hghasean.com Open in urlscan Pro
2606:4700:3037::ac43:a865 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://hepctab.com/wp-content/updraft/3
Effective URL:
https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/b7db2/SSLAuthUI.html
Submission: On September 26 via manual (September 26th 2022, 12:50:10 am UTC) from NL — Scanned from NL

Summary HTTP 15 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 15 HTTP transactions. The main IP is 2606:4700:3037::ac43:a865, located in United States and belongs to CLOUDFLARENET, US. The main domain is hghasean.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on May 8th 2022. Valid for: a year.

This is the only time hghasean.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Chunghwa Post (Transportation)

Domain & IP information

	IP Address	AS Autonomous System
1 2	2606:4700:303... 2606:4700:3035::6815:34ac	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3 17	2606:4700:303... 2606:4700:3037::ac43:a865	13335 (CLOUDFLAR...) (CLOUDFLARENET)
15	2

2 2606:4700:3035::6815:34ac (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

hepctab.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2606:4700:3037::ac43:a865 (United States) 3 redirects

ASN13335 (CLOUDFLARENET, US)

hghasean.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
17	hghasean.com 3 redirects hghasean.com	123 KB
2	hepctab.com 1 redirects hepctab.com	932 B
15	2

	Domain	Requested by
17	hghasean.com	3 redirects hghasean.com hepctab.com
2	hepctab.com	1 redirects
15	2

This site contains no links.

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-15` - `2023-06-15`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/b7db2/SSLAuthUI.html
Frame ID: 7BE541DA7E7C95A2D35555BD49E4A7EC
Requests: 12 HTTP requests in this frame

Frame: https://hghasean.com/cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1664150400
Frame ID: 09CAC565C356BA0CA9E52084372C5F57
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

信用卡付款頁面

Page URL History Show full URLs

https://hepctab.com/wp-content/updraft/3 HTTP 301
https://hepctab.com/wp-content/updraft/3/ Page URL
https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/ HTTP 302
https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/b7db2 HTTP 301
https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/b7db2/ HTTP 302
https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/b7db2/SSLAuthUI.html Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css

Page Statistics

15
Requests

100 %
HTTPS

100 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

122 kB
Transfer

271 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://hepctab.com/wp-content/updraft/3 HTTP 301
https://hepctab.com/wp-content/updraft/3/ Page URL
https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/ HTTP 302
https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/b7db2 HTTP 301
https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/b7db2/ HTTP 302
https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/b7db2/SSLAuthUI.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://hepctab.com/wp-content/updraft/3 HTTP 301
https://hepctab.com/wp-content/updraft/3/

