kzcxuhpbgvjet.bond Open in urlscan Pro
2606:4700:3037::6815:31ec  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

22 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
2 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H3	200	Primary Request / Show response kzcxuhpbgvjet.bond/	4 KB 2 KB	635ms 545ms	Document text/html	2606:4700:3037::6815:31ec CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://kzcxuhpbgvjet.bond/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3037::6815:31ec , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 81bbb48854451f50a3d71aa8114faaf22f205718f016f23ec62f5fd252157f4f Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Response headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 8f5095c34f65429d-EWR content-encoding zstd content-type text/html date Fri, 20 Dec 2024 15:14:57 GMT last-modified Sat, 14 Dec 2024 10:26:51 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} priority u=0,i report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CzjmkQldE6XawBKGoh0BfylPvX1ZtN36%2FVRUvdoYdhk7YJDdACivh81%2FS36YB8YYx1mWUab6cF5EP5yPAQLRGegcFYLk%2Fgt66PruqMjCX9vIYpkvJ7O9Fn0GeSkkTqOf09mhDS%2BNGnT04CUYe8Tnf4g%3D"}],"group":"cf-nel","max_age":604800} server cloudflare server-timing cfL4;desc="?proto=QUIC&rtt=27979&min_rtt=23805&rtt_var=11162&sent=11&recv=10&lost=0&retrans=0&sent_bytes=4152&recv_bytes=4429&delivery_rate=592&cwnd=12000&unsent_bytes=0&cid=39ef6735aeba9050&ts=552&x=1" cfExtPri cfHdrFlush;dur=0 vary Accept-Encoding
GET H3	200	redirect.js Show response kzcxuhpbgvjet.bond/	325 B 904 B	527ms 526ms	Script application/javascript	2606:4700:3037::6815:31ec CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://kzcxuhpbgvjet.bond/redirect.js Requested by Host: kzcxuhpbgvjet.bond URL: https://kzcxuhpbgvjet.bond/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3037::6815:31ec , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 375141f2d3f04c733276dbff5d9208ff36b2db6a64abcee723179ac24797974f Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://kzcxuhpbgvjet.bond/ Response headers server cloudflare cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} content-encoding zstd cf-cache-status REVALIDATED etag W/"674840b0-145" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=C5D1nV1I9wJcZM9%2FFbQgpOlNrteSPy78DvpYYLLRaM0PeoyfSwicud2Gkwl%2FiwLOBAcgdc5w2I4zX9MSRUdnYTjI9aoYMUUGCHrQ%2BMeBjW%2BDcL5AWWSrAJ8QQ3PcWj%2FGoN85SAObdUIRjWU%2B%2FCxhy4E%3D"}],"group":"cf-nel","max_age":604800} cf-ray 8f5095c6ebef429d-EWR alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=26707&min_rtt=22535&rtt_var=8481&sent=16&recv=13&lost=0&retrans=0&sent_bytes=6687&recv_bytes=4809&delivery_rate=111424&cwnd=12000&unsent_bytes=0&cid=39ef6735aeba9050&ts=1115&x=1", cfExtPri, cfHdrFlush;dur=0 date Fri, 20 Dec 2024 15:14:58 GMT content-type application/javascript last-modified Thu, 28 Nov 2024 10:06:40 GMT vary Accept-Encoding priority u=1,i=?0
GET H3	200	main.d54bfa037348b154a941.js Show response kzcxuhpbgvjet.bond/	290 KB 111 KB	538ms 537ms	Script application/javascript	2606:4700:3037::6815:31ec CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://kzcxuhpbgvjet.bond/main.d54bfa037348b154a941.js Requested by Host: kzcxuhpbgvjet.bond URL: https://kzcxuhpbgvjet.bond/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3037::6815:31ec , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 4c70083f389a2fafc6a5f3c35179243623b4416cab07a1c6ce08d3f7c1ddb2ae Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://kzcxuhpbgvjet.bond/ Response headers server cloudflare cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} content-encoding gzip cf-cache-status REVALIDATED etag