ratedophfer.com
Open in
urlscan Pro
103.147.122.143
Malicious Activity!
Public Scan
Effective URL: https://ratedophfer.com/giftcard/index_3_d.php?device_name=Desktop&browser_name=Chrome&language=en-US&city=Buffalo&click...
Submission: On December 01 via manual from US — Scanned from US
Summary
TLS certificate: Issued by R3 on October 9th 2022. Valid for: 3 months.
This is the only time ratedophfer.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Community Verdicts: Malicious — 2 votes Show Verdicts
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 2607:f8b0:400... 2607:f8b0:4004:c19::80 | 15169 (GOOGLE) (GOOGLE) | |
1 13 | 2606:4700:e2:... 2606:4700:e2::ac40:841d | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 2607:f8b0:400... 2607:f8b0:4006:821::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 2606:4700:20:... 2606:4700:20::681a:7ad | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 1 | 34.95.111.143 34.95.111.143 | 396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM) | |
1 1 | 103.147.122.142 103.147.122.142 | 135932 (VNDATA-AS...) (VNDATA-AS-VN Viet Storage Technology Joint Stock Company) | |
8 | 103.147.122.143 103.147.122.143 | 135932 (VNDATA-AS...) (VNDATA-AS-VN Viet Storage Technology Joint Stock Company) | |
1 | 69.16.175.10 69.16.175.10 | 20446 (STACKPATH...) (STACKPATH-CDN) | |
4 | 2600:9000:207... 2600:9000:2073:7600:b:4623:cac0:21 | 16509 (AMAZON-02) (AMAZON-02) | |
29 | 7 |
ASN13335 (CLOUDFLARENET, US)
thebestornothing.brandigh.com |
ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 143.111.95.34.bc.googleusercontent.com
www.b22trx.com |
ASN135932 (VNDATA-AS-VN Viet Storage Technology Joint Stock Company, VN)
tpltrk.com |
ASN135932 (VNDATA-AS-VN Viet Storage Technology Joint Stock Company, VN)
ratedophfer.com |
ASN16509 (AMAZON-02, US)
d3e1y4kxkqljcb.cloudfront.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
13 |
brandigh.com
1 redirects
thebestornothing.brandigh.com — Cisco Umbrella Rank: 193735 |
151 KB |
8 |
ratedophfer.com
ratedophfer.com |
31 KB |
4 |
cloudfront.net
d3e1y4kxkqljcb.cloudfront.net |
195 KB |
3 |
googleapis.com
storage.googleapis.com — Cisco Umbrella Rank: 383 fonts.googleapis.com — Cisco Umbrella Rank: 37 |
2 KB |
1 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 680 |
33 KB |
1 |
tpltrk.com
1 redirects
tpltrk.com — Cisco Umbrella Rank: 526709 |
1 KB |
1 |
b22trx.com
1 redirects
www.b22trx.com |
453 B |
1 |
ionicframework.com
code.ionicframework.com — Cisco Umbrella Rank: 14485 |
9 KB |
29 | 8 |
Domain | Requested by | |
---|---|---|
13 | thebestornothing.brandigh.com |
1 redirects
storage.googleapis.com
thebestornothing.brandigh.com |
8 | ratedophfer.com |
thebestornothing.brandigh.com
ratedophfer.com code.jquery.com |
4 | d3e1y4kxkqljcb.cloudfront.net |
ratedophfer.com
|
2 | fonts.googleapis.com |
thebestornothing.brandigh.com
ratedophfer.com |
1 | code.jquery.com |
ratedophfer.com
|
1 | tpltrk.com | 1 redirects |
1 | www.b22trx.com | 1 redirects |
1 | code.ionicframework.com |
thebestornothing.brandigh.com
|
1 | storage.googleapis.com | |
29 | 9 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
storage.googleapis.com GTS CA 1C3 |
2022-11-02 - 2023-01-25 |
3 months | crt.sh |
*.brandigh.com E1 |
2022-11-27 - 2023-02-25 |
3 months | crt.sh |
upload.video.google.com GTS CA 1C3 |
2022-11-02 - 2023-01-25 |
3 months | crt.sh |
ionicframework.com Cloudflare Inc ECC CA-3 |
2022-05-01 - 2023-05-01 |
a year | crt.sh |
ratedophfer.com R3 |
2022-10-09 - 2023-01-07 |
3 months | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2022-08-03 - 2023-07-14 |
a year | crt.sh |
*.cloudfront.net Amazon |
2022-02-01 - 2023-01-31 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://ratedophfer.com/giftcard/index_3_d.php?device_name=Desktop&browser_name=Chrome&language=en-US&city=Buffalo&clickid=0a3799zib1nvr041&campaign=3584&user_id=1&clickcost=0&lander=1819&time=1669896386&browser_version=108.0.5359.71&device_model=Desktop&device_brand=Desktop&resolution=desktop&os_name=Windows&os_version=10.0&country=United%20States&country_code=US&isp=Nexeon%20Technologies&ip=96.9.249.37&user_agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/108.0.5359.71%20Safari/537.36&lpkey=160a69b8919146e886&target=kfc&device=DESKTOP&country=US&ts={t9}&trafficsource=136&uclick=9zib1nvr&uclickhash=9zib1nvr-9zib1nvr-ntib-tw0-gxib-twxi6o-twa53y-33712c
