Report - freefire-garena-promo.com.ru/

Report Overview

Submitted URL
freefire-garena-promo.com.ru/
IP
104.21.34.141
ASN
#13335 CLOUDFLARENET
Submitted
2024-05-07 18:15:25
Access
public
Website Title
Free Fire
Final URL
freefire-garena-promo.com.ru/freefire/
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
38

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
freefire-garena-promo.com.ru	unknown	unknown	No data	No data	10 kB	292 kB	104.21.34.141
aus5.mozilla.org	2548	1998-01-24	2015-10-27	2024-05-06	512 B	1.2 kB	35.244.181.201
freefiremobile-a.akamaihd.net	20326	2009-09-14	2017-11-25	2024-05-06	473 B	4.8 kB	23.36.76.90

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-05-07	medium	freefire-garena-promo.com.ru/	Garena
2024-05-07	medium	freefire-garena-promo.com.ru/	Garena
2024-05-07	medium	freefire-garena-promo.com.ru/	Garena
2024-05-07	medium	freefire-garena-promo.com.ru/	Garena
2024-05-07	medium	freefire-garena-promo.com.ru/	Garena
2024-05-07	medium	freefire-garena-promo.com.ru/	Garena
2024-05-07	medium	freefire-garena-promo.com.ru/	Garena
2024-05-07	medium	freefire-garena-promo.com.ru/	Garena
2024-05-07	medium	freefire-garena-promo.com.ru/	Garena
2024-05-07	medium	freefire-garena-promo.com.ru/	Garena
2024-05-07	medium	freefire-garena-promo.com.ru/	Garena
2024-05-07	medium	freefire-garena-promo.com.ru/	Garena
2024-05-07	medium	freefire-garena-promo.com.ru/	Garena
2024-05-07	medium	freefire-garena-promo.com.ru/	Garena
2024-04-21	medium	freefire-garena-promo.com.ru/freefire	Garena
2024-05-07	medium	freefire-garena-promo.com.ru/	Garena
2024-05-07	medium	freefire-garena-promo.com.ru/	Garena
2024-05-07	medium	freefire-garena-promo.com.ru/	Garena
2024-05-07	medium	freefire-garena-promo.com.ru/	Garena

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (2)

	URL	Size	First Seen	Last Seen
	freefire-garena-promo.com.ru/freefire/	0 B	2023-03-07	2024-05-28
Pretty URL freefire-garena-promo.com.ru/freefire/ IP 104.21.34.141 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-28 21:45:16 Times Seen38420280 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	freefire-garena-promo.com.ru/freefire/js/analytics.js	47 kB	2023-03-07	2024-05-27
Pretty URL freefire-garena-promo.com.ru/freefire/js/analytics.js IP 104.21.34.141 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-05-27 09:13:04 Times Seen606 Hash 53ee95b384d866e8692bb1aef923b763 a82812b87b667d32a8e51514c578a5175edd94b4 e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b Loading...

HTTP Transactions (21)

URL IP Response Size

freefire-garena-promo.com.ru/freefire/

104.21.34.141

200 OK

167 B

URL User Request GET HTTP/3
freefire-garena-promo.com.ru/freefire/
IP
104.21.34.141:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectfreefire-garena-promo.com.ru
FingerprintEE:7C:83:05:CB:1F:D0:FD:A2:3F:25:4D:08:4D:29:DB:5C:27:20:15
ValiditySat, 06 Apr 2024 17:04:35 GMT - Fri, 05 Jul 2024 17:04:34 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
167 B (167 bytes)
Hash
0104c301c5e02bd6148b8703d19b3a73
7436e0b4b1f8c222c38069890b75fa2baf9ca620
446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Garena

HTTP Headers

GET /freefire/ HTTP/1.1
Host: freefire-garena-promo.com.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=56md0e2mktgs8sou0sn4l7l1ke
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Date: Tue, 07 May 2024 18:15:00 GMT
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Tue, 07 May 2024 19:15:00 GMT
Location: https://freefire-garena-promo.com.ru/freefire/
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PoRd6p5YM0wVZglKnGVioDiqJSfZOq3m1MzPZCuGfFdq946MdXTG8pS8ZUhEHs4NlYoM6RgVO9TzNEIzgY3zUnWDQieC0ujOVIU96TZo%2B2ckRnacVZvcF82U%2BZKWr9vBiOHK98swhynYAvP0mxdw"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8803316548320b41-OSL
alt-svc: h2=":443"; ma=60

freefire-garena-promo.com.ru/

104.21.34.141

302 Found

506 B

URL User Request GET HTTP/2
freefire-garena-promo.com.ru/
IP
104.21.34.141:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectfreefire-garena-promo.com.ru
FingerprintEE:7C:83:05:CB:1F:D0:FD:A2:3F:25:4D:08:4D:29:DB:5C:27:20:15
ValiditySat, 06 Apr 2024 17:04:35 GMT - Fri, 05 Jul 2024 17:04:34 GMT

File type
data
Size
506 B (506 bytes)
Hash
3bf47f790b161ad506260f8330f7a69e
5d001d4a7f944838667beffcc9ac6e20143edb5c
08e250128562e0d5c6e7f89577e2b886fda9b53b4cdcd120f2fe2b83c892620f

