urlscan.io logo urlscan.io
SecurityTrails logo

promo.appfofun.com Open in urlscan Pro
80.74.141.5  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://brauth.website/
Effective URL: https://promo.appfofun.com/4fen2/w/1539202/index.php?SES=2801430549&router_id=b2ncmnervjhhgo
Submission: On September 17 via automatic, source certstream-suspicious
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 11 IPs in 6 countries across 13 domains to perform 19 HTTP transactions. The main IP is 80.74.141.5, located in Switzerland and belongs to ASN-METANET Routing/peering issues: noc@metanet.ch, CH. The main domain is promo.appfofun.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on July 15th 2020. Valid for: 3 months.
This is the only time promo.appfofun.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 2606:4700:303... 13335 (CLOUDFLAR...)
2 80.74.141.5 21069 (ASN-METAN...)
4 2606:4700:303... 13335 (CLOUDFLAR...)
1 99.84.158.183 16509 (AMAZON-02)
2 139.45.195.162 9002 (RETN-AS)
2 2a00:1450:400... 15169 (GOOGLE)
3 2a03:2880:f01... 32934 (FACEBOOK)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2 2a03:2880:f11... 32934 (FACEBOOK)
1 2a03:2880:f01... 32934 (FACEBOOK)
19 11
1    2606:4700:3035::ac43:a242 (United States)

ASN13335 (CLOUDFLARENET, US)
brauth.website
2    80.74.141.5 (Switzerland)

ASN21069 (ASN-METANET Routing/peering issues: noc@metanet.ch, CH)
PTR: mail2.busuu.com
promo.appfofun.com
api.basebone.com
4    2606:4700:3035::681f:5176 (United States)

ASN13335 (CLOUDFLARENET, US)
basebonecdn.com
1    99.84.158.183 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-84-158-183.txl52.r.cloudfront.net
d2gkcwmza574jt.cloudfront.net
2    139.45.195.162 (Ascension Island)

ASN9002 (RETN-AS, EU)
my.rtmark.net
2    2a00:1450:4001:81a::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
3    2a03:2880:f01c:8012:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK, US)
connect.facebook.net
1    2a00:1450:400c:c0c::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
1    2a00:1450:4001:825::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
1    2a00:1450:4001:819::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
2    2a03:2880:f11c:8183:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK, US)
www.facebook.com
1    2a03:2880:f01c:8004:face:b00c:0:8c (Ireland)

ASN32934 (FACEBOOK, US)
cx.atdmt.com
Domain Requested by
4 basebonecdn.com promo.appfofun.com
3 connect.facebook.net promo.appfofun.com
connect.facebook.net
2 www.facebook.com 1 redirects promo.appfofun.com
2 www.google-analytics.com promo.appfofun.com
2 my.rtmark.net promo.appfofun.com
1 cx.atdmt.com
1 www.google.de promo.appfofun.com
1 www.google.com promo.appfofun.com
1 api.basebone.com promo.appfofun.com
1 stats.g.doubleclick.net www.google-analytics.com
1 d2gkcwmza574jt.cloudfront.net promo.appfofun.com
1 promo.appfofun.com
1 brauth.website 1 redirects
19 13

This site contains no links.

Subject Issuer Validity Valid
appfofun.com
Let's Encrypt Authority X3		 2020-07-15 -
2020-10-13		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2020-08-18 -
2021-08-18		 a year crt.sh
*.cloudfront.net
DigiCert Global CA G2		 2020-05-26 -
2021-04-21		 a year crt.sh
*.rtmark.net
Let's Encrypt Authority X3		 2020-08-28 -
2020-11-26		 3 months crt.sh
*.google-analytics.com
GTS CA 1O1		 2020-08-26 -
2020-11-18		 3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2020-07-21 -
2020-10-12		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1O1		 2020-08-26 -
2020-11-18		 3 months crt.sh
*.basebone.com
Sectigo RSA Domain Validation Secure Server CA		 2020-06-10 -
2022-06-10		 2 years crt.sh
www.google.com
GTS CA 1O1		 2020-08-26 -
2020-11-18		 3 months crt.sh
www.google.de
GTS CA 1O1		 2020-08-26 -
2020-11-18		 3 months crt.sh
*.atlassolutions.com
DigiCert SHA2 High Assurance Server CA		 2020-08-12 -
2020-11-10		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://promo.appfofun.com/4fen2/w/1539202/index.php?SES=2801430549&router_id=b2ncmnervjhhgo
Frame ID: E1EDE0065DD405D81D2E03D3C23C78F8
Requests: 19 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://brauth.website/ HTTP 302
    https://promo.appfofun.com/4fen2/w/1539202/index.php?SES=2801430549&router_id=b2ncmnervjhhgo Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Overall confidence: 100%
Detected patterns
  • script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i
Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Page Statistics