15 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	/ Show response hepctab.com/wp-content/updraft/3/ Redirect Chain https://hepctab.com/wp-content/updraft/3 https://hepctab.com/wp-content/updraft/3/	123 B 433 B	238ms 237ms	Document text/html	2606:4700:3035::6815:34ac CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://hepctab.com/wp-content/updraft/3/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3035::6815:34ac , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `ee3e36331641d61740686a9e87801bfe0a468cb8ab034a9c727d5f75b9cb62d1` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 accept-language nl-NL,nl;q=0.9 Response headers alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 750800e29cec9042-FRA content-encoding br content-type text/html; charset=UTF-8 date Mon, 26 Sep 2022 00:50:06 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a2KyQ2J%2F3pvCiHfw9IERz9cq%2FeaOaJ5UaSTXstpSqxdB6MkQFphIPBx3NNh4lX%2FWV49ery9ggPLdDE6a2KTR8AtNxrrv55GYBep4XHxe9%2FdFiT8ECUDRKOYrwEqKPHqpqFNc6x%2Bv3eCQRA%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding x-turbo-charged-by LiteSpeed Redirect headers alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 750800e14c049042-FRA content-type text/html date Mon, 26 Sep 2022 00:50:05 GMT location https://hepctab.com/wp-content/updraft/3/ nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sN%2BIhaSOyDsSDo3146HRPL%2FuJjvmXLM6cFZ2i9ugGi0TDpTv3ml3pZ0Urpv%2B3JKSNWtRMVRCfZexVCisROza8ecjhmSiZlAulntPQDVOmGg%2FZQOtbwQ4Oehn%2B9OcigSt2%2FS4qXojDx4vOg%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding x-turbo-charged-by LiteSpeed
GET H3	200	Primary Request SSLAuthUI.html Show response hghasean.com/wp-content/litespeed/posttw/internet/noesw/b7db2/ Redirect Chain https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/ https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/b7db2 https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/b7db2/ https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/b7db2/SSLAuthUI.html	10 KB 4 KB	222ms 221ms	Document text/html	2606:4700:3037::ac43:a865 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/b7db2/SSLAuthUI.html Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3037::ac43:a865 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `8dda0efb97d7329b23ecd6706a33202b97e3ba57d656132f0744c97c424803b3` Request headers Referer https://hepctab.com/wp-content/updraft/3/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 accept-language nl-NL,nl;q=0.9 Response headers alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 750800eb1c6c995c-FRA content-encoding br content-type text/html date Mon, 26 Sep 2022 00:50:07 GMT last-modified Mon, 26 Sep 2022 00:50:06 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=86JbpNcTeWietlwemCPfYemUrtt0BwwAd3ZNum2fI27H28JtZCJgA15UsgNfnDyRoVHzyvucvleCA0QHOlad5Nx3MJ%2FFqvKMcpdJuW%2BosM%2F0oZFPAQiDKSmAqYZ07z12UZ%2FctiVvDBh0GKU%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding x-turbo-charged-by LiteSpeed Redirect headers alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 750800e9aa98995c-FRA content-type text/html; charset=UTF-8 date Mon, 26 Sep 2022 00:50:07 GMT location SSLAuthUI.html nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HyJS1LNZks%2FDccvK4j7qZoTvcifM0Ws%2Fvvol9d8n2hto5MtlcOYlpL8L%2FsF5CzbkMyNmOdQF3Kvoepxp9ukn3u1J%2BIY1fQf9KVoNDV%2BnIEFaJ200MfgZxsiTvUR4YaCfkgCWrC2RSoyQDzw%3D"}],"group":"cf-nel","max_age":604800} server cloudflare x-turbo-charged-by LiteSpeed
GET H3	200	bootstrap.css hghasean.com/wp-content/litespeed/posttw/internet/noesw/b7db2/SSLAuthUI_fichiers/	118 KB 20 KB	225ms 225ms	Stylesheet text/css	2606:4700:3037::ac43:a865 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/b7db2/SSLAuthUI_fichiers/bootstrap.css Requested by Host: hghasean.com URL: https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/b7db2/SSLAuthUI.html Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3037::ac43:a865 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c` Request headers accept-language nl-NL,nl;q=0.9 Referer https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/b7db2/SSLAuthUI.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers date Mon, 26 Sep 2022 00:50:07 GMT content-encoding br cf-cache-status MISS last-modified Mon, 26 Sep 2022 00:50:06 GMT server cloudflare etag W/"1d970-6330f73e-4f2ffc;gz" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qtsuabIiHtZmjXGJaDg1WhHgeFAFwPSWYEli1ZePlyrET904MrWbIhjXNhK60Zg81kP%2BGOFDgZFFAyAkT8SLr3%2F9yfGgRhjoybqkpjCdtqOdhdd6oRlxRbkqMWlG%2FRJYkueCL19hMMDKKz0%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control public, max-age=604800 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-turbo-charged-by LiteSpeed cf-ray 750800ec8d4f995c-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 expires Mon, 03 Oct 2022 00:50:07 GMT
