![](/screenshots/ba5ee397-1b14-4d8a-88ea-fc3414dc5e62.png)
voice-chat-e42b.gzklq0kj.workers.dev
Open in
urlscan Pro
172.67.216.190
Malicious Activity!
Public Scan
Submission: On July 31 via automatic, source openphish — Scanned from DE
Summary
TLS certificate: Issued by WE1 on June 12th 2024. Valid for: 3 months.
This is the only time voice-chat-e42b.gzklq0kj.workers.dev was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Ourtime.com (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 172.67.216.190 172.67.216.190 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a04:4e42:600... 2a04:4e42:600::649 | 54113 (FASTLY) (FASTLY) | |
1 | () () | ||
14 | 172.67.209.83 172.67.209.83 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a00:1450:400... 2a00:1450:4001:80b::2003 | 15169 (GOOGLE) (GOOGLE) | |
20 | 6 |
ASN13335 (CLOUDFLARENET, US)
api.rename-service0.workers.dev | |
imgs.rename-service0.workers.dev |
Apex Domain Subdomains |
Transfer | |
---|---|---|
16 |
workers.dev
voice-chat-e42b.gzklq0kj.workers.dev api.rename-service0.workers.dev imgs.rename-service0.workers.dev |
565 KB |
1 |
gstatic.com
fonts.gstatic.com |
12 KB |
1 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 1211 |
30 KB |
20 | 3 |
Domain | Requested by | |
---|---|---|
13 | api.rename-service0.workers.dev |
voice-chat-e42b.gzklq0kj.workers.dev
api.rename-service0.workers.dev |
2 | voice-chat-e42b.gzklq0kj.workers.dev |
voice-chat-e42b.gzklq0kj.workers.dev
|
1 | imgs.rename-service0.workers.dev | |
1 | fonts.gstatic.com |
api.rename-service0.workers.dev
|
1 | code.jquery.com |
voice-chat-e42b.gzklq0kj.workers.dev
|
20 | 5 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.ourtime.com |
www.match.com |
www.matchmediagroup.com |
www.chemistry.com |
www.blackpeoplemeet.com |
www.bbpeoplemeet.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
gzklq0kj.workers.dev WE1 |
2024-06-12 - 2024-09-10 |
3 months | crt.sh |
*.jquery.com Sectigo ECC Domain Validation Secure Server CA |
2024-06-25 - 2025-06-25 |
a year | crt.sh |
rename-service0.workers.dev GTS CA 1P5 |
2024-06-04 - 2024-09-02 |
3 months | crt.sh |
*.gstatic.com WR2 |
2024-07-30 - 2024-10-22 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://voice-chat-e42b.gzklq0kj.workers.dev/
Frame ID: EBA77E1CF6E6F6D8732B7B35A964FD03
Requests: 20 HTTP requests in this frame
Screenshot
![](/screenshots/ba5ee397-1b14-4d8a-88ea-fc3414dc5e62.png)
Page Title
OurTime.com - The 50+ Single NetworkDetected technologies
Detected patterns
- moment(?:\.min)?\.js
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Detected patterns
- jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?
Page Statistics
8 Outgoing links
These are links going to different origins than the main page.
