urlscan.io logo urlscan.io
SecurityTrails logo

gfkqn.xyz Open in urlscan Pro
188.114.97.3  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://mmillerassociates.com/
Effective URL: https://gfkqn.xyz/?t=1&p0=1cafn376&p1={{campaign.name}}&p2={{campaign.id}}&p3={{adset.name}}&p4={{adset.id}}&p5={{...
Submission Tags: falconsandbox
Submission: On October 23 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 11 IPs in 5 countries across 13 domains to perform 30 HTTP transactions. The main IP is 188.114.97.3, located in Amsterdam, Netherlands and belongs to CLOUDFLARENET, US. The main domain is gfkqn.xyz.
TLS certificate: Issued by WE1 on September 8th 2024. Valid for: 3 months.
This is the only time gfkqn.xyz was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 172.67.187.171 13335 (CLOUDFLAR...)
3 107.163.163.254 132839 (POWERLINE...)
2 240e:cf:8800:... 134238 (CT-JIANGX...)
1 188.114.97.3 13335 (CLOUDFLAR...)
2 2a00:1450:400... 15169 (GOOGLE)
11 2606:4700:303... 13335 (CLOUDFLAR...)
2 3.5.36.123 16509 (AMAZON-02)
1 172.217.18.2 15169 (GOOGLE)
1 157.240.0.6 32934 (FACEBOOK)
1 2a03:2880:f17... 32934 (FACEBOOK)
1 172.67.74.152 13335 (CLOUDFLAR...)
30 11
1    172.67.187.171 (United States)

ASN13335 (CLOUDFLARENET, US)
mmillerassociates.com
3    107.163.163.254 (United States)

ASN132839 (POWERLINE-AS-AP POWER LINE DATACENTER, HK)
mustang303.cyou
2    240e:cf:8800:53:3::7ea (China)

ASN134238 (CT-JIANGXI-IDC CHINANET Jiangx province IDC network, CN)
s4.cnzz.com
c.cnzz.com
1    188.114.97.3 (Amsterdam, Netherlands)

ASN13335 (CLOUDFLARENET, US)
gfkqn.xyz
2    2a00:1450:4001:80e::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
11    2606:4700:3037::6815:2a35 (United States)

ASN13335 (CLOUDFLARENET, US)
www.vofzhq.com
2    3.5.36.123 (Jakarta, Indonesia)

ASN16509 (AMAZON-02, US)
PTR: s3-r-w.ap-southeast-3.amazonaws.com
appdv76.s3.ap-southeast-3.amazonaws.com
1    172.217.18.2 (United States)

ASN15169 (GOOGLE, US)
PTR: fra15s28-in-f2.1e100.net
www.googleadservices.com
1    157.240.0.6 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-02-fra3.fbcdn.net
connect.facebook.net
1    2a03:2880:f177:185:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
www.facebook.com
1    172.67.74.152 (United States)

ASN13335 (CLOUDFLARENET, US)
api.ipify.org
Apex Domain
Subdomains		 Transfer
11 vofzhq.com
www.vofzhq.com
318 KB
3 mustang303.cyou
mustang303.cyou
1 KB
2 amazonaws.com
appdv76.s3.ap-southeast-3.amazonaws.com
10 KB
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 39
95 KB
2 cnzz.com
s4.cnzz.com — Cisco Umbrella Rank: 136451
z3.cnzz.com Failed
c.cnzz.com — Cisco Umbrella Rank: 101023
11 KB
1 ipify.org
api.ipify.org — Cisco Umbrella Rank: 2041
155 B
1 facebook.com
www.facebook.com — Cisco Umbrella Rank: 113
273 B
1 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 180
58 KB
1 googleadservices.com
www.googleadservices.com — Cisco Umbrella Rank: 89
3 KB
1 gfkqn.xyz
gfkqn.xyz
5 KB
1 mmillerassociates.com
mmillerassociates.com
683 B
0 feiwindevelopment.com Failed
api-tester.feiwindevelopment.com Failed
0 google.com Failed
www.google.com Failed
30 13
Domain Requested by
11 www.vofzhq.com gfkqn.xyz
3 mustang303.cyou
2 appdv76.s3.ap-southeast-3.amazonaws.com gfkqn.xyz
2 www.googletagmanager.com gfkqn.xyz
www.googletagmanager.com
1 api.ipify.org www.vofzhq.com
1 www.facebook.com gfkqn.xyz
1 connect.facebook.net appdv76.s3.ap-southeast-3.amazonaws.com
connect.facebook.net
1 www.googleadservices.com www.googletagmanager.com
1 gfkqn.xyz mustang303.cyou
1 c.cnzz.com s4.cnzz.com
1 s4.cnzz.com mustang303.cyou
gfkqn.xyz
1 mmillerassociates.com 1 redirects
0 api-tester.feiwindevelopment.com Failed www.vofzhq.com
0 www.google.com Failed gfkqn.xyz
0 z3.cnzz.com Failed s4.cnzz.com
30 15

This site contains links to these domains. Also see Links.

Domain
juhbjt.ocbnyutpfwjs.in
Subject Issuer Validity Valid
www.mustang303.cyou
R10		 2024-07-30 -
2024-10-28		 3 months crt.sh
*.cnzz.com
GlobalSign Organization Validation CA - SHA256 - G3		 2024-02-17 -
2025-03-20		 a year crt.sh
gfkqn.xyz
WE1		 2024-09-08 -
2024-12-07		 3 months crt.sh
*.google-analytics.com
WR2		 2024-10-07 -
2024-12-30		 3 months crt.sh
vofzhq.com
WE1		 2024-10-19 -
2025-01-17		 3 months crt.sh
*.s3.ap-southeast-3.amazonaws.com
Amazon RSA 2048 M01		 2024-08-20 -
2025-07-22		 a year crt.sh
*.googleadservices.com
WR2		 2024-10-07 -
2024-12-30		 3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2024-08-01 -
2024-10-30		 3 months crt.sh
ipify.org
WE1		 2024-09-15 -
2024-12-14		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://gfkqn.xyz/?t=1&p0=1cafn376&p1={{campaign.name}}&p2={{campaign.id}}&p3={{adset.name}}&p4={{adset.id}}&p5={{ad.name}}&p6={{ad.id}}&label=gezi&fb_pixel_id=2621029394951596&fb_access_token=1
Frame ID: 471A176D70671BD65F9C77135359C6B5
Requests: 31 HTTP requests in this frame

Frame: https://www.googletagmanager.com/static/service_worker/4al0/sw_iframe.html?origin=https%3A%2F%2Fgfkqn.xyz
Frame ID: 7209E12C74CCB09CB8ADE56860947163
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

7276 Slots

Page URL History Show full URLs

  1. https://mmillerassociates.com/ HTTP 302
    http://mustang303.cyou/ HTTP 307
    https://mustang303.cyou/ Page URL
  2. https://gfkqn.xyz/?t=1&p0=1cafn376&p1={{campaign.name}}&p2={{campaign.id}}&p3={{adset.name}}&p... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • clipboard(?:-([\d.]+))?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

