hghasean.com Open in urlscan Pro
2606:4700:3035::6815:469a Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://hepctab.com/wp-content/updraft/3
Effective URL:
https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/cd40d/SSLAuthUI.html
Submission: On September 22 via manual (September 22nd 2022, 9:08:26 am UTC) from IN — Scanned from DE

Summary HTTP 15 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 15 HTTP transactions. The main IP is 2606:4700:3035::6815:469a, located in United States and belongs to CLOUDFLARENET, US. The main domain is hghasean.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on May 8th 2022. Valid for: a year.

This is the only time hghasean.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Chunghwa Post (Transportation)

Domain & IP information

	IP Address	AS Autonomous System
1 2	2606:4700:303... 2606:4700:3035::6815:34ac	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3 17	2606:4700:303... 2606:4700:3035::6815:469a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
15	2

2 2606:4700:3035::6815:34ac (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

hepctab.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2606:4700:3035::6815:469a (United States) 3 redirects

ASN13335 (CLOUDFLARENET, US)

hghasean.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
17	hghasean.com 3 redirects hghasean.com	121 KB
2	hepctab.com 1 redirects hepctab.com	912 B
15	2

	Domain	Requested by
17	hghasean.com	3 redirects hghasean.com hepctab.com
2	hepctab.com	1 redirects
15	2

This site contains no links.

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-15` - `2023-06-15`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/cd40d/SSLAuthUI.html
Frame ID: 270240CDBF2C972C4310ECB345C46460
Requests: 12 HTTP requests in this frame

Frame: https://hghasean.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1663833600
Frame ID: 4F89EB0F0FFD87E9AD7193FEF073BDD1
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

信用卡付款頁面

Page URL History Show full URLs

https://hepctab.com/wp-content/updraft/3 HTTP 301
https://hepctab.com/wp-content/updraft/3/ Page URL
https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/ HTTP 302
https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/cd40d HTTP 301
https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/cd40d/ HTTP 302
https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/cd40d/SSLAuthUI.html Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css

Page Statistics

15
Requests

100 %
HTTPS

100 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

120 kB
Transfer

259 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://hepctab.com/wp-content/updraft/3 HTTP 301
https://hepctab.com/wp-content/updraft/3/ Page URL
https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/ HTTP 302
https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/cd40d HTTP 301
https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/cd40d/ HTTP 302
https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/cd40d/SSLAuthUI.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://hepctab.com/wp-content/updraft/3 HTTP 301
https://hepctab.com/wp-content/updraft/3/