GET H3	200	style.css hghasean.com/wp-content/litespeed/posttw/internet/noesw/b7db2/SSLAuthUI_fichiers/	9 KB 3 KB	265ms 264ms	Stylesheet text/css	2606:4700:3037::ac43:a865 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/b7db2/SSLAuthUI_fichiers/style.css Requested by Host: hghasean.com URL: https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/b7db2/SSLAuthUI.html Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3037::ac43:a865 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `a21e37f28e0471522fcbb0e6860b66a60a582246c4be912dc912b339c35f2ce0` Request headers accept-language nl-NL,nl;q=0.9 Referer https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/b7db2/SSLAuthUI.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers date Mon, 26 Sep 2022 00:50:07 GMT content-encoding br cf-cache-status MISS last-modified Mon, 26 Sep 2022 00:50:06 GMT server cloudflare etag W/"24c4-6330f73e-4f2ffb;gz" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nOdW8LFCioJemZDCPQN6Jf0ofvOzrELZamSXDASiCQ3FixbXzqxuDO%2FwHRP8EDvr27BbMweUNKIcdVbnQUPbasINnL17g2rNxXKDC9vW5ULxOPHWGxpSB9pt5t2BR2uXxR57rdH1qtwPLlU%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control public, max-age=604800 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-turbo-charged-by LiteSpeed cf-ray 750800ec8d50995c-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 expires Mon, 03 Oct 2022 00:50:07 GMT
GET H3	200	CTBC_W.jpg hghasean.com/wp-content/litespeed/posttw/internet/noesw/b7db2/img/	42 KB 43 KB	268ms 268ms	Image image/jpeg	2606:4700:3037::ac43:a865 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/b7db2/img/CTBC_W.jpg Requested by Host: hghasean.com URL: https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/b7db2/SSLAuthUI.html Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3037::ac43:a865 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `14832827e45f20f385f3584cb5c84441eb00df1be5aeb33882a5b4ab510ae2ed` Request headers accept-language nl-NL,nl;q=0.9 Referer https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/b7db2/SSLAuthUI.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers date Mon, 26 Sep 2022 00:50:07 GMT cf-cache-status MISS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 43378 last-modified Mon, 26 Sep 2022 00:50:06 GMT server cloudflare etag "a972-6330f73e-4f3010;;;" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kojxJFyhFVomed1mAHafj3y4nbCWTs%2FwXMbx7CTyRu5vj46TjscSHbAFuF07ompOjhmBuVE0lZyT0o91XAt4S9UiXWkUhqa%2FLXnj57DyFudtcPrc%2B3ZRoQRSpqX86doqwt%2FrPSkwIDlx7UI%3D"}],"group":"cf-nel","max_age":604800} content-type image/jpeg cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed accept-ranges bytes cf-ray 750800ec9d5e995c-FRA expires Mon, 03 Oct 2022 00:50:07 GMT
GET H3	200	cardtype_ss.png hghasean.com/wp-content/litespeed/posttw/internet/noesw/b7db2/img/	7 KB 8 KB	251ms 249ms	Image image/png	2606:4700:3037::ac43:a865 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/b7db2/img/cardtype_ss.png Requested by Host: hghasean.com URL: https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/b7db2/SSLAuthUI.html Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3037::ac43:a865 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `a5ca115514cbfc52924374b62761d7f0d1f8e510d08b32905f75b66b3a37b1e1` Request headers accept-language nl-NL,nl;q=0.9 Referer https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/b7db2/SSLAuthUI.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers date Mon, 26 Sep 2022 00:50:07 GMT cf-cache-status MISS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 7613 last-modified Mon, 26 Sep 2022 00:50:06 GMT server cloudflare etag "1dbd-6330f73e-4f300e;;;" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fnqonzA4yhfOYrnUsv0%2B7wenHBumABEEoKfg8rnyybdRb5BLEsjkCN0Z2YYelSAmxAnh6Y7%2F5z33hXNzaCSDnkUCoQEJX2s8zLRmq0vC0mgEocTfLKvHadDqRnSJRcZMkv%2F3pb9ETyImBfg%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed accept-ranges bytes cf-ray 750800ec9d60995c-FRA expires Mon, 03 Oct 2022 00:50:07 GMT
GET H3	200	card.png hghasean.com/wp-content/litespeed/posttw/internet/noesw/b7db2/img/	399 B 940 B	311ms 310ms	Image image/png	2606:4700:3037::ac43:a865 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/b7db2/img/card.png Requested by Host: hghasean.com URL: https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/b7db2/SSLAuthUI.html Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3037::ac43:a865 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `39459e2db25db3f30b853a7b510629f766994c88eb2af780e77d4ffa71287ee0` Request headers accept-language nl-NL,nl;q=0.9 Referer https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/b7db2/SSLAuthUI.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers date Mon, 26 Sep 2022 00:50:07 GMT cf-cache-status MISS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 399 last-modified Mon, 26 Sep 2022 00:50:06 GMT server cloudflare etag "18f-6330f73e-4f3012;;;" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f19Lc5H5aaa%2Bo70WuV1LS0rB7Nz4s7CyqYrXEudZ8Dh6zDQYlVnF8RLF9B%2BVFDm7W8IxTi3Hc2D2uNjAgbJ1GmipGlY9vbtLDfxJShHfq%2FtwBYco8p2z9ddhQbb7xNHVtsgBVy3CMtwDd7A%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed accept-ranges bytes cf-ray 750800ec9d62995c-FRA expires Mon, 03 Oct 2022 00:50:07 GMT
