crimson-cell-4c00.9kgfjtlv.workers.dev Open in urlscan Pro
104.21.55.199 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://crimson-cell-4c00.9kgfjtlv.workers.dev/fb7c0231-2d60-4f0c-9362-4f15181bc4ff
Effective URL:
https://crimson-cell-4c00.9kgfjtlv.workers.dev/fb7c0231-2d60-4f0c-9362-4f15181bc4ff
Submission: On February 02 via api (February 2nd 2024, 9:17:29 pm UTC) from US — Scanned from US

Summary HTTP 18 Redirects Links 8 Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 2 domains to perform 18 HTTP transactions. The main IP is 104.21.55.199, located in and belongs to CLOUDFLARENET, US. The main domain is crimson-cell-4c00.9kgfjtlv.workers.dev.
TLS certificate: Issued by GTS CA 1P5 on December 8th 2023. Valid for: 3 months.

This is the only time crimson-cell-4c00.9kgfjtlv.workers.dev was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Ourtime.com (Online)

Domain & IP information

	IP Address	AS Autonomous System
1	104.21.55.199 104.21.55.199	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	151.101.66.137 151.101.66.137	54113 (FASTLY) (FASTLY)
1		() ()
15	104.21.77.153 104.21.77.153	13335 (CLOUDFLAR...) (CLOUDFLARENET)
18	4

1 104.21.55.199 (None, )

ASN13335 (CLOUDFLARENET, US)

crimson-cell-4c00.9kgfjtlv.workers.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.66.137 (United States)

ASN54113 (FASTLY, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 (None, )

ASN- ()

crimson-cell-4c00.9kgfjtlv.workers.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 104.21.77.153 (None, )

ASN13335 (CLOUDFLARENET, US)

api.rename-service0.workers.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
17	workers.dev crimson-cell-4c00.9kgfjtlv.workers.dev api.rename-service0.workers.dev	1 MB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 760	30 KB
18	2

	Domain	Requested by
15	api.rename-service0.workers.dev	crimson-cell-4c00.9kgfjtlv.workers.dev
2	crimson-cell-4c00.9kgfjtlv.workers.dev	crimson-cell-4c00.9kgfjtlv.workers.dev
1	code.jquery.com	crimson-cell-4c00.9kgfjtlv.workers.dev
18	3

This site contains links to these domains. Also see Links.

Domain
www.ourtime.com
www.match.com
www.matchmediagroup.com
www.chemistry.com
www.blackpeoplemeet.com
www.bbpeoplemeet.com

Subject Issuer	Validity	Valid
9kgfjtlv.workers.dev GTS CA 1P5	`2023-12-08` - `2024-03-07`	3 months	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2023-07-11` - `2024-07-14`	a year	crt.sh
rename-service0.workers.dev GTS CA 1P5	`2023-12-10` - `2024-03-09`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://crimson-cell-4c00.9kgfjtlv.workers.dev/fb7c0231-2d60-4f0c-9362-4f15181bc4ff
Frame ID: 986458CAB411049A1DE1231B4F64921A
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

OurTime.com - The 50+ Single Network

Page URL History Show full URLs

http://crimson-cell-4c00.9kgfjtlv.workers.dev/fb7c0231-2d60-4f0c-9362-4f15181bc4ff HTTP 307
https://crimson-cell-4c00.9kgfjtlv.workers.dev/fb7c0231-2d60-4f0c-9362-4f15181bc4ff Page URL

Detected technologies

Moment.js (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

moment(?:\.min)?\.js

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

otSDKStub\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

18
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

3
Subdomains

4
IPs

2
Countries

1170 kB
Transfer

11533 kB
Size

0
Cookies

8 Outgoing links

These are links going to different origins than the main page.