15 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	/ Show response hepctab.com/wp-content/updraft/3/ Redirect Chain https://hepctab.com/wp-content/updraft/3 https://hepctab.com/wp-content/updraft/3/	123 B 411 B	197ms 197ms	Document text/html	2606:4700:3035::6815:34ac CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://hepctab.com/wp-content/updraft/3/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3035::6815:34ac , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `ee3e36331641d61740686a9e87801bfe0a468cb8ab034a9c727d5f75b9cb62d1` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 74e9e540bad291fc-FRA content-encoding br content-type text/html; charset=UTF-8 date Thu, 22 Sep 2022 09:08:21 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=itnRc3z7iNn2XFy5aPir26SDLO5UTWtfXZrR1AOT%2BIoZHm1ofGdEvB%2BZ5uD1N5mlTxtZKFt5kaJMW3%2F%2BTy4KcMHBN5eENpl8gbJyX5LvglkfvMfneMOuij9on9pANr1iVTqr%2FhDx2%2BSg2w%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding x-turbo-charged-by LiteSpeed Redirect headers alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 74e9e53f68fc91fc-FRA content-type text/html date Thu, 22 Sep 2022 09:08:21 GMT location https://hepctab.com/wp-content/updraft/3/ nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Pl2m4p98ZsHeitc7l7J57s3CyYCD%2BvfAlv3GliBvFtqP99N7O2uvwT%2BNCYOG4Md3XDyGbOmJWn1SK5pJ%2BWP37lzMFp4THyCtkgPJ4E%2Fbl%2BIOaWfo0dOUBNFeqNrl%2FLsZ6I7pmS%2BckEjOgA%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding x-turbo-charged-by LiteSpeed
GET H3	200	Primary Request SSLAuthUI.html Show response hghasean.com/wp-content/litespeed/posttw/internet/noesw/cd40d/ Redirect Chain https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/ https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/cd40d https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/cd40d/ https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/cd40d/SSLAuthUI.html	10 KB 4 KB	208ms 208ms	Document text/html	2606:4700:3035::6815:469a CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/cd40d/SSLAuthUI.html Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::6815:469a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `1615cfbc56631c4a10cc1f397acd6b41948b8d7d15c425eff92d9fc6f1706ef0` Request headers Referer https://hepctab.com/wp-content/updraft/3/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 74e9e548e84e90fb-FRA content-encoding br content-type text/html date Thu, 22 Sep 2022 09:08:22 GMT last-modified Thu, 22 Sep 2022 09:08:21 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nINzHsLp3tD%2BbtcyKINQZcyD%2BtZEbPoW8oi1uRMD8gCSnmzwH4HwzUhMOdP93vTB9oH1cFOF9P%2FQKnm6pI8bFAIfYGb3dDzaE6K4Tslx9aY2Q%2BL0nzfjJL59qnYjGOhrQ7LZ7mXb4qpG52U%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding x-turbo-charged-by LiteSpeed Redirect headers alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 74e9e547addb90fb-FRA content-type text/html; charset=UTF-8 date Thu, 22 Sep 2022 09:08:22 GMT location SSLAuthUI.html nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dKI2PNpFNfMpY%2BWWo%2BKhIgb%2B8dpJYTyKEa2H90AY2IyZTRFNBQyYkQEDOQaXOc5aSzgMFiIkKpI9P6GaWzQWk0zkCjwuZzhp2E45OxULrjLFAWMKwR50tsEObkVN0HOZjOYvRX8Dy7uRraw%3D"}],"group":"cf-nel","max_age":604800} server cloudflare x-turbo-charged-by LiteSpeed
GET H3	200	bootstrap.css hghasean.com/wp-content/litespeed/posttw/internet/noesw/cd40d/SSLAuthUI_fichiers/	118 KB 20 KB	242ms 242ms	Stylesheet text/css	2606:4700:3035::6815:469a CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/cd40d/SSLAuthUI_fichiers/bootstrap.css Requested by Host: hghasean.com URL: https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/cd40d/SSLAuthUI.html Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::6815:469a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c` Request headers accept-language de-DE,de;q=0.9 Referer https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/cd40d/SSLAuthUI.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers date Thu, 22 Sep 2022 09:08:22 GMT content-encoding br cf-cache-status MISS last-modified Thu, 22 Sep 2022 09:08:21 GMT server cloudflare etag W/"1d970-632c2605-4b5d00;gz" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zcS3zpiLi4R5MgbXzCm23w6tUEkPHAxWvTEs9dxVFjqkKjjjkf2s0u6DCra%2F212t6%2FVCURWbzg1ca5%2FNcvaTkPo64jwHsO9xxnK2VV5FOu0WytV%2BMYpJ6JtJLl8%2Fd%2BXJHvj2XJDFpqCmrQ0%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control public, max-age=604800 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-turbo-charged-by LiteSpeed cf-ray 74e9e54a3a5590fb-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 expires Thu, 29 Sep 2022 09:08:22 GMT