W/"674840af-48637" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RywsimJFSyPIPbiSMSng5gSpwMbmL4AgDbBBcjNIhwRBjGctSZzrxrrrq9hvecp7tOHF20K3OEUmo%2B61RZhJ6ljGiUO6JR4zfAdA9lenmcy5W5h9ca%2BwKUK9PbQQMzmiemdpw5z3lu14c%2FmCPJDHqYI%3D"}],"group":"cf-nel","max_age":604800} cf-ray 8f5095ca3898429d-EWR alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=26112&min_rtt=21948&rtt_var=7550&sent=19&recv=17&lost=0&retrans=0&sent_bytes=7662&recv_bytes=5754&delivery_rate=1817&cwnd=12000&unsent_bytes=0&cid=39ef6735aeba9050&ts=1654&x=1", cfExtPri, cfHdrFlush;dur=0 date Fri, 20 Dec 2024 15:14:58 GMT content-type application/javascript last-modified Thu, 28 Nov 2024 10:06:39 GMT vary Accept-Encoding priority u=3,i=?0
GET H3	200	main.949acaf34f3882f511ff.css kzcxuhpbgvjet.bond/	111 KB 27 KB	559ms 558ms	Stylesheet text/css	2606:4700:3037::6815:31ec CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://kzcxuhpbgvjet.bond/main.949acaf34f3882f511ff.css Requested by Host: kzcxuhpbgvjet.bond URL: https://kzcxuhpbgvjet.bond/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3037::6815:31ec , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash d5e81ea05db27d47fa91e6bd4d675cc1c8eeec9341a4db7859359a7c5ee5fca3 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://kzcxuhpbgvjet.bond/ Response headers server cloudflare cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} content-encoding gzip cf-cache-status REVALIDATED etag W/"674840af-1ba95" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ykDZdG9iOm%2F9eebV0AurjKzrDsjro8vdGSR1shrBQGCzN1MQocFps7IZXnERyMThp6XilSW6mn76SmHZ7c1FC2EETK3n1FKTw1%2B4DwIEb9e%2BobKhisjThOh9nfu03H7x9Ndo4ru0ACvYvlwJ4W%2FVjtg%3D"}],"group":"cf-nel","max_age":604800} cf-ray 8f5095ca38a0429d-EWR alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=26112&min_rtt=21948&rtt_var=7550&sent=29&recv=17&lost=0&retrans=0&sent_bytes=19662&recv_bytes=5754&delivery_rate=1817&cwnd=12000&unsent_bytes=0&cid=39ef6735aeba9050&ts=1658&x=1", cfExtPri, cfHdrFlush;dur=20 date Fri, 20 Dec 2024 15:14:58 GMT content-type text/css last-modified Thu, 28 Nov 2024 10:06:39 GMT vary Accept-Encoding priority u=0,i=?0
GET H3	200	compatTest.js Show response kzcxuhpbgvjet.bond/	2 KB 2 KB	582ms 581ms	Script application/javascript	2606:4700:3037::6815:31ec CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://kzcxuhpbgvjet.bond/compatTest.js Requested by Host: kzcxuhpbgvjet.bond URL: https://kzcxuhpbgvjet.bond/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3037::6815:31ec , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 15c24ec2b4cb94f24e66750f09e7071e5659e20a5ed926f69f565e20a81027cf Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://kzcxuhpbgvjet.bond/ Response headers server cloudflare cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} content-encoding gzip cf-cache-status REVALIDATED etag W/"674840b0-9f0" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zfoBM6%2F3ItsV5QO2oOo8Hv1CY0RJCC22j7vNYyk291K9rg1AgSqIESn2SKs22i5a3Y7yGu%2FXRyeS%2BXe9i3%2FqY%2FlHKkiXFNmvI0bjQVKhDfv7M0TKEydU%2FvLYrQIGYPPbe7OkoH6UFpCl9wArmgTgeYY%3D"}],"group":"cf-nel","max_age":604800} cf-ray 8f5095ca38a6429d-EWR alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=26112&min_rtt=21948&rtt_var=7550&sent=29&recv=17&lost=0&retrans=0&sent_bytes=19662&recv_bytes=5754&delivery_rate=1817&cwnd=12000&unsent_bytes=0&cid=39ef6735aeba9050&ts=1661&x=1", cfExtPri, cfHdrFlush;dur=17 date Fri, 20 Dec 2024 15:14:58 GMT content-type application/javascript last-modified Thu, 28 Nov 2024 10:06:40 GMT vary Accept-Encoding priority u=1,i=?0
