urlscan.io logo urlscan.io
SecurityTrails logo

ehrggtup.monster Open in urlscan Pro
2606:4700:3036::ac43:975e  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://ehrggtup.monster/
Submission: On December 09 via api from RU — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 1 countries across 2 domains to perform 28 HTTP transactions. The main IP is 2606:4700:3036::ac43:975e, located in United States and belongs to CLOUDFLARENET, US. The main domain is ehrggtup.monster.
TLS certificate: Issued by WE1 on December 4th 2024. Valid for: 3 months.
This is the only time ehrggtup.monster was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Telegram (Instant Messenger)

Domain & IP information

IP Address AS Autonomous System
1 15 2606:4700:303... 13335 (CLOUDFLAR...)
3 2606:4700:303... 13335 (CLOUDFLAR...)
28 3
Apex Domain
Subdomains		 Transfer
15 ehrggtup.monster
ehrggtup.monster
395 KB
3 bafanglaicai.app
tian.bafanglaicai.app
4 KB
28 2
Domain Requested by
15 ehrggtup.monster 1 redirects ehrggtup.monster
3 tian.bafanglaicai.app ehrggtup.monster
tian.bafanglaicai.app
28 2

This site contains no links.

Subject Issuer Validity Valid
ehrggtup.monster
WE1		 2024-12-04 -
2025-03-04		 3 months crt.sh
bafanglaicai.app
WE1		 2024-10-22 -
2025-01-20		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://ehrggtup.monster/
Frame ID: 0B628ADC318F624B7BE4539FC19D0000
Requests: 21 HTTP requests in this frame

Frame: https://ehrggtup.monster/cdn-cgi/challenge-platform/h/g/scripts/jsd/f9063374b04d/main.js
Frame ID: D3D9B4CDB5026B471AD43F48AB6AA5C7
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Telegram Web

Page Statistics

28
Requests

57 %
HTTPS

100 %
IPv6

2
Domains

2
Subdomains

3
IPs

1
Countries

398 kB
Transfer

2988 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 10
  • https://ehrggtup.monster/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
  • https://ehrggtup.monster/cdn-cgi/challenge-platform/h/g/scripts/jsd/f9063374b04d/main.js

28 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
ehrggtup.monster/ 		13 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ehrggtup.monster/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::ac43:975e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6c9e71e77b3704e3693a7df5b42957ad2e7e9f418c41746699fbedd51752c5ce

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
8ef5ca84ac849b3f-FRA
content-encoding
zstd
content-type
text/html
date
Mon, 09 Dec 2024 14:47:34 GMT
last-modified
Sat, 23 Nov 2024 05:52:08 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
priority
u=0,i
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=49Mduzvk0a3opIY1dfTdN6UJbKW1koEfURkGrJpniNlUjKl9MeJSdhtVKV9gHwfZxJ4aHcMo6%2BjhUYjLQyWbFLywkkjmqq7qA5LpfXIHIiraEqF1o0NZR6EVLKtr%2FMOTB9CNyV9J6hfMtyQS1Pzw"}],"group":"cf-nel","max_age":604800}
server
cloudflare
server-timing
cfL4;desc="?proto=QUIC&rtt=22354&min_rtt=22241&rtt_var=3667&sent=11&recv=10&lost=0&retrans=0&sent_bytes=4157&recv_bytes=4426&delivery_rate=588&cwnd=12000&unsent_bytes=0&cid=4b480696136ae514&ts=542&x=1" cfExtPri cfHdrFlush;dur=0
vary
Accept-Encoding
main.4d7bc528ef300bb77a47.css
ehrggtup.monster/ 		405 KB
87 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://ehrggtup.monster/main.4d7bc528ef300bb77a47.css
Requested by
Host: ehrggtup.monster
URL: https://ehrggtup.monster/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::ac43:975e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
216ac2ed4fb401b782b3aedec58fa3011db42a583f7c0f3b3cfe2a677cf5bb99

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://ehrggtup.monster/

Response headers

server
cloudflare
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
gzip
cf-cache-status
MISS
etag
W/"67416d88-65417"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Fq8cEE4l7JLwIpIMxbCuKM48qr8mhUk0AsALbxQYPUMShZnbjkae6MSOI1J%2BWKQT5NLrlwuyQmzL7vbMUPAt%2F9WJhVk1SOwKvp%2BhZ4rtkcgV7GhP6aSeoF%2FwPilunsvF13Ddn73BFAztAul4%2BAGj"}],"group":"cf-nel","max_age":604800}
cf-ray
8ef5ca880f1d9b3f-FRA
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=23875&min_rtt=21988&rtt_var=2926&sent=34&recv=27&lost=0&retrans=0&sent_bytes=25256&recv_bytes=6799&delivery_rate=20838&cwnd=15600&unsent_bytes=0&cid=4b480696136ae514&ts=1298&x=1", cfExtPri, cfHdrFlush;dur=0
date
Mon, 09 Dec 2024 14:47:35 GMT
content-type
text/css
last-modified
Sat, 23 Nov 2024 05:52:08 GMT
vary
Accept-Encoding
priority
u=0,i=?0
style-desktop.7ec8ed3b19fabb19d057.css
ehrggtup.monster/ 		338 B
932 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://ehrggtup.monster/style-desktop.7ec8ed3b19fabb19d057.css
Requested by
Host: ehrggtup.monster
URL: https://ehrggtup.monster/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::ac43:975e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
322deb24d6d5efcf38e98818033dc373a21e67a4535703a0bae2772b13d9f5ce

