r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a2104f935c638b4767ca5ae0d738ef23
85c6af15af749be0ceeae6de17c36925b750f166
5d4789a3696bd7faa9916768cb627bbc89bf70a756d80e53860cbac13c2bc8b1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5D4789A3696BD7FAA9916768CB627BBC89BF70A756D80E53860CBAC13C2BC8B1"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5591
Expires: Sat, 28 Jan 2023 22:16:56 GMT
Date: Sat, 28 Jan 2023 20:43:45 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 3eb88dea4fe00db1182370e72683c3ab
ca520abf1e91bfd2aef40c6a1270a911071e8922
d8083ee567c7b3023111dc30f32c94237df7db30d4d2daaea0a569e8a3069ad7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D8083EE567C7B3023111DC30F32C94237DF7DB30D4D2DAAEA0A569E8A3069AD7"
Last-Modified: Sat, 28 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8049
Expires: Sat, 28 Jan 2023 22:57:54 GMT
Date: Sat, 28 Jan 2023 20:43:45 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash dcd75ca6daca51c5e39d431468511793
07f76d3bf23d65c9110d810fa71a994e39e085d3
73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Retry-After, Content-Type, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 28 Jan 2023 20:43:06 GMT
content-type: application/json
age: 39
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 302c7548412192add063ad6c8b99cf3b
e5d178931a27db036ce8daae302594d3ff7050b8
fc2bd9091006189e67e8074093805ee5492ce16e1dbfba32e083abeeae34969d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FC2BD9091006189E67E8074093805EE5492CE16E1DBFBA32E083ABEEAE34969D"
Last-Modified: Sat, 28 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11359
Expires: Sat, 28 Jan 2023 23:53:04 GMT
Date: Sat, 28 Jan 2023 20:43:45 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: RChlqzyUFHDYdWggqLQhVRMun5LJux9PIOvGk+a7hxje5ypdRwTTYkaY3gDYVOWolrzVVBod45I=
x-amz-request-id: VPV01BA8DEM7NJ2K
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 28 Jan 2023 20:21:06 GMT
age: 1359
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
sukienfreefire.grerena.vn/
103.147.126.190301 Moved Permanently 242 B URL HTTP/1.1 sukienfreefire.grerena.vn/
IP 103.147.126.190:0
ASN #135967 Bach Kim Network solutions Join stock company
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a39c882f6c2528e5c927bf9f53a5b89e
ad7e8c0357a0fbb789cf0fa1a6da95ad8138c210
db685cff60a3133638213d83b069615f975d4e5299f881b1ae1a25970ae3e6a5
Analyzer Verdict Alert openphish Garena
fortinet Phishing
GET / HTTP/1.1
Host: sukienfreefire.grerena.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Sat, 28 Jan 2023 20:43:44 GMT
Server: Apache/2
Location: https://sukienfreefire.grerena.vn/
Content-Length: 242
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 28 Jan 2023 20:43:45 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Last-Modified, ETag, Expires, Backoff, Content-Length, Cache-Control, Alert, Retry-After, Pragma
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 28 Jan 2023 19:49:03 GMT
age: 3282
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 16a7b6a7128312e2f985d30df18c4487
6017bff79ffb525d9c7f9f32b999b74b5dc69602
663fd12209627f08e759c2ed1c76278a5da79dae1e0b46082dd1bb44775f7a16
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "663FD12209627F08E759C2ED1C76278A5DA79DAE1E0B46082DD1BB44775F7A16"
Last-Modified: Fri, 27 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6439
Expires: Sat, 28 Jan 2023 22:31:05 GMT
Date: Sat, 28 Jan 2023 20:43:46 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash eb4a581d04e1a65cd93eeb57b0057d20
c764015786c05c252003abb34ff1ebab8961dd73
885754b584ab19660cd27567e75b94da4ab4d480b20e17eb85d52899e5d813a4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "885754B584AB19660CD27567E75B94DA4AB4D480B20E17EB85D52899E5D813A4"
Last-Modified: Sat, 28 Jan 2023 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21594
Expires: Sun, 29 Jan 2023 02:43:40 GMT
Date: Sat, 28 Jan 2023 20:43:46 GMT
Connection: keep-alive
push.services.mozilla.com/
35.83.217.74101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.83.217.74:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: VIYVN/541C++gkb7oGAxeA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: S8pMZHyzCwZ6q3+mGdxXC3X2meE=
sukienfreefire.grerena.vn/
103.147.126.190200 OK 3.0 kB URL HTTP/1.1 sukienfreefire.grerena.vn/
IP 103.147.126.190:0
ASN #135967 Bach Kim Network solutions Join stock company
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash 8c47cd8d492b1ebe821b91670c020d84
185c455b42af9be108905a39e3fcce244c2a8043
85a90832a9fe25d9ef924ba498dfbacd58f7bb735e52ab7cab1671cfb570e826
Analyzer Verdict Alert openphish Garena
fortinet Phishing
GET / HTTP/1.1
Host: sukienfreefire.grerena.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 20:43:45 GMT
Server: Apache/2
X-Powered-By: PHP/7.4.24
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 3021
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
code.jquery.com/jquery-3.6.0.min.js
69.16.175.42200 OK 31 kB URL HTTP/2 code.jquery.com/jquery-3.6.0.min.js
IP 69.16.175.42:0
File type ASCII text, with very long lines (65447)
Hash 899f0189aaf034bbba5340f724d91dfa
210ea9de03968edb9d839ba4a0ce2d48666a8ab8
949b6597c5ea907a7ef3c8ca6d5ffc73be2352f9df485b78704e5c4dabac5d0f
GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sukienfreefire.grerena.vn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 20:43:46 GMT
content-encoding: gzip
content-length: 30875
content-type: application/javascript; charset=utf-8
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
accept-ranges: bytes
server: nginx
etag: W/"611feac9-15d9d"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1674938626.dop201.sk1.t,1674938626.cds066.sk1.hn,1674938626.cds210.sk1.c
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/@ionic/core/dist/ionic/ionic.esm.js
151.101.65.229200 OK 5.7 kB URL HTTP/2 cdn.jsdelivr.net/npm/@ionic/core/dist/ionic/ionic.esm.js
IP 151.101.65.229:0
File type ASCII text, with very long lines (19675)
Hash e78ee370c1c794e1e3ff0aefb1759ec1
273e7f01047e80324027fdb3c66a2a62e9aa3a3a
fb1a1db38b372719a344ac7ea062863b967ed7d42bf938f9609cecfe32787c0f
GET /npm/@ionic/core/dist/ionic/ionic.esm.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://sukienfreefire.grerena.vn
Connection: keep-alive
Referer: https://sukienfreefire.grerena.vn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 6.5.1
x-jsd-version-type: version
etag: W/"4d18-AKgzHo54wLauUR2iY6fU/viNcRs"
content-encoding: gzip
accept-ranges: bytes
date: Sat, 28 Jan 2023 20:43:46 GMT
age: 29578
x-served-by: cache-fra-eddf8230092-FRA, cache-bma1678-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 5680
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/@ionic/core/dist/ionic/p-d472be56.js
151.101.65.229200 OK 6.9 kB URL HTTP/2 cdn.jsdelivr.net/npm/@ionic/core/dist/ionic/p-d472be56.js
IP 151.101.65.229:0
File type ASCII text, with very long lines (14950)
Hash aa97dad6ac7edd947f09f8edc041db1d
b156be4548ed698aabfcc2ad084847d76a61034a
3ea285996f64ad7edd5f7e86c6a84823514211d4e5eb455dccae2893557ceeac
GET /npm/@ionic/core/dist/ionic/p-d472be56.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://sukienfreefire.grerena.vn
Connection: keep-alive
Referer: https://cdn.jsdelivr.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 6.5.0
x-jsd-version-type: version
etag: W/"3c9c-KVOOVJADHnynGw2ufXK443GrQHg"
