lienminh-riotgames.com Open in urlscan Pro
2606:4700:3034::ac43:b54a Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://lienminh-riotgames.com/lsTEjD5vZaIGrI1qnMdurdSWBt8Pq12nMHK
Submission: On March 16 via automatic, source openphish (March 16th 2024, 1:17:41 am UTC) — Scanned from DE

Summary HTTP 12 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 2 countries across 5 domains to perform 12 HTTP transactions. The main IP is 2606:4700:3034::ac43:b54a, located in United States and belongs to CLOUDFLARENET, US. The main domain is lienminh-riotgames.com.

This is the only time lienminh-riotgames.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Garena Free Fire (Gaming)

Domain & IP information

	IP Address	AS Autonomous System
1	2606:4700:303... 2606:4700:3034::ac43:b54a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	152.195.133.221 152.195.133.221	15133 (EDGECAST) (EDGECAST)
5	2.22.242.89 2.22.242.89	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a04:4e42:200... 2a04:4e42:200::649	54113 (FASTLY) (FASTLY)
1	2a00:1450:400... 2a00:1450:4001:827::200a	15169 (GOOGLE) (GOOGLE)
12	5

1 2606:4700:3034::ac43:b54a (United States)

ASN13335 (CLOUDFLARENET, US)

lienminh-riotgames.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 152.195.133.221 (United States)

ASN15133 (EDGECAST, US)

dl.dir.freefiremobile.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2.22.242.89 (Düsseldorf, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-22-242-89.deploy.static.akamaitechnologies.com

dlgarenanow-a.akamaihd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:200::649 (United States)

ASN54113 (FASTLY, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	akamaihd.net dlgarenanow-a.akamaihd.net — Cisco Umbrella Rank: 905132	392 KB
4	freefiremobile.com dl.dir.freefiremobile.com — Cisco Umbrella Rank: 35337	116 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 38	33 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 746	30 KB
1	lienminh-riotgames.com lienminh-riotgames.com	4 KB
12	5

	Domain	Requested by
5	dlgarenanow-a.akamaihd.net	lienminh-riotgames.com dl.dir.freefiremobile.com
4	dl.dir.freefiremobile.com	lienminh-riotgames.com dl.dir.freefiremobile.com
1	fonts.googleapis.com	dl.dir.freefiremobile.com
1	code.jquery.com	lienminh-riotgames.com
1	lienminh-riotgames.com
12	5

This site contains no links.

Subject Issuer	Validity	Valid
garenanow.com GeoTrust TLS RSA CA G1	`2024-02-23` - `2024-05-30`	3 months	crt.sh
a248.e.akamai.net DigiCert TLS RSA SHA256 2020 CA1	`2023-05-16` - `2024-05-15`	a year	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2023-07-11` - `2024-07-14`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2024-02-19` - `2024-05-13`	3 months	crt.sh

This page contains 1 frames:

Primary Page: http://lienminh-riotgames.com/lsTEjD5vZaIGrI1qnMdurdSWBt8Pq12nMHK
Frame ID: 1F04A6E37BBF3AED30DFA32B68167813
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Free Fire

Detected technologies

Vue.js (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

<[^>]+\sdata-v(?:ue)?-

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

12
Requests

92 %
HTTPS

60 %
IPv6

5
Domains

5
Subdomains

5
IPs

2
Countries

575 kB
Transfer

782 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request lsTEjD5vZaIGrI1qnMdurdSWBt8Pq12nMHK Show response
lienminh-riotgames.com/ 11 KB
4 KB 592ms
560ms Document
text/html 2606:4700:3034::ac43:b54a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://lienminh-riotgames.com/lsTEjD5vZaIGrI1qnMdurdSWBt8Pq12nMHK
Protocol: HTTP/1.1
Server: 2606:4700:3034::ac43:b54a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6620f3ae15d286bff0d7fb20109b3c6321164985eb0f0803d4e98409e198e5b4

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

CF-Cache-Status: DYNAMIC
CF-RAY: 8650e788defabb65-FRA
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Sat, 16 Mar 2024 01:17:36 GMT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AY9RT66lqHO6MZvdt3WqtKTNTittj5Y0YO%2FjqfxkwcGpINQj0nIEnD79lW12O03KiJ%2BgUuduAUmYTf6XqwDgLQ5nl4DqNC3PFq%2F95LJL667K2A6ptQq6REGq%2FTaR4LnCDZYKoId9u9c806PVjm4TCPz9%2FlfT"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed

