godatingsnow.com
Open in
urlscan Pro
79.110.24.155
Malicious Activity!
Public Scan
Effective URL: https://godatingsnow.com/?u=dykkaek&o=vbpp49r&t=1032494&cid=w3sj0bb29ono59cu1ibsare0
Submission: On April 15 via manual from US
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on April 2nd 2020. Valid for: 3 months.
This is the only time godatingsnow.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Scam (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 52.49.55.7 52.49.55.7 | 16509 (AMAZON-02) (AMAZON-02) | |
1 3 | 99.198.106.197 99.198.106.197 | 32475 (SINGLEHOP...) (SINGLEHOP-LLC) | |
1 1 | 212.32.250.31 212.32.250.31 | 60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands) | |
2 | 88.208.60.53 88.208.60.53 | 39572 (ADVANCEDH...) (ADVANCEDHOSTERS-AS) | |
1 | 2a02:b4a:1:7:... 2a02:b4a:1:7::9274:1 | 39572 (ADVANCEDH...) (ADVANCEDHOSTERS-AS) | |
1 1 | 138.68.123.185 138.68.123.185 | 14061 (DIGITALOC...) (DIGITALOCEAN-ASN) | |
1 1 | 35.159.5.116 35.159.5.116 | 16509 (AMAZON-02) (AMAZON-02) | |
12 | 79.110.24.155 79.110.24.155 | 209813 (FASTCONTENT) (FASTCONTENT) | |
1 | 2a00:1450:400... 2a00:1450:4001:821::200a | 15169 (GOOGLE) (GOOGLE) | |
2 | 2a00:1450:400... 2a00:1450:4001:820::2003 | 15169 (GOOGLE) (GOOGLE) | |
20 | 6 |
ASN16509 (AMAZON-02, US)
PTR: ec2-52-49-55-7.eu-west-1.compute.amazonaws.com
trk.anchtrk.com |
ASN32475 (SINGLEHOP-LLC, US)
PTR: server04.com-2.mobi
mont.anchtrk.com |
ASN16509 (AMAZON-02, US)
PTR: ec2-35-159-5-116.eu-central-1.compute.amazonaws.com
eardepth-prisists.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
12 |
godatingsnow.com
godatingsnow.com |
522 KB |
4 |
anchtrk.com
2 redirects
trk.anchtrk.com mont.anchtrk.com |
6 KB |
2 |
gstatic.com
fonts.gstatic.com |
28 KB |
2 |
rpket.pro
rpket.pro |
22 KB |
1 |
googleapis.com
fonts.googleapis.com |
2 KB |
1 |
eardepth-prisists.com
1 redirects
eardepth-prisists.com |
849 B |
1 |
alktr.com
1 redirects
alktr.com |
309 B |
1 |
nativesp.pro
nativesp.pro |
72 B |
1 |
rdtrck2.com
1 redirects
rdtrck2.com |
831 B |
20 | 9 |
Domain | Requested by | |
---|---|---|
12 | godatingsnow.com |
rpket.pro
godatingsnow.com |
3 | mont.anchtrk.com |
1 redirects
mont.anchtrk.com
|
2 | fonts.gstatic.com |
godatingsnow.com
|
2 | rpket.pro |
mont.anchtrk.com
rpket.pro |
1 | fonts.googleapis.com |
godatingsnow.com
|
1 | eardepth-prisists.com | 1 redirects |
1 | alktr.com | 1 redirects |
1 | nativesp.pro |
rpket.pro
|
1 | rdtrck2.com | 1 redirects |
1 | trk.anchtrk.com | 1 redirects |
20 | 10 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
mont.anchtrk.com Let's Encrypt Authority X3 |
2020-04-03 - 2020-07-02 |
3 months | crt.sh |
rpket.pro Let's Encrypt Authority X3 |
2020-02-19 - 2020-05-19 |
3 months | crt.sh |
nativesp.pro Sectigo RSA Domain Validation Secure Server CA |
2019-07-17 - 2020-07-16 |
a year | crt.sh |
godatingsnow.com Let's Encrypt Authority X3 |
2020-04-02 - 2020-07-01 |
3 months | crt.sh |
upload.video.google.com GTS CA 1O1 |
2020-03-24 - 2020-06-16 |
3 months | crt.sh |
*.gstatic.com GTS CA 1O1 |
2020-03-24 - 2020-06-16 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://godatingsnow.com/?u=dykkaek&o=vbpp49r&t=1032494&cid=w3sj0bb29ono59cu1ibsare0
Frame ID: 5841EF4DEF590004B839B1DA7A439011
Requests: 20 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://trk.anchtrk.com/aff_c?offer_id=443&aff_id=1168
HTTP 302
https://mont.anchtrk.com/?utm_medium=a6cdfb1814a36d78fe6cb7bf32ee12b660bada9d&utm_campaign=Global2 Page URL
- https://mont.anchtrk.com/?utm_term=6815997813273395440&clickverify=1&utm_content=e6c2c6dcd68fd49594fc... Page URL
-
https://mont.anchtrk.com/proc.php?027877dea829462e1c9cfd83638e646c24868350
HTTP 302
https://rdtrck2.com/5d5be16464fb8500013816c9?pid=15761-9e9276bz&partner_id=15761&ref_id=68159978... HTTP 302
https://rpket.pro/play?h=waWQiOjEwMzI0OTQsInNpZCI6MTAzNzczNiwid2lkIjo2ODgzMCwic3JjIjoyfQ==eyJ&... Page URL
-
https://alktr.com/tb?h=waWQiOjEwMzI0OTQsInNpZCI6MTAzNzczNiwid2lkIjo2ODgzMCwic3JjIjoyfQ==eyJ&cl...
