reward.ff.theextraevent.com
Open in
urlscan Pro
202.181.78.147
Malicious Activity!
Public Scan
Submission: On March 26 via manual from IN — Scanned from SG
Summary
TLS certificate: Issued by R3 on March 1st 2023. Valid for: 3 months.
This is the only time reward.ff.theextraevent.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Garena Free Fire (Gaming)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
4 | 202.181.78.147 202.181.78.147 | 58521 (GARENA-SG...) (GARENA-SG Garena Online Pte Ltd) | |
1 | 2404:6800:400... 2404:6800:4003:c00::61 | 15169 (GOOGLE) (GOOGLE) | |
1 | 2404:6800:400... 2404:6800:4003:c05::5f | 15169 (GOOGLE) (GOOGLE) | |
1 | 2001:4860:480... 2001:4860:4802:32::178 | 15169 (GOOGLE) (GOOGLE) | |
1 | 202.181.78.145 202.181.78.145 | 58521 (GARENA-SG...) (GARENA-SG Garena Online Pte Ltd) | |
11 | 23.32.236.121 23.32.236.121 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
2 | 2600:1417:980... 2600:1417:9800::1720:ec31 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
21 | 7 |
ASN58521 (GARENA-SG Garena Online Pte Ltd, SG)
reward.ff.theextraevent.com |
ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-32-236-121.deploy.static.akamaitechnologies.com
dlgarenanow-a.akamaihd.net |
ASN20940 (AKAMAI-ASN1, NL)
dl.dir.freefiremobile.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
11 |
akamaihd.net
dlgarenanow-a.akamaihd.net — Cisco Umbrella Rank: 311714 |
441 KB |
4 |
theextraevent.com
reward.ff.theextraevent.com |
121 KB |
2 |
freefiremobile.com
dl.dir.freefiremobile.com — Cisco Umbrella Rank: 47049 |
74 KB |
1 |
garenanow.com
rosetta.garenanow.com |
8 KB |
1 |
google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 25 |
262 B |
1 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 31 |
33 KB |
1 |
googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 39 |
69 KB |
21 | 7 |
Domain | Requested by | |
---|---|---|
11 | dlgarenanow-a.akamaihd.net |
reward.ff.theextraevent.com
|
4 | reward.ff.theextraevent.com |
reward.ff.theextraevent.com
|
2 | dl.dir.freefiremobile.com |
reward.ff.theextraevent.com
|
1 | rosetta.garenanow.com |
reward.ff.theextraevent.com
|
1 | www.google-analytics.com |
www.googletagmanager.com
|
1 | fonts.googleapis.com |
reward.ff.theextraevent.com
|
1 | www.googletagmanager.com |
reward.ff.theextraevent.com
|
21 | 7 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
reward.ff.theextraevent.com R3 |
2023-03-01 - 2023-05-30 |
3 months | crt.sh |
*.google-analytics.com GTS CA 1C3 |
2023-03-06 - 2023-05-29 |
3 months | crt.sh |
upload.video.google.com GTS CA 1C3 |
2023-03-06 - 2023-05-29 |
3 months | crt.sh |
rosetta.garenanow.com R3 |
2023-02-20 - 2023-05-21 |
3 months | crt.sh |
a248.e.akamai.net DigiCert TLS RSA SHA256 2020 CA1 |
2022-06-28 - 2023-06-30 |
a year | crt.sh |
dl.kgtw.garenanow.com DigiCert TLS RSA SHA256 2020 CA1 |
2022-04-29 - 2023-05-03 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://reward.ff.theextraevent.com/?_gl=1*v090jw*_ga*NjIwOTM3MDgyLjE2NzMxMDIxNjU.*_ga_Y1QNJ6ZLV6*MTY3OTgyNzU1OS40LjAuMTY3OTgyNzU1OS4wLjAuMA..
