claim-newskin.claim2free.com Open in urlscan Pro
2606:4700:3031::ac43:d014 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://claim-newskin.claim2free.com/
Submission: On December 13 via automatic, source certstream-suspicious (December 13th 2021, 12:52:24 pm UTC) — Scanned from DE

Summary HTTP 45 Redirects Behaviour Indicators

Summary

This website contacted 13 IPs in 4 countries across 11 domains to perform 45 HTTP transactions. The main IP is 2606:4700:3031::ac43:d014, located in United States and belongs to CLOUDFLARENET, US. The main domain is claim-newskin.claim2free.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on October 10th 2021. Valid for: a year.

This is the only time claim-newskin.claim2free.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Gaming (Entertainment)

Domain & IP information

	IP Address	AS Autonomous System
21	2606:4700:303... 2606:4700:3031::ac43:d014	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2606:4700:303... 2606:4700:3033::ac43:c84c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:acf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:125e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	2a02:26f0:6c0... 2a02:26f0:6c00::210:ba0b	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	152.228.223.13 152.228.223.13	16276 (OVH) (OVH)
1	2001:4de0:ac1... 2001:4de0:ac18::1:a:1a	20446 (HIGHWINDS3) (HIGHWINDS3)
2	2a00:1450:400... 2a00:1450:4001:812::200a	15169 (GOOGLE) (GOOGLE)
1	2606:4700:303... 2606:4700:3031::ac43:9e9a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:808::200a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:810::2003	15169 (GOOGLE) (GOOGLE)
1	51.159.64.45 51.159.64.45	12876 (Online SAS) (Online SAS)
45	13

21 2606:4700:3031::ac43:d014 (United States)

ASN13335 (CLOUDFLARENET, US)

claim-newskin.claim2free.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:3033::ac43:c84c (United States)

ASN13335 (CLOUDFLARENET, US)

jefanya.store	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:acf (United States)

ASN13335 (CLOUDFLARENET, US)

stackpath.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:125e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a02:26f0:6c00::210:ba0b (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

www.pubgmobile.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 152.228.223.13 (France)

ASN16276 (OVH, FR)
PTR: ns3190386.ip-152-228-223.eu

i.ibb.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac18::1:a:1a (Netherlands)

ASN20446 (HIGHWINDS3, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:812::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3031::ac43:9e9a (United States)

ASN13335 (CLOUDFLARENET, US)

xcode1991.online	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:810::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.159.64.45 (Paris, France)

ASN12876 (Online SAS, FR)
PTR: 51-159-64-45.rev.poneytelecom.eu

a.top4top.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
21	claim2free.com claim-newskin.claim2free.com	3 MB
7	pubgmobile.com www.pubgmobile.com	1 MB
3	googleapis.com ajax.googleapis.com fonts.googleapis.com	60 KB
3	ibb.co i.ibb.co	24 KB
3	jefanya.store jefanya.store
2	gstatic.com fonts.gstatic.com	27 KB
1	top4top.io l.top4top.io Failed a.top4top.io	18 KB
1	xcode1991.online xcode1991.online	3 MB
1	jquery.com code.jquery.com	32 KB
1	cloudflare.com cdnjs.cloudflare.com	6 KB
1	bootstrapcdn.com stackpath.bootstrapcdn.com	7 KB
45	11

	Domain	Requested by
21	claim-newskin.claim2free.com	claim-newskin.claim2free.com
7	www.pubgmobile.com	claim-newskin.claim2free.com
3	i.ibb.co	claim-newskin.claim2free.com
3	jefanya.store	claim-newskin.claim2free.com
2	fonts.gstatic.com	fonts.googleapis.com
2	ajax.googleapis.com	claim-newskin.claim2free.com
1	a.top4top.io	claim-newskin.claim2free.com
1	fonts.googleapis.com	claim-newskin.claim2free.com
1	xcode1991.online	claim-newskin.claim2free.com
1	code.jquery.com	claim-newskin.claim2free.com
1	cdnjs.cloudflare.com	claim-newskin.claim2free.com
1	stackpath.bootstrapcdn.com	claim-newskin.claim2free.com
0	l.top4top.io Failed	claim-newskin.claim2free.com
45	13

This site contains no links.

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-10-10` - `2022-10-09`	a year	crt.sh
*.jefanya.store R3	`2021-12-05` - `2022-03-05`	3 months	crt.sh
wetv.acc.qq.com DigiCert SHA2 Secure Server CA	`2021-07-29` - `2022-03-16`	8 months	crt.sh
ibb.co R3	`2021-12-05` - `2022-03-05`	3 months	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2021-07-14` - `2022-08-14`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2021-11-08` - `2022-01-31`	3 months	crt.sh
*.xcode1991.online R3	`2021-11-06` - `2022-02-04`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-11-08` - `2022-01-31`	3 months	crt.sh
top4top.io R3	`2021-10-30` - `2022-01-28`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://claim-newskin.claim2free.com/
Frame ID: 05C5E348B2AD44A24E27F4136841DCA4
Requests: 45 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Royale Pass Month 5: Mirror Realm

Page Statistics

45
Requests

98 %
HTTPS

83 %
IPv6

11
Domains

13
Subdomains

13
IPs

4
Countries

6494 kB
Transfer

6832 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

45 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
claim-newskin.claim2free.com/ 10 KB
3 KB 430ms
372ms Document
text/html 2606:4700:3031::ac43:d014
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://claim-newskin.claim2free.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:d014 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3727bff7573b2d999d48b05dee9adfe976b9094ec8043c3872dd5af399ee229b

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Mon, 13 Dec 2021 12:52:13 GMT
content-type: text/html; charset=UTF-8
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QgyQzVysJiE1B3r2O4PDpPtJrBZ14HoUpo4msSRscA6d40aDouSygaXsbx%2BwBf7nmN3OCIqaqsR9QTIUioXFa1S2IKqlNB8OToxjE4oIKZLmk1ayO92cn1d674WnHbt%2BGozujj28V%2FKVxu1jm%2BmRy7mGwej5u2Sta0qa"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6bcf540ddd4d3763-MXP
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 503 ctrlu.js
jefanya.store/js/ 0
0 109ms
44ms Script
text/html 2606:4700:3033::ac43:c84c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://jefanya.store/js/ctrlu.js
Requested by: Host: claim-newskin.claim2free.com
URL: https://claim-newskin.claim2free.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:c84c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://claim-newskin.claim2free.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

