urlscan.io logo urlscan.io
SecurityTrails logo

uqudgfh.diy Open in urlscan Pro
104.21.16.1  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://uqudgfh.diy/#ne
Effective URL: https://uqudgfh.diy/k/
Submission Tags: 0xscam
Submission: On January 10 via api from US — Scanned from NZ
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 1 countries across 4 domains to perform 29 HTTP transactions. The main IP is 104.21.16.1, located in and belongs to CLOUDFLARENET, US. The main domain is uqudgfh.diy.
TLS certificate: Issued by WE1 on January 8th 2025. Valid for: 3 months.
This is the only time uqudgfh.diy was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Telegram (Instant Messenger)

Domain & IP information

IP Address AS Autonomous System
1 18 104.21.16.1 13335 (CLOUDFLAR...)
1 2606:4700:303... ()
29 3
Apex Domain
Subdomains		 Transfer
18 uqudgfh.diy
uqudgfh.diy
224 KB
1 bafanglaicai.app
tong.bafanglaicai.app
2 KB
0 telegram.me Failed
telegram.me Failed
0 t.me Failed
t.me Failed
29 4
Domain Requested by
18 uqudgfh.diy 1 redirects uqudgfh.diy
1 tong.bafanglaicai.app uqudgfh.diy
0 telegram.me Failed uqudgfh.diy
0 t.me Failed uqudgfh.diy
29 4

This site contains links to these domains. Also see Links.

Domain
core.telegram.org
Subject Issuer Validity Valid
uqudgfh.diy
WE1		 2025-01-08 -
2025-04-08		 3 months crt.sh
bafanglaicai.app
WE1		 2024-12-20 -
2025-03-20		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://uqudgfh.diy/k/
Frame ID: D8E9C373B1CF289655B9E7B86163B2E3
Requests: 24 HTTP requests in this frame

Frame: https://uqudgfh.diy/cdn-cgi/challenge-platform/h/b/scripts/jsd/e0c90b6a3ed1/main.js
Frame ID: 44AC325BDEF4D9E6B3046767E7FE413F
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Telegram Support

Page URL History Show full URLs

  1. https://uqudgfh.diy/ Page URL
  2. https://uqudgfh.diy/k/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Page Statistics

29
Requests

59 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

3
IPs

1
Countries

226 kB
Transfer

691 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://uqudgfh.diy/ Page URL
  2. https://uqudgfh.diy/k/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 9
  • https://uqudgfh.diy/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
  • https://uqudgfh.diy/cdn-cgi/challenge-platform/h/b/scripts/jsd/e0c90b6a3ed1/main.js

29 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
uqudgfh.diy/ 		14 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://uqudgfh.diy/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.16.1 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0a97e285181a103dc8a8b2d37bf5dfc5dce185a611395afdb3113399ee1a9e34

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
8ffdb8d2e82e1c5f-AKL
content-encoding
zstd
content-type
text/html
date
Fri, 10 Jan 2025 15:32:50 GMT
last-modified
Mon, 30 Dec 2024 18:42:20 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bmlcUAaCfKCrXITosVADAALfqLcTf%2Fa7lJYGfC%2B3nttjDbpi39Xq5BvuskTiq2A7sddLguIoubkud3ubFO5xPUHJ95XX5MwrUo6SLrsEkDSR4Z7ngWe%2FGlAo4xejMg%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
bootstrap.min.css
uqudgfh.diy/files/ 		42 KB
10 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://uqudgfh.diy/files/bootstrap.min.css
Requested by
Host: uqudgfh.diy
URL: https://uqudgfh.diy/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.16.1 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f1d083ffaa644c708f11db29707aa57c19246e6d32643b03fee3f82c17b224b3

