urlscan.io logo urlscan.io
SecurityTrails logo

gf.fan Open in urlscan Pro
18.66.112.53  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://em.money2020.com/ODk3LU1CQy0yMDcAAAGLZoG29KG0DesNk8ycR2D92ZgtDil-siDxcG5SxFCQjo9v9BVd5-eJT7fpFZvPUYJYnXItey4=
Effective URL: https://gf.fan/MONEY2020/europesgotaccess?utm_term=noterm&utm_campaign=global2023-overlap&utm_medium=email&utm_...
Submission: On May 30 via api from IN — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 11 IPs in 4 countries across 8 domains to perform 19 HTTP transactions. The main IP is 18.66.112.53, located in United States and belongs to AMAZON-02, US. The main domain is gf.fan.
TLS certificate: Issued by Amazon RSA 2048 M02 on May 8th 2023. Valid for: a year.
This is the only time gf.fan was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

1    104.17.71.206 (None, )

ASN13335 (CLOUDFLARENET, US)
em.money2020.com
5    18.66.112.53 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-112-53.fra56.r.cloudfront.net
gf.fan
1    2a00:1450:4001:813::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
2    2a00:1450:4001:80e::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    2a00:1450:400c:c0a::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
1    2a00:1450:4001:813::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
1    2a00:1450:4001:828::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
4    2600:1f18:41d6:7400:495f:aa39:1f56:a449 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
cognito-identity.us-east-1.amazonaws.com
2    52.217.89.40 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-us-east-1-r-w.amazonaws.com
gf-fan-engagement.s3.us-east-1.amazonaws.com
1    52.216.213.57 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-1-w.amazonaws.com
gf-fan-engagement.s3.amazonaws.com
Apex Domain
Subdomains		 Transfer
7 amazonaws.com
cognito-identity.us-east-1.amazonaws.com — Cisco Umbrella Rank: 2052
gf-fan-engagement.s3.us-east-1.amazonaws.com
gf-fan-engagement.s3.amazonaws.com
867 KB
5 gf.fan
gf.fan
743 KB
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 30
21 KB
1 google.de
www.google.de — Cisco Umbrella Rank: 6080
408 B
1 google.com
www.google.com — Cisco Umbrella Rank: 2
408 B
1 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 76
343 B
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 40
51 KB
1 money2020.com
em.money2020.com
1 KB
19 8
Domain Requested by
5 gf.fan em.money2020.com
gf.fan
4 cognito-identity.us-east-1.amazonaws.com gf.fan
2 gf-fan-engagement.s3.us-east-1.amazonaws.com gf.fan
2 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
1 gf-fan-engagement.s3.amazonaws.com
1 www.google.de gf.fan
1 www.google.com gf.fan
1 stats.g.doubleclick.net www.google-analytics.com
1 www.googletagmanager.com gf.fan
1 em.money2020.com
19 10

This site contains links to these domains. Also see Links.

Domain
greenfly.com
Subject Issuer Validity Valid
em.money2020.com
Cloudflare Inc ECC CA-3		 2022-09-04 -
2023-09-04		 a year crt.sh
gf.fan
Amazon RSA 2048 M02		 2023-05-08 -
2024-06-05		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2023-05-08 -
2023-07-31		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2023-05-08 -
2023-07-31		 3 months crt.sh
www.google.com
GTS CA 1C3		 2023-05-08 -
2023-07-31		 3 months crt.sh
www.google.de
GTS CA 1C3		 2023-05-08 -
2023-07-31		 3 months crt.sh
cognito-identity.us-east-1.amazonaws.com
Amazon RSA 2048 M02		 2023-05-08 -
2024-06-05		 a year crt.sh
s3.amazonaws.com
Amazon RSA 2048 M01		 2023-04-11 -
2023-12-20		 8 months crt.sh
*.s3.amazonaws.com
Amazon RSA 2048 M01		 2023-03-21 -
2023-12-19		 9 months crt.sh

This page contains 1 frames:

Primary Page: https://gf.fan/MONEY2020/europesgotaccess?utm_term=noterm&utm_campaign=global2023-overlap&utm_medium=email&utm_source=mkt-email-delprom&utm_content=2023.04.27&mkt_tok=ODk3LU1CQy0yMDcAAAGLZoG29G0xAP4tokk40UFEqVIb0eEcJMalMw6uq3pev1fR7iPnABtldKFULEWfOFhaI_Vuv4r7cSmYQQ3eanRlirlFop9EMvZszfWqJBrhOZB2ez8
Frame ID: CD08DD9399C992F91569671596EC4933
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Greenfly Fan