GET H3	200	script.js Show response hu.bafanglaicai.app/	3 KB 2 KB	622ms 513ms	Script application/javascript	2606:4700:3032::6815:2a4f CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://hu.bafanglaicai.app/script.js Requested by Host: kzcxuhpbgvjet.bond URL: https://kzcxuhpbgvjet.bond/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3032::6815:2a4f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 023d8e20a6dc800a6415a305418e11c27484c01ab373778d26d87e8b020961c4 Security Headers Name Value Content-Security-Policy default-src 'self';img-src * data:;script-src 'self' 'unsafe-eval' 'unsafe-inline';style-src 'self' 'unsafe-inline';connect-src 'self' api.umami.is cloud.umami.is;frame-ancestors 'self' undefined Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://kzcxuhpbgvjet.bond/ Response headers content-encoding gzip cf-cache-status REVALIDATED etag W/"a11-19196e5b838" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pBn0pD1CzKOWipZ%2Fioo9%2B1GiXeazduPLZFwXfF6FRRgYVXMgNDd8qXmUxqcjdCWF77or0Ier8uZ9E8xd3zlCq86WiktBHGvH1HWVvIgUzbHgZyubTQQMpBZZj0xswHDQP9FR93KmHbk%2Fp%2F7UqyfqWlPP"}],"group":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=22466&min_rtt=21738&rtt_var=4485&sent=12&recv=10&lost=0&retrans=0&sent_bytes=4147&recv_bytes=4309&delivery_rate=554&cwnd=12000&unsent_bytes=0&cid=dbd339b5518f7ce2&ts=521&x=1", cfExtPri, cfHdrFlush;dur=0 date Fri, 20 Dec 2024 15:14:59 GMT content-type application/javascript; charset=UTF-8 last-modified Wed, 28 Aug 2024 02:52:03 GMT vary Accept-Encoding priority u=3,i=?0 content-security-policy default-src 'self';img-src * data:;script-src 'self' 'unsafe-eval' 'unsafe-inline';style-src 'self' 'unsafe-inline';connect-src 'self' api.umami.is cloud.umami.is;frame-ancestors 'self' undefined cache-control public, max-age=14400 x-dns-prefetch-control on nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 8f5095ce9a8741d9-EWR server cloudflare
GET H3	206	notification.mp3 kzcxuhpbgvjet.bond/	11 KB 11 KB	512ms 511ms	Media audio/mpeg	2606:4700:3037::6815:31ec CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://kzcxuhpbgvjet.bond/notification.mp3 Requested by Host: kzcxuhpbgvjet.bond URL: https://kzcxuhpbgvjet.bond/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3037::6815:31ec , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 86093551f5a7f68c7dcac947bd8dc54c6a79dd9a5d83f7e40116d640eb28c7d6 Request headers Referer https://kzcxuhpbgvjet.bond/ Accept-Encoding identity;q=1, *;q=0 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Range bytes=0- Response headers cf-cache-status REVALIDATED etag "674840b0-2a80" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=A1f0ZF%2BYVvkB7AMLcR%2FF1zXtXJxZpimjl%2FxFgOnB4cpiyBKx%2BilKnx6i36guysLuLYH%2BcWP7S7ZhCJy5g5NhgaLe7hkpzSfzZlxtQr7oUiYC3vbh2jxgOxloxJobi%2BfJUrfbxnnsLtnYSSmImoTWQig%3D"}],"group":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=34873&min_rtt=21789&rtt_var=5914&sent=149&recv=70&lost=0&retrans=0&sent_bytes=153989&recv_bytes=9858&delivery_rate=1879388&cwnd=79200&unsent_bytes=0&cid=39ef6735aeba9050&ts=2300&x=1", cfExtPri, cfHdrFlush;dur=0 date Fri, 20 Dec 2024 15:14:59 GMT content-type audio/mpeg last-modified Thu, 28 Nov 2024 10:06:40 GMT vary Accept-Encoding priority u=3,i cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Content-Range bytes 0-10879/10880 cf-ray 8f5095ce6efd429d-EWR Content-Length 10880 server cloudflare
