![](/screenshots/e485d0b6-6a16-4bb9-83e0-3639c1bb8169.png)
redeemfreefire.eventclaim.xyz
Open in
urlscan Pro
2a06:98c1:3120::7
Malicious Activity!
Public Scan
Submission: On May 01 via automatic, source certstream-suspicious — Scanned from DE
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on April 29th 2022. Valid for: a year.
This is the only time redeemfreefire.eventclaim.xyz was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Gaming (Entertainment)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
11 | 2a06:98c1:312... 2a06:98c1:3120::7 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a00:1450:400... 2a00:1450:4001:80f::200e | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:4001:813::2008 | 15169 (GOOGLE) (GOOGLE) | |
3 | 2606:4700::68... 2606:4700::6811:180e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2606:4700::68... 2606:4700::6812:acf | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 2a06:98c1:312... 2a06:98c1:3121::7 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
3 6 | 107.160.74.131 107.160.74.131 | 40676 (AS40676) (AS40676) | |
1 | 2a00:1450:400... 2a00:1450:4001:808::200a | 15169 (GOOGLE) (GOOGLE) | |
23 | 9 |
ASN15169 (GOOGLE, US)
www.google-analytics.com |
ASN15169 (GOOGLE, US)
www.googletagmanager.com |
ASN40676 (AS40676, US)
PTR: unassigned.psychz.net
files.catbox.moe | |
de.catbox.moe |
Apex Domain Subdomains |
Transfer | |
---|---|---|
11 |
eventclaim.xyz
redeemfreefire.eventclaim.xyz |
211 KB |
6 |
catbox.moe
3 redirects
files.catbox.moe — Cisco Umbrella Rank: 179262 de.catbox.moe |
136 KB |
3 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 209 |
23 KB |
2 |
githack.com
rawcdn.githack.com — Cisco Umbrella Rank: 67234 |
3 KB |
1 |
googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 278 |
30 KB |
1 |
bootstrapcdn.com
stackpath.bootstrapcdn.com — Cisco Umbrella Rank: 2220 |
7 KB |
1 |
googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 55 |
38 KB |
1 |
google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 33 |
20 KB |
23 | 8 |
Domain | Requested by | |
---|---|---|
11 | redeemfreefire.eventclaim.xyz |
redeemfreefire.eventclaim.xyz
|
3 | de.catbox.moe |
redeemfreefire.eventclaim.xyz
|
3 | files.catbox.moe | 3 redirects |
3 | cdnjs.cloudflare.com |
redeemfreefire.eventclaim.xyz
|
2 | rawcdn.githack.com |
redeemfreefire.eventclaim.xyz
|
1 | ajax.googleapis.com |
redeemfreefire.eventclaim.xyz
|
1 | stackpath.bootstrapcdn.com |
redeemfreefire.eventclaim.xyz
|
1 | www.googletagmanager.com |
redeemfreefire.eventclaim.xyz
|
1 | www.google-analytics.com |
redeemfreefire.eventclaim.xyz
|
23 | 9 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-04-29 - 2023-04-28 |
a year | crt.sh |
*.google-analytics.com GTS CA 1C3 |
2022-04-11 - 2022-07-04 |
3 months | crt.sh |
upload.video.google.com GTS CA 1C3 |
2022-04-11 - 2022-07-04 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://redeemfreefire.eventclaim.xyz/
Frame ID: 16BAF7712E178161A49B0E2D3971EE14
Requests: 25 HTTP requests in this frame
Screenshot
![](/screenshots/e485d0b6-6a16-4bb9-83e0-3639c1bb8169.png)
Page Title
Free FireDetected technologies
![](/vendor/wappa/icons/Bootstrap.png)
Detected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
![](/vendor/wappa/icons/Vue.js.png)
Detected patterns
- <[^>]+\sdata-v(?:ue)?-
![](/vendor/wappa/icons/Font Awesome.png)
Detected patterns
- <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Detected patterns
- google-analytics\.com/(?:ga|urchin|analytics)\.js
![](/vendor/wappa/icons/Google Tag Manager.png)
Detected patterns
- googletagmanager\.com/gtag/js
Detected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 16- https://files.catbox.moe/shq1bp.png HTTP 301
- https://de.catbox.moe/shq1bp.png
- https://files.catbox.moe/ljahcc.jpeg HTTP 301
- https://de.catbox.moe/ljahcc.jpeg
- https://files.catbox.moe/7jey62.png HTTP 301
- https://de.catbox.moe/7jey62.png
23 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
redeemfreefire.eventclaim.xyz/ |
17 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytics.js
www.google-analytics.com/ |
49 KB 20 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
98 KB 38 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style-AlexHost.css
redeemfreefire.eventclaim.xyz/alexFrontEnd/css/ |
40 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
font-awesome.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/ |
30 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
all.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.2/css/ |
58 KB 11 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