GET H3	200	Exclamation.png hghasean.com/wp-content/litespeed/posttw/internet/noesw/b7db2/img/	481 B 1 KB	292ms 290ms	Image image/png	2606:4700:3037::ac43:a865 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/b7db2/img/Exclamation.png Requested by Host: hghasean.com URL: https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/b7db2/SSLAuthUI.html Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3037::ac43:a865 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `f35b4d8168065dde839d4ebb2bb3747b2734acdf3c85e0c28a163daa97c76d39` Request headers accept-language nl-NL,nl;q=0.9 Referer https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/b7db2/SSLAuthUI.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers date Mon, 26 Sep 2022 00:50:07 GMT cf-cache-status MISS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 481 last-modified Mon, 26 Sep 2022 00:50:06 GMT server cloudflare etag "1e1-6330f73e-4f300a;;;" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FzmgsBO20vXpqyyVGHejHEinOPL9Mu8PKihvrk9N6AGkC81N11o2RZwyAA6vW%2FvsTY759nkGC2VvGR7NdaSTkfXxaFCWvjt1pnJnStVCmwgvawu0OYOQNLJu1NjXv3%2BwZHgLgq1%2FKeWf7LM%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed accept-ranges bytes cf-ray 750800ec9d63995c-FRA expires Mon, 03 Oct 2022 00:50:07 GMT
GET H3	200	3D_VISA.png hghasean.com/wp-content/litespeed/posttw/internet/noesw/b7db2/img/	4 KB 5 KB	258ms 257ms	Image image/png	2606:4700:3037::ac43:a865 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/b7db2/img/3D_VISA.png Requested by Host: hghasean.com URL: https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/b7db2/SSLAuthUI.html Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3037::ac43:a865 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `1818f0c2ef6a363e915bd4c6c2c2cbeef0fcf60ff2da3e79cfe0d1c3bc9ff86b` Request headers accept-language nl-NL,nl;q=0.9 Referer https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/b7db2/SSLAuthUI.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers date Mon, 26 Sep 2022 00:50:07 GMT cf-cache-status MISS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 4101 last-modified Mon, 26 Sep 2022 00:50:06 GMT server cloudflare etag "1005-6330f73e-4f3011;;;" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SAodJFLimreIdKhcUUy6vrzq6Ay0DdhcMsA2xzHJhHvs7vGUmKQ6U9qaFFW%2BEqs6rFERgARMkQNWg01AloYEFTHnH%2FGkJj8H31T2QZpMmQebUWxE28DA8qcklKpswKPF%2FEvMjVn624DGhsA%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed accept-ranges bytes cf-ray 750800ec9d64995c-FRA expires Mon, 03 Oct 2022 00:50:07 GMT
GET H3	200	3D_MASTER.png hghasean.com/wp-content/litespeed/posttw/internet/noesw/b7db2/img/	3 KB 4 KB	304ms 302ms	Image image/png	2606:4700:3037::ac43:a865 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/b7db2/img/3D_MASTER.png Requested by Host: hghasean.com URL: https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/b7db2/SSLAuthUI.html Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3037::ac43:a865 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `203dffbf9fb647ad3576ebc57c4005c1a0cb07cc740a911585b6ba70c8d20892` Request headers accept-language nl-NL,nl;q=0.9 Referer https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/b7db2/SSLAuthUI.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers date Mon, 26 Sep 2022 00:50:07 GMT cf-cache-status MISS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 3098 last-modified Mon, 26 Sep 2022 00:50:06 GMT server cloudflare etag "c1a-6330f73e-4f3008;;;" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BRM2xEVDfXj139II8pInHSDfwzywKi%2Bn2spNaW6izueRYO9943kGVvKk68rb1BZ90ug8yZmV7Mi%2Bt3gyZeQIOMPgmYqHAwIRjHS3s%2BtaS%2BhaORvwSfAlJZQaAzJUMuJmq3sBcGRLIHjE4so%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed accept-ranges bytes cf-ray 750800ec9d65995c-FRA expires Mon, 03 Oct 2022 00:50:07 GMT
GET H3	200	3D_JCB.png hghasean.com/wp-content/litespeed/posttw/internet/noesw/b7db2/img/	3 KB 4 KB	305ms 303ms	Image image/png	2606:4700:3037::ac43:a865 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/b7db2/img/3D_JCB.png Requested by Host: hghasean.com URL: https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/b7db2/SSLAuthUI.html Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3037::ac43:a865 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `eacf2b196015c40a02cf7849c614daaca5205159d7ac234ad90ea47fbb714041` Request headers accept-language nl-NL,nl;q=0.9 Referer https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/b7db2/SSLAuthUI.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers date Mon, 26 Sep 2022 00:50:07 GMT cf-cache-status MISS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 3042 last-modified Mon, 26 Sep 2022 00:50:06 GMT server cloudflare etag "be2-6330f73e-4f300b;;;" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZXDCb341NMktZayqQ7MbOK3rLM938OHoP0hnRPO4dJLAdOUwo7vAFx1q7PoXVUGRtIpO4g5NjNvVMYBPYlfyVnUCLJAiCRhJn4agzdpfFvlgim2l%2Bq%2FmV9zRLIO42OG8VPNk90%2BduLJxVlE%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed accept-ranges bytes cf-ray 750800ec9d66995c-FRA expires Mon, 03 Oct 2022 00:50:07 GMT
