r6.ff-claim-gratis.me Open in urlscan Pro
2606:4700:3033::ac43:ad38 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://r6.ff-claim-gratis.me/
Submission: On September 12 via automatic, source certstream-suspicious (September 12th 2021, 2:01:42 pm UTC) — Scanned from DE

Summary HTTP 43 Redirects Behaviour Indicators

Summary

This website contacted 12 IPs in 6 countries across 11 domains to perform 43 HTTP transactions. The main IP is 2606:4700:3033::ac43:ad38, located in United States and belongs to CLOUDFLARENET, US. The main domain is r6.ff-claim-gratis.me.
TLS certificate: Issued by R3 on August 24th 2021. Valid for: 3 months.

This is the only time r6.ff-claim-gratis.me was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Gaming (Entertainment)

Domain & IP information

	IP Address	AS Autonomous System
20	2606:4700:303... 2606:4700:3033::ac43:ad38	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:125e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	163.172.91.236 163.172.91.236	12876 (Online SAS) (Online SAS)
1	2a02:26f0:2b0... 2a02:26f0:2b00:22::687d:3cc	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
8	2a00:1450:400... 2a00:1450:4007:80d::2001	15169 (GOOGLE) (GOOGLE)
3	146.59.152.166 146.59.152.166	16276 (OVH) (OVH)
1	103.247.9.157 103.247.9.157	58487 (RUMAHWEB-...) (RUMAHWEB-AS-ID Rumahweb Indonesia CV.)
1	2606:4700::68... 2606:4700::6812:eb0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	92.123.142.203 92.123.142.203	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a00:1450:400... 2a00:1450:4007:80e::2003	15169 (GOOGLE) (GOOGLE)
2	129.226.2.89 129.226.2.89	132203 (TENCENT-N...) (TENCENT-NET-AP-CN Tencent Building)
43	12

20 2606:4700:3033::ac43:ad38 (United States)

ASN13335 (CLOUDFLARENET, US)

r6.ff-claim-gratis.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:125e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 163.172.91.236 (France)

ASN12876 (Online SAS, FR)
PTR: 163-172-91-236.rev.poneytelecom.eu

h.top4top.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:2b00:22::687d:3cc (Paris, France)

ASN20940 (AKAMAI-ASN1, NL)

steamuserimages-a.akamaihd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4007:80d::2001 (Ireland)

ASN15169 (GOOGLE, US)

yt3.ggpht.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 146.59.152.166 (France)

ASN16276 (OVH, FR)
PTR: i.ibb.co

i.ibb.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 103.247.9.157 (Indonesia)

ASN58487 (RUMAHWEB-AS-ID Rumahweb Indonesia CV., ID)
PTR: anjani.satu.rumahweb.com

app-jquery.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:eb0 (United States)

ASN13335 (CLOUDFLARENET, US)

i.pinimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 92.123.142.203 (London, United Kingdom)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a92-123-142-203.deploy.static.akamaitechnologies.com

cdngarenanow-a.akamaihd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4007:80e::2003 (Ireland)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 129.226.2.89 (Singapore, Singapore)

ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN)

na.apps.amsoveasea.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
20	ff-claim-gratis.me r6.ff-claim-gratis.me	1 MB
8	ggpht.com yt3.ggpht.com	88 KB
3	ibb.co i.ibb.co	334 KB
3	akamaihd.net steamuserimages-a.akamaihd.net cdngarenanow-a.akamaihd.net	668 KB
2	amsoveasea.com na.apps.amsoveasea.com	347 B
1	gstatic.com fonts.gstatic.com	13 KB
1	pinimg.com i.pinimg.com	170 KB
1	app-jquery.xyz app-jquery.xyz	36 KB
1	top4top.io h.top4top.io	85 KB
1	cloudflare.com cdnjs.cloudflare.com	6 KB
0	webydo.com Failed files7.webydo.com Failed
43	11

	Domain	Requested by
20	r6.ff-claim-gratis.me	r6.ff-claim-gratis.me
8	yt3.ggpht.com	r6.ff-claim-gratis.me
3	i.ibb.co	r6.ff-claim-gratis.me
2	na.apps.amsoveasea.com	app-jquery.xyz
2	cdngarenanow-a.akamaihd.net	r6.ff-claim-gratis.me
1	fonts.gstatic.com	r6.ff-claim-gratis.me
1	i.pinimg.com	r6.ff-claim-gratis.me
1	app-jquery.xyz	r6.ff-claim-gratis.me
1	steamuserimages-a.akamaihd.net	r6.ff-claim-gratis.me
1	h.top4top.io	r6.ff-claim-gratis.me
1	cdnjs.cloudflare.com	r6.ff-claim-gratis.me
0	files7.webydo.com Failed	r6.ff-claim-gratis.me
43	12

This site contains no links.

Subject Issuer	Validity	Valid
*.ff-claim-gratis.me R3	`2021-08-24` - `2021-11-22`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-10-21` - `2021-10-20`	a year	crt.sh
top4top.io R3	`2021-07-17` - `2021-10-15`	3 months	crt.sh
a248.e.akamai.net DigiCert SHA2 Secure Server CA	`2021-07-15` - `2022-07-20`	a year	crt.sh
*.googleusercontent.com GTS CA 1C3	`2021-08-23` - `2021-11-15`	3 months	crt.sh
ibb.co R3	`2021-08-06` - `2021-11-04`	3 months	crt.sh
app-jquery.xyz R3	`2021-09-04` - `2021-12-03`	3 months	crt.sh
*.pinimg.com DigiCert TLS RSA SHA256 2020 CA1	`2021-06-08` - `2022-07-09`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2021-08-23` - `2021-11-15`	3 months	crt.sh
na.apps.amsoveasea.com TrustAsia TLS RSA CA	`2021-05-31` - `2022-05-30`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://r6.ff-claim-gratis.me/
Frame ID: 3809BF0016CBD027EE6DD373A5D4B359
Requests: 43 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

LUCKY ROYALE | GARENA FREEFIRES

Detected technologies

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

43
Requests

95 %
HTTPS

55 %
IPv6

11
Domains

12
Subdomains

12
IPs

6
Countries

2463 kB
Transfer

2605 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

43 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
r6.ff-claim-gratis.me/ 8 KB
3 KB 5735ms
514ms Document
text/html 2606:4700:3033::ac43:ad38
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://r6.ff-claim-gratis.me/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:ad38 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6bb10300ee9e69e9c571c37b9c1b0f246de43cf6c7154a695dcdb9c3d7e59925

Request headers

:method: GET
:authority: r6.ff-claim-gratis.me
:scheme: https
:path: /
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Sun, 12 Sep 2021 14:01:25 GMT
content-type: text/html
last-modified: Thu, 15 Jul 2021 10:35:14 GMT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qDQMQvSZQVnhEvwA%2BkEP0LypU6e8E7nan87FnbSIGTueADpokB1d%2F%2FPsqFeSnFktI9l3lgwfJXUdLD%2FZSHHPLC6yP9ZKIoyYgKYXQYxfVKrXr0rZZVIMGJknZbmDdVmTG0G3OXWsH1ZJQjapXCktMT3gJLE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 68d9aaed4a854e61-FRA
content-encoding: br