GET
H2 200 main.447aeaee79bb574826e0.css
dl.dir.freefiremobile.com/common/web_event/tweb-event/rewardFF/dist/assets/css/ 68 KB
9 KB 129ms
48ms Stylesheet
text/css 152.195.133.221
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://dl.dir.freefiremobile.com/common/web_event/tweb-event/rewardFF/dist/assets/css/main.447aeaee79bb574826e0.css
Requested by: Host: lienminh-riotgames.com
URL: http://lienminh-riotgames.com/lsTEjD5vZaIGrI1qnMdurdSWBt8Pq12nMHK
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.195.133.221 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (amb/6AE8) /
Resource Hash: 0f0cdfcbeb1eeeffe2e37a895671c0115c30fdb56867c9c531dc6042b70984b4

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://lienminh-riotgames.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sat, 16 Mar 2024 01:17:36 GMT
content-encoding: gzip
via: 1.1 fbbc548a3de404eb87126afd4e3999ba.cloudfront.net (CloudFront)
content-md5: zY4zvEA47S0mil7E3YYemA==
age: 3091
x-amz-cf-pop: AMS1-P2
ec-version: v6.05
x-obs-request-id: 0000018E44A6CBB69147B9C8DBA1FB89
content-length: 8815
x-obs-id-2: 32AAAQAAEAABAAAQAAEAABAAAQAAEAABCSADGEJ/Z52o41q0IZWFVF6XYyF68B3B
last-modified: Tue, 09 May 2023 07:13:07 GMT
server: ECAcc (amb/6AE8)
x-obs-replication-status: REPLICA
etag: "cd8e33bc4038ed2d268a5ec4dd861e98+gzip"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=3600
x-amz-cf-id: mkOqrhsQxx7gYUND5yu0uCK55RljxyCOaohOQwITSDG0y2U1OBn6QA==
expires: Sat, 16 Mar 2024 02:17:36 GMT

GET
H2 200 arrow.png
dlgarenanow-a.akamaihd.net/mgames/ffmhk/common/web_event/tweb-event/redemption/img/ 449 B
659 B 497ms
386ms Image
image/png 2.22.242.89
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dlgarenanow-a.akamaihd.net/mgames/ffmhk/common/web_event/tweb-event/redemption/img/arrow.png
Requested by: Host: lienminh-riotgames.com
URL: http://lienminh-riotgames.com/lsTEjD5vZaIGrI1qnMdurdSWBt8Pq12nMHK
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.22.242.89 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-22-242-89.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 756734c7de9dd01ffd9c75ccdfc48f08d51d774f75c6c453d9468812c5282861

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://lienminh-riotgames.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sat, 16 Mar 2024 01:17:36 GMT
last-modified: Mon, 07 Mar 2022 08:26:50 GMT
server: AkamaiNetStorage
etag: "3303308c2aacb531af045e92a5d7101c:1646641610.663508"
content-type: image/png
access-control-allow-origin: *
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
content-length: 449

GET
H2 200 logo_small_foot.jpg
dlgarenanow-a.akamaihd.net/mgames/ffmhk/common/web_event/tweb-event/redemption/img/ 3 KB
4 KB 472ms
362ms Image
image/jpeg 2.22.242.89
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dlgarenanow-a.akamaihd.net/mgames/ffmhk/common/web_event/tweb-event/redemption/img/logo_small_foot.jpg
Requested by: Host: lienminh-riotgames.com
URL: http://lienminh-riotgames.com/lsTEjD5vZaIGrI1qnMdurdSWBt8Pq12nMHK
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.22.242.89 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-22-242-89.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 3dec40957ccb5815562b06c0bcb1cb3fc09a5f0738aa0b9ec2d1390e4e30a346

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://lienminh-riotgames.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sat, 16 Mar 2024 01:17:36 GMT
last-modified: Mon, 07 Mar 2022 08:28:07 GMT
server: AkamaiNetStorage
etag: "c34038edcf4185b3e75a6b85f1cd3d4f:1646641687.19891"
content-type: image/jpeg
access-control-allow-origin: *
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
content-length: 3522

GET
H2 200 jquery-3.6.0.min.js Show response
code.jquery.com/ 87 KB
30 KB 28ms
6ms Script
application/javascript 2a04:4e42:200::649
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.6.0.min.js
Requested by: Host: lienminh-riotgames.com
URL: http://lienminh-riotgames.com/lsTEjD5vZaIGrI1qnMdurdSWBt8Pq12nMHK
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:200::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://lienminh-riotgames.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sat, 16 Mar 2024 01:17:36 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
age: 3009475
x-cache: HIT, HIT
content-length: 30875
x-served-by: cache-lga21931-LGA, cache-fra-eddf8230109-FRA
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
server: nginx
x-timer: S1710551856.082751,VS0,VE0
etag: W/"28feccc0-15d9d"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=604800
accept-ranges: bytes
x-cache-hits: 15, 673646

