HTTP 301
https://dolpusads.aftrad-visit.com/track/smartlink?smartlink_id=6&publisher_id=106&network_id=1&click_id=668423... HTTP 307
https://harrenmedia.g2afse.com/click?pid=56&offer_id=4139&sub1=$PIXEL&sub2=$AFF HTTP 302
https://harrenmedia.g2afse.com/sl?id=5db1a4743bf47917e8f252cf&pid=2&sub1=$PIXEL&sub2=$AFF&sub3=&sub4=4139&s... HTTP 302
https://fangthatsack.com/rc/d736b127be?affclick=6684239625ecd5000152a99d&pubid=2 Page URL
https://trk.mtzed.com/?utm_medium=77aec8613a4e6de5cfbc5b68e7d9321696ab3af6&utm_campaign=mainstream... Page URL
https://www.remarsempre.foundation/?sl=5816354-62543&pub_click_id=M7387068415963299947&site=13260-711f2aac-d07b... Page URL
https://www.remarsempre.foundation/?sl=5816354-62543&pub_click_id=M7387068415963299947&site=13260-711f2aac-d07b... HTTP 302
https://www.remarsempre.foundation/?sl=5816354-62543&pub_click_id=M7387068415963299947&site=13260-711f2aac-d07b... HTTP 302
https://add.tripasecoracao.college/?utm_medium=5299fdedf06e5eb5a85c851edd0c6d0e8f49c422&utm_campaign=msl&cid=12... Page URL
https://add.tripasecoracao.college/proc.php?2bc0a7c5703c7e2093366a825f08bd074345600e Page URL
http://mediaservingoc.com/click.php?key=glg0el5milh3xjhb2jhu&subid=M7387068428848201802&partner_id=209... HTTP 307
https://mediaservingoc.com/click.php?key=glg0el5milh3xjhb2jhu&subid=M7387068428848201802&partner_id=209... HTTP 302
https://openvisiting.com/3p/?country=Netherlands&device_name=Desktop&domain=mediaservingoc.com&uclick... Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

27
Requests

96 %
HTTPS

21 %
IPv6

14
Domains

14
Subdomains

11
IPs

5
Countries

171 kB
Transfer

257 kB
Size

4
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://harrenmedia.g2afse.com/click?pid=56&offer_id=4139&sub1=$PIXEL&sub2=$AFF HTTP 302
https://harrenmedia.g2afse.com/sl?id=5db1a4743bf47917e8f252cf&pid=2&sub1=$PIXEL&sub2=$AFF&sub3=&sub4=4139&sub5=56 HTTP 302
https://admoustache.aftrad-visit.com/track/direct?offer_id=3236&publisher_id=135&network_id=5&click_id=668423954e9a4d0001e1aa4d&source=2 HTTP 307
https://harrenmedia.g2afse.com/click?pid=56&offer_id=4139&sub1=$PIXEL&sub2=$AFF HTTP 302
https://harrenmedia.g2afse.com/sl?id=5db1a4743bf47917e8f252cf&pid=2&sub1=$PIXEL&sub2=$AFF&sub3=&sub4=4139&sub5=56 HTTP 302
https://armorads.aftrad-visit.com/track/smartlink?smartlink_id=6&publisher_id=106&network_id=1&click_id=66842395f2c4fc00014b3e6b&source=2&sub_source= HTTP 301
https://dolpusads.aftrad-visit.com/track/smartlink?smartlink_id=6&publisher_id=106&network_id=1&click_id=66842395f2c4fc00014b3e6b&source=2&sub_source= HTTP 307
https://harrenmedia.g2afse.com/click?pid=56&offer_id=4139&sub1=$PIXEL&sub2=$AFF HTTP 302
https://harrenmedia.g2afse.com/sl?id=5db1a4743bf47917e8f252cf&pid=2&sub1=$PIXEL&sub2=$AFF&sub3=&sub4=4139&sub5=56 HTTP 302
https://fangthatsack.com/rc/d736b127be?affclick=6684239625ecd5000152a99d&pubid=2 Page URL
https://trk.mtzed.com/?utm_medium=77aec8613a4e6de5cfbc5b68e7d9321696ab3af6&utm_campaign=mainstream_redirect&1=3b35b3bb&cid=pub945b41fcc3024310ae30397bbaf60fc6&2=2 Page URL
https://www.remarsempre.foundation/?sl=5816354-62543&pub_click_id=M7387068415963299947&site=13260-711f2aac-d07b7b98&pub_sub_id=13260 Page URL
https://www.remarsempre.foundation/?sl=5816354-62543&pub_click_id=M7387068415963299947&site=13260-711f2aac-d07b7b98&pub_sub_id=13260&eyeg=1f5d7a95045ca478957c213ebacc08bd&eyer=0.24703316277255638&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=trk.mtzed.com HTTP 302
https://www.remarsempre.foundation/?sl=5816354-62543&pub_click_id=M7387068415963299947&site=13260-711f2aac-d07b7b98&pub_sub_id=13260&eyeg=3&eyer=0.24703316277255638&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=trk.mtzed.com HTTP 302
https://add.tripasecoracao.college/?utm_medium=5299fdedf06e5eb5a85c851edd0c6d0e8f49c422&utm_campaign=msl&cid=1281584655702719794&1=trk1_mdc_NL Page URL
https://add.tripasecoracao.college/proc.php?2bc0a7c5703c7e2093366a825f08bd074345600e Page URL
http://mediaservingoc.com/click.php?key=glg0el5milh3xjhb2jhu&subid=M7387068428848201802&partner_id=20961&pid=20961-dea300b4-8f0755a2&campaign_id=9626e6&browser=Chrome&device=Google+Chrome&app_name=unknown&geo=NL&carrier=NL+WiFi&pcid=9626e6_20961-dea300b4-8f0755a2&pg=20961-NL HTTP 307
https://mediaservingoc.com/click.php?key=glg0el5milh3xjhb2jhu&subid=M7387068428848201802&partner_id=20961&pid=20961-dea300b4-8f0755a2&campaign_id=9626e6&browser=Chrome&device=Google+Chrome&app_name=unknown&geo=NL&carrier=NL+WiFi&pcid=9626e6_20961-dea300b4-8f0755a2&pg=20961-NL HTTP 302
https://openvisiting.com/3p/?country=Netherlands&device_name=Desktop&domain=mediaservingoc.com&uclick=usqq8w1m&uclickhash=usqq8w1m-usqq8w1m-ir0-0-523y-ik3y-ikbl-27cb6b Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://harrenmedia.g2afse.com/click?pid=56&offer_id=4139&sub1=$PIXEL&sub2=$AFF HTTP 302
https://harrenmedia.g2afse.com/sl?id=5db1a4743bf47917e8f252cf&pid=2&sub1=$PIXEL&sub2=$AFF&sub3=&sub4=4139&sub5=56 HTTP 302
https://admoustache.aftrad-visit.com/track/direct?offer_id=3236&publisher_id=135&network_id=5&click_id=668423954e9a4d0001e1aa4d&source=2 HTTP 307
https://harrenmedia.g2afse.com/click?pid=56&offer_id=4139&sub1=$PIXEL&sub2=$AFF HTTP 302
https://harrenmedia.g2afse.com/sl?id=5db1a4743bf47917e8f252cf&pid=2&sub1=$PIXEL&sub2=$AFF&sub3=&sub4=4139&sub5=56 HTTP 302
https://armorads.aftrad-visit.com/track/smartlink?smartlink_id=6&publisher_id=106&network_id=1&click_id=66842395f2c4fc00014b3e6b&source=2&sub_source= HTTP 301
https://dolpusads.aftrad-visit.com/track/smartlink?smartlink_id=6&publisher_id=106&network_id=1&click_id=66842395f2c4fc00014b3e6b&source=2&sub_source= HTTP 307
https://harrenmedia.g2afse.com/click?pid=56&offer_id=4139&sub1=$PIXEL&sub2=$AFF HTTP 302
https://harrenmedia.g2afse.com/sl?id=5db1a4743bf47917e8f252cf&pid=2&sub1=$PIXEL&sub2=$AFF&sub3=&sub4=4139&sub5=56 HTTP 302
https://fangthatsack.com/rc/d736b127be?affclick=6684239625ecd5000152a99d&pubid=2

