claim-freefire.fauzi.biz.id Open in urlscan Pro
2a06:98c1:3121::3  Malicious Activity! Public Scan

URL: https://claim-freefire.fauzi.biz.id/
Submission: On February 24 via automatic, source certstream-suspicious — Scanned from NL

Summary

This website contacted 13 IPs in 3 countries across 13 domains to perform 33 HTTP transactions. The main IP is 2a06:98c1:3121::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is claim-freefire.fauzi.biz.id.
TLS certificate: Issued by E1 on January 17th 2024. Valid for: 3 months.
This is the only time claim-freefire.fauzi.biz.id was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Gaming (Entertainment)

Domain & IP information

IP Address AS Autonomous System
14 2a06:98c1:312... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 23.48.23.141 20940 (AKAMAI-ASN1)
1 2a02:26f0:310... 20940 (AKAMAI-ASN1)
2 162.19.58.157 16276 (OVH)
1 2a04:4e42::649 54113 (FASTLY)
1 3.64.163.50 16509 (AMAZON-02)
5 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700:20:... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
1 3.160.212.19 16509 (AMAZON-02)
1 2600:9000:276... 16509 (AMAZON-02)
33 13
Apex Domain
Subdomains
Transfer
14 fauzi.biz.id
claim-freefire.fauzi.biz.id
2 MB
5 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 32
3 KB
3 gstatic.com
fonts.gstatic.com
48 KB
2 ibb.co
i.ibb.co — Cisco Umbrella Rank: 12287
74 KB
1 sportskeeda.com
staticg.sportskeeda.com — Cisco Umbrella Rank: 37088
66 KB
1 pubgameshowtime.com
api.pubgameshowtime.com
453 B
1 ytimg.com
i.ytimg.com — Cisco Umbrella Rank: 91
105 KB
1 hdqwalls.com
images.hdqwalls.com — Cisco Umbrella Rank: 195241
146 KB
1 randomjs.com
randomjs.com
1 jquery.com
code.jquery.com — Cisco Umbrella Rank: 729
30 KB
1 pinimg.com
i.pinimg.com — Cisco Umbrella Rank: 1971
26 KB
1 akamaihd.net
freefiremobile-a.akamaihd.net — Cisco Umbrella Rank: 66074
1 KB
1 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 226
6 KB
33 13
Domain Requested by
14 claim-freefire.fauzi.biz.id claim-freefire.fauzi.biz.id
5 fonts.googleapis.com claim-freefire.fauzi.biz.id
3 fonts.gstatic.com fonts.googleapis.com
2 i.ibb.co claim-freefire.fauzi.biz.id
1 staticg.sportskeeda.com claim-freefire.fauzi.biz.id
1 api.pubgameshowtime.com code.jquery.com
1 i.ytimg.com claim-freefire.fauzi.biz.id
1 images.hdqwalls.com claim-freefire.fauzi.biz.id
1 randomjs.com claim-freefire.fauzi.biz.id
1 code.jquery.com claim-freefire.fauzi.biz.id
1 i.pinimg.com claim-freefire.fauzi.biz.id
1 freefiremobile-a.akamaihd.net claim-freefire.fauzi.biz.id
1 cdnjs.cloudflare.com claim-freefire.fauzi.biz.id
33 13

This site contains no links.

Subject Issuer Validity Valid
fauzi.biz.id
E1
2024-01-17 -
2024-04-16
3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2023-07-03 -
2024-07-02
a year crt.sh
a248.e.akamai.net
DigiCert TLS RSA SHA256 2020 CA1
2023-05-16 -
2024-05-15
a year crt.sh
i2.pinimg.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2023-05-03 -
2024-05-15
a year crt.sh
ibb.co
R3
2024-02-07 -
2024-05-07
3 months crt.sh
*.jquery.com
Sectigo RSA Domain Validation Secure Server CA
2023-07-11 -
2024-07-14
a year crt.sh
randomjs.com
R3
2024-01-23 -
2024-04-22
3 months crt.sh
upload.video.google.com
GTS CA 1C3
2024-02-05 -
2024-04-29
3 months crt.sh
edgestatic.com
GTS CA 1C3
2024-02-05 -
2024-04-29
3 months crt.sh
*.gstatic.com
GTS CA 1C3
2024-02-05 -
2024-04-29
3 months crt.sh
api.pubgameshowtime.com
Amazon
2020-04-17 -
2021-05-17
a year crt.sh
*.sportskeeda.com
Amazon ECDSA 256 M02
2023-09-25 -
2024-10-23
a year crt.sh

This page contains 1 frames:

Primary Page: https://claim-freefire.fauzi.biz.id/
Frame ID: F20CECBFAB6F7601333CB27C857D202B
Requests: 33 HTTP requests in this frame

Screenshot

Page Title

FREE FIRE NEW 2021

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

33
Requests

97 %
HTTPS

69 %
IPv6

13
Domains

13
Subdomains

13
IPs

3
Countries

2421 kB
Transfer

2539 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

33 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
claim-freefire.fauzi.biz.id/
17 KB
4 KB
Document
General
Full URL
https://claim-freefire.fauzi.biz.id/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1e5a5fba50a64d54d3178137d0229d0f494d29c76e8fb04c4dd940d375e61d23