Page URL History Show full URLs

  1. https://em.money2020.com/ODk3LU1CQy0yMDcAAAGLZoG29KG0DesNk8ycR2D92ZgtDil-siDxcG5SxFCQjo9v9BVd5-eJT7fp... Page URL
  2. https://gf.fan/MONEY2020/europesgotaccess?utm_term=noterm&utm_campaign=global2023-overlap&u... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/ns\.html[^>]+></iframe>
  • googletagmanager\.com/gtm\.js

Page Statistics

19
Requests

100 %
HTTPS

60 %
IPv6

8
Domains

10
Subdomains

11
IPs

4
Countries

1684 kB
Transfer

1795 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://em.money2020.com/ODk3LU1CQy0yMDcAAAGLZoG29KG0DesNk8ycR2D92ZgtDil-siDxcG5SxFCQjo9v9BVd5-eJT7fpFZvPUYJYnXItey4= Page URL
  2. https://gf.fan/MONEY2020/europesgotaccess?utm_term=noterm&utm_campaign=global2023-overlap&utm_medium=email&utm_source=mkt-email-delprom&utm_content=2023.04.27&mkt_tok=ODk3LU1CQy0yMDcAAAGLZoG29G0xAP4tokk40UFEqVIb0eEcJMalMw6uq3pev1fR7iPnABtldKFULEWfOFhaI_Vuv4r7cSmYQQ3eanRlirlFop9EMvZszfWqJBrhOZB2ez8 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

19 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
ODk3LU1CQy0yMDcAAAGLZoG29KG0DesNk8ycR2D92ZgtDil-siDxcG5SxFCQjo9v9BVd5-eJT7fpFZvPUYJYnXItey4=
em.money2020.com/ 		651 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://em.money2020.com/ODk3LU1CQy0yMDcAAAGLZoG29KG0DesNk8ycR2D92ZgtDil-siDxcG5SxFCQjo9v9BVd5-eJT7fpFZvPUYJYnXItey4=
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.17.71.206 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self'; img-src 'self';script-src 'self' 'sha256-bhMxZhnj7ak6lpqR5cxNC7xGSBwl96DbJOaQU1fB5pc=';object-src 'none';form-action:'none';frame-src:'none'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
private, no-cache, no-store, max-age=0
cf-cache-status
DYNAMIC
cf-ray
7cf529c8199437de-FRA
content-security-policy
default-src 'self'; img-src 'self';script-src 'self' 'sha256-bhMxZhnj7ak6lpqR5cxNC7xGSBwl96DbJOaQU1fB5pc=';object-src 'none';form-action:'none';frame-src:'none'
content-type
text/html;charset=UTF-8
date
Tue, 30 May 2023 07:11:28 GMT
referrer-policy
strict-origin
server
cloudflare
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-request-id
bcea6cfee094e21f
Primary Request europesgotaccess
gf.fan/MONEY2020/ 		3 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://gf.fan/MONEY2020/europesgotaccess?utm_term=noterm&utm_campaign=global2023-overlap&utm_medium=email&utm_source=mkt-email-delprom&utm_content=2023.04.27&mkt_tok=ODk3LU1CQy0yMDcAAAGLZoG29G0xAP4tokk40UFEqVIb0eEcJMalMw6uq3pev1fR7iPnABtldKFULEWfOFhaI_Vuv4r7cSmYQQ3eanRlirlFop9EMvZszfWqJBrhOZB2ez8
Requested by
Host: em.money2020.com
URL: https://em.money2020.com/ODk3LU1CQy0yMDcAAAGLZoG29KG0DesNk8ycR2D92ZgtDil-siDxcG5SxFCQjo9v9BVd5-eJT7fpFZvPUYJYnXItey4=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
18.66.112.53 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-112-53.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
2ac8d5b837ff5dd6995d44aa78c8f294ad69df5915112b2c1d61c6f583863ec3

Request headers

Referer
https://em.money2020.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Length
2565
Content-Type
text/html
Date
Tue, 30 May 2023 07:11:30 GMT
ETag
"928165a033312c88a0c3b46de72c47ea"
Last-Modified
Fri, 30 Sep 2022 22:30:32 GMT
Server
AmazonS3
Via
1.1 fb49d852ca52c03c834ce98098b51516.cloudfront.net (CloudFront)
X-Amz-Cf-Id
d5e7N3H01W8TTTUuECdg6jIkLRjBI2XG2wMDAb6qfGJRQJ6Qs492Bg==
X-Amz-Cf-Pop
FRA56-P5
X-Cache
Error from cloudfront
main.bf04da0d.chunk.css
gf.fan/static/css/ 		16 KB
16 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://gf.fan/static/css/main.bf04da0d.chunk.css
Requested by
Host: gf.fan
URL: https://gf.fan/MONEY2020/europesgotaccess?utm_term=noterm&utm_campaign=global2023-overlap&utm_medium=email&utm_source=mkt-email-delprom&utm_content=2023.04.27&mkt_tok=ODk3LU1CQy0yMDcAAAGLZoG29G0xAP4tokk40UFEqVIb0eEcJMalMw6uq3pev1fR7iPnABtldKFULEWfOFhaI_Vuv4r7cSmYQQ3eanRlirlFop9EMvZszfWqJBrhOZB2ez8
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
18.66.112.53 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-112-53.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
11bd59cf46c1d0968cb8af835b6487c6c6db72491f84f26c9f067099b088fd70