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Garena

HTTP Headers

GET / HTTP/1.1
Host: freefire-garena-promo.com.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Tue, 07 May 2024 18:15:00 GMT
content-type: text/html; charset=utf-8
location: https://freefire-garena-promo.com.ru/freefire
set-cookie: PHPSESSID=56md0e2mktgs8sou0sn4l7l1ke; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=M5L8u2wvquXdMcE8hphfAIz3RuC40usdEfW8u150OchhsyJsd2VWQ%2Fhw9RuJQ5kALMK6p6Txa41I73Xa41ZgvzfVqJu84pt9IlXm8L88IL3I%2BP%2Be5NzJKMXjFS9fqrbihL84u8O%2Bduq%2FxAn7CXim"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8803316358487127-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

freefire-garena-promo.com.ru/freefire/js/js

104.21.34.141

404 Not Found

1.5 kB

URL GET HTTP/3
freefire-garena-promo.com.ru/freefire/js/js
IP
104.21.34.141:443
ASN
#13335 CLOUDFLARENET

Requested by
https://freefire-garena-promo.com.ru/freefire/
Certificate
IssuerLet's Encrypt
Subjectfreefire-garena-promo.com.ru
FingerprintEE:7C:83:05:CB:1F:D0:FD:A2:3F:25:4D:08:4D:29:DB:5C:27:20:15
ValiditySat, 06 Apr 2024 17:04:35 GMT - Fri, 05 Jul 2024 17:04:34 GMT

File type
HTML document, ASCII text, with very long lines (634)
Size
1.5 kB (1474 bytes)
Hash
16f9becdacae380114a1c99bb4d528e7
d7c4e5b15078c8a9ea1cf452beafba8eb45c4c95
d9cd6dfca94282619431285858508adf7a4552a70c2bb6dc4f30b0c83d9b1615

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Garena

HTTP Headers

GET /freefire/js/js HTTP/1.1
Host: freefire-garena-promo.com.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://freefire-garena-promo.com.ru/freefire/
Cookie: PHPSESSID=56md0e2mktgs8sou0sn4l7l1ke
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 404 Not Found
date: Tue, 07 May 2024 18:15:01 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7lrZ2efjYkfgBtCudJB1S098q3WThTUo83vDdJCxy6SrVBGs8U7mpakgoHphLxeIyckQH0DXyNyfdvczJw3wTem2rSdSkkcMFaFN32UxaFvMYkbSU8AIIu84bnyGhzwlHyGTrFa1%2F9FkIwP85t8S"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880331699cfb5688-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

freefire-garena-promo.com.ru/freefire/imgg/bg.jpg

104.21.34.141

200 OK

137 kB

URL GET HTTP/3
freefire-garena-promo.com.ru/freefire/imgg/bg.jpg
IP
104.21.34.141:443
ASN
#13335 CLOUDFLARENET

Requested by
https://freefire-garena-promo.com.ru/freefire/
Certificate
IssuerLet's Encrypt
Subjectfreefire-garena-promo.com.ru
FingerprintEE:7C:83:05:CB:1F:D0:FD:A2:3F:25:4D:08:4D:29:DB:5C:27:20:15
ValiditySat, 06 Apr 2024 17:04:35 GMT - Fri, 05 Jul 2024 17:04:34 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 1x1, segment length 16, progressive, precision 8, 1920x965, components 3
Size
137 kB (136773 bytes)
Hash
57fd6fc58a09519be8012650efd9881d
bf24f16e0901ebef13336a3b4a6e13263ffb6279
ba96000a92f9d03cce2c34ab48fb9f1e67976be7b4233c1bd607a87e6e9af82d

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Garena

HTTP Headers

GET /freefire/imgg/bg.jpg HTTP/1.1
Host: freefire-garena-promo.com.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://freefire-garena-promo.com.ru/freefire/js/responsive.css
Cookie: PHPSESSID=56md0e2mktgs8sou0sn4l7l1ke
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 07 May 2024 18:15:01 GMT
content-type: image/jpeg
content-length: 136773
last-modified: Tue, 02 May 2023 14:12:28 GMT
etag: "64511a4c-21645"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 20938
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1FWZ5VW19mJIL4Nh%2B9qwKsHB7%2F5ANEXZSkqCRNUweBnX7bOAAFm6ujBhVCXYiotxJd0ULzWG8Kgrnl8kj4tdQfAzmJxcbSIQgD7PLiPZtMhahtQ9sQta7BmogxHTWbb%2Blz3X0TkF3ZPYZyKsmV%2Bd"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803316a2e0c5688-OSL
alt-svc: h3=":443"; ma=86400

freefire-garena-promo.com.ru/freefire/imgg/vk-l.png

104.21.34.141

200 OK

9.8 kB

URL GET HTTP/3
freefire-garena-promo.com.ru/freefire/imgg/vk-l.png
IP
104.21.34.141:443
ASN
#13335 CLOUDFLARENET

Requested by
https://freefire-garena-promo.com.ru/freefire/
Certificate
IssuerLet's Encrypt
Subjectfreefire-garena-promo.com.ru
FingerprintEE:7C:83:05:CB:1F:D0:FD:A2:3F:25:4D:08:4D:29:DB:5C:27:20:15
ValiditySat, 06 Apr 2024 17:04:35 GMT - Fri, 05 Jul 2024 17:04:34 GMT