30
Requests

83 %
HTTPS

36 %
IPv6

13
Domains

15
Subdomains

11
IPs

5
Countries

503 kB
Transfer

2946 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://mmillerassociates.com/ HTTP 302
    http://mustang303.cyou/ HTTP 307
    https://mustang303.cyou/ Page URL
  2. https://gfkqn.xyz/?t=1&p0=1cafn376&p1={{campaign.name}}&p2={{campaign.id}}&p3={{adset.name}}&p4={{adset.id}}&p5={{ad.name}}&p6={{ad.id}}&label=gezi&fb_pixel_id=2621029394951596&fb_access_token=1 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://mmillerassociates.com/ HTTP 302
  • http://mustang303.cyou/ HTTP 307
  • https://mustang303.cyou/
Request Chain 29
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/16664184146/?random=1135663839&cv=11&fst=1729666063700&bg=ffffff&guid=ON&async=1&gtm=45be4ah0za200&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101686685~101823848&u_w=1600&u_h=1200&url=https%3A%2F%2Fgfkqn.xyz%2F%3Ft%3D1%26p0%3D1cafn376%26p1%3D%7B%7Bcampaign.name%7D%7D%26p2%3D%7B%7Bcampaign.id%7D%7D%26p3%3D%7B%7Badset.name%7D%7D%26p4%3D%7B%7Badset.id%7D%7D%26p5%3D%7B%7Bad.name%7D%7D%26p6%3D%7B%7Bad.id%7D%7D%26label%3Dgezi%26fb_pixel_id%3D2621029394951596%26fb_access_token%3D1&ref=https%3A%2F%2Fmustang303.cyou%2F&label=95EHCPmNrsgZENKKjYo-&hn=www.googleadservices.com&frm=0&tiba=7276%20Slots&gtm_ee=1&npa=1&pscdl=noapi&auid=1717511837.1729666064&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&ec_mode=a&fdr=CA&capi=1&data=event%3Dconversion&em=tv.1&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECSid0cmlnZ2VyPW5hdmlnYXRpb24tc291cmNlLCBldmVudC1zb3VyY2VaAwoBAWIECgICAw&pscrd=IhMIxcHpmvSjiQMViYmDBx14kzbuMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhJodHRwczovL2dma3FuLnh5ei9CV0NoRUk4SnJkdUFZUWdhWHQ4TGZXdGJHMUFSSXNBRjdBUFlnV3JvdVBfekpVaGg1aWNpRFB4b0NDdVZiTl9RLVhlQnFnc3FwaUtnbnRuam1BblpiUWJJOA HTTP 302
  • https://www.google.com/pagead/1p-conversion/16664184146/?random=1135663839&cv=11&fst=1729666063700&bg=ffffff&guid=ON&async=1&gtm=45be4ah0za200&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101686685~101823848&u_w=1600&u_h=1200&url=https%3A%2F%2Fgfkqn.xyz%2F%3Ft%3D1%26p0%3D1cafn376%26p1%3D%7B%7Bcampaign.name%7D%7D%26p2%3D%7B%7Bcampaign.id%7D%7D%26p3%3D%7B%7Badset.name%7D%7D%26p4%3D%7B%7Badset.id%7D%7D%26p5%3D%7B%7Bad.name%7D%7D%26p6%3D%7B%7Bad.id%7D%7D%26label%3Dgezi%26fb_pixel_id%3D2621029394951596%26fb_access_token%3D1&ref=https%3A%2F%2Fmustang303.cyou%2F&label=95EHCPmNrsgZENKKjYo-&hn=www.googleadservices.com&frm=0&tiba=7276%20Slots&gtm_ee=1&npa=1&pscdl=noapi&auid=1717511837.1729666064&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&ec_mode=a&fdr=CA&capi=1&data=event%3Dconversion&em=tv.1&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECSid0cmlnZ2VyPW5hdmlnYXRpb24tc291cmNlLCBldmVudC1zb3VyY2VaAwoBAWIECgICAw&pscrd=IhMIxcHpmvSjiQMViYmDBx14kzbuMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhJodHRwczovL2dma3FuLnh5ei9CV0NoRUk4SnJkdUFZUWdhWHQ4TGZXdGJHMUFSSXNBRjdBUFlnV3JvdVBfekpVaGg1aWNpRFB4b0NDdVZiTl9RLVhlQnFnc3FwaUtnbnRuam1BblpiUWJJOA&is_vtc=1&cid=CAQSGwDpaXnf3DZCKqlAu0MjCDt1MZb25OoppP2IQg&random=1883975859

30 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
mustang303.cyou/
Redirect Chain
  • https://mmillerassociates.com/
  • http://mustang303.cyou/
  • https://mustang303.cyou/
949 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://mustang303.cyou/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
107.163.163.254 , United States, ASN132839 (POWERLINE-AS-AP POWER LINE DATACENTER, HK),
Reverse DNS
Software
nginx /
Resource Hash
2104abd2153dc1ec77bddf06159776fb4025b04591b9449253ff36b0e3242974
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
content-length
949
content-type
text/html
date
Wed, 23 Oct 2024 06:47:40 GMT
etag
"66c46bbb-3b5"
last-modified
Tue, 20 Aug 2024 10:11:07 GMT
server
nginx
strict-transport-security
max-age=31536000

Redirect headers

Location
https://mustang303.cyou/
Non-Authoritative-Reason
HttpsUpgrades
z.js
s4.cnzz.com/ 		10 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s4.cnzz.com/z.js?id=1281337420&async=1
Requested by
Host: mustang303.cyou
URL: https://mustang303.cyou/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
240e:cf:8800:53:3::7ea , China, ASN134238 (CT-JIANGXI-IDC CHINANET Jiangx province IDC network, CN),
Reverse DNS
Software
Tengine /
Resource Hash
ddead68641b4994eb750365cd1012393abc56596cc37235063351b78d17e6061

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://mustang303.cyou/

Response headers

cache-control
public, max-age=300
x-swift-cachetime
300
timing-allow-origin
*
etag
W/"15643987139407696374"
age
291
via
cache75.l2cn3032[28,27,304-0,H], cache74.l2cn3032[29,0], cache5.cn3693[0,0,200-0,H], cache11.cn3693[1,0]
ali-swift-global-savetime
1729665771
x-swift-savetime
Wed, 23 Oct 2024 06:42:51 GMT
x-cache
HIT TCP_MEM_HIT dirn:-2:-2
content-length
10194
date
Wed, 23 Oct 2024 06:42:51 GMT
content-type
application/javascript
eagleid
6ae1f19f17296660622052738e
server
Tengine
stat.htm
z3.cnzz.com/ 		0
0
c.js
c.cnzz.com/ 		906 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.cnzz.com/c.js?web_id=1281337420&t=z
Requested by
Host: s4.cnzz.com
URL: https://s4.cnzz.com/z.js?id=1281337420&async=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
240e:cf:8800:53:3::7ea , China, ASN134238 (CT-JIANGXI-IDC CHINANET Jiangx province IDC network, CN),
Reverse DNS
Software
Tengine /
Resource Hash
4e40caec07450755166c40ba51099f2807b4b2efc3d6252f59d26bc0be325e9e