URL: https://www.ourtime.com/?notrack
Title: home

Search URL Search Domain Scan URL

URL: https://www.ourtime.com/v3/billing/
Title: billing

Search URL Search Domain Scan URL

URL: https://www.match.com/cp/careers/CurrentOpenings.html
Title: careers

Search URL Search Domain Scan URL

URL: https://www.matchmediagroup.com/
Title: advertise with us

Search URL Search Domain Scan URL

URL: https://www.match.com/
Title: Match.com

Search URL Search Domain Scan URL

URL: https://www.chemistry.com/
Title: Chemistry.com

Search URL Search Domain Scan URL

URL: https://www.blackpeoplemeet.com/?notrack
Title: Black Singles

Search URL Search Domain Scan URL

URL: https://www.bbpeoplemeet.com/?notrack
Title: Big and Beautiful

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://crimson-cell-4c00.9kgfjtlv.workers.dev/fb7c0231-2d60-4f0c-9362-4f15181bc4ff HTTP 307
https://crimson-cell-4c00.9kgfjtlv.workers.dev/fb7c0231-2d60-4f0c-9362-4f15181bc4ff Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request fb7c0231-2d60-4f0c-9362-4f15181bc4ff Show response crimson-cell-4c00.9kgfjtlv.workers.dev/ Redirect Chain http://crimson-cell-4c00.9kgfjtlv.workers.dev/fb7c0231-2d60-4f0c-9362-4f15181bc4ff https://crimson-cell-4c00.9kgfjtlv.workers.dev/fb7c0231-2d60-4f0c-9362-4f15181bc4ff	6 MB 1 MB	267ms 136ms	Document text/html	104.21.55.199 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://crimson-cell-4c00.9kgfjtlv.workers.dev/fb7c0231-2d60-4f0c-9362-4f15181bc4ff Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.21.55.199 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `37654822c55b44f83a5a0f8ee79e1a2b0b0882381e0cefcd309d035c1c6d05df` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36 accept-language en-US,en;q=0.9 Response headers alt-svc h3=":443"; ma=86400 cf-ray 84f575bc7914eb12-DFW content-encoding br content-type text/html;charset=UTF-8 date Fri, 02 Feb 2024 21:17:15 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BDLNjJxVO7oiAr4cm3XfGZLHAjgi4%2FvUbtcB88HxCEgTJBnklBsW79AT2bzjEIIBRx5L8ridf%2BS3OVSR%2F2d4cAeANweRnCmBSu5KCAipa8ORrWus3nwYzrwc7Y2BRz3LWddrL8lKsIPq%2FW8KBXFyqk9H8nQvfhx8tw%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding Redirect headers Cross-Origin-Resource-Policy Cross-Origin Location https://crimson-cell-4c00.9kgfjtlv.workers.dev/fb7c0231-2d60-4f0c-9362-4f15181bc4ff Non-Authoritative-Reason HSTS
GET H2	200	jquery-3.4.1.min.js Show response code.jquery.com/	86 KB 30 KB	131ms 41ms	Script application/javascript	151.101.66.137 FASTLY
General Check archive.org Show headers Download Go to Full URL https://code.jquery.com/jquery-3.4.1.min.js Requested by Host: crimson-cell-4c00.9kgfjtlv.workers.dev URL: https://crimson-cell-4c00.9kgfjtlv.workers.dev/fb7c0231-2d60-4f0c-9362-4f15181bc4ff Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.66.137 , United States, ASN54113 (FASTLY, US), Reverse DNS Software nginx / Resource Hash `0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a` Request headers accept-language en-US,en;q=0.9 Referer https://crimson-cell-4c00.9kgfjtlv.workers.dev/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36 Response headers date Fri, 02 Feb 2024 21:17:15 GMT content-encoding gzip via 1.1 varnish, 1.1 varnish age 2225718 x-cache HIT, HIT content-length 30638 x-served-by cache-lga21965-LGA, cache-dfw-kdfw8210153-DFW last-modified Fri, 18 Oct 1991 12:00:00 GMT server nginx x-timer S1706908636.827591,VS0,VE0 etag W/"28feccc0-15851" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=31536000, stale-while-revalidate=604800 accept-ranges bytes x-cache-hits 155360, 11629
