urlscan.io logo urlscan.io
SecurityTrails logo

l0gin-robinhood.secure.ujikdrgy.com Open in urlscan Pro
146.190.37.9  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://ofmworcester.com/account
Effective URL: https://l0gin-robinhood.secure.ujikdrgy.com/signin/e79e3da0e79c0b59bfc8e4aac8a40fc35ef6c744295348c2d3eae68a
Submission: On February 19 via manual from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 3 domains to perform 7 HTTP transactions. The main IP is 146.190.37.9, located in Santa Clara, United States and belongs to DIGITALOCEAN-ASN, US. The main domain is l0gin-robinhood.secure.ujikdrgy.com.
TLS certificate: Issued by R3 on February 18th 2024. Valid for: 3 months.
This is the only time l0gin-robinhood.secure.ujikdrgy.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Robinhood (Financial)

Community Verdicts: Malicious1 votes Show Verdicts

Domain & IP information

IP Address AS Autonomous System
2 2 192.185.158.183 19871 (NETWORK-S...)
1 6 146.190.37.9 14061 (DIGITALOC...)
2 18.66.97.126 16509 (AMAZON-02)
7 2
Apex Domain
Subdomains		 Transfer
6 ujikdrgy.com
l0gin-robinhood.secure.ujikdrgy.com
198 KB
2 robinhood.com
cdn.robinhood.com — Cisco Umbrella Rank: 19132
758 KB
2 ofmworcester.com
ofmworcester.com
655 B
7 3
Domain Requested by
6 l0gin-robinhood.secure.ujikdrgy.com 1 redirects l0gin-robinhood.secure.ujikdrgy.com
2 cdn.robinhood.com l0gin-robinhood.secure.ujikdrgy.com
2 ofmworcester.com 2 redirects
7 3

This site contains no links.

Subject Issuer Validity Valid
l0gin-robinhood.secure.ujikdrgy.com
R3		 2024-02-18 -
2024-05-18		 3 months crt.sh
*.robinhood.com
DigiCert TLS RSA SHA256 2020 CA1		 2024-01-18 -
2025-02-17		 a year crt.sh

This page contains 1 frames:

Primary Page: https://l0gin-robinhood.secure.ujikdrgy.com/signin/e79e3da0e79c0b59bfc8e4aac8a40fc35ef6c744295348c2d3eae68a
Frame ID: DE8C97FBBC97421AD903A9A46F2F78A2
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Log In | Robinhood

Page URL History Show full URLs

  1. http://ofmworcester.com/account HTTP 301
    http://ofmworcester.com/account/ HTTP 302
    https://l0gin-robinhood.secure.ujikdrgy.com/?vverify HTTP 307
    https://l0gin-robinhood.secure.ujikdrgy.com/signin/e79e3da0e79c0b59bfc8e4aac8a40fc35ef6c744295348c2d3eae68a Page URL

Page Statistics

7
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

2
IPs

1
Countries

955 kB
Transfer

983 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://ofmworcester.com/account HTTP 301
    http://ofmworcester.com/account/ HTTP 302
    https://l0gin-robinhood.secure.ujikdrgy.com/?vverify HTTP 307
    https://l0gin-robinhood.secure.ujikdrgy.com/signin/e79e3da0e79c0b59bfc8e4aac8a40fc35ef6c744295348c2d3eae68a Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request e79e3da0e79c0b59bfc8e4aac8a40fc35ef6c744295348c2d3eae68a
l0gin-robinhood.secure.ujikdrgy.com/signin/
Redirect Chain
  • http://ofmworcester.com/account
  • http://ofmworcester.com/account/
  • https://l0gin-robinhood.secure.ujikdrgy.com/?vverify
  • https://l0gin-robinhood.secure.ujikdrgy.com/signin/e79e3da0e79c0b59bfc8e4aac8a40fc35ef6c744295348c2d3eae68a
35 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://l0gin-robinhood.secure.ujikdrgy.com/signin/e79e3da0e79c0b59bfc8e4aac8a40fc35ef6c744295348c2d3eae68a
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
146.190.37.9 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
Apache /
Resource Hash
f600dbccb6439abfdef94b161b95ac745172806ba512eb9085dc4bb482fcc9bc
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-store, no-cache, must-revalidate
Connection
Keep-Alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Mon, 19 Feb 2024 00:11:14 GMT
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive
timeout=5, max=99
Pragma
no-cache
Server
Apache
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-FRAME-OPTIONS
SAMEORIGIN