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://mustang303.cyou/

Response headers

cache-control
public, max-age=321
x-swift-cachetime
321
timing-allow-origin
*
etag
W/"17650835605665385536"
age
123
via
cache14.l2cn7484[41,41,304-0,H], cache40.l2cn7484[43,0], cache5.cn3693[0,0,200-0,H], cache11.cn3693[0,0]
ali-swift-global-savetime
1729665939
x-swift-savetime
Wed, 23 Oct 2024 06:45:39 GMT
x-cache
HIT TCP_MEM_HIT dirn:-2:-2
content-length
906
date
Wed, 23 Oct 2024 06:45:38 GMT
content-type
application/javascript
eagleid
6ae1f19f17296660626524113e
server
Tengine
not-found-image.jpg
mustang303.cyou/ 		138 B
138 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mustang303.cyou/not-found-image.jpg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
107.163.163.254 , United States, ASN132839 (POWERLINE-AS-AP POWER LINE DATACENTER, HK),
Reverse DNS
Software
nginx /
Resource Hash
301bd9f16f94feedfae7a946a14bac38cb73c43efe6117bc5586835af03d7d6f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://mustang303.cyou/

Response headers

content-length
138
date
Wed, 23 Oct 2024 06:47:42 GMT
etag
"66a8c7e8-8a"
content-type
text/html
server
nginx
favicon.ico
mustang303.cyou/ 		138 B
218 B 		Other
General
Check archive.org
Download Go to
Full URL
https://mustang303.cyou/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
107.163.163.254 , United States, ASN132839 (POWERLINE-AS-AP POWER LINE DATACENTER, HK),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://mustang303.cyou/

Response headers

content-length
138
date
Wed, 23 Oct 2024 06:47:42 GMT
etag
"66a8c7e8-8a"
content-type
text/html
server
nginx
Primary Request /
gfkqn.xyz/ 		8 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://gfkqn.xyz/?t=1&p0=1cafn376&p1={{campaign.name}}&p2={{campaign.id}}&p3={{adset.name}}&p4={{adset.id}}&p5={{ad.name}}&p6={{ad.id}}&label=gezi&fb_pixel_id=2621029394951596&fb_access_token=1
Requested by
Host: mustang303.cyou
URL: https://mustang303.cyou/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fee19288e261acbd6ea45956b72d4623236b3efa9a244bf5dfa0a2f3dcd114c0

Request headers

Referer
https://mustang303.cyou/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
8d6fc6fdfb942bbb-FRA
content-encoding
zstd
content-type
text/html
date
Wed, 23 Oct 2024 06:47:43 GMT
last-modified
Sat, 12 Oct 2024 14:54:46 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
priority
u=0,i
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HeFYaeAscsV5%2BnMzmfsmhHowsipJ3z2VEYl7avn%2BUzA5Zt%2Bbl0xGe7QqmM9f5bbkfi0ya9hv%2BhLhOyIg5VjTyw%2BQ3%2B5y2%2BvoDSsA0FLwws0ADGQN81Akx3KVihw%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
server-timing
cfL4;desc="?proto=QUIC&rtt=6426&sent=12&recv=10&lost=0&retrans=0&sent_bytes=4162&recv_bytes=4651&delivery_rate=891&cwnd=12000&unsent_bytes=0&cid=ba02ae8ca3a8f065&ts=518&x=1" cfExtPri cfHdrFlush;dur=0
vary
Accept-Encoding
js
www.googletagmanager.com/gtag/ 		275 KB
95 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-16664184146
Requested by
Host: gfkqn.xyz
URL: https://gfkqn.xyz/?t=1&p0=1cafn376&p1={{campaign.name}}&p2={{campaign.id}}&p3={{adset.name}}&p4={{adset.id}}&p5={{ad.name}}&p6={{ad.id}}&label=gezi&fb_pixel_id=2621029394951596&fb_access_token=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
bcfd8abbc2e89800a31442313d703e6990f0eeb8ccade78bfa7996d9bdb43d72
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://gfkqn.xyz/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires
Wed, 23 Oct 2024 06:47:43 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 23 Oct 2024 06:47:43 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
last-modified
Wed, 23 Oct 2024 06:00:00 GMT
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
96959
x-xss-protection
0
server
Google Tag Manager
index.css
www.vofzhq.com/resource/save3/assets/css/ 		2 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.vofzhq.com/resource/save3/assets/css/index.css
Requested by
Host: gfkqn.xyz
URL: https://gfkqn.xyz/?t=1&p0=1cafn376&p1={{campaign.name}}&p2={{campaign.id}}&p3={{adset.name}}&p4={{adset.id}}&p5={{ad.name}}&p6={{ad.id}}&label=gezi&fb_pixel_id=2621029394951596&fb_access_token=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6815:2a35 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a3c06e59f0057db0b405c533fafaa382eaa0ccd4077a2cb8751f069d86669d1f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://gfkqn.xyz/

Response headers

content-encoding
gzip
cf-cache-status
HIT
etag
W/"668cf62d-9dd"
age
39166
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=S3zStt1dA9En%2FdZUxSo8bJTY%2BIN3m%2Fi7l5zyV352N2hiYcM0wsEwP1bc9o2TRFKsD0g10dF7JKrN3yoYHjC5Zcx015sOB6f%2F7aT%2F560hhAFd32rLUfxkOqtH4rNyG%2BCqszcJ1UPEDz7a%2FnzSEg%3D%3D"}],"group":"cf-nel","max_age":604800}
expires
Wed, 23 Oct 2024 07:54:53 GMT
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=TCP&rtt=6449&sent=8&recv=17&lost=0&retrans=0&sent_bytes=4019&recv_bytes=2741&delivery_rate=627277&cwnd=253&unsent_bytes=0&cid=88edba61af8bd21c&ts=22&x=0"
date
Wed, 23 Oct 2024 06:47:43 GMT
content-type
text/css
last-modified
Tue, 09 Jul 2024 08:34:53 GMT
vary
Accept-Encoding
cache-control
max-age=43200
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8d6fc7019c19a03d-FRA
server
cloudflare
clipboard.min.js
www.vofzhq.com/resource/save3/assets/js/ 		18 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.vofzhq.com/resource/save3/assets/js/clipboard.min.js
Requested by
Host: gfkqn.xyz
URL: https://gfkqn.xyz/?t=1&p0=1cafn376&p1={{campaign.name}}&p2={{campaign.id}}&p3={{adset.name}}&p4={{adset.id}}&p5={{ad.name}}&p6={{ad.id}}&label=gezi&fb_pixel_id=2621029394951596&fb_access_token=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6815:2a35 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
857726437435447dd7f9970ac0ddf672c69889f1e3c087b1d84f009cf1edeeba

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://gfkqn.xyz/

Response headers

content-encoding
gzip
cf-cache-status
HIT
etag
W/"66792875-4950"
age
39166
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YF5TwzUgQ9pIgm43yyFJKoa5eE7qteD4Pn37IXC%2BC7me%2FsfvJQoTOPnb3gjRUQO83RbyHgWWOBnO2mUr%2FY5x9y7sCTNDKfQIbhhbpXAycDuHHFkbIk%2FwcOwwN3FPaEcjK%2B47nmMJTjhsTy9boA%3D%3D"}],"group":"cf-nel","max_age":604800}
expires
Wed, 23 Oct 2024 07:54:53 GMT
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=TCP&rtt=7147&sent=69&recv=19&lost=0&retrans=0&sent_bytes=67188&recv_bytes=2772&delivery_rate=627277&cwnd=254&unsent_bytes=3878&cid=88edba61af8bd21c&ts=28&x=0"
date
Wed, 23 Oct 2024 06:47:43 GMT
content-type
application/javascript
last-modified
Mon, 24 Jun 2024 08:04:05 GMT
vary
Accept-Encoding
cache-control
max-age=43200
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8d6fc7019c21a03d-FRA
server
cloudflare
jquery-2.2.4.min.js
www.vofzhq.com/resource/save3/assets/js/ 		162 KB
46 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.vofzhq.com/resource/save3/assets/js/jquery-2.2.4.min.js
Requested by
Host: gfkqn.xyz
URL: https://gfkqn.xyz/?t=1&p0=1cafn376&p1={{campaign.name}}&p2={{campaign.id}}&p3={{adset.name}}&p4={{adset.id}}&p5={{ad.name}}&p6={{ad.id}}&label=gezi&fb_pixel_id=2621029394951596&fb_access_token=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6815:2a35 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f8e177d8209998de87c94002fcc0f8f3f2d68515b0f83b9b17b7417686b5f284

