tinderxn.com Open in urlscan Pro
198.54.120.180 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://safetygirl.site/
Effective URL:
https://tinderxn.com/
Submission: On March 09 via api (March 9th 2020, 5:22:31 am UTC) from DE

Summary HTTP 14 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 7 domains to perform 14 HTTP transactions. The main IP is 198.54.120.180, located in Los Angeles, United States and belongs to NAMECHEAP-NET, US. The main domain is tinderxn.com.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on December 3rd 2019. Valid for: a year.

This is the only time tinderxn.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Tinder (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 1	192.64.119.48 192.64.119.48	22612 (NAMECHEAP...) (NAMECHEAP-NET)
10	198.54.120.180 198.54.120.180	22612 (NAMECHEAP...) (NAMECHEAP-NET)
1	2a00:1450:400... 2a00:1450:4001:816::200a	15169 (GOOGLE) (GOOGLE)
1 1	2a00:1450:400... 2a00:1450:4001:815::2013	15169 (GOOGLE) (GOOGLE)
1 2	104.17.130.50 104.17.130.50	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:800::2003	15169 (GOOGLE) (GOOGLE)
14	4

1 192.64.119.48 (Los Angeles, United States) 1 redirects

ASN22612 (NAMECHEAP-NET, US)

safetygirl.site	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 198.54.120.180 (Los Angeles, United States)

ASN22612 (NAMECHEAP-NET, US)
PTR: premium57-5.web-hosting.com

tinderxn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:816::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:815::2013 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.trackdemclicks.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.17.130.50 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www.linktrking.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
secure-joinentry.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:800::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	tinderxn.com tinderxn.com	326 KB
2	gstatic.com fonts.gstatic.com	23 KB
1	secure-joinentry.com secure-joinentry.com
1	linktrking.com 1 redirects www.linktrking.com	493 B
1	trackdemclicks.com 1 redirects www.trackdemclicks.com	779 B
1	googleapis.com fonts.googleapis.com	608 B
1	safetygirl.site 1 redirects safetygirl.site	227 B
14	7

	Domain	Requested by
10	tinderxn.com	tinderxn.com
2	fonts.gstatic.com	tinderxn.com
1	secure-joinentry.com	tinderxn.com
1	www.linktrking.com	1 redirects
1	www.trackdemclicks.com	1 redirects
1	fonts.googleapis.com	tinderxn.com
1	safetygirl.site	1 redirects
14	7

This site contains no links.

Subject Issuer	Validity	Valid
tinderxn.com Sectigo RSA Domain Validation Secure Server CA	`2019-12-03` - `2020-12-02`	a year	crt.sh
*.storage.googleapis.com GTS CA 1O1	`2020-02-12` - `2020-05-06`	3 months	crt.sh
secure-joinentry.com CloudFlare Inc ECC CA-2	`2020-01-14` - `2020-10-09`	9 months	crt.sh
*.google.com GTS CA 1O1	`2020-02-12` - `2020-05-06`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://tinderxn.com/
Frame ID: F8FADC691FD4D0D88A6CA416991FBEE1
Requests: 13 HTTP requests in this frame

Frame: https://secure-joinentry.com/join.php?act=vip59676.46304-4609323.444518.a5a1263d62e7c72d0cba565211c31212&tl_id=1&siteid=elx_camsex&tnum=9237&ci_j2_ccn=c284&custom=y&m2d40905
Frame ID: E46C400F2E08DA5C4BF2B6980A4A50EC
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://safetygirl.site/ HTTP 302
https://tinderxn.com/ Page URL

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Page Statistics

14
Requests

100 %
HTTPS

50 %
IPv6

7
Domains

7
Subdomains

4
IPs

2
Countries

350 kB
Transfer

377 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://safetygirl.site/ HTTP 302
https://tinderxn.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 10

https://www.trackdemclicks.com/tracking/click/?sid=TNEW&mt=444518&ofid=140 HTTP 302
https://www.linktrking.com/ep.php/cs4me1a:44729/59676:444518.a5a1263d62e7c72d0cba565211c31212 HTTP 302
https://secure-joinentry.com/join.php?act=vip59676.46304-4609323.444518.a5a1263d62e7c72d0cba565211c31212&tl_id=1&siteid=elx_camsex&tnum=9237&ci_j2_ccn=c284&custom=y&m2d40905