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://uqudgfh.diy/

Response headers

nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cache-control
max-age=14400
content-encoding
gzip
cf-cache-status
MISS
etag
W/"6772e98b-a61b"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QG6tNCt262CP4CsCgEjvnKmh9kY7jVcWDLf6lW9XxAleuF4OhjZIRljKHv8YoyLVKrXS0tSjgZayCCY81J%2BtZSmjQ0Wen6KxuVj1Ko02n7Qqdf%2FgbuuRDVk5X5JIGg%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8ffdb8d6d8361c5f-AKL
alt-svc
h3=":443"; ma=86400
date
Fri, 10 Jan 2025 15:32:50 GMT
content-type
text/css
last-modified
Mon, 30 Dec 2024 18:42:19 GMT
vary
Accept-Encoding
server
cloudflare
index.css
uqudgfh.diy/ 		1 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://uqudgfh.diy/index.css
Requested by
Host: uqudgfh.diy
URL: https://uqudgfh.diy/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.16.1 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1c212d7f877e37e31e5f815aff89652da368f22981004a7e9d3cf867e9c96599

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://uqudgfh.diy/

Response headers

nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cache-control
max-age=14400
content-encoding
gzip
cf-cache-status
MISS
etag
W/"6772e98c-580"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QjCMxLCZVcWQwDeLpTFIslPLaCm9Q5ZFF0bRQlzgBzU8PaaiP8m6TIuqnW4F5nUVc%2BOIn94OCu0xKQZVdBtG4zw%2FE%2FLnD%2F4OdREoMtAZj0SHt56kk%2FGPbNTyFWMtSA%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8ffdb8d6d8351c5f-AKL
alt-svc
h3=":443"; ma=86400
date
Fri, 10 Jan 2025 15:32:50 GMT
content-type
text/css
last-modified
Mon, 30 Dec 2024 18:42:20 GMT
vary
Accept-Encoding
server
cloudflare
telegram.css
uqudgfh.diy/files/ 		113 KB
27 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://uqudgfh.diy/files/telegram.css
Requested by
Host: uqudgfh.diy
URL: https://uqudgfh.diy/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.16.1 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0fed69363a40e503cfcb65023e8bfdb9b98de62b1b7d938fcfb727fd16066580

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://uqudgfh.diy/

Response headers

nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cache-control
max-age=14400
content-encoding
gzip
cf-cache-status
MISS
etag
W/"6772e98b-1c21c"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GT4A6eqvzDaW%2F8n0Dx3OngYTsV38pNlkl51duX9azzmdmwewBSE88p%2FK2P2cXBAS5Tveb44yqmbrsVlxFwx5gihV6ZMVcwatcAaqrdiI9wrgdDN8v22C2e7pE2zlew%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8ffdb8d6d8371c5f-AKL
alt-svc
h3=":443"; ma=86400
date
Fri, 10 Jan 2025 15:32:51 GMT
content-type
text/css
last-modified
Mon, 30 Dec 2024 18:42:19 GMT
vary
Accept-Encoding
server
cloudflare
i18n.js
uqudgfh.diy/js/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://uqudgfh.diy/js/i18n.js
Requested by
Host: uqudgfh.diy
URL: https://uqudgfh.diy/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.16.1 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fad7e5604b38a58e74ebfcf5208551752c671234341958e3b1585bd7eea42e9e

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://uqudgfh.diy/

Response headers

nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cache-control
max-age=14400
content-encoding
gzip
cf-cache-status
MISS
etag
W/"6772e98b-d1c"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=n7G%2BLOngO%2FcT0tg8R9TIWOiroP3EVysxHQUK%2FWntWcFfohBOk2QKjmHiJ%2FrIChlqouIlDgp6IT3q3xPOm4j4nt0IX6i8G2DTzcjqjGdRUHrAm9%2FAo3wBbJMmnKyRtg%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8ffdb8d6d8381c5f-AKL
alt-svc
h3=":443"; ma=86400
date
Fri, 10 Jan 2025 15:32:50 GMT
content-type
application/javascript
last-modified
Mon, 30 Dec 2024 18:42:19 GMT
vary
Accept-Encoding
server
cloudflare
main.js
uqudgfh.diy/files/ 		21 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://uqudgfh.diy/files/main.js
Requested by
Host: uqudgfh.diy
URL: https://uqudgfh.diy/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.16.1 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
51c4d88fd78f3b8efb16f845e75be7f1bb288fdf2fd39d033868a0346db7fadb