File type
PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced
Size
9.8 kB (9846 bytes)
Hash
a53bf2276aa814a0053de1eb24d48b1b
0f7bb9af7af5e9eb07998969744f9105d833e233
8ffae0974acd7014b8e30ff2510ff2c8809103dca22a9e9d252cfd525cc7eff9

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Garena

HTTP Headers

GET /freefire/imgg/vk-l.png HTTP/1.1
Host: freefire-garena-promo.com.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://freefire-garena-promo.com.ru/freefire/js/responsive.css
Cookie: PHPSESSID=56md0e2mktgs8sou0sn4l7l1ke
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 07 May 2024 18:15:01 GMT
content-type: image/png
content-length: 9846
last-modified: Tue, 02 May 2023 14:12:24 GMT
etag: "64511a48-2676"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 20938
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JbQbhQ8LAKC68rxbpH6m825s3v8lxv1Kmm9cg7EgYiZzqqrsXAaZmPwHRqlSNhDHvWFi8BSm4SSnJNB%2Fhvs21kJHvN%2BVsJPC3FXuq98BYlmQ8vsrsUnJpWD122JG%2BDP0qR1waBIMTkYYeltyvPG9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803316a3e1d5688-OSL
alt-svc: h3=":443"; ma=86400

freefire-garena-promo.com.ru/freefire/imgg/google-l.png

104.21.34.141

200 OK

6.7 kB

URL GET HTTP/3
freefire-garena-promo.com.ru/freefire/imgg/google-l.png
IP
104.21.34.141:443
ASN
#13335 CLOUDFLARENET

Requested by
https://freefire-garena-promo.com.ru/freefire/
Certificate
IssuerLet's Encrypt
Subjectfreefire-garena-promo.com.ru
FingerprintEE:7C:83:05:CB:1F:D0:FD:A2:3F:25:4D:08:4D:29:DB:5C:27:20:15
ValiditySat, 06 Apr 2024 17:04:35 GMT - Fri, 05 Jul 2024 17:04:34 GMT

File type
PNG image data, 81 x 81, 8-bit/color RGBA, non-interlaced
Size
6.7 kB (6656 bytes)
Hash
5f3e71195ba86afaf49859083e74b5ce
7b5ebf2bf6387331cf90442375ff9f4af5c4fd58
5437ffaa3ad1e6a1fd8272511b2cd6c0c301a339a16f2d3e0e0c496b10a3818d

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Garena

HTTP Headers

GET /freefire/imgg/google-l.png HTTP/1.1
Host: freefire-garena-promo.com.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://freefire-garena-promo.com.ru/freefire/js/responsive.css
Cookie: PHPSESSID=56md0e2mktgs8sou0sn4l7l1ke
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 07 May 2024 18:15:01 GMT
content-type: image/png
content-length: 6656
last-modified: Tue, 02 May 2023 14:12:28 GMT
etag: "64511a4c-1a00"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 20938
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Efo57MeDEdQkfHAaqhGZhJD7x4F06rh9H6OoQC6Y9%2F1gm%2Bcnz%2Beq6xpvjk0SAhc%2Fs76BZ4EKgiShA2EUTeHPapedq0uxMWFuJ8zPDX2BnvRqdGIbxjpfvwjAH3TVKX5cz8uPWMuzLZtmtzzJUazH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803316a3e1e5688-OSL
alt-svc: h3=":443"; ma=86400

freefire-garena-promo.com.ru/freefire/imgg/logo.png

104.21.34.141

200 OK

14 kB

URL GET HTTP/3
freefire-garena-promo.com.ru/freefire/imgg/logo.png
IP
104.21.34.141:443
ASN
#13335 CLOUDFLARENET

Requested by
https://freefire-garena-promo.com.ru/freefire/
Certificate
IssuerLet's Encrypt
Subjectfreefire-garena-promo.com.ru
FingerprintEE:7C:83:05:CB:1F:D0:FD:A2:3F:25:4D:08:4D:29:DB:5C:27:20:15
ValiditySat, 06 Apr 2024 17:04:35 GMT - Fri, 05 Jul 2024 17:04:34 GMT

File type
PNG image data, 426 x 104, 8-bit/color RGBA, non-interlaced
Size
14 kB (14297 bytes)
Hash
b3c9dc5b5bba47430a7da8301c09d45b
811aa569261ba03c88fc108d04428264046b66ba
4bb88bccc5bd610423b63fba5ca6f98516d3d8fc631d6b1b977ac669104264be

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Garena

HTTP Headers

GET /freefire/imgg/logo.png HTTP/1.1
Host: freefire-garena-promo.com.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://freefire-garena-promo.com.ru/freefire/js/responsive.css
Cookie: PHPSESSID=56md0e2mktgs8sou0sn4l7l1ke
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 07 May 2024 18:15:01 GMT
content-type: image/png
content-length: 14297
last-modified: Tue, 02 May 2023 14:12:24 GMT
etag: "64511a48-37d9"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 20938
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bHrJgrJOrRWOl7LY%2Fv9bz%2FSC36xbQb5DMR%2Bwir6nWBguPuzstuPQ109Vzw8hKPsIMSuWHrgJfzbvluDO%2BjnrfD2pNlPS0gy%2B%2BKG7qinRTqAqkmkzz%2FarKcRvcma9lVPvcT2DnUHRRIx6yYJ%2FbDzI"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803316a2e105688-OSL
alt-svc: h3=":443"; ma=86400

freefire-garena-promo.com.ru/freefire/imgg/facebook-l.png

104.21.34.141

200 OK

9.2 kB

URL GET HTTP/3
freefire-garena-promo.com.ru/freefire/imgg/facebook-l.png
IP
104.21.34.141:443
ASN
#13335 CLOUDFLARENET