GET H3	200	5193.75042954cc9da1f6d6ac.js Show response kzcxuhpbgvjet.bond/	18 KB 7 KB	553ms 553ms	Script application/javascript	2606:4700:3037::6815:31ec CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://kzcxuhpbgvjet.bond/5193.75042954cc9da1f6d6ac.js Requested by Host: kzcxuhpbgvjet.bond URL: https://kzcxuhpbgvjet.bond/main.d54bfa037348b154a941.js Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3037::6815:31ec , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash fd5d096f167239210ad895c0332de2bc95585ad11a667295e97687efde54162a Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://kzcxuhpbgvjet.bond/ Response headers server cloudflare cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} content-encoding gzip cf-cache-status REVALIDATED etag W/"674840af-47f6" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VjGn1gPinUIdf%2BShCr9cN9%2FOy0VvxKsfLi%2BF2EVQOe2UvcgVhXRcOypAedIZafCiS2tepSNxGF4ZNkwCPorT7c4%2F1caHIArQqU4DZTwjlJWUwtBzywWZ9AKLxjCMeO%2FXYqtZ2%2BZUqlpTgc8Mm6kArcg%3D"}],"group":"cf-nel","max_age":604800} cf-ray 8f5095ce7f13429d-EWR alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=29861&min_rtt=21789&rtt_var=4454&sent=336&recv=77&lost=0&retrans=0&sent_bytes=375843&recv_bytes=10169&delivery_rate=155838&cwnd=158400&unsent_bytes=0&cid=39ef6735aeba9050&ts=2345&x=1", cfExtPri, cfHdrFlush;dur=0 date Fri, 20 Dec 2024 15:14:59 GMT content-type application/javascript last-modified Thu, 28 Nov 2024 10:06:39 GMT vary Accept-Encoding priority u=3,i=?0
GET H3	200	chat-bg-br.f34cc96fbfb048812820.png kzcxuhpbgvjet.bond/	2 KB 3 KB	533ms 533ms	Image image/png	2606:4700:3037::6815:31ec CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://kzcxuhpbgvjet.bond/chat-bg-br.f34cc96fbfb048812820.png Requested by Host: kzcxuhpbgvjet.bond URL: https://kzcxuhpbgvjet.bond/main.949acaf34f3882f511ff.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3037::6815:31ec , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 3151f7930d821bccf4a76cbbe4a3533e2b56bdff696f260c864ab639ac7526ea Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://kzcxuhpbgvjet.bond/main.949acaf34f3882f511ff.css Response headers cf-cache-status REVALIDATED etag "674840af-780" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=otewBwZ25pljUM7nsEqLqxk1BE2xOzDPk1lF2zHUgwKCUEyLLZPL98fn0YBGMwM0N9AaO%2BkKPyMkRs7toSHsmIgwNKS%2FWSVMnBO1MCEqdlQ5dqbZy3MX4MPRKJmA%2BZpP%2FamnlEIdNHJO5E9AAMOSems%3D"}],"group":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=33378&min_rtt=21789&rtt_var=7426&sent=235&recv=71&lost=0&retrans=0&sent_bytes=255843&recv_bytes=9902&delivery_rate=23324&cwnd=90000&unsent_bytes=0&cid=39ef6735aeba9050&ts=2334&x=1", cfExtPri, cfHdrFlush;dur=3 date Fri, 20 Dec 2024 15:14:59 GMT content-type image/png last-modified Thu, 28 Nov 2024 10:06:39 GMT vary Accept-Encoding priority u=3,i cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 8f5095ce7f28429d-EWR accept-ranges bytes content-length 1920 server cloudflare
GET H3	200	chat-bg-pattern-light.ee148af944f6580293ae.png kzcxuhpbgvjet.bond/	266 KB 267 KB	509ms 508ms	Image image/png	2606:4700:3037::6815:31ec CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://kzcxuhpbgvjet.bond/chat-bg-pattern-light.ee148af944f6580293ae.png Requested by Host: kzcxuhpbgvjet.bond URL: https://kzcxuhpbgvjet.bond/main.949acaf34f3882f511ff.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3037::6815:31ec , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 00745db819d91c37bf0f59bee00ab2efe9766fddcb726ff1bcb6847748b2bbc7 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://kzcxuhpbgvjet.bond/main.949acaf34f3882f511ff.css Response headers cf-cache-status REVALIDATED etag "674840af-429eb" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mW83hHJHD5%2B7kP0NDOnN6MG%2F5%2BKj4pW0FMJHY8V3OVbAJT4dqIuh%2FjWyM3cFGg0%2BDzmwH0FLZpgexywZsBuNPOxIYHpoAvwasffiAK1xsNbjpvSiRCahv33y0%2BlRyHIxFsbloJkJj5u7%2FcX27Y0i8qo%3D"}],"group":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=34873&min_rtt=21789&rtt_var=5914&sent=159&recv=70&lost=0&retrans=0&sent_bytes=165843&recv_bytes=9858&delivery_rate=1879388&cwnd=79200&unsent_bytes=0&cid=39ef6735aeba9050&ts=2311&x=1", cfExtPri, cfHdrFlush;dur=0 date Fri, 20 Dec 2024 15:14:59 GMT content-type image/png last-modified Thu, 28 Nov 2024 10:06:39 GMT vary Accept-Encoding priority u=3,i cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 8f5095ce7f2b429d-EWR accept-ranges bytes content-length 272875 server cloudflare