GET H3	200	twca_ssl.png hghasean.com/wp-content/litespeed/posttw/internet/noesw/b7db2/img/	6 KB 6 KB	305ms 303ms	Image image/png	2606:4700:3037::ac43:a865 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/b7db2/img/twca_ssl.png Requested by Host: hghasean.com URL: https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/b7db2/SSLAuthUI.html Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3037::ac43:a865 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `4a1d51361e6bfabde052f3b64166d7ab532241e0c634162ccd6220c76759642a` Request headers accept-language nl-NL,nl;q=0.9 Referer https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/b7db2/SSLAuthUI.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers date Mon, 26 Sep 2022 00:50:07 GMT cf-cache-status MISS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 5949 last-modified Mon, 26 Sep 2022 00:50:06 GMT server cloudflare etag "173d-6330f73e-4f300c;;;" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jpClrqr7aahblFUs%2B3aCtPPTMCZXxyK%2BnLXdHbRbe8J5hbGU6FnS0K95t2O2c0RtbXNGD76ONtD0Tpjqr%2Fb13pboCZXHz%2B3iz6c2uiJ0ZN%2Fg%2Bqd0H44LQAjMOUKVBjjEw3DDwsvvpn5JVg8%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed accept-ranges bytes cf-ray 750800ec9d67995c-FRA expires Mon, 03 Oct 2022 00:50:07 GMT
GET H3	200	invisible.js Show response hghasean.com/cdn-cgi/challenge-platform/h/g/scripts/alpha/ Frame 09CA	39 KB 14 KB	37ms 35ms	Script application/javascript	2606:4700:3037::ac43:a865 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://hghasean.com/cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1664150400 Requested by Host: hepctab.com URL: https://hepctab.com/wp-content/updraft/3/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3037::ac43:a865 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `41168a62fbb7b37cc3a7856b53d48da160d7806e6c5ecbbb32a7c3d415c1c853` Request headers accept-language nl-NL,nl;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers date Mon, 26 Sep 2022 00:50:07 GMT content-encoding br nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary accept-encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KTQkCB8QxgJJsS%2Bl%2FSYTEISoB4%2B%2F11LeLEbo8iDttUC8X4Iz2k1LKjcyFKv7E7IdBw06ptwm4C656IihV6jI9ERhq9mzCdXuu2el%2B3Ta6SYWfffrT2vfuRfeC96ZEokDRJ6ScrGOqQJI7Mg%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=UTF-8 cache-control max-age=14400, public x-control-type-options nosniff cf-ray 750800ee7efc995c-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	200	pica.js hghasean.com/cdn-cgi/challenge-platform/h/g/scripts/ Frame 09CA	28 KB 9 KB	35ms 35ms	Other application/javascript	2606:4700:3037::ac43:a865 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://hghasean.com/cdn-cgi/challenge-platform/h/g/scripts/pica.js Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3037::ac43:a865 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `8955169ac44fb81e2480bc66321e08a02793bb6ccf0dbcf5eda841eb147b2d19` Request headers accept-language nl-NL,nl;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers date Mon, 26 Sep 2022 00:50:07 GMT content-encoding br nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary accept-encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BH5VZR5kwwmiY5kTDVdbGsWqW0KBQRsg3WUBcoadD3SWLsig1GXO%2F9my4QAZx0cx3g4QU2zIX7h%2Fa5Fq%2B4m8NzXmhA6kBCSfrYxBGvir8i%2Fmg0UtwL9H58mjHX0Z4bBCGr4k03sPPbPO9yI%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=UTF-8 cache-control max-age=14400, public x-control-type-options nosniff cf-ray 750800eecf48995c-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
POST H3	200	750800eb1c6c995c Show response hghasean.com/cdn-cgi/challenge-platform/h/g/cv/result/ Frame 09CA	2 B 650 B	51ms 51ms	XHR text/plain	2606:4700:3037::ac43:a865 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://hghasean.com/cdn-cgi/challenge-platform/h/g/cv/result/750800eb1c6c995c Requested by Host: hghasean.com URL: https://hghasean.com/cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1664150400 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3037::ac43:a865 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df` Request headers Referer accept-language nl-NL,nl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Content-Type application/json Response headers date Mon, 26 Sep 2022 00:50:08 GMT content-encoding br nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ruShnE81o8EdmwefvD9aKTS9i24hHa75bUFL2hYwkymVRuNUiVB7iGkEZ3ggXKvc4uAMDT360cisx4bpvlQtj6dCDp%2FzAny5yYaihnJyuoDY9hyD4Uf%2FjsL1HgGF7baHLRs6rFGPyrPEedE%3D"}],"group":"cf-nel","max_age":604800} content-type text/plain; charset=UTF-8 cf-ray 750800f0d950995c-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Chunghwa Post (Transportation)