HTTP 302
https://eardepth-prisists.com/6340d1d7-0f9a-48a5-ac30-859e51d97270?PartnerID=1032494&externalid=LQq_Cq8QiA... HTTP 302
https://godatingsnow.com/?u=dykkaek&o=vbpp49r&t=1032494&cid=w3sj0bb29ono59cu1ibsare0 Page URL
Detected technologies
Nginx (Web Servers) ExpandDetected patterns
- headers server /nginx(?:\/([\d.]+))?/i
animate.css (Web Frameworks) Expand
Detected patterns
- html /<link [^>]+(?:\/([\d.]+)\/)?animate\.(?:min\.)?css/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery[.-]([\d.]*\d)[^/]*\.js/i
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://trk.anchtrk.com/aff_c?offer_id=443&aff_id=1168
HTTP 302
https://mont.anchtrk.com/?utm_medium=a6cdfb1814a36d78fe6cb7bf32ee12b660bada9d&utm_campaign=Global2 Page URL
- https://mont.anchtrk.com/?utm_term=6815997813273395440&clickverify=1&utm_content=e6c2c6dcd68fd49594fc9695a6a795938a8bb8888c8f8cbdb2c6b0c4b6b78583babb88b8bcbfbc8dafb2b2b186b68485ab9b9899f2fef2f9e1f0f1e1f3bae4e78386899b97efddeda58c8f868a82c4ac9498d6f9cccbfccfc6f3f0f182858190cacbf9c9fff9fcfdc2f2f2f1f6c7c4c54d Page URL
-
https://mont.anchtrk.com/proc.php?027877dea829462e1c9cfd83638e646c24868350
HTTP 302
https://rdtrck2.com/5d5be16464fb8500013816c9?pid=15761-9e9276bz&partner_id=15761&ref_id=6815997813273395440&af=CH&subid4=desktopWIFI HTTP 302
https://rpket.pro/play?h=waWQiOjEwMzI0OTQsInNpZCI6MTAzNzczNiwid2lkIjo2ODgzMCwic3JjIjoyfQ==eyJ&clickid=5e9749e7bf507000017d1d2d&payout={payout}&si1=15761&si2=&rdtrckcbp=1586973159 Page URL
-
https://alktr.com/tb?h=waWQiOjEwMzI0OTQsInNpZCI6MTAzNzczNiwid2lkIjo2ODgzMCwic3JjIjoyfQ==eyJ&clickid=5e9749e7bf507000017d1d2d&payout={payout}&si1=15761&si2=&rdtrckcbp=1586973159
HTTP 302
https://eardepth-prisists.com/6340d1d7-0f9a-48a5-ac30-859e51d97270?PartnerID=1032494&externalid=LQq_Cq8QiA0Jd_jg HTTP 302
https://godatingsnow.com/?u=dykkaek&o=vbpp49r&t=1032494&cid=w3sj0bb29ono59cu1ibsare0 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://trk.anchtrk.com/aff_c?offer_id=443&aff_id=1168 HTTP 302
- https://mont.anchtrk.com/?utm_medium=a6cdfb1814a36d78fe6cb7bf32ee12b660bada9d&utm_campaign=Global2
- https://mont.anchtrk.com/proc.php?027877dea829462e1c9cfd83638e646c24868350 HTTP 302
- https://rdtrck2.com/5d5be16464fb8500013816c9?pid=15761-9e9276bz&partner_id=15761&ref_id=6815997813273395440&af=CH&subid4=desktopWIFI HTTP 302
- https://rpket.pro/play?h=waWQiOjEwMzI0OTQsInNpZCI6MTAzNzczNiwid2lkIjo2ODgzMCwic3JjIjoyfQ==eyJ&clickid=5e9749e7bf507000017d1d2d&payout={payout}&si1=15761&si2=&rdtrckcbp=1586973159
20 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
mont.anchtrk.com/ Redirect Chain
|
3 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
mont.anchtrk.com/ |
9 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
play
rpket.pro/ Redirect Chain
|
19 KB 11 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
rpe
nativesp.pro/ |
0 72 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
play.png
rpket.pro/images/play/ |
11 KB 11 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
Cookie set
/
godatingsnow.com/ Redirect Chain
|
7 KB 8 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
animate.min.css
godatingsnow.com/media/dating/toon2/css/ |
52 KB 52 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style.css
godatingsnow.com/media/dating/toon2/css/ |
8 KB 9 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
js.cookie.js
godatingsnow.com/cookie/ |
4 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
utils.js
godatingsnow.com/util/ |
7 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
123.jpg
godatingsnow.com/media/dating/toon2/images/ |
175 KB 175 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-2.2.4.min.js
godatingsnow.com/media/dating/toon2/js/ |