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://gfkqn.xyz/

Response headers

content-encoding
gzip
cf-cache-status
HIT
etag
W/"66792876-289b9"
age
2894
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AA9iFfFaxe178KjkjH3eTovKWzBFRq6cjkOEImMofk%2FUMSW2qFitOf2C8Sx5SqLDi8B8N1l9HvEWsG6BErOo5FdgYdiIW90AHde6PRe4YoIDwdJa9eeTtf0tgEmSPg12kKtMkHL404DnaQnkhQ%3D%3D"}],"group":"cf-nel","max_age":604800}
expires
Wed, 23 Oct 2024 17:59:25 GMT
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=TCP&rtt=7147&sent=27&recv=18&lost=0&retrans=0&sent_bytes=19211&recv_bytes=2741&delivery_rate=627277&cwnd=254&unsent_bytes=0&cid=88edba61af8bd21c&ts=25&x=0"
date
Wed, 23 Oct 2024 06:47:43 GMT
content-type
application/javascript
last-modified
Mon, 24 Jun 2024 08:04:06 GMT
vary
Accept-Encoding
cache-control
max-age=43200
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8d6fc7019c24a03d-FRA
server
cloudflare
rem.js
www.vofzhq.com/resource/save3/assets/js/ 		824 B
897 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.vofzhq.com/resource/save3/assets/js/rem.js
Requested by
Host: gfkqn.xyz
URL: https://gfkqn.xyz/?t=1&p0=1cafn376&p1={{campaign.name}}&p2={{campaign.id}}&p3={{adset.name}}&p4={{adset.id}}&p5={{ad.name}}&p6={{ad.id}}&label=gezi&fb_pixel_id=2621029394951596&fb_access_token=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6815:2a35 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
832608f04479852728b8f309472f2262ffc7fe9e858033dfebb7e6e0031f933c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://gfkqn.xyz/

Response headers

cache-control
max-age=43200
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
zstd
cf-cache-status
REVALIDATED
etag
W/"66792876-338"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ozVj%2BUMTt5TLxvpUNLtByrUKOoiQP3B9soOF8glSXP9KK6ENwmHC4kZmY0wlxokHm0baftOg1sCVBAlS5f8Lel%2FzBmC7XZwRzP7NtjgVFVOy0Pk2m%2BNdi5Mp5fIPQId2RyO03DE9%2FKzEq3gOKg%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8d6fc7019c20a03d-FRA
expires
Wed, 23 Oct 2024 18:47:40 GMT
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=TCP&rtt=6844&sent=79&recv=57&lost=0&retrans=0&sent_bytes=77323&recv_bytes=2772&delivery_rate=12982563&cwnd=268&unsent_bytes=0&cid=88edba61af8bd21c&ts=335&x=0"
date
Wed, 23 Oct 2024 06:47:43 GMT
content-type
application/javascript
last-modified
Mon, 24 Jun 2024 08:04:06 GMT
vary
Accept-Encoding
server
cloudflare
qrcode.min.js
www.vofzhq.com/resource/save3/assets/js/ 		19 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.vofzhq.com/resource/save3/assets/js/qrcode.min.js
Requested by
Host: gfkqn.xyz
URL: https://gfkqn.xyz/?t=1&p0=1cafn376&p1={{campaign.name}}&p2={{campaign.id}}&p3={{adset.name}}&p4={{adset.id}}&p5={{ad.name}}&p6={{ad.id}}&label=gezi&fb_pixel_id=2621029394951596&fb_access_token=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6815:2a35 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c541ef06327885a8415bca8df6071e14189b4855336def4f36db54bde8484f36

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://gfkqn.xyz/

Response headers

content-encoding
gzip
cf-cache-status
HIT
etag
W/"668cece1-4dd7"
age
39166
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FIGefh%2BXqwTsIeWqBddnpqome8y9POtyJTAy8S0L1aC3HO%2FRQP0oGITi3tqJLQQeJZEHxYT2lcDljQzw4cUZ%2BKOsvTDUTitjQFuMQYZPmnGgJLiECIklIU9kiRCN1Odl9HMqzIXQpwEThBscuA%3D%3D"}],"group":"cf-nel","max_age":604800}
expires
Wed, 23 Oct 2024 07:54:53 GMT
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=TCP&rtt=6449&sent=11&recv=17&lost=0&retrans=0&sent_bytes=5602&recv_bytes=2741&delivery_rate=627277&cwnd=253&unsent_bytes=0&cid=88edba61af8bd21c&ts=23&x=0"
date
Wed, 23 Oct 2024 06:47:43 GMT
content-type
application/javascript
last-modified
Tue, 09 Jul 2024 07:55:13 GMT
vary
Accept-Encoding
cache-control
max-age=43200
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8d6fc7019c1fa03d-FRA
server
cloudflare
import-scripts.js
appdv76.s3.ap-southeast-3.amazonaws.com/adjust/ 		9 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://appdv76.s3.ap-southeast-3.amazonaws.com/adjust/import-scripts.js
Requested by
Host: gfkqn.xyz
URL: https://gfkqn.xyz/?t=1&p0=1cafn376&p1={{campaign.name}}&p2={{campaign.id}}&p3={{adset.name}}&p4={{adset.id}}&p5={{ad.name}}&p6={{ad.id}}&label=gezi&fb_pixel_id=2621029394951596&fb_access_token=1
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
3.5.36.123 Jakarta, Indonesia, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-r-w.ap-southeast-3.amazonaws.com
Software
AmazonS3 /
Resource Hash
4ca6122030dea2d2e66cde8f69cc201e27169e9d96380e736e9224c9e320a4f6

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://gfkqn.xyz/

Response headers

x-amz-id-2
HsohoDEahVE+evH6otsZ4Ja//VUXrYG3kpJyUOZsDJaJab6KOzZ3vTTpCH/kgV2fzvxxcoZ7yYqzg6jdsF0k1A==
ETag
"0a718bb010a4bc901c45eba9dad3b0a2"
x-amz-request-id
MKGTWMBRHEV8SWDE
Accept-Ranges
bytes
Content-Length
8988
Date
Wed, 23 Oct 2024 06:47:45 GMT
Last-Modified
Sun, 07 Jul 2024 03:32:15 GMT
Content-Type
application/javascript; charset=utf-8
Server
AmazonS3
x-amz-server-side-encryption
AES256
7276.js
appdv76.s3.ap-southeast-3.amazonaws.com/download-app/ 		192 B
611 B 		Script
General
Check archive.org
Download Go to
Full URL
https://appdv76.s3.ap-southeast-3.amazonaws.com/download-app/7276.js
Requested by
Host: gfkqn.xyz
URL: https://gfkqn.xyz/?t=1&p0=1cafn376&p1={{campaign.name}}&p2={{campaign.id}}&p3={{adset.name}}&p4={{adset.id}}&p5={{ad.name}}&p6={{ad.id}}&label=gezi&fb_pixel_id=2621029394951596&fb_access_token=1
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
3.5.36.123 Jakarta, Indonesia, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-r-w.ap-southeast-3.amazonaws.com
Software
AmazonS3 /
Resource Hash
7d9ce64336a5f16eda6a514acb76dced3af8bf293a570bb81ec60041894ed5e7