GET H3	200	style.css hghasean.com/wp-content/litespeed/posttw/internet/noesw/cd40d/SSLAuthUI_fichiers/	9 KB 3 KB	252ms 251ms	Stylesheet text/css	2606:4700:3035::6815:469a CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/cd40d/SSLAuthUI_fichiers/style.css Requested by Host: hghasean.com URL: https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/cd40d/SSLAuthUI.html Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::6815:469a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `a21e37f28e0471522fcbb0e6860b66a60a582246c4be912dc912b339c35f2ce0` Request headers accept-language de-DE,de;q=0.9 Referer https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/cd40d/SSLAuthUI.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers date Thu, 22 Sep 2022 09:08:22 GMT content-encoding br cf-cache-status MISS last-modified Thu, 22 Sep 2022 09:08:21 GMT server cloudflare etag W/"24c4-632c2605-4b5cff;gz" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2jWTcxxLKVD7JFFMnBszjaukgPZrGRH6PIdKNXXCHaMBzD1nY1%2FklRRNGmLB645XKosbJSMdEM%2Bdnzi%2B8kkLSHocrsIbqx7eC7OGodfRk8wGMYK8i9EvXZBAMw8HQ%2B8gJnWrIWFkCy5%2BEmw%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control public, max-age=604800 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-turbo-charged-by LiteSpeed cf-ray 74e9e54a3a5890fb-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 expires Thu, 29 Sep 2022 09:08:22 GMT
GET H3	200	CTBC_W.jpg hghasean.com/wp-content/litespeed/posttw/internet/noesw/cd40d/img/	42 KB 43 KB	211ms 210ms	Image image/jpeg	2606:4700:3035::6815:469a CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/cd40d/img/CTBC_W.jpg Requested by Host: hghasean.com URL: https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/cd40d/SSLAuthUI.html Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::6815:469a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `14832827e45f20f385f3584cb5c84441eb00df1be5aeb33882a5b4ab510ae2ed` Request headers accept-language de-DE,de;q=0.9 Referer https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/cd40d/SSLAuthUI.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers date Thu, 22 Sep 2022 09:08:22 GMT cf-cache-status MISS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 43378 last-modified Thu, 22 Sep 2022 09:08:21 GMT server cloudflare etag "a972-632c2605-4b5d14;;;" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8pii8Uxh0y74MiN%2Fkm7i%2Bqv0jbXx2DxugrXNVPob7DlbACCgEx7vJjutGGOv3zIGCPxwct8Hwp%2BvLXuiFU%2Bp0De1eDOvqxw091cyj6%2BgAYE2VHYUAutW%2B8I0LSm9wKdsjz8D%2FIRujc6BHGU%3D"}],"group":"cf-nel","max_age":604800} content-type image/jpeg cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed accept-ranges bytes cf-ray 74e9e54a5a7e90fb-FRA expires Thu, 29 Sep 2022 09:08:22 GMT
GET H3	200	cardtype_ss.png hghasean.com/wp-content/litespeed/posttw/internet/noesw/cd40d/img/	7 KB 8 KB	252ms 250ms	Image image/png	2606:4700:3035::6815:469a CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/cd40d/img/cardtype_ss.png Requested by Host: hghasean.com URL: https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/cd40d/SSLAuthUI.html Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::6815:469a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `a5ca115514cbfc52924374b62761d7f0d1f8e510d08b32905f75b66b3a37b1e1` Request headers accept-language de-DE,de;q=0.9 Referer https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/cd40d/SSLAuthUI.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers date Thu, 22 Sep 2022 09:08:22 GMT cf-cache-status MISS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 7613 last-modified Thu, 22 Sep 2022 09:08:21 GMT server cloudflare etag "1dbd-632c2605-4b5d12;;;" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7nUEKFHGPV%2Bmx6jE7hPW5PAgVqphPn48%2BTzncfgNtWJgYydTF7L3bmcGQ7QffP17x3GxSQfNR6QllpnDDi41ZGznoVgfoTNvj7m9KQv%2BikH2gYHBjq%2BhLM%2BSCOkYe%2FkBvUL%2B4uQyjBrXJQM%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed accept-ranges bytes cf-ray 74e9e54a5a8190fb-FRA expires Thu, 29 Sep 2022 09:08:22 GMT
GET H3	200	card.png hghasean.com/wp-content/litespeed/posttw/internet/noesw/cd40d/img/	399 B 945 B	253ms 252ms	Image image/png	2606:4700:3035::6815:469a CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/cd40d/img/card.png Requested by Host: hghasean.com URL: https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/cd40d/SSLAuthUI.html Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::6815:469a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `39459e2db25db3f30b853a7b510629f766994c88eb2af780e77d4ffa71287ee0` Request headers accept-language de-DE,de;q=0.9 Referer https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/cd40d/SSLAuthUI.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers date Thu, 22 Sep 2022 09:08:22 GMT cf-cache-status MISS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 399 last-modified Thu, 22 Sep 2022 09:08:21 GMT server cloudflare etag "18f-632c2605-4b5d16;;;" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VmvHYPTVQ%2BYwm2gCILTOHmSWVvN1gFXe09WyLCL5KGW5rm%2FOVf28IsFRnc59F7meXHg%2BHWd7cDNKZ%2F9uDanMn3T2FXTk1qCr4hWCZmaJM5JC7B3Ig5TanaI1lP4zgyukn%2FHcUeQfyMBGwaY%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed accept-ranges bytes cf-ray 74e9e54a5a8290fb-FRA expires Thu, 29 Sep 2022 09:08:22 GMT