GET
H2 200 css
fonts.googleapis.com/ 120 KB
33 KB 41ms
21ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Noto+Sans+TC&display=swap

Requested by

Host: dl.dir.freefiremobile.com
URL: https://dl.dir.freefiremobile.com/common/web_event/tweb-event/rewardFF/dist/assets/css/main.447aeaee79bb574826e0.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

78fd77e0744c746a2178e29c697fc34eb5ebbd75822d8e01344815002808b11f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dl.dir.freefiremobile.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sat, 16 Mar 2024 01:17:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sat, 16 Mar 2024 01:17:36 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 16 Mar 2024 01:17:36 GMT

GET
H2 200 bg.jpg
dlgarenanow-a.akamaihd.net/mgames/ffmhk/common/web_event/tweb-event/redemption/img/ 134 KB
134 KB 362ms
362ms Image
image/jpeg 2.22.242.89
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dlgarenanow-a.akamaihd.net/mgames/ffmhk/common/web_event/tweb-event/redemption/img/bg.jpg
Requested by: Host: dl.dir.freefiremobile.com
URL: https://dl.dir.freefiremobile.com/common/web_event/tweb-event/rewardFF/dist/assets/css/main.447aeaee79bb574826e0.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.22.242.89 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-22-242-89.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: ba96000a92f9d03cce2c34ab48fb9f1e67976be7b4233c1bd607a87e6e9af82d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dl.dir.freefiremobile.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sat, 16 Mar 2024 01:17:36 GMT
last-modified: Mon, 07 Mar 2022 08:28:11 GMT
server: AkamaiNetStorage
etag: "57fd6fc58a09519be8012650efd9881d:1646641691.083794"
content-type: image/jpeg
access-control-allow-origin: *
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
content-length: 136773

GET
H2 200 top_teeth-l.png
dlgarenanow-a.akamaihd.net/mgames/ffmhk/common/web_event/tweb-event/redemption/img/ 144 B
353 B 364ms
364ms Image
image/png 2.22.242.89
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dlgarenanow-a.akamaihd.net/mgames/ffmhk/common/web_event/tweb-event/redemption/img/top_teeth-l.png
Requested by: Host: dl.dir.freefiremobile.com
URL: https://dl.dir.freefiremobile.com/common/web_event/tweb-event/rewardFF/dist/assets/css/main.447aeaee79bb574826e0.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.22.242.89 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-22-242-89.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 42fcead125ad8660c031f3b763fd048fd06b4a70a7a48cf17bc03073fb255fae

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dl.dir.freefiremobile.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sat, 16 Mar 2024 01:17:36 GMT
last-modified: Mon, 07 Mar 2022 08:26:47 GMT
server: AkamaiNetStorage
etag: "fe98481dd3ffad514594309ceb2ef4ba:1646641607.0753"
content-type: image/png
access-control-allow-origin: *
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
content-length: 144

GET
H2 200 logo-new.png
dlgarenanow-a.akamaihd.net/mgames/ffmhk/common/web_event/tweb-event/redemption/img/ 253 KB
253 KB 488ms
488ms Image
image/png 2.22.242.89
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dlgarenanow-a.akamaihd.net/mgames/ffmhk/common/web_event/tweb-event/redemption/img/logo-new.png
Requested by: Host: dl.dir.freefiremobile.com
URL: https://dl.dir.freefiremobile.com/common/web_event/tweb-event/rewardFF/dist/assets/css/main.447aeaee79bb574826e0.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.22.242.89 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-22-242-89.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: e5d1ff232a26bd3b8a702a52464d1bdf12992e9f166084da5cfad235d8f7b20e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dl.dir.freefiremobile.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sat, 16 Mar 2024 01:17:36 GMT
last-modified: Tue, 19 Jul 2022 08:34:23 GMT
server: AkamaiNetStorage
etag: "76697e9220e45c00a5fbaf78cc3d7553:1658219663.088581"
content-type: image/png
access-control-allow-origin: *
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
content-length: 258949

GET
H2 200 GFFLatinW05-Medium.woff
dl.dir.freefiremobile.com/common/web_event/common/fonts/website/ 32 KB
33 KB 58ms
18ms Font
font/woff 152.195.133.221
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://dl.dir.freefiremobile.com/common/web_event/common/fonts/website/GFFLatinW05-Medium.woff
Requested by: Host: dl.dir.freefiremobile.com
URL: https://dl.dir.freefiremobile.com/common/web_event/tweb-event/rewardFF/dist/assets/css/main.447aeaee79bb574826e0.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.195.133.221 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (amb/6B24) /
Resource Hash: 257d8242cc6676e121fe8579504296daf5ca55dd1166b77f35274b7bdeafc716