GET H3	200	telegram-logo.1b2bb5b107f046ea9325.svg kzcxuhpbgvjet.bond/	932 B 1 KB	560ms 559ms	Image image/svg+xml	2606:4700:3037::6815:31ec CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://kzcxuhpbgvjet.bond/telegram-logo.1b2bb5b107f046ea9325.svg Requested by Host: kzcxuhpbgvjet.bond URL: https://kzcxuhpbgvjet.bond/main.949acaf34f3882f511ff.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3037::6815:31ec , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash ade1ddec66f6e98e30d8a56b01e7dd9d2c84a8f4dac51bc88d2ab5bc6e5d1a62 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://kzcxuhpbgvjet.bond/main.949acaf34f3882f511ff.css Response headers server cloudflare cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} content-encoding zstd cf-cache-status REVALIDATED etag W/"674840af-3a4" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AK60c2eTAPdsGmK3C%2FFkHS%2FccUyqT6W%2FAOsIqiro4Y9BidCpB9dhTu1Bfu%2FgvNqLaXaEScBSUv8mWJzQQ8R3MUEBbZiuACzvvUUns86ZjcdQOyH8AUNCpj7R9Kn1xe1EXWsIa9GXKdhQ%2FnyrbOB4ADE%3D"}],"group":"cf-nel","max_age":604800} cf-ray 8f5095ce7f2f429d-EWR alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=28553&min_rtt=21789&rtt_var=4756&sent=387&recv=79&lost=0&retrans=0&sent_bytes=435843&recv_bytes=10260&delivery_rate=177066&cwnd=180000&unsent_bytes=0&cid=39ef6735aeba9050&ts=2362&x=1", cfExtPri, cfHdrFlush;dur=0 date Fri, 20 Dec 2024 15:14:59 GMT content-type image/svg+xml last-modified Thu, 28 Nov 2024 10:06:39 GMT vary Accept-Encoding priority u=3,i
GET DATA	200 OK	truncated /	307 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash bc5cbdb6250171b87c0310a8e636e39f5a56b4d8a78262315705c2cc9ab8da14 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	244 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 6b9e73b25890fe9c309feff6ef849db08babba9c055b169c20815866d264f3ef Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer Response headers Content-Type image/svg+xml
GET H2	200	_websync_ Show response t.me/	4 B 359 B	506ms 260ms	Script application/json	2001:67c:4e8:f004::9 Telegram Telegram...
General Check archive.org Show headers Download Go to Full URL https://t.me/_websync_?authed=0&version=10.9.21+A Requested by Host: kzcxuhpbgvjet.bond URL: https://kzcxuhpbgvjet.bond/main.d54bfa037348b154a941.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2001:67c:4e8:f004::9 Amsterdam, Netherlands, ASN62041 (Telegram Telegram Messenger Inc, VG), Reverse DNS Software nginx/1.18.0 / Resource Hash b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b Security Headers Name Value Strict-Transport-Security max-age=35768000 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://kzcxuhpbgvjet.bond/ Response headers strict-transport-security max-age=35768000 cache-control no-store content-encoding gzip pragma no-cache content-length 24 date Fri, 20 Dec 2024 15:14:59 GMT content-type application/json; charset=utf-8 server nginx/1.18.0
GET H2	200	_websync_ Show response telegram.me/	4 B 359 B	398ms 156ms	Script application/json	2001:67c:4e8:f004::9 Telegram Telegram...