Request Chain 2

https://fangthatsack.com/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
https://fangthatsack.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/d2a97f6b6ec9/main.js

Request Chain 8

https://www.remarsempre.foundation/?sl=5816354-62543&pub_click_id=M7387068415963299947&site=13260-711f2aac-d07b7b98&pub_sub_id=13260&eyeg=1f5d7a95045ca478957c213ebacc08bd&eyer=0.24703316277255638&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=trk.mtzed.com HTTP 302
https://www.remarsempre.foundation/?sl=5816354-62543&pub_click_id=M7387068415963299947&site=13260-711f2aac-d07b7b98&pub_sub_id=13260&eyeg=3&eyer=0.24703316277255638&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=trk.mtzed.com HTTP 302
https://add.tripasecoracao.college/?utm_medium=5299fdedf06e5eb5a85c851edd0c6d0e8f49c422&utm_campaign=msl&cid=1281584655702719794&1=trk1_mdc_NL

27 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3

200

d736b127be Show response
fangthatsack.com/rc/
Redirect Chain

https://harrenmedia.g2afse.com/click?pid=56&offer_id=4139&sub1=$PIXEL&sub2=$AFF
https://harrenmedia.g2afse.com/sl?id=5db1a4743bf47917e8f252cf&pid=2&sub1=$PIXEL&sub2=$AFF&sub3=&sub4=4139&sub5=56
https://admoustache.aftrad-visit.com/track/direct?offer_id=3236&publisher_id=135&network_id=5&click_id=668423954e9a4d0001e1aa4d&source=2
https://harrenmedia.g2afse.com/click?pid=56&offer_id=4139&sub1=$PIXEL&sub2=$AFF
https://harrenmedia.g2afse.com/sl?id=5db1a4743bf47917e8f252cf&pid=2&sub1=$PIXEL&sub2=$AFF&sub3=&sub4=4139&sub5=56
https://armorads.aftrad-visit.com/track/smartlink?smartlink_id=6&publisher_id=106&network_id=1&click_id=66842395f2c4fc00014b3e6b&source=2&sub_source=
https://dolpusads.aftrad-visit.com/track/smartlink?smartlink_id=6&publisher_id=106&network_id=1&click_id=66842395f2c4fc00014b3e6b&source=2&sub_source=
https://harrenmedia.g2afse.com/click?pid=56&offer_id=4139&sub1=$PIXEL&sub2=$AFF
https://harrenmedia.g2afse.com/sl?id=5db1a4743bf47917e8f252cf&pid=2&sub1=$PIXEL&sub2=$AFF&sub3=&sub4=4139&sub5=56
https://fangthatsack.com/rc/d736b127be?affclick=6684239625ecd5000152a99d&pubid=2

2 KB
1 KB

190ms
145ms

Document
text/html

188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://fangthatsack.com/rc/d736b127be?affclick=6684239625ecd5000152a99d&pubid=2
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9da9f5c9931cfad8d3c052eb23143a49e6016bc833809335b17824fd3310b16e