GET
H2 503 debug.js
jefanya.store/js/ 0
0 99ms
34ms Script
text/html 2606:4700:3033::ac43:c84c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://jefanya.store/js/debug.js
Requested by: Host: claim-newskin.claim2free.com
URL: https://claim-newskin.claim2free.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:c84c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://claim-newskin.claim2free.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

GET
H2 200 style.css
claim-newskin.claim2free.com/css/ 13 KB
3 KB 367ms
365ms Stylesheet
text/css 2606:4700:3031::ac43:d014
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://claim-newskin.claim2free.com/css/style.css
Requested by: Host: claim-newskin.claim2free.com
URL: https://claim-newskin.claim2free.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:d014 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ca6271c0edf869cbf28769ad0bc9918856741e0a712bc2e094660ad8fb03be76

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://claim-newskin.claim2free.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 12:52:13 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Wed, 01 Dec 2021 12:22:16 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4rcvkkALYRzi7S2kW59v86JArbNs7txYxDXyrmvzbpgJRopO7yi%2FcscY4nOUc9%2B%2BFpaq1STsSLHypIoW1sXb9Zf7P2w8RItYaBt5MgmlG%2FC3xqJabyJLY1GZbnwHlgkTQ7crU0GD9eXgdxj3ZnuGXbcf39SMXx3RQtgB"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6bcf54105a7c3763-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 animate.css
claim-newskin.claim2free.com/css/ 80 KB
5 KB 696ms
695ms Stylesheet
text/css 2606:4700:3031::ac43:d014
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://claim-newskin.claim2free.com/css/animate.css
Requested by: Host: claim-newskin.claim2free.com
URL: https://claim-newskin.claim2free.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:d014 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 54e45a0cb0fb522c4c3637e3fa2d6a7729bf8e9b2266d268cae0ca0583bf6d16

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://claim-newskin.claim2free.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 12:52:14 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Wed, 01 Dec 2021 12:22:18 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8ek%2By66LNKz3IuF%2FVFhTgYEISGPtWiwHRgKXXxlg%2F%2BGaFl%2FkwnpnfJ1EvGyottfIZRfawYKZxv1L5Q8PEIGKlZ5SYPNlCi5rrf0yVwCmhAnjLFStDczlPHG6tB%2FDU42yVEqodwxy%2Fo4h8gMpF4EtxIfsrbAA3%2Brf3YLA"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6bcf54105a803763-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 facebook.css
claim-newskin.claim2free.com/css/login/ 3 KB
1 KB 373ms
373ms Stylesheet
text/css 2606:4700:3031::ac43:d014
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://claim-newskin.claim2free.com/css/login/facebook.css
Requested by: Host: claim-newskin.claim2free.com
URL: https://claim-newskin.claim2free.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:d014 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b258d35bd22d4ad8993a547095eab6cbb6d962aa77702a7ed1016dd15ab492cb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://claim-newskin.claim2free.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 12:52:13 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Wed, 01 Dec 2021 12:22:58 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5Lk95GMXgEBVj%2BH9kryCF5Fv4mU9EbScefIPcF6euD%2FEWMhzSSeP%2Fc85EoiNa%2FWvGMFgZilu0EU028HSQmJEppH75D6FCHaljXg52XpyFTfIkfF857ycyZ5T0i2nPUArkiV3UV6nJc9K7Kd0803me8mr3pJmbSvRbzch"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6bcf54105a823763-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 twitter.css
claim-newskin.claim2free.com/css/login/ 2 KB
1000 B 370ms
370ms Stylesheet
text/css 2606:4700:3031::ac43:d014
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://claim-newskin.claim2free.com/css/login/twitter.css
Requested by: Host: claim-newskin.claim2free.com
URL: https://claim-newskin.claim2free.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:d014 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 914bdd3ddb19961b2a07b0dc7aff4acbfe94e9821fbd692dfb8184f972df1005

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://claim-newskin.claim2free.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 12:52:13 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Wed, 01 Dec 2021 12:23:06 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B%2BoZavCQXJMIajRmR78QWq00PG1TYvjhx2PEkjmgrF%2FLEjEAAlH6S3RJUqFwo6ovxbUlPzPaCixTd96o741oBbd%2BKQqu6ShbaOw5EJlkKdqV5TeUSNWNEY13ZSCj%2B4MNrk09%2BzZUzil5z%2FDg%2Fc2hNCR%2BQlcMfJc25Vw2"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6bcf54105a843763-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 font-awesome.min.css
stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/ 30 KB
7 KB 74ms
52ms Stylesheet
text/css 2606:4700::6812:acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css

Requested by

Host: claim-newskin.claim2free.com
URL: https://claim-newskin.claim2free.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://claim-newskin.claim2free.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 12:52:13 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 723, 617, 617
age: 22953380
cdn-cachedat: 2021-03-11 11:57:51
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:04:55 GMT
server: cloudflare
cdn-requestpullcode: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: 6fc1a75116c932681ed09108db37b84c
cf-ray: 6bcf54106de3d72d-FRA
cdn-requestcountrycode: DE
cdn-requestpullsuccess: True

GET
H2 200 material-design-iconic-font.min.css
cdnjs.cloudflare.com/ajax/libs/material-design-iconic-font/2.2.0/css/ 69 KB
6 KB 76ms
37ms Stylesheet
text/css 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/material-design-iconic-font/2.2.0/css/material-design-iconic-font.min.css

Requested by

Host: claim-newskin.claim2free.com
URL: https://claim-newskin.claim2free.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dec3e9f0190a504ed0c8f4a5e957c107206ba106cac4a1bbb6cbac6369a16d56

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://claim-newskin.claim2free.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 12:52:13 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 2292092
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 5845
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:12:09 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ed9-1149f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=naLz4O6JBukT%2Bmt%2BsWS8U1fxeB9FniKuw0P5TSU%2B4GZSdSgYaL2Cc4%2Fw1Sa2GDEoVpbfVkP7%2FzBUPpaT%2BdR8qKvvba86OpCoMlkG66cvJqqVnxBietTNjx9A2lReC2MR70XJvJ2jKNUAQJ8pZHyUDjcp"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6bcf54108b750f5e-MXP
expires: Sat, 03 Dec 2022 12:52:13 GMT