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://ehrggtup.monster/

Response headers

server
cloudflare
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
zstd
cf-cache-status
MISS
etag
W/"67416d88-152"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YQ1nu3QGOnOOGhMzCXh2yL0ePjY1i3UQ4Gl3KyQPULCEZhqjaRCWNpwsdhtQtcSqa5LvByQTVvU1GUhvduGxDa5RZrbE%2Fzi27Ix7KuC5u7fcijuuvQ8uiFOyGYcE%2FXwp2uhOypnvPB6DqaJVCRDq"}],"group":"cf-nel","max_age":604800}
cf-ray
8ef5ca880f1e9b3f-FRA
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=22231&min_rtt=21988&rtt_var=809&sent=32&recv=21&lost=0&retrans=0&sent_bytes=24277&recv_bytes=6540&delivery_rate=7694&cwnd=15600&unsent_bytes=0&cid=4b480696136ae514&ts=1085&x=1", cfExtPri, cfHdrFlush;dur=0
date
Mon, 09 Dec 2024 14:47:34 GMT
content-type
text/css
last-modified
Sat, 23 Nov 2024 05:52:08 GMT
vary
Accept-Encoding
priority
u=0,i=?0
mtproto.worker.ae3e8dc772cae8b81c0e.chunk.js
ehrggtup.monster/ 		742 KB
203 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ehrggtup.monster/mtproto.worker.ae3e8dc772cae8b81c0e.chunk.js
Requested by
Host: ehrggtup.monster
URL: https://ehrggtup.monster/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::ac43:975e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8abc78d788514ae251fdb808e33042a2312c180ec76f667d9abc40ca90e787b4

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://ehrggtup.monster
Referer
https://ehrggtup.monster/

Response headers

server
cloudflare
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
gzip
cf-cache-status
MISS
etag
W/"67416d88-b988a"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6%2BR4q%2BY7mGCVFQrRjFiPI%2Bc0owhbHXi1vfwdcKqkel8wKYvZNZeiclYBhQRDH7ETYWxYJm5oC1CeKVU%2Bz1%2FfrXaWqrJw4Zqhp8kbQCK09nUpL5tTOREIVQYzQmxDhcLgzbC%2BUvz%2ByNIWgOmPnP5y"}],"group":"cf-nel","max_age":604800}
cf-ray
8ef5ca880f209b3f-FRA
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=22891&min_rtt=21988&rtt_var=306&sent=85&recv=40&lost=0&retrans=0&sent_bytes=84079&recv_bytes=7363&delivery_rate=846690&cwnd=27600&unsent_bytes=0&cid=4b480696136ae514&ts=1357&x=1", cfExtPri, cfHdrFlush;dur=12
date
Mon, 09 Dec 2024 14:47:35 GMT
content-type
application/javascript
last-modified
Sat, 23 Nov 2024 05:52:08 GMT
vary
Accept-Encoding
priority
u=1,i=?0
85.205de0b3350ad6e5100a.bundle.js
ehrggtup.monster/ 		8 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ehrggtup.monster/85.205de0b3350ad6e5100a.bundle.js
Requested by
Host: ehrggtup.monster
URL: https://ehrggtup.monster/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::ac43:975e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
86df896f198a8e1944a598dfecc75244aefcef64fdca604b2b557017693aa180

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://ehrggtup.monster/

Response headers

server
cloudflare
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
gzip
cf-cache-status
MISS
etag
W/"67416d88-1e33"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UVUFI%2F3uInF5xC0MyPfdBP%2BInzGBz7UI%2F5nHPLVzeJzb8bPAb19ULZSRKNi6IR%2BI5wxyAiMnVNbxAPyhjLHm3FDEYdZl9wW5HmAh9SD9H9l0R5uk8SLWvG9TVppiR%2FVK6UEB2w7SN31aK8QTKp7k"}],"group":"cf-nel","max_age":604800}
cf-ray
8ef5ca880f219b3f-FRA
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=22276&min_rtt=22008&rtt_var=1308&sent=19&recv=19&lost=0&retrans=0&sent_bytes=10825&recv_bytes=6454&delivery_rate=301934&cwnd=12000&unsent_bytes=0&cid=4b480696136ae514&ts=1057&x=1", cfExtPri, cfHdrFlush;dur=0
date
Mon, 09 Dec 2024 14:47:34 GMT
content-type
application/javascript
last-modified
Sat, 23 Nov 2024 05:52:08 GMT
vary
Accept-Encoding
priority
u=1,i=?0
116.34cfd7ff5c594baefb32.bundle.js
ehrggtup.monster/ 		24 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ehrggtup.monster/116.34cfd7ff5c594baefb32.bundle.js
Requested by
Host: ehrggtup.monster
URL: https://ehrggtup.monster/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::ac43:975e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
11d775e5b4a49b49c652204d0833ae4e62066eef5828d2b5d0de0ebd403923c0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://ehrggtup.monster/

Response headers

server
cloudflare
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
gzip
cf-cache-status
MISS
etag
W/"67416d88-5f70"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=u8ciCLUZMgEXKlcOsqxQfkXvb6X70d%2B3x%2F8H2QG4qCb0c6FICsGkAkvezGa18S8ngK6fagyyJMa3CT%2B9u7UKb7gLng4IISCFgu%2Fyu5nGLqxX0r9yOUxe2TkTx9kDjCWZZq4vvEQulzBIBnUQ1KCF"}],"group":"cf-nel","max_age":604800}
cf-ray
8ef5ca880f239b3f-FRA
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=22276&min_rtt=22008&rtt_var=1308&sent=23&recv=19&lost=0&retrans=0&sent_bytes=14724&recv_bytes=6454&delivery_rate=301934&cwnd=12000&unsent_bytes=0&cid=4b480696136ae514&ts=1078&x=1", cfExtPri, cfHdrFlush;dur=0
date
Mon, 09 Dec 2024 14:47:34 GMT
content-type
application/javascript
last-modified
Sat, 23 Nov 2024 05:52:08 GMT
vary
Accept-Encoding
priority
u=1,i=?0
main.e909e0d1fb62ea42e9d0.bundle.js
ehrggtup.monster/ 		83 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ehrggtup.monster/main.e909e0d1fb62ea42e9d0.bundle.js
Requested by
Host: ehrggtup.monster
URL: https://ehrggtup.monster/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::ac43:975e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aef6b86fae075c0230bd5c7c6005909f5f126f00c5676058612b3c98d7f93e05