Requested by
https://freefire-garena-promo.com.ru/freefire/
Certificate
IssuerLet's Encrypt
Subjectfreefire-garena-promo.com.ru
FingerprintEE:7C:83:05:CB:1F:D0:FD:A2:3F:25:4D:08:4D:29:DB:5C:27:20:15
ValiditySat, 06 Apr 2024 17:04:35 GMT - Fri, 05 Jul 2024 17:04:34 GMT

File type
PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced
Size
9.2 kB (9175 bytes)
Hash
e328a85faf3ec595e525860c98e34098
e60ea777c0f17e3091eda58a81a9b916fea47f56
94f92c2fa2a770888470701e4e9c0063d11bd846b52739d8b12a06b2dabd3be2

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Garena

HTTP Headers

GET /freefire/imgg/facebook-l.png HTTP/1.1
Host: freefire-garena-promo.com.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://freefire-garena-promo.com.ru/freefire/js/responsive.css
Cookie: PHPSESSID=56md0e2mktgs8sou0sn4l7l1ke
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 07 May 2024 18:15:01 GMT
content-type: image/png
content-length: 9175
last-modified: Tue, 02 May 2023 14:12:24 GMT
etag: "64511a48-23d7"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 20938
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wp%2BX8lfvwBv29RoI7nUdPvxGG6sLA9syUPpj4Hd5ADQCchovoBi7oHAcLNeyFNHvL%2BQuAzpNtS1fsDqy9Zha0ubBfTk9qitBI3Vdpk9IZ40LcCe8U1UhSIXcrYNErn8CTGAskzczjmDXEf%2F10hX9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803316a2e175688-OSL
alt-svc: h3=":443"; ma=86400

freefire-garena-promo.com.ru/freefire/imgg/huawei-l.png

104.21.34.141

200 OK

5.8 kB

URL GET HTTP/3
freefire-garena-promo.com.ru/freefire/imgg/huawei-l.png
IP
104.21.34.141:443
ASN
#13335 CLOUDFLARENET

Requested by
https://freefire-garena-promo.com.ru/freefire/
Certificate
IssuerLet's Encrypt
Subjectfreefire-garena-promo.com.ru
FingerprintEE:7C:83:05:CB:1F:D0:FD:A2:3F:25:4D:08:4D:29:DB:5C:27:20:15
ValiditySat, 06 Apr 2024 17:04:35 GMT - Fri, 05 Jul 2024 17:04:34 GMT

File type
PNG image data, 81 x 81, 8-bit/color RGBA, non-interlaced
Size
5.8 kB (5811 bytes)
Hash
b71500650d5d3b5fba7b2f8f8012fe13
049dac5b1bb2864de4e64f4dbb3e084efad7a14c
3149e5da337a71edbf1f389081fb4c9010748eebbf9d9a6d8442e74be2f1f261

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Garena

HTTP Headers

GET /freefire/imgg/huawei-l.png HTTP/1.1
Host: freefire-garena-promo.com.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://freefire-garena-promo.com.ru/freefire/js/responsive.css
Cookie: PHPSESSID=56md0e2mktgs8sou0sn4l7l1ke
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 07 May 2024 18:15:01 GMT
content-type: image/png
content-length: 5811
last-modified: Tue, 02 May 2023 14:12:26 GMT
etag: "64511a4a-16b3"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 20938
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ftx8fzWLhxKvhnxlpLiMNQtLExqRg7509BjMKhM3DtdMDJpiYbxC69EFCTfI5OlcVI9%2FPomZpHUC0qZPEl%2F%2B1moddhdQHwWayqfzdGoIhu%2BOS%2FUDe7wzgfn0HZq3XdtC40HYpIPVl4gKLOLHFNGE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803316a3e255688-OSL
alt-svc: h3=":443"; ma=86400

freefire-garena-promo.com.ru/freefire/imgg/apple-l.png

104.21.34.141

200 OK

9.1 kB

URL GET HTTP/3
freefire-garena-promo.com.ru/freefire/imgg/apple-l.png
IP
104.21.34.141:443
ASN
#13335 CLOUDFLARENET

Requested by
https://freefire-garena-promo.com.ru/freefire/
Certificate
IssuerLet's Encrypt
Subjectfreefire-garena-promo.com.ru
FingerprintEE:7C:83:05:CB:1F:D0:FD:A2:3F:25:4D:08:4D:29:DB:5C:27:20:15
ValiditySat, 06 Apr 2024 17:04:35 GMT - Fri, 05 Jul 2024 17:04:34 GMT

File type
PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced
Size
9.1 kB (9069 bytes)
Hash
d72825e76a981573e800cb3983bff287
89d064915f45c31853eaa77a416843cb3d3dcc81
ac768dee11c223ac3fba06a7212fd0163c171e7986735b5cd04f9081504126b3

