ofonlinemarket.com Open in urlscan Pro
2606:4700:3030::ac43:a327 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://storage.googleapis.com/c3643c275309ed66ab16/2923bf00c4935612ee12#amY1UjZYWm9oLzNMd1Q1ZHhqSGhVcnM2R2pxZDRsaDI0YU9Gc2pDak...
Effective URL:
https://ofonlinemarket.com/sweeps_new_2/index_2.php?device_name=Desktop&browser_name=Chrome&language=en-US&city=West%20Chic...
Submission: On May 30 via manual (May 30th 2023, 7:11:05 pm UTC) from US — Scanned from US

Summary HTTP 22 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 5 IPs in 2 countries across 6 domains to perform 22 HTTP transactions. The main IP is 2606:4700:3030::ac43:a327, located in and belongs to . The main domain is ofonlinemarket.com.
TLS certificate: Issued by GTS CA 1P5 on April 19th 2023. Valid for: 3 months.

This is the only time ofonlinemarket.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Community Verdicts: Malicious — 1 votes Show Verdicts

Domain & IP information

	IP Address	AS Autonomous System
1	2607:f8b0:402... 2607:f8b0:4020:806::2010	15169 (GOOGLE) (GOOGLE)
1 13	2606:4700:303... 2606:4700:3036::6815:48b9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2607:f8b0:402... 2607:f8b0:4020:807::200a	15169 (GOOGLE) (GOOGLE)
1	2606:4700:20:... 2606:4700:20::681a:7ad	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	34.95.111.143 34.95.111.143	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 1	2606:4700:303... 2606:4700:3031::ac43:8af2	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	2606:4700:303... 2606:4700:3030::ac43:a327	() ()
22	5

1 2607:f8b0:4020:806::2010 (Montreal, Canada)

ASN15169 (GOOGLE, US)

storage.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2606:4700:3036::6815:48b9 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

cdscdscsdc5632cdsc.brandigh.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4020:807::200a (Montreal, Canada)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::681a:7ad (United States)

ASN13335 (CLOUDFLARENET, US)

code.ionicframework.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.95.111.143 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 143.111.95.34.bc.googleusercontent.com

www.br2ghatrk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3031::ac43:8af2 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

bsttpl.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2606:4700:3030::ac43:a327 (None, )

ASN- ()

ofonlinemarket.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
13	brandigh.com 1 redirects cdscdscsdc5632cdsc.brandigh.com	151 KB
7	ofonlinemarket.com ofonlinemarket.com	15 KB
2	googleapis.com storage.googleapis.com — Cisco Umbrella Rank: 395 fonts.googleapis.com — Cisco Umbrella Rank: 35	1 KB
1	bsttpl.com 1 redirects bsttpl.com	1 KB
1	br2ghatrk.com 1 redirects www.br2ghatrk.com	481 B
1	ionicframework.com code.ionicframework.com — Cisco Umbrella Rank: 15056	9 KB
22	6

	Domain	Requested by
13	cdscdscsdc5632cdsc.brandigh.com	1 redirects storage.googleapis.com cdscdscsdc5632cdsc.brandigh.com
7	ofonlinemarket.com	cdscdscsdc5632cdsc.brandigh.com ofonlinemarket.com
1	bsttpl.com	1 redirects
1	www.br2ghatrk.com	1 redirects
1	code.ionicframework.com	cdscdscsdc5632cdsc.brandigh.com
1	fonts.googleapis.com	cdscdscsdc5632cdsc.brandigh.com
1	storage.googleapis.com
22	7

This site contains links to these domains. Also see Links.

Domain
www.cloudflare.com
support.cloudflare.com

Subject Issuer	Validity	Valid
storage.googleapis.com GTS CA 1C3	`2023-05-19` - `2023-08-11`	3 months	crt.sh
brandigh.com E1	`2023-05-24` - `2023-08-22`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-05-08` - `2023-07-31`	3 months	crt.sh
ionicframework.com Cloudflare Inc ECC CA-3	`2023-04-01` - `2024-03-31`	a year	crt.sh
ofonlinemarket.com GTS CA 1P5	`2023-04-19` - `2023-07-18`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://ofonlinemarket.com/sweeps_new_2/index_2.php?device_name=Desktop&browser_name=Chrome&language=en-US&city=West%20Chicago&clickid=9e711lpxrgx5mb60&campaign=4660&user_id=1&clickcost=0&lander=2010&time=1685455834&browser_version=113.0.5672.126&device_model=Desktop&device_brand=Desktop&resolution=desktop&os_name=Windows&os_version=10.0&country=United%20States&country_code=US&isp=Nexeon%20Technologies,%20Inc.&ip=2602:ffc8:1:1::4&user_agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/113.0.5672.126%20Safari/537.36&lpkey=16ff857c47e6413034&target=Unknown&device=DESKTOP&country=US&ts={t9}&trafficsource=136&uclick=lpxrgx5m&uclickhash=lpxrgx5m-lpxrgx5m-1zmy-myfe-ir7s-ydgh6o-ydghdz-955b44
Frame ID: 279702C83AF487E17F00C02AC2934E97
Requests: 22 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

ofonlinemarket.com | 522: Connection timed out

Page URL History Show full URLs

https://storage.googleapis.com/c3643c275309ed66ab16/2923bf00c4935612ee12 Page URL
https://cdscdscsdc5632cdsc.brandigh.com/ Page URL
https://cdscdscsdc5632cdsc.brandigh.com/amY1UjZYWm9oLzNMd1Q1ZHhqSGhVcnM2R2pxZDRsaDI0YU9Gc2pDak04OEJwSXhBQ1dDc3FsK1JZ... HTTP 302
https://www.br2ghatrk.com/4J58SX/2TZ4H1F/?sub1=9&sub2=81580_15&sub3=2505_41883_270562_3322259_md HTTP 302
https://bsttpl.com/click.php?key=sfbpp5psp4ptp1xhhk53&externalid=88acd3fdad4145208551fa60f05e84... HTTP 302
https://ofonlinemarket.com/sweeps_new_2/index_2.php?device_name=Desktop&browser_name=Chrome&language=en... Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Page Statistics