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://ehrggtup.monster/

Response headers

server
cloudflare
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
gzip
cf-cache-status
MISS
etag
W/"67416d88-14df6"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Q%2FO67UrM2mtCPq7yohhdtCKsK74DEF19MlHEKc6lXkqZZygW3h3pLXornpWBAwKatfDyBtCPPjvHQdDga18gGQnT6%2FqneYROWX0vFJrz45wjTQPdi%2BMpSywztPMnmMRDzKJza2lawLR9AWHqjOKR"}],"group":"cf-nel","max_age":604800}
cf-ray
8ef5ca880f249b3f-FRA
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=22891&min_rtt=21988&rtt_var=306&sent=62&recv=40&lost=0&retrans=0&sent_bytes=57408&recv_bytes=7363&delivery_rate=846690&cwnd=27600&unsent_bytes=0&cid=4b480696136ae514&ts=1351&x=1", cfExtPri, cfHdrFlush;dur=0
date
Mon, 09 Dec 2024 14:47:35 GMT
content-type
application/javascript
last-modified
Sat, 23 Nov 2024 05:52:08 GMT
vary
Accept-Encoding
priority
u=1,i=?0
script.js
tian.bafanglaicai.app/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tian.bafanglaicai.app/script.js
Requested by
Host: ehrggtup.monster
URL: https://ehrggtup.monster/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::ac43:9f3f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
023d8e20a6dc800a6415a305418e11c27484c01ab373778d26d87e8b020961c4
Security Headers
Name Value
Content-Security-Policy default-src 'self';img-src * data:;script-src 'self' 'unsafe-eval' 'unsafe-inline';style-src 'self' 'unsafe-inline';connect-src 'self' api.umami.is cloud.umami.is;frame-ancestors 'self' undefined

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://ehrggtup.monster/

Response headers

content-encoding
gzip
cf-cache-status
REVALIDATED
etag
W/"a11-19196e5b838"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CnYhUANkYiPr6bNhzB8l18MeM%2B%2FZH3PYTh2kAvRwZVKHd9lXogA19hK3JZR9I1oQppH7DeiJpe8OUNzOKFS%2FxgEWj2AL3wTEARxMdFXR%2Bh8is2duaY8chZophSB8NvDCsQV6GTCfwHXqmFxC52u7TOG%2FSbQ%3D"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=22219&min_rtt=21851&rtt_var=3801&sent=11&recv=10&lost=0&retrans=0&sent_bytes=4161&recv_bytes=4304&delivery_rate=584&cwnd=12000&unsent_bytes=0&cid=5bb88dc39f19b4f7&ts=535&x=1", cfExtPri, cfHdrFlush;dur=0
date
Mon, 09 Dec 2024 14:47:34 GMT
content-type
application/javascript; charset=UTF-8
last-modified
Wed, 28 Aug 2024 02:52:03 GMT
vary
Accept-Encoding
priority
u=3,i=?0
content-security-policy
default-src 'self';img-src * data:;script-src 'self' 'unsafe-eval' 'unsafe-inline';style-src 'self' 'unsafe-inline';connect-src 'self' api.umami.is cloud.umami.is;frame-ancestors 'self' undefined
cache-control
public, max-age=14400
x-dns-prefetch-control
on
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8ef5ca889ccd68e9-FRA
server
cloudflare
crypto.worker.1addef60de53de89c181.chunk.js
ehrggtup.monster/ 		24 KB
10 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ehrggtup.monster/crypto.worker.1addef60de53de89c181.chunk.js
Requested by
Host: ehrggtup.monster
URL: https://ehrggtup.monster/main.e909e0d1fb62ea42e9d0.bundle.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::ac43:975e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5931974f456235914cbd864a86d028ea166b3211f36f1734265c2de4dcff3676

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://ehrggtup.monster/

Response headers

server
cloudflare
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
gzip
cf-cache-status
MISS
etag
W/"67416d88-5e2f"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qWONxTyPLplP%2BaK3CH64wZZGmJvlpOCtSDTFP5icZAeEnA7MEoCMxqKrQr9Kn7%2BO26p2wVp8t0zWcC2SUgag4bfZvooMDF1cWXHNAsgEpnoNshaZO%2FcROb5yzSdWK6TKSSliO21z7RC%2FWfTcTcnz"}],"group":"cf-nel","max_age":604800}
cf-ray
8ef5ca8f8d069b3f-FRA
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=22909&min_rtt=21988&rtt_var=324&sent=341&recv=113&lost=0&retrans=0&sent_bytes=371308&recv_bytes=29834&delivery_rate=1764709&cwnd=127200&unsent_bytes=0&cid=4b480696136ae514&ts=2278&x=1", cfExtPri, cfHdrFlush;dur=0
date
Mon, 09 Dec 2024 14:47:36 GMT
content-type
application/javascript
last-modified
Sat, 23 Nov 2024 05:52:08 GMT
vary
Accept-Encoding
priority
u=1,i
mtproto.worker.ae3e8dc772cae8b81c0e.chunk.js
ehrggtup.monster/ Frame 		0
0
crypto.worker.1addef60de53de89c181.chunk.js
ehrggtup.monster/ Frame 		0
0
main.js
ehrggtup.monster/cdn-cgi/challenge-platform/h/g/scripts/jsd/f9063374b04d/ Frame D3D9
Redirect Chain
  • https://ehrggtup.monster/cdn-cgi/challenge-platform/scripts/jsd/main.js
  • https://ehrggtup.monster/cdn-cgi/challenge-platform/h/g/scripts/jsd/f9063374b04d/main.js?
9 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ehrggtup.monster/cdn-cgi/challenge-platform/h/g/scripts/jsd/f9063374b04d/main.js?
Protocol
H3
Server
2606:4700:3036::ac43:975e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bc005896f6d083f4749305eb91aafe4927bec4f86fff9097d97cdb0038078040
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

