ofion.com.ua
Open in
urlscan Pro
2a06:6440:0:2d62::1
Malicious Activity!
Public Scan
Effective URL: https://ofion.com.ua/admin/controller/module/Kassitta/44e50d6b66fba750c967c2977131f004/home.php?id=2001:ac8:20:3c00:1...
Submission Tags: falconsandbox
Submission: On August 16 via api from US — Scanned from DE
Summary
TLS certificate: Issued by R3 on July 19th 2022. Valid for: 3 months.
This is the only time ofion.com.ua was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Spotify (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 7 | 2a06:6440:0:2... 2a06:6440:0:2d62::1 | 200000 (UKRAINE-AS) (UKRAINE-AS) | |
5 | 1 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
ofion.com.ua
2 redirects
ofion.com.ua |
171 KB |
5 | 1 |
Domain | Requested by | |
---|---|---|
7 | ofion.com.ua |
2 redirects
ofion.com.ua
|
5 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.ofion.com.ua R3 |
2022-07-19 - 2022-10-17 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://ofion.com.ua/admin/controller/module/Kassitta/44e50d6b66fba750c967c2977131f004/home.php?id=2001:ac8:20:3c00:1011:8d39:1cb8:f240
Frame ID: 6AB45C5D731C6CB079E1C754FD9C8338
Requests: 5 HTTP requests in this frame
Screenshot
Page Title
Account ID 704-852-917-371Page URL History Show full URLs
-
https://ofion.com.ua/admin/controller/module/Kassitta/
HTTP 302
https://ofion.com.ua/admin/controller/module/Kassitta/44e50d6b66fba750c967c2977131f004/?6f66696f6... HTTP 302
https://ofion.com.ua/admin/controller/module/Kassitta/44e50d6b66fba750c967c2977131f004/home.php?i... Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://ofion.com.ua/admin/controller/module/Kassitta/
HTTP 302
https://ofion.com.ua/admin/controller/module/Kassitta/44e50d6b66fba750c967c2977131f004/?6f66696f6e2e636f6d2e7561 HTTP 302
https://ofion.com.ua/admin/controller/module/Kassitta/44e50d6b66fba750c967c2977131f004/home.php?id=2001:ac8:20:3c00:1011:8d39:1cb8:f240 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
5 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
home.php
ofion.com.ua/admin/controller/module/Kassitta/44e50d6b66fba750c967c2977131f004/ Redirect Chain
|
5 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
A.index.css.pagespeed.cf.FNFlGElUUI.css
ofion.com.ua/admin/controller/module/Kassitta/44e50d6b66fba750c967c2977131f004/_data_/ |
2 KB 890 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
139x42xlogo.png.pagespeed.ic.-0U7ALQjEH.png
ofion.com.ua/admin/controller/module/Kassitta/44e50d6b66fba750c967c2977131f004/_data_/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
xindex.jpg.pagespeed.ic.g_ujS_HT--.jpg
ofion.com.ua/admin/controller/module/Kassitta/44e50d6b66fba750c967c2977131f004/_data_/ |
163 KB 164 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
ngx_pagespeed_beacon
ofion.com.ua/ |
0 91 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Spotify (Online)9 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation object| pagespeed0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ofion.com.ua
2a06:6440:0:2d62::1
3e186871d8b11d4b6e7410b803061be4707f651e2885f5225669866d9803be0b
53d5f526b0cc87e3f91461f5cb7d4ef0f86637cf76c985af699cb304dc3be622
827b8ce726edee30d2180ba1dcbd0684b25739c9db6ad73122d8a4ec636cdc13
cdceb8b7bdf517b2700f3fb19f20b81f48eb0e09861a26ef0fc77adcfa74197d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855