Request headers

Accept-Language: nl-NL,nl;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 89cfd60a796306e0-AMS
content-encoding: br
content-language: en-us
content-type: text/html; charset=utf-8
date: Tue, 02 Jul 2024 15:58:14 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DithXVA36rajtZTo4oejBvWmuHxXgzgIcjX8eizBSEM%2FHKvUigE3wIiZMhmRnx4cLw%2FqvH9VhPNZ7XOSKBfNelThfczGyYeeTZ%2BaYVuRlSzbeqNePyrlDdpSyFubJka%2Fdv3X"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding, Accept-Language, Cookie

Redirect headers

access-control-allow-origin: *
content-length: 0
date: Tue, 02 Jul 2024 15:58:14 GMT
location: https://fangthatsack.com/rc/d736b127be?affclick=6684239625ecd5000152a99d&pubid=2
referer
referrer-policy: no-referrer
server: nginx
x-adjust-use-original-forwarded-for: 1

GET
H3 200 redirect.css
cdn.addlnk.com/ 1 KB
1 KB 70ms
31ms Stylesheet
text/css 172.67.185.188
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.addlnk.com/redirect.css
Requested by: Host: fangthatsack.com
URL: https://fangthatsack.com/rc/d736b127be?affclick=6684239625ecd5000152a99d&pubid=2
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.185.188 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7817748dc7354950bf4943388276db534474269c0cd0ed6a629841ca3d7b81a1

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 02 Jul 2024 15:58:14 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: SNDP3EHFRXGYFGVX
age: 2902
cf-polished: origSize=1680
alt-svc: h3=":443"; ma=86400
x-amz-id-2: CQMDKBn86znxF6s+x2lWX5Mp96ncMQ/T82OhLLuZIs7usdG9j+xSh+e6VGs2dqzzbSwJd424pRQ8WtvHssgA1Q==
cf-bgj: minify
last-modified: Wed, 13 Mar 2019 00:03:12 GMT
server: cloudflare
etag: W/"3ae56d32551602b41f9046c14d1cfde2"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ESXckGzpQlRBmo5a%2F9r5fvVfjrsyqr%2F291298Oa%2FzLbbBalzRVwrj0PV6SqNam4zirE6AxVsChFTRgu4TN4tidEU1U6m%2BZLBUSM29ZVq8V10sINpJSE7C5%2B%2FtXirdoo%2Fzg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cf-ray: 89cfd60badfb66d5-AMS

GET
H3

200

main.js Show response
fangthatsack.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/d2a97f6b6ec9/ Frame 3AD2
Redirect Chain

https://fangthatsack.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
https://fangthatsack.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/d2a97f6b6ec9/main.js?

8 KB
4 KB

25ms
24ms

Script
application/javascript

188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fangthatsack.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/d2a97f6b6ec9/main.js?

Protocol

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d9455f9910d04596551bd034b82ae2124dd6bc00184f04746c260dce6ca5ac7f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: nl-NL,nl;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 02 Jul 2024 15:58:14 GMT
content-encoding: br
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JVkxD2r2F9JMyoO4rft1mrauoBapWELsCjJCpe7g0awT0kVk0J%2F3fPMhSrc3k9Q4fiHwkTEwB7nzWpxNxIwrqUBso%2Fd2PjTINDEiqto84NqxrxFoOWo99b8lInfxrMy9aaeX"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
cf-ray: 89cfd60c2c1906e0-AMS
alt-svc: h3=":443"; ma=86400

Redirect headers

date: Tue, 02 Jul 2024 15:58:14 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=95WV5A97UHQtu%2FUqxzLZSr3fWi%2Frah%2FhnA9F7H85gJrBHpnSDZeqpIjFvXIidmIyojxpRMyeBU%2BQckq9LPuusBSgT9PnxNdQH6%2Bdt23XofFqXSVkUEt%2B4uopc8ZR527ytHdI"}],"group":"cf-nel","max_age":604800}
location: /cdn-cgi/challenge-platform/h/g/scripts/jsd/d2a97f6b6ec9/main.js?
access-control-allow-origin: *
cache-control: max-age: 300, public
cf-ray: 89cfd60c0bdc06e0-AMS
alt-svc: h3=":443"; ma=86400
content-length: 0

POST
H3 200 89cfd60a796306e0
fangthatsack.com/cdn-cgi/challenge-platform/h/g/jsd/r/ Frame 3AD2 0
683 B 36ms
36ms XHR
text/plain 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://fangthatsack.com/cdn-cgi/challenge-platform/h/g/jsd/r/89cfd60a796306e0
Requested by: Host: fangthatsack.com
URL: https://fangthatsack.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform: "Win32"
Referer
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 02 Jul 2024 15:58:14 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SVFT75w1Ixp%2B2bGkrKoe7kcJzkZbDglNa8k8qrOo7wO%2Bl4Evv0jc3MLASLPw3XGiMI1gVJEgkw%2F3j1u84K80ZvYKSYeC7AhRajjEwC5UnJc5jCsUAN%2BkTtwcA0Of86KEcVvN"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=UTF-8
cf-ray: 89cfd60d1d7c06e0-AMS
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 / Show response
trk.mtzed.com/ 9 KB
4 KB 379ms
116ms Document
text/html 108.178.23.116
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://trk.mtzed.com/?utm_medium=77aec8613a4e6de5cfbc5b68e7d9321696ab3af6&utm_campaign=mainstream_redirect&1=3b35b3bb&cid=pub945b41fcc3024310ae30397bbaf60fc6&2=2

Requested by

Host: fangthatsack.com
URL: https://fangthatsack.com/rc/d736b127be?affclick=6684239625ecd5000152a99d&pubid=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.178.23.116 , United States, ASN32475 (SINGLEHOP-LLC, US),