GET
H2 200 icon_logo.jpg
www.pubgmobile.com/common/images/ 959 KB
962 KB 106ms
34ms Image
image/jpeg 2a02:26f0:6c00::210:ba0b
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.pubgmobile.com/common/images/icon_logo.jpg
Requested by: Host: claim-newskin.claim2free.com
URL: https://claim-newskin.claim2free.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba0b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 5899c82b2f0563679a9c1ee79b5b28f2545864d95c7627c1a70e36a2f034497d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://claim-newskin.claim2free.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 12:52:13 GMT
last-modified: Mon, 30 Nov 2020 12:10:45 GMT
server: nginx
etag: "5fc4e145-efda5"
content-type: image/jpeg
cache-control: max-age=300
accept-ranges: bytes
content-length: 982437
expires: Mon, 13 Dec 2021 12:57:13 GMT

GET
H2 200 menu.png
i.ibb.co/DV5fKmN/ 126 B
369 B 77ms
38ms Image
image/png 152.228.223.13
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.ibb.co/DV5fKmN/menu.png
Requested by: Host: claim-newskin.claim2free.com
URL: https://claim-newskin.claim2free.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 152.228.223.13 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3190386.ip-152-228-223.eu
Software: nginx /
Resource Hash: 0935d302a23d3bf9236aaa827d77a450752b9a5eb74be1712fe24a12a2f50b5b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://claim-newskin.claim2free.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 12:52:13 GMT
last-modified: Fri, 02 Jul 2021 03:34:15 GMT
server: nginx
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 126
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 pay.png
i.ibb.co/FzLrjnF/ 550 B
792 B 77ms
39ms Image
image/png 152.228.223.13
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.ibb.co/FzLrjnF/pay.png
Requested by: Host: claim-newskin.claim2free.com
URL: https://claim-newskin.claim2free.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 152.228.223.13 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3190386.ip-152-228-223.eu
Software: nginx /
Resource Hash: 2dafd0b485614e7e866c6e8261a87f6655a332a044a52e52801cb8a052eb2ffb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://claim-newskin.claim2free.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 12:52:13 GMT
last-modified: Fri, 13 Aug 2021 14:02:24 GMT
server: nginx
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 550
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 1.png
claim-newskin.claim2free.com/img/rewards/ 222 KB
223 KB 655ms
652ms Image
image/png 2606:4700:3031::ac43:d014
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://claim-newskin.claim2free.com/img/rewards/1.png
Requested by: Host: claim-newskin.claim2free.com
URL: https://claim-newskin.claim2free.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::ac43:d014 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 996551337783b172e5976517be4cbb372cd3ffc50f38cff03aedd4697fce9682

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://claim-newskin.claim2free.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 12:52:14 GMT
cf-cache-status: MISS
last-modified: Wed, 01 Dec 2021 12:24:20 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hYagbnFZdhvgSMqo6oUWhHaHvFaaAvnQ8Lesgk2MANMdATCjprauRit5LZ3xEgnsKm4337pTvnZXCZyeNH%2Fg8H4Pfx1qy6cDmZVlPf0p1bHgxPPfaOtxFuQAh1BA09OeKyhV%2F%2BrjRxqciEsm2r8P2mNjZmnDUK7LmvCD"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 6bcf541189fb701b-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 227387

GET
H3 200 2.png
claim-newskin.claim2free.com/img/rewards/ 488 KB
488 KB 4137ms
4134ms Image
image/png 2606:4700:3031::ac43:d014
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://claim-newskin.claim2free.com/img/rewards/2.png
Requested by: Host: claim-newskin.claim2free.com
URL: https://claim-newskin.claim2free.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::ac43:d014 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6072bd87cebaabea1c68f76d3b5e8b7eb4c3c29ce45d477f99864118b6068934

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://claim-newskin.claim2free.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 12:52:17 GMT
cf-cache-status: MISS
last-modified: Wed, 01 Dec 2021 12:24:24 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Rn9FGtrb%2BsWO3SzXkQML8G67M3zZi%2BAaiYwDF0RIlId5u3ubAue9Lj%2FAygbekyNgHb%2BupMlsUiHk6Yt3%2F5%2FwjOzF6rURDvuJmcYmcVorONn1CJ2FNtRb%2FZOXqp0VEBVW%2FoDth%2BmS23Ux8GAeFC5bmWSeeXlZprQELBVg"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 6bcf541189fd701b-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 499228

GET
H3 200 3.png
claim-newskin.claim2free.com/img/rewards/ 573 KB
573 KB 3109ms
3106ms Image
image/png 2606:4700:3031::ac43:d014
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://claim-newskin.claim2free.com/img/rewards/3.png
Requested by: Host: claim-newskin.claim2free.com
URL: https://claim-newskin.claim2free.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::ac43:d014 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb29b933bd0a95a8e733d3a20f422be373f2672a89859b32fd553a875f35eac

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://claim-newskin.claim2free.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 12:52:16 GMT
cf-cache-status: MISS
last-modified: Wed, 01 Dec 2021 12:24:30 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z1fy%2BOWmgy0nkGndZ%2FZjwymQGwbXC%2B%2BYl7FopD5HCAHiMLvp1dMCxTEjWynsx0tqmWh%2B%2BojZ0ljM8bBmd%2BPLrT%2FtYPuMrhHpf9rOc%2FM5VEP%2FrhBOEam69ZCiz2FdwI7pXAU6k6blg%2BD2SPHr5En60GO6OlFSQArc6RK0"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 6bcf541189ff701b-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 586321

GET
H3 200 4.png
claim-newskin.claim2free.com/img/rewards/ 244 KB
245 KB 3117ms
3114ms Image
image/png 2606:4700:3031::ac43:d014
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://claim-newskin.claim2free.com/img/rewards/4.png
Requested by: Host: claim-newskin.claim2free.com
URL: https://claim-newskin.claim2free.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::ac43:d014 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 831d49a82465e0bc05966b6c61fef354755760b4cb8397321029e2fc2d88929f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://claim-newskin.claim2free.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 12:52:16 GMT
cf-cache-status: MISS
last-modified: Wed, 01 Dec 2021 12:24:34 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Bq7qyW%2BbiXlY8PoaCqT3KyOMz5yPUcdpUfANNsmg5mIQO%2Buntsw9XyvYbxvi%2FQJPNlbd2cAgfLrj7THL%2BLYDmxSdNY9daHHH0qBeRY%2F9Wf%2F7agHpR7cRgA3LIhUtWNgMeQYoXDYH9zHEV%2Fqk7pSuyLPFUszAxrKVUweN"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 6bcf54118a03701b-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 250156

