userdata.freefireindiamobile.com Open in urlscan Pro
148.222.66.96  Malicious Activity! Public Scan

URL: https://userdata.freefireindiamobile.com/
Submission: On May 29 via manual from IN — Scanned from SG

Summary

This website contacted 5 IPs in 2 countries across 4 domains to perform 16 HTTP transactions. The main IP is 148.222.66.96, located in Singapore and belongs to GARENA-SG Garena Online Pte Ltd, SG. The main domain is userdata.freefireindiamobile.com.
TLS certificate: Issued by R3 on May 23rd 2024. Valid for: 3 months.
This is the only time userdata.freefireindiamobile.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Garena Free Fire (Gaming)

Domain & IP information

IP Address AS Autonomous System
6 148.222.66.96 58521 (GARENA-SG...)
8 152.199.39.4 15133 (EDGECAST)
1 142.251.175.97 15169 (GOOGLE)
1 202.81.113.70 58521 (GARENA-SG...)
16 5
Apex Domain
Subdomains
Transfer
8 freefiremobile.com
dl.dir.freefiremobile.com — Cisco Umbrella Rank: 32577
382 KB
6 freefireindiamobile.com
userdata.freefireindiamobile.com
1 MB
1 garenanow.com
logcollector.data.garenanow.com — Cisco Umbrella Rank: 279780
167 B
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 39
47 KB
16 4
Domain Requested by
8 dl.dir.freefiremobile.com userdata.freefireindiamobile.com
6 userdata.freefireindiamobile.com userdata.freefireindiamobile.com
dl.dir.freefiremobile.com
1 logcollector.data.garenanow.com
1 www.googletagmanager.com userdata.freefireindiamobile.com
16 4

This site contains no links.

Subject Issuer Validity Valid
userdata.freefireindiamobile.com
R3
2024-05-23 -
2024-08-21
3 months crt.sh
garenanow.com
GeoTrust TLS RSA CA G1
2024-04-25 -
2025-05-26
a year crt.sh
*.google-analytics.com
GTS CA 1C3
2024-05-06 -
2024-07-29
3 months crt.sh
logcollector.data.garenanow.com
R3
2024-04-23 -
2024-07-22
3 months crt.sh

This page contains 1 frames:

Primary Page: https://userdata.freefireindiamobile.com/
Frame ID: B0319BB0A0B574E415CEE0ED98155837
Requests: 19 HTTP requests in this frame

Screenshot

Page Title

[FF] Userdata

Detected technologies

Overall confidence: 100%
Detected patterns
  • <[^>]+\sdata-v(?:ue)?-
  • (?:/([\d.]+))?/vue(?:\.min)?\.js

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js

Page Statistics

16
Requests

100 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

5
IPs

2
Countries

1862 kB
Transfer

2634 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
userdata.freefireindiamobile.com/
4 KB
2 KB
Document
General
Full URL
https://userdata.freefireindiamobile.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
148.222.66.96 , Singapore, ASN58521 (GARENA-SG Garena Online Pte Ltd, SG),
Reverse DNS
Software
nginx /
Resource Hash
2c862bfe17f2d16d865ae4ca39068b0661dcdd42922c7e288449d4a325b01cee

Request headers

Accept-Language
en-SG,en;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

cache-control
no-cache
content-encoding
gzip
content-type
text/html
date
Wed, 29 May 2024 04:26:11 GMT
etag
W/"664eb6f9-1084"
expires
Wed, 29 May 2024 04:26:10 GMT
last-modified
Thu, 23 May 2024 03:24:41 GMT
server
nginx
vary
Accept-Encoding
app.1fbf1200.css
userdata.freefireindiamobile.com/css/
27 KB
8 KB
Stylesheet
General
Full URL
https://userdata.freefireindiamobile.com/css/app.1fbf1200.css
Requested by
Host: userdata.freefireindiamobile.com
URL: https://userdata.freefireindiamobile.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
148.222.66.96 , Singapore, ASN58521 (GARENA-SG Garena Online Pte Ltd, SG),
Reverse DNS
Software
nginx /
Resource Hash
354fcbecfba26d0947fc4a5d809d8339574588589ab94e00347028784fa1a38b