Reverse DNS

server04.com-2.mobi

Software

nginx /

Resource Hash

e201b33bce176932a24aaf3840c1bf45561a3fa7628da07c606d25034a88ebe5

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Accept-Language: nl-NL,nl;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

accept-ch: Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version
alt-svc: h3=":443"; ma=604800; persist=1
cache-control: no-store, no-cache, must-revalidate, max-age=0
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Tue, 02 Jul 2024 15:58:14 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
server: nginx
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Accept-Encoding

GET
H2 200 favicon.ico
trk.mtzed.com/ 1 KB
1 KB 114ms
113ms Other
image/x-icon 108.178.23.116
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://trk.mtzed.com/favicon.ico

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.178.23.116 , United States, ASN32475 (SINGLEHOP-LLC, US),

Reverse DNS

server04.com-2.mobi

Software

nginx /

Resource Hash

b1d7aef06456fe7431124129a28f0138bb5fccfa4f4161e3087de23c005e5edc

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-full-version: "126.0.6478.126"
sec-ch-ua-platform-version: "10.0.0"
Referer: https://trk.mtzed.com/?utm_medium=77aec8613a4e6de5cfbc5b68e7d9321696ab3af6&utm_campaign=mainstream_redirect&1=3b35b3bb&cid=pub945b41fcc3024310ae30397bbaf60fc6&2=2
sec-ch-ua-model: ""
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 02 Jul 2024 15:58:15 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
last-modified: Fri, 11 Aug 2023 10:37:02 GMT
server: nginx
etag: "64d60f4e-47e"
content-type: image/x-icon
cache-control: max-age=86400
accept-ranges: bytes
alt-svc: h3=":443"; ma=604800; persist=1
content-length: 1150
expires: Wed, 03 Jul 2024 15:58:15 GMT

GET
H2 200 favicon.ico
trk.mtzed.com/ 1 KB
0 0ms
0ms Other
image/x-icon 108.178.23.116
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://trk.mtzed.com/favicon.ico
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.178.23.116 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS: server04.com-2.mobi
Software: nginx /
Resource Hash: b1d7aef06456fe7431124129a28f0138bb5fccfa4f4161e3087de23c005e5edc

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-full-version: "126.0.6478.126"
sec-ch-ua-platform-version: "10.0.0"
Referer: https://trk.mtzed.com/?utm_medium=77aec8613a4e6de5cfbc5b68e7d9321696ab3af6&utm_campaign=mainstream_redirect&1=3b35b3bb&cid=pub945b41fcc3024310ae30397bbaf60fc6&2=2
sec-ch-ua-model: ""
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 02 Jul 2024 15:58:15 GMT
last-modified: Fri, 11 Aug 2023 10:37:02 GMT
server: nginx
etag: "64d60f4e-47e"
content-type: image/x-icon
cache-control: max-age=86400
accept-ranges: bytes
alt-svc: h3=":443"; ma=604800; persist=1
content-length: 1150
expires: Wed, 03 Jul 2024 15:58:15 GMT

GET
H/1.1 200
OK /
www.remarsempre.foundation/ 4 KB
4 KB 231ms
30ms Document
text/html 51.68.82.147
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://www.remarsempre.foundation/?sl=5816354-62543&pub_click_id=M7387068415963299947&site=13260-711f2aac-d07b7b98&pub_sub_id=13260
Requested by: Host: trk.mtzed.com
URL: https://trk.mtzed.com/?utm_medium=77aec8613a4e6de5cfbc5b68e7d9321696ab3af6&utm_campaign=mainstream_redirect&1=3b35b3bb&cid=pub945b41fcc3024310ae30397bbaf60fc6&2=2
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 51.68.82.147 , United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept-Language: nl-NL,nl;q=0.9;q=0.9
Referer: https://trk.mtzed.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

Accept-CH: Sec-CH-UA-Platform-Version
Cache-Control: no-transform
Connection: keep-alive
Content-Type: text/html
Date: Tue, 02 Jul 2024 15:58:16 GMT
Transfer-Encoding: chunked

GET
H2

200

/
add.tripasecoracao.college/
Redirect Chain

https://www.remarsempre.foundation/?sl=5816354-62543&pub_click_id=M7387068415963299947&site=13260-711f2aac-d07b7b98&pub_sub_id=13260&eyeg=1f5d7a95045ca478957c213ebacc08bd&eyer=0.24703316277255638&e...
https://www.remarsempre.foundation/?sl=5816354-62543&pub_click_id=M7387068415963299947&site=13260-711f2aac-d07b7b98&pub_sub_id=13260&eyeg=3&eyer=0.24703316277255638&eyei=0&eyew=1600&eyeh=1200&eyetd...
https://add.tripasecoracao.college/?utm_medium=5299fdedf06e5eb5a85c851edd0c6d0e8f49c422&utm_campaign=msl&cid=1281584655702719794&1=trk1_mdc_NL

6 KB
2 KB

400ms
114ms

Document
text/html

67.212.173.78
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://add.tripasecoracao.college/?utm_medium=5299fdedf06e5eb5a85c851edd0c6d0e8f49c422&utm_campaign=msl&cid=1281584655702719794&1=trk1_mdc_NL

Requested by

Host: www.remarsempre.foundation
URL: https://www.remarsempre.foundation/?sl=5816354-62543&pub_click_id=M7387068415963299947&site=13260-711f2aac-d07b7b98&pub_sub_id=13260

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

67.212.173.78 , United States, ASN32475 (SINGLEHOP-LLC, US),

Reverse DNS

server04.com-2.mobi

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Accept-Language: nl-NL,nl;q=0.9;q=0.9
Referer: https://www.remarsempre.foundation/?sl=5816354-62543&pub_click_id=M7387068415963299947&site=13260-711f2aac-d07b7b98&pub_sub_id=13260
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"
sec-ch-ua-platform-version: "10.0.0"