Request headers

Referer: https://dl.dir.freefiremobile.com/common/web_event/tweb-event/rewardFF/dist/assets/css/main.447aeaee79bb574826e0.css
Origin: http://lienminh-riotgames.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sat, 16 Mar 2024 01:17:36 GMT
via: 1.1 6553b2bbd8fca4153c739e94065a1184.cloudfront.net (CloudFront)
age: 1456
x-amz-cf-pop: AMS1-P3
x-cache: HIT
ec-version: v6.05
x-obs-request-id: 0000018E44BFBDDC914CD2F66454DC4D
content-length: 32804
x-obs-id-2: 32AAAQAAEAABAAAQAAEAABAAAQAAEAABCSkx1qhv7yHjp9yOy3v4VHNvrJh6brJr
last-modified: Thu, 04 Aug 2022 12:29:56 GMT
server: ECAcc (amb/6B24)
etag: "23aa319528eddbc697ec07df143de69c"
access-control-max-age: 100
access-control-allow-methods: GET
content-type: font/woff
access-control-allow-origin: *
access-control-expose-headers: ETag, x-obs-request-id, x-obs-api, Content-Type, Content-Length, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Expires, x-obs-id-2, x-reserved-indicator, x-obs-version-id, x-obs-copy-source-version-id, x-obs-storage-class, x-obs-delete-marker, x-obs-expiration, x-obs-website-redirect-location, x-obs-restore, x-obs-version, x-obs-object-type, x-obs-next-append-position
cache-control: public, max-age=3600
accept-ranges: bytes
x-amz-cf-id: 1eD9jdXFhGpostqsB4emnJLkMFA8k1n-b1TgDpuhp8iZS_W0-03YAQ==
expires: Sat, 16 Mar 2024 02:17:36 GMT

GET
H2 200 GFFLatinW05-Bold.woff
dl.dir.freefiremobile.com/common/web_event/common/fonts/website/ 37 KB
38 KB 59ms
20ms Font
font/woff 152.195.133.221
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://dl.dir.freefiremobile.com/common/web_event/common/fonts/website/GFFLatinW05-Bold.woff
Requested by: Host: dl.dir.freefiremobile.com
URL: https://dl.dir.freefiremobile.com/common/web_event/tweb-event/rewardFF/dist/assets/css/main.447aeaee79bb574826e0.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.195.133.221 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (amb/6AF3) /
Resource Hash: 5441944a6ee96a0dc5935f0b4c180045b41c7ef6068bd50c05dade403fbe150e

Request headers

Referer: https://dl.dir.freefiremobile.com/common/web_event/tweb-event/rewardFF/dist/assets/css/main.447aeaee79bb574826e0.css
Origin: http://lienminh-riotgames.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sat, 16 Mar 2024 01:17:36 GMT
via: 1.1 d0ade5b002ae847eefd25c219f24b24c.cloudfront.net (CloudFront)
age: 3115
x-amz-cf-pop: AMS58-P4
x-cache: HIT
ec-version: v6.05
x-obs-request-id: 0000018E44A66BD19147B9C2C345BD02
content-length: 38243
x-obs-id-2: 32AAAQAAEAABAAAQAAEAABAAAQAAEAABCSeDCVHiPKQlYSAtpMp8QuN7n8NNBaBn
last-modified: Thu, 04 Aug 2022 12:29:55 GMT
server: ECAcc (amb/6AF3)
etag: "2aea1e812ea22f7bf315a8d9769e1470"
access-control-max-age: 100
access-control-allow-methods: GET
content-type: font/woff
access-control-allow-origin: *
access-control-expose-headers: ETag, x-obs-request-id, x-obs-api, Content-Type, Content-Length, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Expires, x-obs-id-2, x-reserved-indicator, x-obs-version-id, x-obs-copy-source-version-id, x-obs-storage-class, x-obs-delete-marker, x-obs-expiration, x-obs-website-redirect-location, x-obs-restore, x-obs-version, x-obs-object-type, x-obs-next-append-position
cache-control: public, max-age=3600
accept-ranges: bytes
x-amz-cf-id: _6K5QJqxFFOxLNOXsUhPAUHEYYOibU6-gLZjT9LbhWRSjYdabYn4uQ==
expires: Sat, 16 Mar 2024 02:17:36 GMT

