gfkqn.xyz Open in urlscan Pro
2a06:98c1:3120::3 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://mmillerassociates.com/
Effective URL:
https://gfkqn.xyz/?t=1&p0=1cafn376&p1={{campaign.name}}&p2={{campaign.id}}&p3={{adset.name}}&p4={{adset.id}}&p5={{...
Submission Tags: falconsandbox
Submission: On August 26 via api (August 26th 2024, 5:13:27 am UTC) from US — Scanned from DE

Summary HTTP 25 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 10 IPs in 4 countries across 11 domains to perform 25 HTTP transactions. The main IP is 2a06:98c1:3120::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is gfkqn.xyz.
TLS certificate: Issued by WE1 on July 11th 2024. Valid for: 3 months.

This is the only time gfkqn.xyz was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700:303... 2606:4700:3031::6815:5442	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	107.163.163.254 107.163.163.254	18978 (ENZUINC-) (ENZUINC-)
2	2409:8c20:aa5... 2409:8c20:aa51:38:3::3e2	56046 (CMNET-JIA...) (CMNET-JIANGSU-AP China Mobile communications corporation)
1	240e:97b:500:... 240e:97b:500:2000::4	4134 (CHINANET-...) (CHINANET-BACKBONE No.31)
1	2a06:98c1:312... 2a06:98c1:3120::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:830::2008	15169 (GOOGLE) (GOOGLE)
2	52.95.179.26 52.95.179.26	16509 (AMAZON-02) (AMAZON-02)
1	216.58.206.66 216.58.206.66	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f08... 2a03:2880:f084:105:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	2a03:2880:f17... 2a03:2880:f177:185:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
25	10

1 2606:4700:3031::6815:5442 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

mmillerassociates.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 107.163.163.254 (United States)

ASN18978 (ENZUINC-, US)

mustang303.cyou	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2409:8c20:aa51:38:3::3e2 (China)

ASN56046 (CMNET-JIANGSU-AP China Mobile communications corporation, CN)

s4.cnzz.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.cnzz.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 240e:97b:500:2000::4 (China)

ASN4134 (CHINANET-BACKBONE No.31,Jin-rong Street, CN)

z3.cnzz.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a06:98c1:3120::3 (United States)

ASN13335 (CLOUDFLARENET, US)

gfkqn.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.95.179.26 (Jakarta, Indonesia)

ASN16509 (AMAZON-02, US)
PTR: s3-r-w.ap-southeast-3.amazonaws.com

appdv76.s3.ap-southeast-3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.58.206.66 (United States)

ASN15169 (GOOGLE, US)
PTR: lhr35s11-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f084:105:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f177:185:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	cnzz.com s4.cnzz.com — Cisco Umbrella Rank: 93605 z3.cnzz.com — Cisco Umbrella Rank: 131832 c.cnzz.com — Cisco Umbrella Rank: 56240	6 KB
3	mustang303.cyou mustang303.cyou	2 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 236	58 KB
2	amazonaws.com appdv76.s3.ap-southeast-3.amazonaws.com — Cisco Umbrella Rank: 848557	10 KB
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 108	273 B
1	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 176	2 KB
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 112	92 KB
1	gfkqn.xyz gfkqn.xyz	4 KB
1	mmillerassociates.com 1 redirects mmillerassociates.com	494 B
0	google.de Failed www.google.de Failed
0	vofzhq.com Failed www.vofzhq.com Failed
25	11

	Domain	Requested by
3	mustang303.cyou
2	connect.facebook.net	appdv76.s3.ap-southeast-3.amazonaws.com connect.facebook.net
2	appdv76.s3.ap-southeast-3.amazonaws.com	gfkqn.xyz
1	www.facebook.com	gfkqn.xyz
1	www.googleadservices.com	www.googletagmanager.com
1	www.googletagmanager.com	gfkqn.xyz
1	gfkqn.xyz	mustang303.cyou
1	c.cnzz.com	s4.cnzz.com
1	z3.cnzz.com	s4.cnzz.com
1	s4.cnzz.com	mustang303.cyou gfkqn.xyz
1	mmillerassociates.com	1 redirects
0	www.google.de Failed	gfkqn.xyz
0	www.vofzhq.com Failed	gfkqn.xyz
25	13

This site contains links to these domains. Also see Links.