84 KB 84 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
trls.js
godatingsnow.com/media/dating/toon2/js/ |
28 KB 29 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bb.js
godatingsnow.com/media/ |
1 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
exit-popup.css
godatingsnow.com/media/exit-new/ |
3 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
exit1.js
godatingsnow.com/media/exit-new/ |
32 KB 33 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
36 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bg.jpg
godatingsnow.com/media/dating/toon2/images/ |
117 KB 117 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
S6u9w4BMUTPHh6UVSwiPGQ3q5d0.woff2
fonts.gstatic.com/s/lato/v16/ |
14 KB 14 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
S6uyw4BMUTPHjx4wXiWtFCc.woff2
fonts.gstatic.com/s/lato/v16/ |
14 KB 14 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Scam (Online)50 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| getSessionId number| exDays boolean| validNavigation function| wireUpEvents function| Cookies function| docReady function| getParameterByName function| hideUnsub function| languageDetection function| writeLocation object| geoRefData function| showLocation function| appendPixels function| getCookie function| addSessionId undefined| randomNumber function| $ function| jQuery object| translation string| language function| replace_text function| translation_available function| detect_language function| translate object| _0x1b1f function| _0x2cf4 boolean| PreventBb function| getUrlParameter function| getUrlWithParam string| popup_style string| popup_glow string| thePopup string| current_href boolean| PreventExitSplash object| alert_lang function| trans_available function| detect_lang string| lang string| exitsplashpage string| exitsplashmessage function| appendHtml function| DisplayExitSplash function| addLoadEvent function| addClickEvent object| a function| disablelinksfunc function| disableformsfunc object| x0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31536000; includeSubdomains; |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
alktr.com
eardepth-prisists.com
fonts.googleapis.com
fonts.gstatic.com
godatingsnow.com
mont.anchtrk.com
nativesp.pro
rdtrck2.com
rpket.pro
trk.anchtrk.com
138.68.123.185
212.32.250.31
2a00:1450:4001:820::2003
2a00:1450:4001:821::200a
2a02:b4a:1:7::9274:1
35.159.5.116
52.49.55.7
79.110.24.155
88.208.60.53
99.198.106.197
036d841b132c14046e26d8f2da1bc634c6ad34885ed1295660694a91c98933a6
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
1c7361fcec43aecb4c517914dde9ecbf1fe1aaa0969411a7a383391236f335f4
2c3346864e02a673b87222f6c977e9310ca970132f8c9fc69f1bdfb99d9caf5b
408885915473803c26419ec9081d1df03b88afbc52d44d4838ed57923dc3a1d2
49e444df8d1eb278bddad304cb37b542206a5300f991b44ca1189241ecabbc26
50e7e3899cc339df942a9878a25332dd763bbd46f43f1d4e123f1ba4e1808ece
52241435ea098334df976eb79d81f85f2ed55a18ca832a6a49b35845e5af53ec
5aa5a69b6cca81fde78fcfffa75e3a33fe55106185e05935e40ae7f4fe214214
6a9775cbb52671d3930a4a3a28b473ed78f7eafae3132271743975bb6e977986
71b3ccd070734cf41f0e6f5b75ad779985000aa62c90dd549bec10f3f9c9f1ee
8fe3fa119255adb5e0c12479331f9e092e85bcff56ab6ecc0510bfa2056b898d
985659942ab60a92b3c0a7f876d9ef60e8f048ff655a622a172fa4b44f901b6c
9baad10e85c5be8d5697086479983b6b477197103bf8f0f11817b1bdfb9a7451
b5eaefef0eb2427539cd7059a04802b9f9c4b98bc81de89d613ba28dca234b04
b63e6e57adc4e0a10eee845d513258e424b27a7985c510bb252d75eac63af861
e82092c7fd967bd71d35f2df789e50a4c1cae63ce391e2a7970195fef4a4fc45
f6113b1f6bdd279404fd53c920f6ba411b66a897db4c67e16d2129af22370a57
f61d61e21e118725699a14b9b85a45185b12fbfea3220818c5ea6f811d520f29