thefreestuff.xyz
Open in
urlscan Pro
51.83.37.23
Malicious Activity!
Public Scan
Submission Tags: falconsandbox
Submission: On August 23 via api from US
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on August 22nd 2021. Valid for: 3 months.
This is the only time thefreestuff.xyz was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
20 | 51.83.37.23 51.83.37.23 | 16276 (OVH) (OVH) | |
1 | 2a00:1450:400... 2a00:1450:4001:828::2008 | 15169 (GOOGLE) (GOOGLE) | |
1 | 2600:9000:20e... 2600:9000:20eb:2a00:3:b5aa:ad80:21 | 16509 (AMAZON-02) (AMAZON-02) | |
3 | 94.23.162.58 94.23.162.58 | 16276 (OVH) (OVH) | |
1 | 2a00:1450:400... 2a00:1450:4001:813::200e | 15169 (GOOGLE) (GOOGLE) | |
5 | 2600:9000:21f... 2600:9000:21f3:ba00:13:652b:c180:21 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 2a00:1450:400... 2a00:1450:4001:828::200e | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:400c:c08::9a | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:4001:829::200a | 15169 (GOOGLE) (GOOGLE) | |
34 | 9 |
ASN15169 (GOOGLE, US)
www.googletagmanager.com |
ASN16509 (AMAZON-02, US)
d13nu0oomnx5ti.cloudfront.net |
ASN16276 (OVH, FR)
PTR: ip58.ip-94-23-162.eu
www.lockyluke.com |
ASN15169 (GOOGLE, US)
www.google-analytics.com |
ASN16509 (AMAZON-02, US)
dgu9g3a2kzqx2.cloudfront.net |
ASN15169 (GOOGLE, US)
www.google-analytics.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
20 |
thefreestuff.xyz
thefreestuff.xyz |
745 KB |
6 |
cloudfront.net
d13nu0oomnx5ti.cloudfront.net dgu9g3a2kzqx2.cloudfront.net |
40 KB |
3 |
lockyluke.com
www.lockyluke.com |
5 KB |
2 |
google-analytics.com
www.google-analytics.com |
19 KB |
1 |
googleapis.com
fonts.googleapis.com |
982 B |
1 |
doubleclick.net
stats.g.doubleclick.net |
86 B |
1 |
googletagmanager.com
www.googletagmanager.com |
40 KB |
34 | 7 |
Domain | Requested by | |
---|---|---|
20 | thefreestuff.xyz |
thefreestuff.xyz
|
5 | dgu9g3a2kzqx2.cloudfront.net |
d13nu0oomnx5ti.cloudfront.net
|
3 | www.lockyluke.com |
thefreestuff.xyz
www.lockyluke.com |
2 | www.google-analytics.com |
www.googletagmanager.com
www.google-analytics.com |
1 | fonts.googleapis.com |
thefreestuff.xyz
|
1 | stats.g.doubleclick.net |
www.google-analytics.com
|
1 | d13nu0oomnx5ti.cloudfront.net |
thefreestuff.xyz
|
1 | www.googletagmanager.com |
thefreestuff.xyz
|
34 | 8 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.lockyluke.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
thefreestuff.xyz cPanel, Inc. Certification Authority |
2021-08-22 - 2021-11-20 |
3 months | crt.sh |
*.google-analytics.com GTS CA 1C3 |
2021-07-26 - 2021-10-18 |
3 months | crt.sh |
*.cloudfront.net Amazon |
2021-03-19 - 2022-03-17 |
a year | crt.sh |
api.bladepops.com R3 |
2021-07-19 - 2021-10-17 |
3 months | crt.sh |
*.g.doubleclick.net GTS CA 1C3 |
2021-07-26 - 2021-10-18 |
3 months | crt.sh |
upload.video.google.com GTS CA 1O1 |
2021-07-26 - 2021-10-18 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://thefreestuff.xyz/games/content/apex-legends-hack/
Frame ID: 283B2AE183CC79192C9B4C68667192E3
Requests: 34 HTTP requests in this frame
Screenshot
Page Title
Apex Legends Hack- An Online Coins Generator Free Tool 2021Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Google Analytics (Analytics) Expand
Detected patterns
- script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i
Page Statistics
3 Outgoing links
These are links going to different origins than the main page.
