hghasean.com Open in urlscan Pro
2606:4700:3035::6815:469a Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://hepctab.com/wp-content/updraft/3
Effective URL:
https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/8f959/SSLAuthUI.html
Submission: On September 22 via manual (September 22nd 2022, 10:25:50 am UTC) from IN — Scanned from DE

Summary HTTP 15 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 15 HTTP transactions. The main IP is 2606:4700:3035::6815:469a, located in United States and belongs to CLOUDFLARENET, US. The main domain is hghasean.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on May 8th 2022. Valid for: a year.

This is the only time hghasean.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Chunghwa Post (Transportation)

Domain & IP information

	IP Address	AS Autonomous System
1 2	2606:4700:303... 2606:4700:3034::ac43:c992	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3 17	2606:4700:303... 2606:4700:3035::6815:469a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
15	2

2 2606:4700:3034::ac43:c992 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

hepctab.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2606:4700:3035::6815:469a (United States) 3 redirects

ASN13335 (CLOUDFLARENET, US)

hghasean.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
17	hghasean.com 3 redirects hghasean.com	124 KB
2	hepctab.com 1 redirects hepctab.com	907 B
15	2

	Domain	Requested by
17	hghasean.com	3 redirects hghasean.com hepctab.com
2	hepctab.com	1 redirects
15	2

This site contains no links.

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-15` - `2023-06-15`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/8f959/SSLAuthUI.html
Frame ID: 34BA0B83ED4B63606196CBBAA9BE97A2
Requests: 12 HTTP requests in this frame

Frame: https://hghasean.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1663833600
Frame ID: 4EFEAE1D88B86932EC4F9A787E62D831
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

信用卡付款頁面

Page URL History Show full URLs

https://hepctab.com/wp-content/updraft/3 HTTP 301
https://hepctab.com/wp-content/updraft/3/ Page URL
https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/ HTTP 302
https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/8f959 HTTP 301
https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/8f959/ HTTP 302
https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/8f959/SSLAuthUI.html Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css

Page Statistics

15
Requests

100 %
HTTPS

100 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

123 kB
Transfer

271 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://hepctab.com/wp-content/updraft/3 HTTP 301
https://hepctab.com/wp-content/updraft/3/ Page URL
https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/ HTTP 302
https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/8f959 HTTP 301
https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/8f959/ HTTP 302
https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/8f959/SSLAuthUI.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://hepctab.com/wp-content/updraft/3 HTTP 301
https://hepctab.com/wp-content/updraft/3/