content-encoding: gzip
accept-ranges: bytes
date: Sat, 28 Jan 2023 20:43:46 GMT
age: 41278
x-served-by: cache-fra-eddf8230070-FRA, cache-bma1678-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 6898
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/@ionic/core/dist/ionic/p-b19c8440.js
151.101.65.229200 OK 132 B URL HTTP/2 cdn.jsdelivr.net/npm/@ionic/core/dist/ionic/p-b19c8440.js
IP 151.101.65.229:0
Hash f93add1386c1a9b468eeb9cb0e911f1e
f1a8053fbe1fb11ab6ded442c446fcddb4a84969
033ee806b6a81e0fd04c6776acdafb89428327f3fadfacf25adaf01fe41674fc
GET /npm/@ionic/core/dist/ionic/p-b19c8440.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://sukienfreefire.grerena.vn
Connection: keep-alive
Referer: https://cdn.jsdelivr.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 6.5.0
x-jsd-version-type: version
etag: W/"79-pcD6GMdr0y+3ogXqMMze2dpX3Ps"
content-encoding: gzip
accept-ranges: bytes
date: Sat, 28 Jan 2023 20:43:46 GMT
age: 26508
x-served-by: cache-fra-eddf8230050-FRA, cache-bma1678-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 132
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/@ionic/core/dist/ionic/p-7ca0168a.js
151.101.65.229200 OK 1.6 kB URL HTTP/2 cdn.jsdelivr.net/npm/@ionic/core/dist/ionic/p-7ca0168a.js
IP 151.101.65.229:0
File type ASCII text, with very long lines (3240)
Hash 338d4bfba3257dc0b62f15a2b0088469
a182a2b302072fdbec61b4d3c93d1797c49af3e2
d10672aba5f16fd63dc4972437b162af44e518d97b759c420d8ee23e56fb19de
GET /npm/@ionic/core/dist/ionic/p-7ca0168a.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://sukienfreefire.grerena.vn
Connection: keep-alive
Referer: https://cdn.jsdelivr.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 6.5.0
x-jsd-version-type: version
etag: W/"ce5-HIVhDu8lQ6w+HdKo/RCPjDZ+UDw"
content-encoding: gzip
accept-ranges: bytes
date: Sat, 28 Jan 2023 20:43:46 GMT
age: 41159
x-served-by: cache-fra-eddf8230077-FRA, cache-bma1678-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 1552
X-Firefox-Spdy: h2
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q4
104.18.21.226200 OK 1.5 kB URL HTTP/1.1 ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q4
IP 104.18.21.226:0
Hash 197fd5c5cd8ba2d65d21717294f67790
f640ff246bf666cc6adff6bc87bc94003a628504
81b4c16b7d7de9588970aa9e70036e039d877fffba184a42f81d84ad648065c2
POST /ca/gsatlasr3dvtlsca2022q4 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 20:43:46 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "0981A9E8310CF1708EBDB3D57BD376F065A784A9"
Expires: Sun, 29 Jan 2023 07:00:00 GMT
Last-Modified: Sat, 28 Jan 2023 19:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 3599
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 790c8ff17ba9b4f4-OSL
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ddc9ca683c44c8f67f51c02518c24716
35681414352b24349203ce20ab982d2c90a8a432
d0d3fdf4a1498631bf221122fee5518119c377a731159ed63c34a42af3fef3cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D0D3FDF4A1498631BF221122FEE5518119C377A731159ED63C34A42AF3FEF3CB"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15606
Expires: Sun, 29 Jan 2023 01:03:52 GMT
Date: Sat, 28 Jan 2023 20:43:46 GMT
Connection: keep-alive
i.imgur.com/hqRqPVT.jpg
151.101.244.193200 OK 241 kB IP 151.101.244.193:0
File type JPEG image data, baseline, precision 8, 1281x720, components 3\012- data
Size 241 kB (241206 bytes)
Hash 4dee09c3573774f67e5d5f47c8908a16
1c8db99a6784c8460bf513d6de92c7b3c99fdaa0
b673e2b5804831830d722315f5d889bb3cadc09f514c97825a48692148772b0e
GET /hqRqPVT.jpg HTTP/1.1
Host: i.imgur.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sukienfreefire.grerena.vn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 26 May 2022 23:42:32 GMT
etag: "4dee09c3573774f67e5d5f47c8908a16"
x-amz-storage-class: STANDARD_IA
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sat, 28 Jan 2023 20:43:46 GMT
age: 880457
x-served-by: cache-iad-kiad7000114-IAD, cache-hel1410030-HEL
x-cache: HIT, MISS
x-cache-hits: 48, 0
x-timer: S1674938627.773582,VS0,VE120
strict-transport-security: max-age=300
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
server: cat factory 1.0
x-content-type-options: nosniff
content-length: 241206
X-Firefox-Spdy: h2
sukienfreefire.grerena.vn/css/style.css
103.147.126.190200 OK 4.3 kB URL HTTP/1.1 sukienfreefire.grerena.vn/css/style.css
IP 103.147.126.190:0
ASN #135967 Bach Kim Network solutions Join stock company
Hash 2e59d2cee97a7d20aff878b7163260cc
dc561bcb5486128afebc069df2022383142d20b5
133594a0f02bbe328286c69a4886dc58fd2e0cabd20f3a6e973add26927e21b0
Analyzer Verdict Alert openphish Garena
GET /css/style.css HTTP/1.1
Host: sukienfreefire.grerena.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sukienfreefire.grerena.vn/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 20:43:46 GMT
Server: Apache/2
Last-Modified: Tue, 05 Apr 2022 21:13:08 GMT
ETag: "5d17-5dbeeb6230100-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 4345
Keep-Alive: timeout=2, max=99
Connection: Keep-Alive
Content-Type: text/css
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 8c630e9bbc930d1c367efa81b67be3f7
ec536695531d40a813d99a06271c7c2d698d51d3
39ca0a60c3e2e85712757ead0830d0da82beac1e4f44b6e90243e5ca9326bf4b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 20:43:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
h.top4top.io/p_2016h7ob71.gif
51.159.67.135200 OK 87 kB URL HTTP/2 h.top4top.io/p_2016h7ob71.gif
IP 51.159.67.135:0
File type GIF image data, version 89a, 600 x 140\012- data
Hash 4ff1093f70448d5a5c4c7be56600a2b1
0139a25e781f263ad68081d0ac24bf722faa7b55
f2d0dae13baddb4ef853a0ea61bafaa18f9db27317019673a000df156ad86f92
GET /p_2016h7ob71.gif HTTP/1.1
Host: h.top4top.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sukienfreefire.grerena.vn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 28 Jan 2023 20:43:46 GMT
content-type: image/gif
content-length: 86918
set-cookie: klj_40d147_downloads=ng8ej; Max-Age=85000; Domain=.top4top.io; Path=/; Expires=Sun, 29 Jan 2023 20:20:26 GMT
last-modified: Fri, 09 Jul 2021 10:29:09 GMT
content-disposition: inline; filename="ezgif.com-gif-maker.gif"
etag: "60e824f5-15386"
expires: Sat, 28 Jan 2023 22:43:46 GMT
cache-control: max-age=7200
x-file-id: x39388555x
accept-ranges: bytes
X-Firefox-Spdy: h2
fonts.googleapis.com/css2?family=Baloo+2:wght@600&display=swap
142.250.74.74200 OK 938 B URL HTTP/2 fonts.googleapis.com/css2?family=Baloo+2:wght@600&display=swap
IP 142.250.74.74:0
Hash 3699f3e32501675f267225fc37e6ef48
93c32c2970ed7d4cfcec891a3732492e1ba7e999
20c287946c34f15cad9b09086bbba804c06b6d603e8f6c1dbcd02bab350562fc
GET /css2?family=Baloo+2:wght@600&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sukienfreefire.grerena.vn/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 28 Jan 2023 20:43:47 GMT
date: Sat, 28 Jan 2023 20:43:47 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 8cf65fcdafa84b63cf7005fe57927fcb
3f7d163a96e7f00eb2de9828624ec46e22b4b40a
dfcf629cc49444f646f3a014014a91e36251b4b43655ce2e2eca55263dd196e3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 20:43:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 8cf65fcdafa84b63cf7005fe57927fcb
3f7d163a96e7f00eb2de9828624ec46e22b4b40a
dfcf629cc49444f646f3a014014a91e36251b4b43655ce2e2eca55263dd196e3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 20:43:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/baloo2/v16/wXK0E3kTposypRydzVT08TS3JnAmtdjEyppo_lc.woff2