Response headers

accept-ch: Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version
alt-svc: h3=":443"; ma=604800; persist=1
cache-control: no-store, no-cache, must-revalidate, max-age=0
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Tue, 02 Jul 2024 15:58:17 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
server: nginx
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Accept-Encoding

Redirect headers

Cache-Control: no-transform
Connection: keep-alive
Content-Length: 0
Date: Tue, 02 Jul 2024 15:58:17 GMT
Location: https://add.tripasecoracao.college/?utm_medium=5299fdedf06e5eb5a85c851edd0c6d0e8f49c422&utm_campaign=msl&cid=1281584655702719794&1=trk1_mdc_NL

GET
H2 200 proc.php
add.tripasecoracao.college/ 2 KB
1 KB 141ms
58ms Document
text/html 67.212.173.78
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://add.tripasecoracao.college/proc.php?2bc0a7c5703c7e2093366a825f08bd074345600e

Requested by

Host: add.tripasecoracao.college
URL: https://add.tripasecoracao.college/?utm_medium=5299fdedf06e5eb5a85c851edd0c6d0e8f49c422&utm_campaign=msl&cid=1281584655702719794&1=trk1_mdc_NL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

67.212.173.78 , United States, ASN32475 (SINGLEHOP-LLC, US),

Reverse DNS

server04.com-2.mobi

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Accept-Language: nl-NL,nl;q=0.9;q=0.9
Referer: https://add.tripasecoracao.college/?utm_medium=5299fdedf06e5eb5a85c851edd0c6d0e8f49c422&utm_campaign=msl&cid=1281584655702719794&1=trk1_mdc_NL
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-full-version: "126.0.6478.126"
sec-ch-ua-mobile: ?0
sec-ch-ua-model: ""
sec-ch-ua-platform: "Win32"
sec-ch-ua-platform-version: "10.0.0"

Response headers

accept-ch: Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version
alt-svc: h3=":443"; ma=604800; persist=1
cache-control: no-store, no-cache, must-revalidate, max-age=0
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Tue, 02 Jul 2024 15:58:18 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: http://mediaservingoc.com/click.php?key=glg0el5milh3xjhb2jhu&subid=M7387068428848201802&partner_id=20961&pid=20961-dea300b4-8f0755a2&campaign_id=9626e6&browser=Chrome&device=Google+Chrome&app_name=unknown&geo=NL&carrier=NL+WiFi&pcid=9626e6_20961-dea300b4-8f0755a2&pg=20961-NL
pragma: no-cache
server: nginx
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Accept-Encoding

GET
H3

200

Primary Request /
openvisiting.com/3p/
Redirect Chain

http://mediaservingoc.com/click.php?key=glg0el5milh3xjhb2jhu&subid=M7387068428848201802&partner_id=20961&pid=20961-dea300b4-8f0755a2&campaign_id=9626e6&browser=Chrome&device=Google+Chrome&app_name=...
https://mediaservingoc.com/click.php?key=glg0el5milh3xjhb2jhu&subid=M7387068428848201802&partner_id=20961&pid=20961-dea300b4-8f0755a2&campaign_id=9626e6&browser=Chrome&device=Google+Chrome&app_name...
https://openvisiting.com/3p/?country=Netherlands&device_name=Desktop&domain=mediaservingoc.com&uclick=usqq8w1m&uclickhash=usqq8w1m-usqq8w1m-ir0-0-523y-ik3y-ikbl-27cb6b

3 KB
1 KB

342ms
94ms

Document
text/html

172.67.202.170

General

Check archive.org

Show headers Download Go to

Full URL

https://openvisiting.com/3p/?country=Netherlands&device_name=Desktop&domain=mediaservingoc.com&uclick=usqq8w1m&uclickhash=usqq8w1m-usqq8w1m-ir0-0-523y-ik3y-ikbl-27cb6b

Requested by

Host: add.tripasecoracao.college
URL: https://add.tripasecoracao.college/proc.php?2bc0a7c5703c7e2093366a825f08bd074345600e

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.202.170 -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: nl-NL,nl;q=0.9;q=0.9
Referer: https://add.tripasecoracao.college/proc.php?2bc0a7c5703c7e2093366a825f08bd074345600e
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 89cfd62779d90a47-AMS
content-encoding: br
content-type: text/html; charset=UTF-8
date: Tue, 02 Jul 2024 15:58:18 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0gBQ1gLbVsqq7rFiP8NwLIu32mVbQIwtQ8hMXJ9e7WATQU%2FLJhoDinM366%2Ft6S74ehaQjp7UfGlHAprWBx6HJfnqS%2BXZzh5m3c%2BFZIHFggoacrXujKaihz2uUu%2F0E12GeF19"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000

Redirect headers

Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Date: Tue, 02 Jul 2024 15:58:18 GMT
Location: https://openvisiting.com/3p/?country=Netherlands&device_name=Desktop&domain=mediaservingoc.com&uclick=usqq8w1m&uclickhash=usqq8w1m-usqq8w1m-ir0-0-523y-ik3y-ikbl-27cb6b
Server: nginx/1.26.0
Strict-Transport-Security: max-age=31536000
Transfer-Encoding: chunked

GET
H3 200 script.js
openvisiting.com/3p/ 2 KB
1 KB 27ms
25ms Script
application/javascript 172.67.202.170

General

Check archive.org

Show headers Download Go to

Full URL

https://openvisiting.com/3p/script.js

Requested by

Host: openvisiting.com
URL: https://openvisiting.com/3p/?country=Netherlands&device_name=Desktop&domain=mediaservingoc.com&uclick=usqq8w1m&uclickhash=usqq8w1m-usqq8w1m-ir0-0-523y-ik3y-ikbl-27cb6b