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://uqudgfh.diy/

Response headers

nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cache-control
max-age=14400
content-encoding
gzip
cf-cache-status
MISS
etag
W/"6772e98b-53e6"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dA7N6ElsEqLG%2F44IAcuVR5y9gAs3ouosLRkB5%2Bwun%2Frc4%2F7RTHbVqww91Ee43%2BzZWm2fKyworCKnAxiLJGuOOfr0Puxg8lCQiNKGipe%2F3iICQj3J55vFhrh9%2BvqsPA%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8ffdb8d6d8391c5f-AKL
alt-svc
h3=":443"; ma=86400
date
Fri, 10 Jan 2025 15:32:50 GMT
content-type
application/javascript
last-modified
Mon, 30 Dec 2024 18:42:19 GMT
vary
Accept-Encoding
server
cloudflare
tgsticker.js
uqudgfh.diy/files/ 		24 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://uqudgfh.diy/files/tgsticker.js
Requested by
Host: uqudgfh.diy
URL: https://uqudgfh.diy/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.16.1 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f843ec50116b144b274c206d7fe25d70328ea6cf38bfcd349c1647f400c284b2

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://uqudgfh.diy/

Response headers

nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cache-control
max-age=14400
content-encoding
gzip
cf-cache-status
MISS
etag
W/"6772e98b-6019"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ep8kxhHu9Dzy6skA2zYGDiZ356mfuA%2FlTN3VKtlDe8ZnMz%2BpCN%2B6lwB%2FfqHsey2CzqIwUebKyh6psWe%2FX2H0IJeBKZVE5epoeRzQnaCQk19tZSXFO9hBGfsmS%2FuHqg%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8ffdb8d6d83a1c5f-AKL
alt-svc
h3=":443"; ma=86400
date
Fri, 10 Jan 2025 15:32:50 GMT
content-type
application/javascript
last-modified
Mon, 30 Dec 2024 18:42:19 GMT
vary
Accept-Encoding
server
cloudflare
tgsticker-worker.js
uqudgfh.diy/js/ Frame 		0
0
t_logo_sprite.svg
uqudgfh.diy/img/ 		23 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://uqudgfh.diy/img/t_logo_sprite.svg
Requested by
Host: uqudgfh.diy
URL: https://uqudgfh.diy/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.16.1 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
832fbefd7a4fe8f651058597d9f1910883d1cbd56d0ceb343e7d6170aeecf982

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://uqudgfh.diy/

Response headers

nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cache-control
max-age=14400
content-encoding
zstd
cf-cache-status
MISS
etag
W/"6772e98b-5a4c"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cBDHx4TvBRW46cJGlO419Jxm2yGOpa%2BAy8aHlIF7iklw%2FO%2F1WAvMFp2BPdl3COB1ehOFBa%2BtsZ8suyaovT7XZLzYO3C4z9Jd8Bw61ed32OzvM6oNH5kTuvxCWwESxw%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8ffdb8dba83e1c5f-AKL
alt-svc
h3=":443"; ma=86400
date
Fri, 10 Jan 2025 15:32:51 GMT
content-type
image/svg+xml
last-modified
Mon, 30 Dec 2024 18:42:19 GMT
server
cloudflare
vary
Accept-Encoding
main.js
uqudgfh.diy/cdn-cgi/challenge-platform/h/b/scripts/jsd/e0c90b6a3ed1/ Frame 44AC
Redirect Chain
  • https://uqudgfh.diy/cdn-cgi/challenge-platform/scripts/jsd/main.js
  • https://uqudgfh.diy/cdn-cgi/challenge-platform/h/b/scripts/jsd/e0c90b6a3ed1/main.js?
9 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://uqudgfh.diy/cdn-cgi/challenge-platform/h/b/scripts/jsd/e0c90b6a3ed1/main.js?
Requested by
Host: uqudgfh.diy
URL: https://uqudgfh.diy/
Protocol
H3
Server
104.21.16.1 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
724cd68155d4242de204d3d5adc8d201519f7e73ba95c7c3c592a7986855ed0b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cache-control
max-age=14400, stale-if-error=10800, stale-while-revalidate=10800, public
content-encoding
zstd
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bR5pwdypHuTmAYm3AIbIHmeNuG3IwfIYAnx0DXsZB3KUxX0E%2Fcuj1LQr2rwO2%2BJmTN5P6uoBFXtv8dswxtyNx3RediYznF3Yc2QO1brYIYFX1BFSslNwmT3FJb4A4A%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
cf-ray
8ffdb8dc28411c5f-AKL
alt-svc
h3=":443"; ma=86400
date
Fri, 10 Jan 2025 15:32:51 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
server
cloudflare