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gf.fan/MONEY2020/europesgotaccess?utm_term=noterm&utm_campaign=global2023-overlap&utm_medium=email&utm_source=mkt-email-delprom&utm_content=2023.04.27&mkt_tok=ODk3LU1CQy0yMDcAAAGLZoG29G0xAP4tokk40UFEqVIb0eEcJMalMw6uq3pev1fR7iPnABtldKFULEWfOFhaI_Vuv4r7cSmYQQ3eanRlirlFop9EMvZszfWqJBrhOZB2ez8
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Date
Tue, 30 May 2023 07:11:30 GMT
Via
1.1 fb49d852ca52c03c834ce98098b51516.cloudfront.net (CloudFront)
Last-Modified
Fri, 30 Sep 2022 22:30:32 GMT
Server
AmazonS3
X-Amz-Cf-Pop
FRA56-P5
ETag
"62e178afd8cacc23022c39af06deeee6"
X-Cache
RefreshHit from cloudfront
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
16000
X-Amz-Cf-Id
VrLkh-AaGhxa_MSM-B7x2elbH7bUI_lWZqNxzfTkygl_XSXjB80Now==
2.9c462d13.chunk.js
gf.fan/static/js/ 		695 KB
696 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://gf.fan/static/js/2.9c462d13.chunk.js
Requested by
Host: gf.fan
URL: https://gf.fan/MONEY2020/europesgotaccess?utm_term=noterm&utm_campaign=global2023-overlap&utm_medium=email&utm_source=mkt-email-delprom&utm_content=2023.04.27&mkt_tok=ODk3LU1CQy0yMDcAAAGLZoG29G0xAP4tokk40UFEqVIb0eEcJMalMw6uq3pev1fR7iPnABtldKFULEWfOFhaI_Vuv4r7cSmYQQ3eanRlirlFop9EMvZszfWqJBrhOZB2ez8
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
18.66.112.53 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-112-53.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
86fb74e5fef3808142b989d2a2e6e08bb24894bb1ae2079d31e2c92d0cdf9203

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gf.fan/MONEY2020/europesgotaccess?utm_term=noterm&utm_campaign=global2023-overlap&utm_medium=email&utm_source=mkt-email-delprom&utm_content=2023.04.27&mkt_tok=ODk3LU1CQy0yMDcAAAGLZoG29G0xAP4tokk40UFEqVIb0eEcJMalMw6uq3pev1fR7iPnABtldKFULEWfOFhaI_Vuv4r7cSmYQQ3eanRlirlFop9EMvZszfWqJBrhOZB2ez8
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Date
Tue, 30 May 2023 07:11:30 GMT
Via
1.1 fc562aab29280948aa0691960bee3d6a.cloudfront.net (CloudFront)
Last-Modified
Fri, 30 Sep 2022 22:30:32 GMT
Server
AmazonS3
X-Amz-Cf-Pop
FRA56-P5
ETag
"1027b2f80a2f8a3481c029827e47dcd2"
X-Cache
RefreshHit from cloudfront
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
711856
X-Amz-Cf-Id
hxAGCTQ6gKL_KuFCqFbJ0JDjtaLLooOEhzdO7kNteCrGDR2lJIQmhg==
main.2b269b4d.chunk.js
gf.fan/static/js/ 		24 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://gf.fan/static/js/main.2b269b4d.chunk.js
Requested by
Host: gf.fan
URL: https://gf.fan/MONEY2020/europesgotaccess?utm_term=noterm&utm_campaign=global2023-overlap&utm_medium=email&utm_source=mkt-email-delprom&utm_content=2023.04.27&mkt_tok=ODk3LU1CQy0yMDcAAAGLZoG29G0xAP4tokk40UFEqVIb0eEcJMalMw6uq3pev1fR7iPnABtldKFULEWfOFhaI_Vuv4r7cSmYQQ3eanRlirlFop9EMvZszfWqJBrhOZB2ez8
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
18.66.112.53 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-112-53.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
cd591d9b7a6c245217283173d39b5313298a34746fe67be5282561d6e3388087