Domain
juhbjt.ocbnyutpfwjs.in

Subject Issuer	Validity	Valid
*.cnzz.com GlobalSign Organization Validation CA - SHA256 - G3	`2024-02-17` - `2025-03-20`	a year	crt.sh
gfkqn.xyz WE1	`2024-07-11` - `2024-10-09`	3 months	crt.sh
*.google-analytics.com WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
*.s3.ap-southeast-3.amazonaws.com Amazon RSA 2048 M01	`2024-06-20` - `2025-06-02`	a year	crt.sh
*.googleadservices.com WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-06-04` - `2024-09-02`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://gfkqn.xyz/?t=1&p0=1cafn376&p1={{campaign.name}}&p2={{campaign.id}}&p3={{adset.name}}&p4={{adset.id}}&p5={{ad.name}}&p6={{ad.id}}&label=gezi&fb_pixel_id=2621029394951596&fb_access_token=1
Frame ID: 95212175C21D6E4D83AED5F7FDA9E69A
Requests: 25 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

7276 Slots

Page URL History Show full URLs

http://mmillerassociates.com/ HTTP 307
https://mmillerassociates.com/ HTTP 302
http://mustang303.cyou/ HTTP 307
https://mustang303.cyou/ HTTP 307
http://mustang303.cyou/ Page URL
https://gfkqn.xyz/?t=1&p0=1cafn376&p1={{campaign.name}}&p2={{campaign.id}}&p3={{adset.name}}&p... Page URL

Detected technologies

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Page Statistics

25
Requests

44 %
HTTPS

70 %
IPv6

11
Domains

13
Subdomains

10
IPs

4
Countries

173 kB
Transfer

562 kB
Size

4
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://juhbjt.ocbnyutpfwjs.in/index?key=51368bf79888ce797f2c9f95214cafd3

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://mmillerassociates.com/ HTTP 307
https://mmillerassociates.com/ HTTP 302
http://mustang303.cyou/ HTTP 307
https://mustang303.cyou/ HTTP 307
http://mustang303.cyou/ Page URL
https://gfkqn.xyz/?t=1&p0=1cafn376&p1={{campaign.name}}&p2={{campaign.id}}&p3={{adset.name}}&p4={{adset.id}}&p5={{ad.name}}&p6={{ad.id}}&label=gezi&fb_pixel_id=2621029394951596&fb_access_token=1 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://mmillerassociates.com/ HTTP 307
https://mmillerassociates.com/ HTTP 302
http://mustang303.cyou/ HTTP 307
https://mustang303.cyou/ HTTP 307
http://mustang303.cyou/