GET
H2 200 style.css
r6.ff-claim-gratis.me/css/ 11 KB
3 KB 18ms
17ms Stylesheet
text/css 2606:4700:3033::ac43:ad38
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://r6.ff-claim-gratis.me/css/style.css
Requested by: Host: r6.ff-claim-gratis.me
URL: https://r6.ff-claim-gratis.me/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:ad38 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 31e973921e6ccd12845690c7bd3fa899a6f05b4fbaa0c15518497f17e4d6e23d

Request headers

:path: /css/style.css
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: r6.ff-claim-gratis.me
referer: https://r6.ff-claim-gratis.me/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://r6.ff-claim-gratis.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 14:01:25 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 10
cf-polished: origSize=16317
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Thu, 15 Jul 2021 10:32:42 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BhGeGiw4OpjEdrnIbqa2ZkktwGXc3eI6Q9Ei%2FbwaSizo5KIdq5ZRWTW7M%2Fo3UvQ6cozKN4Cw7OeKgSCtpBvMNlc7nqRYwjkLiA%2BfiDzZtjvJ7A65wD8pnBtQPZxfNNsLu%2FpFuvzcQXkR96PFTyKxIIC3rY8%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 68d9aaf0c9cf4e61-FRA
expires: Sun, 19 Sep 2021 14:01:15 GMT

GET
H2 200 facebook.css
r6.ff-claim-gratis.me/css/ 3 KB
1 KB 16ms
15ms Stylesheet
text/css 2606:4700:3033::ac43:ad38
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://r6.ff-claim-gratis.me/css/facebook.css
Requested by: Host: r6.ff-claim-gratis.me
URL: https://r6.ff-claim-gratis.me/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:ad38 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 21f5b2113bfb7b659f74a33c17a843b3cd2acaf6145946a7a6f375ab08de1d93

Request headers

:path: /css/facebook.css
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: r6.ff-claim-gratis.me
referer: https://r6.ff-claim-gratis.me/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://r6.ff-claim-gratis.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 14:01:25 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 10
cf-polished: origSize=4072
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Mon, 19 Apr 2021 08:50:14 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z9SGlZxeDbUArG3YkcprZVhvJsf5yfvzVFcO4urHCEbno23HUR1eJGTHgsW1gqPLf9SliHhil5sr%2B7EXTp24Ds3xRDneNdIpvGa3SjgOQS7ZBJtWzT05vrceUTcMh7OFUgupcUeJf8FflPv6ycTSLpR8CUI%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 68d9aaf0c9d64e61-FRA
expires: Sun, 19 Sep 2021 14:01:15 GMT

GET
H2 200 font-awesome.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/ 30 KB
6 KB 5143ms
26ms Stylesheet
text/css 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css

Requested by

Host: r6.ff-claim-gratis.me
URL: https://r6.ff-claim-gratis.me/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://r6.ff-claim-gratis.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 14:01:31 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1686508
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 5631
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:10:07 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e5f-7918"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qur4MbWHjdRtEeUW9PD%2F1h4JcSbP2rc7Qhkpt2hr94rGf1%2FNlcusNW6z36U0ScRQqELkVCnxFQqW%2FK1NdZMu4TdouYmh868VBVCLzHIwWO9o9EZUGCHByTG53CCt2u8iJa5VQleHv7XqsBKJqEO4OFHA"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 68d9ab10cd124e68-FRA
expires: Fri, 02 Sep 2022 14:01:31 GMT

GET
H2 200 p_2016h7ob71.gif
h.top4top.io/ 85 KB
85 KB 5145ms
31ms Image
image/gif 163.172.91.236
Online SAS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://h.top4top.io/p_2016h7ob71.gif
Requested by: Host: r6.ff-claim-gratis.me
URL: https://r6.ff-claim-gratis.me/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 163.172.91.236 , France, ASN12876 (Online SAS, FR),
Reverse DNS: 163-172-91-236.rev.poneytelecom.eu
Software: nginx /
Resource Hash: f2d0dae13baddb4ef853a0ea61bafaa18f9db27317019673a000df156ad86f92

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://r6.ff-claim-gratis.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-file-id: x39388555x
date: Sun, 12 Sep 2021 14:01:31 GMT
last-modified: Fri, 09 Jul 2021 10:29:09 GMT
server: nginx
etag: "60e824f5-15386"
content-type: image/gif
cache-control: max-age=7200
content-disposition: inline; filename="ezgif.com-gif-maker.gif"
accept-ranges: bytes
content-length: 86918
expires: Sun, 12 Sep 2021 16:01:31 GMT

GET
H2 200 /
steamuserimages-a.akamaihd.net/ugc/909022648274283056/506B4A9C27FA5CEE3952C83D1FBAF6ADF1FAC7FA/ 211 KB
212 KB 5142ms
28ms Image
image/jpeg 2a02:26f0:2b00:22::687d:3cc
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://steamuserimages-a.akamaihd.net/ugc/909022648274283056/506B4A9C27FA5CEE3952C83D1FBAF6ADF1FAC7FA/
Requested by: Host: r6.ff-claim-gratis.me
URL: https://r6.ff-claim-gratis.me/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2a02:26f0:2b00:22::687d:3cc Paris, France, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: d911bf4d45fe0b44383f199a462d2dc995bee62123075df5a1e9e3a3c9a14870

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://r6.ff-claim-gratis.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Sun, 12 Sep 2021 14:01:31 GMT
content-md5: gRwH2aEjH2LLzlkwpFkc7A==
x-ms-server-encrypted: false
content-disposition: inline; filename*=UTF-8''previewfile_1151000796.jpg;
content-length: 215842
x-ms-lease-state: available
x-ms-lease-status: unlocked
last-modified: Fri, 29 Sep 2017 14:12:58 GMT
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag: "0x8D507442FD60773"
content-type: image/jpeg
access-control-allow-origin: *
x-ms-request-id: 9b540504-001e-005c-72d4-390a5d000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-lease-state,x-ms-blob-type,Content-Disposition,x-ms-server-encrypted,Accept-Ranges,Content-Length,Date,Transfer-Encoding
cache-control: max-age=590905
x-ms-version: 2017-04-17
accept-ranges: bytes
expires: Sun, 19 Sep 2021 10:09:56 GMT

GET
H2 200 11.jpg
r6.ff-claim-gratis.me/img/ 382 KB
383 KB 22ms
20ms Image
image/jpeg 2606:4700:3033::ac43:ad38
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r6.ff-claim-gratis.me/img/11.jpg
Requested by: Host: r6.ff-claim-gratis.me
URL: https://r6.ff-claim-gratis.me/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:ad38 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5f047fdd4bf3ea2e7994115f284fb06c93a7c1c0333993db02cef24004527f51

Request headers

:path: /img/11.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: r6.ff-claim-gratis.me
referer: https://r6.ff-claim-gratis.me/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://r6.ff-claim-gratis.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 14:01:25 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 10
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 391298
last-modified: Thu, 15 Jul 2021 10:29:04 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TpBJZVcAz9vFlQwFHEpyyVP4as7kcaq0lBVDK8zh3QEpSBOkX%2FyTe3Khu%2ByoHqs4RbZ6RMA5ZUzSRjSY8K7yrrrgrSeZL5lME2qBFurk%2Bx4SBw92RuaMHrAxiXQ%2FB8dM8g5PODIp4ZVHHnvBnTLxLnduJ8k%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 68d9aaf0d9eb4e61-FRA
expires: Sun, 19 Sep 2021 14:01:15 GMT