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Garena

HTTP Headers

GET /freefire/imgg/apple-l.png HTTP/1.1
Host: freefire-garena-promo.com.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://freefire-garena-promo.com.ru/freefire/js/responsive.css
Cookie: PHPSESSID=56md0e2mktgs8sou0sn4l7l1ke
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 07 May 2024 18:15:01 GMT
content-type: image/png
content-length: 9069
last-modified: Tue, 02 May 2023 14:12:28 GMT
etag: "64511a4c-236d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 20938
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4dlOcgpQcrLwfCMtX1reg6YYDPWytEsEvaBB%2Bpbv3UtOOOm3glbpxs4Pgbf8kqSyidedpgcA20DK%2BsZ8RDxcWRRxvzL1mubYtGUimScAeipCMmEZFlc8RO1feESenFM0Q2oP7MmqG7kURzEQMixR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803316a3e295688-OSL
alt-svc: h3=":443"; ma=86400

freefire-garena-promo.com.ru/freefire/imgg/twitter-l.png

104.21.34.141

200 OK

9.8 kB

URL GET HTTP/3
freefire-garena-promo.com.ru/freefire/imgg/twitter-l.png
IP
104.21.34.141:443
ASN
#13335 CLOUDFLARENET

Requested by
https://freefire-garena-promo.com.ru/freefire/
Certificate
IssuerLet's Encrypt
Subjectfreefire-garena-promo.com.ru
FingerprintEE:7C:83:05:CB:1F:D0:FD:A2:3F:25:4D:08:4D:29:DB:5C:27:20:15
ValiditySat, 06 Apr 2024 17:04:35 GMT - Fri, 05 Jul 2024 17:04:34 GMT

File type
PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced
Size
9.8 kB (9812 bytes)
Hash
fac267d563f943d005abd2a01d207764
dbd45b8fae0cf4a32c3a9664443d65b4f8cb2cc3
392c6ef45dc72dc2d72c2a2d16ff5fcd5943766e78e14f1f6bb008c59cf80877

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Garena

HTTP Headers

GET /freefire/imgg/twitter-l.png HTTP/1.1
Host: freefire-garena-promo.com.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://freefire-garena-promo.com.ru/freefire/js/responsive.css
Cookie: PHPSESSID=56md0e2mktgs8sou0sn4l7l1ke
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 07 May 2024 18:15:01 GMT
content-type: image/png
content-length: 9812
last-modified: Tue, 02 May 2023 14:12:28 GMT
etag: "64511a4c-2654"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 20938
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AdpM%2FkCVigUqvUGEZS4gXDKCe5he0cJF9DtbviPQCe%2FQpct6CMlybjwIE%2FvsdjRQ8ohIGAcodJ14pcURXtWH%2BQEgMmpZlgOiCAEEx2y7TWIfZSlnikH6Jaa8SeulbasnqRvs0V3JYBjMjmgsmbZj"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803316a3e2a5688-OSL
alt-svc: h3=":443"; ma=86400

freefire-garena-promo.com.ru/freefire/imgg/logo_small_foot.jpg

104.21.34.141

200 OK

3.5 kB

URL GET HTTP/3
freefire-garena-promo.com.ru/freefire/imgg/logo_small_foot.jpg
IP
104.21.34.141:443
ASN
#13335 CLOUDFLARENET

Requested by
https://freefire-garena-promo.com.ru/freefire/
Certificate
IssuerLet's Encrypt
Subjectfreefire-garena-promo.com.ru
FingerprintEE:7C:83:05:CB:1F:D0:FD:A2:3F:25:4D:08:4D:29:DB:5C:27:20:15
ValiditySat, 06 Apr 2024 17:04:35 GMT - Fri, 05 Jul 2024 17:04:34 GMT

File type
JPEG image data, baseline, precision 8, 51x51, components 3
Size
3.5 kB (3522 bytes)
Hash
c34038edcf4185b3e75a6b85f1cd3d4f
3aa218daacaef499d9ae080f36993228455dc814
3dec40957ccb5815562b06c0bcb1cb3fc09a5f0738aa0b9ec2d1390e4e30a346

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Garena

HTTP Headers

GET /freefire/imgg/logo_small_foot.jpg HTTP/1.1
Host: freefire-garena-promo.com.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://freefire-garena-promo.com.ru/freefire/js/all.css
Cookie: PHPSESSID=56md0e2mktgs8sou0sn4l7l1ke
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 07 May 2024 18:15:01 GMT
content-type: image/jpeg
content-length: 3522
last-modified: Tue, 02 May 2023 14:12:28 GMT
etag: "64511a4c-dc2"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 20938
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RKRqYDfmg52%2BvYPyrCVZQp850Ozq%2B%2BBJmi%2BiW%2FIe6W5axt%2F1j4iQgUoAV83CTRjk%2BCXsDrt8ZdDeNsd3Njxlf%2ByqlBjXUQ42OlrgniXyE%2BhNz2C0QF%2BFwwy2uK4K5MLzYD2I6V0mq0wzQtNDCvKS"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803316a3e325688-OSL
alt-svc: h3=":443"; ma=86400

freefire-garena-promo.com.ru/freefire/js/all.css

104.21.34.141

200 OK

6.7 kB

URL GET HTTP/3
freefire-garena-promo.com.ru/freefire/js/all.css
IP
104.21.34.141:443
ASN
#13335 CLOUDFLARENET