GET BLOB	200 OK	71e41aed-9a98-47f8-84e5-758939402f04 Show response https://crimson-cell-4c00.9kgfjtlv.workers.dev/	5 MB 0		Document text/html
General Check archive.org Show headers Download Go to Full URL blob:https://crimson-cell-4c00.9kgfjtlv.workers.dev/71e41aed-9a98-47f8-84e5-758939402f04 Requested by Host: crimson-cell-4c00.9kgfjtlv.workers.dev URL: https://crimson-cell-4c00.9kgfjtlv.workers.dev/fb7c0231-2d60-4f0c-9362-4f15181bc4ff Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash `c7c2bd5839e8e9670231e8ee91d990eb97c2bc39af6a9569c19dc4a25d2fd7ee` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36 accept-language en-US,en;q=0.9 Response headers Content-Length 5022903 Content-Type text/html
GET H2	500	otSDKStub.js api.rename-service0.workers.dev/	0 0	233ms 71ms	Script text/plain	104.21.77.153 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api.rename-service0.workers.dev/otSDKStub.js Requested by Host: crimson-cell-4c00.9kgfjtlv.workers.dev URL: https://crimson-cell-4c00.9kgfjtlv.workers.dev/fb7c0231-2d60-4f0c-9362-4f15181bc4ff Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.21.77.153 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Referer accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" Response headers date Fri, 02 Feb 2024 21:17:18 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xhhzOs9ORxkIP1EkclDkiltHRlPRVO1BsTrqLN1He5ikk6aR7kf6Zo0XnJmpB5yHFmXRjRrG%2BhOHcvFaHLpfxo%2F9ZsyYOSunsXY6wJpxMUuEap12OQcHagoiwUukDsMQQiPcbXAV1g9P9OpiXjzm5Y9c"}],"group":"cf-nel","max_age":604800} content-type text/plain;charset=UTF-8 cf-ray 84f575cbefe16c34-DFW alt-svc h3=":443"; ma=86400 content-length 36
GET H2	500	js api.rename-service0.workers.dev/	0 0	183ms 67ms	Script text/plain	104.21.77.153 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api.rename-service0.workers.dev/js?id=UA-1817027-45 Requested by Host: crimson-cell-4c00.9kgfjtlv.workers.dev URL: https://crimson-cell-4c00.9kgfjtlv.workers.dev/fb7c0231-2d60-4f0c-9362-4f15181bc4ff Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.21.77.153 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Referer accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" Response headers date Fri, 02 Feb 2024 21:17:18 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ARx1B5BTlrNMSkp2SwoV84yfzBPcGLujriN6eCJgyuRVozalBcNkL34HlUBwFtPpSzFsAo41InlIdB0X75DaNdp1aBNUzaIOfdXNM9DNxz7EGhVUInKOIIDgdKPJTCQKKwz5rVFFaOu%2BQD5fvl4oG9tE"}],"group":"cf-nel","max_age":604800} content-type text/plain;charset=UTF-8 cf-ray 84f575cbefdb6c34-DFW alt-svc h3=":443"; ma=86400 content-length 36
GET H2	500	jquery-3.5.1.min.js api.rename-service0.workers.dev/	0 0	184ms 68ms	Script text/plain	104.21.77.153 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api.rename-service0.workers.dev/jquery-3.5.1.min.js Requested by Host: crimson-cell-4c00.9kgfjtlv.workers.dev URL: https://crimson-cell-4c00.9kgfjtlv.workers.dev/fb7c0231-2d60-4f0c-9362-4f15181bc4ff Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.21.77.153 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Referer accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" Response headers date Fri, 02 Feb 2024 21:17:18 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=669thUmttKebvJZinwsFFJdWzwHWQqlXFhGgUwaUdCtSpYwiSL0yQR60L%2FIsCdsWQbhIWll3lcU%2BGDweJdyx0Agcxohdv3YCXoPGsmsFKXU6OnSOPvVu5NlFXpvrXiwz0t%2BPCImDXiqCDdtcDQ3EJ8fz"}],"group":"cf-nel","max_age":604800} content-type text/plain;charset=UTF-8 cf-ray 84f575cbefdd6c34-DFW alt-svc h3=":443"; ma=86400 content-length 36
