ScanMalware.com

Security Scan Report: hq.gofan.co

Redirected to:
https://auth.gofan.co/login?state=hKFo2SBqRGlKM1owRzFZcEdsZ2hkTE5qU3J5...
Submitted: May 8, 2026, 5:00:16 AMCompleted: May 8, 2026, 5:01:32 AMpubliccompleted
Loading additional data...

Summary

This website contacted 8 IPs in 2 countries across 8 domains to perform 27 HTTP transactions. The main domain is auth.gofan.co and was registered NaN years ago.

Submitted URL: https://hq.gofan.co

Effective URL: https://auth.gofan.co/login?state=hKFo2SBqRGlKM1owRzFZcEdsZ2hkTE5qU3J5M0tNQ0oxa3d0d6FupWxvZ2luo3RpZNkgVlYxRV9mQ3l4N054WlRNdVg3aGh0SW5DdHRmVnFBOUOjY2lk2SBBaVpmN2dMMnpmb1BXR2pRVUpWUGxOOGUxSGV5bVFPSw&client=AiZf7gL2zfoPWGjQUJVPlN8e1HeymQOK&protocol=oauth2&scope=openid%20profile%20email%20offline_access&audience=https%3A%2F%2Fingress.gofan.co&redirect_uri=https%3A%2F%2Fhq.gofan.co%2Flogin%2Fsuccess&response_type=code&response_mode=query&nonce=VXFNYlMwRGFRcFB3MmhuRW9mb0ZzQm1sfmpacW9lckxsbXdiekxXSUFmaw%3D%3D&code_challenge=UndfORV4AV8znyjL1iXkkuXSLFyJUxgtg1wj-leVNdY&code_challenge_method=S256&auth0Client=eyJuYW1lIjoiYXV0aDAtcmVhY3QiLCJ2ZXJzaW9uIjoiMi4xNS4xIn0%3DRedirected

The Cisco Umbrella rank of the primary domain is #90,403 of the top 1 million websites

AI Security Verdict

Moderate Risk

Confidence: 78%

5
Risk Score

The site is old and otherwise clean, but critical IDS alerts and heavily obfuscated JavaScript raise moderate malware risk; do not enter credentials.

Risk Factors
Critical IDS alerts indicating possible data exfiltration
Heavily obfuscated JavaScript code
Credential collection form on a site with unknown brand legitimacy
Safety Factors
Domain is over 10 years old
No known malicious Indicators of Compromise
No JavaScript YARA malware patterns detected
Cross‑origin form submission is a legitimate SSO flow
Domain age information unavailable

Details

Page Title

Sign In to PlayOn HQ

Scan Type

public

Language

🇺🇸

English

(52% confidence)

Category

entertainment media

(38%)

Domain Information

The domain 'hq.gofan.co' uses the Colombian country-code top-level domain (.co) and includes subdomain 'hq'. The registrable portion 'gofan' spans 5 characters containing two vowels alongside 3 consonants. Word splitting yields 3 words: g, of, an. Median word length comes out to 2 characters. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://hq.gofan.co

Page Load Overview

4.11s
Total Load Time
24
HTTP Requests
8
Domains
410 KB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:52%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:52%
Script Type:Latin
Text Length:266 chars
Detector Agreement:100%

Website Classification

Primary Category

entertainment media38% confidence
Type: static
Method: ml+structural

All Detected Categories

entertainment media
38%

Detected Features

No structural features detected

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
318.64.195.35United States
AS16509Amazon.com, Inc.
352.22.211.239Ashburn, Virginia, United States
AS14618Amazon.com, Inc.
3146.75.121.55Frankfurt am Main, Hesse, Germany
AS54113Fastly, Inc.
334.36.213.229Kansas City, Missouri, United States
AS396982Google LLC
316.15.183.142Ashburn, Virginia, United States
AS14618Amazon.com, Inc.
332.197.93.128Ashburn, Virginia, United States
AS14618Amazon.com, Inc.
3142.251.110.94United States
AS15169Google LLC
3172.64.144.74United States
AS13335Cloudflare, Inc.
248--

Detected Technologies3

X-UA-Compatible
100%
Cloudflare
50%
cdnjs
20%

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T1F032C78A96F3096B7D13A86927FFB2483724D0039405CE3A3FAC67488F95995C9273DD

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

192:3S6uzHEnv5RIpknp5PyaeSQBaeVYZJsMAzriGXicidNGko2kBoirE:/RKknppyaIBaVZ6LriGyESk7rE

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:11473:opCCC3GwOCVGVCEWQWpNEwZoghyR4HYtwGAxIhWqg2ALGJ5QJDAIwCjFNRmQbwZ4AQKQAiRAAAQICwfyJnFrnIgALILUuiYM

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:0018181818181800
Perceptual Hash:d9c86723323623cf
Difference Hash:8db2b2b2b2323204
Wavelet Hash:fdf9d8d8d8989880
Color Hash:#89e06c

Other Hashes

Crop Resistant:9e9eeaf4b29e3b33,8db2b2b2b2323204

Scan History

Scan history not available

Unable to load historical scan data