rkeaokodkucjixz.beaver2570.workers.dev Open in urlscan Pro
172.67.220.95 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://rkeaokodkucjixz.beaver2570.workers.dev/
Effective URL:
https://rkeaokodkucjixz.beaver2570.workers.dev/?bbre=ydljRFSKGJZbcXrHLUqThtg
Submission: On November 26 via api (November 26th 2024, 9:40:10 am UTC) from DE — Scanned from IT

Summary HTTP 13 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 2 countries across 4 domains to perform 13 HTTP transactions. The main IP is 172.67.220.95, located in United States and belongs to CLOUDFLARENET, US. The main domain is rkeaokodkucjixz.beaver2570.workers.dev.
TLS certificate: Issued by WE1 on November 14th 2024. Valid for: 3 months.

This is the only time rkeaokodkucjixz.beaver2570.workers.dev was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Cloudflare (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 7	172.67.220.95 172.67.220.95	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	172.67.167.114 172.67.167.114	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	199.36.158.100 199.36.158.100	54113 (FASTLY) (FASTLY)
1	104.17.246.203 104.17.246.203	13335 (CLOUDFLAR...) (CLOUDFLARENET)
13	5

7 172.67.220.95 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

rkeaokodkucjixz.beaver2570.workers.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.67.167.114 (United States)

ASN13335 (CLOUDFLARENET, US)

clrfkjzxwhifheutmubd.kute.pw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 199.36.158.100 (United States)

ASN54113 (FASTLY, US)

rullbullpullpushcndapp.web.app	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.17.246.203 (None, )

ASN13335 (CLOUDFLARENET, US)

unpkg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	workers.dev 1 redirects rkeaokodkucjixz.beaver2570.workers.dev	21 KB
3	web.app rullbullpullpushcndapp.web.app	39 KB
1	unpkg.com unpkg.com — Cisco Umbrella Rank: 740	14 KB
1	kute.pw clrfkjzxwhifheutmubd.kute.pw Failed	5 KB
13	4

	Domain	Requested by
7	rkeaokodkucjixz.beaver2570.workers.dev	1 redirects rkeaokodkucjixz.beaver2570.workers.dev
3	rullbullpullpushcndapp.web.app	clrfkjzxwhifheutmubd.kute.pw
1	unpkg.com	clrfkjzxwhifheutmubd.kute.pw
1	clrfkjzxwhifheutmubd.kute.pw	rkeaokodkucjixz.beaver2570.workers.dev
13	4

This site contains no links.

Subject Issuer	Validity	Valid
beaver2570.workers.dev WE1	`2024-11-14` - `2025-02-12`	3 months	crt.sh
kute.pw WE1	`2024-10-10` - `2025-01-08`	3 months	crt.sh
web.app WR4	`2024-09-25` - `2024-12-24`	3 months	crt.sh
unpkg.com WE1	`2024-11-23` - `2025-02-21`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://rkeaokodkucjixz.beaver2570.workers.dev/?bbre=ydljRFSKGJZbcXrHLUqThtg
Frame ID: 1E3A2AB67581DA9D583DC9349AC88FE3
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://rkeaokodkucjixz.beaver2570.workers.dev/ HTTP 307
https://rkeaokodkucjixz.beaver2570.workers.dev/ Page URL
https://rkeaokodkucjixz.beaver2570.workers.dev/?bbre=ydljRFSKGJZbcXrHLUqThtg Page URL
https://rkeaokodkucjixz.beaver2570.workers.dev/cdn-cgi/phish-bypass?atok=Z.OdyYXa2h0lPimS_qacZWi2P2JXcq1Us8kFBjMj61A-173261... HTTP 301
https://rkeaokodkucjixz.beaver2570.workers.dev/?bbre=ydljRFSKGJZbcXrHLUqThtg Page URL