GET
H3 200 5.png
claim-newskin.claim2free.com/img/rewards/ 267 KB
267 KB 677ms
674ms Image
image/png 2606:4700:3031::ac43:d014
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://claim-newskin.claim2free.com/img/rewards/5.png
Requested by: Host: claim-newskin.claim2free.com
URL: https://claim-newskin.claim2free.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::ac43:d014 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 02e9936770593340751f8a38f1fcc1217b6b8a49177075d81119892699c8bcbf

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://claim-newskin.claim2free.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 12:52:14 GMT
cf-cache-status: MISS
last-modified: Wed, 01 Dec 2021 12:24:38 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BklGip8ayEwRYQwmI3oh4lRpoQMnplB3G54ZS9vYhl3ebfZPGfSZvYAmOBnTDaTAkuezmdyMBTVqHhCOxqU0ppkf7f0uMh1%2BpnuIZmcVh2n8pLmeVzJIYN94kUkFIoHgPhAs0NQ0TP%2B0pgGLBmxHH6T%2BSk60WQD%2FR7vr"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 6bcf54118a05701b-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 273085

GET
H3 200 6.png
claim-newskin.claim2free.com/img/rewards/ 343 KB
343 KB 662ms
659ms Image
image/png 2606:4700:3031::ac43:d014
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://claim-newskin.claim2free.com/img/rewards/6.png
Requested by: Host: claim-newskin.claim2free.com
URL: https://claim-newskin.claim2free.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::ac43:d014 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 98505fb1e8e09ebc6b200453a98854385e211112bfc5a6f46ac6bfefea6abaa2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://claim-newskin.claim2free.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 12:52:14 GMT
cf-cache-status: MISS
last-modified: Wed, 01 Dec 2021 12:24:42 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PF88zP9hihDZDYs7jkGBEDoOW8LGciQ5WJOAxAT1bFt6Ph2NIND77YxEqhwDJQoCrC8j4mJlcKtI6MI3t2ckgAjPNZoqjiAzKh915q8a4qP17%2Fpj%2Ff5SiqQ4weUMdKnqbcDyBnVrGGfQ0CcmJiuxmlbcNkIV9bowgU6n"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 6bcf54118a06701b-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 350906

GET
H2 200 link_1.png
www.pubgmobile.com/common/images/ 412 B
572 B 100ms
29ms Image
image/png 2a02:26f0:6c00::210:ba0b
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.pubgmobile.com/common/images/link_1.png
Requested by: Host: claim-newskin.claim2free.com
URL: https://claim-newskin.claim2free.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba0b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 99ed54c6d4dbabf849b1b844a548a0ee3f8a8d0bf2c4424d57ee5d8c761f843a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://claim-newskin.claim2free.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 12:52:13 GMT
last-modified: Thu, 18 Mar 2021 13:02:42 GMT
server: nginx
etag: "60534f72-19c"
content-type: image/png
cache-control: max-age=122
accept-ranges: bytes
content-length: 412
expires: Mon, 13 Dec 2021 12:54:15 GMT

GET
H2 200 link_2.png
www.pubgmobile.com/common/images/ 827 B
989 B 130ms
59ms Image
image/png 2a02:26f0:6c00::210:ba0b
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.pubgmobile.com/common/images/link_2.png
Requested by: Host: claim-newskin.claim2free.com
URL: https://claim-newskin.claim2free.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba0b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: e20d0a77af62d8461cc5f464d9463d7eb417452e32ce216cff928b0658a53a52

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://claim-newskin.claim2free.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 12:52:13 GMT
last-modified: Thu, 18 Mar 2021 13:02:42 GMT
server: nginx
etag: "60534f72-33b"
content-type: image/png
cache-control: max-age=93
accept-ranges: bytes
content-length: 827
expires: Mon, 13 Dec 2021 12:53:46 GMT

GET
H2 200 link_3.png
www.pubgmobile.com/common/images/ 638 B
799 B 130ms
59ms Image
image/png 2a02:26f0:6c00::210:ba0b
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.pubgmobile.com/common/images/link_3.png
Requested by: Host: claim-newskin.claim2free.com
URL: https://claim-newskin.claim2free.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba0b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 65bcb1d2699f8726c0fe67bd01eb5cc8cd682a8eb8b67aeda82739a41f1f5a8d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://claim-newskin.claim2free.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 12:52:13 GMT
last-modified: Thu, 18 Mar 2021 13:02:42 GMT
server: nginx
etag: "60534f72-27e"
content-type: image/png
cache-control: max-age=117
accept-ranges: bytes
content-length: 638
expires: Mon, 13 Dec 2021 12:54:10 GMT

GET
H2 200 link_4.png
www.pubgmobile.com/common/images/ 768 B
929 B 156ms
86ms Image
image/png 2a02:26f0:6c00::210:ba0b
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.pubgmobile.com/common/images/link_4.png
Requested by: Host: claim-newskin.claim2free.com
URL: https://claim-newskin.claim2free.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba0b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: a61ba6147dc708bcecfb1a2adfdd5ceb9550e06992c5ffb42c3e30d36823e95c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://claim-newskin.claim2free.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 12:52:13 GMT
last-modified: Thu, 18 Mar 2021 13:02:42 GMT
server: nginx
etag: "60534f72-300"
content-type: image/png
cache-control: max-age=56
accept-ranges: bytes
content-length: 768
expires: Mon, 13 Dec 2021 12:53:09 GMT

GET
H2 200 link_5.png
www.pubgmobile.com/common/images/ 643 B
804 B 109ms
82ms Image
image/png 2a02:26f0:6c00::210:ba0b
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.pubgmobile.com/common/images/link_5.png
Requested by: Host: claim-newskin.claim2free.com
URL: https://claim-newskin.claim2free.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba0b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: ece6fc3bf5e763a1031f5900eea1e88bd8a27bf8a2a9bddf4402301f450f21e4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://claim-newskin.claim2free.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 12:52:13 GMT
last-modified: Thu, 18 Mar 2021 13:02:42 GMT
server: nginx
etag: "60534f72-283"
content-type: image/png
cache-control: max-age=7
accept-ranges: bytes
content-length: 643
expires: Mon, 13 Dec 2021 12:52:20 GMT