cache-control
max-age=14400, stale-if-error=10800, stale-while-revalidate=10800, public
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
zstd
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9RyunvfVzERUXUe9WKfybR48xVFwdQ6%2BXdZddjNc%2FLD88oivtU2xuwj3xM2C8A%2FkWlCZR1Vm3SmOsGptH%2BPTVwmHV%2F7DyoktmB%2FWZT%2FpdF7yQza1WJPNPyYbIdySjXAQJrmwtWtnrCOB9H%2Bvx89o"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
cf-ray
8ef5ca8fcd329b3f-FRA
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=22739&min_rtt=21988&rtt_var=502&sent=205&recv=83&lost=0&retrans=0&sent_bytes=217729&recv_bytes=11336&delivery_rate=19188&cwnd=103200&unsent_bytes=0&cid=4b480696136ae514&ts=1821&x=1", cfExtPri, cfHdrFlush;dur=0
date
Mon, 09 Dec 2024 14:47:35 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
server
cloudflare
priority
u=3,i=?0

Redirect headers

cache-control
max-age=300, stale-if-error=10800, stale-while-revalidate=10800, public
location
/cdn-cgi/challenge-platform/h/g/scripts/jsd/f9063374b04d/main.js?
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=H2bup6Z0%2FqIDi%2B%2B8TrKowIPkTG%2BOJd9yctoKp%2B%2BRR3mqXQYSuVRE9lr%2Fus05hkced0r%2Fzk%2FFdebAjdPBg24%2FjnmDtxbX7wARfCqYcG0eCJBgnCbVzlQoqq%2BBCqTKwi%2BwsrUGHu4IuIvqotQU6%2Bor"}],"group":"cf-nel","max_age":604800}
cf-ray
8ef5ca8f9d099b3f-FRA
access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
content-length
0
server-timing
cfL4;desc="?proto=QUIC&rtt=22809&min_rtt=21988&rtt_var=484&sent=202&recv=79&lost=0&retrans=0&sent_bytes=216930&recv_bytes=10206&delivery_rate=2187780&cwnd=103200&unsent_bytes=0&cid=4b480696136ae514&ts=1783&x=1", cfExtPri, cfHdrFlush;dur=0
date
Mon, 09 Dec 2024 14:47:35 GMT
vary
Accept-Encoding
server
cloudflare
priority
u=3,i=?0
send
tian.bafanglaicai.app/api/ 		599 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://tian.bafanglaicai.app/api/send
Requested by
Host: tian.bafanglaicai.app
URL: https://tian.bafanglaicai.app/script.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::ac43:9f3f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a89c231c05beb2bc0279d160afc10062c2caed1f6de9d9310bc7cadcf3e4c7c0
Security Headers
Name Value
Content-Security-Policy default-src 'self';img-src * data:;script-src 'self' 'unsafe-eval' 'unsafe-inline';style-src 'self' 'unsafe-inline';connect-src 'self' api.umami.is cloud.umami.is;frame-ancestors 'self' undefined

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
application/json
Referer
https://ehrggtup.monster/

Response headers

content-encoding
zstd
cf-cache-status
DYNAMIC
etag
W/"laovxpn3ragn"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=x2MaxwhlS4ELRd0sde%2Fc%2BeL8QupatDUesZwgJmeTsBxVNKnXM38LT4myxPSCmGY3q%2BtIpSkUUf3um8O8XPuzvcJItQaFl%2FFqPVdc6zRnVAH%2BTD9XvVr5mHuc9c7rg8tZJloWalzo7MOD6lO3nzAcT4PcXn0%3D"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=22333&min_rtt=21875&rtt_var=2924&sent=13&recv=11&lost=0&retrans=0&sent_bytes=3154&recv_bytes=4695&delivery_rate=40544&cwnd=12000&unsent_bytes=0&cid=419ba5b9877cdb00&ts=854&x=1", cfExtPri, cfHdrFlush;dur=0
date
Mon, 09 Dec 2024 14:47:36 GMT
content-type
text/plain
vary
Accept-Encoding
priority
u=1,i
content-security-policy
default-src 'self';img-src * data:;script-src 'self' 'unsafe-eval' 'unsafe-inline';style-src 'self' 'unsafe-inline';connect-src 'self' api.umami.is cloud.umami.is;frame-ancestors 'self' undefined
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-dns-prefetch-control
on
cf-ray
8ef5ca9348139153-FRA
access-control-allow-origin
*
server
cloudflare
send
tian.bafanglaicai.app/api/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://tian.bafanglaicai.app/api/send
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::ac43:9f3f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self';img-src * data:;script-src 'self' 'unsafe-eval' 'unsafe-inline';style-src 'self' 'unsafe-inline';connect-src 'self' api.umami.is cloud.umami.is;frame-ancestors 'self' undefined