Redirect headers

cache-control
max-age=300, stale-if-error=10800, stale-while-revalidate=10800, public
location
/cdn-cgi/challenge-platform/h/b/scripts/jsd/e0c90b6a3ed1/main.js?
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T6vWQP0qyQdVlCU4nt53k8mbK8s9pWyrxofmQyyPqigqgFiHoO0e1Ot%2B%2BwK6z3VMMcItKoAUcIw5DDSUCnXk3b8WsyH%2F7tzq4LoxhntfUc%2B4rXnBG1dRWz3i1THRdw%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8ffdb8dbd8401c5f-AKL
access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
content-length
0
date
Fri, 10 Jan 2025 15:32:51 GMT
vary
Accept-Encoding
server
cloudflare
8ffdb8d2e82e1c5f
uqudgfh.diy/cdn-cgi/challenge-platform/h/b/jsd/r/ Frame 44AC 		0
941 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://uqudgfh.diy/cdn-cgi/challenge-platform/h/b/jsd/r/8ffdb8d2e82e1c5f
Requested by
Host: uqudgfh.diy
URL: https://uqudgfh.diy/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.16.1 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
application/json
Referer

Response headers

nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1%2B9pUfQDu3J0npbvBSx%2Bk65vEyxC8RAL9Fm4e5HDl6QToioi6hDL976dpUoPmG%2FjgL01BC5CFJwlh%2FgaDEZ66CnsCsNW8PvYx%2FIrcqp5JLg%2BYKycAhcKTik87ibrug%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8ffdb8dcf8421c5f-AKL
alt-svc
h3=":443"; ma=86400
content-length
0
date
Fri, 10 Jan 2025 15:32:51 GMT
content-type
text/plain; charset=UTF-8
server
cloudflare
favicon.ico
uqudgfh.diy/files/img/ 		15 KB
4 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://uqudgfh.diy/files/img/favicon.ico
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.16.1 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4ff54bc38c267dc3a8c95f6ed4590336baaec70433ef15d027ddca608c391e78

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://uqudgfh.diy/

Response headers

nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cache-control
max-age=14400
content-encoding
zstd
cf-cache-status
MISS
etag
W/"6772e98b-3aee"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mJoaTYyov137buHradODvrKdWhEmtHUphUGEkztmP0pusnrpxBDX4XN7as06h411rW0sjM3OdSyWLcHkVZ0Snqo8NVs6laDkoq0w2%2FW3JODnqHsN7rj4Sxr859O3Fg%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8ffdb8e018461c5f-AKL
alt-svc
h3=":443"; ma=86400
date
Fri, 10 Jan 2025 15:32:52 GMT
content-type
image/x-icon
last-modified
Mon, 30 Dec 2024 18:42:19 GMT
server
cloudflare
vary
Accept-Encoding
tgsticker-worker.js
uqudgfh.diy/js/ Frame 		0
0
tgsticker-worker.js
uqudgfh.diy/js/ Frame 		0
0
tgsticker-worker.js
uqudgfh.diy/js/ Frame 		0
0
Primary Request /
uqudgfh.diy/k/ 		3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://uqudgfh.diy/k/
Requested by
Host: uqudgfh.diy
URL: https://uqudgfh.diy/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.16.1 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a10a811d35f686b2b0fb72b9a7deac3bb1b516ea88d28aa7091c1176a984009a