15 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	/ Show response hepctab.com/wp-content/updraft/3/ Redirect Chain https://hepctab.com/wp-content/updraft/3 https://hepctab.com/wp-content/updraft/3/	123 B 408 B	226ms 225ms	Document text/html	2606:4700:3034::ac43:c992 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://hepctab.com/wp-content/updraft/3/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3034::ac43:c992 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `ee3e36331641d61740686a9e87801bfe0a468cb8ab034a9c727d5f75b9cb62d1` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 74ea56a299919954-FRA content-encoding br content-type text/html; charset=UTF-8 date Thu, 22 Sep 2022 10:25:45 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gJ%2F09z43SK%2FxDg1j8PmBkkRugGyzIbCaM6jXG4yCQgijs70kTkWubPAnKk15FBm0tLNisA14qT2oIgpD01TqEkZp8pAJICMrmxxaKQMZ1sRTCCOvDBPb795RkysZLh8%2BMpfykLj3B1ueew%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding x-turbo-charged-by LiteSpeed Redirect headers alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 74ea56a15f839954-FRA content-type text/html date Thu, 22 Sep 2022 10:25:45 GMT location https://hepctab.com/wp-content/updraft/3/ nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RaQ1JXNjs8JH5OzMrX3zuMLdzZhW4zXDrNoHQdNeiVqpeQDEnCcqSEFkUKPB2aiyb%2BrZvG%2FaZRx7mv4oaJpGqXp3AHI2tc2a0b3XQvCSf7J1%2FFT3DargIeQZxJ%2F%2FUxf0IcLiYtPsNRrI9A%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding x-turbo-charged-by LiteSpeed
GET H3	200	Primary Request SSLAuthUI.html Show response hghasean.com/wp-content/litespeed/posttw/internet/noesw/8f959/ Redirect Chain https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/ https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/8f959 https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/8f959/ https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/8f959/SSLAuthUI.html	10 KB 4 KB	208ms 208ms	Document text/html	2606:4700:3035::6815:469a CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/8f959/SSLAuthUI.html Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::6815:469a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `67e3075f5fcad4bb5810099e40c4edba1cd2b3cc1fc34980f70d738f2f2ecd4e` Request headers Referer https://hepctab.com/wp-content/updraft/3/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 74ea56ab2b5c9223-FRA content-encoding br content-type text/html date Thu, 22 Sep 2022 10:25:46 GMT last-modified Thu, 22 Sep 2022 10:25:46 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fDxnXKc4oSXEl9EP7V7y9HPHA0KTgKkd0QFy1evCK%2B542mfoKF2u4WWKIVndsIe3tGBbcMDJFaPoHVNOswtbwEM6FmgVZR1QLC5iOROeymbeJJj7tpkvRgcMzFXzq7gNjr%2BGT7GchkbluFM%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding x-turbo-charged-by LiteSpeed Redirect headers alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 74ea56a9e9a49223-FRA content-type text/html; charset=UTF-8 date Thu, 22 Sep 2022 10:25:46 GMT location SSLAuthUI.html nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7qSRJQXvbN7YN22EkSIcuTykbS74zyuVH8CCsQ0gUdi7VId8xV5%2FUGbPcFz8BiwJSO77t1VQ%2FedHz1%2FamPzOI4cMn%2BQlD%2FdD%2FlsVUvRCM%2Fkl1FyWXst4GxatBYZNh599ghS8KdtJPo2ysXE%3D"}],"group":"cf-nel","max_age":604800} server cloudflare x-turbo-charged-by LiteSpeed
GET H3	200	bootstrap.css hghasean.com/wp-content/litespeed/posttw/internet/noesw/8f959/SSLAuthUI_fichiers/	118 KB 20 KB	230ms 229ms	Stylesheet text/css	2606:4700:3035::6815:469a CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/8f959/SSLAuthUI_fichiers/bootstrap.css Requested by Host: hghasean.com URL: https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/8f959/SSLAuthUI.html Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::6815:469a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c` Request headers accept-language de-DE,de;q=0.9 Referer https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/8f959/SSLAuthUI.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers date Thu, 22 Sep 2022 10:25:47 GMT content-encoding br cf-cache-status MISS last-modified Thu, 22 Sep 2022 10:25:46 GMT server cloudflare etag W/"1d970-632c382a-4b5dd3;gz" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ryD0rYrwy2xgFmKXUPcf52q%2Fc8i9hTT%2B3gBMs5OVkjZAbtizlxmk2g7%2B7wL%2FOxvuvrrXwEnFwyytCIlJZ5JZ%2BOtZK0dfjAXunTm%2BTW9hnoaVy4wpB0DtRzzMmbz7yXG6SJx%2BbQS7%2FD0UW5w%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control public, max-age=604800 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-turbo-charged-by LiteSpeed cf-ray 74ea56ac7d589223-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 expires Thu, 29 Sep 2022 10:25:47 GMT