Request Chain 22

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/16664184146/?random=1217038857&cv=11&fst=1724649197037&bg=ffffff&guid=ON&async=1&gtm=45be48l0za200&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fgfkqn.xyz%2F%3Ft%3D1%26p0%3D1cafn376%26p1%3D%7B%7Bcampaign.name%7D%7D%26p2%3D%7B%7Bcampaign.id%7D%7D%26p3%3D%7B%7Badset.name%7D%7D%26p4%3D%7B%7Badset.id%7D%7D%26p5%3D%7B%7Bad.name%7D%7D%26p6%3D%7B%7Bad.id%7D%7D%26label%3Dgezi%26fb_pixel_id%3D2621029394951596%26fb_access_token%3D1&ref=http%3A%2F%2Fmustang303.cyou%2F&label=95EHCPmNrsgZENKKjYo-&hn=www.googleadservices.com&frm=0&tiba=7276%20Slots&gtm_ee=1&npa=1&pscdl=noapi&auid=2000870908.1724649197&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&ec_mode=a&fdr=CA&capi=1&data=event%3Dconversion&em=tv.1&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECSid0cmlnZ2VyPW5hdmlnYXRpb24tc291cmNlLCBldmVudC1zb3VyY2VaAwoBAWIECgICAw&pscrd=IhMI0dSx9vKRiAMVgDlVCB3VsB4fMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhJodHRwczovL2dma3FuLnh5ei8 HTTP 302
https://www.google.com/pagead/1p-conversion/16664184146/?random=1217038857&cv=11&fst=1724649197037&bg=ffffff&guid=ON&async=1&gtm=45be48l0za200&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fgfkqn.xyz%2F%3Ft%3D1%26p0%3D1cafn376%26p1%3D%7B%7Bcampaign.name%7D%7D%26p2%3D%7B%7Bcampaign.id%7D%7D%26p3%3D%7B%7Badset.name%7D%7D%26p4%3D%7B%7Badset.id%7D%7D%26p5%3D%7B%7Bad.name%7D%7D%26p6%3D%7B%7Bad.id%7D%7D%26label%3Dgezi%26fb_pixel_id%3D2621029394951596%26fb_access_token%3D1&ref=http%3A%2F%2Fmustang303.cyou%2F&label=95EHCPmNrsgZENKKjYo-&hn=www.googleadservices.com&frm=0&tiba=7276%20Slots&gtm_ee=1&npa=1&pscdl=noapi&auid=2000870908.1724649197&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&ec_mode=a&fdr=CA&capi=1&data=event%3Dconversion&em=tv.1&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECSid0cmlnZ2VyPW5hdmlnYXRpb24tc291cmNlLCBldmVudC1zb3VyY2VaAwoBAWIECgICAw&pscrd=IhMI0dSx9vKRiAMVgDlVCB3VsB4fMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhJodHRwczovL2dma3FuLnh5ei8&is_vtc=1&cid=CAQSGwDpaXnfEYnBmDLvUVGTW0geLEC4CZfWaiRupQ&random=2659670797 HTTP 302
https://www.google.de/pagead/1p-conversion/16664184146/?random=1217038857&cv=11&fst=1724649197037&bg=ffffff&guid=ON&async=1&gtm=45be48l0za200&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fgfkqn.xyz%2F%3Ft%3D1%26p0%3D1cafn376%26p1%3D%7B%7Bcampaign.name%7D%7D%26p2%3D%7B%7Bcampaign.id%7D%7D%26p3%3D%7B%7Badset.name%7D%7D%26p4%3D%7B%7Badset.id%7D%7D%26p5%3D%7B%7Bad.name%7D%7D%26p6%3D%7B%7Bad.id%7D%7D%26label%3Dgezi%26fb_pixel_id%3D2621029394951596%26fb_access_token%3D1&ref=http%3A%2F%2Fmustang303.cyou%2F&label=95EHCPmNrsgZENKKjYo-&hn=www.googleadservices.com&frm=0&tiba=7276%20Slots&gtm_ee=1&npa=1&pscdl=noapi&auid=2000870908.1724649197&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&ec_mode=a&fdr=CA&capi=1&data=event%3Dconversion&em=tv.1&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECSid0cmlnZ2VyPW5hdmlnYXRpb24tc291cmNlLCBldmVudC1zb3VyY2VaAwoBAWIECgICAw&pscrd=IhMI0dSx9vKRiAMVgDlVCB3VsB4fMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhJodHRwczovL2dma3FuLnh5ei8&is_vtc=1&cid=CAQSGwDpaXnfEYnBmDLvUVGTW0geLEC4CZfWaiRupQ&random=2659670797&ipr=y

25 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

/ Show response
mustang303.cyou/
Redirect Chain

http://mmillerassociates.com/
https://mmillerassociates.com/
http://mustang303.cyou/
https://mustang303.cyou/
http://mustang303.cyou/

949 B
1 KB

650ms
168ms

Document
text/html

107.163.163.254
ENZUINC-

General

Check archive.org

Show headers Download Go to

Full URL

http://mustang303.cyou/

Protocol

HTTP/1.1

Server

107.163.163.254 , United States, ASN18978 (ENZUINC-, US),

Reverse DNS

Software

nginx /

Resource Hash

2104abd2153dc1ec77bddf06159776fb4025b04591b9449253ff36b0e3242974

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Length: 949
Content-Type: text/html
Date: Mon, 26 Aug 2024 05:13:13 GMT
ETag: "66c46bbb-3b5"
Last-Modified: Tue, 20 Aug 2024 10:11:07 GMT
Server: nginx
Strict-Transport-Security: max-age=31536000

Redirect headers

Location: http://mustang303.cyou/
Non-Authoritative-Reason: HttpsUpgrades

GET
H2 200 z.js Show response
s4.cnzz.com/ 10 KB
5 KB 2094ms
490ms Script
application/javascript 2409:8c20:aa51:38:3::3e2
CMNET-JIANGSU-AP ...

General

Check archive.org

Show headers Download Go to

Full URL: https://s4.cnzz.com/z.js?id=1281337420&async=1
Requested by: Host: mustang303.cyou
URL: http://mustang303.cyou/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2409:8c20:aa51:38:3::3e2 , China, ASN56046 (CMNET-JIANGSU-AP China Mobile communications corporation, CN),
Reverse DNS
Software: Tengine /
Resource Hash: ac38fa2145cdda6a78e7706a8d819d86067a82bddb13d02e736ab36ce8f045b6

