userdata.freefireindiamobile.com
Open in
urlscan Pro
148.222.67.168
Malicious Activity!
Public Scan
Submission: On May 27 via manual from IN — Scanned from SG
Summary
TLS certificate: Issued by R3 on May 23rd 2024. Valid for: 3 months.
This is the only time userdata.freefireindiamobile.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Garena Free Fire (Gaming)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
6 | 148.222.67.168 148.222.67.168 | 58521 (GARENA-SG...) (GARENA-SG Garena Online Pte Ltd) | |
8 | 152.199.39.4 152.199.39.4 | 15133 (EDGECAST) (EDGECAST) | |
1 | 172.253.118.97 172.253.118.97 | 15169 (GOOGLE) (GOOGLE) | |
1 | 202.81.113.69 202.81.113.69 | 58521 (GARENA-SG...) (GARENA-SG Garena Online Pte Ltd) | |
16 | 5 |
ASN58521 (GARENA-SG Garena Online Pte Ltd, SG)
userdata.freefireindiamobile.com |
ASN15169 (GOOGLE, US)
PTR: sl-in-f97.1e100.net
www.googletagmanager.com |
ASN58521 (GARENA-SG Garena Online Pte Ltd, SG)
logcollector.data.garenanow.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
freefiremobile.com
dl.dir.freefiremobile.com — Cisco Umbrella Rank: 32577 |
382 KB |
6 |
freefireindiamobile.com
userdata.freefireindiamobile.com |
1 MB |
1 |
garenanow.com
logcollector.data.garenanow.com — Cisco Umbrella Rank: 279780 |
167 B |
1 |
googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 39 |
47 KB |
16 | 4 |
Domain | Requested by | |
---|---|---|
8 | dl.dir.freefiremobile.com |
userdata.freefireindiamobile.com
|
6 | userdata.freefireindiamobile.com |
userdata.freefireindiamobile.com
dl.dir.freefiremobile.com |
1 | logcollector.data.garenanow.com | |
1 | www.googletagmanager.com |
userdata.freefireindiamobile.com
|
16 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
userdata.freefireindiamobile.com R3 |
2024-05-23 - 2024-08-21 |
3 months | crt.sh |
garenanow.com GeoTrust TLS RSA CA G1 |
2024-04-25 - 2025-05-26 |
a year | crt.sh |
*.google-analytics.com GTS CA 1C3 |
2024-05-06 - 2024-07-29 |
3 months | crt.sh |
logcollector.data.garenanow.com R3 |
2024-04-23 - 2024-07-22 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://userdata.freefireindiamobile.com/
Frame ID: 8A15E2639DFBA650C2A5D00383F980BE
Requests: 19 HTTP requests in this frame
Screenshot
Page Title
[FF] UserdataDetected technologies
Vue.js (JavaScript Frameworks) ExpandDetected patterns
- <[^>]+\sdata-v(?:ue)?-
- (?:/([\d.]+))?/vue(?:\.min)?\.js
Google Tag Manager (Tag Managers) Expand
Detected patterns
- googletagmanager\.com/gtag/js
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
16 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
userdata.freefireindiamobile.com/ |
4 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app.1fbf1200.css
userdata.freefireindiamobile.com/css/ |
27 KB 8 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app.d6136eda.js
userdata.freefireindiamobile.com/js/ |
33 KB 10 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
chunk-vendors.5f24439d.js
userdata.freefireindiamobile.com/js/ |
823 KB 260 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
vue.min.js
dl.dir.freefiremobile.com/common/web_event/common/js/ |
91 KB 34 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
vue-router.min.js
dl.dir.freefiremobile.com/common/web_event/common/js/ |
28 KB 10 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
axios.min.js
dl.dir.freefiremobile.com/common/web_event/common/js/ |
14 KB 5 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
GA.8c8849937e3958e738c4.js
dl.dir.freefiremobile.com/common/web_event/gaFe/ |
11 KB 5 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
123 KB 47 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo_template.png
dl.dir.freefiremobile.com/common/web_event/crafactory3.0/images/ |
253 KB 253 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
info
userdata.freefireindiamobile.com/api/ |
44 B 132 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
background.0ec313ec.jpg
userdata.freefireindiamobile.com/img/ |
1 MB 1 MB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
200 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
192 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
AgencyFB.ttf
dl.dir.freefiremobile.com/common/web_event/common/fonts/ |
58 KB 58 KB |
Font
font/ttf |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
AgencyFB-Bold.woff
dl.dir.freefiremobile.com/common/web_event/common/fonts/ |
16 KB 17 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon.png
dl.dir.freefiremobile.com/common/web_event/common/images/ |
844 B 1 KB |
Other
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pd.gif
logcollector.data.garenanow.com/ |
43 B 167 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Garena Free Fire (Gaming)20 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
string| analyticsId string| gaEventLogName string| src object| script function| gtag number| lastTouchEnd object| promises function| nativePromiseThen object| dataLayer function| Vue object| t function| e function| VueRouter function| axios object| webpackJsonp object| regeneratorRuntime object| google_tag_manager object| google_tag_data function| webpackHotUpdate object| garenaGA0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
dl.dir.freefiremobile.com
logcollector.data.garenanow.com
userdata.freefireindiamobile.com
www.googletagmanager.com
148.222.67.168
152.199.39.4
172.253.118.97
202.81.113.69
2c862bfe17f2d16d865ae4ca39068b0661dcdd42922c7e288449d4a325b01cee
33039860628de8197d8b50b15a6074a698ca434329ad8fab47f00742c144d072
34268a645025ec250d3f7ad643e65c7e9e39f8290fcbc54dbfcf37d7ca7eba61
354fcbecfba26d0947fc4a5d809d8339574588589ab94e00347028784fa1a38b
4561ff944c0cf307148f5261474729c00d4099508534d6ea57a5f190eaef47ea
4c187de0840b9e5fb6d772aeeea9361bf1fd720feff8e764ed50e65470a888ba
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
7d8b9c73fef42dbab3afbe619eb448a5fbe8c1f28af2683beef8f7c05739932e
83e40aef92138c841a236895c09496aa49fb2959472427c9397a1bacd51c62b3
8ad435b23a162c1aca70f87944041a5c71489be99ce5b31861413d557464ca45
af072e5a624ed7b6f7d36fa1a05f8bcf9549c919dce2053f98f9612a84c95aa4
bbc2aee0c334dcc3f7c914d11f0cb3c9a60e76e616081db905de31be8f1c22d3
d0d8e10edca5d489536b2a072ad0cf1cc639608d27320b79bde7a003799b5b66
d672eb87a3787bdaf8f75df50f9ade864e2d5c9cdec5b07ce6de9d7d39433ea2
e5d1ff232a26bd3b8a702a52464d1bdf12992e9f166084da5cfad235d8f7b20e
e6915f17c9de5f43e9104599036319a1b71e2847f7717328157fe819dd68c71d
e9589511b4355cc695ce0fb905b0cfdaa49bf248e76ae69eb9e1d7445d8deb33
f7d17ddc885f7ae559ec6ef21343a26eb0dee8afe1b05b048f3662fa5f7bea23
f9eff9f3183285e73e55cbc98bf898619d368efcf52837fdb41956eec2d058a8