GET H3	200	style.css hghasean.com/wp-content/litespeed/posttw/internet/noesw/8f959/SSLAuthUI_fichiers/	9 KB 3 KB	257ms 257ms	Stylesheet text/css	2606:4700:3035::6815:469a CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/8f959/SSLAuthUI_fichiers/style.css Requested by Host: hghasean.com URL: https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/8f959/SSLAuthUI.html Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::6815:469a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `a21e37f28e0471522fcbb0e6860b66a60a582246c4be912dc912b339c35f2ce0` Request headers accept-language de-DE,de;q=0.9 Referer https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/8f959/SSLAuthUI.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers date Thu, 22 Sep 2022 10:25:47 GMT content-encoding br cf-cache-status MISS last-modified Thu, 22 Sep 2022 10:25:46 GMT server cloudflare etag W/"24c4-632c382a-4b5dd2;gz" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s2FTdV7qiHa9wyjd7C1WTzCwslpY24IkZ27jsMkbJNg1jxLV94rPu%2BS%2Flo%2FKTm0qPr1JZZourEyszrbiWTQ60RpA61PzM3m49vd%2BfW5iFPRCVaHmr82M4JL4YioRPu%2FZBGcoPmyd4M6RJOM%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control public, max-age=604800 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-turbo-charged-by LiteSpeed cf-ray 74ea56ac7d599223-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 expires Thu, 29 Sep 2022 10:25:47 GMT
GET H3	200	CTBC_W.jpg hghasean.com/wp-content/litespeed/posttw/internet/noesw/8f959/img/	42 KB 43 KB	252ms 252ms	Image image/jpeg	2606:4700:3035::6815:469a CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/8f959/img/CTBC_W.jpg Requested by Host: hghasean.com URL: https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/8f959/SSLAuthUI.html Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::6815:469a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `14832827e45f20f385f3584cb5c84441eb00df1be5aeb33882a5b4ab510ae2ed` Request headers accept-language de-DE,de;q=0.9 Referer https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/8f959/SSLAuthUI.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers date Thu, 22 Sep 2022 10:25:47 GMT cf-cache-status MISS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 43378 last-modified Thu, 22 Sep 2022 10:25:46 GMT server cloudflare etag "a972-632c382a-4b5de7;;;" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sp%2B7azwZOFY02c8zQv1wqhYa486FUvcZYBctIZBRBQRCiO0nRVynDdpWner9P2Ycin0MYBmesZqLGdfCpMX9fuvsV1C6BzWeTyWXsFt95MCcT8rPa5aldGg6rigX8BpQ7H9W1XMV2F59h0s%3D"}],"group":"cf-nel","max_age":604800} content-type image/jpeg cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed accept-ranges bytes cf-ray 74ea56ac9d749223-FRA expires Thu, 29 Sep 2022 10:25:47 GMT
GET H3	200	cardtype_ss.png hghasean.com/wp-content/litespeed/posttw/internet/noesw/8f959/img/	7 KB 8 KB	209ms 208ms	Image image/png	2606:4700:3035::6815:469a CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/8f959/img/cardtype_ss.png Requested by Host: hghasean.com URL: https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/8f959/SSLAuthUI.html Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::6815:469a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `a5ca115514cbfc52924374b62761d7f0d1f8e510d08b32905f75b66b3a37b1e1` Request headers accept-language de-DE,de;q=0.9 Referer https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/8f959/SSLAuthUI.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers date Thu, 22 Sep 2022 10:25:47 GMT cf-cache-status MISS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 7613 last-modified Thu, 22 Sep 2022 10:25:46 GMT server cloudflare etag "1dbd-632c382a-4b5de5;;;" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ly08GDW%2FCIRlmtRxmybleZpurhN0h7FAeutIKdSNM7RB%2Bf79A7EBrrAgynX1E5UuxyvanbukZ%2BIkkIYMfU5D%2BtTGCTYWHKxDLKvC5dSkBspr1Wlg4XzDPqbw2Ki4RW6rFCCuHEbEXEi3Buk%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed accept-ranges bytes cf-ray 74ea56ac9d769223-FRA expires Thu, 29 Sep 2022 10:25:47 GMT
GET H3	200	card.png hghasean.com/wp-content/litespeed/posttw/internet/noesw/8f959/img/	399 B 944 B	275ms 273ms	Image image/png	2606:4700:3035::6815:469a CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/8f959/img/card.png Requested by Host: hghasean.com URL: https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/8f959/SSLAuthUI.html Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::6815:469a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `39459e2db25db3f30b853a7b510629f766994c88eb2af780e77d4ffa71287ee0` Request headers accept-language de-DE,de;q=0.9 Referer https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/8f959/SSLAuthUI.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers date Thu, 22 Sep 2022 10:25:47 GMT cf-cache-status MISS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 399 last-modified Thu, 22 Sep 2022 10:25:46 GMT server cloudflare etag "18f-632c382a-4b5de9;;;" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=D2FfgH2pYlIuSt%2BHxhJmpPDJOYMM5DIsJOPShuP82shC8ceq2WQ6bNkFNA%2BH6ElhfuJifEn7PAyBr%2FNqsbq9F%2BM0yYd1uwXOqX6I3zzkEa2UX6us5%2BNOhEuiuTYzQPU41KvAm8upXPU2rA0%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed accept-ranges bytes cf-ray 74ea56ac9d799223-FRA expires Thu, 29 Sep 2022 10:25:47 GMT