Request headers

Referer: http://mustang303.cyou/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 26 Aug 2024 05:11:03 GMT
via: cache33.l2cn3160[0,0,304-0,H], cache54.l2cn3160[0,0], ens-cache9.cn4778[8,8,200-0,H], ens-cache23.cn4778[14,0]
content-encoding: gzip
age: 132
x-swift-cachetime: 168
x-cache: HIT TCP_REFRESH_HIT dirn:10:376157522
x-swift-savetime: Mon, 26 Aug 2024 05:13:15 GMT
content-length: 4395
server: Tengine
etag: W/"8396211108116174756"
vary: accept-encoding
ali-swift-global-savetime: 1724649063
content-type: application/javascript
cache-control: public, max-age=300
timing-allow-origin: *
eagleid: df6d814d17246491954193136e

POST
H2 200 stat.htm
z3.cnzz.com/ 2 B
123 B 662ms
212ms Ping
text/html 240e:97b:500:2000::4
CHINANET-BACKBONE...

General

Check archive.org

Show headers Download Go to

Full URL: https://z3.cnzz.com/stat.htm?id=1281337420&r=&lg=de-de&ntime=none&cnzz_eid=1094830051-1724649196-&showp=1600x1200&p=http%3A%2F%2Fmustang303.cyou%2F&t=Page%20Not%20Found&umuuid=1918d1a494a581-0093eb27d820fe-1f462c6f-1d4c00-1918d1a494bd04&h=1
Requested by: Host: s4.cnzz.com
URL: https://s4.cnzz.com/z.js?id=1281337420&async=1
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, CHACHA20_POLY1305
Server: 240e:97b:500:2000::4 , China, ASN4134 (CHINANET-BACKBONE No.31,Jin-rong Street, CN),
Reverse DNS
Software: Tengine /
Resource Hash

Request headers

Referer: http://mustang303.cyou/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 26 Aug 2024 05:13:16 GMT
content-encoding: gzip
server: Tengine
vary: Accept-Encoding
content-type: text/html; charset=utf-8

GET
H2 200 c.js Show response
c.cnzz.com/ 906 B
834 B 243ms
242ms Script
application/javascript 2409:8c20:aa51:38:3::3e2
CMNET-JIANGSU-AP ...

General

Check archive.org

Show headers Download Go to

Full URL: https://c.cnzz.com/c.js?web_id=1281337420&t=z
Requested by: Host: s4.cnzz.com
URL: https://s4.cnzz.com/z.js?id=1281337420&async=1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2409:8c20:aa51:38:3::3e2 , China, ASN56046 (CMNET-JIANGSU-AP China Mobile communications corporation, CN),
Reverse DNS
Software: Tengine /
Resource Hash: 4e40caec07450755166c40ba51099f2807b4b2efc3d6252f59d26bc0be325e9e

Request headers

Referer: http://mustang303.cyou/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 26 Aug 2024 05:11:03 GMT
via: cache57.l2cn3160[0,0,304-0,H], cache22.l2cn3160[1,0], ens-cache3.cn4778[6,6,200-0,H], ens-cache23.cn4778[9,0]
content-encoding: gzip
age: 131
x-swift-cachetime: 190
x-cache: HIT TCP_REFRESH_HIT dirn:10:79360744
x-swift-savetime: Mon, 26 Aug 2024 05:13:15 GMT
content-length: 591
server: Tengine
etag: W/"17650835605665385536"
vary: accept-encoding
ali-swift-global-savetime: 1724649064
content-type: application/javascript
cache-control: public, max-age=321
timing-allow-origin: *
eagleid: df6d814d17246491959465420e

GET
H/1.1 404
Not Found not-found-image.jpg
mustang303.cyou/ 138 B
138 B 173ms
169ms Image
text/html 107.163.163.254
ENZUINC-

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://mustang303.cyou/not-found-image.jpg
Protocol: HTTP/1.1
Server: 107.163.163.254 , United States, ASN18978 (ENZUINC-, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: http://mustang303.cyou/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date: Mon, 26 Aug 2024 05:13:16 GMT
Server: nginx
Connection: keep-alive
ETag: "66a8c7e8-8a"
Content-Length: 138
Content-Type: text/html

GET
H/1.1 404
Not Found favicon.ico
mustang303.cyou/ 138 B
307 B 244ms
168ms Other
text/html 107.163.163.254
ENZUINC-

General

Check archive.org

Show headers Download Go to

Full URL: http://mustang303.cyou/favicon.ico
Protocol: HTTP/1.1
Server: 107.163.163.254 , United States, ASN18978 (ENZUINC-, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: http://mustang303.cyou/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date: Mon, 26 Aug 2024 05:13:16 GMT
Server: nginx
Connection: keep-alive
ETag: "66a8c7e8-8a"
Content-Length: 138
Content-Type: text/html