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://gfkqn.xyz/

Response headers

x-amz-id-2
GSbPTC7ZuIW+H81LeUdTXb06xtMsPoPP0p39u9FasJEfni8m2lfOziDi4tElzCWLyZKqAtKMBCFywysGXFyNCA==
ETag
"57fa8b4e47fb662006357131df809445"
x-amz-request-id
MKGX8MP7RWZCDX46
Accept-Ranges
bytes
Content-Length
192
Date
Wed, 23 Oct 2024 06:47:45 GMT
Last-Modified
Tue, 22 Oct 2024 18:42:20 GMT
Content-Type
application/javascript
Server
AmazonS3
x-amz-server-side-encryption
AES256
9906-label-adjust-targetinstall.js
www.vofzhq.com//resource/save9/assets/js/ 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.vofzhq.com//resource/save9/assets/js/9906-label-adjust-targetinstall.js
Requested by
Host: gfkqn.xyz
URL: https://gfkqn.xyz/?t=1&p0=1cafn376&p1={{campaign.name}}&p2={{campaign.id}}&p3={{adset.name}}&p4={{adset.id}}&p5={{ad.name}}&p6={{ad.id}}&label=gezi&fb_pixel_id=2621029394951596&fb_access_token=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6815:2a35 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c64254f49eb8785da2d38f9c4e119f4e2c5a37311783f9d1b679cf297b67423d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://gfkqn.xyz/

Response headers

content-encoding
gzip
cf-cache-status
HIT
etag
W/"6708c6ce-2d35"
age
11980
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KwXYo9M%2BC8MfEAFvKPuSRbytYzChvm4DfMoahl0lvskP6O1Nlg7pe6Jh9yFskgzK9G1zmRusrx5bqqgBRVqnWJuL6PaM3%2F6Xwabeh8JkVmjPR3cclidOXibxJ14R7Hrp%2Fn6ffqfcV6Z221QiGQ%3D%3D"}],"group":"cf-nel","max_age":604800}
expires
Wed, 23 Oct 2024 15:28:00 GMT
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=TCP&rtt=7147&sent=68&recv=19&lost=0&retrans=0&sent_bytes=66702&recv_bytes=2772&delivery_rate=627277&cwnd=254&unsent_bytes=0&cid=88edba61af8bd21c&ts=25&x=0"
date
Wed, 23 Oct 2024 06:47:43 GMT
content-type
application/javascript
last-modified
Fri, 11 Oct 2024 06:33:50 GMT
vary
Accept-Encoding
cache-control
max-age=43200
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8d6fc7019c1ba03d-FRA
server
cloudflare
adti-advertise.v1.10.3.6.js
www.vofzhq.com/resource/common/ 		14 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.vofzhq.com/resource/common/adti-advertise.v1.10.3.6.js
Requested by
Host: gfkqn.xyz
URL: https://gfkqn.xyz/?t=1&p0=1cafn376&p1={{campaign.name}}&p2={{campaign.id}}&p3={{adset.name}}&p4={{adset.id}}&p5={{ad.name}}&p6={{ad.id}}&label=gezi&fb_pixel_id=2621029394951596&fb_access_token=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6815:2a35 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c35b9be33c4ae75f7d21c7f88fa3f7c6fb334570bf712a57ba721921139003ed

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://gfkqn.xyz/

Response headers

content-encoding
gzip
cf-cache-status
HIT
etag
W/"66fe9182-378a"
age
8486
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0I3vx03M568ZdI07b0nhAp7crh9YhCEXO9HNFoIt%2BBFgEcNQ6o74ks44l2HzKwdwgRkhctIv5MSY9BjpWr15DeQUE0At7ITqXGhMEJeZebuTbXSo3cYcZ49RUZ2p%2Bz2U2%2FpkFYQJPd3QT3j%2FpQ%3D%3D"}],"group":"cf-nel","max_age":604800}
expires
Wed, 23 Oct 2024 16:26:13 GMT
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=TCP&rtt=6449&sent=20&recv=17&lost=0&retrans=0&sent_bytes=13973&recv_bytes=2741&delivery_rate=627277&cwnd=253&unsent_bytes=0&cid=88edba61af8bd21c&ts=24&x=0"
date
Wed, 23 Oct 2024 06:47:43 GMT
content-type
application/javascript
last-modified
Thu, 03 Oct 2024 12:43:46 GMT
vary
Accept-Encoding
cache-control
max-age=43200
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8d6fc7019c22a03d-FRA
server
cloudflare
servers.js
www.vofzhq.com/resource/common/ 		477 B
753 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.vofzhq.com/resource/common/servers.js
Requested by
Host: gfkqn.xyz
URL: https://gfkqn.xyz/?t=1&p0=1cafn376&p1={{campaign.name}}&p2={{campaign.id}}&p3={{adset.name}}&p4={{adset.id}}&p5={{ad.name}}&p6={{ad.id}}&label=gezi&fb_pixel_id=2621029394951596&fb_access_token=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6815:2a35 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a4ceb917e6fd8bff1a6e90fb001c5feea2f1b6a386f821431af448eb64f2209a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://gfkqn.xyz/