Detected technologies

Axios (JavaScript libraries) Expand

Overall confidence: 100%
Detected patterns

/axios(@|/)([\d.]+)(?:/[a-z]+)?/axios(?:.min)?\.js

Page Statistics

13
Requests

85 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

5
IPs

2
Countries

78 kB
Transfer

567 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://rkeaokodkucjixz.beaver2570.workers.dev/ HTTP 307
https://rkeaokodkucjixz.beaver2570.workers.dev/ Page URL
https://rkeaokodkucjixz.beaver2570.workers.dev/?bbre=ydljRFSKGJZbcXrHLUqThtg Page URL
https://rkeaokodkucjixz.beaver2570.workers.dev/cdn-cgi/phish-bypass?atok=Z.OdyYXa2h0lPimS_qacZWi2P2JXcq1Us8kFBjMj61A-1732613989-0.0.1.1-%2F%3Fbbre%3DydljRFSKGJZbcXrHLUqThtg HTTP 301
https://rkeaokodkucjixz.beaver2570.workers.dev/?bbre=ydljRFSKGJZbcXrHLUqThtg Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://rkeaokodkucjixz.beaver2570.workers.dev/ HTTP 307
https://rkeaokodkucjixz.beaver2570.workers.dev/

13 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

/
rkeaokodkucjixz.beaver2570.workers.dev/
Redirect Chain

http://rkeaokodkucjixz.beaver2570.workers.dev/
https://rkeaokodkucjixz.beaver2570.workers.dev/

9 KB
4 KB

1423ms
196ms

Document
text/html

172.67.220.95
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://rkeaokodkucjixz.beaver2570.workers.dev/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.220.95 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cf-ray: 8e88e9d35eb99bd6-FRA
content-encoding: zstd
content-type: text/html;charset=UTF-8
date: Tue, 26 Nov 2024 09:39:48 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=E%2FJpQ3zo0%2BaC6I%2FJYKXwZxy9rUgInER9K%2FIaQopC%2BsX4GW%2FQsbh0OYhln8wmBzLES7WujbZtG2m3hZSlIp1kglYEnwXOsLdwMKMuuR5W2IoA6%2Fty25GpH8fYPDoo2RsNh62l6IdOVtdOxPVwMsQiV1ZyU37zG5GldQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
server-timing: cfL4;desc="?proto=TCP&rtt=32892&sent=8&recv=11&lost=0&retrans=0&sent_bytes=3952&recv_bytes=2337&delivery_rate=126398&cwnd=254&unsent_bytes=0&cid=7c057c5a3468a43c&ts=774&x=0"
vary: Accept-Encoding

Redirect headers

Cross-Origin-Resource-Policy: Cross-Origin
Location: https://rkeaokodkucjixz.beaver2570.workers.dev/
Non-Authoritative-Reason: HSTS

GET
H2 403 / Show response
rkeaokodkucjixz.beaver2570.workers.dev/ 4 KB
2 KB 242ms
137ms Document
text/html 172.67.220.95
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://rkeaokodkucjixz.beaver2570.workers.dev/?bbre=ydljRFSKGJZbcXrHLUqThtg

Requested by

Host: rkeaokodkucjixz.beaver2570.workers.dev
URL: https://rkeaokodkucjixz.beaver2570.workers.dev/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.67.220.95 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

57fc50561022ea4a34e4aba632fd399795275f2d83228ca592cee1afdaa166e8

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://rkeaokodkucjixz.beaver2570.workers.dev/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

cf-ray: 8e88e9dabfdf9bd6-FRA
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Tue, 26 Nov 2024 09:39:49 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dxgUPRZK7VO7gCm%2BAVSvkb8BINWapARkTk0SkcWAwManYIgwgyia0DBUr15qC2E4Qqzc89MuCXWsl4reVmvffqnwURtj7koLojJtnQQgkKMBsKjvJ%2BFx6%2F%2BxZCBhL9Bz7O7OqW0%2FClRzmp0e7FW%2B%2FkU1qQDQ0cbWMQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-frame-options: SAMEORIGIN

GET 660ee38483c5806333ee149f-6601787ee2f03f4870e09ca4.js
clrfkjzxwhifheutmubd.kute.pw/ 0
0

GET
H2 200 cf.errors.css
rkeaokodkucjixz.beaver2570.workers.dev/cdn-cgi/styles/ 23 KB
5 KB 115ms
69ms Stylesheet
text/css 172.67.220.95
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://rkeaokodkucjixz.beaver2570.workers.dev/cdn-cgi/styles/cf.errors.css