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gf.fan/MONEY2020/europesgotaccess?utm_term=noterm&utm_campaign=global2023-overlap&utm_medium=email&utm_source=mkt-email-delprom&utm_content=2023.04.27&mkt_tok=ODk3LU1CQy0yMDcAAAGLZoG29G0xAP4tokk40UFEqVIb0eEcJMalMw6uq3pev1fR7iPnABtldKFULEWfOFhaI_Vuv4r7cSmYQQ3eanRlirlFop9EMvZszfWqJBrhOZB2ez8
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Date
Tue, 30 May 2023 07:11:30 GMT
Via
1.1 0341da327f4c4c49034aa07ebeeab1f0.cloudfront.net (CloudFront)
Last-Modified
Fri, 30 Sep 2022 22:30:32 GMT
Server
AmazonS3
X-Amz-Cf-Pop
FRA56-P5
ETag
"7c076af83cba6621545942cb5a91f884"
X-Cache
RefreshHit from cloudfront
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
24963
X-Amz-Cf-Id
EjedILQnaQPuU8gVQVSitpns5kSym4TLDXlU2yJ1CebUEiqxiO920w==
gtm.js
www.googletagmanager.com/ 		134 KB
51 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-W54SN38
Requested by
Host: gf.fan
URL: https://gf.fan/MONEY2020/europesgotaccess?utm_term=noterm&utm_campaign=global2023-overlap&utm_medium=email&utm_source=mkt-email-delprom&utm_content=2023.04.27&mkt_tok=ODk3LU1CQy0yMDcAAAGLZoG29G0xAP4tokk40UFEqVIb0eEcJMalMw6uq3pev1fR7iPnABtldKFULEWfOFhaI_Vuv4r7cSmYQQ3eanRlirlFop9EMvZszfWqJBrhOZB2ez8
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
dd6c2e735444b914c7474df203bc2e154b00aca87ec95f9c9ebb349396499ba7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gf.fan/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Tue, 30 May 2023 07:11:29 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
52156
x-xss-protection
0
last-modified
Tue, 30 May 2023 06:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Tue, 30 May 2023 07:11:29 GMT
analytics.js
www.google-analytics.com/ 		51 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W54SN38
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gf.fan/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Tue, 30 May 2023 06:35:34 GMT
last-modified
Mon, 17 Apr 2023 22:36:01 GMT
server
Golfe2
age
2155
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20737
expires
Tue, 30 May 2023 08:35:34 GMT
collect
www.google-analytics.com/j/ 		4 B
203 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j100&a=916642589&t=pageview&_s=1&dl=https%3A%2F%2Fgf.fan%2FMONEY2020%2Feuropesgotaccess%3Futm_term%3Dnoterm%26utm_campaign%3Dglobal2023-overlap%26utm_medium%3Demail%26utm_source%3Dmkt-email-delprom%26utm_content%3D2023.04.27%26mkt_tok%3DODk3LU1CQy0yMDcAAAGLZoG29G0xAP4tokk40UFEqVIb0eEcJMalMw6uq3pev1fR7iPnABtldKFULEWfOFhaI_Vuv4r7cSmYQQ3eanRlirlFop9EMvZszfWqJBrhOZB2ez8&dr=https%3A%2F%2Fem.money2020.com%2F&ul=en-us&de=UTF-8&dt=Greenfly%20Fan&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAACAAI~&jid=199349009&gjid=1775930024&cid=21165989.1685430689&tid=UA-174533423-1&_gid=959697936.1685430689&_r=1&_slc=1&gtm=45He35o0n81W54SN38&z=2087045856
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://gf.fan/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 30 May 2023 07:11:29 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://gf.fan
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/j/ 		4 B
343 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j100&tid=UA-174533423-1&cid=21165989.1685430689&jid=199349009&gjid=1775930024&_gid=959697936.1685430689&_u=YEBAAEAAAAAAACAAI~&z=1822589724
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c0a::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://gf.fan/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
date
Tue, 30 May 2023 07:11:29 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://gf.fan
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.com/ads/ 		42 B
408 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j100&tid=UA-174533423-1&cid=21165989.1685430689&jid=199349009&_u=YEBAAEAAAAAAACAAI~&z=177727520
Requested by
Host: gf.fan
URL: https://gf.fan/MONEY2020/europesgotaccess?utm_term=noterm&utm_campaign=global2023-overlap&utm_medium=email&utm_source=mkt-email-delprom&utm_content=2023.04.27&mkt_tok=ODk3LU1CQy0yMDcAAAGLZoG29G0xAP4tokk40UFEqVIb0eEcJMalMw6uq3pev1fR7iPnABtldKFULEWfOFhaI_Vuv4r7cSmYQQ3eanRlirlFop9EMvZszfWqJBrhOZB2ez8
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gf.fan/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 30 May 2023 07:11:29 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
408 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j100&tid=UA-174533423-1&cid=21165989.1685430689&jid=199349009&_u=YEBAAEAAAAAAACAAI~&z=177727520
Requested by
Host: gf.fan
URL: https://gf.fan/MONEY2020/europesgotaccess?utm_term=noterm&utm_campaign=global2023-overlap&utm_medium=email&utm_source=mkt-email-delprom&utm_content=2023.04.27&mkt_tok=ODk3LU1CQy0yMDcAAAGLZoG29G0xAP4tokk40UFEqVIb0eEcJMalMw6uq3pev1fR7iPnABtldKFULEWfOFhaI_Vuv4r7cSmYQQ3eanRlirlFop9EMvZszfWqJBrhOZB2ez8
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gf.fan/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 30 May 2023 07:11:29 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
greenfly-fan-engagement-app.0537a994.ttf
gf.fan/static/media/ 		3 KB
3 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://gf.fan/static/media/greenfly-fan-engagement-app.0537a994.ttf
Requested by
Host: gf.fan
URL: https://gf.fan/static/css/main.bf04da0d.chunk.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
18.66.112.53 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-112-53.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
ec3b68b0e424d7e275e9abfce9e737ea95a1e7c681849b062d08acdb2b192c74