GET H3	200	Exclamation.png hghasean.com/wp-content/litespeed/posttw/internet/noesw/cd40d/img/	481 B 1 KB	254ms 253ms	Image image/png	2606:4700:3035::6815:469a CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/cd40d/img/Exclamation.png Requested by Host: hghasean.com URL: https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/cd40d/SSLAuthUI.html Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::6815:469a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `f35b4d8168065dde839d4ebb2bb3747b2734acdf3c85e0c28a163daa97c76d39` Request headers accept-language de-DE,de;q=0.9 Referer https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/cd40d/SSLAuthUI.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers date Thu, 22 Sep 2022 09:08:22 GMT cf-cache-status MISS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 481 last-modified Thu, 22 Sep 2022 09:08:21 GMT server cloudflare etag "1e1-632c2605-4b5d0e;;;" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tWUzvDxE%2Fu8hYslalJ7ZVDIAHuwI7lCGpKtMkDycQNI965YehG0tgeAiwm7MSVNgYhKsKRPwuIPnFxbRmVffoHuTkqbWOiy%2B487g9IPXmOkSl9YwHfLs%2Fw5MH8CEMrDf4GV%2FUwVgvBppq6c%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed accept-ranges bytes cf-ray 74e9e54a5a8390fb-FRA expires Thu, 29 Sep 2022 09:08:22 GMT
GET H3	200	3D_VISA.png hghasean.com/wp-content/litespeed/posttw/internet/noesw/cd40d/img/	4 KB 5 KB	254ms 253ms	Image image/png	2606:4700:3035::6815:469a CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/cd40d/img/3D_VISA.png Requested by Host: hghasean.com URL: https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/cd40d/SSLAuthUI.html Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::6815:469a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `1818f0c2ef6a363e915bd4c6c2c2cbeef0fcf60ff2da3e79cfe0d1c3bc9ff86b` Request headers accept-language de-DE,de;q=0.9 Referer https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/cd40d/SSLAuthUI.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers date Thu, 22 Sep 2022 09:08:22 GMT cf-cache-status MISS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 4101 last-modified Thu, 22 Sep 2022 09:08:21 GMT server cloudflare etag "1005-632c2605-4b5d15;;;" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hE0i1DcREp2ChmmxCrJ1%2Bck1PJ2xqIvc6o0FA2gs6OIBaS3R8ZeH2F0UmBbLEtv%2Bk9DdcGzbtqcM8rly2fU8mnrh9rsSix4rbw4UUWkt%2FzplCKp6WDYf8uSXV%2FkwKQXRa5bm5%2BzxLFmYaFM%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed accept-ranges bytes cf-ray 74e9e54a5a8590fb-FRA expires Thu, 29 Sep 2022 09:08:22 GMT
GET H3	200	3D_MASTER.png hghasean.com/wp-content/litespeed/posttw/internet/noesw/cd40d/img/	3 KB 4 KB	259ms 258ms	Image image/png	2606:4700:3035::6815:469a CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/cd40d/img/3D_MASTER.png Requested by Host: hghasean.com URL: https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/cd40d/SSLAuthUI.html Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::6815:469a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `203dffbf9fb647ad3576ebc57c4005c1a0cb07cc740a911585b6ba70c8d20892` Request headers accept-language de-DE,de;q=0.9 Referer https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/cd40d/SSLAuthUI.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers date Thu, 22 Sep 2022 09:08:22 GMT cf-cache-status MISS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 3098 last-modified Thu, 22 Sep 2022 09:08:21 GMT server cloudflare etag "c1a-632c2605-4b5d0c;;;" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ug4Lcz%2Fh1fqpqkqrYE2WulIFbtgri4LbdLeAnA03cTyxVEGGPbqN0qAhj%2BEj%2Bz40iJxTMOmEi6ya91obBEZvBUNLY7mf6c7osr%2FCaNBnfjryVXvjixcURgqJ9EHvZPDW8wxwCMlRb9pPG68%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed accept-ranges bytes cf-ray 74e9e54a5a8790fb-FRA expires Thu, 29 Sep 2022 09:08:22 GMT
GET H3	200	3D_JCB.png hghasean.com/wp-content/litespeed/posttw/internet/noesw/cd40d/img/	3 KB 4 KB	260ms 259ms	Image image/png	2606:4700:3035::6815:469a CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/cd40d/img/3D_JCB.png Requested by Host: hghasean.com URL: https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/cd40d/SSLAuthUI.html Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::6815:469a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `eacf2b196015c40a02cf7849c614daaca5205159d7ac234ad90ea47fbb714041` Request headers accept-language de-DE,de;q=0.9 Referer https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/cd40d/SSLAuthUI.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers date Thu, 22 Sep 2022 09:08:22 GMT cf-cache-status MISS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 3042 last-modified Thu, 22 Sep 2022 09:08:21 GMT server cloudflare etag "be2-632c2605-4b5d0f;;;" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z6r%2FRD%2B1iKN2d%2F5lxqmb10qh8WlNiMcp%2FgREAHHKkODAFn9ynqDNis8DZtmvVnIEJscbH6h2915uUD3AApPOP5ezk7HFPxqMVDbZrLM1VHPACKgG%2BheVcQ5bbFFclzzOJj8DysuBu5LUezc%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed accept-ranges bytes cf-ray 74e9e54a5a8a90fb-FRA expires Thu, 29 Sep 2022 09:08:22 GMT