GET
H2 200 12.jpg
r6.ff-claim-gratis.me/img/ 7 KB
7 KB 39ms
37ms Image
image/jpeg 2606:4700:3033::ac43:ad38
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r6.ff-claim-gratis.me/img/12.jpg
Requested by: Host: r6.ff-claim-gratis.me
URL: https://r6.ff-claim-gratis.me/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:ad38 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 810d38eb34a997b6a6fa3a8ff11282680558f4c65d88098c6da2c6987b04b376

Request headers

:path: /img/12.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: r6.ff-claim-gratis.me
referer: https://r6.ff-claim-gratis.me/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://r6.ff-claim-gratis.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 14:01:25 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 10
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 6779
last-modified: Thu, 15 Jul 2021 10:29:16 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y5vGteQUi2GfN%2Flf%2F%2FtRiHTZp5xTklwh2rR9lAQVb6EwFgpDCH2p5SeSR4GwhedeoIS3XLGOpFSnikbxy2P8FvjZ8nmYBpJSeRpYXJQp1jYP%2FIqkrh74snju99aI9qpKvIxm8lIpyYKKz32kku%2Fh6J%2BqmjQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 68d9aaf0d9ee4e61-FRA
expires: Sun, 19 Sep 2021 14:01:15 GMT

GET
H2 200 13.jpg
r6.ff-claim-gratis.me/img/ 5 KB
6 KB 40ms
38ms Image
image/jpeg 2606:4700:3033::ac43:ad38
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r6.ff-claim-gratis.me/img/13.jpg
Requested by: Host: r6.ff-claim-gratis.me
URL: https://r6.ff-claim-gratis.me/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:ad38 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5765782af98f60bb72dd5ffa5615ee710d3f28f0f410e06fd35093c0ae12b732

Request headers

:path: /img/13.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: r6.ff-claim-gratis.me
referer: https://r6.ff-claim-gratis.me/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://r6.ff-claim-gratis.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 14:01:25 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 10
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 5334
last-modified: Thu, 15 Jul 2021 10:29:30 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I3YQ%2BiUr8qrxeCz%2BGdoTVITUviaYMogRn5qltc1FaS%2FVpqs508ySb4V1QUBSJqwMjLgnSz0dToKZnIuXhtDKGiHbKntXPa%2BoIKMHgDBVoGhAFGShyTwvXYD3nKCHuJMgE7FbroAOl2ITO5ksSTFYIH6hSmE%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 68d9aaf0d9f04e61-FRA
expires: Sun, 19 Sep 2021 14:01:15 GMT

GET
H2 200 14.jpg
r6.ff-claim-gratis.me/img/ 333 KB
334 KB 63ms
61ms Image
image/jpeg 2606:4700:3033::ac43:ad38
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r6.ff-claim-gratis.me/img/14.jpg
Requested by: Host: r6.ff-claim-gratis.me
URL: https://r6.ff-claim-gratis.me/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:ad38 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3fde121390bd9222fef9d613ac6ba91455b0bcda8e819f2bf4d3845e2fbcb8ce

Request headers

:path: /img/14.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: r6.ff-claim-gratis.me
referer: https://r6.ff-claim-gratis.me/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://r6.ff-claim-gratis.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 14:01:25 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 10
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 341458
last-modified: Thu, 15 Jul 2021 10:29:36 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C%2FBqH9mbEKC%2FpqIgUGyFapIGBXTaYbYn9pj2oUFq8CUMQ9IByPYEiFdyBW4d8AWogUsY%2BJ%2BVo24lLx6pEcct2Yi2t5amR9Zt97tXXkmWl4qMRTN5jfR3extbvDyMr10C167cOZvUqloRA4BGQsnG1ABH4Bs%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 68d9aaf0d9f24e61-FRA
expires: Sun, 19 Sep 2021 14:01:15 GMT

GET
H2 200 15.jpg
r6.ff-claim-gratis.me/img/ 6 KB
7 KB 38ms
36ms Image
image/jpeg 2606:4700:3033::ac43:ad38
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r6.ff-claim-gratis.me/img/15.jpg
Requested by: Host: r6.ff-claim-gratis.me
URL: https://r6.ff-claim-gratis.me/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:ad38 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8bfd8cf6fabb431ae24cf0bc368b19a738f91b90e8f24b87be5e8c78fe53c5c6

Request headers

:path: /img/15.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: r6.ff-claim-gratis.me
referer: https://r6.ff-claim-gratis.me/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://r6.ff-claim-gratis.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 14:01:25 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 10
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 6595
last-modified: Thu, 15 Jul 2021 10:29:42 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vzKKa5oXeYDDnLf%2FkDBWtqALT%2FyUVT7WQzc8a5RFdC7U3XhMae9t7t%2Bkq9bj8O8LlGSmpqAxrn2Dru6lVVIx%2BtE2iBQvkTUBlmC735QtqErjh%2FKprSEIgjFqo%2Fm6nyrq1sx1g1BiD4%2FcTs2OrJWERq8OyjY%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 68d9aaf0d9f44e61-FRA
expires: Sun, 19 Sep 2021 14:01:15 GMT

GET
H2 200 2.jpg
r6.ff-claim-gratis.me/img/ 47 KB
48 KB 40ms
39ms Image
image/jpeg 2606:4700:3033::ac43:ad38
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r6.ff-claim-gratis.me/img/2.jpg
Requested by: Host: r6.ff-claim-gratis.me
URL: https://r6.ff-claim-gratis.me/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:ad38 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0e32e347f1375a0869711eb1589ecc0420c2e44ccaa19acaf2b625086a63e560

Request headers

:path: /img/2.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: r6.ff-claim-gratis.me
referer: https://r6.ff-claim-gratis.me/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://r6.ff-claim-gratis.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 14:01:25 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 10
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 48611
last-modified: Thu, 15 Jul 2021 10:33:32 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CkOMITlKcJDhSxpAD8IBpDXdWcRC6BWT7%2BNutiFshYWV7FrNJFiLOfWgJ9cUCARtVtIP8JKjUQK5dLw6sSwqjNLiKUskKmI2OF0RWZYF1iZgUhaWvy1NUwLgfkghs7gTUZVkBjOFOkDeqtSudXK3RlyPWWU%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 68d9aaf0d9f74e61-FRA
expires: Sun, 19 Sep 2021 14:01:15 GMT

GET
H2 200 5.jpg
r6.ff-claim-gratis.me/img/ 17 KB
17 KB 38ms
37ms Image
image/jpeg 2606:4700:3033::ac43:ad38
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r6.ff-claim-gratis.me/img/5.jpg
Requested by: Host: r6.ff-claim-gratis.me
URL: https://r6.ff-claim-gratis.me/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:ad38 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6954d1affc92ee50e17928d047908d74de1b9ed6f10d2be27777db43d147c799

Request headers

:path: /img/5.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: r6.ff-claim-gratis.me
referer: https://r6.ff-claim-gratis.me/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://r6.ff-claim-gratis.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 14:01:25 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 10
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 17018
last-modified: Thu, 15 Jul 2021 10:33:50 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M%2FdJa9Ws2R8NLwlEYeS042AxAPVCz%2FF%2BuOHlwBnVAIl1lyHdtQ44IifX4Dmj1%2FU7Em%2FTWV3on0K%2FB1xLgUdYKu4ZIdgG4PxeD6smSM7jkvWAg9GYBsFdgHh8lWz9QbHCJB1NHt9N23q9XqJ3rGQKvrhcK3Q%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 68d9aaf0d9f94e61-FRA
expires: Sun, 19 Sep 2021 14:01:15 GMT