216.58.207.227200 OK 19 kB URL HTTP/2 fonts.gstatic.com/s/baloo2/v16/wXK0E3kTposypRydzVT08TS3JnAmtdjEyppo_lc.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 18604, version 1.0\012- data
Hash e4b69f37c27ab83effedafe3fa856d66
202e25094feadccbbc06a96fec9c31db064e1d56
653cb64478e69928b05a73b72ba7b91b231cf2c87ae3743040d98ebab5a4b19e
GET /s/baloo2/v16/wXK0E3kTposypRydzVT08TS3JnAmtdjEyppo_lc.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://sukienfreefire.grerena.vn
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 18604
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 27 Jan 2023 03:28:28 GMT
expires: Sat, 27 Jan 2024 03:28:28 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 08 Nov 2022 20:01:08 GMT
content-type: font/woff2
age: 148519
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
sukienfreefire.grerena.vn/luongvantan/tandz.js
103.147.126.190200 OK 6.1 kB URL HTTP/1.1 sukienfreefire.grerena.vn/luongvantan/tandz.js
IP 103.147.126.190:0
ASN #135967 Bach Kim Network solutions Join stock company
File type Unicode text, UTF-8 text, with very long lines (1780)
Hash 72271582899690ae416e8b29e6f21b56
9fb4a79211c0baceab7c03888dfe1c97250f8273
79286ac0c22cea39e254920ffff5e658d9a19b362aeedd78194d08cb17fa4ca7
Analyzer Verdict Alert openphish Garena
fortinet Phishing
GET /luongvantan/tandz.js HTTP/1.1
Host: sukienfreefire.grerena.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sukienfreefire.grerena.vn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 20:43:46 GMT
Server: Apache/2
Last-Modified: Fri, 27 May 2022 06:44:42 GMT
ETag: "50f6-5dff8a4200a80-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 6114
Keep-Alive: timeout=2, max=98
Connection: Keep-Alive
Content-Type: application/javascript
fonts.gstatic.com/s/baloo2/v16/wXK0E3kTposypRydzVT08TS3JnAmtdjEyppm_led7Q.woff2
216.58.207.227200 OK 14 kB URL HTTP/2 fonts.gstatic.com/s/baloo2/v16/wXK0E3kTposypRydzVT08TS3JnAmtdjEyppm_led7Q.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 14248, version 1.0\012- data
Hash c6e254cc21be4f84aaae751c41bd9160
d691d55e50e3e4ae5d1bc01e67de9cc11184b37f
e8448138315a9e438280e1908deb9b9c8b6fe7426718bbdb4162d507fb14dee4
GET /s/baloo2/v16/wXK0E3kTposypRydzVT08TS3JnAmtdjEyppm_led7Q.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://sukienfreefire.grerena.vn
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-type: font/woff2
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 14248
date: Sat, 28 Jan 2023 20:43:47 GMT
expires: Sun, 28 Jan 2024 20:43:47 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 08 Nov 2022 20:07:55 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d54038e93a14abc230fdebff80d6e610
560602c1d6f1f7c9d842e0ca4f653fd84be71151
8b9b0d3b161b932eda386aa5e34fcb29455ea4f0bde65d0476581f8e57b6279b
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "8B9B0D3B161B932EDA386AA5E34FCB29455EA4F0BDE65D0476581F8E57B6279B"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3998
Expires: Sat, 28 Jan 2023 21:50:25 GMT
Date: Sat, 28 Jan 2023 20:43:47 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 8cf65fcdafa84b63cf7005fe57927fcb
3f7d163a96e7f00eb2de9828624ec46e22b4b40a
dfcf629cc49444f646f3a014014a91e36251b4b43655ce2e2eca55263dd196e3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 20:43:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/baloo2/v16/wXK0E3kTposypRydzVT08TS3JnAmtdjEyppn_led7Q.woff2
216.58.207.227200 OK 4.8 kB URL HTTP/2 fonts.gstatic.com/s/baloo2/v16/wXK0E3kTposypRydzVT08TS3JnAmtdjEyppn_led7Q.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 4768, version 1.0\012- data
Hash a43b5aa75298f5d2afcd597d8cb02351
622981fe1b70ddcc2befe786bf5a714dc960a4c8
088fdf765bec2ac8db45bb30c9ba245e38e5aee2bc17a9ebe9e3773ea7a01bed
GET /s/baloo2/v16/wXK0E3kTposypRydzVT08TS3JnAmtdjEyppn_led7Q.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://sukienfreefire.grerena.vn
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 4768
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 28 Jan 2023 12:36:01 GMT
expires: Sun, 28 Jan 2024 12:36:01 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 08 Nov 2022 20:07:52 GMT
content-type: font/woff2
age: 29266
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash d8ec0c712e1d4969f32f9bdf5cde50c5
98bd430591edaf9037d86497990eec85dde47bcc
b92d39760e30a006bb5512675e391933a87541316e39a7971b9d96551159131d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=137805
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 20:43:47 GMT
Etag: "63d50050-117"
Expires: Mon, 30 Jan 2023 11:00:32 GMT
Last-Modified: Sat, 28 Jan 2023 11:00:32 GMT
Server: nginx
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash d8ec0c712e1d4969f32f9bdf5cde50c5
98bd430591edaf9037d86497990eec85dde47bcc
b92d39760e30a006bb5512675e391933a87541316e39a7971b9d96551159131d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 0
Cache-Control: max-age=137805
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 20:43:47 GMT
Etag: "63d50050-117"
Expires: Mon, 30 Jan 2023 11:00:32 GMT
Last-Modified: Sat, 28 Jan 2023 11:00:32 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 279
sukienfreefire.grerena.vn/pages/old.php
103.147.126.190200 OK 236 B URL HTTP/1.1 sukienfreefire.grerena.vn/pages/old.php
IP 103.147.126.190:0
ASN #135967 Bach Kim Network solutions Join stock company
Hash 65fb4d349980cb7b06ca26e4daa911df
e4a7a722aca388997694376f3e5de1d6f3c48a60
2f512ae6130f3580053178f764e79bdd4b691a8d136b398380b693f6f9bf316a
Analyzer Verdict Alert openphish Garena
fortinet Phishing
GET /pages/old.php HTTP/1.1
Host: sukienfreefire.grerena.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://sukienfreefire.grerena.vn/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 20:43:46 GMT
Server: Apache/2
X-Powered-By: PHP/7.4.24
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 236
Keep-Alive: timeout=2, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
freefiremobile-a.akamaihd.net/common/web_event/b1get2/images/toast.png
23.36.76.115200 OK 4.7 kB URL HTTP/1.1 freefiremobile-a.akamaihd.net/common/web_event/b1get2/images/toast.png
IP 23.36.76.115:0
ASN #20940 Akamai International B.V.
File type PNG image data, 953 x 81, 8-bit/color RGBA, non-interlaced\012- data
Hash 1970383e1b289caa82622e38d4be9643
b34d95bb942f45c0551e53b1f79b088c8114a5e5
8df3d3b0eaf7487e08932291d8b2a135ad2ecb2e32bcaba6308df2e2fb7e3436
GET /common/web_event/b1get2/images/toast.png HTTP/1.1
Host: freefiremobile-a.akamaihd.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sukienfreefire.grerena.vn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: OBS
x-obs-request-id: 00000185F2256712914E2025BECBBE22
Accept-Ranges: bytes
ETag: "1970383e1b289caa82622e38d4be9643"
Last-Modified: Thu, 04 Aug 2022 12:28:54 GMT
Content-Type: image/png
x-obs-id-2: 32AAAQAAEAABAAAQAAEAABAAAQAAEAABCSj4iU1SmzsHtYvlHlzJ3QAFeAMomBji
Content-Length: 4723
Date: Sat, 28 Jan 2023 20:43:47 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
Cache-Control: public, max-age=3600
Access-Control-Allow-Origin: *
freefiremobile-a.akamaihd.net/common/web_event/b1get2/images/arrow.gif
23.36.76.115200 OK 4.5 kB URL HTTP/1.1 freefiremobile-a.akamaihd.net/common/web_event/b1get2/images/arrow.gif
IP 23.36.76.115:0
ASN #20940 Akamai International B.V.
