account-garena.com Open in urlscan Pro
198.252.103.9  Malicious Activity! Public Scan

URL: http://account-garena.com/
Submission: On August 25 via automatic, source twitter_illegalFawn

Summary

This website contacted 5 IPs in 4 countries across 5 domains to perform 13 HTTP transactions. The main IP is 198.252.103.9, located in Chantilly, United States and belongs to SOFTLAYER - SoftLayer Technologies Inc., US. The main domain is account-garena.com.
This is the only time account-garena.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Garena Free Fire (Gaming)

Domain & IP information

IP Address AS Autonomous System
1 198.252.103.9 36351 (SOFTLAYER)
5 203.116.173.105 4657 (STARHUBIN...)
1 2a00:1450:401... 15169 (GOOGLE)
5 2.20.189.139 20940 (AKAMAI-ASN1)
1 2a00:1450:400... 15169 (GOOGLE)
13 5
Domain Requested by
5 cdn.garenanow.com account-garena.com
5 sso.garena.com account-garena.com
ajax.googleapis.com
1 ajax.googleapis.com www.google.com
1 www.google.com account-garena.com
1 account-garena.com
13 5

This site contains links to these domains. Also see Links.

Domain
nhanquagarena.top
Subject Issuer Validity Valid
sso.garena.com
COMODO RSA Domain Validation Secure Server CA
2017-06-02 -
2019-06-02
2 years crt.sh

This page contains 1 frames:

Primary Page: http://account-garena.com/
Frame ID: 30787.1
Requests: 13 HTTP requests in this frame

Screenshot


Page Statistics

13
Requests

38 %
HTTPS

40 %
IPv6

5
Domains

5
Subdomains

5
IPs

4
Countries

69 kB
Transfer

175 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
account-garena.com/
5 KB
2 KB
Document
General
Full URL
http://account-garena.com/
Protocol
HTTP/1.1
Server
198.252.103.9 Chantilly, United States, ASN36351 (SOFTLAYER - SoftLayer Technologies Inc., US),
Reverse DNS
198.252.103.9-static.reverse.arandomserver.com
Software
LiteSpeed / PHP/5.6.31
Resource Hash
72665b106e83624a87b4629a8eac9ca2da1f9598bc743ee8667e46f7522fb164

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 25 Aug 2017 20:00:39 GMT
Content-Encoding
gzip
Server
LiteSpeed
X-Powered-By
PHP/5.6.31
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection
close
Accept-Ranges
bytes
Content-Length
1913
Expires
Thu, 19 Nov 1981 08:52:00 GMT
sso.css
sso.garena.com/css/
24 KB
6 KB
Stylesheet
General
Full URL
https://sso.garena.com/css/sso.css?v=0.47
Requested by
Host: account-garena.com
URL: http://account-garena.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
203.116.173.105 Singapore, Singapore, ASN4657 (STARHUBINTERNET-AS StarHub Internet Exchange, SG),
Reverse DNS
cloudvps105.everseiko.com.sg
Software
/
Resource Hash
33e00abdae0b7f4e5927133b79b8322917a025d2bc897f6107ffdc18fcc07d4a

Request headers

Referer
http://account-garena.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

Date
Fri, 25 Aug 2017 20:00:40 GMT
Content-Encoding
gzip
Last-Modified
Mon, 22 May 2017 10:54:46 GMT
ETag
W/"5922c376-5e2e"
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
max-age=2592000
Transfer-Encoding
chunked
Connection
keep-alive
Expires
Sun, 24 Sep 2017 20:00:40 GMT
jsapi
www.google.com/
25 KB
6 KB
Script
General
Full URL
http://www.google.com/jsapi
Requested by
Host: account-garena.com
URL: http://account-garena.com/
Protocol
HTTP/1.1
Server
2a00:1450:401b:801::2004 , Ireland, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
Software
GSE /
Resource Hash
6131ccdad72628412191071444a3e08b20d4de2a0717f1c59c7a2b6edf3be5b1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://account-garena.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

Date
Fri, 25 Aug 2017 20:00:40 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Server
GSE
X-Frame-Options
SAMEORIGIN
Content-Type
text/javascript; charset=utf-8
Cache-Control
private, max-age=3600, must-revalidate
Vary
Accept-Encoding
Content-Length
6162
X-XSS-Protection
1; mode=block
Expires
Fri, 25 Aug 2017 20:00:40 GMT
jsbn.js
cdn.garenanow.com/webmain/static/js/
15 KB
5 KB
Script
General
Full URL
http://cdn.garenanow.com/webmain/static/js/jsbn.js
Requested by
Host: account-garena.com
URL: http://account-garena.com/
Protocol
HTTP/1.1
Server
2.20.189.139 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
Apache /
Resource Hash
61de67d61cf9977a30ebbd11f82570d4472620e3e15af06e4c6564d96faa091a