GET H3	200	Exclamation.png hghasean.com/wp-content/litespeed/posttw/internet/noesw/8f959/img/	481 B 1022 B	275ms 274ms	Image image/png	2606:4700:3035::6815:469a CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/8f959/img/Exclamation.png Requested by Host: hghasean.com URL: https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/8f959/SSLAuthUI.html Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::6815:469a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `f35b4d8168065dde839d4ebb2bb3747b2734acdf3c85e0c28a163daa97c76d39` Request headers accept-language de-DE,de;q=0.9 Referer https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/8f959/SSLAuthUI.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers date Thu, 22 Sep 2022 10:25:47 GMT cf-cache-status MISS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 481 last-modified Thu, 22 Sep 2022 10:25:46 GMT server cloudflare etag "1e1-632c382a-4b5de1;;;" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kVuDOU1AP9pC5pyYW2tPDMDhQs2O5qCuxO8yDtHjF6JC1mdYdQZELVBi74jW2gYNdOwTzW4Yzfp42unqohMbSzdGifb7XHBsf%2BuM8o10x4xHoN3ghR%2B7dw60EHFbmd8TysV9BJQqbMm3DzA%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed accept-ranges bytes cf-ray 74ea56ac9d7d9223-FRA expires Thu, 29 Sep 2022 10:25:47 GMT
GET H3	200	3D_VISA.png hghasean.com/wp-content/litespeed/posttw/internet/noesw/8f959/img/	4 KB 5 KB	276ms 275ms	Image image/png	2606:4700:3035::6815:469a CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/8f959/img/3D_VISA.png Requested by Host: hghasean.com URL: https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/8f959/SSLAuthUI.html Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::6815:469a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `1818f0c2ef6a363e915bd4c6c2c2cbeef0fcf60ff2da3e79cfe0d1c3bc9ff86b` Request headers accept-language de-DE,de;q=0.9 Referer https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/8f959/SSLAuthUI.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers date Thu, 22 Sep 2022 10:25:47 GMT cf-cache-status MISS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 4101 last-modified Thu, 22 Sep 2022 10:25:46 GMT server cloudflare etag "1005-632c382a-4b5de8;;;" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KJwBJyEUng9kcPY%2FusXiJnVS7EaSgf1rGzb991gE3c4l4Q0HTONlNpooMJDcoNV7McNCaY8lMrP8y2fOKkQTlBBFs2R5Euj7Ot%2BzOYo3MB%2F1pHiLAB3JRPssaMq8jut38fZb4JaqQaCB1GE%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed accept-ranges bytes cf-ray 74ea56ac9d7e9223-FRA expires Thu, 29 Sep 2022 10:25:47 GMT
GET H3	200	3D_MASTER.png hghasean.com/wp-content/litespeed/posttw/internet/noesw/8f959/img/	3 KB 4 KB	278ms 277ms	Image image/png	2606:4700:3035::6815:469a CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/8f959/img/3D_MASTER.png Requested by Host: hghasean.com URL: https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/8f959/SSLAuthUI.html Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::6815:469a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `203dffbf9fb647ad3576ebc57c4005c1a0cb07cc740a911585b6ba70c8d20892` Request headers accept-language de-DE,de;q=0.9 Referer https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/8f959/SSLAuthUI.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers date Thu, 22 Sep 2022 10:25:47 GMT cf-cache-status MISS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 3098 last-modified Thu, 22 Sep 2022 10:25:46 GMT server cloudflare etag "c1a-632c382a-4b5ddf;;;" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3tMaSs6QRZag3gXxKZeRSQt9P34Q2JePLPobabqHweFpZ640cWiA4TLmAD%2FfXQJpmB%2B55KkZnGcmvPkY0V1j8AfrSRf9HC%2BCCgNHU%2FPXeAyZ39BfXpGGYGa%2BuK%2B5%2BZVD2j2k89cG3NVkLRo%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed accept-ranges bytes cf-ray 74ea56ac9d7f9223-FRA expires Thu, 29 Sep 2022 10:25:47 GMT
GET H3	200	3D_JCB.png hghasean.com/wp-content/litespeed/posttw/internet/noesw/8f959/img/	3 KB 4 KB	278ms 277ms	Image image/png	2606:4700:3035::6815:469a CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/8f959/img/3D_JCB.png Requested by Host: hghasean.com URL: https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/8f959/SSLAuthUI.html Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::6815:469a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `eacf2b196015c40a02cf7849c614daaca5205159d7ac234ad90ea47fbb714041` Request headers accept-language de-DE,de;q=0.9 Referer https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/8f959/SSLAuthUI.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers date Thu, 22 Sep 2022 10:25:47 GMT cf-cache-status MISS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 3042 last-modified Thu, 22 Sep 2022 10:25:46 GMT server cloudflare etag "be2-632c382a-4b5de2;;;" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TsKHDTlhGG9sC5YKTuU4YpRQ8%2F3niwy9O8XVKf6GWlExjOBKZ9EOQJYC6JD7HZqWYw%2FSUglMuu%2FyVYST9k5Zjdk4D8WxR7UFSztCZpi9eY3w3oDorM5PObQpMWuoSMlPx2xkoMy7a%2BLIhZs%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed accept-ranges bytes cf-ray 74ea56ac9d839223-FRA expires Thu, 29 Sep 2022 10:25:47 GMT