File type GIF image data, version 89a, 94 x 56\012- data
Hash e7ee2c678d2185905b0c5ac3307305ba
6fcab251de633805a57e2065e1dd3d909c871c81
29685bc4737559acc10db79fd9536f3bf301e00ac20c497ed32ae6181e0ab260
GET /common/web_event/b1get2/images/arrow.gif HTTP/1.1
Host: freefiremobile-a.akamaihd.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sukienfreefire.grerena.vn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: OBS
x-obs-request-id: 00000185FA1F35809947BED5AB42E1EF
Accept-Ranges: bytes
ETag: "e7ee2c678d2185905b0c5ac3307305ba"
Last-Modified: Thu, 04 Aug 2022 12:28:54 GMT
Content-Type: image/gif
x-obs-id-2: 32AAAQAAEAABAAAQAAEAABAAAQAAEAABCSErykJFlcDqIUr/+DbEBYnBdoGp+vKX
Content-Length: 4454
Date: Sat, 28 Jan 2023 20:43:47 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
Cache-Control: public, max-age=3600
Access-Control-Allow-Origin: *
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2245
Expires: Sat, 28 Jan 2023 21:21:12 GMT
Date: Sat, 28 Jan 2023 20:43:47 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2245
Expires: Sat, 28 Jan 2023 21:21:12 GMT
Date: Sat, 28 Jan 2023 20:43:47 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2245
Expires: Sat, 28 Jan 2023 21:21:12 GMT
Date: Sat, 28 Jan 2023 20:43:47 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg
34.120.237.76200 OK 4.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4205d8106659e00fff1cbe9262918b8c
ab4f6528594a1725934727dc7d834c028a79c609
31f1a28602a194bd0856495d4d81d5c72cd7ff4e5bad6bdd1a31ec3041f4a2cc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4475
x-amzn-requestid: b7b272d6-3089-4f33-89b5-5cb388640e10
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_e6HsaIAMF5Lg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d445f8-1789f7f4264270916da323db;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:45:28 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: hAzO-IMqc1CFpiBAlRl8seIYL9UonyrBMATibovyFq5kEuaweY_VyA==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 21:56:46 GMT
age: 82021
etag: "ab4f6528594a1725934727dc7d834c028a79c609"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2245
Expires: Sat, 28 Jan 2023 21:21:12 GMT
Date: Sat, 28 Jan 2023 20:43:47 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22cc3f55-9811-4ec2-a57e-a3e71a3f0554.jpeg
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22cc3f55-9811-4ec2-a57e-a3e71a3f0554.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ea24bcba583bd8bd139559448a343e68
b9d37c2b14f890d41983a59f352e8f7caa9c94bb
e5ef5975eec964ae1684deb424f00833f2d217bdc7e6c385320ed3adeb6bc1c4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22cc3f55-9811-4ec2-a57e-a3e71a3f0554.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 7585
x-amzn-requestid: bfb52acb-e0d7-482d-8be9-be5db1c16cac
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_vkE5roAMF0Hw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d44663-2d38d314177e0ac40d4c8240;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:47:15 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: K9YWM9eaEc1DQ6wtEEuADnG1U-ahRBXDaiHIAm20dkWMOxPWBlJidw==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 22:46:13 GMT
age: 79054
etag: "b9d37c2b14f890d41983a59f352e8f7caa9c94bb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb887e5-87fa-4855-b0ee-712d39779fa0.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb887e5-87fa-4855-b0ee-712d39779fa0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b7a0759c043594fbe85af422b59b8227
a05cfaad16078f42218dae233da38f6f5dff8487
e898d6ef1b3998fb9322a8fc190069ec5f7b3582bfe8397a2367497d84a27549
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb887e5-87fa-4855-b0ee-712d39779fa0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11568
x-amzn-requestid: 79b70f1f-a157-4dd4-8743-825714195b3c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e9T3UGA3oAMFSlQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c86695-36e60aba09c152c73b8aefcb;Sampled=0
x-amzn-remapped-date: Wed, 18 Jan 2023 21:37:25 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: zt4bgV2C6Wb_Ufa5mZ7-UDTfCvhXJggPJw9668v5DEmyBnWZ-aNrCg==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 23:03:41 GMT
age: 78006
etag: "a05cfaad16078f42218dae233da38f6f5dff8487"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F238effff-cb43-479f-8853-06086fff1bd5.jpeg
34.120.237.76200 OK 9.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F238effff-cb43-479f-8853-06086fff1bd5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f185f0b4f90d06dbb397b44ed9c73dbe
a48e2c369a048447e0e25e4791eb603859391c1c
b466060fc132cc8d23fcb83001206606e2d5502118c65e9f55795b5adbff2fa6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F238effff-cb43-479f-8853-06086fff1bd5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9364
x-amzn-requestid: e556be7b-567a-4c9a-931e-ff6fee42d3a7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_T8GbFoAMFySg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d445b2-6f4476e9388c77a057153277;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:44:18 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: LPkLrx7l9Qf_GKdtJq_77RUkvgnKZlCaDN34xsB5bEO8c9VQEJPAew==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 21:56:38 GMT
etag: "a48e2c369a048447e0e25e4791eb603859391c1c"
content-type: image/jpeg
age: 82029
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2245
Expires: Sat, 28 Jan 2023 21:21:12 GMT
Date: Sat, 28 Jan 2023 20:43:47 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1ed7c466-ac98-4e05-89cf-f0abf56e8d98.jpeg
34.120.237.76200 OK 5.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1ed7c466-ac98-4e05-89cf-f0abf56e8d98.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c982569d070f24dba1259603091c22e3
0f93acb5bee53670cc4ef486922f7333d96a2f4e
9a5a2d8a181a763ee6f60c27b396a0e3d7b1527e5177b2aff8d511db250753ed
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1ed7c466-ac98-4e05-89cf-f0abf56e8d98.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4975
x-amzn-requestid: 633350b7-4686-40d5-8c9d-3c097f8e2d34
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa-EBGuaoAMFbSw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d443b3-4201212c1a0eb2a65d3f494c;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:35:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: M4VR-I89SGD0-FLzHhZ88PJJJmdWTEi0UrBnAmCBCQAdjRsssqnSzw==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 21:49:06 GMT
age: 82481
etag: "0f93acb5bee53670cc4ef486922f7333d96a2f4e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0cadb8fa-5527-46cd-92dd-6316ac84a7d5.jpeg
34.120.237.76200 OK 7.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0cadb8fa-5527-46cd-92dd-6316ac84a7d5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 57b73886cbbb719eda5f733c018eedfb
b84ed40973f8a0d3c10529e34f9466746cfdaf0c
4ba11c23e0bbd2aed53b04ad0b3d22161af1971ddcfb75ae55734de9a49af207
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0cadb8fa-5527-46cd-92dd-6316ac84a7d5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7028
x-amzn-requestid: c1743fed-205a-431b-8648-474facde6d09
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa-CwFtboAMF9rg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d443ab-5b94864c707c42fc36fbc63a;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:35:39 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 7LUa_R8g8Rlv7JJA0_okht-vGe-xBSyZ5TPJTFakAHlncQPZKEdULQ==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 21:48:58 GMT
age: 82489
etag: "b84ed40973f8a0d3c10529e34f9466746cfdaf0c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
sukienfreefire.grerena.vn/assets/img/facebook_text.png
103.147.126.190200 OK 29 kB URL HTTP/1.1 sukienfreefire.grerena.vn/assets/img/facebook_text.png
IP 103.147.126.190:0
ASN #135967 Bach Kim Network solutions Join stock company
File type PNG image data, 604 x 158, 8-bit/color RGBA, non-interlaced\012- data
Hash 74190b93fc4f5d88f0c8e6411ba20bd8
89ce2ecb660a90b8e6ed1b335443d7767c59f28a
092a3cd5f86b3f039feefdeb86694cd16ae545af214cfda614bdbbe2d1bde401
Analyzer Verdict Alert openphish Garena
GET /assets/img/facebook_text.png HTTP/1.1
Host: sukienfreefire.grerena.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sukienfreefire.grerena.vn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 20:43:46 GMT
Server: Apache/2
Last-Modified: Tue, 05 Apr 2022 21:13:08 GMT
ETag: "7075-5dbeeb6230100"
Accept-Ranges: bytes
Content-Length: 28789
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: image/png
dl.dir.freefiremobile.com/common/web_event/gamingdice/fonts/PressStart2P-Regular.ttf
23.36.76.97200 OK 116 kB URL HTTP/1.1 dl.dir.freefiremobile.com/common/web_event/gamingdice/fonts/PressStart2P-Regular.ttf
IP 23.36.76.97:0
ASN #20940 Akamai International B.V.