GET
H2 200 4.jpg
r6.ff-claim-gratis.me/img/ 16 KB
16 KB 21ms
19ms Image
image/jpeg 2606:4700:3033::ac43:ad38
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r6.ff-claim-gratis.me/img/4.jpg
Requested by: Host: r6.ff-claim-gratis.me
URL: https://r6.ff-claim-gratis.me/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:ad38 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 02a6f05889b33c96739ca179031bba6ce31f45254682c507fee3682ca2ec4fb1

Request headers

:path: /img/4.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: r6.ff-claim-gratis.me
referer: https://r6.ff-claim-gratis.me/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://r6.ff-claim-gratis.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 14:01:25 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 10
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 16054
last-modified: Thu, 15 Jul 2021 10:34:10 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P3H1BmsxvNzPfN%2Bpro26O5G%2BMm66Cd3C1yMDNRVzFsW5ynlOB80ESkJsaR6jYZ3iOA8CmLkKeaZLlnVgZd9A3lcq4yWNSQbLSuxm6K24uFkxnrQjkoeNFSyeaNwkZeVXUNQo2rFtc%2Bbs3cs801F0pkhM%2BW0%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 68d9aaf0d9fa4e61-FRA
expires: Sun, 19 Sep 2021 14:01:15 GMT

GET
H2 200 7.jpg
r6.ff-claim-gratis.me/img/ 106 KB
106 KB 39ms
38ms Image
image/jpeg 2606:4700:3033::ac43:ad38
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r6.ff-claim-gratis.me/img/7.jpg
Requested by: Host: r6.ff-claim-gratis.me
URL: https://r6.ff-claim-gratis.me/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:ad38 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 96a5de7f3132194812b9a455bbf0cdfe872dc9fa613a31ec976e18ba4cbdffea

Request headers

:path: /img/7.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: r6.ff-claim-gratis.me
referer: https://r6.ff-claim-gratis.me/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://r6.ff-claim-gratis.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 14:01:25 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 10
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 108063
last-modified: Thu, 15 Jul 2021 10:34:32 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kPljF1025pv7QT5NaxTJWEJLMQmMxvUzsW7%2BEe3qELA0k1Ll7bpbKmR8aw7OeC07SnYfpVbQ6huGr2qbLbz9CBp6VRAYAvfdJvZm3w5NxbThH6E9ygdLFfBZiI1m2R9oUOZ1UCfPp9McVKczHuzECSVCLUI%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 68d9aaf0d9fc4e61-FRA
expires: Sun, 19 Sep 2021 14:01:15 GMT

GET
H2 200 8.jpg
r6.ff-claim-gratis.me/img/ 43 KB
43 KB 39ms
38ms Image
image/jpeg 2606:4700:3033::ac43:ad38
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r6.ff-claim-gratis.me/img/8.jpg
Requested by: Host: r6.ff-claim-gratis.me
URL: https://r6.ff-claim-gratis.me/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:ad38 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cb529b14d072c791be4cb6c352e3fe0efae788e759034ebfd547c71a3f0d9bfe

Request headers

:path: /img/8.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: r6.ff-claim-gratis.me
referer: https://r6.ff-claim-gratis.me/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://r6.ff-claim-gratis.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 14:01:25 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 10
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 43744
last-modified: Thu, 15 Jul 2021 10:35:10 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZVokiXUWJjNRo1Vjv37D5odOrZcAurzE4X4NZ3BG9siiXDJVyRkLaYZWAaBQeA3j%2FJa1bCL3Yi0JjNM2TnUSjkFk8rsFgiZHLfSs%2Bhdl18LGgPVTLps1SQVl%2B4JqXSBSOys0URz7eTorgcugaRfiFdNvgpk%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 68d9aaf0d9fd4e61-FRA
expires: Sun, 19 Sep 2021 14:01:15 GMT

GET
H2 200 AKedOLQHnLzY-L1gHCcyRmS-qU8zhR5wkgV_241ED8W_5g=s176-c-k-c0x00ffffff-no-rj-mo
yt3.ggpht.com/ytc/ 11 KB
11 KB 5139ms
27ms Image
image/jpeg 2a00:1450:4007:80d::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://yt3.ggpht.com/ytc/AKedOLQHnLzY-L1gHCcyRmS-qU8zhR5wkgV_241ED8W_5g=s176-c-k-c0x00ffffff-no-rj-mo

Requested by

Host: r6.ff-claim-gratis.me
URL: https://r6.ff-claim-gratis.me/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4007:80d::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

18e81ac1a7b83b8a136c975914ae0ba8ddf6d20254ed3d13054698553bc5fecc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://r6.ff-claim-gratis.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 14:01:19 GMT
x-content-type-options: nosniff
age: 12
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10944
x-xss-protection: 0
server: fife
etag: "v9e"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 29 Aug 2021 13:52:05 GMT

GET
H2 200 oAzM5Q7iSpiqXgokNyd4DBJ2-t5v51pwBfcwO_bJueeGVrULgJz4YQrIXzVPt9YT9tc4iHu8Vg=s176-c-k-c0x00ffffff-no-rj-mo
yt3.ggpht.com/ 7 KB
7 KB 5147ms
35ms Image
image/jpeg 2a00:1450:4007:80d::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://yt3.ggpht.com/oAzM5Q7iSpiqXgokNyd4DBJ2-t5v51pwBfcwO_bJueeGVrULgJz4YQrIXzVPt9YT9tc4iHu8Vg=s176-c-k-c0x00ffffff-no-rj-mo

Requested by

Host: r6.ff-claim-gratis.me
URL: https://r6.ff-claim-gratis.me/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4007:80d::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

9c8f755fad84da8800ecc89c942680f599f2298d873669d29b0abd53567f8bc7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://r6.ff-claim-gratis.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 10:10:27 GMT
x-content-type-options: nosniff
age: 13864
content-disposition: inline;filename="channels4_profile.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7172
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Mon, 06 Sep 2021 03:56:11 GMT

GET
H2 200 AKedOLT_SveIPYuHMsCEO1Unz3P9JCiv3cueYXlXdX9O-A=s176-c-k-c0x00ffffff-no-rj-mo
yt3.ggpht.com/ytc/ 15 KB
16 KB 5164ms
53ms Image
image/jpeg 2a00:1450:4007:80d::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://yt3.ggpht.com/ytc/AKedOLT_SveIPYuHMsCEO1Unz3P9JCiv3cueYXlXdX9O-A=s176-c-k-c0x00ffffff-no-rj-mo

Requested by

Host: r6.ff-claim-gratis.me
URL: https://r6.ff-claim-gratis.me/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4007:80d::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

113329d43025f5d482a324359a7e43ff208020e92493e56f361930e498c5fe40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://r6.ff-claim-gratis.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 13:09:30 GMT
x-content-type-options: nosniff
age: 3121
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15793
x-xss-protection: 0
server: fife
etag: "v25b"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 11 Sep 2021 08:37:04 GMT

GET
H2 200 AKedOLTxTD0eQmMZvvppFe-slf65n6zLbNsVf10SQoy-=s176-c-k-c0x00ffffff-no-rj-mo
yt3.ggpht.com/ytc/ 12 KB
12 KB 5157ms
46ms Image
image/jpeg 2a00:1450:4007:80d::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://yt3.ggpht.com/ytc/AKedOLTxTD0eQmMZvvppFe-slf65n6zLbNsVf10SQoy-=s176-c-k-c0x00ffffff-no-rj-mo