22
Requests

100 %
HTTPS

86 %
IPv6

6
Domains

7
Subdomains

5
IPs

2
Countries

175 kB
Transfer

427 kB
Size

4
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://www.cloudflare.com/5xx-error-landing?utm_source=errorcode_522&utm_campaign=ofonlinemarket.com
Title: cloudflare.com

Search URL Search Domain Scan URL

URL: https://support.cloudflare.com/hc/en-us/articles/200171906-Error-522
Title: Additional troubleshooting information here.

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://storage.googleapis.com/c3643c275309ed66ab16/2923bf00c4935612ee12 Page URL
https://cdscdscsdc5632cdsc.brandigh.com/ Page URL
https://cdscdscsdc5632cdsc.brandigh.com/amY1UjZYWm9oLzNMd1Q1ZHhqSGhVcnM2R2pxZDRsaDI0YU9Gc2pDak04OEJwSXhBQ1dDc3FsK1JZZWx4NXBnbmVjeDd3cGptL25Uakc3UGcxM3h1cmVPdjN4Ui9uWFBnM21BMlVoRWZWakx2K3o1cFFzMHh6WnZtY0FFWStWZGphMmdreEtTWDdDVEtybnVvSFBnQzdBPT0_ HTTP 302
https://www.br2ghatrk.com/4J58SX/2TZ4H1F/?sub1=9&sub2=81580_15&sub3=2505_41883_270562_3322259_md HTTP 302
https://bsttpl.com/click.php?key=sfbpp5psp4ptp1xhhk53&externalid=88acd3fdad4145208551fa60f05e84a8&target=&subid=78 HTTP 302
https://ofonlinemarket.com/sweeps_new_2/index_2.php?device_name=Desktop&browser_name=Chrome&language=en-US&city=West%20Chicago&clickid=9e711lpxrgx5mb60&campaign=4660&user_id=1&clickcost=0&lander=2010&time=1685455834&browser_version=113.0.5672.126&device_model=Desktop&device_brand=Desktop&resolution=desktop&os_name=Windows&os_version=10.0&country=United%20States&country_code=US&isp=Nexeon%20Technologies,%20Inc.&ip=2602:ffc8:1:1::4&user_agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/113.0.5672.126%20Safari/537.36&lpkey=16ff857c47e6413034&target=Unknown&device=DESKTOP&country=US&ts={t9}&trafficsource=136&uclick=lpxrgx5m&uclickhash=lpxrgx5m-lpxrgx5m-1zmy-myfe-ir7s-ydgh6o-ydghdz-955b44 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

22 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 2923bf00c4935612ee12
storage.googleapis.com/c3643c275309ed66ab16/ 120 B
608 B 160ms
49ms Document
text/html 2607:f8b0:4020:806::2010
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://storage.googleapis.com/c3643c275309ed66ab16/2923bf00c4935612ee12
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4020:806::2010 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software: UploadServer /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
age: 188
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-length: 120
content-type: text/html
date: Tue, 30 May 2023 19:07:24 GMT
etag: "cee49c92c8f922032d1862c929755668"
expires: Tue, 30 May 2023 20:07:24 GMT
last-modified: Tue, 30 May 2023 15:56:58 GMT
server: UploadServer
x-goog-generation: 1685462218317724
x-goog-hash: crc32c=BWs6rQ== md5=zuScksj5IgMtGGLJKXVWaA==
x-goog-metageneration: 2
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 120
x-guploader-uploadid: ADPycds3Y_kmZoE3H7nnlmJ9z6QTqjtremK1wSEQ8z74p9dO1Z2-YJaKvoU4fr20-p3tBzEtd2ZhYOkRA70V-HdvZ3rcQHjKozf0

GET
H2 200 /
cdscdscsdc5632cdsc.brandigh.com/ 16 KB
3 KB 374ms
280ms Document
text/html 2606:4700:3036::6815:48b9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdscdscsdc5632cdsc.brandigh.com/
Requested by: Host: storage.googleapis.com
URL: https://storage.googleapis.com/c3643c275309ed66ab16/2923bf00c4935612ee12
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::6815:48b9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.1.33
Resource Hash

Request headers

Referer: https://storage.googleapis.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 7cf9471c8b256332-ORD
content-encoding: br
content-type: text/html; charset=UTF-8
date: Tue, 30 May 2023 19:10:32 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9jRnqUwi%2BgJ8j1wJATsitRR2zDNk8pfvaWyfM6HnU8D1Zr4OyYH1QrAnHmEmL%2BRKN9Cf9Y39qfAQ7jSeNQKNWVbbBr74%2Fd7wJPN77XyGMYb2SC5JFUk4Do%2FOWWHU5YUVeiffuv1ULYp1IxU5D34x4mJYuLTu1xhVc%2Fba8Ged"}],"group":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: PHP/7.1.33