Frame ID: 663A428021C5C64CEBDC33EA90766080
Requests: 21 HTTP requests in this frame
Screenshot
Page Title
Free FireDetected technologies
Vue.js (JavaScript Frameworks) ExpandDetected patterns
- <[^>]+\sdata-v(?:ue)?-
Google Analytics (Analytics) Expand
Detected patterns
Google Tag Manager (Tag Managers) Expand
Detected patterns
- googletagmanager\.com/gtag/js
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
21 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
reward.ff.theextraevent.com/ |
2 KB 894 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
191 KB 69 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.222c6cf55c1ef7710e33.css
reward.ff.theextraevent.com/assets/css/ |
68 KB 9 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
vendors~main.009ef22ef50c19912fa7.js
reward.ff.theextraevent.com/assets/js/ |
251 KB 80 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.642892803a995b005317.js
reward.ff.theextraevent.com/assets/js/ |
159 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
117 KB 33 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
www.google-analytics.com/g/ |
0 262 B |
Ping
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
203
rosetta.garenanow.com/transify/ |
8 KB 8 KB |
Fetch
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
facebook.png
dlgarenanow-a.akamaihd.net/mgames/ffmhk/common/web_event/tweb-event/redemption/img/ |
9 KB 9 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
vk.png
dlgarenanow-a.akamaihd.net/mgames/ffmhk/common/web_event/tweb-event/redemption/img/ |
10 KB 10 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
google.png
dlgarenanow-a.akamaihd.net/mgames/ffmhk/common/web_event/tweb-event/redemption/img/ |
6 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
huawei.png
dlgarenanow-a.akamaihd.net/mgames/ffmhk/common/web_event/tweb-event/redemption/img/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
apple.png
dlgarenanow-a.akamaihd.net/mgames/ffmhk/common/web_event/tweb-event/redemption/img/ |
9 KB 9 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
twitter.png
dlgarenanow-a.akamaihd.net/mgames/ffmhk/common/web_event/tweb-event/redemption/img/ |
10 KB 10 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
arrow.png
dlgarenanow-a.akamaihd.net/mgames/ffmhk/common/web_event/tweb-event/redemption/img/ |
449 B 829 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo_small_foot.jpg
dlgarenanow-a.akamaihd.net/mgames/ffmhk/common/web_event/tweb-event/redemption/img/ |
3 KB 4 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bg.jpg
dlgarenanow-a.akamaihd.net/mgames/ffmhk/common/web_event/tweb-event/redemption/img/ |
134 KB 134 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
top_teeth-l.png
dlgarenanow-a.akamaihd.net/mgames/ffmhk/common/web_event/tweb-event/redemption/img/ |
144 B 522 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo-new.png
dlgarenanow-a.akamaihd.net/mgames/ffmhk/common/web_event/tweb-event/redemption/img/ |
253 KB 253 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
GFFLatinW05-Bold.woff
dl.dir.freefiremobile.com/common/web_event/common/fonts/website/ |
37 KB 38 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
GFFLatinW05-Regular.woff
dl.dir.freefiremobile.com/common/web_event/common/fonts/website/ |
36 KB 36 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Garena Free Fire (Gaming)10 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless function| gtag object| dataLayer object| google_tag_manager object| google_tag_data object| gaGlobal object| webpackJsonp object| __SENTRY__ object| regeneratorRuntime object| vue2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.theextraevent.com/ | Name: _ga_Y1QNJ6ZLV6 Value: GS1.1.1679839704.1.0.1679839704.0.0.0 |
|
.theextraevent.com/ | Name: _ga Value: GA1.1.211585845.1679839705 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
dl.dir.freefiremobile.com
dlgarenanow-a.akamaihd.net
fonts.googleapis.com
reward.ff.theextraevent.com
rosetta.garenanow.com
www.google-analytics.com
www.googletagmanager.com
2001:4860:4802:32::178
202.181.78.145
202.181.78.147
23.32.236.121
2404:6800:4003:c00::61
2404:6800:4003:c05::5f
2600:1417:9800::1720:ec31
0c9f7cf605fe9b7997cd43da48328bdfc7166b1d3cc48a69fdc120ca09440ccb
1e8c05565c3dc83ddf0569c99b404739611756acdca8cd8812bc2d29fac69411
38e377481a3abf35890dbc9abd19fd4657ab4ea449d24299073da019da5b4281
392c6ef45dc72dc2d72c2a2d16ff5fcd5943766e78e14f1f6bb008c59cf80877
3dec40957ccb5815562b06c0bcb1cb3fc09a5f0738aa0b9ec2d1390e4e30a346
42fcead125ad8660c031f3b763fd048fd06b4a70a7a48cf17bc03073fb255fae
475f5b3cb03384633a4e870c3377b992f13ad8246a23173a282be11faf2c85fb
4c9dd6498bd9427c25b5ba75cd53e959a803b97d1baf262ae98244b7bf09b3b3
52bc42c9e6fe93d0622b2bf9ad21f41f6ff4c64e1ea736723efdc2de362151d0
5441944a6ee96a0dc5935f0b4c180045b41c7ef6068bd50c05dade403fbe150e
756734c7de9dd01ffd9c75ccdfc48f08d51d774f75c6c453d9468812c5282861
8ffae0974acd7014b8e30ff2510ff2c8809103dca22a9e9d252cfd525cc7eff9
94f92c2fa2a770888470701e4e9c0063d11bd846b52739d8b12a06b2dabd3be2
95ba7176653aa8714a63624b858c2d1a89fe9455aede6b8607605d4294030dce
ac768dee11c223ac3fba06a7212fd0163c171e7986735b5cd04f9081504126b3
ba96000a92f9d03cce2c34ab48fb9f1e67976be7b4233c1bd607a87e6e9af82d
bc484693a386a755e9e7613fb564ea5082cc81081243d80fc28a9efc9786f3b7
dd341e408ad0964044128a3b588abea79badcbfe7b46ccd1bc5d09eab6ad7b5d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5d1ff232a26bd3b8a702a52464d1bdf12992e9f166084da5cfad235d8f7b20e
edefde11d13eb274cafd860dd219755352257187b374f313c810cb6a20f0a477