Request headers

Referer
https://uqudgfh.diy/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
8ffdb8f7985f1c5f-AKL
content-encoding
zstd
content-type
text/html
date
Fri, 10 Jan 2025 15:32:55 GMT
last-modified
Mon, 30 Dec 2024 18:42:20 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yWsW4fT0xG0NUEYiciDbBGQgf8oAA1XGK4Xoa1EWXMdkFaFkeQv%2BKy2ft3qlZZzk1YqcaoSjmEOEBxmdYlo4GbeddgaaUbl7QV8l3YGQoePGKbPyhtWZPosDBilYWw%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
redirect.js
uqudgfh.diy/k/ 		325 B
648 B 		Script
General
Check archive.org
Download Go to
Full URL
https://uqudgfh.diy/k/redirect.js
Requested by
Host: uqudgfh.diy
URL: https://uqudgfh.diy/k/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.16.1 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
375141f2d3f04c733276dbff5d9208ff36b2db6a64abcee723179ac24797974f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://uqudgfh.diy/k/

Response headers

nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cache-control
max-age=14400
content-encoding
zstd
cf-cache-status
MISS
etag
W/"6772e98c-145"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GAokwckfA1m0n6RQ9MTRKMRFs5Aqy9LNgTrixuHwNGoE32k7LvCQ9UH%2F0x7VUWBEi7rHxLka2DovO%2BXbiGsb4ZDo90Vm3QzuT1qv4j1V2aMdHtNReB89%2B3fvq2Zm9Q%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8ffdb8fa48641c5f-AKL
alt-svc
h3=":443"; ma=86400
date
Fri, 10 Jan 2025 15:32:56 GMT
content-type
application/javascript
last-modified
Mon, 30 Dec 2024 18:42:20 GMT
server
cloudflare
vary
Accept-Encoding
main.d54bfa037348b154a941.js
uqudgfh.diy/k/ 		290 KB
111 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://uqudgfh.diy/k/main.d54bfa037348b154a941.js
Requested by
Host: uqudgfh.diy
URL: https://uqudgfh.diy/k/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.16.1 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4c70083f389a2fafc6a5f3c35179243623b4416cab07a1c6ce08d3f7c1ddb2ae

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://uqudgfh.diy/k/

Response headers

nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cache-control
max-age=14400
content-encoding
gzip
cf-cache-status
MISS
etag
W/"6772e98c-48637"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eV45Da8ngWDoibtg1Ie0RuHlJR8e2mg71qk1bXd2Eyi8P2HLDzDnroL%2BCd%2F4v1e0EghFUHqF9PiSYsjv%2ByUhJ7uQySJgp7f47i2cQuupZMQynC5%2BVDcbsKKCx51w%2BQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8ffdb8ffd8681c5f-AKL
alt-svc
h3=":443"; ma=86400
date
Fri, 10 Jan 2025 15:32:57 GMT
content-type
application/javascript
last-modified
Mon, 30 Dec 2024 18:42:20 GMT
vary
Accept-Encoding
server
cloudflare
main.949acaf34f3882f511ff.css
uqudgfh.diy/k/ 		111 KB
27 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://uqudgfh.diy/k/main.949acaf34f3882f511ff.css
Requested by
Host: uqudgfh.diy
URL: https://uqudgfh.diy/k/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.16.1 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d5e81ea05db27d47fa91e6bd4d675cc1c8eeec9341a4db7859359a7c5ee5fca3

