ogfdrg.xyz Open in urlscan Pro
8.211.199.185 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://bit.ly/3Ajr9t5?biJ=W1LTLHIwve
Effective URL:
https://ogfdrg.xyz/K9klIH225Z/
Submission: On November 01 via manual (November 1st 2024, 1:11:20 pm UTC) from US — Scanned from US

Summary HTTP 14 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 14 HTTP transactions. The main IP is 8.211.199.185, located in London, United Kingdom and belongs to ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN. The main domain is ogfdrg.xyz.
TLS certificate: Issued by R10 on October 30th 2024. Valid for: 3 months.

This is the only time ogfdrg.xyz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: USPS (Transportation)

Domain & IP information

	IP Address	AS Autonomous System
1 1	67.199.248.10 67.199.248.10	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 8	8.211.199.185 8.211.199.185	45102 (ALIBABA-C...) (ALIBABA-CN-NET Alibaba US Technology Co.)
14	2

1 67.199.248.10 (United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: bit.ly

bit.ly	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 8.211.199.185 (London, United Kingdom) 1 redirects

ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN)

ogfdrg.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	ogfdrg.xyz 1 redirects ogfdrg.xyz	216 KB
1	bit.ly 1 redirects bit.ly — Cisco Umbrella Rank: 7196	377 B
14	2

	Domain	Requested by
8	ogfdrg.xyz	1 redirects ogfdrg.xyz
1	bit.ly	1 redirects
14	2

This site contains no links.

Subject Issuer	Validity	Valid
ogfdrg.xyz R10	`2024-10-30` - `2025-01-28`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://ogfdrg.xyz/K9klIH225Z/
Frame ID: E3AEC398C007063F0C5DD79B7DBAB2F2
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://bit.ly/3Ajr9t5?biJ=W1LTLHIwve HTTP 301
https://ogfdrg.xyz/K9klIH225Z HTTP 301
https://ogfdrg.xyz/K9klIH225Z/ Page URL