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.202.170 -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://openvisiting.com/3p/?country=Netherlands&device_name=Desktop&domain=mediaservingoc.com&uclick=usqq8w1m&uclickhash=usqq8w1m-usqq8w1m-ir0-0-523y-ik3y-ikbl-27cb6b
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 02 Jul 2024 15:58:19 GMT
strict-transport-security: max-age=31536000
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 06 Feb 2024 10:52:54 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 6775
etag: W/"65c20f86-7ed"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4%2BUaCeqTQ0%2B5oPgJ1oOVquIWvms4CvLKQPE0Zm7OG0RsolLzG3k%2FQjsUoCysURDOdX%2FF2POB72KhsSWLGIWc8y7xcs%2FhcopYQgDLMMxJnCCcMmP0k5oXf5dAiju1I8xtIhuq"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 89cfd628ebb50a47-AMS
alt-svc: h3=":443"; ma=86400

GET
H/1.1 200
OK wurfl.js
wurfl.io/ 4 KB
2 KB 145ms
33ms Script
application/javascript 34.249.173.68

General

Check archive.org

Show headers Download Go to

Full URL: https://wurfl.io/wurfl.js
Requested by: Host: openvisiting.com
URL: https://openvisiting.com/3p/?country=Netherlands&device_name=Desktop&domain=mediaservingoc.com&uclick=usqq8w1m&uclickhash=usqq8w1m-usqq8w1m-ir0-0-523y-ik3y-ikbl-27cb6b
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.249.173.68 -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://openvisiting.com/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Tue, 02 Jul 2024 15:58:19 GMT
Content-Encoding: br
Accept-Ch: Sec-Ch-Ua, Sec-Ch-Ua-Arch, Sec-Ch-Ua-Bitness, Sec-Ch-Ua-Full-Version, Sec-Ch-Ua-Full-Version-List, Sec-Ch-Ua-Mobile, Sec-Ch-Ua-Model, Sec-Ch-Ua-Platform, Sec-Ch-Ua-Platform-Version
Cross-Origin-Opener-Policy: cross-origin
Cross-Origin-Embedder-Policy: cross-origin
Vary: accept-encoding, user-agent, sec-ch-ua, sec-ch-ua-arch, sec-ch-ua-bitness, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-mobile, sec-ch-ua-model, sec-ch-ua-platform, sec-ch-ua-platform-version
Content-Type: application/javascript
Cache-Control: no-cache
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Length: 1681

GET
H3 200 country.js
get.geojs.io/v1/ip/ 93 B
690 B 77ms
34ms Script
application/javascript 172.67.70.233

General

Check archive.org

Show headers Download Go to

Full URL

https://get.geojs.io/v1/ip/country.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.70.233 -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://openvisiting.com/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 02 Jul 2024 15:58:19 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-request-id: 090656486791fa111d86e755d68770c2-AMS
x-geojs-location: AMS
pragma: no-cache
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ds4fFw8VX0H%2Fnys792hgJOVX71tCSikM2ts8IPMEsfklV8xGTMwBdpie2MPSqsmq2uKtVSphL8nNKl%2BB%2BxhRmyd%2FYWG39C5W0Su0cIlksb5fxYJBVSpcbhbYtiHJxg%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: no-store, no-cache, must-revalidate, private, max-age=0
cf-ray: 89cfd629ed350b7f-AMS

GET
H2 200 jquery-3.7.1.min.js
code.jquery.com/ 85 KB
30 KB 74ms
17ms Script
application/javascript 2a04:4e42::649

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.7.1.min.js
Requested by: Host: openvisiting.com
URL: https://openvisiting.com/3p/?country=Netherlands&device_name=Desktop&domain=mediaservingoc.com&uclick=usqq8w1m&uclickhash=usqq8w1m-usqq8w1m-ir0-0-523y-ik3y-ikbl-27cb6b
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42::649 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://openvisiting.com/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 02 Jul 2024 15:58:19 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
age: 5793695
x-cache: HIT, HIT
content-length: 30336
x-served-by: cache-lga21978-LGA, cache-ams2100094-AMS
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
server: nginx
x-timer: S1719935899.201885,VS0,VE0
etag: W/"28feccc0-155ed"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=604800
accept-ranges: bytes
x-cache-hits: 111685, 160636

GET
H3 200 style.css
openvisiting.com/3p/ 4 KB
2 KB 42ms
37ms Stylesheet
text/css 172.67.202.170

General

Check archive.org

Show headers Download Go to

Full URL

https://openvisiting.com/3p/style.css

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.202.170 -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://openvisiting.com/3p/?country=Netherlands&device_name=Desktop&domain=mediaservingoc.com&uclick=usqq8w1m&uclickhash=usqq8w1m-usqq8w1m-ir0-0-523y-ik3y-ikbl-27cb6b
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 02 Jul 2024 15:58:19 GMT
strict-transport-security: max-age=31536000
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 02 Feb 2024 21:21:55 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 5562
etag: W/"65bd5cf3-ebe"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sf5iYWwS1EjdcINIRf1zT%2FrEjKtFsrZzC1Bi3ERRkjfPh3TrZIgKRSmZYwLEGOwl9vKP10rx2GNWiBS%2F6IfIaY%2FTKX8feORsiUW%2FtdMmH6mC1nfyCPzZ4I%2FE8MEQDMudzFNd"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 89cfd628fbc30a47-AMS
alt-svc: h3=":443"; ma=86400

GET
H2 200 css2
fonts.googleapis.com/ 14 KB
1 KB 205ms
62ms Stylesheet
text/css 2a00:1450:4001:81c::200a

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700;900&display=swap

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::200a -, , ASN (),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://openvisiting.com/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000
date: Tue, 02 Jul 2024 15:58:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 02 Jul 2024 15:21:23 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 02 Jul 2024 15:58:19 GMT