Redirect headers

Cache-Control
no-store, no-cache, must-revalidate
Connection
Keep-Alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Mon, 19 Feb 2024 00:11:14 GMT
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive
timeout=5, max=100
Location
https://l0gin-robinhood.secure.ujikdrgy.com/signin/e79e3da0e79c0b59bfc8e4aac8a40fc35ef6c744295348c2d3eae68a
Pragma
no-cache
Server
Apache
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-FRAME-OPTIONS
SAMEORIGIN
main.css
l0gin-robinhood.secure.ujikdrgy.com/NIGHTMARE/assets/css/ 		136 KB
137 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://l0gin-robinhood.secure.ujikdrgy.com/NIGHTMARE/assets/css/main.css
Requested by
Host: l0gin-robinhood.secure.ujikdrgy.com
URL: https://l0gin-robinhood.secure.ujikdrgy.com/signin/e79e3da0e79c0b59bfc8e4aac8a40fc35ef6c744295348c2d3eae68a
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
146.190.37.9 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
Apache /
Resource Hash
13e70f56eb9c1daaca4a4fb471496582aa773c82639f6e6fc93d2925fd8f7b60
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://l0gin-robinhood.secure.ujikdrgy.com/signin/e79e3da0e79c0b59bfc8e4aac8a40fc35ef6c744295348c2d3eae68a
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date
Mon, 19 Feb 2024 00:11:15 GMT
Last-Modified
Mon, 06 Mar 2023 17:55:47 GMT
Server
Apache
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
139670
632fcb3e7ed928b2a960f3e003d10b44.jpg
cdn.robinhood.com/assets/generated_assets/webapp/ 		378 KB
379 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.robinhood.com/assets/generated_assets/webapp/632fcb3e7ed928b2a960f3e003d10b44.jpg
Requested by
Host: l0gin-robinhood.secure.ujikdrgy.com
URL: https://l0gin-robinhood.secure.ujikdrgy.com/signin/e79e3da0e79c0b59bfc8e4aac8a40fc35ef6c744295348c2d3eae68a
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.97.126 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-97-126.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
01373b02ad74b5c99cc5abd66cc1acf1cc4fffc85a51a16212e6f40d0de3f126

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://l0gin-robinhood.secure.ujikdrgy.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Sun, 18 Feb 2024 18:52:55 GMT
x-amz-version-id
PoIhcChpT0cSJtwVGrPw9Ghq6AqCPYF_
via
1.1 cb4c4a25e4ef534686959996782c8476.cloudfront.net (CloudFront)
last-modified
Mon, 25 Apr 2022 23:37:31 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-P2
age
19100
etag
"cdfcb3cb965d71cf114d0aeb8f0a50cd"
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-type
image/jpeg
cache-control
public,max-age=2419200,immutable
accept-ranges
bytes
content-length
387068
x-amz-cf-id
kZnkJvCTUIoTy8EKhvmSB2oK-vq6E4GS3MZ0a897nZhnVujU2fVSwg==
632fcb3e7ed928b2a960f3e003d10b44.jpg
cdn.robinhood.com/assets/generated_assets/webapp/web-platform-prefetch-sdp/member/ 		378 KB
379 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.robinhood.com/assets/generated_assets/webapp/web-platform-prefetch-sdp/member/632fcb3e7ed928b2a960f3e003d10b44.jpg
Requested by
Host: l0gin-robinhood.secure.ujikdrgy.com
URL: https://l0gin-robinhood.secure.ujikdrgy.com/signin/e79e3da0e79c0b59bfc8e4aac8a40fc35ef6c744295348c2d3eae68a
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.97.126 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-97-126.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
01373b02ad74b5c99cc5abd66cc1acf1cc4fffc85a51a16212e6f40d0de3f126