Requested by
https://freefire-garena-promo.com.ru/freefire/
Certificate
IssuerLet's Encrypt
Subjectfreefire-garena-promo.com.ru
FingerprintEE:7C:83:05:CB:1F:D0:FD:A2:3F:25:4D:08:4D:29:DB:5C:27:20:15
ValiditySat, 06 Apr 2024 17:04:35 GMT - Fri, 05 Jul 2024 17:04:34 GMT

File type
ASCII text
Size
6.7 kB (6742 bytes)
Hash
53a28e4214c4687dd52b638e275903dd
3b3eed54bd5ec449b19ef3f50ac8479b8744a677
240dd78da8182c3452c33ce404fe0f8f00d377f74ffe301a8c5c3c9846bbdada

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Garena

HTTP Headers

GET /freefire/js/all.css HTTP/1.1
Host: freefire-garena-promo.com.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://freefire-garena-promo.com.ru/freefire/
Cookie: PHPSESSID=56md0e2mktgs8sou0sn4l7l1ke
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 07 May 2024 18:15:01 GMT
content-type: text/css
last-modified: Tue, 02 May 2023 14:12:12 GMT
vary: Accept-Encoding
etag: W/"64511a3c-26b7"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 20938
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2n4dOP9Erer5Fk%2BlPMV6EdpU7DMd9DyqsxuN15LB5lhefaCfbZqz1Qf006dU2FrQCfddfUu9WyR5ivw%2BbMsa01DaUqZIkbEYpJLlHm5uDpDAz%2BZs3%2BOISCqx214KjiKJr1tk9zPZucO7O4PUAz7w"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880331698cdf5688-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

freefire-garena-promo.com.ru/freefire/js/responsive.css

104.21.34.141

200 OK

6.2 kB

URL GET HTTP/3
freefire-garena-promo.com.ru/freefire/js/responsive.css
IP
104.21.34.141:443
ASN
#13335 CLOUDFLARENET

Requested by
https://freefire-garena-promo.com.ru/freefire/
Certificate
IssuerLet's Encrypt
Subjectfreefire-garena-promo.com.ru
FingerprintEE:7C:83:05:CB:1F:D0:FD:A2:3F:25:4D:08:4D:29:DB:5C:27:20:15
ValiditySat, 06 Apr 2024 17:04:35 GMT - Fri, 05 Jul 2024 17:04:34 GMT

File type
ASCII text
Size
6.2 kB (6165 bytes)
Hash
89c4665eeddefa3ae51fab7382024eba
a77f83c34562350ac65da30bf3a57debf4220dd5
98dd27076c997b543c16f490765c3a78f2c739eaccd284a5e32f8662ca26a681

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Garena

HTTP Headers

GET /freefire/js/responsive.css HTTP/1.1
Host: freefire-garena-promo.com.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://freefire-garena-promo.com.ru/freefire/
Cookie: PHPSESSID=56md0e2mktgs8sou0sn4l7l1ke
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 07 May 2024 18:15:01 GMT
content-type: text/css
last-modified: Tue, 02 May 2023 14:12:14 GMT
vary: Accept-Encoding
etag: W/"64511a3e-26bb"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 20938
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vP2cyFw8DmurPeApB5kc9yeat0ej%2B4GBuwWYYhLoOByp9eq9PT7%2FYq6xAbOU1MmD8Mppd73ITZn%2FcPN3FnwnwOzc%2B6jcOEHa9PIJa8HFQmMgD57veSlWGgB4aJN03YWakbzcRLmOe4Ce1Vnt6Vv7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880331698cea5688-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

freefire-garena-promo.com.ru/freefire

104.21.34.141

301 Moved Permanently

9.4 kB

URL User Request GET HTTP/3
freefire-garena-promo.com.ru/freefire
IP
104.21.34.141:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectfreefire-garena-promo.com.ru
FingerprintEE:7C:83:05:CB:1F:D0:FD:A2:3F:25:4D:08:4D:29:DB:5C:27:20:15
ValiditySat, 06 Apr 2024 17:04:35 GMT - Fri, 05 Jul 2024 17:04:34 GMT

File type
data
Size
9.4 kB (9425 bytes)
Hash
78b99f1b5eecd89bce43ae6752090b63
a2cc3cf56b7099d0786d9466cbe830b51ce07250
3ea5257b79d8f64b746b7cbdae4d1ec43f6b3d1cce227bc1746eba5db1e07b83

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Garena

HTTP Headers

GET /freefire HTTP/1.1
Host: freefire-garena-promo.com.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=56md0e2mktgs8sou0sn4l7l1ke
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 301 Moved Permanently
date: Tue, 07 May 2024 18:15:00 GMT
content-type: text/html
location: http://freefire-garena-promo.com.ru/freefire/
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aCCQPotxoNlHqFJSFzvVFjOH3QMuBvM6gR65aWNLDHv%2F4Ed3s832gklcuRYMUXkzbQSZk9YS1hO63mc9c44GlF93T%2FR%2BEV7H85pvVLAdOztcc8cp6DfiOVxZJoVU7AilOvs6oMMG1bfVOtRyjjzZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88033164bb705688-OSL
alt-svc: h3=":443"; ma=86400

aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml

35.244.181.201

444 B

URL
aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml
IP
35.244.181.201:0
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type
XML 1.0 document, ASCII text, with very long lines (332)
Size
444 B (444 bytes)
Hash
3b324dec137a87ef7e24a30a65b13dd0
c0faa95b2f1018e264b3a14aaf50d1003e6c27b3
6cd0b591d9239fc8564627e92a804fc261951b1cbaf5fa58a8ada3cc13f51463