GET
H3 200 logo.png
openvisiting.com/3p/images/ 3 KB
4 KB 30ms
28ms Image
image/png 172.67.202.170

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://openvisiting.com/3p/images/logo.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.202.170 -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://openvisiting.com/3p/?country=Netherlands&device_name=Desktop&domain=mediaservingoc.com&uclick=usqq8w1m&uclickhash=usqq8w1m-usqq8w1m-ir0-0-523y-ik3y-ikbl-27cb6b
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 02 Jul 2024 15:58:19 GMT
strict-transport-security: max-age=31536000
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4650
alt-svc: h3=":443"; ma=86400
content-length: 3210
last-modified: Sun, 04 Feb 2024 19:21:22 GMT
server: cloudflare
etag: "65bfe3b2-c8a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BN4ssG2kURdVjsFnhWts%2F3ECqCkke1XLbacNmO8qOatXjnWgxz6NbHlgqDgVC3aWwQaaR8xyQO61UQz5zzcC082Q6UHkh%2FFaonMjXTSkS97hB1IhP9TLRnTmYg1meX%2B%2FqsS0"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 89cfd628fbc60a47-AMS

GET
H3 200 check.png
openvisiting.com/3p/images/ 3 KB
3 KB 34ms
33ms Image
image/png 172.67.202.170

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://openvisiting.com/3p/images/check.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.202.170 -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://openvisiting.com/3p/?country=Netherlands&device_name=Desktop&domain=mediaservingoc.com&uclick=usqq8w1m&uclickhash=usqq8w1m-usqq8w1m-ir0-0-523y-ik3y-ikbl-27cb6b
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 02 Jul 2024 15:58:19 GMT
strict-transport-security: max-age=31536000
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4650
alt-svc: h3=":443"; ma=86400
content-length: 2649
last-modified: Sun, 04 Feb 2024 19:21:22 GMT
server: cloudflare
etag: "65bfe3b2-a59"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vJ7LXgr75Qhu1WKA0KKN8o%2FEiZSi8Yw2ipwxPvLbJiO5t2Dh13Vc1PLJOvvZLnk7LDSI2FSWHDat4wZb0NU4Ad1VT9lsKIzqAop71aH5Ee5FGs%2FPqmxSl%2FBEKK7cOIcnO6JI"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 89cfd628fbca0a47-AMS

GET
H3 200 arrow.png
openvisiting.com/3p/images/ 3 KB
3 KB 29ms
28ms Image
image/png 172.67.202.170

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://openvisiting.com/3p/images/arrow.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.202.170 -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://openvisiting.com/3p/?country=Netherlands&device_name=Desktop&domain=mediaservingoc.com&uclick=usqq8w1m&uclickhash=usqq8w1m-usqq8w1m-ir0-0-523y-ik3y-ikbl-27cb6b
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 02 Jul 2024 15:58:19 GMT
strict-transport-security: max-age=31536000
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4465
alt-svc: h3=":443"; ma=86400
content-length: 2938
last-modified: Sun, 04 Feb 2024 19:21:22 GMT
server: cloudflare
etag: "65bfe3b2-b7a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CXa%2FnmHHdrilKRi1%2B4RyyqdYkCL%2BfjDAf0EY80LNoSE5VRfN9g0YXMmH80GmdpCis61I0lA837fuOF6qVElRn2ePYLxkZbr7QNxkNMpGrlhavNr7CFVHQ7eVPtKRCAHK05wl"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 89cfd6296c690a47-AMS

GET
H3 200 bg.png
openvisiting.com/3p/images/ 54 KB
55 KB 27ms
26ms Image
image/png 172.67.202.170

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://openvisiting.com/3p/images/bg.png

Requested by

Host: openvisiting.com
URL: https://openvisiting.com/3p/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.202.170 -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://openvisiting.com/3p/style.css
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 02 Jul 2024 15:58:19 GMT
strict-transport-security: max-age=31536000
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4465
alt-svc: h3=":443"; ma=86400
content-length: 55530
last-modified: Sun, 04 Feb 2024 19:21:22 GMT
server: cloudflare
etag: "65bfe3b2-d8ea"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=W%2FSjLJ4wr12kGexr7CfxwUVBop7ptaU6j2%2BSQDCahHmynVuTGdFGDaFv%2F%2BNhboC8cZddPwEOKP1tsgmRMvoCNgXIFgUKujg7yB7eVEtSZl3FIlvjyRtI7H1ESd5zptVUAtFP"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 89cfd629acc30a47-AMS

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
16 KB 115ms
55ms Font
font/woff2 2a00:1450:4001:809::2003

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700;900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://fonts.googleapis.com/
Origin: https://openvisiting.com
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 02 Jul 2024 15:08:18 GMT
x-content-type-options: nosniff
age: 3001
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 02 Jul 2025 15:08:18 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
15 KB 160ms
100ms Font
font/woff2 2a00:1450:4001:809::2003

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700;900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://fonts.googleapis.com/
Origin: https://openvisiting.com
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 21:18:03 GMT
x-content-type-options: nosniff
age: 412816
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 27 Jun 2025 21:18:03 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 16 KB
16 KB 109ms
49ms Font
font/woff2 2a00:1450:4001:809::2003

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700;900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://fonts.googleapis.com/
Origin: https://openvisiting.com
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 27 Jun 2024 21:09:32 GMT
x-content-type-options: nosniff
age: 413327
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 27 Jun 2025 21:09:32 GMT

OPTIONS
H/1.1 200
OK async-detect
wurfl.io/ Frame 0
0 129ms
34ms Preflight 34.249.173.68

