hetug.top Open in urlscan Pro
2606:4700:3035::6815:4197  Malicious Activity! Public Scan

URL: https://hetug.top/
Submission: On March 25 via api from US — Scanned from DE

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 9 HTTP transactions. The main IP is 2606:4700:3035::6815:4197, located in United States and belongs to CLOUDFLARENET, US. The main domain is hetug.top.
TLS certificate: Issued by GTS CA 1P5 on February 25th 2024. Valid for: 3 months.
This is the only time hetug.top was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Crypto (Crypto Exchange)

Domain & IP information

IP Address AS Autonomous System
9 2606:4700:303... 13335 (CLOUDFLAR...)
9 2
Apex Domain
Subdomains
Transfer
9 hetug.top
hetug.top
839 KB
9 1
Domain Requested by
9 hetug.top hetug.top
9 1

This site contains no links.

Subject Issuer Validity Valid
hetug.top
GTS CA 1P5
2024-02-25 -
2024-05-25
3 months crt.sh

This page contains 1 frames:

Primary Page: https://hetug.top/
Frame ID: B738D6AD20082BD6E8FE57A3DDCA5F1F
Requests: 10 HTTP requests in this frame

Screenshot

Page Title

ETH

Page Statistics

9
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

839 kB
Transfer

3381 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
hetug.top/
683 B
829 B
Document
General
Full URL
https://hetug.top/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::6815:4197 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
633c745a9a4cbacddd81d01b5a6ab92931582faa986f4788f7cb898659ea5f7c

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language
de-DE,de;q=0.9
sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
869dc47b2f50915e-FRA
content-encoding
br
content-type
text/html
date
Mon, 25 Mar 2024 09:10:23 GMT
last-modified
Wed, 13 Mar 2024 12:20:40 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6QcP%2BJ927Dw2eQ4tAK9xUv1HaJzw5zM9p1cmseEdlsKNtBgNqbY3CPNC2NOb49Vd%2Fe4ebqDbUB7097Q6LGgetQXDM5uY9OVd6%2Bv04%2FtVwJQf%2FOW2qAHFSrXxgDU8uwvM3g%2BmxW5EEh8%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
index.css
hetug.top/static/
94 KB
25 KB
Stylesheet
General
Full URL
https://hetug.top/static/index.css
Requested by
Host: hetug.top
URL: https://hetug.top/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::6815:4197 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
892ed879ebe04951f95a8c1c54c76923c7d2081e0b438449e38143bfaa5758f3

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://hetug.top/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 25 Mar 2024 09:10:23 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Wed, 13 Mar 2024 12:21:54 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"65f19a62-17659"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=s5Cuv9BLCSPocFDs7h6vxpXu%2B3AvLWYgk6ml2XLOKu07xvYqEu04DJW0CWtrQ8rL8XKM4%2FZxRSuj9%2Fd%2FPR%2BZscC2IG8eWvyxS6sPCYEsASb69ymT14H9lhzLc9dV9Nq28FI%2BPXkkooI%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=43200
cf-ray
869dc47bc847915e-FRA
alt-svc
h3=":443"; ma=86400
expires
Mon, 25 Mar 2024 21:10:23 GMT
chunk-vendors.3bbef372.js
hetug.top/static/js/
2 MB
584 KB
Script
General
Full URL
https://hetug.top/static/js/chunk-vendors.3bbef372.js
Requested by
Host: hetug.top
URL: https://hetug.top/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::6815:4197 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4861b47b1aa781633c53d7d8a674d0be1fb8e3e79876d75d9a8571b407416a14

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://hetug.top/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 25 Mar 2024 09:10:23 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Wed, 13 Mar 2024 12:20:40 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"65f19a18-97f85"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=P5mp%2B6q4zO9jlYZ3IJ2XWy1r%2F%2BJhezT4iGry8Rivzo%2BXQRBN2s8EOxJRJmN%2Fsrb5ujETXFLKIUG324EqiaxehF7u%2FM4NSeAb5aCSA9iwkpyo4Uf2I%2FSaYBUSs%2FBWa1yfyTZ0WXejDrg%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=43200
cf-ray
869dc47bc84a915e-FRA
alt-svc
h3=":443"; ma=86400
expires
Mon, 25 Mar 2024 21:10:23 GMT
index.1dcc6cba.js
hetug.top/static/js/
145 KB
52 KB
Script
General
Full URL
https://hetug.top/static/js/index.1dcc6cba.js
Requested by
Host: hetug.top
URL: https://hetug.top/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::6815:4197 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
abab2a51a9467e65fda6188df88ba2bdf2871a123880d92a84b5afd4a67e1b13

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://hetug.top/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 25 Mar 2024 09:10:23 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Wed, 13 Mar 2024 12:20:40 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"65f19a18-d4df"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lvQ6xWlipp1v4k5ymCD7%2FmBU84SckRmuJhv3ZtY9HJvZG7ZQWOI3T3NIbvX1ze2xZFbI%2FWKUcm8tuD6HeD5yf%2Bzq%2F9EPhwqDdUa%2FkqEfr1bU3pghEMIymq%2BNszFKLo6ywyevYrKtayo%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=43200
cf-ray
869dc47bc84d915e-FRA
alt-svc
h3=":443"; ma=86400
expires
Mon, 25 Mar 2024 21:10:23 GMT
pages-index-index~pages-index-preview.78d362fa.js
hetug.top/static/js/
909 KB
111 KB
Script
General
Full URL
https://hetug.top/static/js/pages-index-index~pages-index-preview.78d362fa.js
Requested by
Host: hetug.top
URL: https://hetug.top/static/js/index.1dcc6cba.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:4197 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b3ffe0db3dcaf66dbe5e7a47ac30ef3253b7eb628868a4ac4b5293b6d49652d9