Request headers

Referer
https://gf.fan/static/css/main.bf04da0d.chunk.css
Origin
https://gf.fan
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Date
Tue, 30 May 2023 07:11:30 GMT
Via
1.1 fc562aab29280948aa0691960bee3d6a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
FRA56-P5
X-Cache
RefreshHit from cloudfront
Connection
keep-alive
Content-Length
2868
Last-Modified
Fri, 30 Sep 2022 22:30:32 GMT
Server
AmazonS3
ETag
"bb660c76c5c1171bb9a55a0c27476815"
Access-Control-Allow-Methods
GET, POST, PUT, HEAD
Content-Type
font/ttf
Access-Control-Allow-Origin
https://gf.fan
Access-Control-Expose-Headers
ETag
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
X-Amz-Cf-Id
D5swGT4Y4CKOgPFvD0tiCs7kCQiwWt0i1wZn4rHTmqMIixbLsfVj0w==
/
cognito-identity.us-east-1.amazonaws.com/ 		63 B
318 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cognito-identity.us-east-1.amazonaws.com/
Requested by
Host: gf.fan
URL: https://gf.fan/static/js/2.9c462d13.chunk.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:41d6:7400:495f:aa39:1f56:a449 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
31788c6eb08ee1e8692325742da54ab9bac3286ac97a84c2bb4c5b54952832c6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
content-type
application/x-amz-json-1.1
amz-sdk-invocation-id
28052549-3e88-42a6-be5e-dfa6c2486e61
Referer
https://gf.fan/
amz-sdk-request
attempt=1; max=3
x-amz-target
AWSCognitoIdentityService.GetId
x-amz-user-agent
aws-sdk-js/3.6.1 os/Windows/NT_10.0 lang/js md/browser/Chrome_113.0.5672.126 api/cognito_identity/3.6.1 aws-amplify/4.3.2_js

Response headers

access-control-allow-origin
*
date
Tue, 30 May 2023 07:11:29 GMT
strict-transport-security
max-age=31536000; includeSubDomains
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amzn-ErrorMessage,Date
x-amzn-requestid
476d7cc6-1b6f-428f-9f06-f561d64a9668
content-length
63
content-type
application/x-amz-json-1.1
/
cognito-identity.us-east-1.amazonaws.com/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://cognito-identity.us-east-1.amazonaws.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:41d6:7400:495f:aa39:1f56:a449 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Headers
amz-sdk-invocation-id,amz-sdk-request,content-type,x-amz-target,x-amz-user-agent
Access-Control-Request-Method
POST
Origin
https://gf.fan
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

access-control-allow-headers
amz-sdk-invocation-id,amz-sdk-request,content-type,x-amz-target,x-amz-user-agent
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amzn-ErrorMessage,Date
access-control-max-age
172800
content-length
0
date
Tue, 30 May 2023 07:11:29 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-amzn-requestid
edd3dd60-7431-4633-8449-9cfb11225627
/
cognito-identity.us-east-1.amazonaws.com/ 		2 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cognito-identity.us-east-1.amazonaws.com/
Requested by
Host: gf.fan
URL: https://gf.fan/static/js/2.9c462d13.chunk.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:41d6:7400:495f:aa39:1f56:a449 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
828df44aea91aae0aea3bc607ced2c7cdf634d4d1f5c946770db0e20082dc595
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
content-type
application/x-amz-json-1.1
amz-sdk-invocation-id
dd93b93f-43a6-4265-8a27-d38b1c3e1bfb
Referer
https://gf.fan/
amz-sdk-request
attempt=1; max=3
x-amz-target
AWSCognitoIdentityService.GetCredentialsForIdentity
x-amz-user-agent
aws-sdk-js/3.6.1 os/Windows/NT_10.0 lang/js md/browser/Chrome_113.0.5672.126 api/cognito_identity/3.6.1 aws-amplify/4.3.2_js

