![](/screenshots/42068fea-c2d9-4984-87fd-597e31b6581a.png)
crimson-cell-4c00.9kgfjtlv.workers.dev
Open in
urlscan Pro
104.21.55.199
Malicious Activity!
Public Scan
Effective URL: https://crimson-cell-4c00.9kgfjtlv.workers.dev/fb7c0231-2d60-4f0c-9362-4f15181bc4ff
Submission: On February 02 via api from US — Scanned from US
Summary
TLS certificate: Issued by GTS CA 1P5 on December 8th 2023. Valid for: 3 months.
This is the only time crimson-cell-4c00.9kgfjtlv.workers.dev was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Ourtime.com (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 104.21.55.199 104.21.55.199 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 151.101.66.137 151.101.66.137 | 54113 (FASTLY) (FASTLY) | |
1 | () () | ||
15 | 104.21.77.153 104.21.77.153 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
18 | 4 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
17 |
workers.dev
crimson-cell-4c00.9kgfjtlv.workers.dev api.rename-service0.workers.dev |
1 MB |
1 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 760 |
30 KB |
18 | 2 |
Domain | Requested by | |
---|---|---|
15 | api.rename-service0.workers.dev |
crimson-cell-4c00.9kgfjtlv.workers.dev
|
2 | crimson-cell-4c00.9kgfjtlv.workers.dev |
crimson-cell-4c00.9kgfjtlv.workers.dev
|
1 | code.jquery.com |
crimson-cell-4c00.9kgfjtlv.workers.dev
|
18 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.ourtime.com |
www.match.com |
www.matchmediagroup.com |
www.chemistry.com |
www.blackpeoplemeet.com |
www.bbpeoplemeet.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
9kgfjtlv.workers.dev GTS CA 1P5 |
2023-12-08 - 2024-03-07 |
3 months | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2023-07-11 - 2024-07-14 |
a year | crt.sh |
rename-service0.workers.dev GTS CA 1P5 |
2023-12-10 - 2024-03-09 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://crimson-cell-4c00.9kgfjtlv.workers.dev/fb7c0231-2d60-4f0c-9362-4f15181bc4ff
Frame ID: 986458CAB411049A1DE1231B4F64921A
Requests: 18 HTTP requests in this frame
Screenshot
![](/screenshots/42068fea-c2d9-4984-87fd-597e31b6581a.png)
Page Title
OurTime.com - The 50+ Single NetworkPage URL History Show full URLs
-
http://crimson-cell-4c00.9kgfjtlv.workers.dev/fb7c0231-2d60-4f0c-9362-4f15181bc4ff
HTTP 307
https://crimson-cell-4c00.9kgfjtlv.workers.dev/fb7c0231-2d60-4f0c-9362-4f15181bc4ff Page URL
Detected technologies
Detected patterns
- moment(?:\.min)?\.js
![](/vendor/wappa/icons/OneTrust.png)
Detected patterns
- otSDKStub\.js
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Detected patterns
- jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?
Page Statistics
8 Outgoing links
These are links going to different origins than the main page.