File type TrueType Font data, 16 tables, 1st "GDEF", 13 names, Microsoft, language 0x409, Copyright 2012 The Press Start 2P Project Authors (cody@zone38.net), with Reserved Font Name "Pr\012- data
Size 116 kB (116008 bytes)
Hash 2c404fd06cd67770807d242b2d2e5a16
6e2e27152e143b0bff28bf3f21f84e4c3f30760e
1732cbf0b83525ca6769c3a58d15de73f38122ed8c056ca7e30a6076767ef3d6
GET /common/web_event/gamingdice/fonts/PressStart2P-Regular.ttf HTTP/1.1
Host: dl.dir.freefiremobile.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://sukienfreefire.grerena.vn
Connection: keep-alive
Referer: https://sukienfreefire.grerena.vn/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: OBS
x-obs-request-id: 0000018347423BF094115EF2BC738426
Accept-Ranges: bytes
ETag: "2c404fd06cd67770807d242b2d2e5a16"
Last-Modified: Thu, 04 Aug 2022 12:32:15 GMT
Content-Type: font/ttf
x-obs-id-2: 32AAAQAAEAABAAAQAAEAABAAAQAAEAABCSSJfoDOjv21cwHe2RT3Nx0Enys4GJCZ
Content-Length: 116008
Date: Sat, 28 Jan 2023 20:43:47 GMT
Connection: keep-alive
X-Forward-Proto: http
CDN-Origin-Protocol: HTTP
Cache-Control: public, max-age=3600
Access-Control-Allow-Origin: *
freefiremobile-a.akamaihd.net/common/web_event/b1get2/images/purchase.png
23.36.76.115200 OK 7.4 kB URL HTTP/1.1 freefiremobile-a.akamaihd.net/common/web_event/b1get2/images/purchase.png
IP 23.36.76.115:0
ASN #20940 Akamai International B.V.
File type PNG image data, 379 x 94, 8-bit/color RGBA, non-interlaced\012- data
Hash f8a1198fc0fd4e19cce68cb98cbd8ab1
e2bfa935589e3f2eb73455e82acba80a644604e4
c8827f7d38ae66631c5cc479dfb23d23a6131227f9ad8ae838d191aed191660f
GET /common/web_event/b1get2/images/purchase.png HTTP/1.1
Host: freefiremobile-a.akamaihd.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sukienfreefire.grerena.vn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: OBS
x-obs-request-id: 00000185FA1F36AB980F18BD69AEB1C2
Accept-Ranges: bytes
ETag: "f8a1198fc0fd4e19cce68cb98cbd8ab1"
Last-Modified: Thu, 04 Aug 2022 12:28:54 GMT
Content-Type: image/png
x-obs-id-2: 32AAAQAAEAABAAAQAAEAABAAAQAAEAABCS47ftQL4Vt1Q7Zs1mhhCkFvL+HY8rgD
Content-Length: 7350
Date: Sat, 28 Jan 2023 20:43:47 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
Cache-Control: public, max-age=3600
Access-Control-Allow-Origin: *
freefiremobile-a.akamaihd.net/common/web_event/b1get2/images/pool.png
23.36.76.115200 OK 40 kB URL HTTP/1.1 freefiremobile-a.akamaihd.net/common/web_event/b1get2/images/pool.png
IP 23.36.76.115:0
ASN #20940 Akamai International B.V.
File type PNG image data, 510 x 622, 8-bit/color RGBA, non-interlaced\012- data
Hash 404ef9fcf563fb04baa76b6967009967
d3b258fee157d695f287df7ec73bf4309dceca26
f936df3794653b1a21c936fed39043e31171b84fced1723991a7fb5eac30bc5f
GET /common/web_event/b1get2/images/pool.png HTTP/1.1
Host: freefiremobile-a.akamaihd.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sukienfreefire.grerena.vn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: OBS
x-obs-request-id: 00000185F225672590169C7CF4DA32DD
Accept-Ranges: bytes
ETag: "404ef9fcf563fb04baa76b6967009967"
Last-Modified: Thu, 04 Aug 2022 12:28:54 GMT
Content-Type: image/png
x-obs-id-2: 32AAAQAAEAABAAAQAAEAABAAAQAAEAABCSSH1i9RYhlmoOZnvHzQf2RMx7Ir6jn0
Content-Length: 39498
Date: Sat, 28 Jan 2023 20:43:48 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
Cache-Control: public, max-age=3600
Access-Control-Allow-Origin: *
freefiremobile-a.akamaihd.net/common/web_event/b1get2/images/purchase_g.png
23.36.76.115200 OK 6.4 kB URL HTTP/1.1 freefiremobile-a.akamaihd.net/common/web_event/b1get2/images/purchase_g.png
IP 23.36.76.115:0
ASN #20940 Akamai International B.V.
File type PNG image data, 379 x 94, 8-bit/color RGBA, non-interlaced\012- data
Hash 030fa1f374bcf291bc5f5d66bcdd1873
7dd452105792aa82a99440ba2d2da6b0ced7a3ec
ba6e1178e628e430d7126f1fadc56ec7ede45d051320c0e8908b9a9de63f8fed
GET /common/web_event/b1get2/images/purchase_g.png HTTP/1.1
Host: freefiremobile-a.akamaihd.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sukienfreefire.grerena.vn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: OBS
x-obs-request-id: 00000185FA1F36E09947BFD5D3CF4558
Accept-Ranges: bytes
ETag: "030fa1f374bcf291bc5f5d66bcdd1873"
Last-Modified: Thu, 04 Aug 2022 12:28:54 GMT
Content-Type: image/png
x-obs-id-2: 32AAAQAAEAABAAAQAAEAABAAAQAAEAABCSEgta1PQeyPQMWiA2TVgNBMXrjvY8Ij
Content-Length: 6410
Date: Sat, 28 Jan 2023 20:43:48 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
Cache-Control: public, max-age=3600
Access-Control-Allow-Origin: *
freefiremobile-a.akamaihd.net/common/web_event/b1get2/images/bg.jpg
23.36.76.115200 OK 41 kB URL HTTP/1.1 freefiremobile-a.akamaihd.net/common/web_event/b1get2/images/bg.jpg
IP 23.36.76.115:0
ASN #20940 Akamai International B.V.
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1283x750, components 3\012- data
Hash b622e31856ae444b6c4a8ce98c953ea0
1e4ad42e54abee993a179bee9f2f7a0decd80ae3
6e540389402e3ced8b111dca3b7f564046e027fdbc472359c9d0e0bced2c346e
GET /common/web_event/b1get2/images/bg.jpg HTTP/1.1
Host: freefiremobile-a.akamaihd.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sukienfreefire.grerena.vn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: OBS
x-obs-request-id: 00000185E1511FB2954BAAC6DD45A727
Accept-Ranges: bytes
ETag: "b622e31856ae444b6c4a8ce98c953ea0"
Last-Modified: Thu, 04 Aug 2022 12:28:54 GMT
Content-Type: image/jpeg
x-obs-id-2: 32AAAQAAEAABAAAQAAEAABAAAQAAEAABCSHMeZ156LVTayEq+buujjbZ0XUzP1Bc
Content-Length: 41015
Date: Sat, 28 Jan 2023 20:43:48 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
Cache-Control: public, max-age=3600
Access-Control-Allow-Origin: *
freefiremobile-a.akamaihd.net/common/web_event/b1get2/images/modal.png
23.36.76.115200 OK 171 kB URL HTTP/1.1 freefiremobile-a.akamaihd.net/common/web_event/b1get2/images/modal.png
IP 23.36.76.115:0
ASN #20940 Akamai International B.V.