GET H3	200	twca_ssl.png hghasean.com/wp-content/litespeed/posttw/internet/noesw/8f959/img/	6 KB 6 KB	279ms 278ms	Image image/png	2606:4700:3035::6815:469a CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/8f959/img/twca_ssl.png Requested by Host: hghasean.com URL: https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/8f959/SSLAuthUI.html Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::6815:469a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `4a1d51361e6bfabde052f3b64166d7ab532241e0c634162ccd6220c76759642a` Request headers accept-language de-DE,de;q=0.9 Referer https://hghasean.com/wp-content/litespeed/posttw/internet/noesw/8f959/SSLAuthUI.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers date Thu, 22 Sep 2022 10:25:47 GMT cf-cache-status MISS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 5949 last-modified Thu, 22 Sep 2022 10:25:46 GMT server cloudflare etag "173d-632c382a-4b5de3;;;" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4miaP03lC%2FwicQf%2BDYx04mfGHSDrAE%2By2GKvgBzsam1nBz%2B815cG9Rt4j7D7wWRWYJ5bjJmSPn%2BFgROQFho0KehiunJZPtD3fCaAbX4E8pv%2Ftb0vT6iI9vfMOsUZQm5U2y%2FUgiUrB1qnHjc%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed accept-ranges bytes cf-ray 74ea56ac9d859223-FRA expires Thu, 29 Sep 2022 10:25:47 GMT
GET H3	200	invisible.js Show response hghasean.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/ Frame 4EFE	42 KB 15 KB	27ms 27ms	Script application/javascript	2606:4700:3035::6815:469a CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://hghasean.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1663833600 Requested by Host: hepctab.com URL: https://hepctab.com/wp-content/updraft/3/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::6815:469a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `97b8071a633f7126ffbad7e1b92f4b13ebf33fbc44a723c707dff8385829c93d` Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers date Thu, 22 Sep 2022 10:25:47 GMT content-encoding br nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary accept-encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zmX2o8sMwTJp44zV1%2Ftj%2Bb5BSDYaSGuyq8HgFnsgqlkGQvEZX%2B1674zwtCA7HU%2BrDyXo8cvf5Kp1dpLmP4JbzzWE7s%2FRiCfVr%2FGGl5JJ8k01lMAP3BIjG8W8pbP4h8oTTYl1wsjmz44Z13o%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=UTF-8 cache-control max-age=14400, public x-control-type-options nosniff cf-ray 74ea56aea88d9223-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	200	pica.js hghasean.com/cdn-cgi/challenge-platform/h/b/scripts/ Frame 4EFE	25 KB 9 KB	26ms 26ms	Other application/javascript	2606:4700:3035::6815:469a CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://hghasean.com/cdn-cgi/challenge-platform/h/b/scripts/pica.js Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::6815:469a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `d79e4cdd2a28ada214162265cbd0a13f602a97026f0a17d49ca9aef2d44edb6a` Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Response headers date Thu, 22 Sep 2022 10:25:47 GMT content-encoding br nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary accept-encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FFxnLA9C3pOp9vxTRie5xiYeo9XdlqWlfyQSVXjPkBsHKVbghGf%2FcZbtKeF2rTEvBh%2Bzmdn81OxQJIqeBs0QyNidxA%2BmUi2%2B0wfSYYLaWpN7mxABY5aUlaSWGGwDXAvRqJRPnQQVaypvwQM%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=UTF-8 cache-control max-age=14400, public x-control-type-options nosniff cf-ray 74ea56aed8d99223-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
POST H3	200	74ea56ab2b5c9223 Show response hghasean.com/cdn-cgi/challenge-platform/h/b/cv/result/ Frame 4EFE	2 B 649 B	54ms 54ms	XHR text/plain	2606:4700:3035::6815:469a CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://hghasean.com/cdn-cgi/challenge-platform/h/b/cv/result/74ea56ab2b5c9223 Requested by Host: hghasean.com URL: https://hghasean.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1663833600 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::6815:469a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df` Request headers Referer accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36 Content-Type application/json Response headers date Thu, 22 Sep 2022 10:25:47 GMT content-encoding br nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SMoHxtxrN6erko7fGoK%2Bz0Ieuul8uHfj9NeCoUCkYmnSgT50Y4tAJUCxGH14fFtrn%2BERc0j%2BVafz4fxWrb34m%2BvTI6u1npPzthWTFgMFFDZN54tVmvcUlutoXcgd8d0lFWiqz5M%2F4d9ADYQ%3D"}],"group":"cf-nel","max_age":604800} content-type text/plain; charset=UTF-8 cf-ray 74ea56b17c6c9223-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Chunghwa Post (Transportation)