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
85a3a60d2a635e62-EWR
content-encoding
br
content-type
text/html
date
Sat, 24 Feb 2024 00:38:59 GMT
last-modified
Mon, 09 Aug 2021 10:46:36 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HFeNHii%2Bs6IJ%2B0TRpEihpDCeX5uY5ZtUIKdhiPw%2B3IEZ%2Byi%2F4hVj4CtE06kEzRVdHIGO0eyccKbO6lnPZcIsnnqEZIHufd0Qs5ofzjPUl8Inx6R1Cwb7soPPUgbv53G%2FLE4PR9brty5Gb9ChUeGqJS%2Bo5y%2Byzoo8kjQ%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
style.css
claim-freefire.fauzi.biz.id/css/
9 KB
3 KB
Stylesheet
General
Full URL
https://claim-freefire.fauzi.biz.id/css/style.css
Requested by
Host: claim-freefire.fauzi.biz.id
URL: https://claim-freefire.fauzi.biz.id/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
43b19f34714467305033a7e41ca82a51eb06fed356cf4b14ce763f2178ee86dc

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://claim-freefire.fauzi.biz.id/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Sat, 24 Feb 2024 00:39:01 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Mon, 09 Aug 2021 10:46:36 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TNwV6ZME%2BgNZJ3oLdvTzd9Rdq7YgEMvccpy5afUQlB2%2BjHr59BXyonh6g954lfgQOseDv1NyyIm4eZh2Yu0xp6cQLRSBSnK%2Bwbx4IPO4qeIlhia%2FJWGfYb3iVxmPCN%2Bst4OnxbxBlsGxpkYu2L7nUJxygSvpnxWlG%2FU%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
cf-ray
85a3a61cbbc15e62-EWR
alt-svc
h3=":443"; ma=86400
facebook.css
claim-freefire.fauzi.biz.id/css/
4 KB
1 KB
Stylesheet
General
Full URL
https://claim-freefire.fauzi.biz.id/css/facebook.css
Requested by
Host: claim-freefire.fauzi.biz.id
URL: https://claim-freefire.fauzi.biz.id/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
34d5c0a738a0b8dd5c7eeb6c4c7ba1cdfcaffdb4f287c7589d6f91d1f31cf77e

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://claim-freefire.fauzi.biz.id/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Sat, 24 Feb 2024 00:39:01 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Mon, 09 Aug 2021 10:46:36 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UOde%2BjoGx%2BTESHJ6TmWhkZwu9f%2FdeeoXJzrNDvddYFz%2FivBYwko1tbggBHqkt5zEs24ZAQZSdfcCOXdoYFAGhRDNlt2D6rX5evmQS9vIrWDcHwaHmUR44duQ3r15v8lgIxt1nLYzEOe6tNl2CAcaJRV6Lkn9M8YshAo%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
cf-ray
85a3a61cbbc35e62-EWR
alt-svc
h3=":443"; ma=86400
font-awesome.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/
30 KB
6 KB
Stylesheet
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css
Requested by
Host: claim-freefire.fauzi.biz.id
URL: https://claim-freefire.fauzi.biz.id/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://claim-freefire.fauzi.biz.id/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Sat, 24 Feb 2024 00:38:59 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
799793
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
5631
last-modified
Mon, 04 May 2020 16:10:07 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03e5f-7918"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=62uM8%2FY7rNnCbPzlB9Vfg52ylNzcbwA7TvvO4lMMu6YxLtzCobr8V%2FsbXQrQztY1mLS1R5BIsQpOQkiP4SjzLO1QGpFSUN2HVuQYQaO9w1IrH3jBcw2oAw3kE6bhzvfQz%2FLsbUoSlSN%2BZ9gUK%2FQM3k%2BA"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
85a3a61ca86dbb89-FRA
expires
Thu, 13 Feb 2025 00:38:59 GMT
logo-small_20210113.png
freefiremobile-a.akamaihd.net/common/web_event/official/
1014 B
1 KB
Image
General
Full URL
https://freefiremobile-a.akamaihd.net/common/web_event/official/logo-small_20210113.png
Requested by
Host: claim-freefire.fauzi.biz.id
URL: https://claim-freefire.fauzi.biz.id/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.48.23.141 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-23-141.deploy.static.akamaitechnologies.com
Software
OBS /
Resource Hash
3414e1a42c1555294d1d1e8baeb35a8e323db521608de4f4589a4653814f15b7

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://claim-freefire.fauzi.biz.id/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Date
Sat, 24 Feb 2024 00:39:00 GMT
x-obs-id-2
32AAAQAAEAABAAAQAAEAABAAAQAAEAABCSZ+sCzEfDTPbPhgsveEMFD3JO/oBUm0
Last-Modified
Thu, 04 Aug 2022 12:36:37 GMT
Server
OBS
ETag
"d84253a98835ccc82017b63d8ccc54f3"
Content-Type
image/png
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=3600
x-obs-request-id
0000018DC650383C941D535E701137D1
Connection
keep-alive
Accept-Ranges
bytes
Alt-Svc
h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
Content-Length
1014
675666d840a9c8fa1c61eaf584ff2a50.gif
i.pinimg.com/originals/67/56/66/
25 KB
26 KB
Image
General
Full URL
https://i.pinimg.com/originals/67/56/66/675666d840a9c8fa1c61eaf584ff2a50.gif
Requested by
Host: claim-freefire.fauzi.biz.id
URL: https://claim-freefire.fauzi.biz.id/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3100::1735:2a79 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
654cb99fb0cdc3b32bf8efbd77c8171f09580840dbd8084e3dbd2427210a9b9e

