oogrrd.vdee.ru
Open in
urlscan Pro
104.26.0.129
Malicious Activity!
Public Scan
Submission: On April 18 via api from PL — Scanned from PL
Summary
This is the only time oogrrd.vdee.ru was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Cloudflare (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 10 | 104.26.0.129 104.26.0.129 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 7 | 104.18.7.185 104.18.7.185 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
15 | 2 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
vdee.ru
1 redirects
oogrrd.vdee.ru |
128 KB |
7 |
cloudflare.com
1 redirects
challenges.cloudflare.com — Cisco Umbrella Rank: 4009 |
122 KB |
15 | 2 |
Domain | Requested by | |
---|---|---|
10 | oogrrd.vdee.ru |
1 redirects
oogrrd.vdee.ru
|
7 | challenges.cloudflare.com |
1 redirects
oogrrd.vdee.ru
challenges.cloudflare.com |
15 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
challenges.cloudflare.com Cloudflare Inc ECC CA-3 |
2022-09-18 - 2023-09-17 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
http://oogrrd.vdee.ru/
Frame ID: 8FC3CD5FF763F01AEFE0C24FB86BC18C
Requests: 10 HTTP requests in this frame
Frame:
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/r9vxt/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Frame ID: 06F7F9715B02565D3EE7B3B388BE0EBB
Requests: 5 HTTP requests in this frame
Screenshot
Page Title
Loading...Page URL History Show full URLs
- http://oogrrd.vdee.ru/ Page URL
-
http://oogrrd.vdee.ru/cdn-cgi/phish-bypass?atok=B7Rnjxbxxjs5aVQe4BapCDFUEy_OjqL9Va4COQsecRw-168183...
HTTP 301
http://oogrrd.vdee.ru/ Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://oogrrd.vdee.ru/ Page URL
-
http://oogrrd.vdee.ru/cdn-cgi/phish-bypass?atok=B7Rnjxbxxjs5aVQe4BapCDFUEy_OjqL9Va4COQsecRw-1681833610-0-%2F
HTTP 301
http://oogrrd.vdee.ru/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 5- https://challenges.cloudflare.com/turnstile/v0/api.js?onload=_cf_chl_turnstile_l&render=explicit HTTP 302
- https://challenges.cloudflare.com/turnstile/v0/b/74cb9f3f/api.js?onload=_cf_chl_turnstile_l&render=explicit
15 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
oogrrd.vdee.ru/ |
4 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cf.errors.css
oogrrd.vdee.ru/cdn-cgi/styles/ |
24 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icon-exclamation.png
oogrrd.vdee.ru/cdn-cgi/images/ |
452 B 889 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
/
oogrrd.vdee.ru/ Redirect Chain
|
6 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
v1
oogrrd.vdee.ru/cdn-cgi/challenge-platform/h/b/orchestrate/managed/ |
151 KB 55 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
transparent.gif
oogrrd.vdee.ru/cdn-cgi/images/trace/managed/js/ |
42 B 477 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
api.js
challenges.cloudflare.com/turnstile/v0/b/74cb9f3f/ Redirect Chain
|
15 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
32f87f82aa6ab58
oogrrd.vdee.ru/cdn-cgi/challenge-platform/h/b/flow/ov1/400373647:1681830395:2VOuX77Jti_B64evd-mlUUjFJ8AvUn01yd1X8PZC2Vc/7b9e1e9dab5c34b0/ |
91 KB 54 KB |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
KwJ3q-FedDZPtqF
oogrrd.vdee.ru/cdn-cgi/challenge-platform/h/b/img/7b9e1e9dab5c34b0/1681833615346/ |
61 B 578 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
32f87f82aa6ab58
oogrrd.vdee.ru/cdn-cgi/challenge-platform/h/b/flow/ov1/400373647:1681830395:2VOuX77Jti_B64evd-mlUUjFJ8AvUn01yd1X8PZC2Vc/7b9e1e9dab5c34b0/ |
5 KB 5 KB |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
normal
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/r9vxt/0x4AAAAAAAAjq6WYeRDKmebM/light/ Frame 06F7 |
22 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
v1
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/ Frame 06F7 |
152 KB 55 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
a016ae75fedd8a5
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1499789975:1681830539:jlmWU0EobiprdoJDjPSXMqCPNpcnfNLuu4KoTL35avI/7b9e1eaa789d3539/ Frame 06F7 |
82 KB 46 KB |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
GeugrdzxSugwjvy
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/img/7b9e1eaa789d3539/1681833617424/ Frame 06F7 |
61 B 166 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
a016ae75fedd8a5
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1499789975:1681830539:jlmWU0EobiprdoJDjPSXMqCPNpcnfNLuu4KoTL35avI/7b9e1eaa789d3539/ Frame 06F7 |
10 KB 8 KB |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Cloudflare (Online)16 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 boolean| credentialless object| _cf_chl_opt function| SHA256 function| _cf_chl_preload function| _cf_chl_enter boolean| _cf_chl_done_ran function| _cf_chl_done function| sendRequest function| _cf_chl_turnstile_l object| _cf_chl_ctx string| prefix object| turnstile boolean| _cf_chl_turnstile_loaded object| _ undefined| _cf_gcr1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.oogrrd.vdee.ru/ | Name: __cf_mw_byp Value: B7Rnjxbxxjs5aVQe4BapCDFUEy_OjqL9Va4COQsecRw-1681833610-0-/ |
4 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Frame-Options | SAMEORIGIN |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
challenges.cloudflare.com
oogrrd.vdee.ru
104.18.7.185
104.26.0.129
1103290e25ebda2712abe344a87facbac00ddaba712729be9fe5feef807bf91b
34d55d2056ae50c44bc94bac22227715e4e0584ca1d01e057070a0f72559ffce
420d1decf202cdc5d40a5ee3db587b581a35f19dd9e6dcbfe960967564f101fd
66c4b181f491a743003f8a2177226673cf28712c0c63067e2af76fea9e66b187
6d343f2d227cb5bc8689159df3e3a029adaef310d581b5140ea9d525fdf7bbd5
81d43f34d865a815ccfb8c8219da1e83efaa9455011e2ec4c726468dea2681d3
8da898e7dddf4d2ee837e1af7c7f913a702b4d1498400844f211e3eee676fc3e
9b086fd8b5f60107d01e2d7815964d3c903c9e4976bc9acd8c054de7dc513294
bb0777d1089f6dd10e047951b54faf61e1a986c2e00f5aee1a5f36b380c102b6
c4a6b0c04de78b1c76e7c9c3f3e5785e5033378b936fdba4e4648810f0bc4e42
d8748f2d79d8564bf4aa0a81c15c3a2e783053f22c8546149c0753108eb3c995
e20b5b1e233d0b35454e740d3f44dd1e2efdcabc363d359e4a0c97989061ff04
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016
f67454dde95906a4101c5d9f8f1d67a9b81969b42a275174ee1ed270f96cda45