hghasean.com
Open in
urlscan Pro
2606:4700:3035::6815:469a
Malicious Activity!
Public Scan
Effective URL: https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/8f959/SSLAuthUI.html
Submission: On September 22 via manual from IN — Scanned from DE
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on May 8th 2022. Valid for: a year.
This is the only time hghasean.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Chunghwa Post (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 2 | 2606:4700:303... 2606:4700:3034::ac43:c992 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
3 17 | 2606:4700:303... 2606:4700:3035::6815:469a | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
15 | 2 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
17 |
hghasean.com
3 redirects
hghasean.com |
124 KB |
2 |
hepctab.com
1 redirects
hepctab.com |
907 B |
15 | 2 |
Domain | Requested by | |
---|---|---|
17 | hghasean.com |
3 redirects
hghasean.com
hepctab.com |
2 | hepctab.com | 1 redirects |
15 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-06-15 - 2023-06-15 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/8f959/SSLAuthUI.html
Frame ID: 34BA0B83ED4B63606196CBBAA9BE97A2
Requests: 12 HTTP requests in this frame
Frame:
https://hghasean.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1663833600
Frame ID: 4EFEAE1D88B86932EC4F9A787E62D831
Requests: 3 HTTP requests in this frame
Screenshot
Page Title
信用卡付款頁面Page URL History Show full URLs
-
https://hepctab.com/wp-content/updraft/3
HTTP 301
https://hepctab.com/wp-content/updraft/3/ Page URL
-
https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/
HTTP 302
https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/8f959 HTTP 301
https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/8f959/ HTTP 302
https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/8f959/SSLAuthUI.html Page URL
Detected technologies
WordPress (CMS) ExpandDetected patterns
- /wp-(?:content|includes)/
Bootstrap (Web Frameworks) Expand
Detected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://hepctab.com/wp-content/updraft/3
HTTP 301
https://hepctab.com/wp-content/updraft/3/ Page URL
-
https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/
HTTP 302
https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/8f959 HTTP 301
https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/8f959/ HTTP 302
https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/8f959/SSLAuthUI.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://hepctab.com/wp-content/updraft/3 HTTP 301
- https://hepctab.com/wp-content/updraft/3/
15 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
hepctab.com/wp-content/updraft/3/ Redirect Chain
|
123 B 408 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Primary Request
SSLAuthUI.html
hghasean.com/wp-content/litespeed/posttw/internet/noesw/8f959/ Redirect Chain
|
10 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bootstrap.css
hghasean.com/wp-content/litespeed/posttw/internet/noesw/8f959/SSLAuthUI_fichiers/ |
118 KB 20 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
style.css
hghasean.com/wp-content/litespeed/posttw/internet/noesw/8f959/SSLAuthUI_fichiers/ |
9 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
CTBC_W.jpg
hghasean.com/wp-content/litespeed/posttw/internet/noesw/8f959/img/ |
42 KB 43 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
cardtype_ss.png
hghasean.com/wp-content/litespeed/posttw/internet/noesw/8f959/img/ |
7 KB 8 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
card.png
hghasean.com/wp-content/litespeed/posttw/internet/noesw/8f959/img/ |
399 B 944 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Exclamation.png
hghasean.com/wp-content/litespeed/posttw/internet/noesw/8f959/img/ |
481 B 1022 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
3D_VISA.png
hghasean.com/wp-content/litespeed/posttw/internet/noesw/8f959/img/ |
4 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
3D_MASTER.png
hghasean.com/wp-content/litespeed/posttw/internet/noesw/8f959/img/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
3D_JCB.png
hghasean.com/wp-content/litespeed/posttw/internet/noesw/8f959/img/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
twca_ssl.png
hghasean.com/wp-content/litespeed/posttw/internet/noesw/8f959/img/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
invisible.js
hghasean.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/ Frame 4EFE |
42 KB 15 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
pica.js
hghasean.com/cdn-cgi/challenge-platform/h/b/scripts/ Frame 4EFE |
25 KB 9 KB |
Other
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
74ea56ab2b5c9223
hghasean.com/cdn-cgi/challenge-platform/h/b/cv/result/ Frame 4EFE |
2 B 649 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Chunghwa Post (Transportation)10 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.hghasean.com/ | Name: __cf_bm Value: 6giVY.bDsibFT9rGAvuvsXn.0VKlu3YK9L8gtOhY.3s-1663842347-0-AeQEAaHHpv8H0mCd2M30Gf148elklGQ+L1XWutPasUPUaBfBggX7eEf2phYNDManFkAoWlS4PABWZ507qoGmweaJAxRVTaLArHiArlFM328NQvOsvm1Ut51HBQeSKk1YRQ== |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
hepctab.com
hghasean.com
2606:4700:3034::ac43:c992
2606:4700:3035::6815:469a
14832827e45f20f385f3584cb5c84441eb00df1be5aeb33882a5b4ab510ae2ed
1818f0c2ef6a363e915bd4c6c2c2cbeef0fcf60ff2da3e79cfe0d1c3bc9ff86b
203dffbf9fb647ad3576ebc57c4005c1a0cb07cc740a911585b6ba70c8d20892
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
39459e2db25db3f30b853a7b510629f766994c88eb2af780e77d4ffa71287ee0
4a1d51361e6bfabde052f3b64166d7ab532241e0c634162ccd6220c76759642a
67e3075f5fcad4bb5810099e40c4edba1cd2b3cc1fc34980f70d738f2f2ecd4e
97b8071a633f7126ffbad7e1b92f4b13ebf33fbc44a723c707dff8385829c93d
a21e37f28e0471522fcbb0e6860b66a60a582246c4be912dc912b339c35f2ce0
a5ca115514cbfc52924374b62761d7f0d1f8e510d08b32905f75b66b3a37b1e1
d79e4cdd2a28ada214162265cbd0a13f602a97026f0a17d49ca9aef2d44edb6a
eacf2b196015c40a02cf7849c614daaca5205159d7ac234ad90ea47fbb714041
ee3e36331641d61740686a9e87801bfe0a468cb8ab034a9c727d5f75b9cb62d1
f35b4d8168065dde839d4ebb2bb3747b2734acdf3c85e0c28a163daa97c76d39
f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c