GET
H2 200 footer-img.png
i.ibb.co/Wx8wkq1/ 22 KB
22 KB 32ms
32ms Image
image/png 152.228.223.13
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.ibb.co/Wx8wkq1/footer-img.png
Requested by: Host: claim-newskin.claim2free.com
URL: https://claim-newskin.claim2free.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 152.228.223.13 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3190386.ip-152-228-223.eu
Software: nginx /
Resource Hash: ff21b5da68b872c36b781dbe5413f52c3ed3c1f9f2e0bbd7c8646270beb37627

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://claim-newskin.claim2free.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 12:52:13 GMT
last-modified: Fri, 02 Jul 2021 03:16:09 GMT
server: nginx
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 22746
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 facebook_text.png
claim-newskin.claim2free.com/img/login/ 28 KB
29 KB 929ms
927ms Image
image/png 2606:4700:3031::ac43:d014
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://claim-newskin.claim2free.com/img/login/facebook_text.png
Requested by: Host: claim-newskin.claim2free.com
URL: https://claim-newskin.claim2free.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::ac43:d014 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 092a3cd5f86b3f039feefdeb86694cd16ae545af214cfda614bdbbe2d1bde401

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://claim-newskin.claim2free.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 12:52:14 GMT
cf-cache-status: MISS
last-modified: Wed, 01 Dec 2021 12:24:06 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F5c5SXasVF3Pax2PF5DCX1me6S6zudY1eYOFvDzFyZT7bYAwZSkChZ9VYNSOolkx5ZCjEvvIieb6hoI3E%2FBkk1t9uFKoFEBLIDjuz55Bd48iN788UEAKii%2BQv5TkiJxNwLrrclTrdpEvk44c7fARhNVloF9EaBQftf7O"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 6bcf54118a08701b-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 28789

GET
H2 200 icon_logo.jpg
www.pubgmobile.com/id/event/royalepass10/images/ 73 KB
74 KB 76ms
76ms Image
image/jpeg 2a02:26f0:6c00::210:ba0b
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.pubgmobile.com/id/event/royalepass10/images/icon_logo.jpg
Requested by: Host: claim-newskin.claim2free.com
URL: https://claim-newskin.claim2free.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba0b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 0d9cf7eb8fb12be77685134e63f7dae9a95fbf9306ae0529bd0347582d18a8ef

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://claim-newskin.claim2free.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 12:52:13 GMT
last-modified: Wed, 15 Sep 2021 06:46:59 GMT
server: nginx
etag: "614196e3-1258d"
content-type: image/jpeg
cache-control: max-age=112
accept-ranges: bytes
content-length: 75149
expires: Mon, 13 Dec 2021 12:54:05 GMT

GET
H3 200 twitter_text.png
claim-newskin.claim2free.com/img/login/ 4 KB
5 KB 340ms
338ms Image
image/png 2606:4700:3031::ac43:d014
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://claim-newskin.claim2free.com/img/login/twitter_text.png
Requested by: Host: claim-newskin.claim2free.com
URL: https://claim-newskin.claim2free.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::ac43:d014 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1be5d05ce6faad469f7f9c5a5879f2d9f8d267b60eb394e92c19217268bcea8f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://claim-newskin.claim2free.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 12:52:14 GMT
cf-cache-status: MISS
last-modified: Wed, 01 Dec 2021 12:24:10 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PQJLM8D3iWD4je1cC5KDP%2FUjybDds3njGulx6d2z8ZcHS%2FjGggsUz%2BJMaMdK88aiob2n4WvPWXH9x%2F0uYBm10y30IvoZIhKYD7LpiMRU3dG%2BlIhE03YGeWYftTwnjpu4pJLRuzLIMZVtocDAT65GpZHOhWeCAKMipCdY"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 6bcf54118a0a701b-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 4298

GET
H2 200 jquery-1.10.2.min.js Show response
code.jquery.com/ 91 KB
32 KB 56ms
19ms Script
application/javascript 2001:4de0:ac18::1:a:1a
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-1.10.2.min.js
Requested by: Host: claim-newskin.claim2free.com
URL: https://claim-newskin.claim2free.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac18::1:a:1a , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: nginx /
Resource Hash: 0ba081f546084bd5097aa8a73c75931d5aa1fc4d6e846e53c21f98e6a1509988

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://claim-newskin.claim2free.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 12:52:13 GMT
content-encoding: gzip
last-modified: Fri, 24 Oct 2014 00:16:07 GMT
server: nginx
etag: W/"54499a47-16bb3"
vary: Accept-Encoding
x-hw: 1639399933.dop207.ml1.t,1639399933.cds212.ml1.hn,1639399933.cds031.ml1.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 32788

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/2.1.1/ 82 KB
30 KB 38ms
9ms Script
text/javascript 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js

Requested by

Host: claim-newskin.claim2free.com
URL: https://claim-newskin.claim2free.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

874706b2b1311a0719b5267f7d1cf803057e367e94ae1ff7bf78c5450d30f5d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://claim-newskin.claim2free.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 04:41:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 375026
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29671
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 09 Dec 2022 04:41:47 GMT

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/2.1.3/ 82 KB
29 KB 45ms
16ms Script
text/javascript 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js

Requested by

Host: claim-newskin.claim2free.com
URL: https://claim-newskin.claim2free.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8af93bd675e1cfd9ecc850e862819fdac6e3ad1f5d761f970e409c7d9c63bdc3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://claim-newskin.claim2free.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sun, 12 Dec 2021 18:36:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 65773
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29707
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 12 Dec 2022 18:36:00 GMT