GET
H3 200 Primary Request / Show response
gfkqn.xyz/ 7 KB
4 KB 575ms
506ms Document
text/html 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gfkqn.xyz/?t=1&p0=1cafn376&p1={{campaign.name}}&p2={{campaign.id}}&p3={{adset.name}}&p4={{adset.id}}&p5={{ad.name}}&p6={{ad.id}}&label=gezi&fb_pixel_id=2621029394951596&fb_access_token=1
Requested by: Host: mustang303.cyou
URL: http://mustang303.cyou/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6d30e6f94ca0d23ccaaacb169dbb573c612783fe91f01734fd61e7bca7f5e348

Request headers

Referer: http://mustang303.cyou/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8b9154e57c4bd29e-FRA
content-encoding: br
content-type: text/html
date: Mon, 26 Aug 2024 05:13:16 GMT
last-modified: Tue, 06 Aug 2024 08:16:39 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=myVIfK05wY2e5fl%2B4%2BoolCXWRtXJjOWsJp0m1AExu4vutVBDMF1X1qPNFRnWpGEIuOfmjf6skpPWdn5Y4K3GZUQrnwsjdsaDBRuoSxv8vST0ydCuoV5qA4LML9aK1LP7T51JgHVQsq8%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 267 KB
92 KB 62ms
26ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-16664184146

Requested by

Host: gfkqn.xyz
URL: https://gfkqn.xyz/?t=1&p0=1cafn376&p1={{campaign.name}}&p2={{campaign.id}}&p3={{adset.name}}&p4={{adset.id}}&p5={{ad.name}}&p6={{ad.id}}&label=gezi&fb_pixel_id=2621029394951596&fb_access_token=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c8ff19b3b91feecd89cf6d222c7f296a19078eb6a634ac6de84bd6c35c291a9c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://gfkqn.xyz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 26 Aug 2024 05:13:16 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 93874
x-xss-protection: 0
last-modified: Mon, 26 Aug 2024 03:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 26 Aug 2024 05:13:16 GMT

GET index.css
www.vofzhq.com/resource/save3/assets/css/ 0
0

GET clipboard.min.js
www.vofzhq.com/resource/save3/assets/js/ 0
0

GET jquery-2.2.4.min.js
www.vofzhq.com/resource/save3/assets/js/ 0
0

GET rem.js
www.vofzhq.com/resource/save3/assets/js/ 0
0

GET qrcode.min.js
www.vofzhq.com/resource/save3/assets/js/ 0
0

GET
H/1.1 200
OK import-scripts.js Show response
appdv76.s3.ap-southeast-3.amazonaws.com/adjust/ 9 KB
9 KB 876ms
285ms Script
application/javascript 52.95.179.26
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://appdv76.s3.ap-southeast-3.amazonaws.com/adjust/import-scripts.js
Requested by: Host: gfkqn.xyz
URL: https://gfkqn.xyz/?t=1&p0=1cafn376&p1={{campaign.name}}&p2={{campaign.id}}&p3={{adset.name}}&p4={{adset.id}}&p5={{ad.name}}&p6={{ad.id}}&label=gezi&fb_pixel_id=2621029394951596&fb_access_token=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.95.179.26 Jakarta, Indonesia, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-r-w.ap-southeast-3.amazonaws.com
Software: AmazonS3 /
Resource Hash: 4ca6122030dea2d2e66cde8f69cc201e27169e9d96380e736e9224c9e320a4f6

Request headers

Referer: https://gfkqn.xyz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date: Mon, 26 Aug 2024 05:13:18 GMT
Last-Modified: Sun, 07 Jul 2024 03:32:15 GMT
Server: AmazonS3
x-amz-request-id: PK24AB7GPRA3HZSJ
ETag: "0a718bb010a4bc901c45eba9dad3b0a2"
x-amz-server-side-encryption: AES256
Content-Type: application/javascript; charset=utf-8
Accept-Ranges: bytes
Content-Length: 8988
x-amz-id-2: tSPCZC+rTZTgZD7rsmbza/j7LUlrrPi+TNrnKTcOugOyT9wANRKjCGeRSMdGAkT284wjrMSIP5k=