Page Statistics

14
Requests

50 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

216 kB
Transfer

651 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://bit.ly/3Ajr9t5?biJ=W1LTLHIwve HTTP 301
https://ogfdrg.xyz/K9klIH225Z HTTP 301
https://ogfdrg.xyz/K9klIH225Z/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response ogfdrg.xyz/K9klIH225Z/ Redirect Chain https://bit.ly/3Ajr9t5?biJ=W1LTLHIwve https://ogfdrg.xyz/K9klIH225Z https://ogfdrg.xyz/K9klIH225Z/	2 KB 1 KB	4462ms 4461ms	Document text/html	8.211.199.185 ALIBABA-CN-NET Al...
General Check archive.org Show headers Download Go to Full URL https://ogfdrg.xyz/K9klIH225Z/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 8.211.199.185 London, United Kingdom, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN), Reverse DNS Software nginx/1.24.0 / Resource Hash `3cc1badaf474652682b537310b01a6934dcf7c3a52352746a9e492558007b950` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Response headers Access-Control-Allow-Origin * Cache-Control public, max-age=86400 Connection keep-alive Content-Encoding gzip Content-Type text/html; charset=utf-8 Date Fri, 01 Nov 2024 13:11:08 GMT ETag W/"666-190b57e26f0" Last-Modified Mon, 15 Jul 2024 08:24:22 GMT Server nginx/1.24.0 Transfer-Encoding chunked Vary Accept-Encoding Redirect headers Access-Control-Allow-Origin * Connection keep-alive Content-Length 80 Content-Type text/html; charset=utf-8 Date Fri, 01 Nov 2024 13:11:03 GMT Location /K9klIH225Z/ Server nginx/1.24.0 Vary Accept
GET H/1.1	200 OK	index-4b020bd6.js Show response ogfdrg.xyz/K9klIH225Z/assets/	493 KB 146 KB	1993ms 1992ms	Script application/javascript	8.211.199.185 ALIBABA-CN-NET Al...
General Check archive.org Show headers Download Go to Full URL https://ogfdrg.xyz/K9klIH225Z/assets/index-4b020bd6.js Requested by Host: ogfdrg.xyz URL: https://ogfdrg.xyz/K9klIH225Z/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 8.211.199.185 London, United Kingdom, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN), Reverse DNS Software nginx/1.24.0 / Resource Hash `095aa68b6e8bb9648b91b009821b31a81c9ca7f849b069547406b206dbb0f3fd` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Origin https://ogfdrg.xyz Referer https://ogfdrg.xyz/K9klIH225Z/ Response headers Transfer-Encoding chunked Cache-Control public, max-age=86400 Content-Encoding gzip ETag W/"7b48a-190b57e3e60" Connection keep-alive Access-Control-Allow-Origin * Date Fri, 01 Nov 2024 13:11:10 GMT Content-Type application/javascript; charset=utf-8 Vary Accept-Encoding Server nginx/1.24.0 Last-Modified Mon, 15 Jul 2024 08:24:28 GMT
GET H/1.1	200 OK	f6170fbbTeKnX.css ogfdrg.xyz/K9klIH225Z/assets/	952 B 1 KB	6134ms 912ms	Stylesheet text/css	8.211.199.185 ALIBABA-CN-NET Al...
General Check archive.org Show headers Download Go to Full URL https://ogfdrg.xyz/K9klIH225Z/assets/f6170fbbTeKnX.css Requested by Host: ogfdrg.xyz URL: https://ogfdrg.xyz/K9klIH225Z/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 8.211.199.185 London, United Kingdom, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN), Reverse DNS Software nginx/1.24.0 / Resource Hash `f6170fbbee0af98d737510b5689b31d78cf4e9a152590e594175b79212210911` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://ogfdrg.xyz/K9klIH225Z/ Response headers Cache-Control public, max-age=86400 ETag W/"3b8-190b57e26f0" Connection keep-alive Accept-Ranges bytes Access-Control-Allow-Origin * Content-Length 952 Date Fri, 01 Nov 2024 13:11:14 GMT Content-Type text/css; charset=utf-8 Last-Modified Mon, 15 Jul 2024 08:24:22 GMT Server nginx/1.24.0
GET H/1.1	200 OK	143268e9KXMp5.js Show response ogfdrg.xyz/K9klIH225Z/assets/	4 KB 2 KB	724ms 723ms	Script application/javascript	8.211.199.185 ALIBABA-CN-NET Al...
General Check archive.org Show headers Download Go to Full URL https://ogfdrg.xyz/K9klIH225Z/assets/143268e9KXMp5.js Requested by Host: ogfdrg.xyz URL: https://ogfdrg.xyz/K9klIH225Z/assets/index-4b020bd6.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 8.211.199.185 London, United Kingdom, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN), Reverse DNS Software nginx/1.24.0 / Resource Hash `4514ae0c3264d12e735d0c5d2a2d633606d32be84d1ba8b6c8b5514a99fcaf5a` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Origin https://ogfdrg.xyz Referer Response headers Transfer-Encoding chunked Cache-Control public, max-age=86400 Content-Encoding gzip ETag W/"11c0-190b57e26f0" Connection keep-alive Access-Control-Allow-Origin * Date Fri, 01 Nov 2024 13:11:15 GMT Content-Type application/javascript; charset=utf-8 Vary Accept-Encoding Server nginx/1.24.0 Last-Modified Mon, 15 Jul 2024 08:24:22 GMT
GET H/1.1	200 OK	f0ee2557KXMp5.js Show response ogfdrg.xyz/K9klIH225Z/assets/	52 KB 17 KB	1653ms 927ms	Script application/javascript	8.211.199.185 ALIBABA-CN-NET Al...
General Check archive.org Show headers Download Go to Full URL https://ogfdrg.xyz/K9klIH225Z/assets/f0ee2557KXMp5.js Requested by Host: ogfdrg.xyz URL: https://ogfdrg.xyz/K9klIH225Z/assets/index-4b020bd6.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 8.211.199.185 London, United Kingdom, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN), Reverse DNS Software nginx/1.24.0 / Resource Hash `ca68702aa3ea8779f34864cc6285bce454103a111c1255cbf22c9e8dd3292aa5` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Origin https://ogfdrg.xyz Referer Response headers Transfer-Encoding chunked Cache-Control public, max-age=86400 Content-Encoding gzip ETag W/"d0c2-190b57e3690" Connection keep-alive Access-Control-Allow-Origin * Date Fri, 01 Nov 2024 13:11:16 GMT Content-Type application/javascript; charset=utf-8 Vary Accept-Encoding Server nginx/1.24.0 Last-Modified Mon, 15 Jul 2024 08:24:26 GMT
GET H/1.1	200 OK	favicon.ico ogfdrg.xyz/	31 KB 32 KB	2764ms 1142ms	Other image/vnd.microsoft.icon	8.211.199.185 ALIBABA-CN-NET Al...
General Check archive.org Show headers Download Go to Full URL https://ogfdrg.xyz/favicon.ico Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 8.211.199.185 London, United Kingdom, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN), Reverse DNS Software nginx/1.24.0 / Resource Hash `67fbe8ef9020e5c776aadf6801a1fef8dc563e2e4dc9ddc740af8010c0c38943` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://ogfdrg.xyz/K9klIH225Z/ Response headers Cache-Control public, max-age=86400 ETag W/"7d26-190b57e07b0" Connection keep-alive Accept-Ranges bytes Access-Control-Allow-Origin * Content-Length 32038 Date Fri, 01 Nov 2024 13:11:17 GMT Content-Type image/vnd.microsoft.icon Last-Modified Mon, 15 Jul 2024 08:24:14 GMT Server nginx/1.24.0
GET		78d59236KXMp5.js ogfdrg.xyz/K9klIH225Z/assets/	0 0