GET
H3 200 tab.js Show response
claim-newskin.claim2free.com/js/ 693 B
834 B 3832ms
3828ms Script
application/javascript 2606:4700:3031::ac43:d014
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://claim-newskin.claim2free.com/js/tab.js
Requested by: Host: claim-newskin.claim2free.com
URL: https://claim-newskin.claim2free.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::ac43:d014 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 630aaa71b2078033ad3f899cce0333c7a1fe2a99bf45eafa609977d65f25b16c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://claim-newskin.claim2free.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 12:52:17 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Wed, 01 Dec 2021 12:25:34 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FGiB9oCoRMaWimx68X9P6YmFuO8ylR78cW5LIEI%2Fp37soZkq4noHkWlC%2BxIFOuURuwkhZf2dUz3uWLsb%2BCFaNOFJ25b8Tpsa%2BUhEENRB3b%2BDCcX7M6BmZZQwfXrQ4felsGFuzAFwtuDLBawU8Ayd9LUOjRFO1YKJ%2B4Ha"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6bcf541189f2701b-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H3 404 timer.js
claim-newskin.claim2free.com/js/ 0
0 3818ms
3814ms Script
text/html 2606:4700:3031::ac43:d014
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://claim-newskin.claim2free.com/js/timer.js
Requested by: Host: claim-newskin.claim2free.com
URL: https://claim-newskin.claim2free.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::ac43:d014 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://claim-newskin.claim2free.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 12:52:17 GMT
content-encoding: br
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=492LvfKN87GbpgGHmnXTV6TsVxEWW28HCGMz5ZMUi6reWkUpnz9FBOBEHtOvIcpnsdZE34yhyK9jLGzFuwQc%2BbH%2BPnTHBmPwf6N%2FvP%2FhNlXIWUbY3v9FPHVq5vnvpsxm9Qry%2BOg8p8Bmem4hoK3BvBglKni8K5ybzFOF"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=iso-8859-1
cache-control: max-age=14400
cf-ray: 6bcf541189f6701b-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H3 200 popup.js Show response
claim-newskin.claim2free.com/js/ 925 B
851 B 1774ms
1770ms Script
application/javascript 2606:4700:3031::ac43:d014
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://claim-newskin.claim2free.com/js/popup.js
Requested by: Host: claim-newskin.claim2free.com
URL: https://claim-newskin.claim2free.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::ac43:d014 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ff48e7f1b1c7ba038e92a1ac89cd4e947ce63724609552cc15999d29dcf36a15

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://claim-newskin.claim2free.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 12:52:15 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Wed, 01 Dec 2021 12:25:28 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=V90DNfktbHfLVowR%2B6RrUVjTvTvjxUC3FZpGMnCFxifFeg3%2Fl4aDmV0JBYzvp2I1NDkDGmeqb3B0jxwZc2PgdSrdfpOrVL65VR7zeO0eRShT0NcWqX%2Bia7gpQorCc4he3g2M3c4uD%2BUwOgYR9A6EkcWqMCbhfmLu%2FJ4K"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6bcf541189f8701b-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H3 200 click.js Show response
claim-newskin.claim2free.com/js/ 158 B
684 B 3832ms
3828ms Script
application/javascript 2606:4700:3031::ac43:d014
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://claim-newskin.claim2free.com/js/click.js
Requested by: Host: claim-newskin.claim2free.com
URL: https://claim-newskin.claim2free.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::ac43:d014 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9aa9775911c207383adf62313937750d9c50aa4cb3e86af19242d9ff8a4291de

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://claim-newskin.claim2free.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 12:52:17 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Wed, 01 Dec 2021 12:25:22 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NvPmFFcek6EgQBF1WIU9I%2FKsQtg9F6GMrhS2MoBoLH14PhITu9%2F5eJr27dMHZ4hnMVDpi9u26w%2BoILizbgtbjIt2GevYTmwVLneoC4yX5K%2B0Barj7dZzsH1g8kbfH4rcawM4k47IRb%2FKyck8XZar8agoSck7%2BLWqLgUQ"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6bcf541189fa701b-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H3 503 debug.js
jefanya.store/js/ 0
0 74ms
30ms Script
text/html 2606:4700:3033::ac43:c84c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://jefanya.store/js/debug.js
Requested by: Host: claim-newskin.claim2free.com
URL: https://claim-newskin.claim2free.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:c84c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://claim-newskin.claim2free.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

GET
H2 206 header15.mp4
xcode1991.online/header/ 3 MB
3 MB 163ms
105ms Media
video/mp4 2606:4700:3031::ac43:9e9a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://xcode1991.online/header/header15.mp4
Requested by: Host: claim-newskin.claim2free.com
URL: https://claim-newskin.claim2free.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:9e9a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 35f6a9c94aa8e2db856c833f94f4816815693eea7a7ae3b3a366d7ad9b46a3a1

Request headers

Referer: https://claim-newskin.claim2free.com/
Accept-Encoding: identity;q=1, *;q=0
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Range: bytes=0-

Response headers

date: Mon, 13 Dec 2021 12:52:13 GMT
cf-cache-status: MISS
last-modified: Thu, 25 Nov 2021 02:50:47 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2I5h%2BfPcEOvf%2Fr5viv%2ByIBnXdakZb97MRIvHFPr7rHE1SrEyH%2FqS6BNUKch3JnHyUw5uPinoTPLBp74WoUYosMxHuoz4PVDI%2F9vTaGtSeKLP1yABlmAhvBGrVgB%2FVKq4FfedQZc1GIqk4r3WA5Aq"}],"group":"cf-nel","max_age":604800}
content-type: video/mp4
Content-Range: bytes 0-2640963/2640964
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6bcf54123a718397-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
Content-Length: 2640964

GET
H2 200 css
fonts.googleapis.com/ 11 KB
1 KB 39ms
17ms Stylesheet
text/css 2a00:1450:4001:808::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:300,400,500,700|Teko:300,400,500

Requested by

Host: claim-newskin.claim2free.com
URL: https://claim-newskin.claim2free.com/css/style.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

303e5fe1c9accaf33939757fbb303331640d1cea9a98149114e7c49efc7a4285

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://claim-newskin.claim2free.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 13 Dec 2021 12:52:13 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 13 Dec 2021 12:52:13 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 13 Dec 2021 12:52:13 GMT

GET
H3 200 container.png
claim-newskin.claim2free.com/img/latest/ 459 KB
460 KB 3952ms
3952ms Image
image/png 2606:4700:3031::ac43:d014
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://claim-newskin.claim2free.com/img/latest/container.png
Requested by: Host: claim-newskin.claim2free.com
URL: https://claim-newskin.claim2free.com/css/style.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::ac43:d014 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: acd491354f29ec137b38a65935376306bb3ba9a749170be0e9ca8b03f8b27027

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://claim-newskin.claim2free.com/css/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 12:52:18 GMT
cf-cache-status: MISS
last-modified: Wed, 01 Dec 2021 12:23:48 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BNkddENMHoaeFwS36oZ7YVnLlUjzPVvZQ4oFqEzRWOp%2FHDIfLr3tmyOJtmXPsKg%2BZf9yGDacDrIq%2FMtCgCC4oWEyauZa2nIZUiyMMoQUc6mblcc2ojdAGE2xRR1xCmMTjyzENiGBneZWabqNulCHz%2FU5a5bUvXAg4TKN"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 6bcf5414cb37701b-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 470452