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://ehrggtup.monster
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
content-type
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin
*
access-control-max-age
86400
alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
8ef5ca8fcd5e9153-FRA
content-length
0
content-security-policy
default-src 'self';img-src * data:;script-src 'self' 'unsafe-eval' 'unsafe-inline';style-src 'self' 'unsafe-inline';connect-src 'self' api.umami.is cloud.umami.is;frame-ancestors 'self' undefined
date
Mon, 09 Dec 2024 14:47:36 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
priority
u=1,i
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8MfGYV0N601azWuIL7MmLrluLDPp4iFTCMs4BZHnIDscaOSwoTUQsk1t4jyIWxh2WI4zSOCWWPMgpUaJph%2Fnrf%2BOtKSusROWMk3qdf4umcODLc1zkjvPpJecTEm1Khxk8v2PADKepCkqgP45diwI4HftyT8%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
server-timing
cfL4;desc="?proto=QUIC&rtt=22379&min_rtt=21875&rtt_var=3776&sent=10&recv=9&lost=0&retrans=0&sent_bytes=2185&recv_bytes=4145&delivery_rate=589&cwnd=12000&unsent_bytes=0&cid=419ba5b9877cdb00&ts=562&x=1" cfExtPri cfHdrFlush;dur=0
vary
Access-Control-Request-Headers
x-dns-prefetch-control
on
favicon.ico
ehrggtup.monster/assets/img/ 		15 KB
4 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://ehrggtup.monster/assets/img/favicon.ico?v=jw3mK7G9Ry
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::ac43:975e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7e2388ec283fe17472ef02829a93da550af8f3ad4a975f50a0110bff61afe523

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://ehrggtup.monster/

Response headers

server
cloudflare
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
zstd
cf-cache-status
MISS
etag
W/"67416d88-3aee"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mfm1VbJyHeBy2Ppn1TS0ToYXD48gKS6CRdmCnYY4CSUJYfY7nqv1%2BCsmoJFi6YR7wQdYYU%2BlGhieWLsPIMUMklNG9VGHN7IOalSPcFgoa7Hw2ccRjHC0sWz%2FZgXXBk0T%2BSvPZVthNDz1Od%2BYgMom"}],"group":"cf-nel","max_age":604800}
cf-ray
8ef5ca8fad129b3f-FRA
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=22811&min_rtt=21988&rtt_var=368&sent=367&recv=118&lost=0&retrans=0&sent_bytes=399463&recv_bytes=30764&delivery_rate=24225&cwnd=127200&unsent_bytes=0&cid=4b480696136ae514&ts=2520&x=1", cfExtPri, cfHdrFlush;dur=0
date
Mon, 09 Dec 2024 14:47:36 GMT
content-type
image/x-icon
last-modified
Sat, 23 Nov 2024 05:52:08 GMT
vary
Accept-Encoding
priority
u=1,i
104.b23fc99c0ad8aab75e1a.chunk.js
ehrggtup.monster/ 		69 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ehrggtup.monster/104.b23fc99c0ad8aab75e1a.chunk.js
Requested by
Host: ehrggtup.monster
URL: https://ehrggtup.monster/main.e909e0d1fb62ea42e9d0.bundle.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::ac43:975e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
01e3e93f0c28761d227195423db2f66c2a7eba747a95b559c7ca0e5ea6d84b57

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://ehrggtup.monster/

Response headers

server
cloudflare
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
gzip
cf-cache-status
MISS
etag
W/"67416d88-1158d"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EO2N%2BtlOijH5hQpk40W9%2BV2MZdzfKrqk5POJFw6ft%2BlR1kUlS%2FbvZubWWdTACBqztFVvSbuplvNXy8fcYip74DVg6ah4n0%2FSSuKxRhoMbp0U%2BJ%2BCb5RUe3vK%2FVJv6yWlGFHvzpUJlIYRWizmbHjI"}],"group":"cf-nel","max_age":604800}
cf-ray
8ef5ca8fbd229b3f-FRA
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=22811&min_rtt=21988&rtt_var=368&sent=372&recv=118&lost=0&retrans=0&sent_bytes=403915&recv_bytes=30764&delivery_rate=24225&cwnd=127200&unsent_bytes=0&cid=4b480696136ae514&ts=2525&x=1", cfExtPri, cfHdrFlush;dur=0
date
Mon, 09 Dec 2024 14:47:36 GMT
content-type
application/javascript
last-modified
Sat, 23 Nov 2024 05:52:08 GMT
vary
Accept-Encoding
priority
u=3,i=?0
301.057f4a981945e824c78f.chunk.js
ehrggtup.monster/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ehrggtup.monster/301.057f4a981945e824c78f.chunk.js
Requested by
Host: ehrggtup.monster
URL: https://ehrggtup.monster/main.e909e0d1fb62ea42e9d0.bundle.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::ac43:975e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cdbcb6292e07ba83febf941b3358849207493bc6e8f80a41817eb93dec0a19fd

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://ehrggtup.monster/

Response headers

server
cloudflare
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
gzip
cf-cache-status
MISS
etag
W/"67416d88-6fe"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BTYsYWl0YaNXUChoJfwSC3WZAWFaY%2Fw2ENUXq3ijw7R1%2BfYgrnIZVRAK86%2B5dpTGLRRq2L1Kjsn8sxQD6Jhu4JGTb8Ta73ZqlocRKulqpMc9iY533lloDMslzcT%2BXYzu5c3gm6%2BpTeSyp0bpivAs"}],"group":"cf-nel","max_age":604800}
cf-ray
8ef5ca8fbd259b3f-FRA
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=23374&min_rtt=21988&rtt_var=1157&sent=422&recv=126&lost=0&retrans=0&sent_bytes=460544&recv_bytes=32482&delivery_rate=15335&cwnd=127200&unsent_bytes=0&cid=4b480696136ae514&ts=3325&x=1", cfExtPri, cfHdrFlush;dur=0
date
Mon, 09 Dec 2024 14:47:37 GMT
content-type
application/javascript
last-modified
Sat, 23 Nov 2024 05:52:08 GMT
vary
Accept-Encoding
priority
u=3,i=?0
8.228cb76ce437b01a2aeb.chunk.js
ehrggtup.monster/ 		24 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ehrggtup.monster/8.228cb76ce437b01a2aeb.chunk.js
Requested by
Host: ehrggtup.monster
URL: https://ehrggtup.monster/main.e909e0d1fb62ea42e9d0.bundle.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::ac43:975e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
34e74cf0340e76907f2473078d537e2161dd18cc46889fcda005c8d704967e37