General Check archive.org Show headers Download Go to Full URL https://telegram.me/_websync_?authed=0&version=10.9.21+A Requested by Host: kzcxuhpbgvjet.bond URL: https://kzcxuhpbgvjet.bond/main.d54bfa037348b154a941.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2001:67c:4e8:f004::9 Amsterdam, Netherlands, ASN62041 (Telegram Telegram Messenger Inc, VG), Reverse DNS Software nginx/1.18.0 / Resource Hash b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b Security Headers Name Value Strict-Transport-Security max-age=35768000 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://kzcxuhpbgvjet.bond/ Response headers strict-transport-security max-age=35768000 cache-control no-store content-encoding gzip pragma no-cache content-length 24 date Fri, 20 Dec 2024 15:14:59 GMT content-type application/json; charset=utf-8 server nginx/1.18.0
GET		3559.80b270ba0e217557b392.js kzcxuhpbgvjet.bond/	0 0
POST H3	200	send Show response hu.bafanglaicai.app/api/	601 B 1 KB	299ms 297ms	Fetch text/plain	2606:4700:3032::6815:2a4f CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://hu.bafanglaicai.app/api/send Requested by Host: hu.bafanglaicai.app URL: https://hu.bafanglaicai.app/script.js Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3032::6815:2a4f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 4b0df0fda26d6f1dbd8ec954ba4d1e48088a07521041248ee17579dcf261b6aa Security Headers Name Value Content-Security-Policy default-src 'self';img-src * data:;script-src 'self' 'unsafe-eval' 'unsafe-inline';style-src 'self' 'unsafe-inline';connect-src 'self' api.umami.is cloud.umami.is;frame-ancestors 'self' undefined Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Content-Type application/json Referer https://kzcxuhpbgvjet.bond/ Response headers content-encoding zstd cf-cache-status DYNAMIC etag W/"razhm681eogp" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=opyjPWuSVtSYCDMW2wanQ7txQOSuQbMKEkX1D3yFqUTsj029rcF92imT0Vt8f6FEvhdyGEnDCyTmw0fEq9m4pRx3%2FS95F6A8T%2B7H57d8HlwEWHM%2BL059jhdRHD5kOAGEPHyu%2BofZ%2BwKCV%2BL%2Bf%2F3m0i82"}],"group":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=23908&min_rtt=22812&rtt_var=4156&sent=12&recv=11&lost=0&retrans=0&sent_bytes=3127&recv_bytes=4702&delivery_rate=37776&cwnd=12000&unsent_bytes=0&cid=5567ccfc0993b6b5&ts=839&x=1", cfExtPri, cfHdrFlush;dur=0 date Fri, 20 Dec 2024 15:15:00 GMT content-type text/plain vary Accept-Encoding priority u=1,i content-security-policy default-src 'self';img-src * data:;script-src 'self' 'unsafe-eval' 'unsafe-inline';style-src 'self' 'unsafe-inline';connect-src 'self' api.umami.is cloud.umami.is;frame-ancestors 'self' undefined nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-dns-prefetch-control on cf-ray 8f5095d5f8dd7c99-EWR access-control-allow-origin * server cloudflare
OPTIONS H3	204	send hu.bafanglaicai.app/api/	0 0	611ms 537ms	Preflight	2606:4700:3032::6815:2a4f CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://hu.bafanglaicai.app/api/send Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3032::6815:2a4f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Security Headers Name Value Content-Security-Policy default-src 'self';img-src * data:;script-src 'self' 'unsafe-eval' 'unsafe-inline';style-src 'self' 'unsafe-inline';connect-src 'self' api.umami.is cloud.umami.is;frame-ancestors 'self' undefined Request headers Accept */* Access-Control-Request-Headers content-type Access-Control-Request-Method POST Origin https://kzcxuhpbgvjet.bond Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Response headers access-control-allow-headers content-type access-control-allow-methods GET,HEAD,PUT,PATCH,POST,DELETE access-control-allow-origin * access-control-max-age 86400 alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 8f5095d29bf27c99-EWR content-length 0 content-security-policy default-src 'self';img-src * data:;script-src 'self' 'unsafe-eval' 'unsafe-inline';style-src 'self' 'unsafe-inline';connect-src 'self' api.umami.is cloud.umami.is;frame-ancestors 'self' undefined date Fri, 20 Dec 2024 