GET
H2 200 css
fonts.googleapis.com/ 2 KB
837 B 197ms
80ms Stylesheet
text/css 2607:f8b0:4020:807::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Lato:400,300,700

Requested by

Host: cdscdscsdc5632cdsc.brandigh.com
URL: https://cdscdscsdc5632cdsc.brandigh.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4020:807::200a Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdscdscsdc5632cdsc.brandigh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 30 May 2023 19:10:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 30 May 2023 18:13:53 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 30 May 2023 19:10:32 GMT

GET
H2 200 ionicons.min.css
code.ionicframework.com/ionicons/2.0.1/css/ 50 KB
9 KB 125ms
40ms Stylesheet
text/css 2606:4700:20::681a:7ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://code.ionicframework.com/ionicons/2.0.1/css/ionicons.min.css
Requested by: Host: cdscdscsdc5632cdsc.brandigh.com
URL: https://cdscdscsdc5632cdsc.brandigh.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:7ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdscdscsdc5632cdsc.brandigh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

x-fastly-request-id: 3409f97f9b7b5d056ccf395b89a6a2e48af8579e
date: Tue, 30 May 2023 19:10:32 GMT
via: 1.1 varnish
content-encoding: br
expires: Mon, 15 May 2023 15:50:05 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 74907
x-cache: HIT
x-proxy-cache: HIT
alt-svc: h3=":443"; ma=86400
x-served-by: cache-chi-klot8100146-CHI
last-modified: Thu, 13 Apr 2023 16:20:19 GMT
server: cloudflare
x-github-request-id: D5AA:438C:38C871F:5122729:6462528D
x-timer: S1685398926.952131,VS0,VE2
etag: W/"64382bc3-c854"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CzE5jHhmtfayveatF8SHfKEdn1CH1nmpu9bSBTN6upXfzSalL0mOEY7wINkCUmB7ZLGOIYHGD%2BdWlgmHpOV3ZlqHKvUmuBh7OPQ4q1HGHVVLn1DcydDoFx3%2BE35J4B7J6ALU2OEUB5Ts%2BOzBaSApVKdOpXY1"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
cf-ray: 7cf9471edbae233c-ORD
x-cache-hits: 1

GET
H2 200 bootstrap.min.css
cdscdscsdc5632cdsc.brandigh.com/css/ 111 KB
19 KB 252ms
250ms Stylesheet
text/css 2606:4700:3036::6815:48b9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdscdscsdc5632cdsc.brandigh.com/css/bootstrap.min.css
Requested by: Host: cdscdscsdc5632cdsc.brandigh.com
URL: https://cdscdscsdc5632cdsc.brandigh.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::6815:48b9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdscdscsdc5632cdsc.brandigh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 30 May 2023 19:10:32 GMT
content-encoding: br
cf-cache-status: REVALIDATED
last-modified: Thu, 11 Aug 2016 10:38:52 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"1bd5b-539c95f33e700"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HQ3FTQvtJYDmZQMVel9%2Bi5xGZHrlf66F3oD88LSF4UqB72uVS2nfEMUhE11h758uHyQexsceMQFFFVr%2BFkBxUP1E6J81WE70IUJaHzD2JcLzTW8VqWkY2NUcqWAS1K1pMoJRVzmufvz%2F2gbOULY3hXFJlB%2BNRX2wbQb%2FGaxQ"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 7cf9471e5d616332-ORD
alt-svc: h3=":443"; ma=86400

GET
H2 200 font-awesome.min.css
cdscdscsdc5632cdsc.brandigh.com/css/ 21 KB
5 KB 278ms
276ms Stylesheet
text/css 2606:4700:3036::6815:48b9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdscdscsdc5632cdsc.brandigh.com/css/font-awesome.min.css
Requested by: Host: cdscdscsdc5632cdsc.brandigh.com
URL: https://cdscdscsdc5632cdsc.brandigh.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::6815:48b9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdscdscsdc5632cdsc.brandigh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 30 May 2023 19:10:32 GMT
content-encoding: br
cf-cache-status: REVALIDATED
last-modified: Thu, 11 Aug 2016 10:38:52 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"55e0-539c95f33e700"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BU7ymSUCNFblIhKFZN6zaZgyzcZJXX3gMEqx414al97bxwy5CQiZZui9w3dUYBf6s2m%2F85M4hJGOBMK3v2y36Eg%2BeTWpwsb3g%2FcHMSwFn5%2FiwjJ56U5LD9CuEKrBUaZkUxfR%2Boe6exjzsIqlD3cNKr0p%2FGGHrkhc7BIK5Dhl"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 7cf9471e5d626332-ORD
alt-svc: h3=":443"; ma=86400