14 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
tinderxn.com/
Redirect Chain

http://safetygirl.site/
https://tinderxn.com/

5 KB
2 KB

550ms
202ms

Document
text/html

198.54.120.180
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://tinderxn.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 198.54.120.180 Los Angeles, United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: premium57-5.web-hosting.com
Software: Apache /
Resource Hash: b0cb9ae7944ea39aa6f23f501e6dd496e0ca3260f886a4829049464c89f6ec74

Request headers

:method: GET
:authority: tinderxn.com
:scheme: https
:path: /
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 200
date: Mon, 09 Mar 2020 05:22:14 GMT
server: Apache
last-modified: Thu, 05 Mar 2020 17:05:32 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 1936
content-type: text/html

Redirect headers

Server: nginx
Date: Mon, 09 Mar 2020 05:22:13 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 44
Connection: keep-alive
Location: https://tinderxn.com/
X-Served-By: Namecheap URL Forward

GET
H2 200 css
fonts.googleapis.com/ 3 KB
608 B 16ms
14ms Stylesheet
text/css 2a00:1450:4001:816::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Merriweather+Sans:400,300,700

Requested by

Host: tinderxn.com
URL: https://tinderxn.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

93e423784683b1315f0db664986cd63121a4ab5276574641d50023a621df7a3a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://tinderxn.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 09 Mar 2020 05:22:14 GMT
server: ESF
date: Mon, 09 Mar 2020 05:22:14 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 09 Mar 2020 05:22:14 GMT

GET
H2 200 normalize.css
tinderxn.com/css/ 8 KB
3 KB 1454ms
1452ms Stylesheet
text/css 198.54.120.180
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://tinderxn.com/css/normalize.css
Requested by: Host: tinderxn.com
URL: https://tinderxn.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 198.54.120.180 Los Angeles, United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: premium57-5.web-hosting.com
Software: Apache /
Resource Hash: 055395b01212455e2e3cf174208947ef347110b0a0d8710f097237698d8eee2b

Request headers

Referer: https://tinderxn.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

date: Mon, 09 Mar 2020 05:22:14 GMT
content-encoding: gzip
last-modified: Wed, 04 Dec 2019 07:22:52 GMT
server: Apache
vary: Accept-Encoding
content-type: text/css
status: 200
accept-ranges: bytes
content-length: 2621

GET
H2 200 skeleton.css
tinderxn.com/css/ 12 KB
3 KB 581ms
579ms Stylesheet
text/css 198.54.120.180
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://tinderxn.com/css/skeleton.css
Requested by: Host: tinderxn.com
URL: https://tinderxn.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 198.54.120.180 Los Angeles, United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: premium57-5.web-hosting.com
Software: Apache /
Resource Hash: 146ca30e79339708e76fa0f2fa4bc60015b98c2296e19c3393a68c355fcaf72c

Request headers

Referer: https://tinderxn.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

date: Mon, 09 Mar 2020 05:22:14 GMT
content-encoding: gzip
last-modified: Wed, 04 Dec 2019 07:22:52 GMT
server: Apache
vary: Accept-Encoding
content-type: text/css
status: 200
accept-ranges: bytes
content-length: 2743

GET
H2 200 style.css
tinderxn.com/css/ 11 KB
3 KB 581ms
579ms Stylesheet
text/css 198.54.120.180
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://tinderxn.com/css/style.css
Requested by: Host: tinderxn.com
URL: https://tinderxn.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 198.54.120.180 Los Angeles, United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: premium57-5.web-hosting.com
Software: Apache /
Resource Hash: 2911de3c20ebdd535d1ddc0b1a83e93692c1cf68499e0031c3e33e7c4ddcc8a0