Response headers

content-encoding
zstd
cf-cache-status
HIT
etag
W/"66fd505b-1dd"
age
13169
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fhttvjBYGQvjaWozl5Elbcr9CaNDa5T1d3bhJLM74X9wZImpTjf01KX6WvY9mcuCC%2B3peRpTYpUIrcZelcRM9q6%2FFGrwz1Tnq%2BDPM2O%2BE3CQeNjadRB7vxOmeBW28O5xRreygFplg0VxkLNSWQ%3D%3D"}],"group":"cf-nel","max_age":604800}
expires
Wed, 23 Oct 2024 15:08:10 GMT
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=TCP&rtt=6834&sent=71&recv=22&lost=0&retrans=0&sent_bytes=68818&recv_bytes=2772&delivery_rate=627277&cwnd=257&unsent_bytes=7686&cid=88edba61af8bd21c&ts=29&x=0"
date
Wed, 23 Oct 2024 06:47:43 GMT
content-type
application/javascript
last-modified
Wed, 02 Oct 2024 13:53:31 GMT
vary
Accept-Encoding
cache-control
max-age=43200
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8d6fc7019c1ca03d-FRA
server
cloudflare
/
www.googleadservices.com/pagead/conversion/16664184146/ 		5 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion/16664184146/?random=1729666063700&cv=11&fst=1729666063700&bg=ffffff&guid=ON&async=1&gtm=45be4ah0za200&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101686685~101823848&u_w=1600&u_h=1200&url=https%3A%2F%2Fgfkqn.xyz%2F%3Ft%3D1%26p0%3D1cafn376%26p1%3D%7B%7Bcampaign.name%7D%7D%26p2%3D%7B%7Bcampaign.id%7D%7D%26p3%3D%7B%7Badset.name%7D%7D%26p4%3D%7B%7Badset.id%7D%7D%26p5%3D%7B%7Bad.name%7D%7D%26p6%3D%7B%7Bad.id%7D%7D%26label%3Dgezi%26fb_pixel_id%3D2621029394951596%26fb_access_token%3D1&ref=https%3A%2F%2Fmustang303.cyou%2F&label=95EHCPmNrsgZENKKjYo-&hn=www.googleadservices.com&frm=0&tiba=7276%20Slots&gtm_ee=1&npa=1&pscdl=noapi&auid=1717511837.1729666064&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&ec_mode=a&fdr=CA&capi=1&data=event%3Dconversion&em=tv.1&rfmt=3&fmt=4
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-16664184146
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.18.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s28-in-f2.1e100.net
Software
cafe /
Resource Hash
4493cdaf9fa12baaaa0772fd089318481124f2b854d8ee3d652b077db765ea0d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://gfkqn.xyz/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
content-encoding
br
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
2745
date
Wed, 23 Oct 2024 06:47:44 GMT
x-xss-protection
0
content-type
text/javascript; charset=UTF-8
content-disposition
attachment; filename="f.txt"
server
cafe
sw_iframe.html
www.googletagmanager.com/static/service_worker/4al0/ Frame 7209 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/static/service_worker/4al0/sw_iframe.html?origin=https%3A%2F%2Fgfkqn.xyz
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-16664184146
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
br
content-length
1476
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/analytics-container-tag-serving
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="analytics-container-tag-serving"
cross-origin-resource-policy
cross-origin
date
Wed, 23 Oct 2024 06:47:43 GMT
expires
Thu, 23 Oct 2025 06:47:43 GMT
last-modified
Mon, 21 Oct 2024 16:58:00 GMT
report-to
{"group":"analytics-container-tag-serving","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/analytics-container-tag-serving"}]}
server
sffe
service-worker-allowed
/static/service_worker
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
fbevents.js
connect.facebook.net/en_US/ 		228 KB
58 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: appdv76.s3.ap-southeast-3.amazonaws.com
URL: https://appdv76.s3.ap-southeast-3.amazonaws.com/adjust/import-scripts.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.0.6 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-02-fra3.fbcdn.net
Software
/
Resource Hash
b3cad51ca0cfdbeac9d38f7aad54e6564408f0da56a6fd56350e0d03d4f0aef9
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src 'unsafe-inline' *.fbcdn.net *.facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://gfkqn.xyz/

Response headers

content-encoding
gzip
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Wed, 23 Oct 2024 06:47:44 GMT
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
priority
u=3,i
x-frame-options
DENY
strict-transport-security
max-age=31536000; preload; includeSubDomains
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src 'unsafe-inline' *.fbcdn.net *.facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
cache-control
public, max-age=1200
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=7, rtx=0, c=23, mss=1232, tbw=4458, tp=9, tpl=0, uplat=0, ullat=-1
pragma
public
x-fb-debug
ylW71PEqsDYZ1kSwyEQtVfC4iRWsaYrrYLgLnRWAus/MZKuzs63TERplArAGOzpu3/3UWjGhjXzb+NqQ6qkGeA==
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy
force-load-at-top
content-length
59508
x-xss-protection
0
origin-agent-cluster
?1
tr
www.facebook.com/ 		0
273 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr?id=2621029394951596&ev=PageView&noscript=1
Requested by
Host: gfkqn.xyz
URL: https://gfkqn.xyz/?t=1&p0=1cafn376&p1={{campaign.name}}&p2={{campaign.id}}&p3={{adset.name}}&p4={{adset.id}}&p5={{ad.name}}&p6={{ad.id}}&label=gezi&fb_pixel_id=2621029394951596&fb_access_token=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://gfkqn.xyz/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=6, rtx=0, c=10, mss=1297, tbw=2924, tp=-1, tpl=-1, uplat=0, ullat=0
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
access-control-allow-origin
alt-svc
h3=":443"; ma=86400
content-length
0
date
Wed, 23 Oct 2024 06:47:44 GMT
content-type
text/plain
server
proxygen-bolt
body.gif
www.vofzhq.com/resource/save3/assets/img/ 		2 MB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.vofzhq.com/resource/save3/assets/img/body.gif
Requested by
Host: gfkqn.xyz
URL: https://gfkqn.xyz/?t=1&p0=1cafn376&p1={{campaign.name}}&p2={{campaign.id}}&p3={{adset.name}}&p4={{adset.id}}&p5={{ad.name}}&p6={{ad.id}}&label=gezi&fb_pixel_id=2621029394951596&fb_access_token=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6815:2a35 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://gfkqn.xyz/

Response headers

content-encoding
gzip
cf-cache-status
HIT
etag
W/"6677f84d-2d7dae"
age
586102
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kdXB73uGQjN3Xrd1ZaYbNGsf4on1fwzXeuTESwMKTM7s16qH227YoZffNH5S4R8MscZtW6WzYpHB81s8QWTseADi0PLk9UNNHQf%2FZk37%2F8S26QC8X8PGSryn8y9tovYWwW3goApoPpErUvT4cQ%3D%3D"}],"group":"cf-nel","max_age":604800}
expires
Fri, 15 Nov 2024 11:59:19 GMT
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=TCP&rtt=6615&sent=124&recv=63&lost=0&retrans=0&sent_bytes=127623&recv_bytes=3056&delivery_rate=12982563&cwnd=271&unsent_bytes=0&cid=88edba61af8bd21c&ts=846&x=0"
date
Wed, 23 Oct 2024 06:47:44 GMT
content-type
image/gif
last-modified
Sun, 23 Jun 2024 10:26:21 GMT
vary
Accept-Encoding
cache-control
max-age=2592000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8d6fc706b98da03d-FRA
server
cloudflare
footer.gif
www.vofzhq.com/resource/save3/assets/img/ 		199 KB
199 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.vofzhq.com/resource/save3/assets/img/footer.gif
Requested by
Host: gfkqn.xyz
URL: https://gfkqn.xyz/?t=1&p0=1cafn376&p1={{campaign.name}}&p2={{campaign.id}}&p3={{adset.name}}&p4={{adset.id}}&p5={{ad.name}}&p6={{ad.id}}&label=gezi&fb_pixel_id=2621029394951596&fb_access_token=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6815:2a35 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cec231b75bd545b0e5a32db063c6221f872023c40363dfc924df204d31e25d40