19
Requests

100 %
HTTPS

75 %
IPv6

13
Domains

13
Subdomains

11
IPs

6
Countries

232 kB
Transfer

789 kB
Size

7
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://brauth.website/ HTTP 302
    https://promo.appfofun.com/4fen2/w/1539202/index.php?SES=2801430549&router_id=b2ncmnervjhhgo Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 17
  • https://www.facebook.com/tr/?id=316588752340006&ev=Microdata&dl=https%3A%2F%2Fpromo.appfofun.com%2F4fen2%2Fw%2F1539202%2Findex.php%3FSES%3D2801430549%26router_id%3Db2ncmnervjhhgo&rl=&if=false&ts=1600334347024&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22Android%20Antivirus%22%7D&cd[OpenGraph]=%7B%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&ud[ph]=5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9&ud[country]=9a8bf3ebbe6f826e39772c4763bea0722b18c0e4b5b7ba2fe6813f02f7f0a06a&v=2.9.24&r=stable&ec=1&o=30&fbp=fb.1.1600334345519.1572559124&it=1600334345476&coo=false&es=automatic&tm=3&rqm=GET HTTP 302
  • https://cx.atdmt.com/?c=12988810621656320841&f=AYxdjfoLUieAwHLcoKGXMRRO1FnxX40ntlmu5cLXyBYSMxYLekPQJcBbKW9tj6_11DENWobqNm2FBfPWvsFAWf_T&id=316588752340006&l=3&v=0

19 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Cookie set index.php
promo.appfofun.com/4fen2/w/1539202/
Redirect Chain
  • https://brauth.website/
  • https://promo.appfofun.com/4fen2/w/1539202/index.php?SES=2801430549&router_id=b2ncmnervjhhgo
14 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://promo.appfofun.com/4fen2/w/1539202/index.php?SES=2801430549&router_id=b2ncmnervjhhgo
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
80.74.141.5 , Switzerland, ASN21069 (ASN-METANET Routing/peering issues: noc@metanet.ch, CH),
Reverse DNS
mail2.busuu.com
Software
Apache /
Resource Hash
eb2ad4bc4d2561d35b1890984e3349b8e1f26db77b72924e6561644991b6f096
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none'
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Host
promo.appfofun.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 17 Sep 2020 09:19:05 GMT
Server
Apache
Set-Cookie
router_id=b2ncmnervjhhgo; expires=Thu, 24-Sep-2020 09:19:05 GMT; Max-Age=604800; path=/ SES=2801430549; expires=Fri, 18-Sep-2020 09:19:05 GMT; Max-Age=86400; path=/4fen2/w/1539202/ LPSID=CB2; path=/
Expires
Sat, 26 Jul 1997 05:00:00 GMT
Cache-Control
no-cache, must-revalidate, no-transform
X-Frame-Options
DENY
Content-Security-Policy
frame-ancestors 'none'
X-XSS-Protection
1; mode=block
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
Vary
Accept-Encoding
Content-Encoding
gzip
Content-Length
4846
Content-Type
text/html; charset=utf-8