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://ehrggtup.monster/

Response headers

server
cloudflare
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
gzip
cf-cache-status
MISS
etag
W/"67416d88-5e90"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PEnjcWHK2OeS77l8Y%2BaiXWdEkrbScM3BwYq5IQCJyTfKUWzi8wJw2MQWP7JvnFUCKu6wTA29C3cBkSdijz%2BHAeeNl7No2q40WL81dEFAWYCaD843mYyXD5VM5jlNeIZHy47n3qEMSlCEI%2B6fRcu7"}],"group":"cf-nel","max_age":604800}
cf-ray
8ef5ca8fbd269b3f-FRA
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=22909&min_rtt=21988&rtt_var=324&sent=360&recv=113&lost=0&retrans=0&sent_bytes=393256&recv_bytes=29834&delivery_rate=1764709&cwnd=127200&unsent_bytes=0&cid=4b480696136ae514&ts=2302&x=1", cfExtPri, cfHdrFlush;dur=0
date
Mon, 09 Dec 2024 14:47:36 GMT
content-type
application/javascript
last-modified
Sat, 23 Nov 2024 05:52:08 GMT
vary
Accept-Encoding
priority
u=3,i=?0
8ef5ca84ac849b3f
ehrggtup.monster/cdn-cgi/challenge-platform/h/g/jsd/r/ Frame D3D9 		0
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ehrggtup.monster/cdn-cgi/challenge-platform/h/g/jsd/r/8ef5ca84ac849b3f
Requested by
Host: ehrggtup.monster
URL: https://ehrggtup.monster/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::ac43:975e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
application/json
Referer

Response headers

nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GPeyyFQH7o0Yjbf0gsDT1VG7nXQOu9ucbDBrp%2BwbTPNoNZuw6lEi8XzECRni39Qx4iUiI2vdcQuWKcQz6Po7qr5Lmq9kuEnstyilcfFIpT5iF%2BmhyiK6m88cLJQCub3QA8CcIys2jSSuoEGyCv%2FF"}],"group":"cf-nel","max_age":604800}
cf-ray
8ef5ca905da49b3f-FRA
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=23066&min_rtt=21988&rtt_var=448&sent=338&recv=107&lost=0&retrans=0&sent_bytes=370054&recv_bytes=28886&delivery_rate=4669350&cwnd=127200&unsent_bytes=0&cid=4b480696136ae514&ts=1910&x=1", cfExtPri, cfHdrFlush;dur=0
content-length
0
date
Mon, 09 Dec 2024 14:47:35 GMT
content-type
text/plain; charset=UTF-8
server
cloudflare
priority
u=1,i
41.6ab156a3a39d7a08893f.chunk.js
ehrggtup.monster/ 		35 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://ehrggtup.monster/41.6ab156a3a39d7a08893f.chunk.js
Requested by
Host: ehrggtup.monster
URL: https://ehrggtup.monster/main.e909e0d1fb62ea42e9d0.bundle.js
Protocol
H3
Server
-, , ASN (),
Reverse DNS
Software
cloudflare /
Resource Hash
b2508b04b3bef5275419629c0e3f1f01df2cf69c6c97c245373f49317a1a3b73

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://ehrggtup.monster/

Response headers

cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
gzip
cf-cache-status
MISS
etag
W/"67416d88-8d61"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Y9wCPEVVf3kBU0Ezv7eb1QFLR8KWESuqozsDbbx3jhxg4q%2FJC6fc8FYYndUw6UR6%2BrvHaj8IqseQDK%2BLXI78O0esXcgtK8TPY7asvBDylxC7kI9bTPGUBjxV4s2VCOEHjYtQeSq91CsOwd6JpBi4"}],"group":"cf-nel","max_age":604800}
cf-ray
8ef5ca98fbe69b3f-FRA
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=23103&min_rtt=21988&rtt_var=1106&sent=428&recv=130&lost=0&retrans=0&sent_bytes=465456&recv_bytes=33975&delivery_rate=6154&cwnd=127200&unsent_bytes=0&cid=4b480696136ae514&ts=4015&x=1", cfExtPri, cfHdrFlush;dur=0
date
Mon, 09 Dec 2024 14:47:37 GMT
content-type
application/javascript
last-modified
Sat, 23 Nov 2024 05:52:08 GMT
server
cloudflare
priority
u=0,i
vary
Accept-Encoding
480.e548ea77058f9dac9735.chunk.js
ehrggtup.monster/ 		1 MB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://ehrggtup.monster/480.e548ea77058f9dac9735.chunk.js
Requested by
Host: ehrggtup.monster
URL: https://ehrggtup.monster/main.e909e0d1fb62ea42e9d0.bundle.js
Protocol
H3
Server
-, , ASN (),
Reverse DNS
Software
cloudflare /
Resource Hash
a5f7efab411bf842717576412603ebcdf5401ad6785e6f6b955b43d11b416ac6

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://ehrggtup.monster/

Response headers

cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
gzip
cf-cache-status
MISS
etag
W/"67416d88-16d484"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fZ0BjkasXn28XwI0i7%2BRXW9yS7TR%2FdQgGnar6QY%2FxJbjIYTTNSVTABfF0tMPCGwHeSlz%2FRVaVAwmpW3NrUHIHjHWy82AtoI5p%2Fxwez5Lt%2F%2FKO8Fcr0zAfuFNZQoi2xiEzKRiyQDiQ21aprpEmVQ9"}],"group":"cf-nel","max_age":604800}
cf-ray
8ef5ca999c5a9b3f-FRA
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=23162&min_rtt=21988&rtt_var=735&sent=443&recv=132&lost=0&retrans=0&sent_bytes=482972&recv_bytes=34064&delivery_rate=756513&cwnd=127200&unsent_bytes=0&cid=4b480696136ae514&ts=4103&x=1", cfExtPri, cfHdrFlush;dur=0
date
Mon, 09 Dec 2024 14:47:37 GMT
content-type
application/javascript
last-modified
Sat, 23 Nov 2024 05:52:08 GMT
server
cloudflare
priority
u=3,i
vary
Accept-Encoding
709.ae8e0000f4edcfe60aba.chunk.js
ehrggtup.monster/ 		5 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://ehrggtup.monster/709.ae8e0000f4edcfe60aba.chunk.js
Requested by
Host: ehrggtup.monster
URL: https://ehrggtup.monster/main.e909e0d1fb62ea42e9d0.bundle.js
Protocol
H3
Server
-, , ASN (),
Reverse DNS
Software
cloudflare /
Resource Hash
4aed6ee03b7270790b11cd8f6f8100e3aa9894dc8f719f80fb25329eb90c8d7a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://ehrggtup.monster/