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://claim-freefire.fauzi.biz.id/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cdn
akamai
akamai-grn
0.752a3517.1708735139.335c7a03
etag
"58c7f1e8e4bfaadbcbd8ccc470e363cb"
vary
Origin
content-type
image/gif
cache-control
immutable, max-age=31536000
accept-ranges
bytes
alt-svc
h3=":443"; ma=600
content-length
26108
crate.jpg
claim-freefire.fauzi.biz.id/ngMedia/
493 KB
494 KB
Image
General
Full URL
https://claim-freefire.fauzi.biz.id/ngMedia/crate.jpg
Requested by
Host: claim-freefire.fauzi.biz.id
URL: https://claim-freefire.fauzi.biz.id/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b5bfeab68d153699fdf0d57d92c5b2d9ede9cdf031697989a9e2a978e9b677c5

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://claim-freefire.fauzi.biz.id/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Sat, 24 Feb 2024 00:39:01 GMT
cf-cache-status
MISS
last-modified
Mon, 09 Aug 2021 10:46:36 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tpvY9Alq27%2BRnO%2FUPb1Ljgfa%2B70hiaDm%2B7G0ZzrBTr9nEmTSN%2FTYvoSk3WZRHzPK1rJrl78bHOr6J6a1e9%2B6JuCi%2BeQNYkJ3qoZCqo9OtbBzNpKYLiGrvpFRrKcZIPKYtdiOuaAZflVeUIWa7Um4nxp8tiCjpKuorBg%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
85a3a61cbbc55e62-EWR
alt-svc
h3=":443"; ma=86400
content-length
504904
ngBg.3gpp
claim-freefire.fauzi.biz.id/ngMedia/
1 MB
1 MB
Media
General
Full URL
https://claim-freefire.fauzi.biz.id/ngMedia/ngBg.3gpp
Requested by
Host: claim-freefire.fauzi.biz.id
URL: https://claim-freefire.fauzi.biz.id/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
104b8338fe458890a927c07c902f3675055226ad97f898ce523acd358a5b6ae9

Request headers

Referer
https://claim-freefire.fauzi.biz.id/
Accept-Encoding
identity;q=1, *;q=0
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
Range
bytes=0-

Response headers

date
Sat, 24 Feb 2024 00:39:01 GMT
cf-cache-status
DYNAMIC
last-modified
Mon, 09 Aug 2021 10:46:36 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zqj%2F9incfncVaCEBtfuIwWEW5BmKl%2BN6kqzWbjelFcP8hrsWog90URETZvWnyv%2BEZCQrRjruIJpL6Qc9ro4da3CJNzLMDd7ImIVeUoD75cffBqhsBO2M%2BNyG06KAA%2FLMKrVXsaqrn8lrPAKYKipXMLguZHFPtVf33cM%3D"}],"group":"cf-nel","max_age":604800}
Content-Range
bytes 0-1083765/1083766
accept-ranges
bytes
cf-ray
85a3a61cbbce5e62-EWR
alt-svc
h3=":443"; ma=86400
Content-Length
1083766
facebook_text.png
claim-freefire.fauzi.biz.id/img/
28 KB
29 KB
Image
General
Full URL
https://claim-freefire.fauzi.biz.id/img/facebook_text.png
Requested by
Host: claim-freefire.fauzi.biz.id
URL: https://claim-freefire.fauzi.biz.id/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
092a3cd5f86b3f039feefdeb86694cd16ae545af214cfda614bdbbe2d1bde401

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://claim-freefire.fauzi.biz.id/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Sat, 24 Feb 2024 00:39:02 GMT
cf-cache-status
MISS
last-modified
Mon, 09 Aug 2021 10:46:36 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WrQKd%2BuTnQcuUOWmtBI9DQme9H9Fl8Z9X4u5L9RIsn4SBPfHPwwS1Tg6YmAKsiS1F8ZuYIUg4%2BohPWBG7Ncn6uvzkbWIlQgbumYjxYlXEF342Qh2%2BNLTLDgxVwzXoxwZ4J0jVoNi8%2BAjclHIWBwn1n3FnZB0qFlFvB4%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
85a3a61dfa6ab957-AMS
alt-svc
h3=":443"; ma=86400
content-length
28789
IMG-20210702-145636.jpg
i.ibb.co/hHmC7Dx/
20 KB
21 KB
Image
General
Full URL
https://i.ibb.co/hHmC7Dx/IMG-20210702-145636.jpg
Requested by
Host: claim-freefire.fauzi.biz.id
URL: https://claim-freefire.fauzi.biz.id/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
162.19.58.157 , France, ASN16276 (OVH, FR),
Reverse DNS
ns3096589.ip-162-19-58.eu
Software
nginx /
Resource Hash
4f1a23e3f5b2205e41916b4fcadf3ad1d86bcb7e010cffff0ecad52f320d18c9