Title: home
Search URL Search Domain Scan URL
Title: billing
Search URL Search Domain Scan URL
Title: careers
Search URL Search Domain Scan URL
Title: advertise with us
Search URL Search Domain Scan URL
Title: Match.com
Search URL Search Domain Scan URL
Title: Chemistry.com
Search URL Search Domain Scan URL
Title: Black Singles
Search URL Search Domain Scan URL
Title: Big and Beautiful
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://crimson-cell-4c00.9kgfjtlv.workers.dev/fb7c0231-2d60-4f0c-9362-4f15181bc4ff
HTTP 307
https://crimson-cell-4c00.9kgfjtlv.workers.dev/fb7c0231-2d60-4f0c-9362-4f15181bc4ff Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
18 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
fb7c0231-2d60-4f0c-9362-4f15181bc4ff
crimson-cell-4c00.9kgfjtlv.workers.dev/ Redirect Chain
|
6 MB 1 MB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.4.1.min.js
code.jquery.com/ |
86 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET BLOB |
71e41aed-9a98-47f8-84e5-758939402f04
https://crimson-cell-4c00.9kgfjtlv.workers.dev/ |
5 MB 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
otSDKStub.js
api.rename-service0.workers.dev/ |
0 0 |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
api.rename-service0.workers.dev/ |
0 0 |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.5.1.min.js
api.rename-service0.workers.dev/ |
0 0 |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-migrate-3.3.1.min.js
api.rename-service0.workers.dev/ |
0 0 |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
moment.min.js
api.rename-service0.workers.dev/ |
0 0 |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
heagregauwe.png
api.rename-service0.workers.dev/ |
36 B 36 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
api.rename-service0.workers.dev/ |
0 0 |
Stylesheet
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
api.rename-service0.workers.dev/ |
0 0 |
Stylesheet
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
api.rename-service0.workers.dev/ |
0 0 |
Stylesheet
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
api.rename-service0.workers.dev/ |
0 0 |
Stylesheet
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
font-1.2.css
api.rename-service0.workers.dev/ |
0 0 |
Stylesheet
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
redesign_fonts.css
api.rename-service0.workers.dev/ |
0 0 |
Stylesheet
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
base_external.css
api.rename-service0.workers.dev/ |
0 0 |
Stylesheet
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
166.css
api.rename-service0.workers.dev/ |
0 0 |
Stylesheet
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
theme.css
api.rename-service0.workers.dev/ |
0 0 |
Stylesheet
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Ourtime.com (Online)91 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
string| s string| m function| OptanonWrapper object| _gaq object| dataLayer undefined| $jq function| lIii6Y4cA56Nc1o2nfu6se6iiii function| llllL6y4CA56nc1o2nfu6se6llll string| aWHf61 string| W2SFoT string| B0s3ww1 string| E7H9m8A string| VT96fv string| BzAb8R string| Bs20TF string| LFXzNo string| srULNr object| ABYgDlv function| fKogWK object| ldAwoZ number| IfA7cM object| l02AuU string| QMmXqD string| naezRbI string| VYNoN4A string| cuMvnt string| ghAJqT string| IvHs2Q string| cjMfwR string| K6dPZur string| PAbcTt string| ls9reA string| If5T9G string| jA3pXfj string| OMu5cU string| KXJjuZV string| kfZtRd9 string| Ci9ZUg string| BYUO6CY string| BP4r_A string| L5oXmqf string| QTqSIGd string| LBm6IS string| ne_Wwx string| EEckqWU string| ruwXoZ string| GNnOFT string| qoZTKYP string| SMzUN2 string| CR0bJgL string| iIrvtRk string| XTFiwu string| cmTtjL string| nTeqaCy string| vwnnHfG string| MXJZjs4 string| QIWmcvl string| UMkVWZe string| CDKStUz string| N5eSAwb string| QlzJv6d string| vfqx9jf string| J5fvfC string| piPA5d string| MLDuvb function| llll6y4ca56nc1o2nfu6se6lli string| Z9zmFsS object| sxiU7S object| Ia5LbO object| lyWk4g object| tiXwSke function| GQZ3un function| LmuIbwU undefined| EUSmbfr string| ACQgQvy string| Ewdvu8 string| x6pkVT string| kLexcI undefined| J1mQsk function| oyGM4F9 function| BL1EzDG function| nQiSjmV function| CztKnfD function| qUgGpmq function| liii6y4ca56nc1o2nfu6se6iiii function| iiii6y4ca56nc1o2nfu6se6iiii function| QCfjN20 function| od9xCKc function| W1F_BA function| llll6y4ca56nc1o2nfu6se6lii function| unlockPage0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
21 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
api.rename-service0.workers.dev
code.jquery.com
crimson-cell-4c00.9kgfjtlv.workers.dev
104.21.55.199
104.21.77.153
151.101.66.137
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
37654822c55b44f83a5a0f8ee79e1a2b0b0882381e0cefcd309d035c1c6d05df
c7c2bd5839e8e9670231e8ee91d990eb97c2bc39af6a9569c19dc4a25d2fd7ee
f59cd25938eafdfa23acc5e69625d1b31f6dde981ba835c700ed3dd3dc2474e2