Requested by

Host: rkeaokodkucjixz.beaver2570.workers.dev
URL: https://rkeaokodkucjixz.beaver2570.workers.dev/?bbre=ydljRFSKGJZbcXrHLUqThtg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.67.220.95 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://rkeaokodkucjixz.beaver2570.workers.dev/?bbre=ydljRFSKGJZbcXrHLUqThtg

Response headers

vary: Accept-Encoding
cache-control: max-age=7200, public
content-encoding: gzip
etag: W/"6740aa36-5df3"
x-content-type-options: nosniff
cf-ray: 8e88e9e03eea9bd6-FRA
expires: Tue, 26 Nov 2024 11:39:50 GMT
date: Tue, 26 Nov 2024 09:39:50 GMT
content-type: text/css
last-modified: Fri, 22 Nov 2024 15:58:46 GMT
server: cloudflare
x-frame-options: DENY

GET
H2 200 icon-exclamation.png
rkeaokodkucjixz.beaver2570.workers.dev/cdn-cgi/images/ 452 B
540 B 104ms
104ms Image
image/png 172.67.220.95
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://rkeaokodkucjixz.beaver2570.workers.dev/cdn-cgi/images/icon-exclamation.png?1376755637

Requested by

Host: rkeaokodkucjixz.beaver2570.workers.dev
URL: https://rkeaokodkucjixz.beaver2570.workers.dev/cdn-cgi/styles/cf.errors.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.67.220.95 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://rkeaokodkucjixz.beaver2570.workers.dev/cdn-cgi/styles/cf.errors.css

Response headers

vary: Accept-Encoding
cache-control: max-age=7200, public
etag: "6740aa36-1c4"
x-content-type-options: nosniff
cf-ray: 8e88e9e0d8239bd6-FRA
expires: Tue, 26 Nov 2024 11:39:50 GMT
accept-ranges: bytes
content-length: 452
date: Tue, 26 Nov 2024 09:39:50 GMT
content-type: image/png
last-modified: Fri, 22 Nov 2024 15:58:46 GMT
server: cloudflare
x-frame-options: DENY

GET
H2 200 favicon.ico
rkeaokodkucjixz.beaver2570.workers.dev/ 9 KB
4 KB 103ms
99ms Other
text/html 172.67.220.95
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://rkeaokodkucjixz.beaver2570.workers.dev/favicon.ico
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.220.95 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 756982c06c46d848b602d7ee7469060ee5a306a71ff2474941fa7f969047fe35

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://rkeaokodkucjixz.beaver2570.workers.dev/?bbre=ydljRFSKGJZbcXrHLUqThtg

Response headers

nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: zstd
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RlK7cyXvxuNszjU4YDSSWCbGDGKvDnqGgm5fN27cWNuDxfgF8Ki4O8s9Ms6B9DNb49g4IY%2FBPl2nWG7NRU3BtAvkunJtUT2nsnLi4VbnE719rxvOuW1uHd5Cxh2OHBrls6rlFX9uMybVpLfms8uMOdSz45NHDVMUew%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8e88e9e41c619bd6-FRA
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=35881&sent=31&recv=27&lost=0&retrans=0&sent_bytes=16402&recv_bytes=2886&delivery_rate=325571&cwnd=257&unsent_bytes=0&cid=7c057c5a3468a43c&ts=3441&x=0"
date: Tue, 26 Nov 2024 09:39:51 GMT
content-type: text/html;charset=UTF-8
vary: Accept-Encoding
server: cloudflare

GET
H2

200

Primary Request / Show response
rkeaokodkucjixz.beaver2570.workers.dev/
Redirect Chain

https://rkeaokodkucjixz.beaver2570.workers.dev/cdn-cgi/phish-bypass?atok=Z.OdyYXa2h0lPimS_qacZWi2P2JXcq1Us8kFBjMj61A-1732613989-0.0.1.1-%2F%3Fbbre%3DydljRFSKGJZbcXrHLUqThtg
https://rkeaokodkucjixz.beaver2570.workers.dev/?bbre=ydljRFSKGJZbcXrHLUqThtg