Response headers

cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
gzip
cf-cache-status
MISS
etag
W/"67416d88-148d"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QupxX9QAR%2B2iutlOAXD3FZn1y1H6UmVsJMWjjAw8fAe32rG95Cc1TfaaisucEWwKJdxYnbiC2wGL8vdC2GkKjrN9%2Bd0islOArtf74J55P%2FJPSLrPKyq143Y0mB0WJoBFTGsm%2BfravBFLH1diiJbc"}],"group":"cf-nel","max_age":604800}
cf-ray
8ef5ca999c5c9b3f-FRA
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=23203&min_rtt=21988&rtt_var=1208&sent=425&recv=129&lost=0&retrans=0&sent_bytes=462215&recv_bytes=33930&delivery_rate=20941&cwnd=127200&unsent_bytes=0&cid=4b480696136ae514&ts=3873&x=1", cfExtPri, cfHdrFlush;dur=0
date
Mon, 09 Dec 2024 14:47:37 GMT
content-type
application/javascript
last-modified
Sat, 23 Nov 2024 05:52:08 GMT
server
cloudflare
priority
u=3,i
vary
Accept-Encoding
aecf618d-6d60-47bd-83ba-729bba0113eb
https://ehrggtup.monster/ Frame 		0
0
4325d3f7-051a-4d9a-a0d8-7d97c968cc0a
https://ehrggtup.monster/ Frame 		0
0
67eacd99-0cad-47ae-baf5-cf6b30af0b0c
https://ehrggtup.monster/ Frame 		0
0
npm.qr-code-styling.f8f57a1c721e03c3f699.chunk.js
ehrggtup.monster/ 		64 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://ehrggtup.monster/npm.qr-code-styling.f8f57a1c721e03c3f699.chunk.js
Requested by
Host: ehrggtup.monster
URL: https://ehrggtup.monster/main.e909e0d1fb62ea42e9d0.bundle.js
Protocol
H3
Server
-, , ASN (),
Reverse DNS
Software
cloudflare /
Resource Hash
932e9a817af82373fc18ab3c39ad1bbc706d3b4e5979407c0ad4f5320b099136

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://ehrggtup.monster/

Response headers

cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
gzip
cf-cache-status
MISS
etag
W/"67416d88-ff4e"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=k2rQTziB94om1wfYvk8KjujyxOhix%2FG9dp7faEZQ5g9zLBhQZ0OzyH64EhVfRTroy7SBbJMFWLqo1zuOmgu%2FFTcZ2HXP6HseTeQGkISe273QX%2B%2BMbJmPX3y3FXfb58%2FiHMoadawM5xg3F8qlpArH"}],"group":"cf-nel","max_age":604800}
cf-ray
8ef5caa48c119b3f-FRA
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=23206&min_rtt=21988&rtt_var=431&sent=864&recv=178&lost=0&retrans=0&sent_bytes=980363&recv_bytes=37457&delivery_rate=368447&cwnd=186000&unsent_bytes=0&cid=4b480696136ae514&ts=5869&x=1", cfExtPri, cfHdrFlush;dur=0
date
Mon, 09 Dec 2024 14:47:39 GMT
content-type
application/javascript
last-modified
Sat, 23 Nov 2024 05:52:08 GMT
server
cloudflare
priority
u=3,i
vary
Accept-Encoding
810.f6d94fc8d0635364313b.chunk.js
ehrggtup.monster/ 		0
0
logo_padded.svg
ehrggtup.monster/assets/img/ 		1 KB
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ehrggtup.monster/assets/img/logo_padded.svg
Requested by
Host: ehrggtup.monster
URL: https://ehrggtup.monster/709.ae8e0000f4edcfe60aba.chunk.js
Protocol
H3
Server
-, , ASN (),
Reverse DNS
Software
cloudflare /
Resource Hash
eeb79b0ae5da35d3433de6edeec3a0e3cce9c24f517dbad26ed97e852666c8f4

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://ehrggtup.monster/

Response headers

cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
zstd
cf-cache-status
MISS
etag
W/"67416d88-42d"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=voqzr32r0txw3381UhWdqXsE%2BwXnu%2Bu4D3jsrgi%2FOvyCv0VGKNeR8DVz4OzS1vDmfxlT%2FTtA1mI3DUNIjb6wd5GT32LeuMuFPlyKSLSZlPCsCcuy0mCRucaFzfFLY692tCoTWcKw5cF2mJOOu32f"}],"group":"cf-nel","max_age":604800}
cf-ray
8ef5caae3c179b3f-FRA
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=23108&min_rtt=21988&rtt_var=529&sent=884&recv=182&lost=0&retrans=0&sent_bytes=1002261&recv_bytes=38298&delivery_rate=102731&cwnd=186000&unsent_bytes=0&cid=4b480696136ae514&ts=7197&x=1", cfExtPri, cfHdrFlush;dur=0
date
Mon, 09 Dec 2024 14:47:41 GMT
content-type
image/svg+xml
last-modified
Sat, 23 Nov 2024 05:52:08 GMT
server
cloudflare
priority
u=1,i
vary
Accept-Encoding
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml;charset=utf-8