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://userdata.freefireindiamobile.com/
Accept-Language
en-SG,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 29 May 2024 04:26:11 GMT
content-encoding
gzip
last-modified
Thu, 23 May 2024 03:24:41 GMT
server
nginx
etag
W/"664eb6f9-6a5b"
vary
Accept-Encoding
content-type
text/css
cache-control
no-cache
expires
Wed, 29 May 2024 04:26:10 GMT
app.d6136eda.js
userdata.freefireindiamobile.com/js/
33 KB
10 KB
Script
General
Full URL
https://userdata.freefireindiamobile.com/js/app.d6136eda.js
Requested by
Host: userdata.freefireindiamobile.com
URL: https://userdata.freefireindiamobile.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
148.222.66.96 , Singapore, ASN58521 (GARENA-SG Garena Online Pte Ltd, SG),
Reverse DNS
Software
nginx /
Resource Hash
33039860628de8197d8b50b15a6074a698ca434329ad8fab47f00742c144d072

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://userdata.freefireindiamobile.com/
Accept-Language
en-SG,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 29 May 2024 04:26:11 GMT
content-encoding
gzip
last-modified
Thu, 23 May 2024 03:24:41 GMT
server
nginx
etag
W/"664eb6f9-843c"
vary
Accept-Encoding
content-type
application/javascript
cache-control
no-cache
expires
Wed, 29 May 2024 04:26:10 GMT
chunk-vendors.5f24439d.js
userdata.freefireindiamobile.com/js/
823 KB
260 KB
Script
General
Full URL
https://userdata.freefireindiamobile.com/js/chunk-vendors.5f24439d.js
Requested by
Host: userdata.freefireindiamobile.com
URL: https://userdata.freefireindiamobile.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
148.222.66.96 , Singapore, ASN58521 (GARENA-SG Garena Online Pte Ltd, SG),
Reverse DNS
Software
nginx /
Resource Hash
d0d8e10edca5d489536b2a072ad0cf1cc639608d27320b79bde7a003799b5b66

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://userdata.freefireindiamobile.com/
Accept-Language
en-SG,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 29 May 2024 04:26:11 GMT
content-encoding
gzip
last-modified
Thu, 23 May 2024 03:24:41 GMT
server
nginx
etag
W/"664eb6f9-cda5b"
vary
Accept-Encoding
content-type
application/javascript
cache-control
no-cache
expires
Wed, 29 May 2024 04:26:10 GMT
vue.min.js
dl.dir.freefiremobile.com/common/web_event/common/js/
91 KB
33 KB
Script
General
Full URL
https://dl.dir.freefiremobile.com/common/web_event/common/js/vue.min.js
Requested by
Host: userdata.freefireindiamobile.com
URL: https://userdata.freefireindiamobile.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.39.4 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (sgc/5705) /
Resource Hash
bbc2aee0c334dcc3f7c914d11f0cb3c9a60e76e616081db905de31be8f1c22d3

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://userdata.freefireindiamobile.com/
Accept-Language
en-SG,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 29 May 2024 04:26:11 GMT
content-encoding
gzip
via
1.1 3ee44ee02b40b3dec09c7185a676054a.cloudfront.net (CloudFront)
age
1490
x-amz-cf-pop
SIN2-P3
x-cache
HIT
ec-version
v6.05
x-obs-request-id
0000018FC28277D0901597A6BF34A56A
content-length
33946
x-obs-id-2
32AAAQAAEAABAAAQAAEAABAAAQAAEAABCSZTOGYjzLOpF3OcLBFf/8BY4DMIFH8w
last-modified
Thu, 04 Aug 2022 12:29:57 GMT
server
ECAcc (sgc/5705)
etag
"b61d0f6becd1987bdeecbe37fed41033+gzip"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
public, max-age=3600
x-amz-cf-id
i4AceCPRABd4p5nIADw2fUibCGf9E02yKp7zPTQi4SgU8rxlZh9zrw==
expires
Wed, 29 May 2024 05:26:11 GMT
vue-router.min.js
dl.dir.freefiremobile.com/common/web_event/common/js/
28 KB
10 KB
Script
General
Full URL
https://dl.dir.freefiremobile.com/common/web_event/common/js/vue-router.min.js
Requested by
Host: userdata.freefireindiamobile.com
URL: https://userdata.freefireindiamobile.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.39.4 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (sgc/5693) /
Resource Hash
e6915f17c9de5f43e9104599036319a1b71e2847f7717328157fe819dd68c71d