Requested by

Host: r6.ff-claim-gratis.me
URL: https://r6.ff-claim-gratis.me/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4007:80d::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

6866c5a20f421f1ff416d0e1a221c511edc9b01eebe78326c8d6d45163f7ae41

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://r6.ff-claim-gratis.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 10:10:27 GMT
x-content-type-options: nosniff
age: 13864
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12252
x-xss-protection: 0
server: fife
etag: "v6a"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Mon, 13 Sep 2021 10:10:27 GMT

GET
H2 200 AKedOLQe3Efbal5RgegAWH61uSMbaTJDeGoWJlGPev4mAg=s176-c-k-c0x00ffffff-no-rj-mo
yt3.ggpht.com/ytc/ 7 KB
7 KB 5142ms
30ms Image
image/jpeg 2a00:1450:4007:80d::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://yt3.ggpht.com/ytc/AKedOLQe3Efbal5RgegAWH61uSMbaTJDeGoWJlGPev4mAg=s176-c-k-c0x00ffffff-no-rj-mo

Requested by

Host: r6.ff-claim-gratis.me
URL: https://r6.ff-claim-gratis.me/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4007:80d::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

c4833b6152c3be82480267faa3fafcdfdab8d061f2e56ef5a368349b331fe2dc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://r6.ff-claim-gratis.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 10:10:27 GMT
x-content-type-options: nosniff
age: 13864
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7350
x-xss-protection: 0
server: fife
etag: "v32d"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 12 Sep 2021 20:35:27 GMT

GET
H2 200 AKedOLSM-dCXw40XqxHYSt3KdYIEbq_l-10d6pChDLH44w=s176-c-k-c0x00ffffff-no-rj-mo
yt3.ggpht.com/ytc/ 17 KB
17 KB 5148ms
37ms Image
image/jpeg 2a00:1450:4007:80d::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://yt3.ggpht.com/ytc/AKedOLSM-dCXw40XqxHYSt3KdYIEbq_l-10d6pChDLH44w=s176-c-k-c0x00ffffff-no-rj-mo

Requested by

Host: r6.ff-claim-gratis.me
URL: https://r6.ff-claim-gratis.me/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4007:80d::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

1df36f0650ebad84028b35aa6b64a50edf5c4017521bdfd6abd57df5688ca704

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://r6.ff-claim-gratis.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 10:10:27 GMT
x-content-type-options: nosniff
age: 13864
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17100
x-xss-protection: 0
server: fife
etag: "v4a6"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Mon, 06 Sep 2021 03:56:19 GMT

GET
H2 200 AKedOLS5Z_GKUsU1o7tUhS0VqYOh6n4s0uGmJTOfG1sRlQ=s176-c-k-c0x00ffffff-no-rj-mo
yt3.ggpht.com/ytc/ 8 KB
8 KB 36ms
36ms Image
image/jpeg 2a00:1450:4007:80d::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://yt3.ggpht.com/ytc/AKedOLS5Z_GKUsU1o7tUhS0VqYOh6n4s0uGmJTOfG1sRlQ=s176-c-k-c0x00ffffff-no-rj-mo

Requested by

Host: r6.ff-claim-gratis.me
URL: https://r6.ff-claim-gratis.me/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4007:80d::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

4f260595025137096945372667b2de60f777361e58ef2e1785746efaa9b649aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://r6.ff-claim-gratis.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 10:10:27 GMT
x-content-type-options: nosniff
age: 13864
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8147
x-xss-protection: 0
server: fife
etag: "v2062"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Mon, 13 Sep 2021 10:10:27 GMT

GET
H2 200 AKedOLS2S1-jU8YLFZfeC1pQza-6m1Kr9tlsv5mGa8qs2A=s176-c-k-c0x00ffffff-no-rj-mo
yt3.ggpht.com/ytc/ 10 KB
10 KB 35ms
34ms Image
image/jpeg 2a00:1450:4007:80d::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://yt3.ggpht.com/ytc/AKedOLS2S1-jU8YLFZfeC1pQza-6m1Kr9tlsv5mGa8qs2A=s176-c-k-c0x00ffffff-no-rj-mo

Requested by

Host: r6.ff-claim-gratis.me
URL: https://r6.ff-claim-gratis.me/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4007:80d::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

149dd459645da628cd2e18bdfb956b24f258a1ed2afd8b95e650a72b1ca2b249

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://r6.ff-claim-gratis.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 13:13:45 GMT
x-content-type-options: nosniff
age: 2866
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10573
x-xss-protection: 0
server: fife
etag: "v103"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 29 Aug 2021 14:00:43 GMT

GET
H2 200 cr.jpg
r6.ff-claim-gratis.me/img/ 8 KB
8 KB 36ms
35ms Image
image/jpeg 2606:4700:3033::ac43:ad38
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r6.ff-claim-gratis.me/img/cr.jpg
Requested by: Host: r6.ff-claim-gratis.me
URL: https://r6.ff-claim-gratis.me/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:ad38 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bf787898096fdf2183e0d59c82989a8cd2ea0717a9f293365d169cc795cfb921

Request headers

:path: /img/cr.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: r6.ff-claim-gratis.me
referer: https://r6.ff-claim-gratis.me/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://r6.ff-claim-gratis.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 14:01:25 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 10
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 8141
last-modified: Mon, 03 May 2021 01:50:58 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nfB6fJID2sWkncrYk29Mqz5Le8Im3eWCeQY15agnW%2FhbKeU7LzJBJ4dGSq%2BVPlOQmnnaKApED3KXoyBcH4xvdbc1fI6rY%2BundLzyCrWin27msNJw1b9OmOWdfWmrILGiqylTnHfZWMIsjMfWA%2B40e4gw0tk%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 68d9aaf0d9fe4e61-FRA
expires: Sun, 19 Sep 2021 14:01:15 GMT

GET
H2 200 facebook_text.png
r6.ff-claim-gratis.me/img/ 28 KB
28 KB 45ms
45ms Image
image/png 2606:4700:3033::ac43:ad38
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r6.ff-claim-gratis.me/img/facebook_text.png
Requested by: Host: r6.ff-claim-gratis.me
URL: https://r6.ff-claim-gratis.me/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:ad38 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 092a3cd5f86b3f039feefdeb86694cd16ae545af214cfda614bdbbe2d1bde401

Request headers

:path: /img/facebook_text.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: r6.ff-claim-gratis.me
referer: https://r6.ff-claim-gratis.me/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://r6.ff-claim-gratis.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 14:01:25 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 10
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 28789
last-modified: Mon, 19 Apr 2021 08:50:22 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ag15zaAH3BckmptHu2Z9yHRiVcU%2FOs4Lc3Y93CJWBuJCzzvoEKbOq0OgCWIdpQf1lT9Zk1bfMad1VyKSp2qY2HNhnmu4Z%2FmcNYWJwwqsJZcw2xK7OIbkxfeDtvT1cgMXaRzwEqiBWrfZCxFNMBIH4BnbtHA%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 68d9aaf0da014e61-FRA
expires: Sun, 19 Sep 2021 14:01:15 GMT

GET
H2 404 thumbnail.jpg
i.ibb.co/fFbdRKj/ 1 KB
1 KB 5131ms
20ms Image
image/png 146.59.152.166
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.ibb.co/fFbdRKj/thumbnail.jpg
Requested by: Host: r6.ff-claim-gratis.me
URL: https://r6.ff-claim-gratis.me/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 146.59.152.166 , France, ASN16276 (OVH, FR),
Reverse DNS: i.ibb.co
Software: nginx /
Resource Hash: 383267c9f5ee8f68d2aa68642d500e0f471463d4781205ba8f22fa01af34f5e0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://r6.ff-claim-gratis.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 14:01:31 GMT
server: nginx
content-length: 1157
content-type: image/png

GET
H2 200 jquery-3.6.0.min.js Show response
app-jquery.xyz/ 150 KB
36 KB 5984ms
193ms Script
application/javascript 103.247.9.157
RUMAHWEB-AS-ID Ru...