GET H3	200	twca_ssl.png hghasean.com/wp-content/litespeed/posttw/internet/noesw/cd40d/img/	6 KB 6 KB	260ms 259ms	Image image/png	2606:4700:3035::6815:469a CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/cd40d/img/twca_ssl.png Requested by Host: hghasean.com URL: https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/cd40d/SSLAuthUI.html Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::6815:469a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `4a1d51361e6bfabde052f3b64166d7ab532241e0c634162ccd6220c76759642a` Request headers accept-language de-DE,de;q=0.9 Referer https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/cd40d/SSLAuthUI.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers date Thu, 22 Sep 2022 09:08:22 GMT cf-cache-status MISS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 5949 last-modified Thu, 22 Sep 2022 09:08:21 GMT server cloudflare etag "173d-632c2605-4b5d10;;;" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=knDG1kwVjr3enZt9MRUkEwcwF9erwX1W989aUmrqE7TJllQbUuPXfpTBRV%2FyVa2K6Y%2FGuYeoXgs5dm56J6j4T8x2idfnA%2FIU%2BGVSzv17wcSIK5bi5CLCQxeshBjeplOgISazhmLptLNofEI%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed accept-ranges bytes cf-ray 74e9e54a5a8b90fb-FRA expires Thu, 29 Sep 2022 09:08:22 GMT
GET H3	200	invisible.js Show response hghasean.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/ Frame 4F89	35 KB 13 KB	21ms 21ms	Script application/javascript	2606:4700:3035::6815:469a CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://hghasean.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1663833600 Requested by Host: hepctab.com URL: https://hepctab.com/wp-content/updraft/3/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::6815:469a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `5def051050da03233c36e45a3869fba3cc91f684458b0582892f3e5fbc3d74d0` Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers date Thu, 22 Sep 2022 09:08:23 GMT content-encoding br nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary accept-encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G0bs%2BaDGbb%2FXCa1h%2FotMkNB1XA0fbxcsKUy7JU%2B8%2BHun4ajs1LZ9HX%2F5LrTi86qcjoPrwZ2X2c6n063aeXqSKKlXUGwr9AcIJkhNaN%2F8sRKaZzZYRUIs7F6rYFWVthXwWMMXh%2B0s1ptlLqw%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=UTF-8 cache-control max-age=14400, public x-control-type-options nosniff cf-ray 74e9e54c5db290fb-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	200	pica.js hghasean.com/cdn-cgi/challenge-platform/h/b/scripts/ Frame 4F89	20 KB 8 KB	20ms 20ms	Other application/javascript	2606:4700:3035::6815:469a CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://hghasean.com/cdn-cgi/challenge-platform/h/b/scripts/pica.js Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::6815:469a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `419619fd2abbf63bb81b76dce26c60770da15dc86210a3aec70bac7d52d3f62e` Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers date Thu, 22 Sep 2022 09:08:23 GMT content-encoding br nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary accept-encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d1HFmwU3upylztXpXPxAcymL3d4f3DK7YvQpRxDN7jnbWihRhdWVu0O%2BZT3UD80w5G58TPCxkJmu6Ua8Ak7BLDQkIkaO5LUVGyiGwyhmfr%2Fq%2Bd1ezYw39IE6Ui%2F7TBlvl30%2FXVavPOO%2Br%2FQ%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=UTF-8 cache-control max-age=14400, public x-control-type-options nosniff cf-ray 74e9e54c8df890fb-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
POST H3	200	74e9e548e84e90fb Show response hghasean.com/cdn-cgi/challenge-platform/h/b/cv/result/ Frame 4F89	2 B 649 B	41ms 40ms	XHR text/plain	2606:4700:3035::6815:469a CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://hghasean.com/cdn-cgi/challenge-platform/h/b/cv/result/74e9e548e84e90fb Requested by Host: hghasean.com URL: https://hghasean.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1663833600 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::6815:469a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df` Request headers Referer accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Content-Type application/json Response headers date Thu, 22 Sep 2022 09:08:23 GMT content-encoding br nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nzldxlcjkXl150MgcHxVtEgiJjjk4ji0oKd2aEOcspNOiA4CwqubXxRTazBvfGKcFi6d1P0fe4XqIV6posUrfVJJsVKPSSO1uTdd3nyLze8hJUzma%2FCF6Eq5ETYhaAMI3czCz0dyxolzH%2FI%3D"}],"group":"cf-nel","max_age":604800} content-type text/plain; charset=UTF-8 cf-ray 74e9e54e589190fb-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Chunghwa Post (Transportation)