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://userdata.freefireindiamobile.com/
Accept-Language
en-SG,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 29 May 2024 04:26:11 GMT
content-encoding
gzip
via
1.1 a6f10891bf05ce2d27b04a152b14cf00.cloudfront.net (CloudFront)
age
1502
x-amz-cf-pop
SIN52-C2
x-cache
HIT
ec-version
v6.05
x-obs-request-id
0000018FC2824A4C941D00D2F4CFAD8F
content-length
9770
x-obs-id-2
32AAAQAAEAABAAAQAAEAABAAAQAAEAABCSct9bmbfspWdAYK8W1/lDl12oNcwXSM
last-modified
Thu, 04 Aug 2022 12:29:57 GMT
server
ECAcc (sgc/5693)
etag
"f5c840f557abb74a3c4b14261d0272fb+gzip"
access-control-max-age
100
access-control-allow-methods
GET
content-type
application/x-javascript
access-control-allow-origin
*
access-control-expose-headers
ETag, x-obs-request-id, x-obs-api, Content-Type, Content-Length, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Expires, x-obs-id-2, x-reserved-indicator, x-obs-version-id, x-obs-copy-source-version-id, x-obs-storage-class, x-obs-delete-marker, x-obs-expiration, x-obs-website-redirect-location, x-obs-restore, x-obs-version, x-obs-object-type, x-obs-next-append-position
cache-control
public, max-age=3600
vary
Accept-Encoding
x-amz-cf-id
DzWQPHgBTeKS1LHIFnsV1xV60cXjyWKWOwXrQZJfHBJvU7otHWtYuA==
expires
Wed, 29 May 2024 05:26:11 GMT
axios.min.js
dl.dir.freefiremobile.com/common/web_event/common/js/
14 KB
5 KB
Script
General
Full URL
https://dl.dir.freefiremobile.com/common/web_event/common/js/axios.min.js
Requested by
Host: userdata.freefireindiamobile.com
URL: https://userdata.freefireindiamobile.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.39.4 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (sgc/56C0) /
Resource Hash
83e40aef92138c841a236895c09496aa49fb2959472427c9397a1bacd51c62b3

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://userdata.freefireindiamobile.com/
Accept-Language
en-SG,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 29 May 2024 04:26:11 GMT
content-encoding
gzip
via
1.1 25bebb657a95cacb0669b29d276b9f96.cloudfront.net (CloudFront)
age
2289
x-amz-cf-pop
SIN2-C1
x-cache
HIT
ec-version
v6.05
x-obs-request-id
0000018FC27648C5901597D340E17406
content-length
4788
x-obs-id-2
32AAAQAAEAABAAAQAAEAABAAAQAAEAABCSIWVjRfIZCWrTq4WnP4B3v1QzDOUeyc
last-modified
Thu, 04 Aug 2022 12:29:56 GMT
server
ECAcc (sgc/56C0)
etag
"27cb70c23ca9ccaf54717acf8a886f4f+gzip"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
public, max-age=3600
x-amz-cf-id
nv_VulKtLqEso0-nHfqoxL21LYI99lXTkRsVnBNW7wMq6LNDeKQ9AA==
expires
Wed, 29 May 2024 05:26:11 GMT
GA.8c8849937e3958e738c4.js
dl.dir.freefiremobile.com/common/web_event/gaFe/
11 KB
5 KB
Script
General
Full URL
https://dl.dir.freefiremobile.com/common/web_event/gaFe/GA.8c8849937e3958e738c4.js
Requested by
Host: userdata.freefireindiamobile.com
URL: https://userdata.freefireindiamobile.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.39.4 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (sgc/56D1) /
Resource Hash
af072e5a624ed7b6f7d36fa1a05f8bcf9549c919dce2053f98f9612a84c95aa4