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://uqudgfh.diy/k/

Response headers

nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cache-control
max-age=14400
content-encoding
gzip
cf-cache-status
MISS
etag
W/"6772e98c-1ba95"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0oSF71KqpzA2ECnbYpz%2F%2F0dtjFghBwcNPyODIn1AWtxsNODkOyBjPRIJ%2FxIAyyVXcjeWwULMYf05PqOm2YGK8W%2FqeZ9eWC9QFDDla3omq5L%2B77UoXSt%2B1VmZMkPM3w%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8ffdb8ffd86a1c5f-AKL
alt-svc
h3=":443"; ma=86400
date
Fri, 10 Jan 2025 15:32:57 GMT
content-type
text/css
last-modified
Mon, 30 Dec 2024 18:42:20 GMT
vary
Accept-Encoding
server
cloudflare
compatTest.js
uqudgfh.diy/k/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://uqudgfh.diy/k/compatTest.js
Requested by
Host: uqudgfh.diy
URL: https://uqudgfh.diy/k/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.16.1 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
15c24ec2b4cb94f24e66750f09e7071e5659e20a5ed926f69f565e20a81027cf

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://uqudgfh.diy/k/

Response headers

nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cache-control
max-age=14400
content-encoding
gzip
cf-cache-status
MISS
etag
W/"6772e98b-9f0"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vWLBstjo7jjsQG97RRc35rILk3UNjjN9mG6AOzi22tsfLa3mrSsaRKS1HD43VyYjCLzfyZwi%2FqMBZrwFlZkj8GVTd33%2B%2BYVNdxtFgB4cO5zAQarUNjJaAn%2BmbvfISw%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8ffdb8ffd8691c5f-AKL
alt-svc
h3=":443"; ma=86400
date
Fri, 10 Jan 2025 15:32:57 GMT
content-type
application/javascript
last-modified
Mon, 30 Dec 2024 18:42:19 GMT
vary
Accept-Encoding
server
cloudflare
script.js
tong.bafanglaicai.app/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tong.bafanglaicai.app/script.js
Requested by
Host: uqudgfh.diy
URL: https://uqudgfh.diy/k/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::6815:2a4f -, , ASN (),
Reverse DNS
Software
cloudflare /
Resource Hash
56c995899aaa0d0a9f7ae61e646dd5210d14b361599900e76c81ab89c6b2005e
Security Headers
Name Value
Content-Security-Policy default-src 'self';img-src * data:;script-src 'self' 'unsafe-eval' 'unsafe-inline';style-src 'self' 'unsafe-inline';connect-src 'self' api.umami.is cloud.umami.is;frame-ancestors 'self' undefined

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://uqudgfh.diy/

Response headers

content-encoding
gzip
cf-cache-status
HIT
etag
W/"a53-193c7cb3a48"
age
2035
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jrm2rZVciV0n1fA9cQerZfnqbADJVu4KfAnbUdl5X2Xb4TmYw5%2BHjfM1PaShfcmG17Q3XG1MlssYB1kEwqlLK4KGRn6G%2B9%2FpAmI6ZNWwTHuy%2Fh8RMNRMM7oEZ5E5OZd1qYp%2FGZrInNopXiTLmkKTVmUTCnE%3D"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=TCP&rtt=34656&min_rtt=34617&rtt_var=7365&sent=7&recv=10&lost=0&retrans=0&sent_bytes=4004&recv_bytes=2206&delivery_rate=116350&cwnd=252&unsent_bytes=0&cid=ae57fcd0612b0dd2&ts=114&x=0"
date
Fri, 10 Jan 2025 15:32:58 GMT
content-type
application/javascript; charset=UTF-8
last-modified
Sun, 15 Dec 2024 00:50:05 GMT
vary
Accept-Encoding
content-security-policy
default-src 'self';img-src * data:;script-src 'self' 'unsafe-eval' 'unsafe-inline';style-src 'self' 'unsafe-inline';connect-src 'self' api.umami.is cloud.umami.is;frame-ancestors 'self' undefined
cache-control
public, max-age=86400, must-revalidate
x-dns-prefetch-control
on
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8ffdb906cef1d99a-AKL
access-control-allow-origin
*
server
cloudflare
notification.mp3
uqudgfh.diy/k/ 		0
0
5193.75042954cc9da1f6d6ac.js
uqudgfh.diy/k/ 		18 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://uqudgfh.diy/k/5193.75042954cc9da1f6d6ac.js
Requested by
Host: uqudgfh.diy
URL: https://uqudgfh.diy/k/main.d54bfa037348b154a941.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.16.1 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fd5d096f167239210ad895c0332de2bc95585ad11a667295e97687efde54162a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://uqudgfh.diy/k/