GET
H/1.1 200
OK 7276.js Show response
appdv76.s3.ap-southeast-3.amazonaws.com/download-app/ 168 B
575 B 871ms
283ms Script
application/javascript 52.95.179.26
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://appdv76.s3.ap-southeast-3.amazonaws.com/download-app/7276.js
Requested by: Host: gfkqn.xyz
URL: https://gfkqn.xyz/?t=1&p0=1cafn376&p1={{campaign.name}}&p2={{campaign.id}}&p3={{adset.name}}&p4={{adset.id}}&p5={{ad.name}}&p6={{ad.id}}&label=gezi&fb_pixel_id=2621029394951596&fb_access_token=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.95.179.26 Jakarta, Indonesia, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-r-w.ap-southeast-3.amazonaws.com
Software: AmazonS3 /
Resource Hash: d1e37189081a5d18185faa573f40824dac44b3404816e1d9f15fc0d6ae1019ca

Request headers

Referer: https://gfkqn.xyz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date: Mon, 26 Aug 2024 05:13:18 GMT
Last-Modified: Fri, 23 Aug 2024 13:53:35 GMT
Server: AmazonS3
x-amz-request-id: PK2F4Y4FJX9JTXNC
ETag: "a1d6e9dfdeca7dbf743f151d3403916e"
x-amz-server-side-encryption: AES256
Content-Type: application/javascript
Accept-Ranges: bytes
Content-Length: 168
x-amz-id-2: I9XC9GWAo0XI62KdQsrN7CoSDA89PEHTElk4bZkm0St/jAwo8A24rWrIHbCyjF9nxirpmp67Eks=

GET 9906label-adjust-android-ios.js
www.vofzhq.com//resource/save9/assets/js/ 0
0

GET
H3 200 / Show response
www.googleadservices.com/pagead/conversion/16664184146/ 3 KB
2 KB 52ms
29ms Script
text/javascript 216.58.206.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion/16664184146/?random=1724649197037&cv=11&fst=1724649197037&bg=ffffff&guid=ON&async=1&gtm=45be48l0za200&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fgfkqn.xyz%2F%3Ft%3D1%26p0%3D1cafn376%26p1%3D%7B%7Bcampaign.name%7D%7D%26p2%3D%7B%7Bcampaign.id%7D%7D%26p3%3D%7B%7Badset.name%7D%7D%26p4%3D%7B%7Badset.id%7D%7D%26p5%3D%7B%7Bad.name%7D%7D%26p6%3D%7B%7Bad.id%7D%7D%26label%3Dgezi%26fb_pixel_id%3D2621029394951596%26fb_access_token%3D1&ref=http%3A%2F%2Fmustang303.cyou%2F&label=95EHCPmNrsgZENKKjYo-&hn=www.googleadservices.com&frm=0&tiba=7276%20Slots&gtm_ee=1&npa=1&pscdl=noapi&auid=2000870908.1724649197&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&ec_mode=a&fdr=CA&capi=1&data=event%3Dconversion&em=tv.1&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-16664184146

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.206.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lhr35s11-in-f2.1e100.net

Software

cafe /

Resource Hash

be98c285cbeaf4e10f9b4c9ae1016c1a207fdd60997272744d455c903b79cd6a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://gfkqn.xyz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 26 Aug 2024 05:13:17 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1680
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 fbevents.js Show response
connect.facebook.net/en_US/ 225 KB
58 KB 41ms
11ms Script
application/x-javascript 2a03:2880:f084:105:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: appdv76.s3.ap-southeast-3.amazonaws.com
URL: https://appdv76.s3.ap-southeast-3.amazonaws.com/adjust/import-scripts.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

82adafd2815d9ca49a6771392b15c4c7683f0490a8825ead54dd2d2594d44c62

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://gfkqn.xyz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Mon, 26 Aug 2024 05:13:17 GMT
document-policy: force-load-at-top
x-fb-server-load: 50
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 58912
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=6, rtx=0, c=23, mss=1232, tbw=4327, tp=9, tpl=0, uplat=1, ullat=-1
pragma: public
x-fb-debug: DZBSNqE/2iOqdFx+QoXhJ9x0XcYAY6ueekJ0mgoPUKx1Ynzcabt9lmkZeUv3VSp3kX4YkIRKnOQQLhEIcNLqQA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 tr
www.facebook.com/ 0
273 B 25ms
7ms Image
text/plain 2a03:2880:f177:185:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr?id=2621029394951596&ev=PageView&noscript=1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://gfkqn.xyz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-fb-connection-quality: EXCELLENT; q=0.9, rtt=7, rtx=0, c=10, mss=1328, tbw=2775, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security: max-age=31536000; includeSubDomains
date: Mon, 26 Aug 2024 05:13:17 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET body.gif
www.vofzhq.com/resource/save3/assets/img/ 0
0

