hetug.top
Open in
urlscan Pro
2606:4700:3035::6815:4197
Malicious Activity!
Public Scan
Submission: On March 25 via api from US — Scanned from DE
Summary
TLS certificate: Issued by GTS CA 1P5 on February 25th 2024. Valid for: 3 months.
This is the only time hetug.top was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Crypto (Crypto Exchange)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
9 | 2606:4700:303... 2606:4700:3035::6815:4197 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
9 | 2 |
Domain | Requested by | |
---|---|---|
9 | hetug.top |
hetug.top
|
9 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
hetug.top GTS CA 1P5 |
2024-02-25 - 2024-05-25 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://hetug.top/
Frame ID: B738D6AD20082BD6E8FE57A3DDCA5F1F
Requests: 10 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
9 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
hetug.top/ |
683 B 829 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index.css
hetug.top/static/ |
94 KB 25 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
chunk-vendors.3bbef372.js
hetug.top/static/js/ |
2 MB 584 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index.1dcc6cba.js
hetug.top/static/js/ |
145 KB 52 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
pages-index-index~pages-index-preview.78d362fa.js
hetug.top/static/js/ |
909 KB 111 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
pages-index-index.7c69f75d.js
hetug.top/static/js/ |
127 KB 28 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
rate
hetug.top/api/common/ |
109 B 599 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
re1.jpeg
hetug.top/static/img/ |
37 KB 37 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
favicon.svg
hetug.top/static/img/ |
556 B 760 B |
Other
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Crypto (Crypto Exchange)14 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onpagereveal object| webpackJsonp object| __uniConfig object| __uniRoutes function| UniApp object| UniViewJSBridge object| UniServiceJSBridge object| uni object| wx function| getApp function| getCurrentPages function| clearImmediate function| setImmediate object| regeneratorRuntime0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
hetug.top
2606:4700:3035::6815:4197
0ccf8dd29c61715a6364ea9ec36d32c295e82ca837488590130c51cee298b7d3
4861b47b1aa781633c53d7d8a674d0be1fb8e3e79876d75d9a8571b407416a14
52fb65a4123bcc3ce36db92198150c7dd3b579873692f36f865efae9ec2d8984
633c745a9a4cbacddd81d01b5a6ab92931582faa986f4788f7cb898659ea5f7c
7e5941f066b2070419995072dac7323c02d5ae107b23d8085772f232487fecae
892ed879ebe04951f95a8c1c54c76923c7d2081e0b438449e38143bfaa5758f3
8e61ba5d4c9fb12d461a8109d17ef9e13b5c66c19fbf92fbdb62c8e0e17e9bff
914496013056d6ba406a82e490d9885ee331912af2519544045cd9a0b78cc82f
abab2a51a9467e65fda6188df88ba2bdf2871a123880d92a84b5afd4a67e1b13
b3ffe0db3dcaf66dbe5e7a47ac30ef3253b7eb628868a4ac4b5293b6d49652d9