Redirect headers

status
302
date
Thu, 17 Sep 2020 09:19:05 GMT
content-type
text/html; charset=UTF-8
set-cookie
__cfduid=db8f6ccb5f5c4aa664db48651cee296cb1600334345; expires=Sat, 17-Oct-20 09:19:05 GMT; path=/; domain=.brauth.website; HttpOnly; SameSite=Lax; Secure PHPSESSID=9ub8dnokfm8f35m9sktbrr72h0; path=/
x-frame-options
DENY
access-control-allow-origin
*
expires
Thu, 19 Nov 1981 08:52:00 GMT
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma
no-cache
location
https://promo.appfofun.com/4fen2/w/1539202/index.php?SES=2801430549&router_id=b2ncmnervjhhgo
cf-cache-status
DYNAMIC
cf-request-id
053cf54b37000005e4728cd200000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
5d41be58593205e4-FRA
games.baseplay.co_logo_white_hor.png
basebonecdn.com/media/images/logos/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://basebonecdn.com/media/images/logos/games.baseplay.co_logo_white_hor.png
Requested by
Host: promo.appfofun.com
URL: https://promo.appfofun.com/4fen2/w/1539202/index.php?SES=2801430549&router_id=b2ncmnervjhhgo
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::681f:5176 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e2bfafe5bdc41487da086d11c7a756fa27d3324db80ccfcbd06f0dc12917670b

Request headers

Referer
https://promo.appfofun.com/4fen2/w/1539202/index.php?SES=2801430549&router_id=b2ncmnervjhhgo
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 17 Sep 2020 09:19:05 GMT
via
1.1 7d89b6cf83f15400102bd86c47585040.cloudfront.net (CloudFront)
cf-cache-status
REVALIDATED
x-amz-cf-pop
FRA53-C1
x-cache
Miss from cloudfront
status
200
content-type
image/png
content-length
3150
cf-request-id
053cf54cf20000bec930818200000001
last-modified
Mon, 17 Sep 2018 14:39:00 GMT
server
cloudflare
etag
"2f789d749538ebe5efda832462c86772"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-amz-version-id
Uim7jqWwlQq8bn8SY2jroRzgdWm71qvJ
cache-control
max-age=86400
accept-ranges
bytes
cf-ray
5d41be5b1edbbec9-FRA
x-amz-cf-id
10-brwh3rOejwfaHtKSkwC3q_y96MS-6sU2nYVYcbPDsoJHO6EAIhQ==
antivirus_wap_lp_za_top_7_300.gif
basebonecdn.com/media/images/antivirus/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://basebonecdn.com/media/images/antivirus/antivirus_wap_lp_za_top_7_300.gif
Requested by
Host: promo.appfofun.com
URL: https://promo.appfofun.com/4fen2/w/1539202/index.php?SES=2801430549&router_id=b2ncmnervjhhgo
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::681f:5176 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a42f4ab4dd6997d6cc86252caa125be928e9308a40053f16dbbc3f38f90220ad

Request headers

Referer
https://promo.appfofun.com/4fen2/w/1539202/index.php?SES=2801430549&router_id=b2ncmnervjhhgo
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 17 Sep 2020 09:19:05 GMT
via
1.1 f2db75b601dc30df73b1beb29596a375.cloudfront.net (CloudFront)
cf-cache-status
MISS
x-amz-cf-pop
FRA53-C1
x-cache
Miss from cloudfront
status
200
content-type
image/gif
content-length
7387
cf-request-id
053cf54cf20000bec930819200000001
last-modified
Wed, 02 May 2018 12:51:29 GMT
server
cloudflare
etag
"38e9a1726d8583a84d54f0f19e148697"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-amz-version-id
j5ttVUJTV7_xpslLjI_IDvquRtl7PinG
cache-control
public, max-age=846000
accept-ranges
bytes
cf-ray
5d41be5b1edcbec9-FRA
x-amz-cf-id
2olVNdNyzPTeaKo_xOa7ldb_vnYVshHO8sIIh3ESeObPRKdyO8gyVw==
antivirus_wap_lp_za_7_300.gif
basebonecdn.com/media/images/antivirus/ 		14 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://basebonecdn.com/media/images/antivirus/antivirus_wap_lp_za_7_300.gif
Requested by
Host: promo.appfofun.com
URL: https://promo.appfofun.com/4fen2/w/1539202/index.php?SES=2801430549&router_id=b2ncmnervjhhgo
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::681f:5176 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6da3887e3ec09b5a85c89e65a650a0097d0e3734503d35ed6b365b85089382ce