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.hghasean.com/	1970-01-20 06:10:39	Name: __cf_bm Value: DfZTHggAWQCf9krmdgBMvh5Tdg6nseDM9cPfn3sZBRc-1663837703-0-Af28+k5ziwmxY+6LuTOBbJaRHK73wWMmwqFqVqRGMfkG1q6PRolR6NE+rak7pO5vUB7M5pAH8DbHSA8nKHpI02cf2wT2fru2bLbNCHobkJh48MrCMDKV5RmcAxHYem7mEA==

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

hepctab.com
hghasean.com
2606:4700:3035::6815:34ac
2606:4700:3035::6815:469a
14832827e45f20f385f3584cb5c84441eb00df1be5aeb33882a5b4ab510ae2ed
1615cfbc56631c4a10cc1f397acd6b41948b8d7d15c425eff92d9fc6f1706ef0
1818f0c2ef6a363e915bd4c6c2c2cbeef0fcf60ff2da3e79cfe0d1c3bc9ff86b
203dffbf9fb647ad3576ebc57c4005c1a0cb07cc740a911585b6ba70c8d20892
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
39459e2db25db3f30b853a7b510629f766994c88eb2af780e77d4ffa71287ee0
419619fd2abbf63bb81b76dce26c60770da15dc86210a3aec70bac7d52d3f62e
4a1d51361e6bfabde052f3b64166d7ab532241e0c634162ccd6220c76759642a
5def051050da03233c36e45a3869fba3cc91f684458b0582892f3e5fbc3d74d0
a21e37f28e0471522fcbb0e6860b66a60a582246c4be912dc912b339c35f2ce0
a5ca115514cbfc52924374b62761d7f0d1f8e510d08b32905f75b66b3a37b1e1
eacf2b196015c40a02cf7849c614daaca5205159d7ac234ad90ea47fbb714041
ee3e36331641d61740686a9e87801bfe0a468cb8ab034a9c727d5f75b9cb62d1
f35b4d8168065dde839d4ebb2bb3747b2734acdf3c85e0c28a163daa97c76d39
f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c

hghasean.com Open in urlscan Pro 2606:4700:3035::6815:469a Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

15 Requests

100 %HTTPS

100 %IPv6

2 Domains

2 Subdomains

2 IPs

1 Countries

120 kBTransfer

259 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

10 JavaScript Global Variables

1 Cookies

Indicators

hghasean.com Open in urlscan Pro
2606:4700:3035::6815:469a Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

100 %
HTTPS

100 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

120 kB
Transfer

259 kB
Size

1
Cookies

15 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!