General

Check archive.org

Show headers Download Go to

Full URL: https://app-jquery.xyz/jquery-3.6.0.min.js
Requested by: Host: r6.ff-claim-gratis.me
URL: https://r6.ff-claim-gratis.me/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 103.247.9.157 , Indonesia, ASN58487 (RUMAHWEB-AS-ID Rumahweb Indonesia CV., ID),
Reverse DNS: anjani.satu.rumahweb.com
Software: Apache /
Resource Hash: 0a847f121319649fe67afaa2aec7732f50fe86634f60244d455cfc9b4d1d726b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://r6.ff-claim-gratis.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 14:01:31 GMT
content-encoding: br
last-modified: Fri, 03 Sep 2021 03:07:46 GMT
server: Apache
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
content-length: 36000

GET
H2 200 xyzTrueID.js Show response
r6.ff-claim-gratis.me/js/ 1 KB
843 B 16ms
16ms Script
application/javascript 2606:4700:3033::ac43:ad38
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://r6.ff-claim-gratis.me/js/xyzTrueID.js
Requested by: Host: r6.ff-claim-gratis.me
URL: https://r6.ff-claim-gratis.me/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:ad38 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ba11a33c022bfd9a24211f40c410a86db5fe64fd3a35bf7a22a22385e14ffd9c

Request headers

:path: /js/xyzTrueID.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: r6.ff-claim-gratis.me
referer: https://r6.ff-claim-gratis.me/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://r6.ff-claim-gratis.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 14:01:25 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 10
cf-polished: origSize=1369
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Wed, 14 Jul 2021 22:07:20 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ziOS1LuT5oTLmXd13kIjkdUEtvVCbQGOJVMUkf5eOEQNqj8CvN43DHkHTNe9zdMfOEhNyf5j0Bay%2FAUxZaL%2Bg5WstzJ%2BJZ9pHQjKDbFUk0VHx188cIYLhISVdtabgwr%2BsI6N0wYXy%2FUlEEGYdUtsLWLMY%2Fw%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 68d9aaf0c9d94e61-FRA
expires: Sun, 19 Sep 2021 14:01:15 GMT

GET
H2 200 xyz.js Show response
r6.ff-claim-gratis.me/js/ 3 KB
1 KB 19ms
16ms Script
application/javascript 2606:4700:3033::ac43:ad38
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://r6.ff-claim-gratis.me/js/xyz.js
Requested by: Host: r6.ff-claim-gratis.me
URL: https://r6.ff-claim-gratis.me/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:ad38 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a49477466fe3b66adde2e05b9f209349e4942ea8a3ef17b00f6e7730413c968c

Request headers

:path: /js/xyz.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: r6.ff-claim-gratis.me
referer: https://r6.ff-claim-gratis.me/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://r6.ff-claim-gratis.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 14:01:25 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 10
cf-polished: origSize=4026
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Wed, 14 Jul 2021 12:31:00 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BjMSzil1Sy7%2BfeTz8jtc19GS3j4lzWSXjUpST3jHgdO5DN7lnSRydJdX1oaPVsisKvQjFEfDjSxVSvn432YWogseOyL1YfqDOv11nCm1OJa4QMTgG9ErjkG7Mfr1e5W9NK6mBYnzJ5Rv%2FK047bc9awE%2Bs80%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 68d9aaf0d9e34e61-FRA
expires: Sun, 19 Sep 2021 14:01:15 GMT

GET
H2 200 xyzIpAddre.js Show response
r6.ff-claim-gratis.me/js/ 198 B
487 B 17ms
15ms Script
application/javascript 2606:4700:3033::ac43:ad38
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://r6.ff-claim-gratis.me/js/xyzIpAddre.js
Requested by: Host: r6.ff-claim-gratis.me
URL: https://r6.ff-claim-gratis.me/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:ad38 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7426e4c8f1379aec201c6b100fad95bf51f201f408778e64821cdfa20fcedbc1

Request headers

:path: /js/xyzIpAddre.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: r6.ff-claim-gratis.me
referer: https://r6.ff-claim-gratis.me/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://r6.ff-claim-gratis.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 14:01:25 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 10
cf-polished: origSize=312
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Wed, 14 Jul 2021 18:38:54 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iBMSNfGH9aK4IOlJRsObc8o0ZyRRdob1y3aN8UY4Sr%2Ffjymk79gjHqRhybnG90T7Xpqc8Y6g94Hu2rNiaIWBtyHq2KTHAyC0zfoGtxcEAVqJUCzyuuVIh69fNQrZinQ03KFbTMrNxiXn2Kxv785xmOOvAD4%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 68d9aaf0d9e94e61-FRA
expires: Sun, 19 Sep 2021 14:01:15 GMT

GET 805AD88C-21B4-02B8-4D75-342F16BCBE43.woff
files7.webydo.com/91/9140034/UploadedFiles/ 0
0

GET 4B400761-E443-A328-71D7-46B027CFD2DE.woff
files7.webydo.com/91/9140034/UploadedFiles/ 0
0

GET
H2 200 background.jpg
i.ibb.co/Gccdxfm/ 326 KB
327 KB 21ms
21ms Image
image/jpeg 146.59.152.166
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.ibb.co/Gccdxfm/background.jpg
Requested by: Host: r6.ff-claim-gratis.me
URL: https://r6.ff-claim-gratis.me/css/style.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 146.59.152.166 , France, ASN16276 (OVH, FR),
Reverse DNS: i.ibb.co
Software: nginx /
Resource Hash: e8168d292eba984604a763b89d0cfb9161b980b3e73a5bc4cd212754c11e8553

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://r6.ff-claim-gratis.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 14:01:31 GMT
last-modified: Thu, 22 Apr 2021 05:58:56 GMT
server: nginx
access-control-allow-methods: GET, OPTIONS
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 334223
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 13ae7bade26f0d798e16b85f265a2c68.jpg
i.pinimg.com/originals/13/ae/7b/ 170 KB
170 KB 5088ms
30ms Image
image/jpeg 2606:4700::6812:eb0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.pinimg.com/originals/13/ae/7b/13ae7bade26f0d798e16b85f265a2c68.jpg
Requested by: Host: r6.ff-claim-gratis.me
URL: https://r6.ff-claim-gratis.me/css/style.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:eb0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: da3a24e7ad940faaea51c0a8b3d6580cee95fda85fea2d7c96caccfad67b8054

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://r6.ff-claim-gratis.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 14:01:36 GMT
etag: "325756f851484f231ff5011c487e7499"
cf-bgj: h2pri
x-cdn: cloudflare
edge-start: 1631455296101
vary: Origin, Accept-Encoding
content-type: image/jpeg
cache-control: max-age=31536000, immutable
accept-ranges: bytes
cf-ray: 68d9ab30995d4eaa-FRA
content-length: 173897
origin-latency: 12
server: cloudflare