Title: Get a trial membership with Movieflix
Search URL Search Domain Scan URL
Title: Get access to the hottest released games
Search URL Search Domain Scan URL
Title: Listen to your favourite music online
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
34 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
thefreestuff.xyz/games/content/apex-legends-hack/ |
9 KB 10 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
101 KB 40 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
_bower.css
thefreestuff.xyz/games/content/apex-legends-hack/css/ |
157 KB 158 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.css
thefreestuff.xyz/games/content/apex-legends-hack/css/ |
14 KB 14 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
18d7cae.js
d13nu0oomnx5ti.cloudfront.net/ |
23 KB 23 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
uTFnt95DuOrsG5xp
www.lockyluke.com/ |
13 KB 5 KB |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
confirm-icon.png
thefreestuff.xyz/games/content/apex-legends-hack/img/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
user.png
thefreestuff.xyz/games/content/apex-legends-hack/img/ |
15 KB 15 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
platform.png
thefreestuff.xyz/games/content/apex-legends-hack/img/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gold-icon.png
thefreestuff.xyz/games/content/apex-legends-hack/img/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
success_icon_32.png
thefreestuff.xyz/games/content/apex-legends-hack/img/ |
9 KB 9 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app-icon.png
thefreestuff.xyz/games/content/apex-legends-hack/img/ |
25 KB 25 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
chip-icon.png
thefreestuff.xyz/games/content/apex-legends-hack/img/ |
315 B 315 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
server-icon.png
thefreestuff.xyz/games/content/apex-legends-hack/img/ |
22 KB 22 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
firewall-icon.png
thefreestuff.xyz/games/content/apex-legends-hack/img/ |
21 KB 21 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
encryption-icon.png
thefreestuff.xyz/games/content/apex-legends-hack/img/ |
29 KB 29 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
_bower.js
thefreestuff.xyz/games/content/apex-legends-hack/js/ |
328 KB 331 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
scripts.js
thefreestuff.xyz/games/content/apex-legends-hack/js/ |
52 KB 52 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytics.js
www.google-analytics.com/ |
48 KB 19 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
html.1450374.61204.0.js
dgu9g3a2kzqx2.cloudfront.net/public/external/v2/ |
8 KB 8 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css_front.css
dgu9g3a2kzqx2.cloudfront.net/public/external/ |
6 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
AvenirLTStd-Roman.woff2
thefreestuff.xyz/games/content/apex-legends-hack/fonts/ |
11 KB 11 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
AvenirLTStd-Black.woff2
thefreestuff.xyz/games/content/apex-legends-hack/fonts/ |
11 KB 11 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
AvenirLTStd-Light.woff2
thefreestuff.xyz/games/content/apex-legends-hack/fonts/ |
10 KB 11 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
AvenirLTStd-Medium.woff2
thefreestuff.xyz/games/content/apex-legends-hack/fonts/ |
11 KB 11 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3-29 |
collect
www.google-analytics.com/j/ |
2 B 22 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
stats.g.doubleclick.net/j/ |
1 B 86 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
background.jpg
thefreestuff.xyz/games/content/apex-legends-hack/img/ |
315 B 315 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
creditcheck.php
www.lockyluke.com/ |
32 B 302 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
12 KB 982 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
imprcount.php
www.lockyluke.com/ |
1 B 277 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css.css
dgu9g3a2kzqx2.cloudfront.net/public/clockers/Blank/ |
700 B 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
guid
dgu9g3a2kzqx2.cloudfront.net/public/ |