Request headers

Referer
https://promo.appfofun.com/4fen2/w/1539202/index.php?SES=2801430549&router_id=b2ncmnervjhhgo
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 17 Sep 2020 09:19:05 GMT
via
1.1 7d89b6cf83f15400102bd86c47585040.cloudfront.net (CloudFront)
cf-cache-status
MISS
x-amz-cf-pop
FRA53-C1
x-cache
Miss from cloudfront
status
200
content-type
image/gif
content-length
14319
cf-request-id
053cf54cf20000bec93081b200000001
last-modified
Wed, 02 May 2018 12:51:28 GMT
server
cloudflare
etag
"d613ba0bab83aa5ca77af52e59bc9c96"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-amz-version-id
hZNLvBq5gMgcpRUfVWIn_s3DEjOrpxOT
cache-control
public, max-age=846000
accept-ranges
bytes
cf-ray
5d41be5b1edebec9-FRA
x-amz-cf-id
S7BVTENZABDiIO_nsbzIWDbn0ono7ExY1YtmBYaby8hJj-KKEc3tZA==
baseblock_logo.gif
d2gkcwmza574jt.cloudfront.net/media/images/general/ 		731 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2gkcwmza574jt.cloudfront.net/media/images/general/baseblock_logo.gif
Requested by
Host: promo.appfofun.com
URL: https://promo.appfofun.com/4fen2/w/1539202/index.php?SES=2801430549&router_id=b2ncmnervjhhgo
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
99.84.158.183 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-84-158-183.txl52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
1ea1b2d365d4cb8c31da6e34e7879078c8b24eb572d5a8990cf8180d530cb44e

Request headers

Referer
https://promo.appfofun.com/4fen2/w/1539202/index.php?SES=2801430549&router_id=b2ncmnervjhhgo
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id
rStPgnSTVjf0J05QjaSSAZHupL230.uE
Via
1.1 3b9e149724e93026c0277288bbe3906a.cloudfront.net (CloudFront)
Last-Modified
Wed, 02 May 2018 12:55:22 GMT
Server
AmazonS3
Age
83153
ETag
"a4b52286aedcf3ad23503c6a6290f262"
X-Cache
Hit from cloudfront
Content-Type
image/gif
Connection
keep-alive
Date
Wed, 16 Sep 2020 10:13:13 GMT
X-Amz-Cf-Pop
TXL52-C1
Accept-Ranges
bytes
Content-Length
731
X-Amz-Cf-Id
zn6w29IK8j-_Q9Ouo2_lZuJk3VO0X67UVb3MMRZH6SLoZtRfNXOn6g==
p.js
my.rtmark.net/ 		697 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://my.rtmark.net/p.js?f=sync&lr=1&partner=e4433d196201dabb3d3131ccb7cd09dc39b5898761466ff24d75e42ccade3155
Requested by
Host: promo.appfofun.com
URL: https://promo.appfofun.com/4fen2/w/1539202/index.php?SES=2801430549&router_id=b2ncmnervjhhgo
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_CBC
Server
139.45.195.162 , Ascension Island, ASN9002 (RETN-AS, EU),
Reverse DNS
Software
nginx /
Resource Hash
910c9a08dbacc4603c934adbc5b6f057c2c37833d1e0bc5bee5465eee94bfea9
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