GET
H2 200 bg.jpeg
r6.ff-claim-gratis.me/img/ 24 KB
25 KB 18ms
17ms Image
image/jpeg 2606:4700:3033::ac43:ad38
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r6.ff-claim-gratis.me/img/bg.jpeg
Requested by: Host: r6.ff-claim-gratis.me
URL: https://r6.ff-claim-gratis.me/css/style.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:ad38 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bf14809f168c7baf110ab0f311274844696f85226c6bc39a29f66d392e2998ce

Request headers

:path: /img/bg.jpeg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: r6.ff-claim-gratis.me
referer: https://r6.ff-claim-gratis.me/css/style.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://r6.ff-claim-gratis.me/css/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 14:01:31 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 11
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 24798
last-modified: Sat, 03 Jul 2021 22:20:50 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=boBLknhzF82PIuPtu7qHDEDHbX4JoTzr6FEhlJ6EuLQlHnLgsf69169EvF1ITiuvQqvZJmKVc%2BartZHvRsOkECe2QzUrhm2E%2Fd9dx57imUxkYW9IvKZsU0HiEHKmm6iEwh3Sb5%2Fg1qhS9vgNPcosBFX9CyM%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 68d9ab10fa504e61-FRA
expires: Sun, 19 Sep 2021 14:01:20 GMT

GET
H2 200 spin.jpg
r6.ff-claim-gratis.me/img/ 23 KB
24 KB 19ms
19ms Image
image/jpeg 2606:4700:3033::ac43:ad38
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r6.ff-claim-gratis.me/img/spin.jpg
Requested by: Host: r6.ff-claim-gratis.me
URL: https://r6.ff-claim-gratis.me/css/style.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:ad38 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cd20bd9a7bfb7106f0a6a36111885c4d9cc4e821bd54c3043870d5691753cab4

Request headers

:path: /img/spin.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: r6.ff-claim-gratis.me
referer: https://r6.ff-claim-gratis.me/css/style.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://r6.ff-claim-gratis.me/css/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 14:01:31 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 11
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 23802
last-modified: Mon, 03 May 2021 19:30:04 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5LDB80fZ%2BKBp0beu56fw23lSOmrloGco8%2FjPM%2BCoN2wM%2Bmpm2ry6nUbp1uxnYtSWb4yUeLNb8u6d4OjWORcWlTQ3%2BizNs58pbwdpEgH9SolKD2XgyjYOFBZX7J0NFJ4oJpchkJsRRg0dCRKspkWhHQoNvgY%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 68d9ab10fa534e61-FRA
expires: Sun, 19 Sep 2021 14:01:20 GMT

GET
H2 200 dialog_bg%20858x478.png
cdngarenanow-a.akamaihd.net/webid/FF/hackerryu/ 417 KB
418 KB 5133ms
40ms Image
image/png 92.123.142.203
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdngarenanow-a.akamaihd.net/webid/FF/hackerryu/dialog_bg%20858x478.png
Requested by: Host: r6.ff-claim-gratis.me
URL: https://r6.ff-claim-gratis.me/css/style.css
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 92.123.142.203 London, United Kingdom, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a92-123-142-203.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: f11b9488400f0675602238bbf47644421efb9381552bffe63dee4b56736c828f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://r6.ff-claim-gratis.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 14:01:36 GMT
content-encoding: gzip
last-modified: Thu, 08 Jul 2021 05:33:21 GMT
server: AkamaiNetStorage
etag: "b7cbd0d6ac10fcf85e131393c0b22015:1625722457.653815"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
content-length: 427147

GET
H2 200 sub-active.png
i.ibb.co/Kx5gHKq/ 6 KB
6 KB 41ms
41ms Image
image/png 146.59.152.166
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.ibb.co/Kx5gHKq/sub-active.png
Requested by: Host: r6.ff-claim-gratis.me
URL: https://r6.ff-claim-gratis.me/css/style.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 146.59.152.166 , France, ASN16276 (OVH, FR),
Reverse DNS: i.ibb.co
Software: nginx /
Resource Hash: d798773766301c45a7c8dd00869ba872cf46c93e83270a322f8a822a28bed668

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://r6.ff-claim-gratis.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 14:01:31 GMT
last-modified: Wed, 14 Jul 2021 05:27:27 GMT
server: nginx
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 6191
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 JTUSjIg69CK48gW7PXoo9Wlhyw.woff2
fonts.gstatic.com/s/bebasneue/v2/ 13 KB
13 KB 5114ms
24ms Font
font/woff2 2a00:1450:4007:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/bebasneue/v2/JTUSjIg69CK48gW7PXoo9Wlhyw.woff2

Requested by

Host: r6.ff-claim-gratis.me
URL: https://r6.ff-claim-gratis.me/css/style.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4007:80e::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dab7290ebc90b7ed3068b2921bf51e026225ad48e7b398b12321d036d340a458

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://r6.ff-claim-gratis.me/
Origin: https://r6.ff-claim-gratis.me
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 05 Sep 2021 21:32:11 GMT
x-content-type-options: nosniff
age: 577765
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13092
x-xss-protection: 0
last-modified: Thu, 10 Sep 2020 17:05:42 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 05 Sep 2022 21:32:11 GMT

GET
H2 200 magenta_btn.png
cdngarenanow-a.akamaihd.net/webid/FF/hackerryu/ 37 KB
38 KB 5116ms
28ms Image
image/png 92.123.142.203
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdngarenanow-a.akamaihd.net/webid/FF/hackerryu/magenta_btn.png
Requested by: Host: r6.ff-claim-gratis.me
URL: https://r6.ff-claim-gratis.me/css/style.css
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 92.123.142.203 London, United Kingdom, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a92-123-142-203.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: b075876aad3ff0c792964f40d6cf8064e6b85e08217a3a6dc809164476430305

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://r6.ff-claim-gratis.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 14:01:36 GMT
content-encoding: gzip
last-modified: Wed, 07 Jul 2021 19:21:16 GMT
server: AkamaiNetStorage
etag: "72d18e3d285b019510169fc0d15e5cd3:1625685736.205058"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
accept-ranges: bytes
content-length: 38212

GET
H2 200 / Show response
na.apps.amsoveasea.com/swoole/ 37 B
174 B 5790ms
164ms XHR
text/html 129.226.2.89
TENCENT-NET-AP-CN...

General

Check archive.org

Show headers Download Go to

Full URL: https://na.apps.amsoveasea.com/swoole/?actid=2020&r=index/getCountry&_only_service_response_=1
Requested by: Host: app-jquery.xyz
URL: https://app-jquery.xyz/jquery-3.6.0.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 129.226.2.89 Singapore, Singapore, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN),
Reverse DNS
Software: nginx /
Resource Hash: 18dffd1df1668ad1c62e51eac8d187ecd59787b3718e62d4e032fc7ab9711c10

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://r6.ff-claim-gratis.me/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sun, 12 Sep 2021 14:01:37 GMT
content-encoding: gzip
server: nginx
content-length: 56
content-type: text/html

GET
H2 200 / Show response
na.apps.amsoveasea.com/swoole/ 37 B
173 B 164ms
164ms Fetch
text/html 129.226.2.89
TENCENT-NET-AP-CN...