15:15:00 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} priority u=1,i report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LEiK6Yqf%2BSsEuzoV9Opkt8wBy4oEFzxVLWmjsKCYzH5Bvxz%2Bwua6LzbaIL2NgD2WXoafbqj9%2FCUCAWDDABEGo4rXgA5se2GA1N1lL7YISs7qcI9UOrkG%2FsBHp8508n6Iq7TdHSJnNJGl0AshnyTtNcv0"}],"group":"cf-nel","max_age":604800} server cloudflare server-timing cfL4;desc="?proto=QUIC&rtt=23848&min_rtt=22812&rtt_var=5382&sent=10&recv=9&lost=0&retrans=0&sent_bytes=2185&recv_bytes=4150&delivery_rate=511&cwnd=12000&unsent_bytes=0&cid=5567ccfc0993b6b5&ts=541&x=1" cfExtPri cfHdrFlush;dur=0 vary Access-Control-Request-Headers x-dns-prefetch-control on
GET H3	200	favicon.ico kzcxuhpbgvjet.bond/	2 KB 3 KB	519ms 519ms	Other image/x-icon	2606:4700:3037::6815:31ec CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://kzcxuhpbgvjet.bond/favicon.ico Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3037::6815:31ec , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 504b4621e486970f8c1721d5297561c9f33296f516c83fbb33a0ff3f4f7c1357 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://kzcxuhpbgvjet.bond/ Response headers server cloudflare cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} content-encoding zstd cf-cache-status REVALIDATED etag W/"674840b0-969" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tPt0r4J%2FcHH9UT6%2FfYm%2FyyfMh0auowsJSntyiB%2F8zGGDmnagV0If3MwiNOJNRG8elIPsY%2BumDFZC5nQJWkXQjapVFjW1xNpWGkNAmPMakqoMg8uqsGy%2F%2BvRmB9YQOAWJDYSOo8zxOUS5sdPY16CirtY%3D"}],"group":"cf-nel","max_age":604800} cf-ray 8f5095d22cf1429d-EWR alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=25361&min_rtt=21511&rtt_var=4182&sent=594&recv=123&lost=25&retrans=25&sent_bytes=676971&recv_bytes=13217&delivery_rate=884325&cwnd=136920&unsent_bytes=0&cid=39ef6735aeba9050&ts=2907&x=1", cfExtPri, cfHdrFlush;dur=0 date Fri, 20 Dec 2024 15:15:00 GMT content-type image/x-icon last-modified Thu, 28 Nov 2024 10:06:40 GMT vary Accept-Encoding priority u=1,i
GET H3	200	8673.1b6dd8d303b0535cc1f8.js Show response kzcxuhpbgvjet.bond/	10 KB 0	553ms 553ms	Script application/javascript
General Check archive.org Show headers Download Go to Full URL https://kzcxuhpbgvjet.bond/8673.1b6dd8d303b0535cc1f8.js Requested by Host: kzcxuhpbgvjet.bond URL: https://kzcxuhpbgvjet.bond/main.d54bfa037348b154a941.js Protocol H3 Server -, , ASN (), Reverse DNS Software cloudflare / Resource Hash 25f447387cefb643c04e0aa816e21edf562ebe9b7e3f7b808bdb179154fc17b8 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://kzcxuhpbgvjet.bond/ Response headers cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} content-encoding gzip cf-cache-status REVALIDATED etag W/"674840af-29c8" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h4JOSNFtMkFkXMq3%2FbQxKXW%2FHJS8QCVK68biDa5gFbQ2k49wOIyZpF3vM6jPN%2BE7N9ldY4Wl2LBA4DdV6wn%2F5OlWr6zDjWHTHra4KQy3J6Tzv11BI6baVcInK1fCmMOhYknTeeHDEx6WR3TJeb%2B0VHw%3D"}],"group":"cf-nel","max_age":604800} cf-ray 8f5095e10a51429d-EWR alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=25030&min_rtt=21511&rtt_var=1604&sent=636&recv=131&lost=25&retrans=25&sent_bytes=720458&recv_bytes=14124&delivery_rate=48247&cwnd=136920&unsent_bytes=0&cid=39ef6735aeba9050&ts=5323&x=1", cfExtPri, cfHdrFlush;dur=0 date Fri, 20 Dec 2024 15:15:02 GMT content-type application/javascript last-modified Thu, 28 Nov 2024 10:06:39 GMT server cloudflare priority u=3,i vary Accept-Encoding
GET		2976.4e6e9b1254ce313f06c5.js kzcxuhpbgvjet.bond/	0 0
GET		2976.4e6e9b1254ce313f06c5.js kzcxuhpbgvjet.bond/	0 0
GET		2976.4e6e9b1254ce313f06c5.js kzcxuhpbgvjet.bond/	0 0
GET		2976.4e6e9b1254ce313f06c5.js kzcxuhpbgvjet.bond/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