Frame ID: 6AD9E17C31A7FBCF732624E5B1B65FFB
Requests: 29 HTTP requests in this frame
Screenshot
Page Title
[1] Reward Pending - Online Club - We Want Your Opinion!Page URL History Show full URLs
- https://storage.googleapis.com/1ab583605a1a9623dedf4e59f8a897/cb9958c6021ce677c1fdb4009b5f1b Page URL
- https://thebestornothing.brandigh.com/ Page URL
-
https://thebestornothing.brandigh.com/cl/52208_md/8/111882/7378/2272/46408
HTTP 302
https://www.b22trx.com/4J58SX/LW9WN6/?sub1=8&sub2=52208_15&sub3=2272_46408_111882_2839595_md HTTP 302
https://tpltrk.com/click.php?key=zvhkk47fopacsfy2hbwz&externalid=8cf1cfe38eb34de59d3512bc1e7d19... HTTP 302
https://ratedophfer.com/giftcard/index_3_d.php?device_name=Desktop&browser_name=Chrome&language=en-U... Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
Font Awesome (Font Scripts) Expand
Detected patterns
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://storage.googleapis.com/1ab583605a1a9623dedf4e59f8a897/cb9958c6021ce677c1fdb4009b5f1b Page URL
- https://thebestornothing.brandigh.com/ Page URL
-
https://thebestornothing.brandigh.com/cl/52208_md/8/111882/7378/2272/46408
HTTP 302
https://www.b22trx.com/4J58SX/LW9WN6/?sub1=8&sub2=52208_15&sub3=2272_46408_111882_2839595_md HTTP 302
https://tpltrk.com/click.php?key=zvhkk47fopacsfy2hbwz&externalid=8cf1cfe38eb34de59d3512bc1e7d1984&target=kfc&subid=78 HTTP 302
https://ratedophfer.com/giftcard/index_3_d.php?device_name=Desktop&browser_name=Chrome&language=en-US&city=Buffalo&clickid=0a3799zib1nvr041&campaign=3584&user_id=1&clickcost=0&lander=1819&time=1669896386&browser_version=108.0.5359.71&device_model=Desktop&device_brand=Desktop&resolution=desktop&os_name=Windows&os_version=10.0&country=United%20States&country_code=US&isp=Nexeon%20Technologies&ip=96.9.249.37&user_agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/108.0.5359.71%20Safari/537.36&lpkey=160a69b8919146e886&target=kfc&device=DESKTOP&country=US&ts={t9}&trafficsource=136&uclick=9zib1nvr&uclickhash=9zib1nvr-9zib1nvr-ntib-tw0-gxib-twxi6o-twa53y-33712c Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
29 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
cb9958c6021ce677c1fdb4009b5f1b
storage.googleapis.com/1ab583605a1a9623dedf4e59f8a897/ |
118 B 696 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
thebestornothing.brandigh.com/ |
16 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
2 KB 917 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ionicons.min.css
code.ionicframework.com/ionicons/2.0.1/css/ |
50 KB 9 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
thebestornothing.brandigh.com/css/ |
111 KB 19 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
font-awesome.min.css
thebestornothing.brandigh.com/css/ |
21 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
owl.carousel.css
thebestornothing.brandigh.com/css/ |
5 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
animate.css
thebestornothing.brandigh.com/css/ |
73 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.css
thebestornothing.brandigh.com/css/ |
17 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
responsive.css
thebestornothing.brandigh.com/css/ |
2 KB 845 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
logo.png
thebestornothing.brandigh.com/images/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
logo-2.png
thebestornothing.brandigh.com/images/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
1.jpg
thebestornothing.brandigh.com/images/about/ |
50 KB 51 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
2.jpg
thebestornothing.brandigh.com/images/about/ |
34 KB 35 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
3.jpg
thebestornothing.brandigh.com/images/about/ |
19 KB 20 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