GET
H2 200 owl.carousel.css
cdscdscsdc5632cdsc.brandigh.com/css/ 5 KB
1 KB 243ms
241ms Stylesheet
text/css 2606:4700:3036::6815:48b9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdscdscsdc5632cdsc.brandigh.com/css/owl.carousel.css
Requested by: Host: cdscdscsdc5632cdsc.brandigh.com
URL: https://cdscdscsdc5632cdsc.brandigh.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::6815:48b9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdscdscsdc5632cdsc.brandigh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 30 May 2023 19:10:32 GMT
content-encoding: br
cf-cache-status: REVALIDATED
last-modified: Thu, 11 Aug 2016 10:38:52 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"1206-539c95f33e700"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dY4YzzVts63VNu%2BsRznaDUTf%2FxDHDIbAGTAr413UHRqkXfVlSg5%2BEo0cg7qcSgEtLgf58KV%2BNdmY4B1tnnvNOyUGfUNXwjJWmLeAV3i0rlsq4DeB2a%2BXArDZHrafYz8GEKEnjx1NERivG%2FSj7NSIJ8ob9QzCWUPCTRJVMuX6"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 7cf9471e5d636332-ORD
alt-svc: h3=":443"; ma=86400

GET
H2 200 animate.css
cdscdscsdc5632cdsc.brandigh.com/css/ 73 KB
5 KB 244ms
242ms Stylesheet
text/css 2606:4700:3036::6815:48b9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdscdscsdc5632cdsc.brandigh.com/css/animate.css
Requested by: Host: cdscdscsdc5632cdsc.brandigh.com
URL: https://cdscdscsdc5632cdsc.brandigh.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::6815:48b9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdscdscsdc5632cdsc.brandigh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 30 May 2023 19:10:32 GMT
content-encoding: br
cf-cache-status: REVALIDATED
last-modified: Thu, 11 Aug 2016 10:38:52 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"12279-539c95f33e700"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y%2BvFQQ4J94A1zNDe3lIUHqWgkk8j36dNYs1juPkV5n%2B2P5j41s%2FUpPU8%2B8jOQL39GesDe7TnRzhYCQSF2CfMelUSUhE7MpuhirESUEuJcNZ%2BNLHNIwlEMp%2Bp3mDUZ2I4%2BjZlpDIty26dAkGHbN6OQ%2BTOxWLoUNkFeQVpyiiR"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 7cf9471e5d646332-ORD
alt-svc: h3=":443"; ma=86400

GET
H2 200 main.css
cdscdscsdc5632cdsc.brandigh.com/css/ 17 KB
4 KB 283ms
282ms Stylesheet
text/css 2606:4700:3036::6815:48b9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdscdscsdc5632cdsc.brandigh.com/css/main.css
Requested by: Host: cdscdscsdc5632cdsc.brandigh.com
URL: https://cdscdscsdc5632cdsc.brandigh.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::6815:48b9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdscdscsdc5632cdsc.brandigh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 30 May 2023 19:10:32 GMT
content-encoding: br
cf-cache-status: REVALIDATED
last-modified: Thu, 11 Aug 2016 10:38:52 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"4452-539c95f33e700"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WlZSM78xwx3vqraYb9RwlXek7fGruIKssyYIYNEsgnRO5TkgzPsvdOK2J8EFN4xvWF0jFSW5TUdQ2Ym1imPMiEfQ6wU29aTsep7m6KWXfO99Vs6Cs2A5oGyTpPz6PacqFuzjzUE7zrlvAyLqvNVKenXLqLNgcPIUchICnqp7"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 7cf9471e5d656332-ORD
alt-svc: h3=":443"; ma=86400

GET
H2 200 responsive.css
cdscdscsdc5632cdsc.brandigh.com/css/ 2 KB
832 B 256ms
254ms Stylesheet
text/css 2606:4700:3036::6815:48b9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdscdscsdc5632cdsc.brandigh.com/css/responsive.css
Requested by: Host: cdscdscsdc5632cdsc.brandigh.com
URL: https://cdscdscsdc5632cdsc.brandigh.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::6815:48b9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdscdscsdc5632cdsc.brandigh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 30 May 2023 19:10:32 GMT
content-encoding: br
cf-cache-status: REVALIDATED
last-modified: Thu, 11 Aug 2016 10:38:52 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"80f-539c95f33e700"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bf%2BXWbACcUjJfBmvaeNyIMUdhq1JBGQnEVvfNkJ39zETiK3Xu2bdqgnC1QIG2VC3hZJx4DhXJAxAEm8DHFFhFLSL2pBhQ7741CaETOAeneuzPu7fLYQeNBYga9TOYpY97myWK51jlAcL5ktw1OetzDK1StLPKlALfVXIcyMO"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 7cf9471e5d686332-ORD
alt-svc: h3=":443"; ma=86400

GET
H3 200 logo.png
cdscdscsdc5632cdsc.brandigh.com/images/ 3 KB
3 KB 38ms
37ms Image
image/png 2606:4700:3036::6815:48b9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdscdscsdc5632cdsc.brandigh.com/images/logo.png
Requested by: Host: cdscdscsdc5632cdsc.brandigh.com
URL: https://cdscdscsdc5632cdsc.brandigh.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:48b9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdscdscsdc5632cdsc.brandigh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 30 May 2023 19:10:32 GMT
cf-cache-status: HIT
last-modified: Thu, 11 Aug 2016 10:38:52 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 7080
etag: "b67-539c95f33e700"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XFieQqw7oWFZOT%2Bq9NKfYOIDoPvfB106ZsKP9a%2BoqQTqhWol91hkIZ97WtmJ8MN4P0EmYXBvgKcfJJYRDtrzZR3lfqHjS3T29jnnwzPcPgU8JDgp%2Fyz0XwtxrW2LTyKBOolmsryZmP%2F6CQxYRv2EnKjHRdUCwiBxMTwKhtEH"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7cf9472019be2a09-ORD
alt-svc: h3=":443"; ma=86400
content-length: 2919