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://userdata.freefireindiamobile.com/
Accept-Language
en-SG,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 29 May 2024 04:26:11 GMT
content-encoding
gzip
via
1.1 5f0e4b6c5dc81a6ef5ba5add70d69fb0.cloudfront.net (CloudFront)
age
1097
x-amz-cf-pop
SIN52-P1
x-cache
HIT
ec-version
v6.05
x-obs-request-id
0000018FC288787C901411E525F482B1
content-length
4311
x-obs-id-2
32AAAQAAEAABAAAQAAEAABAAAQAAEAABCSOl14LACyY4+zhnrblsQ5hQx2bbsDM2
last-modified
Thu, 04 Aug 2022 12:32:08 GMT
server
ECAcc (sgc/56D1)
etag
"6fecfd97f522819b45232736a025c707+gzip"
access-control-max-age
100
access-control-allow-methods
GET
content-type
application/x-javascript
access-control-allow-origin
*
access-control-expose-headers
ETag, x-obs-request-id, x-obs-api, Content-Type, Content-Length, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Expires, x-obs-id-2, x-reserved-indicator, x-obs-version-id, x-obs-copy-source-version-id, x-obs-storage-class, x-obs-delete-marker, x-obs-expiration, x-obs-website-redirect-location, x-obs-restore, x-obs-version, x-obs-object-type, x-obs-next-append-position
cache-control
public, max-age=3600
vary
Accept-Encoding
x-amz-cf-id
z9Bx9S8uaE5nolo3QT4OaJ9MyT47Y82wwoF9bnFnemx_vvVMMyuQoQ==
expires
Wed, 29 May 2024 05:26:11 GMT
js
www.googletagmanager.com/gtag/
123 KB
47 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=
Requested by
Host: userdata.freefireindiamobile.com
URL: https://userdata.freefireindiamobile.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.175.97 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS
sh-in-f97.1e100.net
Software
Google Tag Manager /
Resource Hash
7f7c6fd5872dbd5d22fb295a9539d3883c4b8c6ac84f59f86c972dd98ada5f42
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://userdata.freefireindiamobile.com/
Accept-Language
en-SG,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 29 May 2024 04:26:11 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
48177
x-xss-protection
0
last-modified
Wed, 29 May 2024 03:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 29 May 2024 04:26:11 GMT
logo_template.png
dl.dir.freefiremobile.com/common/web_event/crafactory3.0/images/
253 KB
253 KB
Image
General
Full URL
https://dl.dir.freefiremobile.com/common/web_event/crafactory3.0/images/logo_template.png
Requested by
Host: userdata.freefireindiamobile.com
URL: https://userdata.freefireindiamobile.com/privacy-policy
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.39.4 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (sgc/5687) /
Resource Hash
e5d1ff232a26bd3b8a702a52464d1bdf12992e9f166084da5cfad235d8f7b20e

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://userdata.freefireindiamobile.com/
Accept-Language
en-SG,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 29 May 2024 04:26:11 GMT
via
1.1 cd09c7e66aa65f123adc53975394570c.cloudfront.net (CloudFront)
age
2245
x-amz-cf-pop
SIN52-C2
ec-version
v6.05
x-obs-request-id
0000018FC276F1C99815E9FE2095920E
content-length
258949
x-obs-id-2
32AAAQAAEAABAAAQAAEAABAAAQAAEAABCSrNSViW4G33640QbuNZh82i9514WHtR
last-modified
Thu, 15 Sep 2022 13:01:56 GMT
server
ECAcc (sgc/5687)
etag
"76697e9220e45c00a5fbaf78cc3d7553"
content-type
image/png
cache-control
public, max-age=3600
accept-ranges
bytes
x-amz-cf-id
g-l7_uD98VRmKhnqsVmjJerXCFT049rYcpOY-llrC_EWxAFzNe2o2w==
expires
Wed, 29 May 2024 05:26:11 GMT
info
userdata.freefireindiamobile.com/api/
44 B
132 B
XHR
General
Full URL
https://userdata.freefireindiamobile.com/api/info?lang=en-US&token=
Requested by
Host: dl.dir.freefiremobile.com
URL: https://dl.dir.freefiremobile.com/common/web_event/common/js/axios.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
148.222.66.96 , Singapore, ASN58521 (GARENA-SG Garena Online Pte Ltd, SG),
Reverse DNS
Software
nginx /
Resource Hash
f9eff9f3183285e73e55cbc98bf898619d368efcf52837fdb41956eec2d058a8
Security Headers
Name Value
X-Frame-Options DENY