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://claim-freefire.fauzi.biz.id/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Sat, 24 Feb 2024 00:38:59 GMT
last-modified
Fri, 02 Jul 2021 07:57:26 GMT
server
nginx
access-control-allow-methods
GET, OPTIONS
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=315360000, public
accept-ranges
bytes
content-length
20746
expires
Thu, 31 Dec 2037 23:55:55 GMT
jquery-3.6.0.min.js
code.jquery.com/
87 KB
30 KB
Script
General
Full URL
https://code.jquery.com/jquery-3.6.0.min.js
Requested by
Host: claim-freefire.fauzi.biz.id
URL: https://claim-freefire.fauzi.biz.id/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://claim-freefire.fauzi.biz.id/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Sat, 24 Feb 2024 00:38:59 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
age
1192758
x-cache
HIT, HIT
content-length
30875
x-served-by
cache-lga21931-LGA, cache-ams21038-AMS
last-modified
Fri, 18 Oct 1991 12:00:00 GMT
server
nginx
x-timer
S1708735140.557195,VS0,VE0
etag
W/"28feccc0-15d9d"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=604800
accept-ranges
bytes
x-cache-hits
151404, 99650
1.0.0.js
randomjs.com/
0
0
Script
General
Full URL
https://randomjs.com/1.0.0.js
Requested by
Host: claim-freefire.fauzi.biz.id
URL: https://claim-freefire.fauzi.biz.id/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
3.64.163.50 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-64-163-50.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://claim-freefire.fauzi.biz.id/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

popSound.mp4
claim-freefire.fauzi.biz.id/ngMedia/
0
0
Media
General
Full URL
https://claim-freefire.fauzi.biz.id/ngMedia/popSound.mp4
Requested by
Host: claim-freefire.fauzi.biz.id
URL: https://claim-freefire.fauzi.biz.id/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://claim-freefire.fauzi.biz.id/
Accept-Encoding
identity;q=1, *;q=0
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
Range
bytes=0-

Response headers

date
Sat, 24 Feb 2024 00:39:01 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UNLZaCIbUXNwOJwIDsS1e4bvwA6HyC%2BH57SkXQZhArP%2FW%2FOaq93EBx8MiWds%2Fm7lHYBTFYzgq4oHBhHpa68iyJpeMfJEv4Bh1xdVqxE6JPHPBqoj9iAXnMb1l3c2D3H4LAkGMf3pPQOSdSOKIR5Zl9agdOIrA88ljBM%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=iso-8859-1
cache-control
max-age=14400
cf-ray
85a3a61e0a82b957-AMS
alt-svc
h3=":443"; ma=86400
clickSound.mpeg
claim-freefire.fauzi.biz.id/ngMedia/
9 KB
10 KB
Media
General
Full URL
https://claim-freefire.fauzi.biz.id/ngMedia/clickSound.mpeg
Requested by
Host: claim-freefire.fauzi.biz.id
URL: https://claim-freefire.fauzi.biz.id/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b82ec79a87b79ba6f90b5b18614d3a49b4bf9bce01a9519e18dfd4aaf739df97

Request headers

Referer
https://claim-freefire.fauzi.biz.id/
Accept-Encoding
identity;q=1, *;q=0
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
Range
bytes=0-