File type PNG image data, 878 x 502, 8-bit/color RGBA, non-interlaced\012- data
Size 171 kB (171268 bytes)
Hash e8c82b6614df1742f5739c7f2933bcb9
149804d61a40ab0bda50d68fa8eb259c05c61547
b8c0909154e5245f00756fd4dd8cdf388d279657314b07c550c6227cc7adaaad
GET /common/web_event/b1get2/images/modal.png HTTP/1.1
Host: freefiremobile-a.akamaihd.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sukienfreefire.grerena.vn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: OBS
x-obs-request-id: 00000185FA1F357694181664451932C9
Accept-Ranges: bytes
ETag: "e8c82b6614df1742f5739c7f2933bcb9"
Last-Modified: Thu, 04 Aug 2022 12:28:54 GMT
Content-Type: image/png
x-obs-id-2: 32AAAQAAEAABAAAQAAEAABAAAQAAEAABCS/wtgXPj7tr3The82eAK0OdVckhJjTc
Content-Length: 171268
Date: Sat, 28 Jan 2023 20:43:47 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
Cache-Control: public, max-age=3600
Access-Control-Allow-Origin: *
sukienfreefire.grerena.vn/assets/old/1.jpeg
103.147.126.190200 OK 46 kB URL HTTP/1.1 sukienfreefire.grerena.vn/assets/old/1.jpeg
IP 103.147.126.190:0
ASN #135967 Bach Kim Network solutions Join stock company
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 540x688, components 3\012- data
Hash a4e2240e7f10586714101afc357622b1
e47f1062400e1b08824caf02db90e5e9f4ccd2de
c95972543dc99b403517cfe1d576e314b347228997fe3487ea6df560c2992f38
Analyzer Verdict Alert openphish Garena
fortinet Phishing
GET /assets/old/1.jpeg HTTP/1.1
Host: sukienfreefire.grerena.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sukienfreefire.grerena.vn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 20:43:47 GMT
Server: Apache/2
Last-Modified: Tue, 05 Apr 2022 21:13:08 GMT
ETag: "b1d2-5dbeeb6230100"
Accept-Ranges: bytes
Content-Length: 45522
Keep-Alive: timeout=2, max=96
Connection: Keep-Alive
Content-Type: image/jpeg
sukienfreefire.grerena.vn/assets/incu/1.jpg
103.147.126.190200 OK 218 kB URL HTTP/1.1 sukienfreefire.grerena.vn/assets/incu/1.jpg
IP 103.147.126.190:0
ASN #135967 Bach Kim Network solutions Join stock company
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 559x559, components 3\012- data
Size 218 kB (218095 bytes)
Hash a0b1ef9da6ceb01441bafe307f577ac6
c25d3176be6208764c9fea0f6c632ecfc140fff4
432360a0d8577899a613c18a11150cb52fa83c4863e8495d8a5cb03fa431f9f6
Analyzer Verdict Alert openphish Garena
GET /assets/incu/1.jpg HTTP/1.1
Host: sukienfreefire.grerena.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sukienfreefire.grerena.vn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 20:43:46 GMT
Server: Apache/2
Last-Modified: Tue, 05 Apr 2022 21:13:08 GMT
ETag: "353ef-5dbeeb6230100"
Accept-Ranges: bytes
Content-Length: 218095
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: image/jpeg
www.kolpaper.com/wp-content/uploads/2020/12/Free-Fire-Desktop-Wallpaper.jpg
188.114.96.1200 OK 521 kB URL HTTP/2 www.kolpaper.com/wp-content/uploads/2020/12/Free-Fire-Desktop-Wallpaper.jpg
IP 188.114.96.1:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 2480x1436, components 3\012- data
Size 521 kB (520973 bytes)
Hash 8bc235d5e8a4663c3ef43e3b486efe98
96247fc822e39baa304217bb67bce276541ab17a
d96cd29972d46e5bfaf0dce4fdf3086a61c4e99c007fd21a32b5abcc7afe896d
GET /wp-content/uploads/2020/12/Free-Fire-Desktop-Wallpaper.jpg HTTP/1.1
Host: www.kolpaper.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sukienfreefire.grerena.vn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 20:43:47 GMT
content-type: image/jpeg
last-modified: Fri, 04 Dec 2020 21:09:18 GMT
vary: Accept-Encoding
etag: W/"5fcaa57e-6600b"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache: HIT from Backend
strict-transport-security: max-age=31536000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: HIT
age: 45202
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H%2F4q7DX1tOtqp1x9Ej74TUdQHnuLRToKl67ncMd1%2FdgseWZvZb5IIgbPDe2jGC%2Bs0iSgnwGPEq68PA1chIF5yE1iJBKVNLp4I58TCebnxHGf9dEFXgeeuf9Su5nj%2BDFrD5Cp"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 790c8ff4eaa21c0a-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
sukienfreefire.grerena.vn/assets/old/5.jpeg
103.147.126.190200 OK 166 kB URL HTTP/1.1 sukienfreefire.grerena.vn/assets/old/5.jpeg
IP 103.147.126.190:0
ASN #135967 Bach Kim Network solutions Join stock company
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1000x1000, components 3\012- data
Size 166 kB (166206 bytes)
Hash 285e60579c96b5b1eb5e6edb50c9d77d
dbb536e269754f3abbc7c58631081f0f0ba18790
1208995d359654233b5fd7e9719f4fa563ac44e3491010ff7a2bd7b9e85db9b0
Analyzer Verdict Alert openphish Garena
fortinet Phishing
GET /assets/old/5.jpeg HTTP/1.1
Host: sukienfreefire.grerena.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sukienfreefire.grerena.vn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 20:43:47 GMT
Server: Apache/2
Last-Modified: Tue, 05 Apr 2022 21:13:08 GMT
ETag: "2893e-5dbeeb6230100"
Accept-Ranges: bytes
Content-Length: 166206
Keep-Alive: timeout=2, max=99
Connection: Keep-Alive
Content-Type: image/jpeg
freefiremobile-a.akamaihd.net/common/web_event/b1get2/images/bg_icon.png
23.36.76.115200 OK 31 kB URL HTTP/1.1 freefiremobile-a.akamaihd.net/common/web_event/b1get2/images/bg_icon.png
IP 23.36.76.115:0
ASN #20940 Akamai International B.V.
File type PNG image data, 592 x 637, 8-bit/color RGBA, non-interlaced\012- data
Hash 5f0e05495e817397cea2a23208b997e8
fcbd5371c0864d627a168e550fd925e36ec2b9c9
33ea0b0fde442c704bb17650b00bf78e84e9eef9664159191df0a6c4850e849c
GET /common/web_event/b1get2/images/bg_icon.png HTTP/1.1
Host: freefiremobile-a.akamaihd.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sukienfreefire.grerena.vn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: OBS
x-obs-request-id: 00000185FA1F3878981353008D08AE6D
Accept-Ranges: bytes
ETag: "5f0e05495e817397cea2a23208b997e8"
Last-Modified: Thu, 04 Aug 2022 12:28:54 GMT
Content-Type: image/png
x-obs-id-2: 32AAAQAAEAABAAAQAAEAABAAAQAAEAABCSB5JnJsD6VtiK5uz8XTnw9HSxh394um
Content-Length: 31176
Date: Sat, 28 Jan 2023 20:43:48 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
Cache-Control: public, max-age=3600
Access-Control-Allow-Origin: *
sukienfreefire.grerena.vn/assets/old/6.jpeg
103.147.126.190200 OK 52 kB URL HTTP/1.1 sukienfreefire.grerena.vn/assets/old/6.jpeg
IP 103.147.126.190:0
ASN #135967 Bach Kim Network solutions Join stock company
File type PNG image data, 202 x 257, 8-bit/color RGB, non-interlaced\012- data
Hash 7386d3e389490f38876e3660406296d5
b0ad693790e804934ac583a95358a07a4e49760a
1b9be899d402b0efae1398fda858784e5a70d22563075cfc3132641b724e2ed3
Analyzer Verdict Alert openphish Garena
fortinet Phishing
GET /assets/old/6.jpeg HTTP/1.1
Host: sukienfreefire.grerena.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sukienfreefire.grerena.vn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 20:43:47 GMT
Server: Apache/2
Last-Modified: Tue, 05 Apr 2022 21:13:08 GMT
ETag: "cc0d-5dbeeb6230100"
Accept-Ranges: bytes
Content-Length: 52237
Keep-Alive: timeout=2, max=95
Connection: Keep-Alive
Content-Type: image/jpeg