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.hghasean.com/	1970-01-20 06:10:44	Name: __cf_bm Value: 6giVY.bDsibFT9rGAvuvsXn.0VKlu3YK9L8gtOhY.3s-1663842347-0-AeQEAaHHpv8H0mCd2M30Gf148elklGQ+L1XWutPasUPUaBfBggX7eEf2phYNDManFkAoWlS4PABWZ507qoGmweaJAxRVTaLArHiArlFM328NQvOsvm1Ut51HBQeSKk1YRQ==

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

hepctab.com
hghasean.com
2606:4700:3034::ac43:c992
2606:4700:3035::6815:469a
14832827e45f20f385f3584cb5c84441eb00df1be5aeb33882a5b4ab510ae2ed
1818f0c2ef6a363e915bd4c6c2c2cbeef0fcf60ff2da3e79cfe0d1c3bc9ff86b
203dffbf9fb647ad3576ebc57c4005c1a0cb07cc740a911585b6ba70c8d20892
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
39459e2db25db3f30b853a7b510629f766994c88eb2af780e77d4ffa71287ee0
4a1d51361e6bfabde052f3b64166d7ab532241e0c634162ccd6220c76759642a
67e3075f5fcad4bb5810099e40c4edba1cd2b3cc1fc34980f70d738f2f2ecd4e
97b8071a633f7126ffbad7e1b92f4b13ebf33fbc44a723c707dff8385829c93d
a21e37f28e0471522fcbb0e6860b66a60a582246c4be912dc912b339c35f2ce0
a5ca115514cbfc52924374b62761d7f0d1f8e510d08b32905f75b66b3a37b1e1
d79e4cdd2a28ada214162265cbd0a13f602a97026f0a17d49ca9aef2d44edb6a
eacf2b196015c40a02cf7849c614daaca5205159d7ac234ad90ea47fbb714041
ee3e36331641d61740686a9e87801bfe0a468cb8ab034a9c727d5f75b9cb62d1
f35b4d8168065dde839d4ebb2bb3747b2734acdf3c85e0c28a163daa97c76d39
f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c

hghasean.com Open in urlscan Pro 2606:4700:3035::6815:469a Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

15 Requests

100 %HTTPS

100 %IPv6

2 Domains

2 Subdomains

2 IPs

1 Countries

123 kBTransfer

271 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

10 JavaScript Global Variables

1 Cookies

Indicators

hghasean.com Open in urlscan Pro
2606:4700:3035::6815:469a Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

100 %
HTTPS

100 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

123 kB
Transfer

271 kB
Size

1
Cookies

15 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!