GET
H2 200 GFFLatinW05-Regular.woff
dl.dir.freefiremobile.com/common/web_event/common/fonts/website/ 36 KB
36 KB 72ms
33ms Font
font/woff 152.195.133.221
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://dl.dir.freefiremobile.com/common/web_event/common/fonts/website/GFFLatinW05-Regular.woff
Requested by: Host: dl.dir.freefiremobile.com
URL: https://dl.dir.freefiremobile.com/common/web_event/tweb-event/rewardFF/dist/assets/css/main.447aeaee79bb574826e0.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.195.133.221 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (amb/6A93) /
Resource Hash: 475f5b3cb03384633a4e870c3377b992f13ad8246a23173a282be11faf2c85fb

Request headers

Referer: https://dl.dir.freefiremobile.com/common/web_event/tweb-event/rewardFF/dist/assets/css/main.447aeaee79bb574826e0.css
Origin: http://lienminh-riotgames.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sat, 16 Mar 2024 01:17:36 GMT
via: 1.1 c3d7a569db567dde78a645781f9949a2.cloudfront.net (CloudFront)
age: 457
x-amz-cf-pop: AMS58-P4
x-cache: HIT
ec-version: v6.05
x-obs-request-id: 0000018E44CEFCED9551E12C06D09E1C
content-length: 36707
x-obs-id-2: 32AAAQAAEAABAAAQAAEAABAAAQAAEAABCS4rEhcinNUV6UzjBoj5OyQ313LA0Ao1
last-modified: Thu, 04 Aug 2022 12:29:55 GMT
server: ECAcc (amb/6A93)
etag: "79eded60054ec31a810b67864d975a8c"
access-control-max-age: 100
access-control-allow-methods: GET
content-type: font/woff
access-control-allow-origin: *
access-control-expose-headers: ETag, x-obs-request-id, x-obs-api, Content-Type, Content-Length, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Expires, x-obs-id-2, x-reserved-indicator, x-obs-version-id, x-obs-copy-source-version-id, x-obs-storage-class, x-obs-delete-marker, x-obs-expiration, x-obs-website-redirect-location, x-obs-restore, x-obs-version, x-obs-object-type, x-obs-next-append-position
cache-control: public, max-age=3600
accept-ranges: bytes
x-amz-cf-id: LP-1MBKNd7KqooROcZyVYtO1qS0gILqXN6zJ77BKXogG1DDdF6QAlQ==
expires: Sat, 16 Mar 2024 02:17:36 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Garena Free Fire (Gaming)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery function| logout

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			lienminh-riotgames.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: 69b98133627c559b593dca9adc6e04df

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

code.jquery.com
dl.dir.freefiremobile.com
dlgarenanow-a.akamaihd.net
fonts.googleapis.com
lienminh-riotgames.com
152.195.133.221
2.22.242.89
2606:4700:3034::ac43:b54a
2a00:1450:4001:827::200a
2a04:4e42:200::649
0f0cdfcbeb1eeeffe2e37a895671c0115c30fdb56867c9c531dc6042b70984b4
257d8242cc6676e121fe8579504296daf5ca55dd1166b77f35274b7bdeafc716
3dec40957ccb5815562b06c0bcb1cb3fc09a5f0738aa0b9ec2d1390e4e30a346
42fcead125ad8660c031f3b763fd048fd06b4a70a7a48cf17bc03073fb255fae
475f5b3cb03384633a4e870c3377b992f13ad8246a23173a282be11faf2c85fb
5441944a6ee96a0dc5935f0b4c180045b41c7ef6068bd50c05dade403fbe150e
6620f3ae15d286bff0d7fb20109b3c6321164985eb0f0803d4e98409e198e5b4
756734c7de9dd01ffd9c75ccdfc48f08d51d774f75c6c453d9468812c5282861
78fd77e0744c746a2178e29c697fc34eb5ebbd75822d8e01344815002808b11f
ba96000a92f9d03cce2c34ab48fb9f1e67976be7b4233c1bd607a87e6e9af82d
e5d1ff232a26bd3b8a702a52464d1bdf12992e9f166084da5cfad235d8f7b20e
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

lienminh-riotgames.com Open in urlscan Pro 2606:4700:3034::ac43:b54a Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

12 Requests

92 %HTTPS

60 %IPv6

5 Domains

5 Subdomains

5 IPs

2 Countries

575 kBTransfer

782 kBSize

1 Cookies

0 Outgoing links

Redirected requests

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

1 Cookies

Indicators

lienminh-riotgames.com Open in urlscan Pro
2606:4700:3034::ac43:b54a Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

12
Requests

92 %
HTTPS

60 %
IPv6

5
Domains

5
Subdomains

5
IPs

2
Countries

575 kB
Transfer

782 kB
Size

1
Cookies

12 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!