Response headers

date
Sat, 24 Feb 2024 00:39:01 GMT
cf-cache-status
DYNAMIC
last-modified
Mon, 09 Aug 2021 10:46:36 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wC%2FF5KKS3eW51ZMzlstam1CAT3Le5aq2pQGtQI9T8PZfQqxkerryfc7%2FYxC8%2FJbHNSUaco6xA9TGfj3q4sDOhXOoYndH0n42ore60yqci5Q7Q42JndtcpjLb5F4Tfrv%2BI9RvdqRId73PTMG6tivS195ZHpVKSw262Rg%3D"}],"group":"cf-nel","max_age":604800}
content-type
video/mpeg
Content-Range
bytes 0-9701/9702
accept-ranges
bytes
cf-ray
85a3a61e0a88b957-AMS
alt-svc
h3=":443"; ma=86400
Content-Length
9702
css2
fonts.googleapis.com/
424 B
732 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css2?family=Fredoka+One&display=swap
Requested by
Host: claim-freefire.fauzi.biz.id
URL: https://claim-freefire.fauzi.biz.id/css/style.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
aff3aed487dddcbd72b3a7d41fb8b7e9b231a50c72146ff7c476577642b92a9c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://claim-freefire.fauzi.biz.id/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Sat, 24 Feb 2024 00:39:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Fri, 23 Feb 2024 23:38:22 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sat, 24 Feb 2024 00:39:01 GMT
css2
fonts.googleapis.com/
781 B
462 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css2?family=Sniglet&display=swap
Requested by
Host: claim-freefire.fauzi.biz.id
URL: https://claim-freefire.fauzi.biz.id/css/style.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
900d76d48399dcedc36fb1ae05b223de29f281b64f0a44ebbaa94e92f3cbc45d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://claim-freefire.fauzi.biz.id/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Sat, 24 Feb 2024 00:39:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Sat, 24 Feb 2024 00:39:01 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sat, 24 Feb 2024 00:39:01 GMT
css2
fonts.googleapis.com/
1 KB
556 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css2?family=Itim&display=swap
Requested by
Host: claim-freefire.fauzi.biz.id
URL: https://claim-freefire.fauzi.biz.id/css/style.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e7df016424ff9bc6fb284be94d9a0f349e84277541162fad7ac75b494e180281
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://claim-freefire.fauzi.biz.id/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Sat, 24 Feb 2024 00:39:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Sat, 24 Feb 2024 00:18:59 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sat, 24 Feb 2024 00:39:01 GMT
css2
fonts.googleapis.com/
1 KB
540 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css2?family=Teko&display=swap
Requested by
Host: claim-freefire.fauzi.biz.id
URL: https://claim-freefire.fauzi.biz.id/css/style.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
2b4a081814a94ac5a3b98e1462e8449a3e84f6ea0694d194c1934cb2e27abfa5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://claim-freefire.fauzi.biz.id/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Sat, 24 Feb 2024 00:39:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Sat, 24 Feb 2024 00:13:05 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sat, 24 Feb 2024 00:39:01 GMT
css2
fonts.googleapis.com/
402 B
379 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css2?family=Acme&display=swap
Requested by
Host: claim-freefire.fauzi.biz.id
URL: https://claim-freefire.fauzi.biz.id/css/style.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
7a9b8b236cde4ff824178f8131377892f3547ac822d631ac3d47dfb2ad3d9823
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://claim-freefire.fauzi.biz.id/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Sat, 24 Feb 2024 00:39:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Sat, 24 Feb 2024 00:28:12 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sat, 24 Feb 2024 00:39:01 GMT
garena-free-fire-plan-bermuda-street-outfit-to.jpg
images.hdqwalls.com/wallpapers/bthumb/
146 KB
146 KB
Image
General
Full URL
https://images.hdqwalls.com/wallpapers/bthumb/garena-free-fire-plan-bermuda-street-outfit-to.jpg
Requested by
Host: claim-freefire.fauzi.biz.id
URL: https://claim-freefire.fauzi.biz.id/css/style.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:b06 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c28ae7f610d66262114945bbcd947cf156888bda138028bddcdfda69b6f0f15d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://claim-freefire.fauzi.biz.id/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Sat, 24 Feb 2024 00:39:01 GMT
x-server-powered-by
Engintron
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-length
149005
x-xss-protection
1; mode=block
x-nginx-upstream-cache-status
BYPASS
last-modified
Sun, 06 Sep 2020 20:16:04 GMT
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jzto0z7NTRYD9Z5UehzJbwMdenyxysK8KhSrila41td3zvivl5zMBenIbTVT9k0StR88woy3VfghWz%2B1pRHLa8yUFJLwVfl%2FnS1KYSb6M8FF0h%2BdiNNER84Yb6qu5m4FRZBTFkTN0Z8ts6mscYSj0fg%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=16070400
accept-ranges
bytes
cf-ray
85a3a62b29973a3d-FRA
expires
Tue, 23 Apr 2024 04:21:03 GMT
container.jpg
i.ibb.co/BLH3QxM/
53 KB
53 KB
Image
General
Full URL
https://i.ibb.co/BLH3QxM/container.jpg
Requested by
Host: claim-freefire.fauzi.biz.id
URL: https://claim-freefire.fauzi.biz.id/css/style.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
162.19.58.157 , France, ASN16276 (OVH, FR),
Reverse DNS
ns3096589.ip-162-19-58.eu
Software
nginx /
Resource Hash
d25ac254d62875458e958a4a91e23dec7c597bfb5d37afeb94aac9dc18bc2476

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://claim-freefire.fauzi.biz.id/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Sat, 24 Feb 2024 00:39:02 GMT
last-modified
Mon, 05 Jul 2021 03:26:07 GMT
server
nginx
access-control-allow-methods
GET, OPTIONS
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=315360000, public
accept-ranges
bytes
content-length
54294
expires
Thu, 31 Dec 2037 23:55:55 GMT
maxresdefault.jpg
i.ytimg.com/vi/FXbYo1SQ7uI/
105 KB
105 KB
Image
General
Full URL
https://i.ytimg.com/vi/FXbYo1SQ7uI/maxresdefault.jpg
Requested by
Host: claim-freefire.fauzi.biz.id
URL: https://claim-freefire.fauzi.biz.id/css/style.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
406524d8bc1d2bdd75f9dc856dbb8f1969e51c0f6657212450d5c277b1a80387
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://claim-freefire.fauzi.biz.id/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Sat, 24 Feb 2024 00:39:01 GMT
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
107250
x-xss-protection
0
server
sffe
etag
"1613267183"
vary
Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
image/jpeg
cache-control
public, max-age=7200
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Sat, 24 Feb 2024 02:39:01 GMT
cIf9MaFLtkE3UjaJ9C6hYQ.woff2
fonts.gstatic.com/s/sniglet/v17/
24 KB
25 KB
Font
General
Full URL
https://fonts.gstatic.com/s/sniglet/v17/cIf9MaFLtkE3UjaJ9C6hYQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Sniglet&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
37e59a351da07186054ae43724f2665824d43c132ce01cc897f0e1eb7dd8fed2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://claim-freefire.fauzi.biz.id
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Wed, 21 Feb 2024 07:58:19 GMT
x-content-type-options
nosniff
age
232842
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
24676
x-xss-protection
0
last-modified
Wed, 27 Apr 2022 16:20:01 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 20 Feb 2025 07:58:19 GMT
k3kUo8kEI-tA1RRcTZGmTlHGCac.woff2
fonts.gstatic.com/s/fredokaone/v14/
15 KB
15 KB
Font
General
Full URL
https://fonts.gstatic.com/s/fredokaone/v14/k3kUo8kEI-tA1RRcTZGmTlHGCac.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Fredoka+One&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e9986c62b19bce3791c4c103a4aa87c91d22d9e1c9f252f7f802ea26d3405769
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://claim-freefire.fauzi.biz.id
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Tue, 20 Feb 2024 06:52:37 GMT
x-content-type-options
nosniff
age
323184
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15596
x-xss-protection
0
last-modified
Mon, 20 Mar 2023 20:35:18 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 19 Feb 2025 06:52:37 GMT
RrQfboBx-C5_XxrBbg.woff2
fonts.gstatic.com/s/acme/v25/
8 KB
8 KB
Font
General
Full URL
https://fonts.gstatic.com/s/acme/v25/RrQfboBx-C5_XxrBbg.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Acme&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
bb814ac86e7f409154ced702b9f3543761d09410e837ec728242e6b980a26aa0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://claim-freefire.fauzi.biz.id
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Wed, 21 Feb 2024 07:50:55 GMT
x-content-type-options
nosniff
age
233286
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8236
x-xss-protection
0
last-modified
Thu, 24 Aug 2023 21:26:43 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 20 Feb 2025 07:50:55 GMT
19.jpg
claim-freefire.fauzi.biz.id/ngMedia/ngReward/
297 KB
297 KB
Image
General
Full URL
https://claim-freefire.fauzi.biz.id/ngMedia/ngReward/19.jpg
Requested by
Host: claim-freefire.fauzi.biz.id
URL: https://claim-freefire.fauzi.biz.id/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
01414bfe9fb01899d0cc40bf63b8bf11d709bcccf11e170b642bbc185a104c5a

