ofion.com.ua Open in urlscan Pro
2a06:6440:0:2d62::1  Malicious Activity! Public Scan

Submitted URL: https://ofion.com.ua/admin/controller/module/Kassitta/
Effective URL: https://ofion.com.ua/admin/controller/module/Kassitta/44e50d6b66fba750c967c2977131f004/home.php?id=2001:ac8:20:3c00:1...
Submission Tags: falconsandbox
Submission: On August 16 via api from US — Scanned from DE

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 5 HTTP transactions. The main IP is 2a06:6440:0:2d62::1, located in Ukraine and belongs to UKRAINE-AS, UA. The main domain is ofion.com.ua.
TLS certificate: Issued by R3 on July 19th 2022. Valid for: 3 months.
This is the only time ofion.com.ua was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Spotify (Online)

Domain & IP information

IP Address AS Autonomous System
2 7 2a06:6440:0:2... 200000 (UKRAINE-AS)
5 1
Apex Domain
Subdomains
Transfer
7 ofion.com.ua
ofion.com.ua
171 KB
5 1
Domain Requested by
7 ofion.com.ua 2 redirects ofion.com.ua
5 1

This site contains no links.

Subject Issuer Validity Valid
www.ofion.com.ua
R3
2022-07-19 -
2022-10-17
3 months crt.sh

This page contains 1 frames:

Primary Page: https://ofion.com.ua/admin/controller/module/Kassitta/44e50d6b66fba750c967c2977131f004/home.php?id=2001:ac8:20:3c00:1011:8d39:1cb8:f240
Frame ID: 6AB45C5D731C6CB079E1C754FD9C8338
Requests: 5 HTTP requests in this frame

Screenshot

Page Title

Account ID 704-852-917-371

Page URL History Show full URLs

  1. https://ofion.com.ua/admin/controller/module/Kassitta/ HTTP 302
    https://ofion.com.ua/admin/controller/module/Kassitta/44e50d6b66fba750c967c2977131f004/?6f66696f6... HTTP 302
    https://ofion.com.ua/admin/controller/module/Kassitta/44e50d6b66fba750c967c2977131f004/home.php?i... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)

Page Statistics

5
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

171 kB
Transfer

174 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://ofion.com.ua/admin/controller/module/Kassitta/ HTTP 302
    https://ofion.com.ua/admin/controller/module/Kassitta/44e50d6b66fba750c967c2977131f004/?6f66696f6e2e636f6d2e7561 HTTP 302
    https://ofion.com.ua/admin/controller/module/Kassitta/44e50d6b66fba750c967c2977131f004/home.php?id=2001:ac8:20:3c00:1011:8d39:1cb8:f240 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request home.php
ofion.com.ua/admin/controller/module/Kassitta/44e50d6b66fba750c967c2977131f004/
Redirect Chain
  • https://ofion.com.ua/admin/controller/module/Kassitta/
  • https://ofion.com.ua/admin/controller/module/Kassitta/44e50d6b66fba750c967c2977131f004/?6f66696f6e2e636f6d2e7561
  • https://ofion.com.ua/admin/controller/module/Kassitta/44e50d6b66fba750c967c2977131f004/home.php?id=2001:ac8:20:3c00:1011:8d39:1cb8:f240
5 KB
2 KB
Document
General
Full URL
https://ofion.com.ua/admin/controller/module/Kassitta/44e50d6b66fba750c967c2977131f004/home.php?id=2001:ac8:20:3c00:1011:8d39:1cb8:f240
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a06:6440:0:2d62::1 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS
Software
nginx /
Resource Hash
53d5f526b0cc87e3f91461f5cb7d4ef0f86637cf76c985af699cb304dc3be622

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
max-age=0, no-cache
content-encoding
br
content-type
text/html; charset=UTF-8
date
Tue, 16 Aug 2022 10:56:04 GMT
server
nginx
x-page-speed
on
x-ray
p988:0.030/wn25401:0.020/wa25401:D=23126