GET H2	500	jquery-migrate-3.3.1.min.js api.rename-service0.workers.dev/	0 0	181ms 66ms	Script text/plain	104.21.77.153 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api.rename-service0.workers.dev/jquery-migrate-3.3.1.min.js Requested by Host: crimson-cell-4c00.9kgfjtlv.workers.dev URL: https://crimson-cell-4c00.9kgfjtlv.workers.dev/fb7c0231-2d60-4f0c-9362-4f15181bc4ff Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.21.77.153 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Referer accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" Response headers date Fri, 02 Feb 2024 21:17:18 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xRMWwNKI7FfGyWLTyCpirpR4MfxM9N77DPpHJ196%2FPX1Kzygg%2F7OSycqJXbyg1yocCFWJ8a%2F7qI%2FT2RWJfv%2Bv8TpALU%2B5AM0ge7oRGylZF6%2FW%2FhexreMoula4Y2B4EG29Il4K1koeMo%2Fm60I2CPC8n9F"}],"group":"cf-nel","max_age":604800} content-type text/plain;charset=UTF-8 cf-ray 84f575cbefda6c34-DFW alt-svc h3=":443"; ma=86400 content-length 36
GET H2	500	moment.min.js api.rename-service0.workers.dev/	0 0	186ms 70ms	Script text/plain	104.21.77.153 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api.rename-service0.workers.dev/moment.min.js Requested by Host: crimson-cell-4c00.9kgfjtlv.workers.dev URL: https://crimson-cell-4c00.9kgfjtlv.workers.dev/fb7c0231-2d60-4f0c-9362-4f15181bc4ff Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.21.77.153 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Referer accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" Response headers date Fri, 02 Feb 2024 21:17:18 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TbnPD8DASoZiD%2BWFlnLgYlaDPm%2F5Z3tzojgCCSuSpfTNyrhHyCoI%2BZCr8ollCqKtmRuEg1PRXZw9ihQqpQ%2F2ZnRZ9ZrDSvqVPOzBclECqKgrwcbxf%2FGOymzgk1CkA2qxoZK3do8ph7AbFr5xpkIfGRR%2B"}],"group":"cf-nel","max_age":604800} content-type text/plain;charset=UTF-8 cf-ray 84f575cbefd66c34-DFW alt-svc h3=":443"; ma=86400 content-length 36
GET H2	500	heagregauwe.png api.rename-service0.workers.dev/	36 B 36 B	91ms 71ms	Image text/plain	104.21.77.153 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://api.rename-service0.workers.dev/heagregauwe.png Requested by Host: crimson-cell-4c00.9kgfjtlv.workers.dev URL: https://crimson-cell-4c00.9kgfjtlv.workers.dev/fb7c0231-2d60-4f0c-9362-4f15181bc4ff Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.21.77.153 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `f59cd25938eafdfa23acc5e69625d1b31f6dde981ba835c700ed3dd3dc2474e2` Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36 Response headers date Fri, 02 Feb 2024 21:17:18 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vI60kEnftsHRjd6lRjmYNWYAija9OGCSO%2B1OoUjpOrYj1kG%2FSPzmPfOooeDnzd2O3Eo1roX0%2FgVnSOle50hFsCXSXn9qLlUTkIKZG5j8yknj1%2BCuhz7bMEN3dEWpvkUZgJT98rpnFqxrJ%2Fng1E5mF7kS"}],"group":"cf-nel","max_age":604800} content-type text/plain;charset=UTF-8 cf-ray 84f575cc88916c34-DFW alt-svc h3=":443"; ma=86400 content-length 36
GET H2	500	css api.rename-service0.workers.dev/	0 0	76ms 63ms	Stylesheet text/plain	104.21.77.153 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api.rename-service0.workers.dev/css?family=PT+Sans:400 Requested by Host: crimson-cell-4c00.9kgfjtlv.workers.dev URL: blob:https://crimson-cell-4c00.9kgfjtlv.workers.dev/71e41aed-9a98-47f8-84e5-758939402f04 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.21.77.153 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36 Response headers date Fri, 02 Feb 2024 21:17:18 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5G4mfvggs35kvcqFtTxkeAMFMMZkW60BLBsWQ4V6pgM3o%2FvlHJPIhs74jttsN72y7%2FAvFLmLXTHBoYOTRSn4KPDgKKPVPFdimQeedPaav7Qlj6vVpQXrTo%2B1VucQyXR8g6CZEX5vZmmauj%2FxJBFxWV7s"}],"group":"cf-nel","max_age":604800} content-type text/plain;charset=UTF-8 cf-ray 84f575cc88846c34-DFW alt-svc h3=":443"; ma=86400 content-length 36