Response headers

access-control-allow-origin
*
date
Tue, 30 May 2023 07:11:30 GMT
strict-transport-security
max-age=31536000; includeSubDomains
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amzn-ErrorMessage,Date
x-amzn-requestid
ffdaff6a-4e1b-4b36-b5e6-2c0eb2275ae8
content-length
1759
content-type
application/x-amz-json-1.1
/
cognito-identity.us-east-1.amazonaws.com/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://cognito-identity.us-east-1.amazonaws.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:41d6:7400:495f:aa39:1f56:a449 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Headers
amz-sdk-invocation-id,amz-sdk-request,content-type,x-amz-target,x-amz-user-agent
Access-Control-Request-Method
POST
Origin
https://gf.fan
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

access-control-allow-headers
amz-sdk-invocation-id,amz-sdk-request,content-type,x-amz-target,x-amz-user-agent
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amzn-ErrorMessage,Date
access-control-max-age
172800
content-length
0
date
Tue, 30 May 2023 07:11:30 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-amzn-requestid
e2a08b5a-bf42-45f9-8104-06023d1d0232
europesgotaccess.json
gf-fan-engagement.s3.us-east-1.amazonaws.com/public/MONEY2020/ 		2 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://gf-fan-engagement.s3.us-east-1.amazonaws.com/public/MONEY2020/europesgotaccess.json?response-cache-control=no-cache&x-id=GetObject
Requested by
Host: gf.fan
URL: https://gf.fan/static/js/2.9c462d13.chunk.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.217.89.40 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-us-east-1-r-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
b7839fac7b29da23894baf5af490323df0788ad0d6286837fe6efe99ab9a50ea

Request headers

accept-language
de-DE,de;q=0.9
authorization
AWS4-HMAC-SHA256 Credential=ASIAYXSNJPQOU6V3SLV5/20230530/us-east-1/s3/aws4_request, SignedHeaders=amz-sdk-invocation-id;amz-sdk-request;host;x-amz-content-sha256;x-amz-date;x-amz-security-token;x-amz-user-agent, Signature=36815037990eefa6d7d2e1496e675bb48de3ce73cf68a68a23e89066a2e79474
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
x-amz-content-sha256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Accept
application/json, text/plain, */*
amz-sdk-invocation-id
1ae9cab6-37a4-4a3d-923d-967856228f0e
x-amz-security-token
IQoJb3JpZ2luX2VjEFAaCXVzLWVhc3QtMSJHMEUCIDo/zSXXyM+GNfu+00ZDN0BhW7MpMGltgQABD+FPA7p8AiEAo3NiNGuHs2B4zT7/KUzthuNoCFExl6tPPWfqBJKSfn8qkAYIiP//////////ARAAGgw2MDAzODM3ODE5MTciDFmEKGlSX9W1NuvN/CrkBcVcpy9WqX1fekFVlz1w+Usi1pG2wgZlZMNCCubDXxw8jx3XJJJdNOfY41JDe2eyYrusgbw32A7z9C5qpF+F2oe4RhIMfJKDCEzivQ20Z8qRX2JzLK/RX/bmbMhl9dTjz5L27281IsVjA+a7MAuvryllUSLvk0WzP3lsYd6J4zvaGclY6HEMOBaj0HEaOh/vb1ii8xysJ41VO6To8aGTXx6hmoft/YhAhAvvyaIeYSChV7ERMVmbLikGT42ER2KC38agMvmpzNhAnjFBVJRPmVh/i+Sy92qGnfZous4VGmlqc3KW7cXaSMpZhaVVNTPbbG4dXrSaHQpuD+7EeR+8AfFi8tu01J+LxGUTYAIQVVuj84oLCUhRWSk0ppIXRDlNve/ZdY+BA4YBDZo/yr9oJ1mVdktGnvBcEqz4RRjt4vPkl3URj0eWYy0KASZoOmIwFAHWe+0ivZgT8FS+C7SpJn4iD607i2AJe88ZjesrgHrQds7X39UyBZLJzYLz/tzvPz/MhFA367lTHPvyN6dWWRp+u2en6Bfi5nJovsI4egdhbH8hTJNzJqu2/yTnpgVkEQ9Re0cfysuqmKWbsMg4jXAl0w8EZIJoJGyQq3xv+fIjCQ8GmSeUMa5iKM7gwIgQuLmxxwxxD6kLVXQNk8yi5N5/Zag3/fdxf/G0dhxb/xzwXVIaOMUJqTnt8536ZflgNM43KzDey+5ZnOCM3bpc93XEGGnmbzOV+K7n2No0kDN2IV0m2sBDnCTrhi/n9xs18ZST1UfxXOa7CGyzc3fTL3Qn52KLaa25q5cHa05iI2i9khx5DExfxHYMS1mKSNknoaEqvpFccKwtw/+JduRTd4Iwtd27FuD4NZeFofG2yGzsxxPoIJyZP+MSf8n7N4WpSaBhmB5HVtcHLfXLORn2WachjacY94+vae9S+gPS1J+evrvobZH+XvtMfsJbHaY0AGy0vORqEBZ+ZGRHAHcuyOhY6lJEMKLD1qMGOocC83BjwS/tRHPhNTc7/LrCXt9zDvsSmOPPQXzmKS5x2BKJm9DiB6D88bNsTM9jC+rjI1UOgKW8HwVHvFTgsAin8VW9zluX5e+kNzkBIi/eb6IOIPCcZvt2RCpnfQEl9CZkXKpM0pD6B6e3fnwWDCc6W2PLi0bjLtAwodBQ0lMm3hCc6UbnvLwWOx2p60XqGOb+LlguCbZb0XyeHF8uc55vF5AyWegVm7dNMu5pOSpBHa1K4mCo4Rr35iTPjf1ivsXGpQb+nz57UAD4JKYf94xQSg4HfzKu9JqPB8IeNx5+52dtMi4+XXYGSXzRfkp1BTe05/mosehMUgg4NB0bJ13UWq3m0e0w8K8=
amz-sdk-request
attempt=1; max=3
Referer
https://gf.fan/
x-amz-user-agent
aws-sdk-js/3.6.1 os/Windows/NT_10.0 lang/js md/browser/Chrome_113.0.5672.126 api/s3/3.6.1 aws-amplify/4.3.2_js
x-amz-date
20230530T071130Z