0 285 B |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
check.php
dgu9g3a2kzqx2.cloudfront.net/public/external/ |
78 B 371 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)72 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated function| gtag object| dataLayer object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga object| CPABUILDSETTINGS object| CPABUILDContentLocker number| __cfRLUnblockHandlers function| CPBContentLocker function| CPABuildLock function| CPABuildGetFeedURL function| CPABuildGetIframeURL function| CPABuildGetIframeHTML function| CPABuildUnlock function| CPABuildOfferComplete function| CPABuildOffersComplete function| CPABuildCheckForLead function| og_load function| CPABuildComplete function| call_locker function| loadLocker function| imprCountC function| __adl__callHook_uTFnt95DuOrsG5xp function| __adl__onload_c_uTFnt95DuOrsG5xp object| gaplugins object| gaGlobal object| gaData function| $ function| jQuery object| ko function| ES6Promise function| Chance object| chance function| Sweetalert2 function| swal function| sweetAlert object| _0x6dc7 function| _0x56d5 function| loadIframe function| isNumberKey object| viewModel function| KeyCheck undefined| onlongtouch undefined| timer undefined| lockTimer undefined| touchduration function| touchstart function| touchend function| _0x6dece9 boolean| desktopsuccess boolean| mobilesuccess string| lockerurl object| resourcesNum object| $clocker object| offerList object| oid_array number| listID string| adlAPIurl number| check4 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.thefreestuff.xyz/ | Name: _gat_gtag_UA_71893807_22 Value: 1 |
|
.thefreestuff.xyz/ | Name: _gid Value: GA1.2.782710875.1629698619 |
|
.thefreestuff.xyz/ | Name: _ga Value: GA1.2.405624368.1629698619 |
|
thefreestuff.xyz/ | Name: _cpguid Value: 50t80jqqh |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
d13nu0oomnx5ti.cloudfront.net
dgu9g3a2kzqx2.cloudfront.net
fonts.googleapis.com
stats.g.doubleclick.net
thefreestuff.xyz
www.google-analytics.com
www.googletagmanager.com
www.lockyluke.com
2600:9000:20eb:2a00:3:b5aa:ad80:21
2600:9000:21f3:ba00:13:652b:c180:21
2a00:1450:4001:813::200e
2a00:1450:4001:828::2008
2a00:1450:4001:828::200e
2a00:1450:4001:829::200a
2a00:1450:400c:c08::9a
51.83.37.23
94.23.162.58
0b1e91559bf23d2dce422563b7f51f45fd5ce9e09ed759d384a5077474c3962d
1469f2455f575b156e3e6c08d62ae76a17d52e1912a595dead0b837550f48654
37eb4732be3823a3fd64bd86533dff8eb648cc8abffc1c28f32e9008ce3a559c
43d7977e40842a30573239834df28dcd59fd7f8f95ab44a48e9fd5d008e99f54
471c801e6e7ff1a427ca57089c178ac628453a599ea5db442ad0bc90818d6667
4a69d8fcc5c373ad1d82bfaf534bda2df20257bd4a26bfb9eb7752a7c4ace7cc
511d1e745fe5b3e85f6d34ed5a0caf2158fe95a831d2d2fcf71efb257131f746
5710760182a03173bc2d297d4c860f5ecf2eaf3402959bf15a819ea1f9bb4ac9
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
7af0562d70b091c3aaa78c67dd9e7ea18db8f6759c8843e56249e22520304723
88f8c9c1789e781d46978a603491412910a3b88887c2c65c5c0ab6e9f56e4086
9ef4a63fc5e0a14a7301d693d65d6acfc44cdf14853c4a20890198f2d5e52e3b
a2f9fb1965a5500a64dfadd152ea5b6c8d250b1c99a0e73cba041b81a497f0ce
a6fa07c0a76e0d0ad233321808915b091030d60aaead24d0ae9c8fa77c2f1553
a7bd79b6fba60944ee3a9c153108ff0819d2db57850116ac7065a86db08af4ec
aa7d89419595d06338eb50abc1e739cccd33750a351eb92ea9ffcd441c445a61
b574fadbf94a5b46b5d549f55fc03be934d1cb04903de36d73466244b42d8ebd
b8224962b699dad2dc96117a714ce6ed12876f0029ee41a9dda1bb8348e12749
bba198931af781e37457efe075ec2f12143707f840a976ffd703ef30f442ab28
c955277b07034f668086a406322ddf8171ff4a88804080e1cf0825272c0688ec
cd15caa5c538acd8396c47778402a973b6b6cd8958bbffeb922d527e350bd436
d26d9ce2a6efffed7aaf31d1f12d98694dc9e698706c73eee2e3830c8d5b1565
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
d71b75f37cbaa198fcac72013ceb2a2fe5b68c89902dbcf4b52ae28812cb9268
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
dfbaaf6f017a086db165b89f9a3aff3aed6775b1f284abb30292a30b09ea8258
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd
e8b13d99f828370923953dfb7480fa260968206c42be91f792801db58e5078c2
eb72719b4263ed4e6c347bb7431bc036b7b00103b0b330c16bfb7b72f242e88e
ecac24ceca2a02ea1cce0da5aab315dee8da0323eda4b3063c9de1033998f0b9
f5a9970ba2bddd28a1aa3ebbe7a4bd53063d2abf5cb56f6f92b2e8306a8a03e2