Request headers

Referer: https://tinderxn.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

date: Mon, 09 Mar 2020 05:22:14 GMT
content-encoding: gzip
last-modified: Wed, 04 Dec 2019 07:22:52 GMT
server: Apache
vary: Accept-Encoding
content-type: text/css
status: 200
accept-ranges: bytes
content-length: 2813

GET
H2 200 logotin.png
tinderxn.com/images/ 10 KB
10 KB 715ms
713ms Image
image/png 198.54.120.180
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tinderxn.com/images/logotin.png
Requested by: Host: tinderxn.com
URL: https://tinderxn.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 198.54.120.180 Los Angeles, United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: premium57-5.web-hosting.com
Software: Apache /
Resource Hash: d2f4c83889e1345a78f9fac09062c5971e7eb7a5751a88774b727f5cf55d15a6

Request headers

Referer: https://tinderxn.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

status: 200
date: Mon, 09 Mar 2020 05:22:14 GMT
last-modified: Wed, 04 Dec 2019 07:22:52 GMT
server: Apache
accept-ranges: bytes
content-length: 9838
content-type: image/png

GET
H2 200 error-button.png
tinderxn.com/images/ 9 KB
9 KB 715ms
714ms Image
image/png 198.54.120.180
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tinderxn.com/images/error-button.png
Requested by: Host: tinderxn.com
URL: https://tinderxn.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 198.54.120.180 Los Angeles, United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: premium57-5.web-hosting.com
Software: Apache /
Resource Hash: d3d63b7935a380583eff779be162760e9773c3d83d63fd81e0449aea76e794c8

Request headers

Referer: https://tinderxn.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

status: 200
date: Mon, 09 Mar 2020 05:22:14 GMT
last-modified: Wed, 04 Dec 2019 07:22:52 GMT
server: Apache
accept-ranges: bytes
content-length: 8990
content-type: image/png

GET
H2 200 1.jpg
tinderxn.com/images/ 145 KB
145 KB 849ms
848ms Image
image/jpeg 198.54.120.180
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tinderxn.com/images/1.jpg
Requested by: Host: tinderxn.com
URL: https://tinderxn.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 198.54.120.180 Los Angeles, United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: premium57-5.web-hosting.com
Software: Apache /
Resource Hash: 22ae83a14f9649674482b4402a0a7fe84739e19e887c0222004a0a92c4eef351

Request headers

Referer: https://tinderxn.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

status: 200
date: Mon, 09 Mar 2020 05:22:14 GMT
last-modified: Wed, 04 Dec 2019 07:22:52 GMT
server: Apache
accept-ranges: bytes
content-length: 148036
content-type: image/jpeg

GET
H2 200 2.jpg
tinderxn.com/images/ 84 KB
85 KB 1268ms
1267ms Image
image/jpeg 198.54.120.180
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tinderxn.com/images/2.jpg
Requested by: Host: tinderxn.com
URL: https://tinderxn.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 198.54.120.180 Los Angeles, United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: premium57-5.web-hosting.com
Software: Apache /
Resource Hash: 6f3ce69c8a74d80db6ac9ca2acbd936bb298d2c754dd9d722a3eabd4598c0ccd

Request headers

Referer: https://tinderxn.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

status: 200
date: Mon, 09 Mar 2020 05:22:14 GMT
last-modified: Wed, 04 Dec 2019 07:22:52 GMT
server: Apache
accept-ranges: bytes
content-length: 86469
content-type: image/jpeg

GET
H2 200 3.jpg
tinderxn.com/images/ 60 KB
60 KB 300ms
298ms Image
image/jpeg 198.54.120.180
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tinderxn.com/images/3.jpg
Requested by: Host: tinderxn.com
URL: https://tinderxn.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 198.54.120.180 Los Angeles, United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: premium57-5.web-hosting.com
Software: Apache /
Resource Hash: 09c2e21a4c831212ce57e09ac60cf9178e4a296cdc99dcf110898441a3dc0624

Request headers

Referer: https://tinderxn.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

status: 200
date: Mon, 09 Mar 2020 05:22:14 GMT
last-modified: Wed, 04 Dec 2019 07:22:52 GMT
server: Apache
accept-ranges: bytes
content-length: 61671
content-type: image/jpeg