GET
H3 200 alert.png
claim-newskin.claim2free.com/img/latest/ 24 KB
24 KB 4499ms
4499ms Image
image/png 2606:4700:3031::ac43:d014
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://claim-newskin.claim2free.com/img/latest/alert.png
Requested by: Host: claim-newskin.claim2free.com
URL: https://claim-newskin.claim2free.com/css/style.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::ac43:d014 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6202de6863cad004b3c4d9be2ff6dcbe25d219ae76fd43d4d6a6458537351504

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://claim-newskin.claim2free.com/css/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 12:52:18 GMT
cf-cache-status: MISS
last-modified: Wed, 01 Dec 2021 12:23:44 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XPCnHWhDcrBp7J9QJ3d5c10dr5ZLps9IjRpLQaF8gqU9Z8Qsxod4tKyI5sYCTvlWtJyuOttvgj%2F5wLFGujIKDlP6T1bCkP91XmOvXKrPoOs2xAq7rTRraWsi8NVgVP4at1PMHTjUPxeUyQ7FnVPUmlFImYOEXRncTjIs"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 6bcf5414cb3a701b-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 24469

GET
H3 200 alert.png
claim-newskin.claim2free.com/img//latest/ 24 KB
24 KB 4488ms
4488ms Image
image/png 2606:4700:3031::ac43:d014
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://claim-newskin.claim2free.com/img//latest/alert.png
Requested by: Host: claim-newskin.claim2free.com
URL: https://claim-newskin.claim2free.com/css/style.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::ac43:d014 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6202de6863cad004b3c4d9be2ff6dcbe25d219ae76fd43d4d6a6458537351504

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://claim-newskin.claim2free.com/css/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 12:52:18 GMT
cf-cache-status: MISS
last-modified: Wed, 01 Dec 2021 12:23:44 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jjhOy9bQ%2B7UNeB0wCsn47v4suPa3YVaJrpyPFonr3k3jxH0Kag6U2KJii01gdNYK6ebjOG2km0H8YUR5u7MjO6VxU2fvKPtmev%2Bn6edY3UcD0h4uMGyJFBH%2BiTAXHRhc74sfZBlHrR9gfsHhnNa2M1z5d7CPDJxb84fy"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 6bcf5414cb3d701b-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 24469

GET
H2 200 LYjNdG7kmE0gfaN9pQ.woff2
fonts.gstatic.com/s/teko/v10/ 13 KB
13 KB 34ms
12ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/teko/v10/LYjNdG7kmE0gfaN9pQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500,700|Teko:300,400,500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

51b6a852f98c7140040a19aeed7333059105f04271c132beef28e0f28b86ae48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://claim-newskin.claim2free.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 03:15:15 GMT
x-content-type-options: nosniff
age: 466619
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13324
x-xss-protection: 0
last-modified: Tue, 01 Sep 2020 05:26:11 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 08 Dec 2022 03:15:15 GMT

GET
H2 200 LYjCdG7kmE0gdVBesCRgqA.woff2
fonts.gstatic.com/s/teko/v10/ 13 KB
14 KB 31ms
8ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/teko/v10/LYjCdG7kmE0gdVBesCRgqA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500,700|Teko:300,400,500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2c6270a46fab4741361983694a87f66533c1fd3e60d06567d48e7fd60dabc1fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://claim-newskin.claim2free.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 05:29:49 GMT
x-content-type-options: nosniff
age: 458545
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13216
x-xss-protection: 0
last-modified: Tue, 01 Sep 2020 04:41:26 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 08 Dec 2022 05:29:49 GMT

GET
H3 404 timer.js
claim-newskin.claim2free.com/js/ 0
0 18ms
17ms Script
text/html 2606:4700:3031::ac43:d014
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://claim-newskin.claim2free.com/js/timer.js
Requested by: Host: claim-newskin.claim2free.com
URL: https://claim-newskin.claim2free.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::ac43:d014 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://claim-newskin.claim2free.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 13 Dec 2021 12:52:17 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 0
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G8Yt1pv5F%2FHoaLUzQ5phyylsoiCfBIEoKm0iGDg3ULxVnlNog%2B9bLHqvkOZVcIUhNmKY1cfYUKLth7Hk7KKeftqCK7iKcfxFE7dH6AIAGFC%2Bo%2B%2FsWJFdXSjGegFHly1q6%2Fomz20AzpbF1CD%2FE0Mm9DOCqnyNADAc1CVw"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=iso-8859-1
cache-control: max-age=14400
cf-ray: 6bcf542968e3701b-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET m_1725u5z7i1.mp3
l.top4top.io/ 0
0

GET
H2 206 m_1725zobal2.mp3
a.top4top.io/ 17 KB
18 KB 95ms
39ms Media
audio/mpeg 51.159.64.45
Online SAS

General

Check archive.org

Show headers Download Go to

Full URL: https://a.top4top.io/m_1725zobal2.mp3
Requested by: Host: claim-newskin.claim2free.com
URL: https://claim-newskin.claim2free.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 51.159.64.45 Paris, France, ASN12876 (Online SAS, FR),
Reverse DNS: 51-159-64-45.rev.poneytelecom.eu
Software: nginx /
Resource Hash: 22e1575a06426f427b46598d6599c565e80ed3e937b1872b0d5d928bfe5b2d65

Request headers

Referer: https://claim-newskin.claim2free.com/
Accept-Encoding: identity;q=1, *;q=0
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Range: bytes=0-

Response headers

x-file-id: x34392024x
date: Mon, 13 Dec 2021 12:52:17 GMT
last-modified: Mon, 21 Sep 2020 07:16:33 GMT
server: nginx
etag: "5f685351-451b"
content-type: audio/mpeg
Content-Range: bytes 0-17690/17691
cache-control: max-age=7200
content-disposition: inline; filename="close_reward_popup.mp3"
Content-Length: 17691
expires: Mon, 13 Dec 2021 14:52:17 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: l.top4top.io
URL: https://l.top4top.io/m_1725u5z7i1.mp3

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Gaming (Entertainment)