HTTP Headers

GET /update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1
Host: aus5.mozilla.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Cache-Control: no-cache
Pragma: no-cache
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
rule-id: unknown
rule-data-version: unknown
content-signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/aus.content-signature.mozilla.org-2024-06-09-11-51-10.chain; p384ecdsa=dezYZJZ4agWhisp6PSQefdIyfX8nHp3QXAz0jYdzKoGZY34L4X4Wrt5Mx5WEEsYYjuH3wOhCDDb0eBZquliLMSGqXgsIskc6KZPh-4tcf-RaV_coQ2vJyAN8m94wRxRQ
strict-transport-security: max-age=31536000;
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'
x-proxy-cache-status: EXPIRED
content-encoding: gzip
via: 1.1 google
date: Tue, 07 May 2024 18:14:19 GMT
content-type: text/xml; charset=utf-8
vary: Accept-Encoding
content-length: 444
age: 60
cache-control: public,max-age=90
alt-svc: clear
X-Firefox-Spdy: h2

freefiremobile-a.akamaihd.net/ffwebsite/images/freefire32-2.ico

23.36.76.90

200 OK

4.3 kB

URL GET HTTP/1.1
freefiremobile-a.akamaihd.net/ffwebsite/images/freefire32-2.ico
IP
23.36.76.90:443
ASN
#20940 Akamai International B.V.

Requested by
https://freefire-garena-promo.com.ru/freefire/
Certificate
IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT

File type
MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
Size
4.3 kB (4286 bytes)
Hash
0d2f0e9b2281bf40f5964f6f79fba17a
6288c3d63579f1bf3822471f946e4022fb80ce97
ca80122571d6d7aea0a3c96b926fd53e5d53f7526c23b6a1f79396420bb08990

HTTP Headers

GET /ffwebsite/images/freefire32-2.ico HTTP/1.1
Host: freefiremobile-a.akamaihd.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://freefire-garena-promo.com.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: OBS
Content-Type: image/x-icon
Content-Length: 4286
x-obs-request-id: 0000018E068173A294107DF8BFE0D5A0
Accept-Ranges: bytes
ETag: "0d2f0e9b2281bf40f5964f6f79fba17a"
Last-Modified: Thu, 04 Aug 2022 12:38:52 GMT
x-obs-id-2: 32AAAQAAEAABAAAQAAEAABAAAQAAEAABCSkXKNcPrqtXqf/WQKFJq279sMOFSaIO
Date: Tue, 07 May 2024 18:15:03 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
Cache-Control: public, max-age=3600
Access-Control-Allow-Origin: *

freefire-garena-promo.com.ru/freefire/js/reset.css

104.21.34.141

200 OK

1.1 kB

URL GET HTTP/3
freefire-garena-promo.com.ru/freefire/js/reset.css
IP
104.21.34.141:443
ASN
#13335 CLOUDFLARENET

Requested by
https://freefire-garena-promo.com.ru/freefire/
Certificate
IssuerLet's Encrypt
Subjectfreefire-garena-promo.com.ru
FingerprintEE:7C:83:05:CB:1F:D0:FD:A2:3F:25:4D:08:4D:29:DB:5C:27:20:15
ValiditySat, 06 Apr 2024 17:04:35 GMT - Fri, 05 Jul 2024 17:04:34 GMT

File type
ASCII text, with very long lines (1153), with no line terminators
Size
1.1 kB (1092 bytes)
Hash
2fe980b8e50df6964d3d4928ef3db3cb
b85c393a01fff025a96b549bc76049f3b582e558
b91a3f3561417b40957b009fd79addc5893a633a714a06e4aa57a2311d81fe04

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Garena

HTTP Headers

GET /freefire/js/reset.css HTTP/1.1
Host: freefire-garena-promo.com.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://freefire-garena-promo.com.ru/freefire/
Cookie: PHPSESSID=56md0e2mktgs8sou0sn4l7l1ke
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 07 May 2024 18:15:01 GMT
content-type: text/css
last-modified: Tue, 02 May 2023 14:12:12 GMT
vary: Accept-Encoding
etag: W/"64511a3c-444"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 20938
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ynOy1x313OjaGavkGUcVAuq%2FW2suF2bj%2F9isBIPyIpfnqv8iB1OowtXlNt0HqeHG274s4VvK9kluDmDr%2F7IptnitiPExBafb%2BoCnkjIymc9shwpkgwHtXzsUoHVupA0iAMO3kpIcjmSqoj0AmD3e"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880331697cd25688-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

freefire-garena-promo.com.ru/freefire/js/analytics.js

104.21.34.141

200 OK

47 kB

URL GET HTTP/3
freefire-garena-promo.com.ru/freefire/js/analytics.js
IP
104.21.34.141:443
ASN
#13335 CLOUDFLARENET

Requested by
https://freefire-garena-promo.com.ru/freefire/
Certificate
IssuerLet's Encrypt
Subjectfreefire-garena-promo.com.ru
FingerprintEE:7C:83:05:CB:1F:D0:FD:A2:3F:25:4D:08:4D:29:DB:5C:27:20:15
ValiditySat, 06 Apr 2024 17:04:35 GMT - Fri, 05 Jul 2024 17:04:34 GMT

