dating-safe-now.com
Open in
urlscan Pro
80.209.240.64
Malicious Activity!
Public Scan
Effective URL: https://dating-safe-now.com/?final=1&cid=1587185754549
Submission: On April 18 via manual from US
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on April 17th 2020. Valid for: 3 months.
This is the only time dating-safe-now.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Tinder (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 14 | 80.209.240.64 80.209.240.64 | 395839 (HOSTKEY-USA) (HOSTKEY-USA) | |
1 | 2a00:1450:400... 2a00:1450:4001:80b::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:4001:814::2008 | 15169 (GOOGLE) (GOOGLE) | |
1 1 | 208.73.160.53 208.73.160.53 | 46378 (FSX-350) (FSX-350) | |
1 | 104.31.65.128 104.31.65.128 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 2a00:1450:400... 2a00:1450:4001:815::2003 | 15169 (GOOGLE) (GOOGLE) | |
1 | 2001:4860:480... 2001:4860:4802:36::15 | 15169 (GOOGLE) (GOOGLE) | |
2 | 2a00:1450:400... 2a00:1450:4001:817::200e | 15169 (GOOGLE) (GOOGLE) | |
20 | 7 |
ASN395839 (HOSTKEY-USA, US)
safe-online-check.com | |
dating-safe-now.com |
ASN15169 (GOOGLE, US)
www.googletagmanager.com |
ASN15169 (GOOGLE, US)
www.google-analytics.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
13 |
dating-safe-now.com
1 redirects
dating-safe-now.com |
310 KB |
2 |
google-analytics.com
www.google-analytics.com |
18 KB |
2 |
gstatic.com
fonts.gstatic.com |
34 KB |
1 |
geo-targetly.com
geo-targetly.com |
183 B |
1 |
rhsfty.com
rhsfty.com |
|
1 |
registersafely.com
1 redirects
033120a.registersafely.com |
593 B |
1 |
googletagmanager.com
www.googletagmanager.com |
29 KB |
1 |
googleapis.com
fonts.googleapis.com |
608 B |
1 |
safe-online-check.com
1 redirects
safe-online-check.com |
238 B |
20 | 9 |
Domain | Requested by | |
---|---|---|
13 | dating-safe-now.com |
1 redirects
dating-safe-now.com
|
2 | www.google-analytics.com |
www.googletagmanager.com
dating-safe-now.com |
2 | fonts.gstatic.com |
dating-safe-now.com
|
1 | geo-targetly.com |
dating-safe-now.com
|
1 | rhsfty.com |
dating-safe-now.com
|
1 | 033120a.registersafely.com | 1 redirects |
1 | www.googletagmanager.com |
dating-safe-now.com
|
1 | fonts.googleapis.com |
dating-safe-now.com
|
1 | safe-online-check.com | 1 redirects |
20 | 9 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
dating-safe-now.com Let's Encrypt Authority X3 |
2020-04-17 - 2020-07-16 |
3 months | crt.sh |
upload.video.google.com GTS CA 1O1 |
2020-04-01 - 2020-06-24 |
3 months | crt.sh |
*.google-analytics.com GTS CA 1O1 |
2020-04-01 - 2020-06-24 |
3 months | crt.sh |
sni.cloudflaressl.com CloudFlare Inc ECC CA-2 |
2020-02-05 - 2020-10-09 |
8 months | crt.sh |
*.gstatic.com GTS CA 1O1 |
2020-04-01 - 2020-06-24 |
3 months | crt.sh |
geo-targetly.com GTS CA 1D2 |
2020-03-03 - 2020-06-01 |
3 months | crt.sh |
This page contains 2 frames:
Primary Page:
https://dating-safe-now.com/?final=1&cid=1587185754549
Frame ID: C619127D84B6B0E3D746F9844441E752
Requests: 19 HTTP requests in this frame
Frame:
https://rhsfty.com/newuser/?ofid=71&a_aid=033120A&a_bid=c4539e94&x_clickid=1587185754549&sitekey=2ac3d37350e83b7e&ts=1587185756&tsc=3a9be3e9695256ee4f00cfa26c3a785f&rtr=1
Frame ID: B943D1B2E052FB50CD8AFA9883A4A4A9
Requests: 1 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://safe-online-check.com/
HTTP 302
https://dating-safe-now.com/?final=1&cid=1587185754549 Page URL
Detected technologies
Windows Server (Operating Systems) ExpandDetected patterns
- headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i
IIS (Web Servers) Expand
Detected patterns
- headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i
Google Analytics (Analytics) Expand
Detected patterns
- script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i
Google Font API (Font Scripts) Expand
Detected patterns
- html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://safe-online-check.com/
HTTP 302
https://dating-safe-now.com/?final=1&cid=1587185754549 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 13- https://dating-safe-now.com/?i=1&c=1587185754549 HTTP 302
- https://033120a.registersafely.com/routes/033120A/?ofid=71&a_aid=033120A&a_bid=c4539e94&x_clickid=1587185754549 HTTP 302
- https://rhsfty.com/newuser/?ofid=71&a_aid=033120A&a_bid=c4539e94&x_clickid=1587185754549&sitekey=2ac3d37350e83b7e&ts=1587185756&tsc=3a9be3e9695256ee4f00cfa26c3a785f&rtr=1
20 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