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://claim-freefire.fauzi.biz.id/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Sat, 24 Feb 2024 00:39:03 GMT
cf-cache-status
MISS
last-modified
Mon, 09 Aug 2021 10:46:36 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bNDpOB%2FU87taOAxCcvdX9Frhq0%2B%2FwdGZhmQQynlw26%2F4X7cwAuWdkKnfM8Yr2Vl8EGyY9qZyp6BvtbptBKfrvfa5aR8l1O5rmhxl0ZNkFurJvq78IDI6WnOIbUE%2F8DigZqP0Z8YHXfze9EVoj%2FJ70wpOhUedCmc6Tdw%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
85a3a62aed9eb957-AMS
alt-svc
h3=":443"; ma=86400
content-length
303994
12.jpg
claim-freefire.fauzi.biz.id/ngMedia/ngReward/
5 KB
5 KB
Image
General
Full URL
https://claim-freefire.fauzi.biz.id/ngMedia/ngReward/12.jpg
Requested by
Host: claim-freefire.fauzi.biz.id
URL: https://claim-freefire.fauzi.biz.id/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
145c1c61215abfb0e9d565fcc12caf0589a20a6fbf7be74170d1af19c2a53681

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://claim-freefire.fauzi.biz.id/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Sat, 24 Feb 2024 00:39:02 GMT
cf-cache-status
MISS
last-modified
Mon, 09 Aug 2021 10:46:36 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oBkmWwJBStJNMt%2Fo9j8RKkkEfrgENWXhzuBDs0YFcaO9zWBH5tT%2F1jd3ZqQhxpLEDhRUWF4yG9z0S%2FmDBNCgsF43Sl%2Fc4n26Ruk%2FviiEYW4Y8DQnfd3X6lRi2dhXbl0VgaMnvel7dT%2BwxZ9FJ5%2FtNasMkpsr7v%2BKatk%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
85a3a62aed9fb957-AMS
alt-svc
h3=":443"; ma=86400
content-length
5161
38.jpg
claim-freefire.fauzi.biz.id/ngMedia/ngReward/
315 B
315 B
Image
General
Full URL
https://claim-freefire.fauzi.biz.id/ngMedia/ngReward/38.jpg
Requested by
Host: claim-freefire.fauzi.biz.id
URL: https://claim-freefire.fauzi.biz.id/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://claim-freefire.fauzi.biz.id/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Sat, 24 Feb 2024 00:39:02 GMT
content-encoding
br
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9rL8a6QMHFD6QgHpLupYYfHCo7qbqcswXNLx3SfNxW2UoLiN75EDyOO2yXdHMifW16R07MbuFPZwHXutNo2ABL0r3vajv%2FB%2Bljdb0Zxv6wA9rrwGgF%2FvbH5gkKiUZVoCZDKWQZ0nAYIyMD1Mpt3b3ycJSxNhLLe%2FvIo%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=iso-8859-1
cache-control
max-age=14400
cf-ray
85a3a62aeda0b957-AMS
alt-svc
h3=":443"; ma=86400
25.jpg
claim-freefire.fauzi.biz.id/ngMedia/ngReward/
315 B
315 B
Image
General
Full URL
https://claim-freefire.fauzi.biz.id/ngMedia/ngReward/25.jpg
Requested by
Host: claim-freefire.fauzi.biz.id
URL: https://claim-freefire.fauzi.biz.id/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://claim-freefire.fauzi.biz.id/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Sat, 24 Feb 2024 00:39:02 GMT
content-encoding
br
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6UYGAbKupGVLRyyL9EX8oXzGZoT%2B13rE8aAkEO2tet85%2FZwwAL1BV4Gd8t31W1ngDdmjmyP5vIrOq7TsIZDt3j7u0lkIwry45VKUi%2Bqgo23P%2Blh%2FY3VZf%2B6BC44ST9nPZypqszzJRMFaaNuXuAvcjbskhpwQcT4YhRU%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=iso-8859-1
cache-control
max-age=14400
cf-ray
85a3a62aeda3b957-AMS
alt-svc
h3=":443"; ma=86400
23.jpg
claim-freefire.fauzi.biz.id/ngMedia/ngReward/
315 B
315 B
Image
General
Full URL
https://claim-freefire.fauzi.biz.id/ngMedia/ngReward/23.jpg
Requested by
Host: claim-freefire.fauzi.biz.id
URL: https://claim-freefire.fauzi.biz.id/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://claim-freefire.fauzi.biz.id/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Sat, 24 Feb 2024 00:39:03 GMT
content-encoding
br
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Hdkzu2cNGwneWt8F8u%2FyRu5sp3l5tYB1bhN7BeuHW%2Baf1kXRWzTBUR0grYzGWxYclWfuhUrfg4B3jgZNtBA5SztJzlH%2FxkH4PYVCfv%2BQ97JraTs9l5Wxlx9gAIXMJWWZfhdgjiDpZuLSJjHP3OQyHtJF5o4L5x1%2FksU%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=iso-8859-1
cache-control
max-age=14400
cf-ray
85a3a62aeda5b957-AMS
alt-svc
h3=":443"; ma=86400
getcountry
api.pubgameshowtime.com/ip/
56 B
453 B
XHR
General
Full URL
https://api.pubgameshowtime.com/ip/getcountry
Requested by
Host: code.jquery.com
URL: https://code.jquery.com/jquery-3.6.0.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.160.212.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-160-212-19.mxp53.r.cloudfront.net
Software
/
Resource Hash
a84907ff5cc09364a0fd07d084c0df3a9c6c9f5309c98778a8f4e796ba7a2c07