GET		09bf01f8KXMp5.js ogfdrg.xyz/K9klIH225Z/assets/	0 0

GET		7357514cKXMp5.js ogfdrg.xyz/K9klIH225Z/assets/	0 0

GET		62ff200fKXMp5.js ogfdrg.xyz/K9klIH225Z/assets/	0 0

GET		c27b6911KXMp5.js ogfdrg.xyz/K9klIH225Z/assets/	0 0

GET H/1.1	200 OK	667bf194TeKnX.css ogfdrg.xyz/K9klIH225Z/assets/	67 KB 17 KB	2267ms 1133ms	Stylesheet text/css	8.211.199.185 ALIBABA-CN-NET Al...
General Check archive.org Show headers Download Go to Full URL https://ogfdrg.xyz/K9klIH225Z/assets/667bf194TeKnX.css Requested by Host: ogfdrg.xyz URL: https://ogfdrg.xyz/K9klIH225Z/assets/index-4b020bd6.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 8.211.199.185 London, United Kingdom, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN), Reverse DNS Software nginx/1.24.0 / Resource Hash `667bf1945b650a844809244ac70ae2fefa171302da25745dffb728a9d5124e4f` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://ogfdrg.xyz/K9klIH225Z/ Response headers Transfer-Encoding chunked Cache-Control public, max-age=86400 Content-Encoding gzip ETag W/"10d59-190b57e26f0" Connection keep-alive Access-Control-Allow-Origin * Date Fri, 01 Nov 2024 13:11:18 GMT Content-Type text/css; charset=utf-8 Vary Accept-Encoding Server nginx/1.24.0 Last-Modified Mon, 15 Jul 2024 08:24:22 GMT
GET		dc6d90ceKXMp5.js ogfdrg.xyz/K9klIH225Z/assets/	0 0

GET		4cd1ec68TeKnX.css ogfdrg.xyz/K9klIH225Z/assets/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: ogfdrg.xyz
URL: https://ogfdrg.xyz/K9klIH225Z/assets/78d59236KXMp5.js

Domain: ogfdrg.xyz
URL: https://ogfdrg.xyz/K9klIH225Z/assets/09bf01f8KXMp5.js

Domain: ogfdrg.xyz
URL: https://ogfdrg.xyz/K9klIH225Z/assets/7357514cKXMp5.js

Domain: ogfdrg.xyz
URL: https://ogfdrg.xyz/K9klIH225Z/assets/62ff200fKXMp5.js

Domain: ogfdrg.xyz
URL: https://ogfdrg.xyz/K9klIH225Z/assets/c27b6911KXMp5.js

Domain: ogfdrg.xyz
URL: https://ogfdrg.xyz/K9klIH225Z/assets/dc6d90ceKXMp5.js

Domain: ogfdrg.xyz
URL: https://ogfdrg.xyz/K9klIH225Z/assets/4cd1ec68TeKnX.css

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: USPS (Transportation)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| IMask boolean| __vite_is_modern_browser boolean| __VUE__

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.bit.ly/	1970-01-21 05:00:18	Name: _bit Value: oa1daO-6d499b7b5aa0a8a456-004

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bit.ly
ogfdrg.xyz
ogfdrg.xyz
67.199.248.10
8.211.199.185
095aa68b6e8bb9648b91b009821b31a81c9ca7f849b069547406b206dbb0f3fd
3cc1badaf474652682b537310b01a6934dcf7c3a52352746a9e492558007b950
4514ae0c3264d12e735d0c5d2a2d633606d32be84d1ba8b6c8b5514a99fcaf5a
667bf1945b650a844809244ac70ae2fefa171302da25745dffb728a9d5124e4f
67fbe8ef9020e5c776aadf6801a1fef8dc563e2e4dc9ddc740af8010c0c38943
ca68702aa3ea8779f34864cc6285bce454103a111c1255cbf22c9e8dd3292aa5
f6170fbbee0af98d737510b5689b31d78cf4e9a152590e594175b79212210911

ogfdrg.xyz Open in urlscan Pro 8.211.199.185 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

14 Requests

50 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

216 kBTransfer

651 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

1 Cookies

Indicators

ogfdrg.xyz Open in urlscan Pro
8.211.199.185 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

50 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

216 kB
Transfer

651 kB
Size

1
Cookies

14 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!