font-awesome.min.css
stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/ |
30 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
material-design-iconic-font.min.css
cdnjs.cloudflare.com/ajax/libs/material-design-iconic-font/2.2.0/css/ |
69 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
alex-facebook.css
rawcdn.githack.com/AlexHostX/all.asset/c9f3ddecc56e688f8660a2d31a5beea4909fa5b9/ |
5 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
alex-google.css
rawcdn.githack.com/AlexHostX/all.asset/1591ba04a57c11f4b18d2ebb39e03e4a81715c83/ |
3 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fbcircle-Alex.png
redeemfreefire.eventclaim.xyz/alexFrontEnd/img/ |
9 KB 9 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
vkcircle-Alex.png
redeemfreefire.eventclaim.xyz/alexFrontEnd/img/ |
10 KB 10 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gpcircle-Alex.png
redeemfreefire.eventclaim.xyz/alexFrontEnd/img/ |
6 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hwcircle-Alex.png
redeemfreefire.eventclaim.xyz/alexFrontEnd/img/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
applcircle-Alex.png
redeemfreefire.eventclaim.xyz/alexFrontEnd/img/ |
9 KB 9 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
twcircle-Alex.png
redeemfreefire.eventclaim.xyz/alexFrontEnd/img/ |
10 KB 10 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
garena-Alex.jpg
redeemfreefire.eventclaim.xyz/alexFrontEnd/img/ |
3 KB 4 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
shq1bp.png
de.catbox.moe/ Redirect Chain
|
28 KB 28 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ljahcc.jpeg
de.catbox.moe/ Redirect Chain
|
75 KB 75 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
7jey62.png
de.catbox.moe/ Redirect Chain
|
32 KB 32 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/2.1.1/ |
82 KB 30 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
449 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bgAlex-d.jpg
redeemfreefire.eventclaim.xyz/alexFrontEnd/img/ |
134 KB 134 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
144 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
fftext-Alex.png
redeemfreefire.eventclaim.xyz/alexFrontEnd/img/ |
14 KB 15 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Gaming (Entertainment)17 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone function| getScreenDetails object| google_tag_data function| ga object| gaplugins object| google_tag_manager object| dataLayer function| $ function| jQuery function| openfbAlex function| closefbAlex function| opengpAlex function| closegpAlex function| AlexHostingNetFB function| AlexHostingNetGP0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
cdnjs.cloudflare.com
de.catbox.moe
files.catbox.moe
rawcdn.githack.com
redeemfreefire.eventclaim.xyz
stackpath.bootstrapcdn.com
www.google-analytics.com
www.googletagmanager.com
107.160.74.131
2606:4700::6811:180e
2606:4700::6812:acf
2a00:1450:4001:808::200a
2a00:1450:4001:80f::200e
2a00:1450:4001:813::2008
2a06:98c1:3120::7
2a06:98c1:3121::7
092a3cd5f86b3f039feefdeb86694cd16ae545af214cfda614bdbbe2d1bde401
0bac0a0607bb21d1dcd7b06e9fd117a160b3a463499a3de09855c0f3b5db8023
38e377481a3abf35890dbc9abd19fd4657ab4ea449d24299073da019da5b4281
392c6ef45dc72dc2d72c2a2d16ff5fcd5943766e78e14f1f6bb008c59cf80877
3dec40957ccb5815562b06c0bcb1cb3fc09a5f0738aa0b9ec2d1390e4e30a346
42fcead125ad8660c031f3b763fd048fd06b4a70a7a48cf17bc03073fb255fae
4abb644266a5139ed69498a2f9522afe373c41787fda172dad55ce1afb18a8df
4bb88bccc5bd610423b63fba5ca6f98516d3d8fc631d6b1b977ac669104264be
756734c7de9dd01ffd9c75ccdfc48f08d51d774f75c6c453d9468812c5282861
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
874706b2b1311a0719b5267f7d1cf803057e367e94ae1ff7bf78c5450d30f5d4
8ffae0974acd7014b8e30ff2510ff2c8809103dca22a9e9d252cfd525cc7eff9
94f92c2fa2a770888470701e4e9c0063d11bd846b52739d8b12a06b2dabd3be2
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
ac768dee11c223ac3fba06a7212fd0163c171e7986735b5cd04f9081504126b3
ba96000a92f9d03cce2c34ab48fb9f1e67976be7b4233c1bd607a87e6e9af82d
c4d7d9e2fa6d6434a0faff6a6cd12a8544fd6a13030f6c830696e07431aa9df4
cff81f8984cdebd9f5039cd4c058d7d67bba4b92666dc0605f47c44b6a761df2
d1fb8d8337cd22568295b0ed998c85c58f0b4cd083af0b0db21cb0af80002f2d
db4ec073d903b592836cac6f4055ade25f7663251c2565489996c17a9e4a12d5
dec3e9f0190a504ed0c8f4a5e957c107206ba106cac4a1bbb6cbac6369a16d56
edefde11d13eb274cafd860dd219755352257187b374f313c810cb6a20f0a477
f40dbfc44c7ed7b05cedade41152655ea82a8e87a75f4cb8a1cf9d67ba94b835
fdd37318b46d0c24c6bd0fe572ef01518160e311ca8fc05231a851345f1e0907