kzcxuhpbgvjet.bond

URL

https://kzcxuhpbgvjet.bond/3559.80b270ba0e217557b392.js

Domain

kzcxuhpbgvjet.bond

URL

https://kzcxuhpbgvjet.bond/2976.4e6e9b1254ce313f06c5.js

Domain

kzcxuhpbgvjet.bond

URL

https://kzcxuhpbgvjet.bond/2976.4e6e9b1254ce313f06c5.js

Domain

kzcxuhpbgvjet.bond

URL

https://kzcxuhpbgvjet.bond/2976.4e6e9b1254ce313f06c5.js

Domain

kzcxuhpbgvjet.bond

URL

https://kzcxuhpbgvjet.bond/2976.4e6e9b1254ce313f06c5.js

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Telegram (Instant Messenger)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| compatTest boolean| isCompatTestPassed object| webpackChunktelegram_t object| umami

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://kzcxuhpbgvjet.bond/ Message: Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'wasm-unsafe-eval' https://t.me/_websync_ https://telegram.me/_websync_ https://*.bafanglaicai.app". Either the 'unsafe-inline' keyword, a hash ('sha256-zFgbRTBah9NzidMH78VEmHsofpBXbc5P29/QcmZff9k='), or a nonce ('nonce-...') is required to enable inline execution.
security	error	URL: https://kzcxuhpbgvjet.bond/ Message: Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'wasm-unsafe-eval' https://t.me/_websync_ https://telegram.me/_websync_ https://*.bafanglaicai.app". Either the 'unsafe-inline' keyword, a hash ('sha256-7sb9rI2B2jOZwfMybtBlZvVozyAoyw13cUBNDhGd9NY='), or a nonce ('nonce-...') is required to enable inline execution.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

hu.bafanglaicai.app
kzcxuhpbgvjet.bond
t.me
telegram.me
kzcxuhpbgvjet.bond
2001:67c:4e8:f004::9
2606:4700:3032::6815:2a4f
2606:4700:3037::6815:31ec
00745db819d91c37bf0f59bee00ab2efe9766fddcb726ff1bcb6847748b2bbc7
023d8e20a6dc800a6415a305418e11c27484c01ab373778d26d87e8b020961c4
15c24ec2b4cb94f24e66750f09e7071e5659e20a5ed926f69f565e20a81027cf
25f447387cefb643c04e0aa816e21edf562ebe9b7e3f7b808bdb179154fc17b8
3151f7930d821bccf4a76cbbe4a3533e2b56bdff696f260c864ab639ac7526ea
375141f2d3f04c733276dbff5d9208ff36b2db6a64abcee723179ac24797974f
4b0df0fda26d6f1dbd8ec954ba4d1e48088a07521041248ee17579dcf261b6aa
4c70083f389a2fafc6a5f3c35179243623b4416cab07a1c6ce08d3f7c1ddb2ae
504b4621e486970f8c1721d5297561c9f33296f516c83fbb33a0ff3f4f7c1357
6b9e73b25890fe9c309feff6ef849db08babba9c055b169c20815866d264f3ef
81bbb48854451f50a3d71aa8114faaf22f205718f016f23ec62f5fd252157f4f
86093551f5a7f68c7dcac947bd8dc54c6a79dd9a5d83f7e40116d640eb28c7d6
ade1ddec66f6e98e30d8a56b01e7dd9d2c84a8f4dac51bc88d2ab5bc6e5d1a62
b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b
bc5cbdb6250171b87c0310a8e636e39f5a56b4d8a78262315705c2cc9ab8da14
d5e81ea05db27d47fa91e6bd4d675cc1c8eeec9341a4db7859359a7c5ee5fca3
fd5d096f167239210ad895c0332de2bc95585ad11a667295e97687efde54162a