Referer
https://promo.appfofun.com/4fen2/w/1539202/index.php?SES=2801430549&router_id=b2ncmnervjhhgo
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 17 Sep 2020 09:19:05 GMT
X-Content-Type-Options
nosniff
Server
nginx
Strict-Transport-Security
max-age=1
Access-Control-Allow-Methods
POST, GET, OPTIONS, PUT, DELETE
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Authorization
Access-Control-Allow-Credentials
true
Connection
keep-alive
Timing-Allow-Origin
*, *
Access-Control-Allow-Headers
Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
Content-Length
697
analytics.js
www.google-analytics.com/ 		45 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: promo.appfofun.com
URL: https://promo.appfofun.com/4fen2/w/1539202/index.php?SES=2801430549&router_id=b2ncmnervjhhgo
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
60863e86aa7743d1ac841da7f473a05cd57fba81d661cef658e385437f80d5ef
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://promo.appfofun.com/4fen2/w/1539202/index.php?SES=2801430549&router_id=b2ncmnervjhhgo
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 09 Sep 2020 01:50:37 GMT
server
Golfe2
age
205
date
Thu, 17 Sep 2020 09:15:40 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18650
expires
Thu, 17 Sep 2020 11:15:40 GMT
fbevents.js
connect.facebook.net/en_US/ 		135 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: promo.appfofun.com
URL: https://promo.appfofun.com/4fen2/w/1539202/index.php?SES=2801430549&router_id=b2ncmnervjhhgo
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
097afea517679d2e0b986d77cb3fe7808026882b52ca074a050e03e7a4a6996b
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://promo.appfofun.com/4fen2/w/1539202/index.php?SES=2801430549&router_id=b2ncmnervjhhgo
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
34302
x-xss-protection
0
pragma
public
x-fb-debug
rAQqbD3DAdTaZ19tEQliiGT6qXmEEabzZ9CHoVP9PObhUOrp8DSN/J7gtmNnTKUoxL+Adwk9kL6BDBt1SjbI5w==
x-fb-trip-id
664085054
x-frame-options
DENY
date
Thu, 17 Sep 2020 09:19:05 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
cache-control
public, max-age=1200
content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
expires
Sat, 01 Jan 2000 00:00:00 GMT
input_phone_icon.gif
basebonecdn.com/media/images/general/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://basebonecdn.com/media/images/general/input_phone_icon.gif
Requested by
Host: promo.appfofun.com
URL: https://promo.appfofun.com/4fen2/w/1539202/index.php?SES=2801430549&router_id=b2ncmnervjhhgo
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::681f:5176 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
589d1f4b03f5bfc5c203c4b6772f47dac0e02462d9be1b0eb15bb60f30af0a32

Request headers

Referer
https://promo.appfofun.com/4fen2/w/1539202/index.php?SES=2801430549&router_id=b2ncmnervjhhgo
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 17 Sep 2020 09:19:05 GMT
via
1.1 269bfdd288bfea5423a4e9e701777da6.cloudfront.net (CloudFront)
cf-cache-status
MISS
x-amz-cf-pop
FRA53-C1
x-cache
Miss from cloudfront
status
200
content-type
image/gif
content-length
1192
cf-request-id
053cf54cf20000bec93081a200000001
last-modified
Wed, 02 May 2018 12:55:37 GMT
server
cloudflare
etag
"eab3a5402d26b71133370dcdd31cfc56"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-amz-version-id
nKKeZacr0lHDC6ZgFSe5VR7ofQJiSlZX
cache-control
public, max-age=846000
accept-ranges
bytes
cf-ray
5d41be5b1eddbec9-FRA
x-amz-cf-id
TzRRvVH3nXk9EpYI9hG9g7nsK95LAwawSMzB5bA9ZOLABLmliXlwFQ==
collect
stats.g.doubleclick.net/j/ 		4 B
89 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j86&tid=UA-137419518-1&cid=524926204.1600334345&jid=1120311348&gjid=1718898787&_gid=1106681171.1600334345&_u=6GBAgEABAAAAAE~&z=1583262453
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c0c::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://promo.appfofun.com/4fen2/w/1539202/index.php?SES=2801430549&router_id=b2ncmnervjhhgo
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Thu, 17 Sep 2020 09:19:05 GMT
status
200
content-type
text/plain
access-control-allow-origin
https://promo.appfofun.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
analytics.php
api.basebone.com/frontend/google/ 		7 B
309 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.basebone.com/frontend/google/analytics.php
Requested by
Host: promo.appfofun.com
URL: https://promo.appfofun.com/4fen2/w/1539202/index.php?SES=2801430549&router_id=b2ncmnervjhhgo
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
80.74.141.5 , Switzerland, ASN21069 (ASN-METANET Routing/peering issues: noc@metanet.ch, CH),
Reverse DNS
mail2.busuu.com
Software
Apache /
Resource Hash
c88a0b907419a70c27ab7c1f8e5fb54441a4d9c3567e4c928fa7b2091194aecf