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://gfkqn.xyz/

Response headers

content-encoding
gzip
cf-cache-status
HIT
etag
W/"6677f84f-31c3d"
age
586102
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wu20Xvn%2B%2BQRq3b2ujqvqYp%2FXQt17BEgVdzI1IA4owe3mh%2BgWl0mHhU9odiF%2F2%2FHtkk9eVMQQf%2FTL43u4YM0iaJ1I35dQlnXuB%2FrBonF%2FmAlSg%2F6QixZabLEarV0RWxu6WIsU30NNc68ZsyQazA%3D%3D"}],"group":"cf-nel","max_age":604800}
expires
Fri, 15 Nov 2024 11:59:19 GMT
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=TCP&rtt=6615&sent=163&recv=63&lost=0&retrans=0&sent_bytes=172878&recv_bytes=3056&delivery_rate=12982563&cwnd=271&unsent_bytes=37551&cid=88edba61af8bd21c&ts=847&x=0"
date
Wed, 23 Oct 2024 06:47:44 GMT
content-type
image/gif
last-modified
Sun, 23 Jun 2024 10:26:23 GMT
vary
Accept-Encoding
cache-control
max-age=2592000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8d6fc706b98ea03d-FRA
server
cloudflare
kf.png
www.vofzhq.com/resource/save3/assets/img/ 		47 KB
48 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.vofzhq.com/resource/save3/assets/img/kf.png
Requested by
Host: gfkqn.xyz
URL: https://gfkqn.xyz/?t=1&p0=1cafn376&p1={{campaign.name}}&p2={{campaign.id}}&p3={{adset.name}}&p4={{adset.id}}&p5={{ad.name}}&p6={{ad.id}}&label=gezi&fb_pixel_id=2621029394951596&fb_access_token=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6815:2a35 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
735fa5c2749fd619950da70a8727a1108486739eda12bd01bf8d2e4335068563

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://gfkqn.xyz/

Response headers

content-encoding
gzip
cf-cache-status
HIT
etag
W/"6677ef0b-bdc2"
age
586042
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dfhBAzU0FxJeVQpD5jz0OvjGGHc4gusDCGvj%2BEzPws0HNz3C%2BJHDGy7WBylVGf7K%2BzMU8664BHuyTx9zdmZboJGwYwlBQhoV6%2B0F7l5yJ1zo1QTxIvmDqGbgXCa0UvVCTRqAkaSVR39WyNx%2F2g%3D%3D"}],"group":"cf-nel","max_age":604800}
expires
Fri, 15 Nov 2024 12:00:19 GMT
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=TCP&rtt=6615&sent=83&recv=63&lost=0&retrans=0&sent_bytes=78286&recv_bytes=3056&delivery_rate=12982563&cwnd=271&unsent_bytes=0&cid=88edba61af8bd21c&ts=846&x=0"
date
Wed, 23 Oct 2024 06:47:44 GMT
content-type
image/png
last-modified
Sun, 23 Jun 2024 09:46:51 GMT
vary
Accept-Encoding
cache-control
max-age=2592000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8d6fc706b98fa03d-FRA
server
cloudflare
/
api.ipify.org/ 		22 B
155 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.ipify.org/?format=json
Requested by
Host: www.vofzhq.com
URL: https://www.vofzhq.com//resource/save9/assets/js/9906-label-adjust-targetinstall.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.74.152 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f4d9c3d1d4d5c49c73939f67804626803e3ebff8faf42720f6a4ddce47b80aff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://gfkqn.xyz/

Response headers

cf-cache-status
DYNAMIC
cf-ray
8d6fc7070b8a18d6-FRA
access-control-allow-origin
*
content-length
22
date
Wed, 23 Oct 2024 06:47:44 GMT
content-type
application/json
vary
Origin
server
cloudflare
truncated
/ 		85 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4a711f5cd03c09fd79ae2f19bb2f71168e71c18b7562626a1ae8d99ebc3212ff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/gif
truncated
/ 		7 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4bf3a7f4958135e9c31f0f5b61cec788aab5390de0a85eb1f203ff22358fe2b2

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
z.js
s4.cnzz.com/ 		0
0
2621029394951596
connect.facebook.net/signals/config/ 		0
0
/
www.google.com/pagead/1p-conversion/16664184146/
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/16664184146/?random=1135663839&cv=11&fst=1729666063700&bg=ffffff&guid=ON&async=1&gtm=45be4ah0za200&gcd=13l3l3l2l1l1&dma_cps=syphamo&...
  • https://www.google.com/pagead/1p-conversion/16664184146/?random=1135663839&cv=11&fst=1729666063700&bg=ffffff&guid=ON&async=1&gtm=45be4ah0za200&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=1016866...
0
0
downloadPageLogs
api-tester.feiwindevelopment.com/api/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
z3.cnzz.com
URL
https://z3.cnzz.com/stat.htm?id=1281337420&r=&lg=de-de&ntime=none&cnzz_eid=1526427811-1729666062-&showp=1600x1200&p=https%3A%2F%2Fmustang303.cyou%2F&t=Page%20Not%20Found&umuuid=192b821989b9aa-014070e9bf866d-1e462c6f-1d4c00-192b821989c7b5&h=1
Domain
s4.cnzz.com
URL
https://s4.cnzz.com/z.js?id=1281337420&async=1
Domain
connect.facebook.net
URL
https://connect.facebook.net/signals/config/2621029394951596?v=2.9.173&r=stable&domain=gfkqn.xyz&hme=ead923021ccd3483ef3b9b04703d0a78b943fbdc01e8d7cec21c5059f1f4a5e9&ex_m=70%2C121%2C107%2C111%2C61%2C4%2C100%2C69%2C16%2C97%2C89%2C51%2C54%2C172%2C175%2C187%2C183%2C184%2C186%2C29%2C101%2C53%2C77%2C185%2C167%2C170%2C180%2C181%2C188%2C131%2C41%2C34%2C143%2C15%2C50%2C194%2C193%2C133%2C18%2C40%2C1%2C43%2C65%2C66%2C67%2C71%2C93%2C17%2C14%2C96%2C92%2C91%2C108%2C52%2C110%2C39%2C109%2C30%2C94%2C26%2C168%2C171%2C140%2C86%2C56%2C84%2C33%2C73%2C0%2C95%2C32%2C28%2C82%2C83%2C88%2C47%2C46%2C87%2C37%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C57%2C62%2C64%2C75%2C102%2C27%2C76%2C9%2C8%2C80%2C48%2C21%2C104%2C103%2C105%2C98%2C10%2C20%2C3%2C38%2C74%2C19%2C5%2C90%2C81%2C44%2C35%2C85%2C2%2C36%2C63%2C42%2C106%2C45%2C79%2C68%2C112%2C60%2C59%2C31%2C99%2C58%2C55%2C49%2C78%2C72%2C24%2C113
Domain
www.google.com
URL
https://www.google.com/pagead/1p-conversion/16664184146/?random=1135663839&cv=11&fst=1729666063700&bg=ffffff&guid=ON&async=1&gtm=45be4ah0za200&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101686685~101823848&u_w=1600&u_h=1200&url=https%3A%2F%2Fgfkqn.xyz%2F%3Ft%3D1%26p0%3D1cafn376%26p1%3D%7B%7Bcampaign.name%7D%7D%26p2%3D%7B%7Bcampaign.id%7D%7D%26p3%3D%7B%7Badset.name%7D%7D%26p4%3D%7B%7Badset.id%7D%7D%26p5%3D%7B%7Bad.name%7D%7D%26p6%3D%7B%7Bad.id%7D%7D%26label%3Dgezi%26fb_pixel_id%3D2621029394951596%26fb_access_token%3D1&ref=https%3A%2F%2Fmustang303.cyou%2F&label=95EHCPmNrsgZENKKjYo-&hn=www.googleadservices.com&frm=0&tiba=7276%20Slots&gtm_ee=1&npa=1&pscdl=noapi&auid=1717511837.1729666064&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&ec_mode=a&fdr=CA&capi=1&data=event%3Dconversion&em=tv.1&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECSid0cmlnZ2VyPW5hdmlnYXRpb24tc291cmNlLCBldmVudC1zb3VyY2VaAwoBAWIECgICAw&pscrd=IhMIxcHpmvSjiQMViYmDBx14kzbuMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhJodHRwczovL2dma3FuLnh5ei9CV0NoRUk4SnJkdUFZUWdhWHQ4TGZXdGJHMUFSSXNBRjdBUFlnV3JvdVBfekpVaGg1aWNpRFB4b0NDdVZiTl9RLVhlQnFnc3FwaUtnbnRuam1BblpiUWJJOA&is_vtc=1&cid=CAQSGwDpaXnf3DZCKqlAu0MjCDt1MZb25OoppP2IQg&random=1883975859
Domain
api-tester.feiwindevelopment.com
URL
https://api-tester.feiwindevelopment.com/api/downloadPageLogs?source=DOWNLOAD_PAGE&status=SUCCESS&ip=78.159.108.28&device_name=Linux%20x86_64&device=android&platform=Linux%20x86_64&referrerUrl=https%3A%2F%2Fgfkqn.xyz%2F%3Ft%3D1%26p0%3D1cafn376%26p1%3D%7B%7Bcampaign.name%7D%7D%26p2%3D%7B%7Bcampaign.id%7D%7D%26p3%3D%7B%7Badset.name%7D%7D%26p4%3D%7B%7Badset.id%7D%7D%26p5%3D%7B%7Bad.name%7D%7D%26p6%3D%7B%7Bad.id%7D%7D%26label%3Dgezi%26fb_pixel_id%3D2621029394951596%26fb_access_token%3D1&downloadLink=https%3A%2F%2Fapp.adjust.com%2F1cafn376%3Fcampaign%3D%257B%257Bcampaign.name%257D%257D%2528%257B%257Bcampaign.id%257D%257D%2529%26adgroup%3D%257B%257Badset.name%257D%257D%2528%257B%257Badset.id%257D%257D%2529%26creative%3D%257B%257Bad.name%257D%257D%2528%257B%257Bad.id%257D%257D%2529%26redirect%3Dhttps%253A%252F%252Fgfkqn.xyz%252F%253Ft%253D1%2526p0%253D1cafn376%2526p1%253D%257B%257Bcampaign.name%257D%257D%2526p2%253D%257B%257Bcampaign.id%257D%257D%2526p3%253D%257B%257Badset.name%257D%257D%2526p4%253D%257B%257Badset.id%257D%257D%2526p5%253D%257B%257Bad.name%257D%257D%2526p6%253D%257B%257Bad.id%257D%257D%2526label%253Dgezi%2526fb_pixel_id%253D2621029394951596%2526fb_access_token%253D1%26label%3Dgezi%26fb_pixel_id%3D2621029394951596%26fb_access_token%3D1%26fbclid%3Dnull