sukienfreefire.grerena.vn/assets/old/4.jpeg
103.147.126.190200 OK 176 kB URL HTTP/1.1 sukienfreefire.grerena.vn/assets/old/4.jpeg
IP 103.147.126.190:0
ASN #135967 Bach Kim Network solutions Join stock company
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1000x1000, components 3\012- data
Size 176 kB (175890 bytes)
Hash f330589547978601ec50329d768ae3f5
437afd155b63c0fbeb3af6e65fe34ef2cd4cc226
c85bd2a679945f3944ec48013d6bf25cd163289c708be4e2542c7dafc5c6e02c
Analyzer Verdict Alert openphish Garena
fortinet Phishing
GET /assets/old/4.jpeg HTTP/1.1
Host: sukienfreefire.grerena.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sukienfreefire.grerena.vn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 20:43:47 GMT
Server: Apache/2
Last-Modified: Tue, 05 Apr 2022 21:13:08 GMT
ETag: "2af12-5dbeeb6230100"
Accept-Ranges: bytes
Content-Length: 175890
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: image/jpeg
ocsp.trust-provider.cn/
47.246.44.205200 OK 600 B IP 47.246.44.205:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
Hash 7c8ab723bd36669cca274482a515e48d
28b9c3dde3001a9d2fe1a2485b6adb7d8a9998f1
8ad9c2b4948243e1a1a84038a70949731064f74ec054f82b6a45ba7b8bec0ee9
POST / HTTP/1.1
Host: ocsp.trust-provider.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
date: Sat, 28 Jan 2023 20:23:58 GMT
last-modified: Sat, 28 Jan 2023 16:17:44 GMT
expires: Sat, 04 Feb 2023 16:17:43 GMT
etag: "28b9c3dde3001a9d2fe1a2485b6adb7d8a9998f1"
cache-control: max-age=601052,s-maxage=1800,public,no-transform,must-revalidate
x-ccacdn-proxy-id: mcdpinlb6
x-frame-options: SAMEORIGIN
cf-cache-status: REVALIDATED
cf-ray: 790c72eedc7e9299-FRA
accept-ranges: bytes
ali-swift-global-savetime: 1674937438
via: cache14.l2de2[0,0,304-0,H], cache8.l2de2[0,0], cache3.se1[20,20,200-0,H], cache1.se1[22,0], cache3.se1[24,0]
age: 1190
x-cache: HIT TCP_REFRESH_HIT dirn:1:188807396
x-swift-savetime: Sat, 28 Jan 2023 20:43:48 GMT
x-swift-cachetime: 610
timing-allow-origin: *, *
eagleid: 2ff62c9716749386287271047e, 2ff62c9716749386287271047e
sukienfreefire.grerena.vn/assets/old/7.jpeg
103.147.126.190200 OK 39 kB URL HTTP/1.1 sukienfreefire.grerena.vn/assets/old/7.jpeg
IP 103.147.126.190:0
ASN #135967 Bach Kim Network solutions Join stock company
File type PNG image data, 201 x 256, 8-bit/color RGB, non-interlaced\012- data
Hash 788f859c6dcc56497477853b61326eee
336b91fb444cb7f34f15b6eccb4b6dd3525a670b
9e660643f3df57b57dcdf85cc0300f04987c24ce1721e6ab79dfc9247be39426
Analyzer Verdict Alert openphish Garena
fortinet Phishing
GET /assets/old/7.jpeg HTTP/1.1
Host: sukienfreefire.grerena.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sukienfreefire.grerena.vn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 20:43:48 GMT
Server: Apache/2
Last-Modified: Tue, 05 Apr 2022 21:13:08 GMT
ETag: "96b6-5dbeeb6230100"
Accept-Ranges: bytes
Content-Length: 38582
Keep-Alive: timeout=2, max=99
Connection: Keep-Alive
Content-Type: image/jpeg
sukienfreefire.grerena.vn/assets/old/8.jpeg
103.147.126.190200 OK 48 kB URL HTTP/1.1 sukienfreefire.grerena.vn/assets/old/8.jpeg
IP 103.147.126.190:0
ASN #135967 Bach Kim Network solutions Join stock company
File type PNG image data, 203 x 257, 8-bit/color RGB, non-interlaced\012- data
Hash 31ae622f2c870439a7934c2ac67d1f2d
5f5784b5486f25ba5eb0820455348578dbd85039
7c95c3bfd77a1bb12b8c38e95497020363505b633e58e1ac09273e447cfbaf4f
Analyzer Verdict Alert openphish Garena
fortinet Phishing
GET /assets/old/8.jpeg HTTP/1.1
Host: sukienfreefire.grerena.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sukienfreefire.grerena.vn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 20:43:48 GMT
Server: Apache/2
Last-Modified: Tue, 05 Apr 2022 21:13:08 GMT
ETag: "bcf2-5dbeeb6230100"
Accept-Ranges: bytes
Content-Length: 48370
Keep-Alive: timeout=2, max=99
Connection: Keep-Alive
Content-Type: image/jpeg
sukienfreefire.grerena.vn/assets/old/9.jpeg
103.147.126.190200 OK 48 kB URL HTTP/1.1 sukienfreefire.grerena.vn/assets/old/9.jpeg
IP 103.147.126.190:0
ASN #135967 Bach Kim Network solutions Join stock company
File type PNG image data, 191 x 241, 8-bit/color RGB, non-interlaced\012- data
Hash 81a310ff0a4c2749cfb3b36a96b32835
f446c4cfa9e2813c49ff73ea398a0d5e7e33c12b
7ba4a593f407d794ac314092b84a7b22b8c732b5b7b7e78d67bd5e4b46bcde80
Analyzer Verdict Alert openphish Garena
fortinet Phishing
GET /assets/old/9.jpeg HTTP/1.1
Host: sukienfreefire.grerena.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sukienfreefire.grerena.vn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 20:43:48 GMT
Server: Apache/2
Last-Modified: Tue, 05 Apr 2022 21:13:08 GMT
ETag: "bbe4-5dbeeb6230100"
Accept-Ranges: bytes
Content-Length: 48100
Keep-Alive: timeout=2, max=98
Connection: Keep-Alive
Content-Type: image/jpeg
ocsp.trust-provider.cn/
47.246.44.205200 OK 600 B IP 47.246.44.205:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
Hash 7c8ab723bd36669cca274482a515e48d
28b9c3dde3001a9d2fe1a2485b6adb7d8a9998f1
8ad9c2b4948243e1a1a84038a70949731064f74ec054f82b6a45ba7b8bec0ee9
POST / HTTP/1.1
Host: ocsp.trust-provider.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
date: Sat, 28 Jan 2023 20:23:58 GMT
last-modified: Sat, 28 Jan 2023 16:17:44 GMT
expires: Sat, 04 Feb 2023 16:17:43 GMT
etag: "28b9c3dde3001a9d2fe1a2485b6adb7d8a9998f1"
cache-control: max-age=601052,s-maxage=1800,public,no-transform,must-revalidate
x-ccacdn-proxy-id: mcdpinlb6
x-frame-options: SAMEORIGIN
cf-cache-status: REVALIDATED
cf-ray: 790c72eedc7e9299-FRA
accept-ranges: bytes
ali-swift-global-savetime: 1674937438
via: cache14.l2de2[0,0,304-0,H], cache3.l2de2[1,0], cache1.se1[83,83,200-0,H], cache1.se1[84,0], cache7.se1[86,0]
age: 1190
x-cache: HIT TCP_REFRESH_HIT dirn:4:213371924
x-swift-savetime: Sat, 28 Jan 2023 20:43:48 GMT
x-swift-cachetime: 610
timing-allow-origin: *, *
eagleid: 2ff62c9b16749386287308924e, 2ff62c9b16749386287308924e
na.apps.amsoveasea.com/swoole/?actid=2020&r=index/getCountry&_only_service_response_=1
129.226.2.89200 OK 55 B URL HTTP/2 na.apps.amsoveasea.com/swoole/?actid=2020&r=index/getCountry&_only_service_response_=1
IP 129.226.2.89:0
ASN #132203 Tencent Building, Kejizhongyi Avenue
File type JSON data\012- , ASCII text, with no line terminators
Hash 282321d0e634380516dc9b071d902b0e
946b6642e5920c21249381cdff0539a340076401
8558e2e54a70e405fcf4291549fbdcfdd9e045cf6fc45b06247dc92a45127ac3
GET /swoole/?actid=2020&r=index/getCountry&_only_service_response_=1 HTTP/1.1
Host: na.apps.amsoveasea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://sukienfreefire.grerena.vn
Connection: keep-alive
Referer: https://sukienfreefire.grerena.vn/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 20:43:49 GMT
content-type: text/html
content-length: 55
server: nginx
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
freefiremobile-a.akamaihd.net/common/web_event/b1get2/images/left_tit.png
23.36.76.115200 OK 6.4 kB URL HTTP/1.1 freefiremobile-a.akamaihd.net/common/web_event/b1get2/images/left_tit.png
IP 23.36.76.115:0
ASN #20940 Akamai International B.V.