Request headers

Referer
https://promo.appfofun.com/4fen2/w/1539202/index.php?SES=2801430549&router_id=b2ncmnervjhhgo
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

Access-Control-Allow-Origin
*
Date
Thu, 17 Sep 2020 09:19:05 GMT
Content-Encoding
gzip
Server
Apache
Access-Control-Allow-Headers
Content-Type
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
collect
www.google-analytics.com/ 		35 B
392 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j86&a=356712088&t=pageview&_s=1&dl=https%3A%2F%2Fpromo.appfofun.com%2F4fen2%2Fw%2F1539202%2Findex.php%3FSES%3D2801430549%26router_id%3Db2ncmnervjhhgo&ul=en-us&de=UTF-8&dt=Android%20Antivirus&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=6GBAgEAB~&jid=1120311348&gjid=1718898787&cid=524926204.1600334345&tid=UA-137419518-1&_gid=1106681171.1600334345&cd2=524926204.1600334345&cd3=2801430549&cd4=2020-09-17T11%3A19%3A05%2B02%3A00&cd7=90607&cd8=907&cd11=90607&cd12=11&cd13=79&cd14=4028&cd15=124&cd16=9130&cd17=1&cd18=%7Bcampaignid%7D_%7Bzoneid%7D&cd19=1&cd20=449&cd21=27&cd22=103&z=1799613740
Requested by
Host: promo.appfofun.com
URL: https://promo.appfofun.com/4fen2/w/1539202/index.php?SES=2801430549&router_id=b2ncmnervjhhgo
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://promo.appfofun.com/4fen2/w/1539202/index.php?SES=2801430549&router_id=b2ncmnervjhhgo
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 16 Sep 2020 11:26:22 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
78763
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
identity.js
connect.facebook.net/signals/plugins/ 		43 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/plugins/identity.js?v=2.9.24
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
b72031ab9ee0b637634d8b4c5ea7d5c9c1286acaa1a5f3f8c43d3a8f5fa82664
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://promo.appfofun.com/4fen2/w/1539202/index.php?SES=2801430549&router_id=b2ncmnervjhhgo
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
10760
x-xss-protection
0
pragma
public
x-fb-debug
hiKF9rMj7yRSwnjdK2k2U93+4digsUyItkemj/B/Y5e6wodqvjdHXuYwf9o3sgzUF7/Zjx1gfXUhvXHTBkkwrQ==
x-fb-trip-id
664085054
x-frame-options
DENY
date
Thu, 17 Sep 2020 09:19:05 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
cache-control
public, max-age=1200
content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
expires
Sat, 01 Jan 2000 00:00:00 GMT
316588752340006
connect.facebook.net/signals/config/ 		525 KB
132 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/316588752340006?v=2.9.24&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
ee512890e4e1d7239d0bca8e448f3b4f79994e108f6bcad3ed42c0fde37e246a
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://promo.appfofun.com/4fen2/w/1539202/index.php?SES=2801430549&router_id=b2ncmnervjhhgo
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
135415
x-xss-protection
0
pragma
public
x-fb-debug
TYRBfO19fBsZzGTYcLfksPbP+NlkBfAIIkCygNQDZGbOw4V9PZAtTyZwtoxsQ6i961stXz5qTmuE8RfiMQtDSw==
x-fb-trip-id
664085054
x-frame-options
DENY
date
Thu, 17 Sep 2020 09:19:05 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
cache-control
public, max-age=1200
content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
expires
Sat, 01 Jan 2000 00:00:00 GMT
ga-audiences
www.google.com/ads/ 		42 B
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j86&tid=UA-137419518-1&cid=524926204.1600334345&jid=1120311348&_u=6GBAgEABAAAAAE~&z=1052515085
Requested by
Host: promo.appfofun.com
URL: https://promo.appfofun.com/4fen2/w/1539202/index.php?SES=2801430549&router_id=b2ncmnervjhhgo
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://promo.appfofun.com/4fen2/w/1539202/index.php?SES=2801430549&router_id=b2ncmnervjhhgo
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 17 Sep 2020 09:19:05 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j86&tid=UA-137419518-1&cid=524926204.1600334345&jid=1120311348&_u=6GBAgEABAAAAAE~&z=1052515085
Requested by
Host: promo.appfofun.com
URL: https://promo.appfofun.com/4fen2/w/1539202/index.php?SES=2801430549&router_id=b2ncmnervjhhgo
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://promo.appfofun.com/4fen2/w/1539202/index.php?SES=2801430549&router_id=b2ncmnervjhhgo
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 17 Sep 2020 09:19:05 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.facebook.com/tr/ 		44 B
378 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=316588752340006&ev=Audience&dl=https%3A%2F%2Fpromo.appfofun.com%2F4fen2%2Fw%2F1539202%2Findex.php%3FSES%3D2801430549%26router_id%3Db2ncmnervjhhgo&rl=&if=false&ts=1600334345520&cd[page]=INDEX&cd[network]=103&sw=1600&sh=1200&ud[ph]=5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9&ud[country]=9a8bf3ebbe6f826e39772c4763bea0722b18c0e4b5b7ba2fe6813f02f7f0a06a&v=2.9.24&r=stable&ec=0&o=30&fbp=fb.1.1600334345519.1572559124&it=1600334345476&coo=false&rqm=GET
Requested by
Host: promo.appfofun.com
URL: https://promo.appfofun.com/4fen2/w/1539202/index.php?SES=2801430549&router_id=b2ncmnervjhhgo
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://promo.appfofun.com/4fen2/w/1539202/index.php?SES=2801430549&router_id=b2ncmnervjhhgo
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 17 Sep 2020 09:19:05 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
status
200
cache-control
no-cache, must-revalidate, max-age=0
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
44
expires
Thu, 17 Sep 2020 09:19:05 GMT
img.gif
my.rtmark.net/ 		43 B
707 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://my.rtmark.net/img.gif?f=sync&partner=e4433d196201dabb3d3131ccb7cd09dc39b5898761466ff24d75e42ccade3155&ttl=&rurl=https%3A%2F%2Fpromo.appfofun.com%2F4fen2%2Fw%2F1539202%2Findex.php%3FSES%3D2801430549%26router_id%3Db2ncmnervjhhgo
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_CBC
Server
139.45.195.162 , Ascension Island, ASN9002 (RETN-AS, EU),
Reverse DNS
Software
nginx /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