GET
H2 200 as-seen-on.gif
tinderxn.com/images/ 8 KB
8 KB 1454ms
1452ms Image
image/gif 198.54.120.180
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tinderxn.com/images/as-seen-on.gif
Requested by: Host: tinderxn.com
URL: https://tinderxn.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 198.54.120.180 Los Angeles, United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: premium57-5.web-hosting.com
Software: Apache /
Resource Hash: 8e223cc1c0b5d03c2ea02dcb46cbd4a6e6efcb1c1b255654e15ce01b8f21dac2

Request headers

Referer: https://tinderxn.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

status: 200
date: Mon, 09 Mar 2020 05:22:14 GMT
last-modified: Wed, 04 Dec 2019 07:22:52 GMT
server: Apache
accept-ranges: bytes
content-length: 7730
content-type: image/gif

GET
H2

200

join.php
secure-joinentry.com/ Frame E46C
Redirect Chain

https://www.trackdemclicks.com/tracking/click/?sid=TNEW&mt=444518&ofid=140
https://www.linktrking.com/ep.php/cs4me1a:44729/59676:444518.a5a1263d62e7c72d0cba565211c31212
https://secure-joinentry.com/join.php?act=vip59676.46304-4609323.444518.a5a1263d62e7c72d0cba565211c31212&tl_id=1&siteid=elx_camsex&tnum=9237&ci_j2_ccn=c284&custom=y&m2d40905

0
0

279ms
231ms

Document
text/html

104.17.130.50
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://secure-joinentry.com/join.php?act=vip59676.46304-4609323.444518.a5a1263d62e7c72d0cba565211c31212&tl_id=1&siteid=elx_camsex&tnum=9237&ci_j2_ccn=c284&custom=y&m2d40905
Requested by: Host: tinderxn.com
URL: https://tinderxn.com/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.17.130.50 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

:method: GET
:authority: secure-joinentry.com
:scheme: https
:path: /join.php?act=vip59676.46304-4609323.444518.a5a1263d62e7c72d0cba565211c31212&tl_id=1&siteid=elx_camsex&tnum=9237&ci_j2_ccn=c284&custom=y&m2d40905
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://tinderxn.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://tinderxn.com/

Response headers

status: 200
date: Mon, 09 Mar 2020 05:22:15 GMT
content-type: text/html; charset=UTF-8
content-length: 5177
set-cookie: __cfduid=dbec74c5e534bf1839acd5837847c35711583731335; expires=Wed, 08-Apr-20 05:22:15 GMT; path=/; domain=.secure-joinentry.com; HttpOnly; SameSite=Lax EAWSESSION=ffffffff09662c7645525d5f4f58455e445a4a423660;expires=Mon, 09-Mar-2020 06:43:43 GMT;path=/;secure;httponly
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 57125b709de7f3e3-LHR

Redirect headers

status: 302
date: Mon, 09 Mar 2020 05:22:15 GMT
content-type: text/html; charset=iso-8859-1
set-cookie: __cfduid=d94b52effeea3dd8646d42c0ec5dd7c5f1583731335; expires=Wed, 08-Apr-20 05:22:15 GMT; path=/; domain=.www.linktrking.com; HttpOnly; SameSite=Lax vip_id=59676.46304-4609323; expires=Thu, 12-Mar-2020 05:22:15 GMT; Max-Age=259200; path=/
location: https://secure-joinentry.com/join.php?act=vip59676.46304-4609323.444518.a5a1263d62e7c72d0cba565211c31212&tl_id=1&siteid=elx_camsex&tnum=9237&ci_j2_ccn=c284&custom=y&m2d40905
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 57125b6f0f73ce5f-LHR

GET
H2 200 2-c49IRs1JiJN1FRAMjTN5zd9vgsFH1eYCDE0hZ0z5qZ.woff2
fonts.gstatic.com/s/merriweathersans/v11/ 12 KB
12 KB 6ms
5ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/merriweathersans/v11/2-c49IRs1JiJN1FRAMjTN5zd9vgsFH1eYCDE0hZ0z5qZ.woff2