GET footer.gif
www.vofzhq.com/resource/save3/assets/img/ 0
0

GET kf.png
www.vofzhq.com/resource/save3/assets/img/ 0
0

GET z.js
s4.cnzz.com/ 0
0

GET

/
www.google.de/pagead/1p-conversion/16664184146/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/16664184146/?random=1217038857&cv=11&fst=1724649197037&bg=ffffff&guid=ON&async=1&gtm=45be48l0za200&gcd=13l3l3l2l1l1&dma_cps=syphamo&...
https://www.google.com/pagead/1p-conversion/16664184146/?random=1217038857&cv=11&fst=1724649197037&bg=ffffff&guid=ON&async=1&gtm=45be48l0za200&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=0&u_w=1...
https://www.google.de/pagead/1p-conversion/16664184146/?random=1217038857&cv=11&fst=1724649197037&bg=ffffff&guid=ON&async=1&gtm=45be48l0za200&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=0&u_w=16...

0
0

GET
H3 200 2621029394951596
connect.facebook.net/signals/config/ 39 KB
0 115ms
115ms Script
application/x-javascript 2a03:2880:f084:105:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/2621029394951596?v=2.9.165&r=stable&domain=gfkqn.xyz&hme=da9a399065fb1c492026018b9e54864148adfb49d800f41752428fb7b59190f8&ex_m=69%2C118%2C104%2C108%2C60%2C4%2C97%2C68%2C16%2C94%2C86%2C50%2C53%2C168%2C171%2C183%2C179%2C180%2C182%2C29%2C98%2C52%2C75%2C181%2C163%2C166%2C176%2C177%2C184%2C127%2C40%2C34%2C139%2C15%2C49%2C190%2C189%2C129%2C18%2C39%2C1%2C42%2C64%2C65%2C66%2C70%2C90%2C17%2C14%2C93%2C89%2C88%2C105%2C51%2C107%2C38%2C106%2C30%2C91%2C26%2C164%2C167%2C136%2C28%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C56%2C61%2C63%2C73%2C99%2C27%2C74%2C9%2C8%2C78%2C47%2C21%2C101%2C100%2C102%2C95%2C10%2C20%2C3%2C19%2C83%2C55%2C81%2C33%2C72%2C0%2C92%2C32%2C80%2C85%2C46%2C45%2C84%2C37%2C5%2C87%2C79%2C43%2C35%2C82%2C2%2C36%2C62%2C41%2C103%2C44%2C77%2C67%2C109%2C59%2C58%2C31%2C96%2C57%2C54%2C48%2C76%2C71%2C24%2C110

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://gfkqn.xyz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Mon, 26 Aug 2024 05:13:17 GMT
document-policy: force-load-at-top
x-fb-server-load: 55
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=6, rtx=0, c=74, mss=1232, tbw=66965, tp=63, tpl=0, uplat=103, ullat=0
pragma: public
x-fb-debug: A73Xl4pnnEm4e2phVj8gXPrasrKZx2DpLvlvwlx91IqzIbCdl72SCUZovz1wbyQ7prAHrDVzcTNhwSjJ7g/xDg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.vofzhq.com
URL: https://www.vofzhq.com/resource/save3/assets/css/index.css

Domain: www.vofzhq.com
URL: https://www.vofzhq.com/resource/save3/assets/js/clipboard.min.js

Domain: www.vofzhq.com
URL: https://www.vofzhq.com/resource/save3/assets/js/jquery-2.2.4.min.js

Domain: www.vofzhq.com
URL: https://www.vofzhq.com/resource/save3/assets/js/rem.js

Domain: www.vofzhq.com
URL: https://www.vofzhq.com/resource/save3/assets/js/qrcode.min.js

Domain: www.vofzhq.com
URL: https://www.vofzhq.com//resource/save9/assets/js/9906label-adjust-android-ios.js

Domain: www.vofzhq.com
URL: https://www.vofzhq.com/resource/save3/assets/img/body.gif

Domain: www.vofzhq.com
URL: https://www.vofzhq.com/resource/save3/assets/img/footer.gif

Domain: www.vofzhq.com
URL: https://www.vofzhq.com/resource/save3/assets/img/kf.png