GET
H3 200 logo-2.png
cdscdscsdc5632cdsc.brandigh.com/images/ 3 KB
4 KB 36ms
36ms Image
image/png 2606:4700:3036::6815:48b9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdscdscsdc5632cdsc.brandigh.com/images/logo-2.png
Requested by: Host: cdscdscsdc5632cdsc.brandigh.com
URL: https://cdscdscsdc5632cdsc.brandigh.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:48b9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdscdscsdc5632cdsc.brandigh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 30 May 2023 19:10:32 GMT
cf-cache-status: HIT
last-modified: Thu, 11 Aug 2016 10:38:52 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 7080
etag: "c30-539c95f33e700"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wLsfnkSJAzwxDXqPgNaMITYS3GdezZfF3rjM6XuJdAv3m6xFhAogPCb9P1Til1mDn07NKuK4PbmcqiTapEk1itnotPq5El0gDcPM5ITz7fxqbGtjApsw3jZ%2Fs8%2FXI5XI8Op%2FVIGAyz5XEsRGS5EKr9hnJ4Epxa5aNbTqIuQP"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7cf9472019cb2a09-ORD
alt-svc: h3=":443"; ma=86400
content-length: 3120

GET
H3 200 1.jpg
cdscdscsdc5632cdsc.brandigh.com/images/about/ 50 KB
51 KB 37ms
37ms Image
image/jpeg 2606:4700:3036::6815:48b9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdscdscsdc5632cdsc.brandigh.com/images/about/1.jpg
Requested by: Host: cdscdscsdc5632cdsc.brandigh.com
URL: https://cdscdscsdc5632cdsc.brandigh.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:48b9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdscdscsdc5632cdsc.brandigh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 30 May 2023 19:10:33 GMT
cf-cache-status: HIT
last-modified: Thu, 11 Aug 2016 10:38:52 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 7080
etag: "c8c7-539c95f33e700"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SkCKAaYQWFxcTsID4Lg3HmgNBmszFDwSpV8Xo0rJyipD1IoUDuz7A5V7H2F6uzeuVlKq%2FjUN9FPkdPNotarfwjxCJVRy71VPgJSutzPSwLRdPf%2FZNvNIO%2BD%2BzHaOqyGXyBbLNhZJKJLE84JfaRcHJsOp%2FxSBLG0iuO1G7iaB"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7cf947205a082a09-ORD
alt-svc: h3=":443"; ma=86400
content-length: 51399

GET
H3 200 2.jpg
cdscdscsdc5632cdsc.brandigh.com/images/about/ 34 KB
35 KB 92ms
92ms Image
image/jpeg 2606:4700:3036::6815:48b9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdscdscsdc5632cdsc.brandigh.com/images/about/2.jpg
Requested by: Host: cdscdscsdc5632cdsc.brandigh.com
URL: https://cdscdscsdc5632cdsc.brandigh.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:48b9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdscdscsdc5632cdsc.brandigh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 30 May 2023 19:10:33 GMT
cf-cache-status: HIT
last-modified: Thu, 11 Aug 2016 10:38:52 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 7079
etag: "889e-539c95f33e700"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I2Jwj2V17wKNb8aJdn%2BrJ2ZXU%2FtoN%2FZ35EVaOf%2BJ1RJbixbkYk6nWyYhkZrhFysNfbbeFrUikr92e2dHZrNg7hWa%2B6iWEfwqgF5nPC6KElyD21fwzo%2FNwVxmbBfztMQNfu8AbAfWoayShDyAOrIsf2Aq6%2FcYTRGeCVxvqzl9"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7cf947205a0d2a09-ORD
alt-svc: h3=":443"; ma=86400
content-length: 34974

GET
H3 200 3.jpg
cdscdscsdc5632cdsc.brandigh.com/images/about/ 19 KB
20 KB 43ms
42ms Image
image/jpeg 2606:4700:3036::6815:48b9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdscdscsdc5632cdsc.brandigh.com/images/about/3.jpg
Requested by: Host: cdscdscsdc5632cdsc.brandigh.com
URL: https://cdscdscsdc5632cdsc.brandigh.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:48b9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cdscdscsdc5632cdsc.brandigh.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 30 May 2023 19:10:33 GMT
cf-cache-status: HIT
last-modified: Thu, 11 Aug 2016 10:38:52 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 7078
etag: "4c50-539c95f33e700"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HFYtd8lBwC1o2bR0zBZWScpQI9XbcwYjXnEp8aTfsKoT0BNElBEly%2BQaiFzmB3HyFG6JP3MCW3q8GhAXpLhSN1NbcXS091hP%2FDTNoXPGLJdFBeze8juHF9MMdFqO4ISnjFNoWaEhhEZqYJOzIkRGX1qlSP37DOTeAR28JGam"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7cf94720fab32a09-ORD
alt-svc: h3=":443"; ma=86400
content-length: 19536

GET
H2

522

Primary Request index_2.php Show response
ofonlinemarket.com/sweeps_new_2/
Redirect Chain

https://cdscdscsdc5632cdsc.brandigh.com/amY1UjZYWm9oLzNMd1Q1ZHhqSGhVcnM2R2pxZDRsaDI0YU9Gc2pDak04OEJwSXhBQ1dDc3FsK1JZZWx4NXBnbmVjeDd3cGptL25Uakc3UGcxM3h1cmVPdjN4Ui9uWFBnM21BMlVoRWZWakx2K3o1cFFzMHh6W...
https://www.br2ghatrk.com/4J58SX/2TZ4H1F/?sub1=9&sub2=81580_15&sub3=2505_41883_270562_3322259_md
https://bsttpl.com/click.php?key=sfbpp5psp4ptp1xhhk53&externalid=88acd3fdad4145208551fa60f05e84a8&target=&subid=78
https://ofonlinemarket.com/sweeps_new_2/index_2.php?device_name=Desktop&browser_name=Chrome&language=en-US&city=West%20Chicago&clickid=9e711lpxrgx5mb60&campaign=4660&user_id=1&clickcost=0&lander=20...