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://claim-freefire.fauzi.biz.id/
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Sat, 24 Feb 2024 00:39:02 GMT
via
1.1 3bbd9c639a192694d597e09ea3006bce.cloudfront.net (CloudFront)
x-amz-cf-pop
MXP53-P3
x-amzn-trace-id
Root=1-65d93aa6-24e2105528cdc9235f70d562;Parent=3b9656b68bf0d7ae;Sampled=0;lineage=f1f33dee:0
x-amzn-requestid
1c9d4124-2ae9-4bf1-b6af-0e11f5e20dc3
x-cache
Miss from cloudfront
content-type
application/json
access-control-allow-origin
*
x-amz-apigw-id
TnYaEFuXSK4Eb1A=
content-length
56
x-amz-cf-id
-thE_sQO3vzMzop93Fpm6oPMtoRkH5KDW4HAdSN944ZbkVJfWhUlOw==
aba40-16124989553053-800.jpg
staticg.sportskeeda.com/editor/2021/02/
65 KB
66 KB
Image
General
Full URL
https://staticg.sportskeeda.com/editor/2021/02/aba40-16124989553053-800.jpg
Requested by
Host: claim-freefire.fauzi.biz.id
URL: https://claim-freefire.fauzi.biz.id/css/style.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2761:7e00:9:9b5:5880:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
9d285f2596aff214ef039ad897078da90d759cc9d517b8324993593bf8f0c3e8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://claim-freefire.fauzi.biz.id/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-gumlet-pc
HIT
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Sat, 24 Feb 2024 00:39:03 GMT
via
1.1 8e59b301b68bf6ac4dcacf061926e712.cloudfront.net (CloudFront)
nel
{"report_to": "gumlet-nel", "max_age": 604800, "success_fraction": 0.005, "include_subdomains":true, "failure_fraction":1.0 }
x-gumlet-reqid
65d93aa6ad789155331f81f6
x-amz-cf-pop
FRA60-P8
x-cache
Miss from cloudfront
x-gumlet-runtime
0.853
alt-svc
h3=":443"; ma=86400
content-length
66672
reporting-endpoints
gumlet-nel="https://nel.gumlytics.com/report", default="https://nel.gumlytics.com/report"
surrogate-key
staticg.sportskeeda.com 2024-02-21
etag
"3n7bhg2stpa8q"
access-control-max-age
3600
report-to
{"group": "gumlet-nel", "max_age": 604800, "endpoints": [{"url": "https://nel.gumlytics.com/report"}]}
content-type
image/avif
access-control-allow-origin
*
cache-control
public, max-age=8640000, s-maxage=31536000, stale-while-revalidate=86400, stale-if-error=86400
vary
accept
accept-ranges
bytes
access-control-allow-headers
*
x-amz-cf-id
BAoNDgfMGIoWxvnJk4RUdIg9nl7IJhrpdyWjwwtaTC3lThBKCG0Iww==
digital-7.ttf
claim-freefire.fauzi.biz.id/ngMedia/
34 KB
11 KB
Font
General
Full URL
https://claim-freefire.fauzi.biz.id/ngMedia/digital-7.ttf
Requested by
Host: claim-freefire.fauzi.biz.id
URL: https://claim-freefire.fauzi.biz.id/css/style.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ec3ac662132b9a60e3b09b8a971a131a55aeee1447146aa38ea7b32d777bc3c8