Redirect headers

cache-control
max-age=0, no-cache
content-type
text/html; charset=UTF-8
date
Tue, 16 Aug 2022 10:56:03 GMT
location
home.php?id=2001:ac8:20:3c00:1011:8d39:1cb8:f240
server
nginx
x-page-speed
on
x-ray
p988:1.119/wn25401:1.120/wa25401:D=1119817
A.index.css.pagespeed.cf.FNFlGElUUI.css
ofion.com.ua/admin/controller/module/Kassitta/44e50d6b66fba750c967c2977131f004/_data_/
2 KB
890 B
Stylesheet
General
Full URL
https://ofion.com.ua/admin/controller/module/Kassitta/44e50d6b66fba750c967c2977131f004/_data_/A.index.css.pagespeed.cf.FNFlGElUUI.css
Requested by
Host: ofion.com.ua
URL: https://ofion.com.ua/admin/controller/module/Kassitta/44e50d6b66fba750c967c2977131f004/home.php?id=2001:ac8:20:3c00:1011:8d39:1cb8:f240
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a06:6440:0:2d62::1 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS
Software
nginx /
Resource Hash
cdceb8b7bdf517b2700f3fb19f20b81f48eb0e09861a26ef0fc77adcfa74197d
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ofion.com.ua/admin/controller/module/Kassitta/44e50d6b66fba750c967c2977131f004/home.php?id=2001:ac8:20:3c00:1011:8d39:1cb8:f240
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-page-speed
on
x-ray
p988:0.001/p988:0.000/wn25401:0.000/
content-encoding
gzip
x-content-type-options
nosniff
x-original-content-length
2216
server
nginx
date
Tue, 16 Aug 2022 10:56:04 GMT
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=300,private
last-modified
Tue, 16 Aug 2022 07:05:34 GMT
accept-ranges
bytes
content-length
560
expires
Tue, 16 Aug 2022 07:10:34 GMT
139x42xlogo.png.pagespeed.ic.-0U7ALQjEH.png
ofion.com.ua/admin/controller/module/Kassitta/44e50d6b66fba750c967c2977131f004/_data_/
3 KB
4 KB
Image
General
Full URL
https://ofion.com.ua/admin/controller/module/Kassitta/44e50d6b66fba750c967c2977131f004/_data_/139x42xlogo.png.pagespeed.ic.-0U7ALQjEH.png
Requested by
Host: ofion.com.ua
URL: https://ofion.com.ua/admin/controller/module/Kassitta/44e50d6b66fba750c967c2977131f004/home.php?id=2001:ac8:20:3c00:1011:8d39:1cb8:f240
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a06:6440:0:2d62::1 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS
Software
nginx /
Resource Hash
3e186871d8b11d4b6e7410b803061be4707f651e2885f5225669866d9803be0b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ofion.com.ua/admin/controller/module/Kassitta/44e50d6b66fba750c967c2977131f004/home.php?id=2001:ac8:20:3c00:1011:8d39:1cb8:f240
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-page-speed
on
x-ray
p988:0.001/p988:0.000/wn25401:0.000/
x-original-content-length
28915
server
nginx
etag
W/"0"
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=31536000
date
Tue, 16 Aug 2022 10:56:04 GMT
last-modified
Tue, 16 Aug 2022 07:12:02 GMT
accept-ranges
bytes
link
<https://ofion.com.ua/admin/controller/module/Kassitta/44e50d6b66fba750c967c2977131f004/_data_/logo.png>; rel="canonical"
content-length
3577
expires
Wed, 16 Aug 2023 07:12:02 GMT
xindex.jpg.pagespeed.ic.g_ujS_HT--.jpg
ofion.com.ua/admin/controller/module/Kassitta/44e50d6b66fba750c967c2977131f004/_data_/
163 KB
164 KB
Image
General
Full URL
https://ofion.com.ua/admin/controller/module/Kassitta/44e50d6b66fba750c967c2977131f004/_data_/xindex.jpg.pagespeed.ic.g_ujS_HT--.jpg
Requested by
Host: ofion.com.ua
URL: https://ofion.com.ua/admin/controller/module/Kassitta/44e50d6b66fba750c967c2977131f004/_data_/A.index.css.pagespeed.cf.FNFlGElUUI.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a06:6440:0:2d62::1 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS
Software
nginx /
Resource Hash
827b8ce726edee30d2180ba1dcbd0684b25739c9db6ad73122d8a4ec636cdc13
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ofion.com.ua/admin/controller/module/Kassitta/44e50d6b66fba750c967c2977131f004/_data_/A.index.css.pagespeed.cf.FNFlGElUUI.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-page-speed
on
x-ray
p988:0.016/p988:0.000/wn25401:0.000/
x-content-type-options
nosniff
last-modified
Sun, 27 Jun 2021 20:53:22 GMT
server
nginx
date
Tue, 16 Aug 2022 10:56:04 GMT
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=300,private
accept-ranges
bytes
link
<https://ofion.com.ua/admin/controller/module/Kassitta/44e50d6b66fba750c967c2977131f004/_data_/index.jpg>; rel="canonical"
content-length
167158
expires
Tue, 16 Aug 2022 11:01:04 GMT
ngx_pagespeed_beacon
ofion.com.ua/
0
91 B
XHR
General
Full URL
https://ofion.com.ua/ngx_pagespeed_beacon?url=https%3A%2F%2Fofion.com.ua%2Fadmin%2Fcontroller%2Fmodule%2FKassitta%2F44e50d6b66fba750c967c2977131f004%2Fhome.php%3Fid%3D2001%3Aac8%3A20%3A3c00%3A1011%3A8d39%3A1cb8%3Af240
Requested by
Host: ofion.com.ua
URL: https://ofion.com.ua/admin/controller/module/Kassitta/44e50d6b66fba750c967c2977131f004/home.php?id=2001:ac8:20:3c00:1011:8d39:1cb8:f240
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a06:6440:0:2d62::1 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ofion.com.ua/admin/controller/module/Kassitta/44e50d6b66fba750c967c2977131f004/home.php?id=2001:ac8:20:3c00:1011:8d39:1cb8:f240
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

x-ray
p988:0.001/wn25401:0.000/
cache-control
max-age=0, no-cache
server
nginx
date
Tue, 16 Aug 2022 10:56:04 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Spotify (Online)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation object| pagespeed

0 Cookies