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept-Language
en-SG,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Accept
application/json, text/plain, */*
Referer
https://userdata.freefireindiamobile.com/privacy-policy
X-CSRFToken
null
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 29 May 2024 04:26:11 GMT
content-encoding
gzip
server
nginx
vary
Accept-Encoding, Cookie
x-frame-options
DENY
content-type
application/json
background.0ec313ec.jpg
userdata.freefireindiamobile.com/img/
1 MB
1 MB
Image
General
Full URL
https://userdata.freefireindiamobile.com/img/background.0ec313ec.jpg
Requested by
Host: userdata.freefireindiamobile.com
URL: https://userdata.freefireindiamobile.com/css/app.1fbf1200.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
148.222.66.96 , Singapore, ASN58521 (GARENA-SG Garena Online Pte Ltd, SG),
Reverse DNS
Software
nginx /
Resource Hash
7d8b9c73fef42dbab3afbe619eb448a5fbe8c1f28af2683beef8f7c05739932e

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://userdata.freefireindiamobile.com/css/app.1fbf1200.css
Accept-Language
en-SG,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 29 May 2024 04:26:11 GMT
last-modified
Thu, 23 May 2024 03:24:41 GMT
server
nginx
etag
"664eb6f9-11ff2e"
content-type
image/jpeg
cache-control
no-cache
accept-ranges
bytes
content-length
1179438
expires
Wed, 29 May 2024 04:26:10 GMT
truncated
/
1 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e9589511b4355cc695ce0fb905b0cfdaa49bf248e76ae69eb9e1d7445d8deb33

Request headers

Accept-Language
en-SG,en;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
200 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4561ff944c0cf307148f5261474729c00d4099508534d6ea57a5f190eaef47ea

Request headers

Accept-Language
en-SG,en;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
192 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f7d17ddc885f7ae559ec6ef21343a26eb0dee8afe1b05b048f3662fa5f7bea23

Request headers

Accept-Language
en-SG,en;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
AgencyFB.ttf
dl.dir.freefiremobile.com/common/web_event/common/fonts/
58 KB
58 KB
Font
General
Full URL
https://dl.dir.freefiremobile.com/common/web_event/common/fonts/AgencyFB.ttf
Requested by
Host: userdata.freefireindiamobile.com
URL: https://userdata.freefireindiamobile.com/css/app.1fbf1200.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.39.4 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (sgc/56A1) /
Resource Hash
d672eb87a3787bdaf8f75df50f9ade864e2d5c9cdec5b07ce6de9d7d39433ea2