Request headers

Referer
https://claim-freefire.fauzi.biz.id/css/style.css
Origin
https://claim-freefire.fauzi.biz.id
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Sat, 24 Feb 2024 00:39:04 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Mon, 09 Aug 2021 10:46:36 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OtgLCdZrKOX%2B8ukjDWSpjI3K%2B0Whm9LqaAUks1WlP5fm172ZAjQPquzFNU8G%2BdrdczTD3kZ5FxBJRKyZCbx4xs9xq9QLqSPiQKfjbfnvR4FqUorxrhxtJkLg9r7rssQWc1GcG6IUUn92TnPbp3mq%2BSUkcv%2Bt2%2FF3YcY%3D"}],"group":"cf-nel","max_age":604800}
content-type
font/ttf
cache-control
max-age=14400
cf-ray
85a3a6318bc1b957-AMS
alt-svc
h3=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Gaming (Entertainment)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery function| openCrate number| countDownDate number| x function| tiktok function| checkip function| valid

0 Cookies

5 Console Messages

Source Level URL
Text
network error URL: https://randomjs.com/1.0.0.js
Message:
Failed to load resource: the server responded with a status of 410 ()
network error URL: https://claim-freefire.fauzi.biz.id/ngMedia/popSound.mp4
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://claim-freefire.fauzi.biz.id/ngMedia/ngReward/38.jpg
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://claim-freefire.fauzi.biz.id/ngMedia/ngReward/25.jpg
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://claim-freefire.fauzi.biz.id/ngMedia/ngReward/23.jpg
Message:
Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.pubgameshowtime.com
cdnjs.cloudflare.com
claim-freefire.fauzi.biz.id
code.jquery.com
fonts.googleapis.com
fonts.gstatic.com
freefiremobile-a.akamaihd.net
i.ibb.co
i.pinimg.com
i.ytimg.com
images.hdqwalls.com
randomjs.com
staticg.sportskeeda.com
162.19.58.157
23.48.23.141
2600:9000:2761:7e00:9:9b5:5880:93a1
2606:4700:20::681a:b06
2606:4700::6811:190e
2a00:1450:4001:812::2003
2a00:1450:4001:827::200a
2a00:1450:4001:82a::2016
2a02:26f0:3100::1735:2a79
2a04:4e42::649
2a06:98c1:3121::3
3.160.212.19
3.64.163.50
01414bfe9fb01899d0cc40bf63b8bf11d709bcccf11e170b642bbc185a104c5a
092a3cd5f86b3f039feefdeb86694cd16ae545af214cfda614bdbbe2d1bde401
104b8338fe458890a927c07c902f3675055226ad97f898ce523acd358a5b6ae9
145c1c61215abfb0e9d565fcc12caf0589a20a6fbf7be74170d1af19c2a53681
1e5a5fba50a64d54d3178137d0229d0f494d29c76e8fb04c4dd940d375e61d23
2b4a081814a94ac5a3b98e1462e8449a3e84f6ea0694d194c1934cb2e27abfa5
3414e1a42c1555294d1d1e8baeb35a8e323db521608de4f4589a4653814f15b7
34d5c0a738a0b8dd5c7eeb6c4c7ba1cdfcaffdb4f287c7589d6f91d1f31cf77e
37e59a351da07186054ae43724f2665824d43c132ce01cc897f0e1eb7dd8fed2
406524d8bc1d2bdd75f9dc856dbb8f1969e51c0f6657212450d5c277b1a80387
43b19f34714467305033a7e41ca82a51eb06fed356cf4b14ce763f2178ee86dc
4f1a23e3f5b2205e41916b4fcadf3ad1d86bcb7e010cffff0ecad52f320d18c9
654cb99fb0cdc3b32bf8efbd77c8171f09580840dbd8084e3dbd2427210a9b9e
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7a9b8b236cde4ff824178f8131377892f3547ac822d631ac3d47dfb2ad3d9823
900d76d48399dcedc36fb1ae05b223de29f281b64f0a44ebbaa94e92f3cbc45d
9d285f2596aff214ef039ad897078da90d759cc9d517b8324993593bf8f0c3e8
a84907ff5cc09364a0fd07d084c0df3a9c6c9f5309c98778a8f4e796ba7a2c07
aff3aed487dddcbd72b3a7d41fb8b7e9b231a50c72146ff7c476577642b92a9c
b5bfeab68d153699fdf0d57d92c5b2d9ede9cdf031697989a9e2a978e9b677c5
b82ec79a87b79ba6f90b5b18614d3a49b4bf9bce01a9519e18dfd4aaf739df97
bb814ac86e7f409154ced702b9f3543761d09410e837ec728242e6b980a26aa0
c28ae7f610d66262114945bbcd947cf156888bda138028bddcdfda69b6f0f15d
d25ac254d62875458e958a4a91e23dec7c597bfb5d37afeb94aac9dc18bc2476
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
e7df016424ff9bc6fb284be94d9a0f349e84277541162fad7ac75b494e180281
e9986c62b19bce3791c4c103a4aa87c91d22d9e1c9f252f7f802ea26d3405769
ec3ac662132b9a60e3b09b8a971a131a55aeee1447146aa38ea7b32d777bc3c8
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e