GET H2	500	css api.rename-service0.workers.dev/	0 0	72ms 60ms	Stylesheet text/plain	104.21.77.153 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api.rename-service0.workers.dev/css?family=PT+Sans:700 Requested by Host: crimson-cell-4c00.9kgfjtlv.workers.dev URL: blob:https://crimson-cell-4c00.9kgfjtlv.workers.dev/71e41aed-9a98-47f8-84e5-758939402f04 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.21.77.153 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36 Response headers date Fri, 02 Feb 2024 21:17:18 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7zEOLTHDaY%2FJeio3Gf5XQ38m6oR2zMa%2F%2FHZdjH85mb%2FhiKyGjpzoQ3SSEq7pAePUWSgBMTaSng%2BtFn7d9JX9jER7pSrHF%2FahL4601%2BtJ%2FNrT5hz45H8IrJPFmj3RnkvlHjtkpC0UgMZ3jgGCGugFsNZd"}],"group":"cf-nel","max_age":604800} content-type text/plain;charset=UTF-8 cf-ray 84f575cc88866c34-DFW alt-svc h3=":443"; ma=86400 content-length 36
GET H2	500	css api.rename-service0.workers.dev/	0 0	74ms 64ms	Stylesheet text/plain	104.21.77.153 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api.rename-service0.workers.dev/css?family=PT+Sans:400italic Requested by Host: crimson-cell-4c00.9kgfjtlv.workers.dev URL: blob:https://crimson-cell-4c00.9kgfjtlv.workers.dev/71e41aed-9a98-47f8-84e5-758939402f04 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.21.77.153 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36 Response headers date Fri, 02 Feb 2024 21:17:18 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4K3NT%2Bs06QwO%2BoLUSLSAHv%2FN3mGnq85v6xcE5DycTY39e%2F62uF9FHZ6T7srJPdNpPzVEolU5OaV3m99kc0%2FtYQTfnld4izM73evtlgPDVYVmp%2FlPK0O10sxShgleOz7CAilQDEA7pytClux8O5w4hJK3"}],"group":"cf-nel","max_age":604800} content-type text/plain;charset=UTF-8 cf-ray 84f575cc88886c34-DFW alt-svc h3=":443"; ma=86400 content-length 36
GET H2	500	css api.rename-service0.workers.dev/	0 0	77ms 68ms	Stylesheet text/plain	104.21.77.153 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api.rename-service0.workers.dev/css?family=PT+Sans:700italic Requested by Host: crimson-cell-4c00.9kgfjtlv.workers.dev URL: blob:https://crimson-cell-4c00.9kgfjtlv.workers.dev/71e41aed-9a98-47f8-84e5-758939402f04 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.21.77.153 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36 Response headers date Fri, 02 Feb 2024 21:17:18 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CidYQZnUu212RtpKnknODdrpvk1tDdxsOyC3ugnrNhd4SM7TZPzx2Ju2b0EXvEftZ0PVR4LqACF2p96h3T3B8dGlyF%2BzRPIJQ%2BJOehlxzmlTYjf2uUVk%2FZqTNZk3SI3vM1OTiehmaW7fW5kHnmj1SdHl"}],"group":"cf-nel","max_age":604800} content-type text/plain;charset=UTF-8 cf-ray 84f575cc888a6c34-DFW alt-svc h3=":443"; ma=86400 content-length 36
GET H2	500	font-1.2.css api.rename-service0.workers.dev/	0 0	70ms 62ms	Stylesheet text/plain	104.21.77.153 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api.rename-service0.workers.dev/font-1.2.css Requested by Host: crimson-cell-4c00.9kgfjtlv.workers.dev URL: blob:https://crimson-cell-4c00.9kgfjtlv.workers.dev/71e41aed-9a98-47f8-84e5-758939402f04 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.21.77.153 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36 Response headers date Fri, 02 Feb 2024 21:17:18 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BaBI8%2F%2B%2Bv%2FXZehtmTzy8BgYbUt9Qmr2%2BCwEbS1R3lXFUTjPcTAK9pLa3yD5AxqVbyPsF3ycurWcSptudcPSqcioDV1dj69ofCfP5QjIXi3dkv%2FnL%2Bkx0IvKcFUr60QVympXLysMc8UiYOIZynKEEpyzG"}],"group":"cf-nel","max_age":604800} content-type text/plain;charset=UTF-8 cf-ray 84f575cc888b6c34-DFW alt-svc h3=":443"; ma=86400 content-length 36