18 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

7 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://jefanya.store/js/debug.js Message: Failed to load resource: the server responded with a status of 503 ()
network	error	URL: https://jefanya.store/js/ctrlu.js Message: Failed to load resource: the server responded with a status of 503 ()
network	error	URL: https://jefanya.store/js/debug.js Message: Failed to load resource: the server responded with a status of 503 ()
security	warning	URL: https://claim-newskin.claim2free.com/ Message: Mixed Content: The page at 'https://claim-newskin.claim2free.com/' was loaded over HTTPS, but requested an insecure element 'http://xcode1991.online/header/header15.mp4'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://claim-newskin.claim2free.com/ Message: Mixed Content: The page at 'https://claim-newskin.claim2free.com/' was loaded over HTTPS, but requested an insecure video 'http://xcode1991.online/header/header15.mp4'. This content should also be served over HTTPS.
network	error	URL: https://claim-newskin.claim2free.com/js/timer.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://claim-newskin.claim2free.com/js/timer.js Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.top4top.io
ajax.googleapis.com
cdnjs.cloudflare.com
claim-newskin.claim2free.com
code.jquery.com
fonts.googleapis.com
fonts.gstatic.com
i.ibb.co
jefanya.store
l.top4top.io
stackpath.bootstrapcdn.com
www.pubgmobile.com
xcode1991.online
l.top4top.io
152.228.223.13
2001:4de0:ac18::1:a:1a
2606:4700:3031::ac43:9e9a
2606:4700:3031::ac43:d014
2606:4700:3033::ac43:c84c
2606:4700::6810:125e
2606:4700::6812:acf
2a00:1450:4001:808::200a
2a00:1450:4001:810::2003
2a00:1450:4001:812::200a
2a02:26f0:6c00::210:ba0b
51.159.64.45
02e9936770593340751f8a38f1fcc1217b6b8a49177075d81119892699c8bcbf
092a3cd5f86b3f039feefdeb86694cd16ae545af214cfda614bdbbe2d1bde401
0935d302a23d3bf9236aaa827d77a450752b9a5eb74be1712fe24a12a2f50b5b
0ba081f546084bd5097aa8a73c75931d5aa1fc4d6e846e53c21f98e6a1509988
0d9cf7eb8fb12be77685134e63f7dae9a95fbf9306ae0529bd0347582d18a8ef
1be5d05ce6faad469f7f9c5a5879f2d9f8d267b60eb394e92c19217268bcea8f
22e1575a06426f427b46598d6599c565e80ed3e937b1872b0d5d928bfe5b2d65
2c6270a46fab4741361983694a87f66533c1fd3e60d06567d48e7fd60dabc1fb
2dafd0b485614e7e866c6e8261a87f6655a332a044a52e52801cb8a052eb2ffb
303e5fe1c9accaf33939757fbb303331640d1cea9a98149114e7c49efc7a4285
35f6a9c94aa8e2db856c833f94f4816815693eea7a7ae3b3a366d7ad9b46a3a1
3727bff7573b2d999d48b05dee9adfe976b9094ec8043c3872dd5af399ee229b
3eb29b933bd0a95a8e733d3a20f422be373f2672a89859b32fd553a875f35eac
51b6a852f98c7140040a19aeed7333059105f04271c132beef28e0f28b86ae48
54e45a0cb0fb522c4c3637e3fa2d6a7729bf8e9b2266d268cae0ca0583bf6d16
5899c82b2f0563679a9c1ee79b5b28f2545864d95c7627c1a70e36a2f034497d
6072bd87cebaabea1c68f76d3b5e8b7eb4c3c29ce45d477f99864118b6068934
6202de6863cad004b3c4d9be2ff6dcbe25d219ae76fd43d4d6a6458537351504
630aaa71b2078033ad3f899cce0333c7a1fe2a99bf45eafa609977d65f25b16c
65bcb1d2699f8726c0fe67bd01eb5cc8cd682a8eb8b67aeda82739a41f1f5a8d
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
831d49a82465e0bc05966b6c61fef354755760b4cb8397321029e2fc2d88929f
874706b2b1311a0719b5267f7d1cf803057e367e94ae1ff7bf78c5450d30f5d4
8af93bd675e1cfd9ecc850e862819fdac6e3ad1f5d761f970e409c7d9c63bdc3
914bdd3ddb19961b2a07b0dc7aff4acbfe94e9821fbd692dfb8184f972df1005
98505fb1e8e09ebc6b200453a98854385e211112bfc5a6f46ac6bfefea6abaa2
996551337783b172e5976517be4cbb372cd3ffc50f38cff03aedd4697fce9682
99ed54c6d4dbabf849b1b844a548a0ee3f8a8d0bf2c4424d57ee5d8c761f843a
9aa9775911c207383adf62313937750d9c50aa4cb3e86af19242d9ff8a4291de
a61ba6147dc708bcecfb1a2adfdd5ceb9550e06992c5ffb42c3e30d36823e95c
acd491354f29ec137b38a65935376306bb3ba9a749170be0e9ca8b03f8b27027
b258d35bd22d4ad8993a547095eab6cbb6d962aa77702a7ed1016dd15ab492cb
ca6271c0edf869cbf28769ad0bc9918856741e0a712bc2e094660ad8fb03be76
dec3e9f0190a504ed0c8f4a5e957c107206ba106cac4a1bbb6cbac6369a16d56
e20d0a77af62d8461cc5f464d9463d7eb417452e32ce216cff928b0658a53a52
ece6fc3bf5e763a1031f5900eea1e88bd8a27bf8a2a9bddf4402301f450f21e4
ff21b5da68b872c36b781dbe5413f52c3ed3c1f9f2e0bbd7c8646270beb37627
ff48e7f1b1c7ba038e92a1ac89cd4e947ce63724609552cc15999d29dcf36a15

claim-newskin.claim2free.com Open in urlscan Pro 2606:4700:3031::ac43:d014 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

45 Requests

98 %HTTPS

83 %IPv6

11 Domains

13 Subdomains

13 IPs

4 Countries

6494 kBTransfer

6832 kBSize

0 Cookies

0 Outgoing links

Redirected requests

45 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

claim-newskin.claim2free.com Open in urlscan Pro
2606:4700:3031::ac43:d014 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

45
Requests

98 %
HTTPS

83 %
IPv6

11
Domains

13
Subdomains

13
IPs

4
Countries

6494 kB
Transfer

6832 kB
Size

0
Cookies

45 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!