9 KB
4 KB

88ms
87ms

Document
text/html

172.67.220.95
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://rkeaokodkucjixz.beaver2570.workers.dev/?bbre=ydljRFSKGJZbcXrHLUqThtg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.220.95 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 756982c06c46d848b602d7ee7469060ee5a306a71ff2474941fa7f969047fe35

Request headers

Referer: https://rkeaokodkucjixz.beaver2570.workers.dev/?bbre=ydljRFSKGJZbcXrHLUqThtg
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cf-ray: 8e88e9faec4a9bd6-FRA
content-encoding: zstd
content-type: text/html;charset=UTF-8
date: Tue, 26 Nov 2024 09:39:54 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IgSPzwszUga8wafhfp%2FVdP8ehrB3k3WPD6tf%2FmCur0aspJE0kOZ%2FhekZ0rjHyetvON98b%2FWIFiJINTsnyfcTRnvXsSM3Bm9fCTxN6ym14N765k8fkOI9WFY6P5myIX6eiXS1XPdDoasOjsKwmGr7PR6Gwr28tGZJtA%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
server-timing: cfL4;desc="?proto=TCP&rtt=33962&sent=42&recv=38&lost=0&retrans=0&sent_bytes=21488&recv_bytes=3229&delivery_rate=325571&cwnd=257&unsent_bytes=0&cid=7c057c5a3468a43c&ts=7091&x=0"
vary: Accept-Encoding

Redirect headers

cache-control: private, no-cache
cf-ray: 8e88e9fa5b7a9bd6-FRA
content-length: 167
content-type: text/html
date: Tue, 26 Nov 2024 09:39:54 GMT
location: https://rkeaokodkucjixz.beaver2570.workers.dev/?bbre=ydljRFSKGJZbcXrHLUqThtg
server: cloudflare
x-content-type-options: nosniff
x-frame-options: DENY

GET
H2 200 660ee38483c5806333ee149f-6601787ee2f03f4870e09ca4.js Show response
clrfkjzxwhifheutmubd.kute.pw/ 13 KB
5 KB 243ms
240ms Script
application/javascript 172.67.167.114
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://clrfkjzxwhifheutmubd.kute.pw/660ee38483c5806333ee149f-6601787ee2f03f4870e09ca4.js
Requested by: Host: rkeaokodkucjixz.beaver2570.workers.dev
URL: https://rkeaokodkucjixz.beaver2570.workers.dev/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.167.114 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 49d3926b4a0e815849d41ddd00fe68b6c7d34c0f707a698f6900ad75bb934cee

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://rkeaokodkucjixz.beaver2570.workers.dev/

Response headers

access-control-max-age: 1
content-encoding: gzip
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vt2yBhdkYKoDUUREnqaxRjil9Zfo0x3HuY7IuOf2fmt%2FUAyivs4Z9Y8V63lImMtAr5nV3B26ZyX2vMIoN6kY5ZJg1iZa%2BNfV0CrM6FPysrBIzJ%2BFbxvh1YqVsJV3NC4keGRUuWG%2FZdXMUULx5DrK"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: GET, POST, DELETE, PUT, PATCH, OPTIONS
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=31234&sent=7&recv=9&lost=0&retrans=0&sent_bytes=3897&recv_bytes=2227&delivery_rate=155624&cwnd=254&unsent_bytes=0&cid=7ca3663ebc2600cb&ts=5118&x=0"
date: Tue, 26 Nov 2024 09:39:55 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 26 Nov 2024 09:39:55 GMT
vary: Accept-Encoding
access-control-allow-headers: auth,authkey , authvalue, Authorization, User-Agent, Keep-Alive, Content-Type, X-Requested-With
x-cache-status: MISS
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
access-control-allow-credentials: true
cf-ray: 8e88e9fc2a69d356-FRA
accept-ranges: bytes
access-control-allow-origin: clrfkjzxwhifheutmubd.kute.pw
content-length: 4656
server: cloudflare