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
ehrggtup.monster
URL
https://ehrggtup.monster/mtproto.worker.ae3e8dc772cae8b81c0e.chunk.js
Domain
ehrggtup.monster
URL
https://ehrggtup.monster/crypto.worker.1addef60de53de89c181.chunk.js
Domain
ehrggtup.monster
URL
blob:https://ehrggtup.monster/aecf618d-6d60-47bd-83ba-729bba0113eb
Domain
ehrggtup.monster
URL
blob:https://ehrggtup.monster/4325d3f7-051a-4d9a-a0d8-7d97c968cc0a
Domain
ehrggtup.monster
URL
blob:https://ehrggtup.monster/67eacd99-0cad-47ae-baf5-cf6b30af0b0c
Domain
ehrggtup.monster
URL
https://ehrggtup.monster/810.f6d94fc8d0635364313b.chunk.js

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Telegram (Instant Messenger)

58 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| webpackChunktweb object| rootScope function| AppStorage object| stateStorage function| wrapUrl object| I18n object| webpWorkerController object| appStorage object| singleInstance object| webPushApiManager object| telegramMeWebManager object| opusDecodeController object| cryptoMessagePort object| mtprotoMessagePort object| serviceMessagePort object| apiManagerProxy function| calcImageInBox object| mediaSizes object| customProperties object| themeController function| formatDateAccordingToTodayNew function| fillTipDates object| umami function| dispatchHeavyAnimationEvent object| sequentialDom object| appDownloadManager object| appMediaPlaybackController object| appNavigationController object| liteMode object| windowSize function| getVisibleRect function| generatePathData function| p function| putPreloader function| getRichValueWithCaret function| compareNodes function| placeCaretAtEnd function| PopupNewMedia function| SlicedArray function| ScrollSaver object| internalLinkProcessor object| emoticonsDropdown object| appSidebarRight function| getStream function| getStreamCached object| groupCallController object| callsController object| appDialogsManager object| appSidebarLeft object| uiNotificationsManager object| appImManager object| syncedPlayers object| emojiRenderers function| wrapRichText object| animationIntersector object| lottieLoader object| pagesManager

1 Cookies

Domain/Path Name / Value
.ehrggtup.monster/ Name: cf_clearance
Value: n786JlA7zFbAVvqSzLMa0sejN85vi41mPIdnUqikcRQ-1733755655-1.2.1.1-sw41UdulB5iQsopQnlbG8gHEPNAw1n8IUbO6twvjMm5zN_kNnuu9N8qzPUr4Pxq3yPY40dJjIRmMSfhh7nV8Js3xAlMynW0.hTaBFHFBO68PxqHxJv1u6ocGzht1UEP4kf1hT1EgDVBeNUvF8gfSLY4hOt1x9Y48tIg9Y91SjLF1FKDDSzfHM0wh3NvAAmwHxNEIEp.0cLvTIUiBX_MH_N4wZzj_3p_RRPUYe4qoVbPa43iHBOtfZv_dn.jfx4CXkuO40uVB1WOgvJmnHfxJtguOOcqQAGMD6bs9BMm0QvT4g24GVrNYnUHczTpRgTZ40HNPv1vXlD2I2V4BvNGv_O.xELJxn8AJ6TvGRXei.q9osvS4Xh7X5ExoewmXTd9O

1 Console Messages

Source Level URL
Text
rendering warning URL: https://ehrggtup.monster/(Line 3)
Message:
[GroupMarkerNotSet(crbug.com/242999)!:A050360234020000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader flag to opt in to lower security guarantees for trusted content.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ehrggtup.monster
tian.bafanglaicai.app
ehrggtup.monster
2606:4700:3031::ac43:9f3f
2606:4700:3036::ac43:975e
01e3e93f0c28761d227195423db2f66c2a7eba747a95b559c7ca0e5ea6d84b57
023d8e20a6dc800a6415a305418e11c27484c01ab373778d26d87e8b020961c4
11d775e5b4a49b49c652204d0833ae4e62066eef5828d2b5d0de0ebd403923c0
216ac2ed4fb401b782b3aedec58fa3011db42a583f7c0f3b3cfe2a677cf5bb99
322deb24d6d5efcf38e98818033dc373a21e67a4535703a0bae2772b13d9f5ce
34e74cf0340e76907f2473078d537e2161dd18cc46889fcda005c8d704967e37
4aed6ee03b7270790b11cd8f6f8100e3aa9894dc8f719f80fb25329eb90c8d7a
5931974f456235914cbd864a86d028ea166b3211f36f1734265c2de4dcff3676
6c9e71e77b3704e3693a7df5b42957ad2e7e9f418c41746699fbedd51752c5ce
7e2388ec283fe17472ef02829a93da550af8f3ad4a975f50a0110bff61afe523
86df896f198a8e1944a598dfecc75244aefcef64fdca604b2b557017693aa180
8abc78d788514ae251fdb808e33042a2312c180ec76f667d9abc40ca90e787b4
932e9a817af82373fc18ab3c39ad1bbc706d3b4e5979407c0ad4f5320b099136
a5f7efab411bf842717576412603ebcdf5401ad6785e6f6b955b43d11b416ac6
a89c231c05beb2bc0279d160afc10062c2caed1f6de9d9310bc7cadcf3e4c7c0
aef6b86fae075c0230bd5c7c6005909f5f126f00c5676058612b3c98d7f93e05
b2508b04b3bef5275419629c0e3f1f01df2cf69c6c97c245373f49317a1a3b73
bc005896f6d083f4749305eb91aafe4927bec4f86fff9097d97cdb0038078040
cdbcb6292e07ba83febf941b3358849207493bc6e8f80a41817eb93dec0a19fd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eeb79b0ae5da35d3433de6edeec3a0e3cce9c24f517dbad26ed97e852666c8f4