GET H2	500	redesign_fonts.css api.rename-service0.workers.dev/	0 0	73ms 65ms	Stylesheet text/plain	104.21.77.153 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api.rename-service0.workers.dev/redesign_fonts.css Requested by Host: crimson-cell-4c00.9kgfjtlv.workers.dev URL: blob:https://crimson-cell-4c00.9kgfjtlv.workers.dev/71e41aed-9a98-47f8-84e5-758939402f04 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.21.77.153 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36 Response headers date Fri, 02 Feb 2024 21:17:18 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Wio6Png2GBI1B12aOmJktbYqyCv7KJwTqeWsS9UaM3fYJe%2BPpZ9yVQxAgIp5BWlYJI6N63XHbBVPp4SRjjmAsFiDAMi2mf1YYH4XcrlcQZG4FeMqnS8pga2ZqUUXHfo4HxthFtR70aWfWhadsYi%2B2SCr"}],"group":"cf-nel","max_age":604800} content-type text/plain;charset=UTF-8 cf-ray 84f575cc888c6c34-DFW alt-svc h3=":443"; ma=86400 content-length 36
GET H2	500	base_external.css api.rename-service0.workers.dev/	0 0	77ms 70ms	Stylesheet text/plain	104.21.77.153 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api.rename-service0.workers.dev/base_external.css Requested by Host: crimson-cell-4c00.9kgfjtlv.workers.dev URL: blob:https://crimson-cell-4c00.9kgfjtlv.workers.dev/71e41aed-9a98-47f8-84e5-758939402f04 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.21.77.153 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36 Response headers date Fri, 02 Feb 2024 21:17:18 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EJO7ob8KvzKohYrYXJ0m5XnyzdnjN1OAaTfVmMwaxXe6Kn7UPt8VoLQ2oJG7nV02Y3t%2BcY1BXNkuZljXw6oGNbjehn99xafY5CBFRLxvnM2QbXzUXr9g29t0EgPClMp5fd9t7aPP6LMkho32mJlE%2FZFq"}],"group":"cf-nel","max_age":604800} content-type text/plain;charset=UTF-8 cf-ray 84f575cc888e6c34-DFW alt-svc h3=":443"; ma=86400 content-length 36
GET H2	500	166.css api.rename-service0.workers.dev/	0 0	72ms 67ms	Stylesheet text/plain	104.21.77.153 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api.rename-service0.workers.dev/166.css Requested by Host: crimson-cell-4c00.9kgfjtlv.workers.dev URL: blob:https://crimson-cell-4c00.9kgfjtlv.workers.dev/71e41aed-9a98-47f8-84e5-758939402f04 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.21.77.153 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36 Response headers date Fri, 02 Feb 2024 21:17:18 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CiRJhSHVMZrLaLIayjzlsYC3bO%2BTRCvxf8UEa5gIIIy8lNput6kFxWh5pEPbFsNtGO1TwUnUyvjJ19X2Gy%2B0lXlV1dMwM6NxqCdHjzRRBtF5ENbkGP62ddmcwmzw3JPGartioK%2FvvU4aohlWW0YpIM8H"}],"group":"cf-nel","max_age":604800} content-type text/plain;charset=UTF-8 cf-ray 84f575cc888f6c34-DFW alt-svc h3=":443"; ma=86400 content-length 36
GET H2	500	theme.css api.rename-service0.workers.dev/	0 0	73ms 68ms	Stylesheet text/plain	104.21.77.153 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api.rename-service0.workers.dev/theme.css Requested by Host: crimson-cell-4c00.9kgfjtlv.workers.dev URL: blob:https://crimson-cell-4c00.9kgfjtlv.workers.dev/71e41aed-9a98-47f8-84e5-758939402f04 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.21.77.153 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36 Response headers date Fri, 02 Feb 2024 21:17:18 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gZvTdtJY66oZZxU6fm%2Fvp1mJQwGHM9sQ40QipIEfluHZKitloqIBg8JPjHlGF27D1mo901zBrydKau%2Bva0wVXW820B%2FC7I2eetxldMDr0%2BCBcyWtH8K7a%2BuPUFL%2FU7qbjjQNfgiVi7oXU0bp2bCbuFg1"}],"group":"cf-nel","max_age":604800} content-type text/plain;charset=UTF-8 cf-ray 84f575cc88906c34-DFW alt-svc h3=":443"; ma=86400 content-length 36