7 KB
7 KB

30632ms
30539ms

Document
text/html

2606:4700:3030::ac43:a327

General

Check archive.org

Show headers Download Go to

Full URL

https://ofonlinemarket.com/sweeps_new_2/index_2.php?device_name=Desktop&browser_name=Chrome&language=en-US&city=West%20Chicago&clickid=9e711lpxrgx5mb60&campaign=4660&user_id=1&clickcost=0&lander=2010&time=1685455834&browser_version=113.0.5672.126&device_model=Desktop&device_brand=Desktop&resolution=desktop&os_name=Windows&os_version=10.0&country=United%20States&country_code=US&isp=Nexeon%20Technologies,%20Inc.&ip=2602:ffc8:1:1::4&user_agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/113.0.5672.126%20Safari/537.36&lpkey=16ff857c47e6413034&target=Unknown&device=DESKTOP&country=US&ts={t9}&trafficsource=136&uclick=lpxrgx5m&uclickhash=lpxrgx5m-lpxrgx5m-1zmy-myfe-ir7s-ydgh6o-ydghdz-955b44

Requested by

Host: cdscdscsdc5632cdsc.brandigh.com
URL: https://cdscdscsdc5632cdsc.brandigh.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3030::ac43:a327 -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

610b8331c5a1a7a373a3f3dbd1f3b5a3b117ade48728d8d075cb75f291a8cb82

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://cdscdscsdc5632cdsc.brandigh.com/#amY1UjZYWm9oLzNMd1Q1ZHhqSGhVcnM2R2pxZDRsaDI0YU9Gc2pDak04OEJwSXhBQ1dDc3FsK1JZZWx4NXBnbmVjeDd3cGptL25Uakc3UGcxM3h1cmVPdjN4Ui9uWFBnM21BMlVoRWZWakx2K3o1cFFzMHh6WnZtY0FFWStWZGphMmdreEtTWDdDVEtybnVvSFBnQzdBPT0_
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray: 7cf947297960e153-ORD
content-type: text/html; charset=UTF-8
date: Tue, 30 May 2023 19:11:04 GMT
expires: Thu, 01 Jan 1970 00:00:01 GMT
referrer-policy: same-origin
server: cloudflare
x-frame-options: SAMEORIGIN

Redirect headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 7cf94724cbeae26d-ORD
content-type: text/html; charset=UTF-8
date: Tue, 30 May 2023 19:10:34 GMT
location: https://ofonlinemarket.com/sweeps_new_2/index_2.php?device_name=Desktop&browser_name=Chrome&language=en-US&city=West%20Chicago&clickid=9e711lpxrgx5mb60&campaign=4660&user_id=1&clickcost=0&lander=2010&time=1685455834&browser_version=113.0.5672.126&device_model=Desktop&device_brand=Desktop&resolution=desktop&os_name=Windows&os_version=10.0&country=United%20States&country_code=US&isp=Nexeon%20Technologies,%20Inc.&ip=2602:ffc8:1:1::4&user_agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/113.0.5672.126%20Safari/537.36&lpkey=16ff857c47e6413034&target=Unknown&device=DESKTOP&country=US&ts={t9}&trafficsource=136&uclick=lpxrgx5m&uclickhash=lpxrgx5m-lpxrgx5m-1zmy-myfe-ir7s-ydgh6o-ydghdz-955b44
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kW51sTjW9r4RD0K%2B7PZNExXt288MiYplZwR83poNLiROV1pAiyZvuBDsDwAS03PocUJY7ellXN%2BbxD0cOycPoBEsv5ro6mGljQfhKNlmQvjcA%2Bcflfs8bGRDYc8tSTbPDqpxt0HHnFWE"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000

GET
H2 200 main.css
ofonlinemarket.com/cdn-cgi/styles/ 8 KB
2 KB 41ms
41ms Stylesheet
text/css 2606:4700:3030::ac43:a327

General

Check archive.org

Show headers Download Go to

Full URL

https://ofonlinemarket.com/cdn-cgi/styles/main.css

Requested by

Host: ofonlinemarket.com
URL: https://ofonlinemarket.com/sweeps_new_2/index_2.php?device_name=Desktop&browser_name=Chrome&language=en-US&city=West%20Chicago&clickid=9e711lpxrgx5mb60&campaign=4660&user_id=1&clickcost=0&lander=2010&time=1685455834&browser_version=113.0.5672.126&device_model=Desktop&device_brand=Desktop&resolution=desktop&os_name=Windows&os_version=10.0&country=United%20States&country_code=US&isp=Nexeon%20Technologies,%20Inc.&ip=2602:ffc8:1:1::4&user_agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/113.0.5672.126%20Safari/537.36&lpkey=16ff857c47e6413034&target=Unknown&device=DESKTOP&country=US&ts={t9}&trafficsource=136&uclick=lpxrgx5m&uclickhash=lpxrgx5m-lpxrgx5m-1zmy-myfe-ir7s-ydgh6o-ydghdz-955b44