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://l0gin-robinhood.secure.ujikdrgy.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Sun, 18 Feb 2024 18:52:55 GMT
x-amz-version-id
8INWXEadNYmHgBZkdxgGT_EoGR0b1QV2
via
1.1 cb4c4a25e4ef534686959996782c8476.cloudfront.net (CloudFront)
last-modified
Fri, 21 Oct 2022 22:27:06 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-P2
age
19100
etag
"cdfcb3cb965d71cf114d0aeb8f0a50cd"
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-type
image/jpeg
cache-control
public,max-age=31536000,immutable
accept-ranges
bytes
content-length
387068
x-amz-cf-id
7RCESkG1PEhU6qPnvakd2Ir2vQi6aJeAhjzLCZCZFOQftwbIM3KxwQ==
8b42e3fc6d1d161d6fbd7487babe6cfe.woff2
l0gin-robinhood.secure.ujikdrgy.com/NIGHTMARE/assets/fonts/ 		19 KB
19 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://l0gin-robinhood.secure.ujikdrgy.com/NIGHTMARE/assets/fonts/8b42e3fc6d1d161d6fbd7487babe6cfe.woff2
Requested by
Host: l0gin-robinhood.secure.ujikdrgy.com
URL: https://l0gin-robinhood.secure.ujikdrgy.com/NIGHTMARE/assets/css/main.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
146.190.37.9 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
Apache /
Resource Hash
d6e0f9a85b076741a771ec8574c1278fb65fe34160e73bd8beffa2f927831302
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://l0gin-robinhood.secure.ujikdrgy.com/NIGHTMARE/assets/css/main.css
Origin
https://l0gin-robinhood.secure.ujikdrgy.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date
Mon, 19 Feb 2024 00:11:15 GMT
Last-Modified
Mon, 06 Mar 2023 17:52:03 GMT
Server
Apache
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
font/woff2
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=97
Content-Length
18968
ece4dfe7c8753c6ed9e4ede8ad811074.woff2
l0gin-robinhood.secure.ujikdrgy.com/NIGHTMARE/assets/fonts/ 		19 KB
19 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://l0gin-robinhood.secure.ujikdrgy.com/NIGHTMARE/assets/fonts/ece4dfe7c8753c6ed9e4ede8ad811074.woff2
Requested by
Host: l0gin-robinhood.secure.ujikdrgy.com
URL: https://l0gin-robinhood.secure.ujikdrgy.com/NIGHTMARE/assets/css/main.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
146.190.37.9 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
Apache /
Resource Hash
6573ba5ca76b29d5ffe83d94b27a4a8a09c8d5c8d5f2ca0719aaeef6856042d8
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://l0gin-robinhood.secure.ujikdrgy.com/NIGHTMARE/assets/css/main.css
Origin
https://l0gin-robinhood.secure.ujikdrgy.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date
Mon, 19 Feb 2024 00:11:15 GMT
Last-Modified
Mon, 06 Mar 2023 17:52:05 GMT
Server
Apache
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
font/woff2
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=96
Content-Length
19072
f31b2ecb2f8e039d53bd75d5314229c7.woff2
l0gin-robinhood.secure.ujikdrgy.com/NIGHTMARE/assets/fonts/ 		18 KB
19 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://l0gin-robinhood.secure.ujikdrgy.com/NIGHTMARE/assets/fonts/f31b2ecb2f8e039d53bd75d5314229c7.woff2
Requested by
Host: l0gin-robinhood.secure.ujikdrgy.com
URL: https://l0gin-robinhood.secure.ujikdrgy.com/NIGHTMARE/assets/css/main.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
146.190.37.9 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
Apache /
Resource Hash
0ef7c688bd1385a7df6941a13f3b4e980cd2f90f01b9268c9bb3e95394eec486
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://l0gin-robinhood.secure.ujikdrgy.com/NIGHTMARE/assets/css/main.css
Origin
https://l0gin-robinhood.secure.ujikdrgy.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date
Mon, 19 Feb 2024 00:11:16 GMT
Last-Modified
Mon, 06 Mar 2023 17:52:01 GMT
Server
Apache
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
font/woff2
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
18804

Verdicts & Comments Add Verdict or Comment

Malicious page.url
Submitted on February 19th 2024, 12:12:26 am UTC — From United States

Threats: Phishing Brand Impersonation
Brands: Robinhood US
Comment: This is a scam website impersonating Robinhood, do not give your user credentials.

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Robinhood (Financial)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Domain/Path Name / Value
l0gin-robinhood.secure.ujikdrgy.com/ Name: PHPSESSID
Value: 7e4c3b266c805bafdde3cfb2696eae04

1 Console Messages

Source Level URL
Text
javascript warning URL: https://l0gin-robinhood.secure.ujikdrgy.com/signin/e79e3da0e79c0b59bfc8e4aac8a40fc35ef6c744295348c2d3eae68a
Message:
The resource https://cdn.robinhood.com/assets/generated_assets/webapp/632fcb3e7ed928b2a960f3e003d10b44.jpg was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Frame-Options SAMEORIGIN