Response headers

Date
Tue, 30 May 2023 07:11:31 GMT
x-amz-request-id
GYQBFYJXBXHM20EZ
x-amz-server-side-encryption
AES256
Content-Length
1909
x-amz-id-2
uE90Kd9+0HGtaNba00IvpCVJlPQMc/71R6fMNZwRglXy4jHAYih3+O5GD9gz/90XouOBZDexdAo=
Last-Modified
Tue, 25 Apr 2023 15:19:54 GMT
Server
AmazonS3
ETag
"dbf81a848f30a10f0e76ca2d56b3875f"
Vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method
Access-Control-Allow-Methods
GET, POST, PUT, HEAD
Content-Type
application/json
Access-Control-Allow-Origin
https://gf.fan
Access-Control-Expose-Headers
ETag
Cache-Control
no-cache
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
europesgotaccess.json
gf-fan-engagement.s3.us-east-1.amazonaws.com/public/MONEY2020/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://gf-fan-engagement.s3.us-east-1.amazonaws.com/public/MONEY2020/europesgotaccess.json?response-cache-control=no-cache&x-id=GetObject
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.217.89.40 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-us-east-1-r-w.amazonaws.com
Software
AmazonS3 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
amz-sdk-invocation-id,amz-sdk-request,authorization,x-amz-content-sha256,x-amz-date,x-amz-security-token,x-amz-user-agent
Access-Control-Request-Method
GET
Origin
https://gf.fan
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
amz-sdk-invocation-id, amz-sdk-request, authorization, x-amz-content-sha256, x-amz-date, x-amz-security-token, x-amz-user-agent
Access-Control-Allow-Methods
GET, POST, PUT, HEAD
Access-Control-Allow-Origin
https://gf.fan
Access-Control-Expose-Headers
ETag
Content-Length
0
Date
Tue, 30 May 2023 07:11:31 GMT
Server
AmazonS3
Vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-id-2
BXzS/o9nBCc3y7Es1IFgGvHPRG5OG5qGi/9Y7eQcS3/83DC/nABbRDgpjFE6yIMm0Ll6+Z5RQP0=
x-amz-request-id
GYQBCMVFDK0KKGRG
truncated
/ 		4 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
586eeaccf396962a6b42e22e66a604c7a356c31182f6cd4ea7ce9942996a7338