GET
H2 200 806a9210edd0cb7f6faf5f1682082e0enbr1712251779.css
rullbullpullpushcndapp.web.app/aghjtehrgdzxa/themes/css/ 1 KB
699 B 1124ms
205ms Stylesheet
text/css 199.36.158.100
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://rullbullpullpushcndapp.web.app/aghjtehrgdzxa/themes/css/806a9210edd0cb7f6faf5f1682082e0enbr1712251779.css

Requested by

Host: clrfkjzxwhifheutmubd.kute.pw
URL: https://clrfkjzxwhifheutmubd.kute.pw/660ee38483c5806333ee149f-6601787ee2f03f4870e09ca4.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.36.158.100 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

118f4d0a8c85bfbe5e7dfa3162e04e73c6fcda9cf1736b28f9472aa7e03ba2af

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://rkeaokodkucjixz.beaver2570.workers.dev/

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
cache-control: max-age=3600
content-encoding: br
etag: "2c2f42530360d92df6a9043afb8385defb5a11ba6299d3a885ecfdb3ce6e12e7-br"
x-timer: S1732613996.202584,VS0,VE131
accept-ranges: bytes
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache: MISS
content-length: 334
date: Tue, 26 Nov 2024 09:39:56 GMT
content-type: text/css; charset=utf-8
last-modified: Mon, 06 May 2024 16:50:03 GMT
x-served-by: cache-mxp6963-MXP
x-cache-hits: 0
vary: x-fh-requested-host, accept-encoding

GET
H2 200 198c5894a353910519e6098cc5e67ac2nbr1712251779.css
rullbullpullpushcndapp.web.app/aghjtehrgdzxa/themes/css/ 389 KB
20 KB 198ms
193ms Stylesheet
text/css 199.36.158.100
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://rullbullpullpushcndapp.web.app/aghjtehrgdzxa/themes/css/198c5894a353910519e6098cc5e67ac2nbr1712251779.css

Requested by

Host: clrfkjzxwhifheutmubd.kute.pw
URL: https://clrfkjzxwhifheutmubd.kute.pw/660ee38483c5806333ee149f-6601787ee2f03f4870e09ca4.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.36.158.100 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

5f46c05d5420d9284842a28fe0f7b85f4757cedd9ea1ab064f47029620f90882

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://rkeaokodkucjixz.beaver2570.workers.dev/

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
cache-control: max-age=3600
content-encoding: br
etag: "b0c5fe84295d8ba7552964986716fbc0dd467a64fab9e92e97d75c3c35c33670-br"
x-timer: S1732613997.554028,VS0,VE125
accept-ranges: bytes
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache: MISS
content-length: 20047
date: Tue, 26 Nov 2024 09:39:56 GMT
content-type: text/css; charset=utf-8
last-modified: Mon, 06 May 2024 16:50:03 GMT
x-served-by: cache-mxp6963-MXP
x-cache-hits: 0
vary: x-fh-requested-host, accept-encoding

GET
H2 200 axios.min.js Show response
unpkg.com/axios@0.16.1/dist/ 34 KB
14 KB 1118ms
181ms Script
application/javascript 104.17.246.203
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/axios@0.16.1/dist/axios.min.js

Requested by

Host: clrfkjzxwhifheutmubd.kute.pw
URL: https://clrfkjzxwhifheutmubd.kute.pw/660ee38483c5806333ee149f-6601787ee2f03f4870e09ca4.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.246.203 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6b2114a050aed49f4a24237d4d1f437b75ca10c6fc8623eae23c0558c53a7e21

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://rkeaokodkucjixz.beaver2570.workers.dev/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: "879a-StlLhYX39Pj2Qvz0O98NQPjvG9U"
age: 1831296
x-content-type-options: nosniff
date: Tue, 26 Nov 2024 09:39:58 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sat, 08 Apr 2017 18:51:20 GMT
fly-request-id: 01JBXB063W1CWHSV3DQZRE5A9N-fra
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=31536000
via: 1.1 fly.io
cf-ray: 8e88ea0f8f849207-FRA
access-control-allow-origin: *
server: cloudflare