Response headers

nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cache-control
max-age=14400
content-encoding
gzip
cf-cache-status
MISS
etag
W/"6772e98b-47f6"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dbtyE81A3EvZ%2Bd%2BRRhqxuTGmwHqyrKWrGBjpVI95LVVrRLhHJ4bBrvlRiTRplcDJib74FWq%2FsFhSsIqvnEeNUEqWOSxvGpMy2COjEX7tHc2w5E%2BEQAwdkNheFouuFA%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8ffdb905f8751c5f-AKL
alt-svc
h3=":443"; ma=86400
date
Fri, 10 Jan 2025 15:32:58 GMT
content-type
application/javascript
last-modified
Mon, 30 Dec 2024 18:42:19 GMT
vary
Accept-Encoding
server
cloudflare
chat-bg-br.f34cc96fbfb048812820.png
uqudgfh.diy/k/ 		0
0
chat-bg-pattern-light.ee148af944f6580293ae.png
uqudgfh.diy/k/ 		0
0
telegram-logo.1b2bb5b107f046ea9325.svg
uqudgfh.diy/k/ 		0
0
truncated
/ 		307 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bc5cbdb6250171b87c0310a8e636e39f5a56b4d8a78262315705c2cc9ab8da14

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml
truncated
/ 		244 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6b9e73b25890fe9c309feff6ef849db08babba9c055b169c20815866d264f3ef

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml
_websync_
t.me/ 		0
0
_websync_
telegram.me/ 		0
0
3559.80b270ba0e217557b392.js
uqudgfh.diy/k/ Frame 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
uqudgfh.diy
URL
https://uqudgfh.diy/js/tgsticker-worker.js
Domain
uqudgfh.diy
URL
https://uqudgfh.diy/js/tgsticker-worker.js
Domain
uqudgfh.diy
URL
https://uqudgfh.diy/js/tgsticker-worker.js
Domain
uqudgfh.diy
URL
https://uqudgfh.diy/js/tgsticker-worker.js
Domain
uqudgfh.diy
URL
https://uqudgfh.diy/k/notification.mp3
Domain
uqudgfh.diy
URL
https://uqudgfh.diy/k/chat-bg-br.f34cc96fbfb048812820.png
Domain
uqudgfh.diy
URL
https://uqudgfh.diy/k/chat-bg-pattern-light.ee148af944f6580293ae.png
Domain
uqudgfh.diy
URL
https://uqudgfh.diy/k/telegram-logo.1b2bb5b107f046ea9325.svg
Domain
t.me
URL
https://t.me/_websync_?authed=0&version=10.9.21+A
Domain
telegram.me
URL
https://telegram.me/_websync_?authed=0&version=10.9.21+A
Domain
uqudgfh.diy
URL
https://uqudgfh.diy/k/3559.80b270ba0e217557b392.js

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Telegram (Instant Messenger)

49 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| updateLanguage number| startTime function| dT object| jsonpCallbacks function| twitterCustomShareInit function| blogRecentNewsInit function| blogSideImageUpdate function| blogSideImageInit function| cancelEvent function| trackDlClick function| backToTopInit function| backToTopGo function| backToTopResize function| backToTopScroll function| removePreloadInit function| getXY function| dropdownClick function| dropdownHide function| dropdownPageClick function| escapeHTML function| videoTogglePlay function| getDevPageNav function| showTitleIfOverflows function| initDevPageNav function| updateDevPageNav function| updateMenuAffix function| initScrollVideos function| checkScrollVideos function| videoPreloadPosterDimensions function| isVisibleEnough function| getFullOffsetY function| redraw function| initRipple function| mainInitRetinaVideos function| mainInitDemoAutoplay function| mainDemoVideoHover function| mainDemoVideoDoHover function| mainInitLogo function| mainInitTgStickers function| setCookie function| getCookie function| mainScrollTo object| RLottie object| QueryableWorkerProxy function| QueryableWorker function| FrameQueue function| triggerEvent string| key