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://hetug.top/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 25 Mar 2024 09:10:25 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Wed, 13 Mar 2024 12:20:40 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"65f19a18-271ec"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gYmeTEUFx3V2v4KUkYSj9C4rrLrhD%2F0WhKhmk2VjaCOn29gvdFjwG0w1wzpIBdhxtpfBKLaABIHpkCp4qq57MgrUIlI2xtOxhuFF7eMzVCGc%2BEjmodNdmGbAqzvws0qQ1rjPu8ulyM4%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=43200
cf-ray
869dc47ffa749b97-SIN
alt-svc
h3=":443"; ma=86400
expires
Mon, 25 Mar 2024 21:10:24 GMT
pages-index-index.7c69f75d.js
hetug.top/static/js/
127 KB
28 KB
Script
General
Full URL
https://hetug.top/static/js/pages-index-index.7c69f75d.js
Requested by
Host: hetug.top
URL: https://hetug.top/static/js/index.1dcc6cba.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:4197 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
914496013056d6ba406a82e490d9885ee331912af2519544045cd9a0b78cc82f

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://hetug.top/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 25 Mar 2024 09:10:24 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Wed, 13 Mar 2024 12:20:40 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"65f19a18-6db1"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EwyRdpDuwF0FA8yralMfKzQ49gXneiM%2FESTAIIyZJ%2FLyP3%2Bbeh64a0nRvgtO2sIFw7ym%2BQo%2BgodwUPQdVwKATYWmVn0na8R8UW9ph3zffmklBjzSXlkabFBg4GLG1huYulL52SACmwA%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=43200
cf-ray
869dc47ffa829b97-SIN
alt-svc
h3=":443"; ma=86400
expires
Mon, 25 Mar 2024 21:10:24 GMT
rate
hetug.top/api/common/
109 B
599 B
XHR
General
Full URL
https://hetug.top/api/common/rate
Requested by
Host: hetug.top
URL: https://hetug.top/static/js/chunk-vendors.3bbef372.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:4197 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
52fb65a4123bcc3ce36db92198150c7dd3b579873692f36f865efae9ec2d8984

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Accept-Language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded
lang
en
Referer
https://hetug.top/
token
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 25 Mar 2024 09:10:24 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
access-control-max-age
86400
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=A4OrTiEFGKAAnTiC3hJkNi40ajBASMd%2F0fIuO%2B7ApF59yfoZYJlJetNJWaLO32wNzyzuJMV6rOWjXRSPA4DkbwLpn%2BIc9tStdgkkV1aExOtgInWR7ZabaN7kiONF2%2B7UF7zhp7HfzDll2AI%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/json; charset=utf-8
access-control-allow-origin
https://hetug.top
access-control-expose-headers
__token__
access-control-allow-credentials
true
cf-ray
869dc4801aa79b97-SIN
alt-svc
h3=":443"; ma=86400
truncated
/
1 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0ccf8dd29c61715a6364ea9ec36d32c295e82ca837488590130c51cee298b7d3

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
re1.jpeg
hetug.top/static/img/
37 KB
37 KB
Image
General
Full URL
https://hetug.top/static/img/re1.jpeg
Requested by
Host: hetug.top
URL: https://hetug.top/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:4197 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8e61ba5d4c9fb12d461a8109d17ef9e13b5c66c19fbf92fbdb62c8e0e17e9bff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://hetug.top/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 25 Mar 2024 09:10:26 GMT
cf-cache-status
MISS
last-modified
Wed, 13 Mar 2024 12:20:40 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"65f19a18-93a8"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WzwwJ39H7UIvNF8u9g6qcmIHqPS%2Food3kbt1ctv0CYy88IYyWlnym78Nf6690rfbKvMQyZQhJrCKXxMuK8OtcdOHzYSZq61rCHq1Ym8W71AIe1i7wrf2BOpoUNhuwOVR64%2BPmNEgs88%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=2592000
cf-ray
869dc48ce97e9b97-SIN
alt-svc
h3=":443"; ma=86400
expires
Wed, 24 Apr 2024 09:10:26 GMT
favicon.svg
hetug.top/static/img/
556 B
760 B
Other
General
Full URL
https://hetug.top/static/img/favicon.svg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:4197 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7e5941f066b2070419995072dac7323c02d5ae107b23d8085772f232487fecae

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://hetug.top/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 25 Mar 2024 09:10:27 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Wed, 13 Mar 2024 12:20:40 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"65f19a18-22c"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=C5ccr6QahSFplnx8VYVA3c3wwa2FYiv9YyJ6gmbPcDhYPZoiYJhXYKWq%2BsdSMk2vsbgCqiLE6Z%2BcRHSqxZBeuq82JC%2BCkn0r8CtPtmrSi7iqh4Vnhk1Jp0yc2yYiebCOQ1RG9I21KSk%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
cache-control
max-age=14400
cf-ray
869dc493b90a9b97-SIN
alt-svc
h3=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Crypto (Crypto Exchange)

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onpagereveal object| webpackJsonp object| __uniConfig object| __uniRoutes function| UniApp object| UniViewJSBridge object| UniServiceJSBridge object| uni object| wx function| getApp function| getCurrentPages function| clearImmediate function| setImmediate object| regeneratorRuntime

0 Cookies