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3030::ac43:a327 -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

d30b4ea6f68456672f5abb35e9dcf7d54226372b66e9d60a7ee26b7a52568e74

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ofonlinemarket.com/sweeps_new_2/index_2.php?device_name=Desktop&browser_name=Chrome&language=en-US&city=West%20Chicago&clickid=9e711lpxrgx5mb60&campaign=4660&user_id=1&clickcost=0&lander=2010&time=1685455834&browser_version=113.0.5672.126&device_model=Desktop&device_brand=Desktop&resolution=desktop&os_name=Windows&os_version=10.0&country=United%20States&country_code=US&isp=Nexeon%20Technologies,%20Inc.&ip=2602:ffc8:1:1::4&user_agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/113.0.5672.126%20Safari/537.36&lpkey=16ff857c47e6413034&target=Unknown&device=DESKTOP&country=US&ts={t9}&trafficsource=136&uclick=lpxrgx5m&uclickhash=lpxrgx5m-lpxrgx5m-1zmy-myfe-ir7s-ydgh6o-ydghdz-955b44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 30 May 2023 19:11:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 25 May 2023 08:39:03 GMT
server: cloudflare
etag: W/"646f1ea7-1f4d"
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=7200, public
cf-ray: 7cf947e858c5e153-ORD
expires: Tue, 30 May 2023 21:11:05 GMT

GET
H2 200 cf-icon-browser.png
ofonlinemarket.com/cdn-cgi/images/ 484 B
559 B 32ms
31ms Image
image/png 2606:4700:3030::ac43:a327

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ofonlinemarket.com/cdn-cgi/images/cf-icon-browser.png

Requested by

Host: ofonlinemarket.com
URL: https://ofonlinemarket.com/cdn-cgi/styles/main.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3030::ac43:a327 -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

78a7d8b29cabf16831417dba1b9bbe36fae0d060a35a495e8f10e9663b3c9e65

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ofonlinemarket.com/cdn-cgi/styles/main.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 30 May 2023 19:11:05 GMT
x-content-type-options: nosniff
last-modified: Thu, 25 May 2023 08:39:03 GMT
server: cloudflare
etag: "646f1ea7-1e4"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=7200, public
accept-ranges: bytes
cf-ray: 7cf947e89926e153-ORD
content-length: 484
expires: Tue, 30 May 2023 21:11:05 GMT

GET
H2 200 cf-icon-ok.png
ofonlinemarket.com/cdn-cgi/images/ 946 B
1 KB 31ms
30ms Image
image/png 2606:4700:3030::ac43:a327

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ofonlinemarket.com/cdn-cgi/images/cf-icon-ok.png

Requested by

Host: ofonlinemarket.com
URL: https://ofonlinemarket.com/cdn-cgi/styles/main.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3030::ac43:a327 -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

ed732380ee3ff0f2d841784da213c8c05d2b5ae187a5217b419d21cae5cedb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ofonlinemarket.com/cdn-cgi/styles/main.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 30 May 2023 19:11:05 GMT
x-content-type-options: nosniff
last-modified: Thu, 25 May 2023 08:39:03 GMT
server: cloudflare
etag: "646f1ea7-3b2"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=7200, public
accept-ranges: bytes
cf-ray: 7cf947e89927e153-ORD
content-length: 946
expires: Tue, 30 May 2023 21:11:05 GMT

GET
H2 200 cf-icon-cloud.png
ofonlinemarket.com/cdn-cgi/images/ 1 KB
2 KB 34ms
33ms Image
image/png 2606:4700:3030::ac43:a327

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ofonlinemarket.com/cdn-cgi/images/cf-icon-cloud.png

Requested by

Host: ofonlinemarket.com
URL: https://ofonlinemarket.com/cdn-cgi/styles/main.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3030::ac43:a327 -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

3a223426c67a0a33ff57af68a57fb589fea36af2a6e8f9dae7798c77471e0e58

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ofonlinemarket.com/cdn-cgi/styles/main.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 30 May 2023 19:11:05 GMT
x-content-type-options: nosniff
last-modified: Thu, 25 May 2023 08:39:03 GMT
server: cloudflare
etag: "646f1ea7-5cc"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=7200, public
accept-ranges: bytes
cf-ray: 7cf947e8a928e153-ORD
content-length: 1484
expires: Tue, 30 May 2023 21:11:05 GMT

GET
H2 200 cf-icon-server.png
ofonlinemarket.com/cdn-cgi/images/ 1 KB
1 KB 32ms
31ms Image
image/png 2606:4700:3030::ac43:a327

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ofonlinemarket.com/cdn-cgi/images/cf-icon-server.png

Requested by

Host: ofonlinemarket.com
URL: https://ofonlinemarket.com/cdn-cgi/styles/main.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3030::ac43:a327 -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

41553a537f85839927155af093b7bfa1987215f474ed038714609cc48812ea3b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ofonlinemarket.com/cdn-cgi/styles/main.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 30 May 2023 19:11:05 GMT
x-content-type-options: nosniff
last-modified: Thu, 25 May 2023 08:39:03 GMT
server: cloudflare
etag: "646f1ea7-568"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=7200, public
accept-ranges: bytes
cf-ray: 7cf947e8a929e153-ORD
content-length: 1384
expires: Tue, 30 May 2023 21:11:05 GMT