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Content-Type
image/png
d15bf5fe-a36f-40e1-a640-515805db5056032723_EU_MKTG_DEL_Greenfly_2.png
gf-fan-engagement.s3.amazonaws.com/public/_banners/d/1/5/b/ 		862 KB
862 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gf-fan-engagement.s3.amazonaws.com/public/_banners/d/1/5/b/d15bf5fe-a36f-40e1-a640-515805db5056032723_EU_MKTG_DEL_Greenfly_2.png
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.216.213.57 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
515df619f8a1782f1076ea44f79d668a218b7567797a4a202644e7382d77c6a8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gf.fan/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Date
Tue, 30 May 2023 07:11:32 GMT
Last-Modified
Tue, 11 Apr 2023 16:57:23 GMT
Server
AmazonS3
x-amz-request-id
CET3ZGFVG5ZWGMAC
ETag
"03990aa2a24588adc72b4691ccc67642"
x-amz-server-side-encryption
AES256
Content-Type
image/png
Accept-Ranges
bytes
Content-Length
882459
x-amz-id-2
59mAvr2l9utEPGPR6WnOJSKL7KmD4nPKA9xbuO1/BWPUli/y12tk8Fon1VTVKS6qkivGRfVgCQ8=

Verdicts & Comments Add Verdict or Comment

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| dataLayer object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga object| gaplugins object| gaGlobal object| gaData object| webpackJsonpfan-engagement object| regeneratorRuntime

4 Cookies

Domain/Path Name / Value
.em.money2020.com/ Name: __cf_bm
Value: qcozARoW2v4WP79R5xy_iCCCXqmAJBxxEjzVSCAr39A-1685430688-0-ARhq2VdY7XNVelf5wR0kJWR2lNuQSPJ6hi9kpflSSeMvrrB6nBkfchmpqGBTWBVjMm/2tHgpXWbOQgFzO/lnY+E=
.gf.fan/ Name: _ga
Value: GA1.2.21165989.1685430689
.gf.fan/ Name: _gid
Value: GA1.2.959697936.1685430689
.gf.fan/ Name: _gat_UA-174533423-1
Value: 1

2 Console Messages

Source Level URL
Text
security error URL: https://em.money2020.com/ODk3LU1CQy0yMDcAAAGLZoG29KG0DesNk8ycR2D92ZgtDil-siDxcG5SxFCQjo9v9BVd5-eJT7fpFZvPUYJYnXItey4=
Message:
The Content-Security-Policy directive name 'form-action:'none'' contains one or more invalid characters. Only ASCII alphanumeric characters or dashes '-' are allowed in directive names.
security error URL: https://em.money2020.com/ODk3LU1CQy0yMDcAAAGLZoG29KG0DesNk8ycR2D92ZgtDil-siDxcG5SxFCQjo9v9BVd5-eJT7fpFZvPUYJYnXItey4=
Message:
The Content-Security-Policy directive name 'frame-src:'none'' contains one or more invalid characters. Only ASCII alphanumeric characters or dashes '-' are allowed in directive names.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self'; img-src 'self';script-src 'self' 'sha256-bhMxZhnj7ak6lpqR5cxNC7xGSBwl96DbJOaQU1fB5pc=';object-src 'none';form-action:'none';frame-src:'none'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cognito-identity.us-east-1.amazonaws.com
em.money2020.com
gf-fan-engagement.s3.amazonaws.com
gf-fan-engagement.s3.us-east-1.amazonaws.com
gf.fan
stats.g.doubleclick.net
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
104.17.71.206
18.66.112.53
2600:1f18:41d6:7400:495f:aa39:1f56:a449
2a00:1450:4001:80e::200e
2a00:1450:4001:813::2004
2a00:1450:4001:813::2008
2a00:1450:4001:828::2003
2a00:1450:400c:c0a::9d
52.216.213.57
52.217.89.40
11bd59cf46c1d0968cb8af835b6487c6c6db72491f84f26c9f067099b088fd70
2ac8d5b837ff5dd6995d44aa78c8f294ad69df5915112b2c1d61c6f583863ec3
31788c6eb08ee1e8692325742da54ab9bac3286ac97a84c2bb4c5b54952832c6
515df619f8a1782f1076ea44f79d668a218b7567797a4a202644e7382d77c6a8
586eeaccf396962a6b42e22e66a604c7a356c31182f6cd4ea7ce9942996a7338
828df44aea91aae0aea3bc607ced2c7cdf634d4d1f5c946770db0e20082dc595
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
86fb74e5fef3808142b989d2a2e6e08bb24894bb1ae2079d31e2c92d0cdf9203
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b7839fac7b29da23894baf5af490323df0788ad0d6286837fe6efe99ab9a50ea
cd591d9b7a6c245217283173d39b5313298a34746fe67be5282561d6e3388087
dd6c2e735444b914c7474df203bc2e154b00aca87ec95f9c9ebb349396499ba7
e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44
ec3b68b0e424d7e275e9abfce9e737ea95a1e7c681849b062d08acdb2b192c74
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629