Domain: s4.cnzz.com
URL: https://s4.cnzz.com/z.js?id=1281337420&async=1

Domain: www.google.de
URL: https://www.google.de/pagead/1p-conversion/16664184146/?random=1217038857&cv=11&fst=1724649197037&bg=ffffff&guid=ON&async=1&gtm=45be48l0za200&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fgfkqn.xyz%2F%3Ft%3D1%26p0%3D1cafn376%26p1%3D%7B%7Bcampaign.name%7D%7D%26p2%3D%7B%7Bcampaign.id%7D%7D%26p3%3D%7B%7Badset.name%7D%7D%26p4%3D%7B%7Badset.id%7D%7D%26p5%3D%7B%7Bad.name%7D%7D%26p6%3D%7B%7Bad.id%7D%7D%26label%3Dgezi%26fb_pixel_id%3D2621029394951596%26fb_access_token%3D1&ref=http%3A%2F%2Fmustang303.cyou%2F&label=95EHCPmNrsgZENKKjYo-&hn=www.googleadservices.com&frm=0&tiba=7276%20Slots&gtm_ee=1&npa=1&pscdl=noapi&auid=2000870908.1724649197&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&ec_mode=a&fdr=CA&capi=1&data=event%3Dconversion&em=tv.1&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECSid0cmlnZ2VyPW5hdmlnYXRpb24tc291cmNlLCBldmVudC1zb3VyY2VaAwoBAWIECgICAw&pscrd=IhMI0dSx9vKRiAMVgDlVCB3VsB4fMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhJodHRwczovL2dma3FuLnh5ei8&is_vtc=1&cid=CAQSGwDpaXnfEYnBmDLvUVGTW0geLEC4CZfWaiRupQ&random=2659670797&ipr=y

Verdicts & Comments Add Verdict or Comment

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.mustang303.cyou/	1970-01-21 03:26:13	Name: UM_distinctid Value: 1918d1a494a581-0093eb27d820fe-1f462c6f-1d4c00-1918d1a494bd04
mustang303.cyou/	1970-01-21 03:26:13	Name: CNZZDATA1281337420 Value: 1094830051-1724649196-%7C1724649196
.gfkqn.xyz/	1970-01-21 01:13:45	Name: _gcl_au Value: 1.1.2000870908.1724649197
.doubleclick.net/	1970-01-20 23:04:10	Name: test_cookie Value: CheckForPermission

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: http://mustang303.cyou/not-found-image.jpg Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: http://mustang303.cyou/favicon.ico Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

appdv76.s3.ap-southeast-3.amazonaws.com
c.cnzz.com
connect.facebook.net
gfkqn.xyz
mmillerassociates.com
mustang303.cyou
s4.cnzz.com
www.facebook.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.vofzhq.com
z3.cnzz.com
s4.cnzz.com
www.google.de
www.vofzhq.com
107.163.163.254
216.58.206.66
2409:8c20:aa51:38:3::3e2
240e:97b:500:2000::4
2606:4700:3031::6815:5442
2a00:1450:4001:830::2008
2a03:2880:f084:105:face:b00c:0:3
2a03:2880:f177:185:face:b00c:0:25de
2a06:98c1:3120::3
52.95.179.26
2104abd2153dc1ec77bddf06159776fb4025b04591b9449253ff36b0e3242974
4ca6122030dea2d2e66cde8f69cc201e27169e9d96380e736e9224c9e320a4f6
4e40caec07450755166c40ba51099f2807b4b2efc3d6252f59d26bc0be325e9e
6d30e6f94ca0d23ccaaacb169dbb573c612783fe91f01734fd61e7bca7f5e348
82adafd2815d9ca49a6771392b15c4c7683f0490a8825ead54dd2d2594d44c62
ac38fa2145cdda6a78e7706a8d819d86067a82bddb13d02e736ab36ce8f045b6
be98c285cbeaf4e10f9b4c9ae1016c1a207fdd60997272744d455c903b79cd6a
c8ff19b3b91feecd89cf6d222c7f296a19078eb6a634ac6de84bd6c35c291a9c
d1e37189081a5d18185faa573f40824dac44b3404816e1d9f15fc0d6ae1019ca
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

gfkqn.xyz Open in urlscan Pro 2a06:98c1:3120::3 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

25 Requests

44 %HTTPS

70 %IPv6

11 Domains

13 Subdomains

10 IPs

4 Countries

173 kBTransfer

562 kBSize

4 Cookies

1 Outgoing links

Page URL History

Redirected requests

25 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

11 JavaScript Global Variables

4 Cookies

2 Console Messages

Security Headers

Indicators

gfkqn.xyz Open in urlscan Pro
2a06:98c1:3120::3 Public Scan

Screenshot
Live screenshot

Full Image

25
Requests

44 %
HTTPS

70 %
IPv6

11
Domains

13
Subdomains

10
IPs

4
Countries

173 kB
Transfer

562 kB
Size

4
Cookies

25 HTTP transactions
0 data transactions