Request headers

Referer
http://account-garena.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

Date
Fri, 25 Aug 2017 20:00:40 GMT
Content-Encoding
gzip
Last-Modified
Wed, 16 May 2012 05:47:24 GMT
Server
Apache
ETag
"2a4325e2473367762683c8cfaa431e5e:1337147244"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
5125
prng4.js
cdn.garenanow.com/webmain/static/js/
1009 B
478 B
Script
General
Full URL
http://cdn.garenanow.com/webmain/static/js/prng4.js
Requested by
Host: account-garena.com
URL: http://account-garena.com/
Protocol
HTTP/1.1
Server
2.20.189.139 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
Apache /
Resource Hash
9f27554859db05d776233142664db7d65867d6b52e9ada830c7e2fe50df91718

Request headers

Referer
http://account-garena.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

Date
Fri, 25 Aug 2017 20:00:40 GMT
Content-Encoding
gzip
Last-Modified
Wed, 16 May 2012 05:47:18 GMT
Server
Apache
ETag
"e5918399f7a38295d617eb78ccfb255b:1337147238"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
478
rng.js
cdn.garenanow.com/webmain/static/js/
2 KB
811 B
Script
General
Full URL
http://cdn.garenanow.com/webmain/static/js/rng.js
Requested by
Host: account-garena.com
URL: http://account-garena.com/
Protocol
HTTP/1.1
Server
2.20.189.139 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
Apache /
Resource Hash
13a4bbc07313a1f6cd9adf38adbb512c63369e7e99ffc9477de764dd3e88f174

Request headers

Referer
http://account-garena.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

Date
Fri, 25 Aug 2017 20:00:40 GMT
Content-Encoding
gzip
Last-Modified
Wed, 16 May 2012 05:47:15 GMT
Server
Apache
ETag
"015302b7d458a2d1804caceba805be3f:1337147236"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
811
rsa.js
cdn.garenanow.com/webmain/static/js/
3 KB
1 KB
Script
General
Full URL
http://cdn.garenanow.com/webmain/static/js/rsa.js
Requested by
Host: account-garena.com
URL: http://account-garena.com/
Protocol
HTTP/1.1
Server
2.20.189.139 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
Apache /
Resource Hash
e35376a7e422bfacb8c2d2e2b797cee63ac6db16471f4348ae356db0f5294208

Request headers

Referer
http://account-garena.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

Date
Fri, 25 Aug 2017 20:00:40 GMT
Content-Encoding
gzip
Last-Modified
Wed, 16 May 2012 05:47:10 GMT
Server
Apache
ETag
"850577550a13eb3b22c72912b3a67fa8:1337147230"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1088
grsa.js
cdn.garenanow.com/webmain/static/js/
670 B
670 B
Script
General
Full URL
http://cdn.garenanow.com/webmain/static/js/grsa.js
Requested by
Host: account-garena.com
URL: http://account-garena.com/
Protocol
HTTP/1.1
Server
2.20.189.139 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
Apache /
Resource Hash
65a247c842f47fe4b62e399f94b3aa46382320934fef8ef77609e6dad3515a4c

Request headers

Referer
http://account-garena.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

Date
Fri, 25 Aug 2017 20:00:40 GMT
Last-Modified
Wed, 16 May 2012 05:47:32 GMT
Server
Apache
ETag
"2c89fbf72de22e91cb119f387b35f3de:1337147252"
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
670
header_garena.png
sso.garena.com/images/
11 KB
11 KB
Image
General
Full URL
https://sso.garena.com/images/header_garena.png
Requested by
Host: account-garena.com
URL: http://account-garena.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
203.116.173.105 Singapore, Singapore, ASN4657 (STARHUBINTERNET-AS StarHub Internet Exchange, SG),
Reverse DNS
cloudvps105.everseiko.com.sg
Software
/
Resource Hash
3a2e97410c23def10b030c03197a1546fa4b65e1607123a529c84df853486015

Request headers

Referer
http://account-garena.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