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://userdata.freefireindiamobile.com/
Origin
https://userdata.freefireindiamobile.com
Accept-Language
en-SG,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 29 May 2024 04:26:11 GMT
via
1.1 dc82e67c3cbbf5963a8de3bcf19baccc.cloudfront.net (CloudFront)
age
3328
x-amz-cf-pop
SIN5-C1
x-cache
HIT
ec-version
v6.05
x-obs-request-id
0000018FC2666AEE9806578D866FBAF7
content-length
58920
x-obs-id-2
32AAAQAAEAABAAAQAAEAABAAAQAAEAABCS8+roSauA/Fin9T+0IjCT+cwrx9W98X
last-modified
Thu, 04 Aug 2022 12:29:55 GMT
server
ECAcc (sgc/56A1)
etag
"70777e6bd210190350f7c92395c1860f"
access-control-max-age
100
access-control-allow-methods
GET
content-type
font/ttf
access-control-allow-origin
*
access-control-expose-headers
ETag, x-obs-request-id, x-obs-api, Content-Type, Content-Length, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Expires, x-obs-id-2, x-reserved-indicator, x-obs-version-id, x-obs-copy-source-version-id, x-obs-storage-class, x-obs-delete-marker, x-obs-expiration, x-obs-website-redirect-location, x-obs-restore, x-obs-version, x-obs-object-type, x-obs-next-append-position
cache-control
public, max-age=3600
accept-ranges
bytes
x-amz-cf-id
xQ6FYmN28eWyL4kunOEmKPMPMm5v2mATMxEdOqNxbYF0Fi5vQ4WJOA==
expires
Wed, 29 May 2024 05:26:11 GMT
AgencyFB-Bold.woff
dl.dir.freefiremobile.com/common/web_event/common/fonts/
16 KB
16 KB
Font
General
Full URL
https://dl.dir.freefiremobile.com/common/web_event/common/fonts/AgencyFB-Bold.woff
Requested by
Host: userdata.freefireindiamobile.com
URL: https://userdata.freefireindiamobile.com/css/app.1fbf1200.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.39.4 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (sgc/56B4) /
Resource Hash
8ad435b23a162c1aca70f87944041a5c71489be99ce5b31861413d557464ca45

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://userdata.freefireindiamobile.com/
Origin
https://userdata.freefireindiamobile.com
Accept-Language
en-SG,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 29 May 2024 04:26:11 GMT
via
1.1 9aa4c0af34b19413a926a6c2c913a744.cloudfront.net (CloudFront)
age
0
x-amz-cf-pop
SIN2-P3
ec-version
v6.05
x-obs-request-id
0000018FC29934D49412D1A31B85E75D
content-length
16540
x-obs-id-2
32AAAQAAEAABAAAQAAEAABAAAQAAEAABCSeCrrUxjsDzkrel98PY2EQuQbpwERXg
last-modified
Thu, 04 Aug 2022 12:29:55 GMT
server
ECAcc (sgc/56B4)
etag
"001edc1fb1f83764fbef866d24632fd9"
access-control-max-age
100
access-control-allow-methods
GET
content-type
font/woff
access-control-allow-origin
*
access-control-expose-headers
ETag, x-obs-request-id, x-obs-api, Content-Type, Content-Length, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Expires, x-obs-id-2, x-reserved-indicator, x-obs-version-id, x-obs-copy-source-version-id, x-obs-storage-class, x-obs-delete-marker, x-obs-expiration, x-obs-website-redirect-location, x-obs-restore, x-obs-version, x-obs-object-type, x-obs-next-append-position
cache-control
public, max-age=3600
accept-ranges
bytes
x-amz-cf-id
UOaplMU_uv0u97VcSQD5vLbqXSGvKnLWdLCelfRAQLIRA3N1zUsv8A==
expires
Wed, 29 May 2024 05:26:11 GMT
favicon.png
dl.dir.freefiremobile.com/common/web_event/common/images/
844 B
1 KB
Other
General
Full URL
https://dl.dir.freefiremobile.com/common/web_event/common/images/favicon.png
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.39.4 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (sgc/56D3) /
Resource Hash
34268a645025ec250d3f7ad643e65c7e9e39f8290fcbc54dbfcf37d7ca7eba61

