urlscan.io logo urlscan.io
SecurityTrails logo

www.he.net Open in urlscan Pro
216.218.236.2  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://nitrogen.he.net/
Effective URL: https://www.he.net/
Submission Tags: phishingrod
Submission: On July 22 via api from DE — Scanned from IT
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 1 countries across 5 domains to perform 12 HTTP transactions. The main IP is 216.218.236.2, located in Delta, United States and belongs to HURRICANE, US. The main domain is www.he.net.
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on January 26th 2024. Valid for: a year.
This is the only time www.he.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 65.49.73.2 6939 (HURRICANE)
6 216.218.236.2 6939 (HURRICANE)
1 172.217.18.8 15169 (GOOGLE)
1 142.250.186.40 15169 (GOOGLE)
1 216.58.212.162 15169 (GOOGLE)
1 142.250.184.196 15169 (GOOGLE)
12 6
2    65.49.73.2 (United States)

ASN6939 (HURRICANE, US)
PTR: nitrogen.he.net
nitrogen.he.net
6    216.218.236.2 (Delta, United States)

ASN6939 (HURRICANE, US)
PTR: he.net
www.he.net
1    172.217.18.8 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s22-in-f8.1e100.net
www.googletagmanager.com
1    142.250.186.40 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f8.1e100.net
ssl.google-analytics.com
1    216.58.212.162 (United States)

ASN15169 (GOOGLE, US)
PTR: ams15s22-in-f162.1e100.net
googleads.g.doubleclick.net
1    142.250.184.196 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f4.1e100.net
www.google.com
Apex Domain
Subdomains		 Transfer
8 he.net
nitrogen.he.net
www.he.net
131 KB
1 google.com
www.google.com — Cisco Umbrella Rank: 10
455 B
1 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 77
2 KB
1 google-analytics.com
ssl.google-analytics.com — Cisco Umbrella Rank: 951
17 KB
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 112
85 KB
12 5
Domain Requested by
6 www.he.net www.he.net
2 nitrogen.he.net
1 www.google.com www.he.net
1 googleads.g.doubleclick.net www.googletagmanager.com
1 ssl.google-analytics.com www.he.net
1 www.googletagmanager.com www.he.net
12 6

This site contains links to these domains. Also see Links.

Domain
faq.he.net
csp.he.net
ipv6.he.net
lg.he.net
tunnelbroker.net
dns.he.net
bgp.he.net
Subject Issuer Validity Valid
xray.he.net
R3		 2024-05-21 -
2024-08-19		 3 months crt.sh
*.he.net
Go Daddy Secure Certificate Authority - G2		 2024-01-26 -
2025-02-26		 a year crt.sh
*.google-analytics.com
WR2		 2024-06-24 -
2024-09-16		 3 months crt.sh
*.g.doubleclick.net
WR2		 2024-06-24 -
2024-09-16		 3 months crt.sh
www.google.com
WR2		 2024-06-24 -
2024-09-16		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://www.he.net/
Frame ID: 1B5FA54C36743F64B4A71EDFE4A8705E
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Hurricane Electric Internet Services - Internet Backbone and Colocation Provider

Page URL History Show full URLs

  1. https://nitrogen.he.net/ Page URL
  2. http://www.he.net/ HTTP 307
    https://www.he.net/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js

Page Statistics

12
Requests

100 %
HTTPS

0 %
IPv6

5
Domains

6
Subdomains

6
IPs

1
Countries

235 kB
Transfer

1737 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://nitrogen.he.net/ Page URL
  2. http://www.he.net/ HTTP 307
    https://www.he.net/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
nitrogen.he.net/ 		97 B
447 B 		Document
General
Check archive.org
Download Go to
Full URL
https://nitrogen.he.net/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
65.49.73.2 , United States, ASN6939 (HURRICANE, US),
Reverse DNS
nitrogen.he.net
Software
Apache/2.4.29 (Ubuntu) /
Resource Hash
eb0b2f211ab7b8d343437d2e22a0ef949f3ab170666abd14b912383b5307ab70