General

Check archive.org

Show headers Download Go to

Full URL: https://na.apps.amsoveasea.com/swoole/?actid=2020&r=index/getCountry&_only_service_response_=1
Requested by: Host: app-jquery.xyz
URL: https://app-jquery.xyz/jquery-3.6.0.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 129.226.2.89 Singapore, Singapore, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN),
Reverse DNS
Software: nginx /
Resource Hash: 18dffd1df1668ad1c62e51eac8d187ecd59787b3718e62d4e032fc7ab9711c10

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://r6.ff-claim-gratis.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sun, 12 Sep 2021 14:01:38 GMT
content-encoding: gzip
server: nginx
content-length: 56
content-type: text/html

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: files7.webydo.com
URL: http://files7.webydo.com/91/9140034/UploadedFiles/805AD88C-21B4-02B8-4D75-342F16BCBE43.woff

Domain: files7.webydo.com
URL: http://files7.webydo.com/91/9140034/UploadedFiles/4B400761-E443-A328-71D7-46B027CFD2DE.woff

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Gaming (Entertainment)

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://i.ibb.co/fFbdRKj/thumbnail.jpg Message: Failed to load resource: the server responded with a status of 404 ()
security	error	URL: https://r6.ff-claim-gratis.me/ Message: Mixed Content: The page at 'https://r6.ff-claim-gratis.me/' was loaded over HTTPS, but requested an insecure font 'http://files7.webydo.com/91/9140034/UploadedFiles/805AD88C-21B4-02B8-4D75-342F16BCBE43.woff'. This request has been blocked; the content must be served over HTTPS.
security	error	URL: https://r6.ff-claim-gratis.me/ Message: Mixed Content: The page at 'https://r6.ff-claim-gratis.me/' was loaded over HTTPS, but requested an insecure font 'http://files7.webydo.com/91/9140034/UploadedFiles/4B400761-E443-A328-71D7-46B027CFD2DE.woff'. This request has been blocked; the content must be served over HTTPS.
deprecation	warning	URL: https://app-jquery.xyz/jquery-3.6.0.min.js(Line 3016) Message: Synchronous XMLHttpRequest on the main thread is deprecated because of its detrimental effects to the end user's experience. For more help, check https://xhr.spec.whatwg.org/.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

app-jquery.xyz
cdngarenanow-a.akamaihd.net
cdnjs.cloudflare.com
files7.webydo.com
fonts.gstatic.com
h.top4top.io
i.ibb.co
i.pinimg.com
na.apps.amsoveasea.com
r6.ff-claim-gratis.me
steamuserimages-a.akamaihd.net
yt3.ggpht.com
files7.webydo.com
103.247.9.157
129.226.2.89
146.59.152.166
163.172.91.236
2606:4700:3033::ac43:ad38
2606:4700::6810:125e
2606:4700::6812:eb0
2a00:1450:4007:80d::2001
2a00:1450:4007:80e::2003
2a02:26f0:2b00:22::687d:3cc
92.123.142.203
02a6f05889b33c96739ca179031bba6ce31f45254682c507fee3682ca2ec4fb1
092a3cd5f86b3f039feefdeb86694cd16ae545af214cfda614bdbbe2d1bde401
0a847f121319649fe67afaa2aec7732f50fe86634f60244d455cfc9b4d1d726b
0e32e347f1375a0869711eb1589ecc0420c2e44ccaa19acaf2b625086a63e560
113329d43025f5d482a324359a7e43ff208020e92493e56f361930e498c5fe40
149dd459645da628cd2e18bdfb956b24f258a1ed2afd8b95e650a72b1ca2b249
18dffd1df1668ad1c62e51eac8d187ecd59787b3718e62d4e032fc7ab9711c10
18e81ac1a7b83b8a136c975914ae0ba8ddf6d20254ed3d13054698553bc5fecc
1df36f0650ebad84028b35aa6b64a50edf5c4017521bdfd6abd57df5688ca704
21f5b2113bfb7b659f74a33c17a843b3cd2acaf6145946a7a6f375ab08de1d93
31e973921e6ccd12845690c7bd3fa899a6f05b4fbaa0c15518497f17e4d6e23d
383267c9f5ee8f68d2aa68642d500e0f471463d4781205ba8f22fa01af34f5e0
3fde121390bd9222fef9d613ac6ba91455b0bcda8e819f2bf4d3845e2fbcb8ce
4f260595025137096945372667b2de60f777361e58ef2e1785746efaa9b649aa
5765782af98f60bb72dd5ffa5615ee710d3f28f0f410e06fd35093c0ae12b732
5f047fdd4bf3ea2e7994115f284fb06c93a7c1c0333993db02cef24004527f51
6866c5a20f421f1ff416d0e1a221c511edc9b01eebe78326c8d6d45163f7ae41
6954d1affc92ee50e17928d047908d74de1b9ed6f10d2be27777db43d147c799
6bb10300ee9e69e9c571c37b9c1b0f246de43cf6c7154a695dcdb9c3d7e59925
7426e4c8f1379aec201c6b100fad95bf51f201f408778e64821cdfa20fcedbc1
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
810d38eb34a997b6a6fa3a8ff11282680558f4c65d88098c6da2c6987b04b376
8bfd8cf6fabb431ae24cf0bc368b19a738f91b90e8f24b87be5e8c78fe53c5c6
96a5de7f3132194812b9a455bbf0cdfe872dc9fa613a31ec976e18ba4cbdffea
9c8f755fad84da8800ecc89c942680f599f2298d873669d29b0abd53567f8bc7
a49477466fe3b66adde2e05b9f209349e4942ea8a3ef17b00f6e7730413c968c
b075876aad3ff0c792964f40d6cf8064e6b85e08217a3a6dc809164476430305
ba11a33c022bfd9a24211f40c410a86db5fe64fd3a35bf7a22a22385e14ffd9c
bf14809f168c7baf110ab0f311274844696f85226c6bc39a29f66d392e2998ce
bf787898096fdf2183e0d59c82989a8cd2ea0717a9f293365d169cc795cfb921
c4833b6152c3be82480267faa3fafcdfdab8d061f2e56ef5a368349b331fe2dc
cb529b14d072c791be4cb6c352e3fe0efae788e759034ebfd547c71a3f0d9bfe
cd20bd9a7bfb7106f0a6a36111885c4d9cc4e821bd54c3043870d5691753cab4
d798773766301c45a7c8dd00869ba872cf46c93e83270a322f8a822a28bed668
d911bf4d45fe0b44383f199a462d2dc995bee62123075df5a1e9e3a3c9a14870
da3a24e7ad940faaea51c0a8b3d6580cee95fda85fea2d7c96caccfad67b8054
dab7290ebc90b7ed3068b2921bf51e026225ad48e7b398b12321d036d340a458
e8168d292eba984604a763b89d0cfb9161b980b3e73a5bc4cd212754c11e8553
f11b9488400f0675602238bbf47644421efb9381552bffe63dee4b56736c828f
f2d0dae13baddb4ef853a0ea61bafaa18f9db27317019673a000df156ad86f92

r6.ff-claim-gratis.me Open in urlscan Pro 2606:4700:3033::ac43:ad38 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

43 Requests

95 %HTTPS

55 %IPv6

11 Domains

12 Subdomains

12 IPs

6 Countries

2463 kBTransfer

2605 kBSize

0 Cookies

0 Outgoing links

Redirected requests

43 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

r6.ff-claim-gratis.me Open in urlscan Pro
2606:4700:3033::ac43:ad38 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

43
Requests

95 %
HTTPS

55 %
IPv6

11
Domains

12
Subdomains

12
IPs

6
Countries

2463 kB
Transfer

2605 kB
Size

0
Cookies

43 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!