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.hghasean.com/	1970-01-20 06:15:55	Name: __cf_bm Value: uvR.eOJiBynZQdZTTDELX7wu1ShYVUBXmp816INjh14-1664153408-0-ARlK7ferjXuk9s4yDFQf15LnXE9awXkQ/Dx2+HTgJkjOU9Rq8wGh9INLNyw/zltkwHcSCQtdqE9+eauFm/ZJk6YqQqWlugGmVH5W5O7JdPFtpH17n2vpXeExwBm4Ht/9jA==

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

hepctab.com
hghasean.com
2606:4700:3035::6815:34ac
2606:4700:3037::ac43:a865
14832827e45f20f385f3584cb5c84441eb00df1be5aeb33882a5b4ab510ae2ed
1818f0c2ef6a363e915bd4c6c2c2cbeef0fcf60ff2da3e79cfe0d1c3bc9ff86b
203dffbf9fb647ad3576ebc57c4005c1a0cb07cc740a911585b6ba70c8d20892
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
39459e2db25db3f30b853a7b510629f766994c88eb2af780e77d4ffa71287ee0
41168a62fbb7b37cc3a7856b53d48da160d7806e6c5ecbbb32a7c3d415c1c853
4a1d51361e6bfabde052f3b64166d7ab532241e0c634162ccd6220c76759642a
8955169ac44fb81e2480bc66321e08a02793bb6ccf0dbcf5eda841eb147b2d19
8dda0efb97d7329b23ecd6706a33202b97e3ba57d656132f0744c97c424803b3
a21e37f28e0471522fcbb0e6860b66a60a582246c4be912dc912b339c35f2ce0
a5ca115514cbfc52924374b62761d7f0d1f8e510d08b32905f75b66b3a37b1e1
eacf2b196015c40a02cf7849c614daaca5205159d7ac234ad90ea47fbb714041
ee3e36331641d61740686a9e87801bfe0a468cb8ab034a9c727d5f75b9cb62d1
f35b4d8168065dde839d4ebb2bb3747b2734acdf3c85e0c28a163daa97c76d39
f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c

hghasean.com Open in urlscan Pro 2606:4700:3037::ac43:a865 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

15 Requests

100 %HTTPS

100 %IPv6

2 Domains

2 Subdomains

2 IPs

1 Countries

122 kBTransfer

271 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

10 JavaScript Global Variables

1 Cookies

Indicators

hghasean.com Open in urlscan Pro
2606:4700:3037::ac43:a865 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

100 %
HTTPS

100 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

122 kB
Transfer

271 kB
Size

1
Cookies

15 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!