![](/screenshots/b3a68b21-c6a0-4b57-aa21-7823ec33c2fe.png)
lienminh-riotgames.com
Open in
urlscan Pro
2606:4700:3034::ac43:b54a
Malicious Activity!
Public Scan
Submission: On March 16 via automatic, source openphish — Scanned from DE
Summary
This is the only time lienminh-riotgames.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Garena Free Fire (Gaming)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 2606:4700:303... 2606:4700:3034::ac43:b54a | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
4 | 152.195.133.221 152.195.133.221 | 15133 (EDGECAST) (EDGECAST) | |
5 | 2.22.242.89 2.22.242.89 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 | 2a04:4e42:200... 2a04:4e42:200::649 | 54113 (FASTLY) (FASTLY) | |
1 | 2a00:1450:400... 2a00:1450:4001:827::200a | 15169 (GOOGLE) (GOOGLE) | |
12 | 5 |
ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-22-242-89.deploy.static.akamaitechnologies.com
dlgarenanow-a.akamaihd.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
akamaihd.net
dlgarenanow-a.akamaihd.net — Cisco Umbrella Rank: 905132 |
392 KB |
4 |
freefiremobile.com
dl.dir.freefiremobile.com — Cisco Umbrella Rank: 35337 |
116 KB |
1 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 38 |
33 KB |
1 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 746 |
30 KB |
1 |
lienminh-riotgames.com
lienminh-riotgames.com |
4 KB |
12 | 5 |
Domain | Requested by | |
---|---|---|
5 | dlgarenanow-a.akamaihd.net |
lienminh-riotgames.com
dl.dir.freefiremobile.com |
4 | dl.dir.freefiremobile.com |
lienminh-riotgames.com
dl.dir.freefiremobile.com |
1 | fonts.googleapis.com |
dl.dir.freefiremobile.com
|
1 | code.jquery.com |
lienminh-riotgames.com
|
1 | lienminh-riotgames.com | |
12 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
garenanow.com GeoTrust TLS RSA CA G1 |
2024-02-23 - 2024-05-30 |
3 months | crt.sh |
a248.e.akamai.net DigiCert TLS RSA SHA256 2020 CA1 |
2023-05-16 - 2024-05-15 |
a year | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2023-07-11 - 2024-07-14 |
a year | crt.sh |
upload.video.google.com GTS CA 1C3 |
2024-02-19 - 2024-05-13 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
http://lienminh-riotgames.com/lsTEjD5vZaIGrI1qnMdurdSWBt8Pq12nMHK
Frame ID: 1F04A6E37BBF3AED30DFA32B68167813
Requests: 12 HTTP requests in this frame
Screenshot
![](/screenshots/b3a68b21-c6a0-4b57-aa21-7823ec33c2fe.png)
Page Title
Free FireDetected technologies
![](/vendor/wappa/icons/Vue.js.png)
Detected patterns
- <[^>]+\sdata-v(?:ue)?-
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
12 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
lsTEjD5vZaIGrI1qnMdurdSWBt8Pq12nMHK
lienminh-riotgames.com/ |
11 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.447aeaee79bb574826e0.css
dl.dir.freefiremobile.com/common/web_event/tweb-event/rewardFF/dist/assets/css/ |
68 KB 9 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
arrow.png
dlgarenanow-a.akamaihd.net/mgames/ffmhk/common/web_event/tweb-event/redemption/img/ |
449 B 659 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo_small_foot.jpg
dlgarenanow-a.akamaihd.net/mgames/ffmhk/common/web_event/tweb-event/redemption/img/ |
3 KB 4 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.6.0.min.js
code.jquery.com/ |
87 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
120 KB 33 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bg.jpg
dlgarenanow-a.akamaihd.net/mgames/ffmhk/common/web_event/tweb-event/redemption/img/ |
134 KB 134 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
top_teeth-l.png
dlgarenanow-a.akamaihd.net/mgames/ffmhk/common/web_event/tweb-event/redemption/img/ |
144 B 353 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo-new.png
dlgarenanow-a.akamaihd.net/mgames/ffmhk/common/web_event/tweb-event/redemption/img/ |
253 KB 253 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
GFFLatinW05-Medium.woff
dl.dir.freefiremobile.com/common/web_event/common/fonts/website/ |
32 KB 33 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
GFFLatinW05-Bold.woff
dl.dir.freefiremobile.com/common/web_event/common/fonts/website/ |
37 KB 38 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
GFFLatinW05-Regular.woff
dl.dir.freefiremobile.com/common/web_event/common/fonts/website/ |
36 KB 36 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Garena Free Fire (Gaming)3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery function| logout1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
lienminh-riotgames.com/ | Name: PHPSESSID Value: 69b98133627c559b593dca9adc6e04df |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
code.jquery.com
dl.dir.freefiremobile.com
dlgarenanow-a.akamaihd.net
fonts.googleapis.com
lienminh-riotgames.com
152.195.133.221
2.22.242.89
2606:4700:3034::ac43:b54a
2a00:1450:4001:827::200a
2a04:4e42:200::649
0f0cdfcbeb1eeeffe2e37a895671c0115c30fdb56867c9c531dc6042b70984b4
257d8242cc6676e121fe8579504296daf5ca55dd1166b77f35274b7bdeafc716
3dec40957ccb5815562b06c0bcb1cb3fc09a5f0738aa0b9ec2d1390e4e30a346
42fcead125ad8660c031f3b763fd048fd06b4a70a7a48cf17bc03073fb255fae
475f5b3cb03384633a4e870c3377b992f13ad8246a23173a282be11faf2c85fb
5441944a6ee96a0dc5935f0b4c180045b41c7ef6068bd50c05dade403fbe150e
6620f3ae15d286bff0d7fb20109b3c6321164985eb0f0803d4e98409e198e5b4
756734c7de9dd01ffd9c75ccdfc48f08d51d774f75c6c453d9468812c5282861
78fd77e0744c746a2178e29c697fc34eb5ebbd75822d8e01344815002808b11f
ba96000a92f9d03cce2c34ab48fb9f1e67976be7b4233c1bd607a87e6e9af82d
e5d1ff232a26bd3b8a702a52464d1bdf12992e9f166084da5cfad235d8f7b20e
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e