![](/screenshots/b3c50b35-2a75-4a55-97d2-8aed9330c795.png)
ofviewer.live
Open in
urlscan Pro
162.214.80.94
Malicious Activity!
Public Scan
Effective URL: https://ofviewer.live/
Submission: On March 18 via manual from CA — Scanned from CA
Summary
TLS certificate: Issued by R3 on February 2nd 2022. Valid for: 3 months.
This is the only time ofviewer.live was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Scam (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
3 25 | 162.214.80.94 162.214.80.94 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1) | |
1 | 2600:9000:212... 2600:9000:2120:9600:3:b5aa:ad80:21 | 16509 (AMAZON-02) (AMAZON-02) | |
2 | 104.20.228.67 104.20.228.67 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
5 | 2600:9000:212... 2600:9000:2120:6c00:13:652b:c180:21 | 16509 (AMAZON-02) (AMAZON-02) | |
33 | 5 |
ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: sh039.webhostingservices.com
ofviewer.live |
ASN16509 (AMAZON-02, US)
d13nu0oomnx5ti.cloudfront.net |
ASN16509 (AMAZON-02, US)
dgu9g3a2kzqx2.cloudfront.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
25 |
ofviewer.live
3 redirects
ofviewer.live |
672 KB |
6 |
cloudfront.net
d13nu0oomnx5ti.cloudfront.net dgu9g3a2kzqx2.cloudfront.net |
58 KB |
2 |
statcounter.com
www.statcounter.com — Cisco Umbrella Rank: 10439 c.statcounter.com — Cisco Umbrella Rank: 7198 |
15 KB |
0 |
nowadays.co
Failed
nowadays.co Failed |
|
33 | 4 |
Domain | Requested by | |
---|---|---|
25 | ofviewer.live |
3 redirects
ofviewer.live
|
5 | dgu9g3a2kzqx2.cloudfront.net |
d13nu0oomnx5ti.cloudfront.net
|
1 | c.statcounter.com |
www.statcounter.com
|
1 | www.statcounter.com |
ofviewer.live
|
1 | d13nu0oomnx5ti.cloudfront.net |
ofviewer.live
|
0 | nowadays.co Failed |
ofviewer.live
|
33 | 6 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.verifyspot.net |
Subject Issuer | Validity | Valid | |
---|---|---|---|
ofviewer.nitheeshpv.online R3 |
2022-02-02 - 2022-05-03 |
3 months | crt.sh |
*.cloudfront.net Amazon |
2022-02-01 - 2023-01-31 |
a year | crt.sh |
us-dallas.statcounter.com Sectigo RSA Domain Validation Secure Server CA |
2021-11-06 - 2022-12-06 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://ofviewer.live/
Frame ID: 92351B6B3C0D6370E36548FE52BE7812
Requests: 28 HTTP requests in this frame
Frame:
https://ofviewer.live/proof.html
Frame ID: 60800143850C43E868B045A7F78F97D3
Requests: 5 HTTP requests in this frame
Screenshot
![](/screenshots/b3c50b35-2a75-4a55-97d2-8aed9330c795.png)
Page Title
OFViewer - Watch OnlyFans Premium VideosPage URL History Show full URLs
-
https://ofviewer.live/start-streaming-now-6378929
HTTP 301
https://ofviewer.live/ Page URL
Detected technologies
![](/vendor/wappa/icons/Bootstrap.png)
Detected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
![](/vendor/wappa/icons/Font Awesome.png)
Detected patterns
- <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Detected patterns
- statcounter\.com/counter/counter
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: Complete Verification
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://ofviewer.live/start-streaming-now-6378929
HTTP 301
https://ofviewer.live/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 23- https://ofviewer.live/Coins.wav HTTP 301
- https://ofviewer.live/
- https://ofviewer.live/Coins.mp3 HTTP 301
- https://ofviewer.live/
33 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
ofviewer.live/ Redirect Chain
|
17 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
ofviewer.live/css/ |
114 KB 26 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
custom.css
ofviewer.live/css/ |
144 KB 31 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
font-awesome.min.css
ofviewer.live/css/ |
23 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
flag-icon.min.html
ofviewer.live/css/ |
315 B 279 B |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
4943004.js
d13nu0oomnx5ti.cloudfront.net/ |
23 KB 23 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon1.png
ofviewer.live/ |
12 KB 12 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
captcha.png
ofviewer.live/images/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
loader.gif
ofviewer.live/ |
11 KB 11 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js.download
ofviewer.live/js/ |
82 KB 37 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.js.download
ofviewer.live/js/ |
35 KB 14 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.validate.min.js.download
ofviewer.live/js/ |
21 KB 8 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.fallback.php.html
ofviewer.live/js/ |
315 B 271 B |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.typewriter.min.js.download
ofviewer.live/js/ |
2 KB 941 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
buzz.min.js.download
ofviewer.live/js/ |
10 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
counter.js
www.statcounter.com/counter/ |
42 KB 14 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
html.1301765.f34d2.0.js
dgu9g3a2kzqx2.cloudfront.net/public/external/v2/ |
26 KB 26 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css_front.css