Referer
https://promo.appfofun.com/4fen2/w/1539202/index.php?SES=2801430549&router_id=b2ncmnervjhhgo
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 17 Sep 2020 09:19:06 GMT
X-Content-Type-Options
nosniff
Server
nginx
Strict-Transport-Security
max-age=1
Access-Control-Allow-Methods
POST, GET, OPTIONS, PUT, DELETE
Content-Type
image/gif
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Authorization
Access-Control-Allow-Credentials
true
Connection
keep-alive
Timing-Allow-Origin
*, *
Access-Control-Allow-Headers
Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
Content-Length
43
/
cx.atdmt.com/
Redirect Chain
  • https://www.facebook.com/tr/?id=316588752340006&ev=Microdata&dl=https%3A%2F%2Fpromo.appfofun.com%2F4fen2%2Fw%2F1539202%2Findex.php%3FSES%3D2801430549%26router_id%3Db2ncmnervjhhgo&rl=&if=false&ts=16...
  • https://cx.atdmt.com/?c=12988810621656320841&f=AYxdjfoLUieAwHLcoKGXMRRO1FnxX40ntlmu5cLXyBYSMxYLekPQJcBbKW9tj6_11DENWobqNm2FBfPWvsFAWf_T&id=316588752340006&l=3&v=0
43 B
420 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cx.atdmt.com/?c=12988810621656320841&f=AYxdjfoLUieAwHLcoKGXMRRO1FnxX40ntlmu5cLXyBYSMxYLekPQJcBbKW9tj6_11DENWobqNm2FBfPWvsFAWf_T&id=316588752340006&l=3&v=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8004:face:b00c:0:8c , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://promo.appfofun.com/4fen2/w/1539202/index.php?SES=2801430549&router_id=b2ncmnervjhhgo
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
public
x-fb-debug
zIgi4nB34U/qnBQoaksAbQADru782islwS+4RCwOljljcbgshX2cZYZSnG9Sqsvc/ljyYmNuXuyFO1iIl507LA==
content-encoding
br
x-content-type-options
nosniff
date
Thu, 17 Sep 2020 02:19:07 PDT
x-frame-options
DENY
content-type
image/gif
status
200
cache-control
public, max-age=0
vary
Accept-Encoding
expires
Thu, 17 Sep 2020 02:19:07 PDT