Date
Fri, 25 Aug 2017 20:00:40 GMT
Last-Modified
Mon, 22 May 2017 10:54:46 GMT
ETag
"5922c376-2bc6"
Content-Type
image/png
Cache-Control
max-age=2592000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
11206
Expires
Sun, 24 Sep 2017 20:00:40 GMT
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.5.0/
82 KB
29 KB
Script
General
Full URL
http://ajax.googleapis.com/ajax/libs/jquery/1.5.0/jquery.min.js
Requested by
Host: www.google.com
URL: http://www.google.com/jsapi
Protocol
HTTP/1.1
Server
2a00:1450:4001:806::200a , Ireland, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
Software
sffe /
Resource Hash
229278f6a9c1c27fc55bec50f06548fe64c2629f59f462d50cac28e65bb93a83
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://account-garena.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date
Mon, 07 Aug 2017 12:02:28 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Tue, 20 Dec 2016 18:17:03 GMT
Server
sffe
Age
1583892
Vary
Accept-Encoding
Content-Type
text/javascript; charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000, stale-while-revalidate=2592000
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
29519
X-XSS-Protection
1; mode=block
Expires
Tue, 07 Aug 2018 12:02:28 GMT
bg.png
sso.garena.com/images/
2 KB
2 KB
Image
General
Full URL
https://sso.garena.com/images/bg.png
Requested by
Host: ajax.googleapis.com
URL: http://ajax.googleapis.com/ajax/libs/jquery/1.5.0/jquery.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
203.116.173.105 Singapore, Singapore, ASN4657 (STARHUBINTERNET-AS StarHub Internet Exchange, SG),
Reverse DNS
cloudvps105.everseiko.com.sg
Software
/
Resource Hash
55ff8578db3a7e8d57214fb961b4c908ce5fd4bf66a53be77d989b1b16d82410

Request headers

Referer
https://sso.garena.com/css/sso.css?v=0.47
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

Date
Fri, 25 Aug 2017 20:00:40 GMT
Last-Modified
Mon, 22 May 2017 10:54:46 GMT
ETag
"5922c376-60e"
Content-Type
image/png
Cache-Control
max-age=2592000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1550
Expires
Sun, 24 Sep 2017 20:00:40 GMT
earth.png
sso.garena.com/images/
522 B
522 B
Image
General
Full URL
https://sso.garena.com/images/earth.png
Requested by
Host: ajax.googleapis.com
URL: http://ajax.googleapis.com/ajax/libs/jquery/1.5.0/jquery.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
203.116.173.105 Singapore, Singapore, ASN4657 (STARHUBINTERNET-AS StarHub Internet Exchange, SG),
Reverse DNS
cloudvps105.everseiko.com.sg
Software
/
Resource Hash
85af81f91c93450bb15d6f7f75ca7e96fcbda0b12cc4a6fb9bf04bff4783600c

Request headers

Referer
https://sso.garena.com/css/sso.css?v=0.47
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

Date
Fri, 25 Aug 2017 20:00:41 GMT
Last-Modified
Mon, 22 May 2017 10:54:46 GMT
ETag
"5922c376-20a"
Content-Type
image/png
Cache-Control
max-age=2592000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
522
Expires
Sun, 24 Sep 2017 20:00:41 GMT
logo-facebook.png
sso.garena.com/images/
6 KB
6 KB
Image
General
Full URL
https://sso.garena.com/images/logo-facebook.png
Requested by
Host: ajax.googleapis.com
URL: http://ajax.googleapis.com/ajax/libs/jquery/1.5.0/jquery.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
203.116.173.105 Singapore, Singapore, ASN4657 (STARHUBINTERNET-AS StarHub Internet Exchange, SG),
Reverse DNS
cloudvps105.everseiko.com.sg
Software
/
Resource Hash
bf7207bcd39f56d9113027d68b8ad4fda3afb3520ff27e4e261061054a20ef0a

Request headers

Referer
https://sso.garena.com/css/sso.css?v=0.47
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

Date
Fri, 25 Aug 2017 20:00:41 GMT
Last-Modified
Mon, 22 May 2017 10:54:46 GMT
ETag
"5922c376-16d1"
Content-Type
image/png
Cache-Control
max-age=2592000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
5841
Expires
Sun, 24 Sep 2017 20:00:41 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Garena Free Fire (Gaming)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Domain/Path Name / Value
account-garena.com/ Name: PHPSESSID
Value: ac2744046sbuds2b0djiivllq7