Requested by

Host: tinderxn.com
URL: https://tinderxn.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

705214a33f7f72fe3e6a4c850a460d856acb9bc2e74bd9679139299e3d71eabc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/css?family=Merriweather+Sans:400,300,700
Origin: https://tinderxn.com
Sec-Fetch-Dest: font
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 22 Jan 2020 05:49:16 GMT
x-content-type-options: nosniff
last-modified: Tue, 16 Jul 2019 23:51:17 GMT
server: sffe
age: 4059180
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 11844
x-xss-protection: 0
expires: Thu, 21 Jan 2021 05:49:16 GMT

GET
H2 200 2-c49IRs1JiJN1FRAMjTN5zd9vgsFH1OZyDE0hZ0z5qZ.woff2
fonts.gstatic.com/s/merriweathersans/v11/ 11 KB
11 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/merriweathersans/v11/2-c49IRs1JiJN1FRAMjTN5zd9vgsFH1OZyDE0hZ0z5qZ.woff2

Requested by

Host: tinderxn.com
URL: https://tinderxn.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b282a8addc38e45f16f401cde8810e5f06a2fd6e48ae56372f2cba199cbd93fa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/css?family=Merriweather+Sans:400,300,700
Origin: https://tinderxn.com
Sec-Fetch-Dest: font
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 18 Jan 2020 01:20:32 GMT
x-content-type-options: nosniff
last-modified: Tue, 16 Jul 2019 23:51:54 GMT
server: sffe
age: 4420904
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 11544
x-xss-protection: 0
expires: Sun, 17 Jan 2021 01:20:32 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Tinder (Online)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| changeImage

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			secure-joinentry.com/	1970-01-19 07:55:36	Name: EAWSESSION Value: ffffffff09662c7645525d5f4f58455e445a4a423660

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.googleapis.com
fonts.gstatic.com
safetygirl.site
secure-joinentry.com
tinderxn.com
www.linktrking.com
www.trackdemclicks.com
104.17.130.50
192.64.119.48
198.54.120.180
2a00:1450:4001:800::2003
2a00:1450:4001:815::2013
2a00:1450:4001:816::200a
055395b01212455e2e3cf174208947ef347110b0a0d8710f097237698d8eee2b
09c2e21a4c831212ce57e09ac60cf9178e4a296cdc99dcf110898441a3dc0624
146ca30e79339708e76fa0f2fa4bc60015b98c2296e19c3393a68c355fcaf72c
22ae83a14f9649674482b4402a0a7fe84739e19e887c0222004a0a92c4eef351
2911de3c20ebdd535d1ddc0b1a83e93692c1cf68499e0031c3e33e7c4ddcc8a0
6f3ce69c8a74d80db6ac9ca2acbd936bb298d2c754dd9d722a3eabd4598c0ccd
705214a33f7f72fe3e6a4c850a460d856acb9bc2e74bd9679139299e3d71eabc
8e223cc1c0b5d03c2ea02dcb46cbd4a6e6efcb1c1b255654e15ce01b8f21dac2
93e423784683b1315f0db664986cd63121a4ab5276574641d50023a621df7a3a
b0cb9ae7944ea39aa6f23f501e6dd496e0ca3260f886a4829049464c89f6ec74
b282a8addc38e45f16f401cde8810e5f06a2fd6e48ae56372f2cba199cbd93fa
d2f4c83889e1345a78f9fac09062c5971e7eb7a5751a88774b727f5cf55d15a6
d3d63b7935a380583eff779be162760e9773c3d83d63fd81e0449aea76e794c8

tinderxn.com Open in urlscan Pro 198.54.120.180 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

14 Requests

100 %HTTPS

50 %IPv6

7 Domains

7 Subdomains

4 IPs

2 Countries

350 kBTransfer

377 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

1 Cookies

Indicators

tinderxn.com Open in urlscan Pro
198.54.120.180 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

100 %
HTTPS

50 %
IPv6

7
Domains

7
Subdomains

4
IPs

2
Countries

350 kB
Transfer

377 kB
Size

1
Cookies

14 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!