dgu9g3a2kzqx2.cloudfront.net/public/external/ |
6 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
glyphicons-halflings-regular.woff2
nowadays.co/mkt/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
glyphicons-halflings-regular.woff
nowadays.co/mkt/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
glyphicons-halflings-regular.ttf
nowadays.co/mkt/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon2.html
ofviewer.live/css/img/ |
315 B 315 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
proof.html
ofviewer.live/ Frame 6080 |
647 B 262 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
t.php
c.statcounter.com/ |
192 B 581 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
ofviewer.live/ Redirect Chain
|
17 KB 18 KB |
Media
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ofviewer_1.jpg
ofviewer.live/images/ Frame 6080 |
77 KB 77 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ofviewer_2.jpg
ofviewer.live/images/ Frame 6080 |
114 KB 115 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ofviewer_3.jpg
ofviewer.live/images/ Frame 6080 |
149 KB 150 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ofviewer_4.jpg
ofviewer.live/images/ Frame 6080 |
137 KB 138 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css.css
dgu9g3a2kzqx2.cloudfront.net/public/clockers/PrimeApps/ |
1010 B 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
ofviewer.live/ Redirect Chain
|
17 KB 18 KB |
Media
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
guid
dgu9g3a2kzqx2.cloudfront.net/public/ |
0 287 B |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
check.php
dgu9g3a2kzqx2.cloudfront.net/public/external/ |
78 B 373 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- nowadays.co
- URL
- http://nowadays.co/mkt/fonts/glyphicons-halflings-regular.woff2
- Domain
- nowadays.co
- URL
- http://nowadays.co/mkt/fonts/glyphicons-halflings-regular.woff
- Domain
- nowadays.co
- URL
- http://nowadays.co/mkt/fonts/glyphicons-halflings-regular.ttf
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Scam (Online)28 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 function| structuredClone object| oncontextlost object| oncontextrestored object| CPABUILDSETTINGS object| CPABUILDContentLocker number| __cfRLUnblockHandlers function| CPBContentLocker function| CPABuildLock function| CPABuildGetFeedURL function| CPABuildGetIframeURL function| CPABuildGetIframeHTML function| CPABuildUnlock function| CPABuildOfferComplete function| CPABuildOffersComplete function| CPABuildCheckForLead function| og_load function| CPABuildComplete function| call_locker function| $ function| jQuery object| buzz number| sc_project number| sc_invisible string| sc_security function| iframeLoaded function| _statcounter4 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
ofviewer.live/ | Name: _cpguid Value: 9i8om2eu3 |
|
.ofviewer.live/ | Name: sc_is_visitor_unique Value: rx12532356.1647599640.11D573F4A8774F98305B8884341843C2.1.1.1.1.1.1.1.1.1 |
|
.statcounter.com/ | Name: is_unique Value: sc12532356.1647599639.0 |
|
.statcounter.com/ | Name: is_visitor_unique Value: 1647599639309284410 |
4 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
c.statcounter.com
d13nu0oomnx5ti.cloudfront.net
dgu9g3a2kzqx2.cloudfront.net
nowadays.co
ofviewer.live
www.statcounter.com
nowadays.co
104.20.228.67
162.214.80.94
2600:9000:2120:6c00:13:652b:c180:21
2600:9000:2120:9600:3:b5aa:ad80:21
2ab3c866ee1735af6b5e132478fec9d0a8bd849492a7808e204a68c11d730f6c
46c0dc89cf6d107e63f1ff8f8c2cc92c33294dab989d4bc6db9abe1151bb154c
476a7b1085cc64de1c0eb74a6776fa8385d57eb18774f199df83fc4d7bbcc24e
4a3bc15c1663f9bf029b74f3a76b02a2842e0af275d89a92eaf502983eb2f68d
6fabf1807dc49764e2c9c4238012259dedc65d245c1090c9151e1c40f10cd84f
8af93bd675e1cfd9ecc850e862819fdac6e3ad1f5d761f970e409c7d9c63bdc3
90cadd6bec536657c9c9164158c6e261c5f9fb7446c1ebf7dfcce6fc1430839e
941cbf6bf4c7e4a84a3cc88741d93387113dff367bfc35d34109039ec1cbdf1b
9ef4a63fc5e0a14a7301d693d65d6acfc44cdf14853c4a20890198f2d5e52e3b
a0bd9bfaf4def6656a9233d93df518c01be681326e72cd9e00aa73fd29702b83
a7081a117335212b9e7f2e348f7369a64423d51db1666310b3451e7375f0b7de
a7bd79b6fba60944ee3a9c153108ff0819d2db57850116ac7065a86db08af4ec
af0045622b134654936bc776a6586bb9b3c38abfa94f48ff385b8e5f1bd57e8a
c84a134e3169dbae0d61017702b9770fcae342f75bc74496c00654d601499808
cb8ed721fcf6e5883d8143a683cf14b09af00a9bcf50bbda0868b9810ce12c33
d194e6a30be17da7eafeacdbc00dc3d1a0c02984ab4d961535f2aee1c79dafc1
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
d71b75f37cbaa198fcac72013ceb2a2fe5b68c89902dbcf4b52ae28812cb9268
d8bcfc64013a54bfb15aa7821415afaf7165eb92377fb61da7d394fcf12c5954
db82799b308e1b9ddcac749a394a0372a765cdbc8c6263162707c0ffaaecee80
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eb2697b60c526a1d4980e0874700e7c2b4f43bb9292770f71bb4bb972506e415
f01f5caffd5265d33a27f57cf9b75b9c9a4cd22fbcc1273ec15cecb14cad00ae
f810f4ab282ff43f9dad960694f481ea66044622832d1c6646fb159fa0536578
f9e777fbb8118750212fe178fcac76e172e52285b16dd4e49d7b35459bddb317
fb939841d13e09b436c2584ae3c62f644c3ac612fd5173cb6f46fc075637164e
fe20c8e0becadb7cca8baff387ef47456631b7f72d5674f72ed416a224b7a3e4