GET
H2 200 cf-icon-error.png
ofonlinemarket.com/cdn-cgi/images/ 854 B
930 B 32ms
32ms Image
image/png 2606:4700:3030::ac43:a327

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ofonlinemarket.com/cdn-cgi/images/cf-icon-error.png

Requested by

Host: ofonlinemarket.com
URL: https://ofonlinemarket.com/cdn-cgi/styles/main.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3030::ac43:a327 -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

67f70597a183fbca7fac55d609fbaac5c34bb4d4d32a0530bbbbb42591f2de2f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ofonlinemarket.com/cdn-cgi/styles/main.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date: Tue, 30 May 2023 19:11:05 GMT
x-content-type-options: nosniff
last-modified: Thu, 25 May 2023 08:39:03 GMT
server: cloudflare
etag: "646f1ea7-356"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=7200, public
accept-ranges: bytes
cf-ray: 7cf947e8a92ae153-ORD
content-length: 854
expires: Tue, 30 May 2023 21:11:05 GMT

Verdicts & Comments Add Verdict or Comment

Malicious page.domain
Submitted on May 30th 2023, 7:11:55 pm UTC — From United States

Threats: Phishing Brand Impersonation Scam
Brands: Customer Survey Spam US
Comment: Phishing email received that leads to customer survey spam website imitating big box stores.

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.br2ghatrk.com/	1970-01-20 12:11:17	Name: uniqueClick_2TZ4H1F Value: 0e2b6d1e-f4ae-484b-8627-5ad47d318eea:1685473833
www.br2ghatrk.com/	1970-01-20 14:20:49	Name: transaction_id Value: 88acd3fdad4145208551fa60f05e84a8
bsttpl.com/	1970-01-20 12:12:40	Name: uclick Value: lpxrgx5m
bsttpl.com/	1970-01-20 12:12:40	Name: uclickhash Value: lpxrgx5m-lpxrgx5m-1zmy-myfe-ir7s-ydgh6o-ydghdz-955b44

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://ofonlinemarket.com/sweeps_new_2/index_2.php?device_name=Desktop&browser_name=Chrome&language=en-US&city=West%20Chicago&clickid=9e711lpxrgx5mb60&campaign=4660&user_id=1&clickcost=0&lander=2010&time=1685455834&browser_version=113.0.5672.126&device_model=Desktop&device_brand=Desktop&resolution=desktop&os_name=Windows&os_version=10.0&country=United%20States&country_code=US&isp=Nexeon%20Technologies,%20Inc.&ip=2602:ffc8:1:1::4&user_agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/113.0.5672.126%20Safari/537.36&lpkey=16ff857c47e6413034&target=Unknown&device=DESKTOP&country=US&ts={t9}&trafficsource=136&uclick=lpxrgx5m&uclickhash=lpxrgx5m-lpxrgx5m-1zmy-myfe-ir7s-ydgh6o-ydghdz-955b44 Message: Failed to load resource: the server responded with a status of 522 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bsttpl.com
cdscdscsdc5632cdsc.brandigh.com
code.ionicframework.com
fonts.googleapis.com
ofonlinemarket.com
storage.googleapis.com
www.br2ghatrk.com
2606:4700:20::681a:7ad
2606:4700:3030::ac43:a327
2606:4700:3031::ac43:8af2
2606:4700:3036::6815:48b9
2607:f8b0:4020:806::2010
2607:f8b0:4020:807::200a
34.95.111.143
3a223426c67a0a33ff57af68a57fb589fea36af2a6e8f9dae7798c77471e0e58
41553a537f85839927155af093b7bfa1987215f474ed038714609cc48812ea3b
610b8331c5a1a7a373a3f3dbd1f3b5a3b117ade48728d8d075cb75f291a8cb82
67f70597a183fbca7fac55d609fbaac5c34bb4d4d32a0530bbbbb42591f2de2f
78a7d8b29cabf16831417dba1b9bbe36fae0d060a35a495e8f10e9663b3c9e65
d30b4ea6f68456672f5abb35e9dcf7d54226372b66e9d60a7ee26b7a52568e74
ed732380ee3ff0f2d841784da213c8c05d2b5ae187a5217b419d21cae5cedb1b

ofonlinemarket.com Open in urlscan Pro 2606:4700:3030::ac43:a327 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Community Verdicts: Malicious — 1 votes Show Verdicts

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

22 Requests

100 %HTTPS

86 %IPv6

6 Domains

7 Subdomains

5 IPs

2 Countries

175 kBTransfer

427 kBSize

4 Cookies

2 Outgoing links

Page URL History

Redirected requests

22 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Malicious page.domain Submitted on May 30th 2023, 7:11:55 pm UTC — From United States

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

1 JavaScript Global Variables

4 Cookies

1 Console Messages

Indicators

ofonlinemarket.com Open in urlscan Pro
2606:4700:3030::ac43:a327 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

22
Requests

100 %
HTTPS

86 %
IPv6

6
Domains

7
Subdomains

5
IPs

2
Countries

175 kB
Transfer

427 kB
Size

4
Cookies

22 HTTP transactions
0 data transactions

Malicious page.domain
Submitted on May 30th 2023, 7:11:55 pm UTC — From United States

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!