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Ourtime.com (Online)

91 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

21 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	(Line 1) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://api.rename-service0.workers.dev/otSDKStub.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	(Line 1) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://api.rename-service0.workers.dev/otSDKStub.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	(Line 1) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://api.rename-service0.workers.dev/js?id=UA-1817027-45, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	(Line 1) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://api.rename-service0.workers.dev/jquery-3.5.1.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	(Line 1) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://api.rename-service0.workers.dev/jquery-migrate-3.3.1.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	(Line 1) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://api.rename-service0.workers.dev/moment.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network	error	URL: https://api.rename-service0.workers.dev/jquery-migrate-3.3.1.min.js Message: Failed to load resource: the server responded with a status of 500 ()
network	error	URL: https://api.rename-service0.workers.dev/js?id=UA-1817027-45 Message: Failed to load resource: the server responded with a status of 500 ()
network	error	URL: https://api.rename-service0.workers.dev/jquery-3.5.1.min.js Message: Failed to load resource: the server responded with a status of 500 ()
network	error	URL: https://api.rename-service0.workers.dev/moment.min.js Message: Failed to load resource: the server responded with a status of 500 ()
network	error	URL: https://api.rename-service0.workers.dev/otSDKStub.js Message: Failed to load resource: the server responded with a status of 500 ()
network	error	URL: https://api.rename-service0.workers.dev/css?family=PT+Sans:700 Message: Failed to load resource: the server responded with a status of 500 ()
network	error	URL: https://api.rename-service0.workers.dev/font-1.2.css Message: Failed to load resource: the server responded with a status of 500 ()
network	error	URL: https://api.rename-service0.workers.dev/css?family=PT+Sans:400 Message: Failed to load resource: the server responded with a status of 500 ()
network	error	URL: https://api.rename-service0.workers.dev/css?family=PT+Sans:400italic Message: Failed to load resource: the server responded with a status of 500 ()
network	error	URL: https://api.rename-service0.workers.dev/redesign_fonts.css Message: Failed to load resource: the server responded with a status of 500 ()
network	error	URL: https://api.rename-service0.workers.dev/166.css Message: Failed to load resource: the server responded with a status of 500 ()
network	error	URL: https://api.rename-service0.workers.dev/css?family=PT+Sans:700italic Message: Failed to load resource: the server responded with a status of 500 ()
network	error	URL: https://api.rename-service0.workers.dev/theme.css Message: Failed to load resource: the server responded with a status of 500 ()
network	error	URL: https://api.rename-service0.workers.dev/heagregauwe.png Message: Failed to load resource: the server responded with a status of 500 ()
network	error	URL: https://api.rename-service0.workers.dev/base_external.css Message: Failed to load resource: the server responded with a status of 500 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.rename-service0.workers.dev
code.jquery.com
crimson-cell-4c00.9kgfjtlv.workers.dev

104.21.55.199
104.21.77.153
151.101.66.137
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
37654822c55b44f83a5a0f8ee79e1a2b0b0882381e0cefcd309d035c1c6d05df
c7c2bd5839e8e9670231e8ee91d990eb97c2bc39af6a9569c19dc4a25d2fd7ee
f59cd25938eafdfa23acc5e69625d1b31f6dde981ba835c700ed3dd3dc2474e2

crimson-cell-4c00.9kgfjtlv.workers.dev Open in urlscan Pro 104.21.55.199 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

18 Requests

100 %HTTPS

0 %IPv6

2 Domains

3 Subdomains

4 IPs

2 Countries

1170 kBTransfer

11533 kBSize

0 Cookies

8 Outgoing links

Page URL History

Redirected requests

18 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

91 JavaScript Global Variables

0 Cookies

21 Console Messages

Indicators

crimson-cell-4c00.9kgfjtlv.workers.dev Open in urlscan Pro
104.21.55.199 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

18
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

3
Subdomains

4
IPs

2
Countries

1170 kB
Transfer

11533 kB
Size

0
Cookies

18 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!