General

Check archive.org

Show headers Download Go to

Full URL: https://wurfl.io/async-detect
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.249.173.68 -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://openvisiting.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET, HEAD, POST
Access-Control-Allow-Origin: https://openvisiting.com
Access-Control-Expose-Headers: Content-Range
Access-Control-Max-Age: 28800
Connection: keep-alive
Content-Encoding: br
Content-Length: 1
Date: Tue, 02 Jul 2024 15:58:19 GMT
Vary: accept-encoding origin

POST
H/1.1 200
OK async-detect
wurfl.io/ 108 B
961 B 32ms
32ms Fetch
application/json 34.249.173.68

General

Check archive.org

Show headers Download Go to

Full URL: https://wurfl.io/async-detect
Requested by: Host: wurfl.io
URL: https://wurfl.io/wurfl.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.249.173.68 -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
content-type: application/json
accept: application/json
Referer: https://openvisiting.com/
sec-ch-ua-platform: "Win32"

Response headers

Date: Tue, 02 Jul 2024 15:58:19 GMT
Content-Encoding: br
Accept-Ch: Sec-Ch-Ua, Sec-Ch-Ua-Arch, Sec-Ch-Ua-Bitness, Sec-Ch-Ua-Full-Version, Sec-Ch-Ua-Full-Version-List, Sec-Ch-Ua-Mobile, Sec-Ch-Ua-Model, Sec-Ch-Ua-Platform, Sec-Ch-Ua-Platform-Version
Cross-Origin-Opener-Policy: cross-origin
Cross-Origin-Embedder-Policy: cross-origin
Access-Control-Max-Age: 28800
Vary: accept-encoding, origin, user-agent, sec-ch-ua, sec-ch-ua-arch, sec-ch-ua-bitness, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-mobile, sec-ch-ua-model, sec-ch-ua-platform, sec-ch-ua-platform-version
Content-Type: application/json
Access-Control-Allow-Origin: https://openvisiting.com
Access-Control-Expose-Headers: Content-Range
Cache-Control: no-cache
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Length: 90

GET
H3 404 favicon.ico
openvisiting.com/ 555 B
561 B 28ms
27ms Other
text/html 172.67.202.170

General

Check archive.org

Show headers Download Go to

Full URL: https://openvisiting.com/favicon.ico
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.202.170 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://openvisiting.com/3p/?country=Netherlands&device_name=Desktop&domain=mediaservingoc.com&uclick=usqq8w1m&uclickhash=usqq8w1m-usqq8w1m-ir0-0-523y-ik3y-ikbl-27cb6b
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 02 Jul 2024 15:58:19 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 106
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=01dO%2BgTJYIvxZkSgCNKifwKmmDdbkozeqFEASlUjl6wocXIqDN8Ovm3KPtuanJtkBMCa6ECrTeUFaSYs91OjCaA2sCks9ksvmZ9m%2FsXWg%2Bh7kSvf0nH0ia%2BgDIY6vbSkFv4P"}],"group":"cf-nel","max_age":604800}
content-type: text/html
cache-control: max-age=14400
cf-ray: 89cfd62c683d0a47-AMS
alt-svc: h3=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

undefined| event object| fence object| sharedStorage

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
harrenmedia.g2afse.com/	1970-01-21 06:31:11	Name: afclick Value: 6684239625ecd5000152a99d
.fangthatsack.com/	1970-01-21 06:31:11	Name: cf_clearance Value: T2LufAtCtUDLGjbpDfJGSbSJWc3fRHdYmFfrQVqZSuQ-1719935894-1.0.1.1-p1DnSj4.Y8WmumARconmBwt8j.5e_DpO6.5zEUW6EVZ7CY9WoQbA1fk3.6s8WGvCC4PrKuTKpbAN6Bt8zPJutA
mediaservingoc.com/	1970-01-20 21:47:02	Name: uclick Value: usqq8w1m
mediaservingoc.com/	1970-01-20 21:47:02	Name: uclickhash Value: usqq8w1m-usqq8w1m-ir0-0-523y-ik3y-ikbl-27cb6b

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://openvisiting.com/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

add.tripasecoracao.college
armorads.aftrad-visit.com
cdn.addlnk.com
code.jquery.com
fangthatsack.com
fonts.googleapis.com
fonts.gstatic.com
get.geojs.io
harrenmedia.g2afse.com
mediaservingoc.com
openvisiting.com
trk.mtzed.com
wurfl.io
www.remarsempre.foundation
104.26.6.190
108.178.23.116
172.67.185.188
172.67.202.170
172.67.70.233
188.114.97.3
2a00:1450:4001:809::2003
2a00:1450:4001:81c::200a
2a04:4e42::649
34.249.173.68
34.91.142.64
51.68.82.147
67.212.173.78
95.217.42.163
7817748dc7354950bf4943388276db534474269c0cd0ed6a629841ca3d7b81a1
9da9f5c9931cfad8d3c052eb23143a49e6016bc833809335b17824fd3310b16e
b1d7aef06456fe7431124129a28f0138bb5fccfa4f4161e3087de23c005e5edc
d9455f9910d04596551bd034b82ae2124dd6bc00184f04746c260dce6ca5ac7f
e201b33bce176932a24aaf3840c1bf45561a3fa7628da07c606d25034a88ebe5

openvisiting.com Open in urlscan Pro 172.67.202.170 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

27 Requests

96 %HTTPS

21 %IPv6

14 Domains

14 Subdomains

11 IPs

5 Countries

171 kBTransfer

257 kBSize

4 Cookies

0 Outgoing links

Page URL History

Redirected requests

27 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

openvisiting.com Open in urlscan Pro
172.67.202.170 Public Scan

Screenshot
Live screenshot

Full Image

27
Requests

96 %
HTTPS

21 %
IPv6

14
Domains

14
Subdomains

11
IPs

5
Countries

171 kB
Transfer

257 kB
Size

4
Cookies

27 HTTP transactions
0 data transactions