GET
H2 200 806a9210edd0cb7f6faf5f1682082e0enbr1712251779.js Show response
rullbullpullpushcndapp.web.app/aghjtehrgdzxa/themes/ 74 KB
18 KB 350ms
341ms Script
text/javascript 199.36.158.100
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://rullbullpullpushcndapp.web.app/aghjtehrgdzxa/themes/806a9210edd0cb7f6faf5f1682082e0enbr1712251779.js

Requested by

Host: clrfkjzxwhifheutmubd.kute.pw
URL: https://clrfkjzxwhifheutmubd.kute.pw/660ee38483c5806333ee149f-6601787ee2f03f4870e09ca4.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.36.158.100 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

74116901ac0ec12dd7af88a1e9ac55a5531f2dac5da8053cfa70042d738587e3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://rkeaokodkucjixz.beaver2570.workers.dev/

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
cache-control: max-age=3600
content-encoding: br
etag: "18436deb674b50728be198a9912eab2947b4e3b5a74daafe8daf6805d969d6cf-br"
x-timer: S1732613998.340713,VS0,VE101
accept-ranges: bytes
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache: MISS
content-length: 18676
date: Tue, 26 Nov 2024 09:39:58 GMT
content-type: text/javascript; charset=utf-8
last-modified: Mon, 06 May 2024 16:50:03 GMT
x-served-by: cache-mxp6963-MXP
x-cache-hits: 0
vary: x-fh-requested-host, accept-encoding

GET vue.min.js
unpkg.com/vue@2.6.11/dist/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: clrfkjzxwhifheutmubd.kute.pw
URL: https://clrfkjzxwhifheutmubd.kute.pw/660ee38483c5806333ee149f-6601787ee2f03f4870e09ca4.js

Domain: unpkg.com
URL: https://unpkg.com/vue@2.6.11/dist/vue.min.js

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Cloudflare (Online)

17 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.rkeaokodkucjixz.beaver2570.workers.dev/	1970-01-21 01:18:20	Name: __cf_mw_byp Value: Z.OdyYXa2h0lPimS_qacZWi2P2JXcq1Us8kFBjMj61A-1732613989-0.0.1.1-/?bbre=ydljRFSKGJZbcXrHLUqThtg

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://rkeaokodkucjixz.beaver2570.workers.dev/?bbre=ydljRFSKGJZbcXrHLUqThtg#/ld-SILENTCODERSEMAIL Message: Failed to load resource: the server responded with a status of 403 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

clrfkjzxwhifheutmubd.kute.pw
rkeaokodkucjixz.beaver2570.workers.dev
rullbullpullpushcndapp.web.app
unpkg.com
clrfkjzxwhifheutmubd.kute.pw
unpkg.com
104.17.246.203
172.67.167.114
172.67.220.95
199.36.158.100
118f4d0a8c85bfbe5e7dfa3162e04e73c6fcda9cf1736b28f9472aa7e03ba2af
49d3926b4a0e815849d41ddd00fe68b6c7d34c0f707a698f6900ad75bb934cee
57fc50561022ea4a34e4aba632fd399795275f2d83228ca592cee1afdaa166e8
5f46c05d5420d9284842a28fe0f7b85f4757cedd9ea1ab064f47029620f90882
6b2114a050aed49f4a24237d4d1f437b75ca10c6fc8623eae23c0558c53a7e21
74116901ac0ec12dd7af88a1e9ac55a5531f2dac5da8053cfa70042d738587e3
756982c06c46d848b602d7ee7469060ee5a306a71ff2474941fa7f969047fe35
84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

rkeaokodkucjixz.beaver2570.workers.dev Open in urlscan Pro 172.67.220.95 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

13 Requests

85 %HTTPS

0 %IPv6

4 Domains

4 Subdomains

5 IPs

2 Countries

78 kBTransfer

567 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

17 JavaScript Global Variables

1 Cookies

1 Console Messages

Indicators

rkeaokodkucjixz.beaver2570.workers.dev Open in urlscan Pro
172.67.220.95 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

85 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

5
IPs

2
Countries

78 kB
Transfer

567 kB
Size

1
Cookies

13 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!