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://userdata.freefireindiamobile.com/
Accept-Language
en-SG,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 29 May 2024 04:26:12 GMT
via
1.1 fbb0eee872ada24336cf35814e95a30c.cloudfront.net (CloudFront)
age
1616
x-amz-cf-pop
SIN2-P2
x-cache
HIT
ec-version
v6.05
x-obs-request-id
0000018FC2808E4E901BE63D80C320CC
content-length
844
x-obs-id-2
32AAAQAAEAABAAAQAAEAABAAAQAAEAABCSSXx2L+s7FrD8D5NhHMM6kkSXJRKAnw
last-modified
Thu, 04 Aug 2022 12:29:56 GMT
server
ECAcc (sgc/56D3)
etag
"fd19546258b9099be57c72de938cc20e"
content-type
image/png
cache-control
public, max-age=3600
accept-ranges
bytes
x-amz-cf-id
ntI_okKqNQ0RYZJ7QhbPFeJ5ddq2nUnFkhp5kvlLPYaNTtS5ulSpxw==
expires
Wed, 29 May 2024 05:26:12 GMT
pd.gif
logcollector.data.garenanow.com/
43 B
167 B
Image
General
Full URL
https://logcollector.data.garenanow.com/pd.gif?data=%7B%22ts%22%3A1716956773%2C%22uuid%22%3A%22b9b2b0a6-70b9-43ad-a58b-e3f575e87852%22%2C%22event%22%3A%22%22%2C%22payload%22%3A%7B%22uid%22%3A0%2C%22region%22%3A0%2C%22data%22%3A%5B%7B%22event%22%3A%22init%22%2C%22info%22%3A%7B%22agent%22%3A%22Netscape%20Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F125.0.0.0%20Safari%2F537.36%22%2C%22url%22%3A%22https%3A%2F%2Fuserdata.freefireindiamobile.com%2Fprivacy-policy%22%2C%22screen%22%3A%221600x1200%22%2C%22time%22%3A1716956771%7D%7D%5D%7D%7D&project_name=ff_front_end
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
202.81.113.70 , Singapore, ASN58521 (GARENA-SG Garena Online Pte Ltd, SG),
Reverse DNS
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://userdata.freefireindiamobile.com/
Accept-Language
en-SG,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Tue, 01 Jan 1980 1:00:00 GMT
pragma
no-cache
date
Wed, 29 May 2024 04:26:13 GMT
cache-control
no-store, no-cache
content-length
43
vary
Accept-Encoding
content-type
image/gif

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Garena Free Fire (Gaming)

20 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

string| analyticsId string| gaEventLogName string| src object| script function| gtag number| lastTouchEnd object| promises function| nativePromiseThen object| dataLayer function| Vue object| t function| e function| VueRouter function| axios object| webpackJsonp object| regeneratorRuntime function| webpackHotUpdate object| garenaGA object| google_tag_manager object| google_tag_data

0 Cookies

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

dl.dir.freefiremobile.com
logcollector.data.garenanow.com
userdata.freefireindiamobile.com
www.googletagmanager.com
142.251.175.97
148.222.66.96
152.199.39.4
202.81.113.70
2c862bfe17f2d16d865ae4ca39068b0661dcdd42922c7e288449d4a325b01cee
33039860628de8197d8b50b15a6074a698ca434329ad8fab47f00742c144d072
34268a645025ec250d3f7ad643e65c7e9e39f8290fcbc54dbfcf37d7ca7eba61
354fcbecfba26d0947fc4a5d809d8339574588589ab94e00347028784fa1a38b
4561ff944c0cf307148f5261474729c00d4099508534d6ea57a5f190eaef47ea
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
7d8b9c73fef42dbab3afbe619eb448a5fbe8c1f28af2683beef8f7c05739932e
7f7c6fd5872dbd5d22fb295a9539d3883c4b8c6ac84f59f86c972dd98ada5f42
83e40aef92138c841a236895c09496aa49fb2959472427c9397a1bacd51c62b3
8ad435b23a162c1aca70f87944041a5c71489be99ce5b31861413d557464ca45
af072e5a624ed7b6f7d36fa1a05f8bcf9549c919dce2053f98f9612a84c95aa4
bbc2aee0c334dcc3f7c914d11f0cb3c9a60e76e616081db905de31be8f1c22d3
d0d8e10edca5d489536b2a072ad0cf1cc639608d27320b79bde7a003799b5b66
d672eb87a3787bdaf8f75df50f9ade864e2d5c9cdec5b07ce6de9d7d39433ea2
e5d1ff232a26bd3b8a702a52464d1bdf12992e9f166084da5cfad235d8f7b20e
e6915f17c9de5f43e9104599036319a1b71e2847f7717328157fe819dd68c71d
e9589511b4355cc695ce0fb905b0cfdaa49bf248e76ae69eb9e1d7445d8deb33
f7d17ddc885f7ae559ec6ef21343a26eb0dee8afe1b05b048f3662fa5f7bea23
f9eff9f3183285e73e55cbc98bf898619d368efcf52837fdb41956eec2d058a8