File type PNG image data, 249 x 67, 8-bit/color RGBA, non-interlaced\012- data
Hash a7be21a739cb627134f7b4f727d22738
c55fb5552ab09ed2f8c584d0d71b82eaebd52017
020487b2ceebc26c8d309b0ab94170981c0a3b093eeb85a4dc5737e83e83f4fa
GET /common/web_event/b1get2/images/left_tit.png HTTP/1.1
Host: freefiremobile-a.akamaihd.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sukienfreefire.grerena.vn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: OBS
x-obs-request-id: 00000185D58FBF789018C428D3F3B076
Accept-Ranges: bytes
ETag: "a7be21a739cb627134f7b4f727d22738"
Last-Modified: Thu, 04 Aug 2022 12:28:54 GMT
Content-Type: image/png
x-obs-id-2: 32AAAQAAEAABAAAQAAEAABAAAQAAEAABCSriBctuY3OxZQfDHyBR6WNXRQbIzUHy
Content-Length: 6411
Date: Sat, 28 Jan 2023 20:43:49 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
Cache-Control: public, max-age=3600
Access-Control-Allow-Origin: *
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash d2ade408af91f717110cf07d8d89c02a
997134ef254ea49d8aa40d48e55a715e06f9c315
81199c2fc337d94312e50e72a57ccf22e2f47060ddbd623ae9d836f24410a55a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 20:43:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
sukienfreefire.grerena.vn/favicon.ico
103.147.126.190404 Not Found 315 B URL HTTP/1.1 sukienfreefire.grerena.vn/favicon.ico
IP 103.147.126.190:0
ASN #135967 Bach Kim Network solutions Join stock company
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert openphish Garena
GET /favicon.ico HTTP/1.1
Host: sukienfreefire.grerena.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sukienfreefire.grerena.vn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Sat, 28 Jan 2023 20:43:49 GMT
Server: Apache/2
Content-Length: 315
Keep-Alive: timeout=2, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
play-lh.googleusercontent.com/YDas3XR6j4LeWbCr4k9vz-SErhSdY_bLXZY_m5uzZjgGMELXYbZHUkBjkbP6gzhdvRk=s48-rw
142.250.74.86200 OK 5.3 kB URL HTTP/2 play-lh.googleusercontent.com/YDas3XR6j4LeWbCr4k9vz-SErhSdY_bLXZY_m5uzZjgGMELXYbZHUkBjkbP6gzhdvRk=s48-rw
IP 142.250.74.86:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 253c9c33302d73bcc4d4f9947b403e95
f39127344878fa5cb214852e37412fb97fb41a0d
884c4d0324d2f03547b0c9c77362b375c3e946e7f5ec9f41ba66cb1994564ef6
GET /YDas3XR6j4LeWbCr4k9vz-SErhSdY_bLXZY_m5uzZjgGMELXYbZHUkBjkbP6gzhdvRk=s48-rw HTTP/1.1
Host: play-lh.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sukienfreefire.grerena.vn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-expose-headers: Content-Length
etag: "v1"
expires: Sun, 29 Jan 2023 20:43:50 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.webp"
content-type: image/webp
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
date: Sat, 28 Jan 2023 20:43:50 GMT
server: fife
content-length: 5324
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash d2ade408af91f717110cf07d8d89c02a
997134ef254ea49d8aa40d48e55a715e06f9c315
81199c2fc337d94312e50e72a57ccf22e2f47060ddbd623ae9d836f24410a55a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 20:43:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
sukienfreefire.grerena.vn/assets/old/3.jpeg
103.147.126.190200 OK 88 kB URL HTTP/1.1 sukienfreefire.grerena.vn/assets/old/3.jpeg
IP 103.147.126.190:0
ASN #135967 Bach Kim Network solutions Join stock company
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 684x916, components 3\012- data
Hash 6c1fbeaccd5d380502a1cf6aa7a37c08
a58a639e6376dab4ba412a17b719b2598eee8514
b996491d60df30c38f771cc080badce851dac36b592d560aedc89f3401fd3d6b
Analyzer Verdict Alert openphish Garena
fortinet Phishing
GET /assets/old/3.jpeg HTTP/1.1
Host: sukienfreefire.grerena.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sukienfreefire.grerena.vn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 20:43:47 GMT
Server: Apache/2
Last-Modified: Tue, 05 Apr 2022 21:13:08 GMT
ETag: "158af-5dbeeb6230100"
Accept-Ranges: bytes
Content-Length: 88239
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: image/jpeg
freefiremobile-a.akamaihd.net/common/web_event/b1get2/images/header.png
23.36.76.115200 OK 59 kB URL HTTP/1.1 freefiremobile-a.akamaihd.net/common/web_event/b1get2/images/header.png
IP 23.36.76.115:0
ASN #20940 Akamai International B.V.
File type PNG image data, 1288 x 100, 8-bit/color RGBA, non-interlaced\012- data
Hash 71057ee2a0c3e2a18ae5b044924a412c
202b956326ab1e243201f8586b8f995f1c457a42
73a43e9a3b24f10852bac31ff21a50e65bc24030b0db18afdeba5e632ba81072
GET /common/web_event/b1get2/images/header.png HTTP/1.1
Host: freefiremobile-a.akamaihd.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sukienfreefire.grerena.vn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: OBS
x-obs-request-id: 00000185F225689A914E21AAC01D2E9E
Accept-Ranges: bytes
ETag: "71057ee2a0c3e2a18ae5b044924a412c"
Last-Modified: Thu, 04 Aug 2022 12:28:54 GMT
Content-Type: image/png
x-obs-id-2: 32AAAQAAEAABAAAQAAEAABAAAQAAEAABCSD3EPQ+ysZAZAnHwOsZ9F446ZNKKfET
Content-Length: 59341
Date: Sat, 28 Jan 2023 20:43:50 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
Cache-Control: public, max-age=3600
Access-Control-Allow-Origin: *
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F33ce0741-fcf6-4205-8b3a-016953553eaf.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F33ce0741-fcf6-4205-8b3a-016953553eaf.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 195316042e7f798eeeb7993fecb3a383
4aeca24ad4702f87feaf9674ea0c1ff6d71826a3
b7e0a61060455241fce844d2c91eca500d409804361063ddb61053cbc9c7b1c1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F33ce0741-fcf6-4205-8b3a-016953553eaf.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 13376
x-amzn-requestid: 64d0092e-1f1a-4183-a4a6-805e0bf37d32
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa-DvHIyoAMF6fA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d443b1-6387770232ddca74531bce91;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:35:45 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 8cRGlncOQ6qYv7qbI1HxTz-qUYJkTVa5V2qJM1C8XM5dmyXFA8qRvA==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 556b99c6be8d7078b9f067347c62df6a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 21:48:58 GMT
age: 82496
etag: "4aeca24ad4702f87feaf9674ea0c1ff6d71826a3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
files7.webydo.com/91/9140034/UploadedFiles/805AD88C-21B4-02B8-4D75-342F16BCBE43.woff
172.66.43.85200 OK 0 B URL HTTP/2 files7.webydo.com/91/9140034/UploadedFiles/805AD88C-21B4-02B8-4D75-342F16BCBE43.woff
IP 172.66.43.85:0
GET /91/9140034/UploadedFiles/805AD88C-21B4-02B8-4D75-342F16BCBE43.woff HTTP/1.1
Host: files7.webydo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://sukienfreefire.grerena.vn
Connection: keep-alive
Referer: https://sukienfreefire.grerena.vn/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 20:43:47 GMT
content-type: application/font-woff
cf-ray: 790c8ff49f1bb4f7-OSL
access-control-allow-origin: *
cache-control: max-age=2678400
etag: W/"55e2f2c6-5098"
last-modified: Sun, 30 Aug 2015 12:10:46 GMT
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=25bna0rZp1KWzPv3dKTxoHwN0OuPATAOi3vtPT7wPhDrVzrFIijLjR6hLf7yTHL4GHSHorG95ucvb%2FiLL%2FNXlg7LweJtU0cufkYTJUERJJrDplS6IeI7btZwG7coUrBkj9WJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
content-encoding: gzip
X-Firefox-Spdy: h2