dating-safe-now.com/ Redirect Chain
|
7 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
3 KB 608 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
css.css
dating-safe-now.com/files/ |
3 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
normalize.css
dating-safe-now.com/files/ |
8 KB 8 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
skeleton.css
dating-safe-now.com/files/ |
11 KB 11 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style.css
dating-safe-now.com/files/ |
11 KB 11 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
79 KB 29 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logotin.png
dating-safe-now.com/files/ |
16 KB 16 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logosdf1.png
dating-safe-now.com/files/ |
17 KB 17 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
1.jpg
dating-safe-now.com/files/ |
56 KB 56 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
2.jpg
dating-safe-now.com/files/ |
59 KB 59 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
3.jpg
dating-safe-now.com/files/ |
57 KB 58 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
4.jpg
dating-safe-now.com/files/ |
56 KB 56 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
as-seen-on.gif
dating-safe-now.com/files/ |
8 KB 8 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
rhsfty.com/newuser/ Frame B943 Redirect Chain
|
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
2-c49IRs1JiJN1FRAMjTN5zd9vgsFH1eYCDE0hY.woff2
fonts.gstatic.com/s/merriweathersans/v11/ |
17 KB 17 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
2-c49IRs1JiJN1FRAMjTN5zd9vgsFH1OZyDE0hY.woff2
fonts.gstatic.com/s/merriweathersans/v11/ |
17 KB 17 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
geolocation
geo-targetly.com/ |
0 183 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytics.js
www.google-analytics.com/ |
44 KB 18 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
collect
www.google-analytics.com/r/ |
35 B 111 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Tinder (Online)14 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate number| x function| i1 function| geotargetly_loaded function| gtag object| dataLayer object| google_tag_manager string| GoogleAnalyticsObject function| ga object| google_tag_data object| gaplugins object| gaGlobal object| gaData6 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.rhsfty.com/ | Name: __utmb Value: 69496403.1.10.1587185759 |
|
.rhsfty.com/ | Name: __utmz Value: 69496403.1587185759.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none) |
|
.rhsfty.com/ | Name: __utmt Value: 1 |
|
.rhsfty.com/ | Name: __utmc Value: 69496403 |
|
.rhsfty.com/ | Name: __utma Value: 69496403.564678660.1587185759.1587185759.1587185759.1 |
|
rhsfty.com/ | Name: PHPSESSID Value: 9cd06e0787d471c9854364485a2a4cda |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
033120a.registersafely.com
dating-safe-now.com
fonts.googleapis.com
fonts.gstatic.com
geo-targetly.com
rhsfty.com
safe-online-check.com
www.google-analytics.com
www.googletagmanager.com
104.31.65.128
2001:4860:4802:36::15
208.73.160.53
2a00:1450:4001:80b::200a
2a00:1450:4001:814::2008
2a00:1450:4001:815::2003
2a00:1450:4001:817::200e
80.209.240.64
0dcd7519b784407ae1cf03796947aa8153479d20d5e491f494e8c4fc2c9c653c
10207d6db44e2c69bcc0ea046c77074719478331aa6290ed3538034f20f3d308
13f7c627d4631572c6280b9039689ee90a8bca6204032f329e29542ff1f197fe
14453c2d5f06169480e044220f8bd8c417825d5ff28b77131eb0a57c6aaf0678
2fb2154f95c33cb8c502116ea9c82cdb1257363ecd8b8df3334f08b12ef73eb3
4150067bfef938c27940de3a696043a248b06a1abd233f3bc5f33074d6b6c224
495a2362300407ebae71183c0102756143cf8907df10f195a741863333541cb8
4c6c6921d3c2ed4a2e126b4c9233f1e94fb04c99913b3e996094f54b4cb0f380
62a30bb5d36a28d785a545fe132eec2e9b965693c165ea7cf1b6529772f3a4a0
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8e223cc1c0b5d03c2ea02dcb46cbd4a6e6efcb1c1b255654e15ce01b8f21dac2
93e423784683b1315f0db664986cd63121a4ab5276574641d50023a621df7a3a
9c9b171fba2be81f4ed74fc5e89c2817cac5ffdea864431f8beeec85cdfb5beb
c31b03e319fbe323c72c6dff157e135939934ab607f87c8fe2ef7d79e079bf9d
c6a51b4309f82f6c242a5119bd5a26673851156e245a4423e815d7725deaf1f5
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ea652c5b946af5146502338ed3c6777e8db153590e39d5b9b62b3300cf2f5995
eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d
f4d7e8250f8f124f8b7d087e5e260766a34b079fddc43e7b20d8c18ca1e92e51