Redirect headers

pragma
no-cache
date
Thu, 17 Sep 2020 09:19:07 GMT
server
proxygen-bolt
status
302
content-type
text/plain
location
https://cx.atdmt.com/?c=12988810621656320841&f=AYxdjfoLUieAwHLcoKGXMRRO1FnxX40ntlmu5cLXyBYSMxYLekPQJcBbKW9tj6_11DENWobqNm2FBfPWvsFAWf_T&id=316588752340006&l=3&v=0
cache-control
no-cache, no-store, must-revalidate
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
0
expires
0

Verdicts & Comments Add Verdict or Comment

19 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| trustedTypes function| analyticsAjaxRequest string| GoogleAnalyticsObject function| ga function| fbq function| _fbq boolean| requestSent object| form object| input object| price function| disableEvent function| ajaxRequest function| checkMsisdn function| changePrice function| requestPrice object| google_tag_data object| gaplugins object| gaGlobal object| gaData

7 Cookies

Domain/Path Name / Value
.appfofun.com/ Name: _fbp
Value: fb.1.1600334345519.1572559124
.appfofun.com/ Name: _gat_trackerGlobal
Value: 1
.appfofun.com/ Name: _ga
Value: GA1.2.524926204.1600334345
promo.appfofun.com/ Name: router_id
Value: b2ncmnervjhhgo
promo.appfofun.com/ Name: LPSID
Value: CB2
.appfofun.com/ Name: _gid
Value: GA1.2.1106681171.1600334345
promo.appfofun.com/4fen2/w/1539202/ Name: SES
Value: 2801430549

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy frame-ancestors 'none'
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.basebone.com
basebonecdn.com
brauth.website
connect.facebook.net
cx.atdmt.com
d2gkcwmza574jt.cloudfront.net
my.rtmark.net
promo.appfofun.com
stats.g.doubleclick.net
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
139.45.195.162
2606:4700:3035::681f:5176
2606:4700:3035::ac43:a242
2a00:1450:4001:819::2003
2a00:1450:4001:81a::200e
2a00:1450:4001:825::2004
2a00:1450:400c:c0c::9a
2a03:2880:f01c:8004:face:b00c:0:8c
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
80.74.141.5
99.84.158.183
097afea517679d2e0b986d77cb3fe7808026882b52ca074a050e03e7a4a6996b
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
1ea1b2d365d4cb8c31da6e34e7879078c8b24eb572d5a8990cf8180d530cb44e
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
589d1f4b03f5bfc5c203c4b6772f47dac0e02462d9be1b0eb15bb60f30af0a32
60863e86aa7743d1ac841da7f473a05cd57fba81d661cef658e385437f80d5ef
6da3887e3ec09b5a85c89e65a650a0097d0e3734503d35ed6b365b85089382ce
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
910c9a08dbacc4603c934adbc5b6f057c2c37833d1e0bc5bee5465eee94bfea9
a42f4ab4dd6997d6cc86252caa125be928e9308a40053f16dbbc3f38f90220ad
b72031ab9ee0b637634d8b4c5ea7d5c9c1286acaa1a5f3f8c43d3a8f5fa82664
c88a0b907419a70c27ab7c1f8e5fb54441a4d9c3567e4c928fa7b2091194aecf
e2bfafe5bdc41487da086d11c7a756fa27d3324db80ccfcbd06f0dc12917670b
eb2ad4bc4d2561d35b1890984e3349b8e1f26db77b72924e6561644991b6f096
ee512890e4e1d7239d0bca8e448f3b4f79994e108f6bcad3ed42c0fde37e246a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629