1 Cookies

Domain/Path Name / Value
.uqudgfh.diy/ Name: cf_clearance
Value: UMuSaJ2QbhZ_xxOT.GKLDt71.DE_fOR.xO8yObspHjk-1736523171-1.2.1.1-oApsnZGWwjh4kV5GyhnsV7bCIdDq1uPhloSBmIh.ksSKBmrRc8kJWty1LILqL8k.VoYelfaOJPNlUwb3nJhxwW9clJEFXWQoWu5dcBq3TgilTxPyaNC9tfarPUBkchoIKPBlIXimmnEoEP5d9naMOFzayZUC1.TbGtznwcwcN9pc3.ELDaaXHYJvBmmjlAbx.CKZ4ZjitVNBNyy8UaBcY6Kkq.lrFMqDxVUzF11aSYyt.sxWV_W5Cc7RDoxRs_jeYFYN__Zivfr9x9C6hUfQGqTf80wgDSyA_MJQPcVxy7KQkiOvaYp_VhKODIiqXkM2mlVPAVyT2592PvaHfMk4SU1v0Uy7IM1oh6BRWx1mKjeogdTw1anRntX3Sc6yk1lB

1 Console Messages

Source Level URL
Text
security error URL: https://uqudgfh.diy/k/
Message:
Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'wasm-unsafe-eval' https://t.me/_websync_ https://telegram.me/_websync_ https://*.bafanglaicai.app". Either the 'unsafe-inline' keyword, a hash ('sha256-zFgbRTBah9NzidMH78VEmHsofpBXbc5P29/QcmZff9k='), or a nonce ('nonce-...') is required to enable inline execution.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

t.me
telegram.me
tong.bafanglaicai.app
uqudgfh.diy
t.me
telegram.me
uqudgfh.diy
104.21.16.1
2606:4700:3032::6815:2a4f
0a97e285181a103dc8a8b2d37bf5dfc5dce185a611395afdb3113399ee1a9e34
0fed69363a40e503cfcb65023e8bfdb9b98de62b1b7d938fcfb727fd16066580
15c24ec2b4cb94f24e66750f09e7071e5659e20a5ed926f69f565e20a81027cf
1c212d7f877e37e31e5f815aff89652da368f22981004a7e9d3cf867e9c96599
375141f2d3f04c733276dbff5d9208ff36b2db6a64abcee723179ac24797974f
4c70083f389a2fafc6a5f3c35179243623b4416cab07a1c6ce08d3f7c1ddb2ae
4ff54bc38c267dc3a8c95f6ed4590336baaec70433ef15d027ddca608c391e78
51c4d88fd78f3b8efb16f845e75be7f1bb288fdf2fd39d033868a0346db7fadb
56c995899aaa0d0a9f7ae61e646dd5210d14b361599900e76c81ab89c6b2005e
6b9e73b25890fe9c309feff6ef849db08babba9c055b169c20815866d264f3ef
724cd68155d4242de204d3d5adc8d201519f7e73ba95c7c3c592a7986855ed0b
832fbefd7a4fe8f651058597d9f1910883d1cbd56d0ceb343e7d6170aeecf982
a10a811d35f686b2b0fb72b9a7deac3bb1b516ea88d28aa7091c1176a984009a
bc5cbdb6250171b87c0310a8e636e39f5a56b4d8a78262315705c2cc9ab8da14
d5e81ea05db27d47fa91e6bd4d675cc1c8eeec9341a4db7859359a7c5ee5fca3
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f1d083ffaa644c708f11db29707aa57c19246e6d32643b03fee3f82c17b224b3
f843ec50116b144b274c206d7fe25d70328ea6cf38bfcd349c1647f400c284b2
fad7e5604b38a58e74ebfcf5208551752c671234341958e3b1585bd7eea42e9e
fd5d096f167239210ad895c0332de2bc95585ad11a667295e97687efde54162a