Verdicts & Comments Add Verdict or Comment

37 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| gtag object| dataLayer function| ClipboardJS function| $ function| jQuery object| google_tag_manager object| google_tag_data object| GooglebQhCsO string| designWidth function| font_size object| media function| QRCode object| urlParams string| fb_pixel_id function| fbq function| _fbq object| downloadLink string| fb_access_token function| getCookie function| buildURL function| getFbPid function| gtag_report_conversion object| _czc object| qrcode function| goDownload function| closeQR string| tracker string| campaign string| adgroup string| creative string| clickApkUrl function| copyText object| servers string| apklink string| ioslink object| data

4 Cookies

Domain/Path Name / Value
.mustang303.cyou/ Name: UM_distinctid
Value: 192b821989b9aa-014070e9bf866d-1e462c6f-1d4c00-192b821989c7b5
mustang303.cyou/ Name: CNZZDATA1281337420
Value: 1526427811-1729666062-%7C1729666062
.gfkqn.xyz/ Name: _gcl_au
Value: 1.1.1717511837.1729666064
.doubleclick.net/ Name: test_cookie
Value: CheckForPermission

2 Console Messages

Source Level URL
Text
network error URL: https://mustang303.cyou/not-found-image.jpg
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://mustang303.cyou/favicon.ico
Message:
Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api-tester.feiwindevelopment.com
api.ipify.org
appdv76.s3.ap-southeast-3.amazonaws.com
c.cnzz.com
connect.facebook.net
gfkqn.xyz
mmillerassociates.com
mustang303.cyou
s4.cnzz.com
www.facebook.com
www.google.com
www.googleadservices.com
www.googletagmanager.com
www.vofzhq.com
z3.cnzz.com
api-tester.feiwindevelopment.com
connect.facebook.net
s4.cnzz.com
www.google.com
z3.cnzz.com
107.163.163.254
157.240.0.6
172.217.18.2
172.67.187.171
172.67.74.152
188.114.97.3
240e:cf:8800:53:3::7ea
2606:4700:3037::6815:2a35
2a00:1450:4001:80e::2008
2a03:2880:f177:185:face:b00c:0:25de
3.5.36.123
2104abd2153dc1ec77bddf06159776fb4025b04591b9449253ff36b0e3242974
301bd9f16f94feedfae7a946a14bac38cb73c43efe6117bc5586835af03d7d6f
4493cdaf9fa12baaaa0772fd089318481124f2b854d8ee3d652b077db765ea0d
4a711f5cd03c09fd79ae2f19bb2f71168e71c18b7562626a1ae8d99ebc3212ff
4bf3a7f4958135e9c31f0f5b61cec788aab5390de0a85eb1f203ff22358fe2b2
4ca6122030dea2d2e66cde8f69cc201e27169e9d96380e736e9224c9e320a4f6
4e40caec07450755166c40ba51099f2807b4b2efc3d6252f59d26bc0be325e9e
735fa5c2749fd619950da70a8727a1108486739eda12bd01bf8d2e4335068563
7d9ce64336a5f16eda6a514acb76dced3af8bf293a570bb81ec60041894ed5e7
832608f04479852728b8f309472f2262ffc7fe9e858033dfebb7e6e0031f933c
857726437435447dd7f9970ac0ddf672c69889f1e3c087b1d84f009cf1edeeba
a3c06e59f0057db0b405c533fafaa382eaa0ccd4077a2cb8751f069d86669d1f
a4ceb917e6fd8bff1a6e90fb001c5feea2f1b6a386f821431af448eb64f2209a
b3cad51ca0cfdbeac9d38f7aad54e6564408f0da56a6fd56350e0d03d4f0aef9
bcfd8abbc2e89800a31442313d703e6990f0eeb8ccade78bfa7996d9bdb43d72
c35b9be33c4ae75f7d21c7f88fa3f7c6fb334570bf712a57ba721921139003ed
c541ef06327885a8415bca8df6071e14189b4855336def4f36db54bde8484f36
c64254f49eb8785da2d38f9c4e119f4e2c5a37311783f9d1b679cf297b67423d
cec231b75bd545b0e5a32db063c6221f872023c40363dfc924df204d31e25d40
ddead68641b4994eb750365cd1012393abc56596cc37235063351b78d17e6061
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f4d9c3d1d4d5c49c73939f67804626803e3ebff8faf42720f6a4ddce47b80aff
f8e177d8209998de87c94002fcc0f8f3f2d68515b0f83b9b17b7417686b5f284
fee19288e261acbd6ea45956b72d4623236b3efa9a244bf5dfa0a2f3dcd114c0