Title: home
Search URL Search Domain Scan URL
Title: billing
Search URL Search Domain Scan URL
Title: careers
Search URL Search Domain Scan URL
Title: advertise with us
Search URL Search Domain Scan URL
Title: Match.com
Search URL Search Domain Scan URL
Title: Chemistry.com
Search URL Search Domain Scan URL
Title: Black Singles
Search URL Search Domain Scan URL
Title: Big and Beautiful
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
20 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H3 |
Primary Request
/
voice-chat-e42b.gzklq0kj.workers.dev/ |
1006 KB 497 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.4.1.min.js
code.jquery.com/ |
86 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET BLOB |
a258374e-3183-40f1-bbe9-4f47c6274c73
https://voice-chat-e42b.gzklq0kj.workers.dev/ |
754 KB 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
favicon.ico
voice-chat-e42b.gzklq0kj.workers.dev/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
css
api.rename-service0.workers.dev/ |
7 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
css
api.rename-service0.workers.dev/ |
7 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
css
api.rename-service0.workers.dev/ |
7 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
css
api.rename-service0.workers.dev/ |
7 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
font-1.2.css
api.rename-service0.workers.dev/ |
2 KB 778 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
redesign_fonts.css
api.rename-service0.workers.dev/ |
5 KB 966 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
base_external.css
api.rename-service0.workers.dev/ |
30 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
166.css
api.rename-service0.workers.dev/ |
428 B 731 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
theme.css
api.rename-service0.workers.dev/ |
37 KB 8 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
jquery-3.5.1.min.js
api.rename-service0.workers.dev/ |
87 KB 32 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
jquery-migrate-3.3.1.min.js
api.rename-service0.workers.dev/ |
11 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
moment.min.js
api.rename-service0.workers.dev/ |
18 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
heagregauwe.png
api.rename-service0.workers.dev/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
PTSans-Regular.ttf
api.rename-service0.workers.dev/PTSans/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jizaRExUiTo99u79D0KExcOPIDU.woff2
fonts.gstatic.com/s/ptsans/v16/ |
11 KB 12 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
782yfuiha4398.ico
imgs.rename-service0.workers.dev/ |
1 KB 870 B |
Other
image/vnd.microsoft.icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- voice-chat-e42b.gzklq0kj.workers.dev
- URL
- https://voice-chat-e42b.gzklq0kj.workers.dev/favicon.ico
- Domain
- api.rename-service0.workers.dev
- URL
- https://api.rename-service0.workers.dev/PTSans/PTSans-Regular.ttf
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Ourtime.com (Online)14 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
string| s string| m string| _0xodl number| _0xodl_ object| _0x4434 function| _0x5621 function| jQuery function| $jq string| _0xodk number| _0xodk_ object| _0x5e8d function| _0x462f function| moment function| unlockPage0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
6 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=63072000 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
api.rename-service0.workers.dev
code.jquery.com
fonts.gstatic.com
imgs.rename-service0.workers.dev
voice-chat-e42b.gzklq0kj.workers.dev
api.rename-service0.workers.dev
voice-chat-e42b.gzklq0kj.workers.dev
172.67.209.83
172.67.216.190
2a00:1450:4001:80b::2003
2a04:4e42:600::649
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
0c98d3a9b8c08a5813b773e49994d1ada4cb43a72f655c71b8efa33dbacc3f60
1ce74486e1edf5e3a7f3d0235aff5fd17b7fa0c7832648ab170a516bb1b804a8
219cf19c5e6c612ba689a3e788d58e5387d8764aa4112402a7a39c432e3eb52e
2cdc08c78d317a7163dcdd852e85319c477d5272897a250d28e562f699f9d6e4
3ca433acb452f6a2c1459ce7f85b17da882d347b13990a275d55e2b15130116d
5a52005e60e92f39a0744fe733d45496ad3769634edbbbc74df1267f9639f522
7248b8c4a08b8a45d4add928a459a98f12d61c02f5a7886f14bec7084e8ffdcb
891410621746b2ff6d1e4830eb0d819521c9b01e9e213257fcd4d2f554ff1a61
90a8d6a27a26f746b4b263102f4fe120e956d99e3789325aafc7d6b7ca0ff0e4
92023afd6feb8f5fe2ab0b2622ddae9e26d5027996df15fe0b33714c7f3dba37
cc15754d44e7ee5a41927be3ef6b902cae28014d57ae6f591eb576f221bd237c
ce2de9e0f154af31f981ac4ad378b870b9821f597ff40949fa5f84de06dcd4f7
eb39af57479f04518b464a917a20921f9f25739ec733cba0e5f1d5b7315a4a57
f36844906ad2309877aae3121b87fb15b9e09803cb4c333adc7e1e35ac92e14b