index_3_d.php
ratedophfer.com/giftcard/ Redirect Chain
|
46 KB 15 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-1.11.1.min.js
code.jquery.com/ |
94 KB 33 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main_11.js
ratedophfer.com/giftcard/assets/ |
12 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main2.css
ratedophfer.com/giftcard/assets/ |
21 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
2248cf597e3418b7229d7565490fad8d.png
d3e1y4kxkqljcb.cloudfront.net/survey_us_d/new_survey_card/ |
412 B 806 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
redirect_bin.js
ratedophfer.com/ |
694 B 1012 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
css2
fonts.googleapis.com/ |
5 KB 644 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
kfc.css
ratedophfer.com/giftcard/css/ |
480 B 784 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
kfc.json
ratedophfer.com/giftcard/datas/ |
841 B 1 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
halloween_sweeps.css
ratedophfer.com/ |
441 B 745 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
kfc_bg.png
d3e1y4kxkqljcb.cloudfront.net/survey_us_d/new_survey_card/ |
28 KB 28 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
christmas_banner2.jpg
d3e1y4kxkqljcb.cloudfront.net/survey_us_d/ |
153 KB 154 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
conf.js
ratedophfer.com/giftcard/assets/ |
7 KB 3 KB |
XHR
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
04ed4a8e1480f898574bc1ed4c60878c.png
d3e1y4kxkqljcb.cloudfront.net/survey_us_d/new_survey_card/ |
12 KB 13 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Malicious
page.url
Submitted on
December 1st 2022, 5:08:50 pm
UTC —
From United States
Threats:
Brand Impersonation
Phishing
Comment: Webpage is delivery system for a large phishing campaign pretending to be several large big box stores.
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
18 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontentvisibilityautostatechange function| $ function| jQuery function| $_GET string| targets string| usr function| birthdayFill function| beforeShowQuestion function| loadingData function| startTimer string| target object| d object| jQuery111101489654089445258 string| redirect_url string| back_url_link function| loadingOffers function| timer1 string| titleOut4 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
www.b22trx.com/ | Name: uniqueClick_LW9WN6 Value: d1e51332-4a40-473e-a18d-85e471c869eb:1669914385 |
|
www.b22trx.com/ | Name: transaction_id Value: 8cf1cfe38eb34de59d3512bc1e7d1984 |
|
tpltrk.com/ | Name: uclick Value: 9zib1nvr |
|
tpltrk.com/ | Name: uclickhash Value: 9zib1nvr-9zib1nvr-ntib-tw0-gxib-twxi6o-twa53y-33712c |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
code.ionicframework.com
code.jquery.com
d3e1y4kxkqljcb.cloudfront.net
fonts.googleapis.com
ratedophfer.com
storage.googleapis.com
thebestornothing.brandigh.com
tpltrk.com
www.b22trx.com
103.147.122.142
103.147.122.143
2600:9000:2073:7600:b:4623:cac0:21
2606:4700:20::681a:7ad
2606:4700:e2::ac40:841d
2607:f8b0:4004:c19::80
2607:f8b0:4006:821::200a
34.95.111.143
69.16.175.10
0d3de155b79d6088f7268d17b38b1cd58fae80e6aa83889e3e5acdf70181234a
12af0a37c06e631d3aaf66b39ac970e561d5854d7c93840c0e54cc64368e4eb4
24227105813d57c5010e5650280f47c1de73490c3265c54ab7e1952f6aa93e47
270bc63b390eed872e8fd61ad9c12c39f864ccbb19b30c017395a913dd8ce838
3617f8c9e2684cd10e8f9021698228bacea4626cdf5d4b080500957047eb79ab
4bb78f8a78bfcb221f40bdcf76a93e3fda7cd8f932f763d4152d7720a3a1bd88
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
6af0a43eb06cb6a94f43bb11dfaf558f60635ea141bb1f4cd8e806ae5eba7107
6b40092270e6790d68235d089e6012b56001a6dc9a70cba9b03e5b789bb5ef8e
6f2de36054525c7a25f6b4ca1447f762169a97d0f11593cf0f8f254880f4c2bc
bd95c41c871474a073d79599d3668ccf882edc51ca3c9b7796906976ce542fca
e4a86bb2af41f433da60e11d267c2e2f7c713d0fbb69b3938659b197325b9863
ee66b9320a08ab1ec2d30c61564d846a9aba96ccad5c6b1cb428f376f0d8f38e
fee9e5f3d9555588c8a4f0a59b98adcd489883f8a9bbde4d2c8b1766de02718a