File type
JavaScript source, ASCII text, with very long lines (1325)
Size
47 kB (47051 bytes)
Hash
53ee95b384d866e8692bb1aef923b763
a82812b87b667d32a8e51514c578a5175edd94b4
e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Garena

HTTP Headers

GET /freefire/js/analytics.js HTTP/1.1
Host: freefire-garena-promo.com.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://freefire-garena-promo.com.ru/freefire/
Cookie: PHPSESSID=56md0e2mktgs8sou0sn4l7l1ke
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 07 May 2024 18:15:01 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 02 May 2023 14:12:12 GMT
vary: Accept-Encoding
etag: W/"64511a3c-b7cb"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 20938
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5VKUVpig%2FK%2BJoRMr5TCnmea7q6ghp43xZn8Z6DvtQGppgj3tpa%2BNXHlVMwwpMtF9SKG2EZrxrIXwEmxnsN5FD8SkY59TWdYB7oFkd76wZ1HXdkN62dV3WbPtjBQva9x55jr26TP3NmS2YXYWE6D%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880331698cf45688-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

freefire-garena-promo.com.ru/freefire/imgg/top_teeth-l.png

104.21.34.141

200 OK

144 B

URL GET HTTP/3
freefire-garena-promo.com.ru/freefire/imgg/top_teeth-l.png
IP
104.21.34.141:443
ASN
#13335 CLOUDFLARENET

Requested by
https://freefire-garena-promo.com.ru/freefire/
Certificate
IssuerLet's Encrypt
Subjectfreefire-garena-promo.com.ru
FingerprintEE:7C:83:05:CB:1F:D0:FD:A2:3F:25:4D:08:4D:29:DB:5C:27:20:15
ValiditySat, 06 Apr 2024 17:04:35 GMT - Fri, 05 Jul 2024 17:04:34 GMT

File type
PNG image data, 350 x 9, 8-bit/color RGBA, non-interlaced
Size
144 B (144 bytes)
Hash
fe98481dd3ffad514594309ceb2ef4ba
0fcc8e2afec22a1abcbf7de83624504919da9a13
42fcead125ad8660c031f3b763fd048fd06b4a70a7a48cf17bc03073fb255fae

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Garena

HTTP Headers

GET /freefire/imgg/top_teeth-l.png HTTP/1.1
Host: freefire-garena-promo.com.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://freefire-garena-promo.com.ru/freefire/js/responsive.css
Cookie: PHPSESSID=56md0e2mktgs8sou0sn4l7l1ke
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 07 May 2024 18:15:01 GMT
content-type: image/png
content-length: 144
last-modified: Tue, 02 May 2023 14:12:30 GMT
etag: "64511a4e-90"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 20938
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aCCbr2Zq%2B6CoDwWUfULVUbzeuSXwxb3GroppV0CXhlxoM%2BSFrpXvLofbPtwL6GxcWCqSKyluefPK200AcBrAUJsr723SL12ySkLIChkcfuU8r59pbO1ddfu1Z%2BJtSkMObc7sOSIditO%2BRPN%2FmXuN"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803316a1df75688-OSL
alt-svc: h3=":443"; ma=86400

freefire-garena-promo.com.ru/freefire/js/ie10-viewport-bug-workaround.css

104.21.34.141

200 OK

433 B

URL GET HTTP/3
freefire-garena-promo.com.ru/freefire/js/ie10-viewport-bug-workaround.css
IP
104.21.34.141:443
ASN
#13335 CLOUDFLARENET

Requested by
https://freefire-garena-promo.com.ru/freefire/
Certificate
IssuerLet's Encrypt
Subjectfreefire-garena-promo.com.ru
FingerprintEE:7C:83:05:CB:1F:D0:FD:A2:3F:25:4D:08:4D:29:DB:5C:27:20:15
ValiditySat, 06 Apr 2024 17:04:35 GMT - Fri, 05 Jul 2024 17:04:34 GMT

File type
ASCII text, with very long lines (446), with no line terminators
Size
433 B (433 bytes)
Hash
70633038c1b05c2fe4facd577f7b664b
b6f59e727d97bd1539eaf6d8cd826885e6cda628
95fb496fb65840b7aa68256aeb4af19747ec9b9831a6e6eede37bacfdbd64c1e

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Garena

HTTP Headers

GET /freefire/js/ie10-viewport-bug-workaround.css HTTP/1.1
Host: freefire-garena-promo.com.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://freefire-garena-promo.com.ru/freefire/
Cookie: PHPSESSID=56md0e2mktgs8sou0sn4l7l1ke
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 07 May 2024 18:15:01 GMT
content-type: text/css
last-modified: Tue, 02 May 2023 14:12:12 GMT
etag: W/"64511a3c-1b1"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 20938
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bvzdf1nug%2F%2B55X21f6ne1WKQ%2F3CWnzY2%2BQC5W7%2F0KT0%2BqNkMOH9%2B0ChV31mIPyRquIrfyiqkw3WEU%2Bl%2Bt1Xh7Oygn1wwnIx5BFov1AX9ARKF9DIn1zjhKv3AOlRFFnJsbfUdqjlr5JILa5RE4D7N"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880331698cda5688-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (2)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (21)

URL User Request GET HTTP/3

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/3