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Accept-Ranges
bytes
Connection
Keep-Alive
Content-Encoding
gzip
Content-Length
111
Content-Type
text/html
Date
Mon, 22 Jul 2024 03:58:04 GMT
ETag
"61-4681cb1d8efc0-gzip"
Keep-Alive
timeout=5, max=100
Last-Modified
Wed, 22 Apr 2009 03:52:39 GMT
Server
Apache/2.4.29 (Ubuntu)
Vary
Accept-Encoding
Primary Request /
www.he.net/
Redirect Chain
  • http://www.he.net/
  • https://www.he.net/
20 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.he.net/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
216.218.236.2 Delta, United States, ASN6939 (HURRICANE, US),
Reverse DNS
he.net
Software
Apache /
Resource Hash
73c3d4b79f953b1a35ea85b2b904b57b90d6ffe5e472fb2b0bc9595a6c987590
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options sameorigin

Request headers

Referer
https://nitrogen.he.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Accept-Ranges
bytes
Connection
Keep-Alive
Content-Encoding
gzip
Content-Length
5573
Content-Type
text/html
Date
Mon, 22 Jul 2024 03:58:05 GMT
Keep-Alive
timeout=5, max=100
Server
Apache
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Frame-Options
sameorigin

Redirect headers

Location
https://www.he.net/
Non-Authoritative-Reason
HttpsUpgrades
favicon.ico
nitrogen.he.net/ 		315 B
531 B 		Other
General
Check archive.org
Download Go to
Full URL
https://nitrogen.he.net/favicon.ico
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
65.49.73.2 , United States, ASN6939 (HURRICANE, US),
Reverse DNS
nitrogen.he.net
Software
Apache/2.4.29 (Ubuntu) /
Resource Hash

Request headers

Referer
https://nitrogen.he.net/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date
Mon, 22 Jul 2024 03:58:05 GMT
Server
Apache/2.4.29 (Ubuntu)
Connection
Keep-Alive
Keep-Alive
timeout=5, max=99
Content-Length
315
Content-Type
text/html; charset=iso-8859-1
js
www.googletagmanager.com/gtag/ 		237 KB
85 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-1068215855
Requested by
Host: www.he.net
URL: https://www.he.net/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.18.8 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s22-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
b9d1e1dece0c671ac73e569121fabc26749624366201f90b3def29688166a5af
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.he.net/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Mon, 22 Jul 2024 03:58:06 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
86238
x-xss-protection
0
last-modified
Mon, 22 Jul 2024 03:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Mon, 22 Jul 2024 03:58:06 GMT
helogo.gif
www.he.net/images/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.he.net/images/helogo.gif
Requested by
Host: www.he.net
URL: https://www.he.net/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
216.218.236.2 Delta, United States, ASN6939 (HURRICANE, US),
Reverse DNS
he.net
Software
Apache /
Resource Hash
13834f9f1468f97a38c50e47886b5aea03c929bc3b55b4e48ed7d5c516f6ec63
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options sameorigin

Request headers

Referer
https://www.he.net/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date
Mon, 22 Jul 2024 03:58:06 GMT
X-Content-Type-Options
nosniff
Last-Modified
Tue, 06 Nov 2001 20:27:42 GMT
Server
Apache
ETag
"109d-3921d10b2eb80"
X-Frame-Options
sameorigin
Content-Type
image/gif
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
4253
homepage-smallmap.png
www.he.net/images/ 		31 KB
31 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.he.net/images/homepage-smallmap.png
Requested by
Host: www.he.net
URL: https://www.he.net/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
216.218.236.2 Delta, United States, ASN6939 (HURRICANE, US),
Reverse DNS
he.net
Software
Apache /
Resource Hash
ac2837335b936036de2c54e37abbe28703968cfaf0ab268351db3a3508807e42
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options sameorigin

Request headers

Referer
https://www.he.net/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date
Mon, 22 Jul 2024 03:58:06 GMT
X-Content-Type-Options
nosniff
Last-Modified
Fri, 01 Mar 2024 08:01:48 GMT
Server
Apache
ETag
"7c71-61294c9ae3920"
X-Frame-Options
sameorigin
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
31857
3d-map-thumbnail-170px.gif
www.he.net/3d-map/images/ 		1 MB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.he.net/3d-map/images/3d-map-thumbnail-170px.gif
Requested by
Host: www.he.net
URL: https://www.he.net/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
216.218.236.2 Delta, United States, ASN6939 (HURRICANE, US),
Reverse DNS
he.net
Software
Apache /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options sameorigin

Request headers

Referer
https://www.he.net/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date
Mon, 22 Jul 2024 03:58:06 GMT
X-Content-Type-Options
nosniff
Last-Modified
Sun, 21 May 2017 18:46:01 GMT
Server
Apache
ETag
"192af7-5500d2a7a2c40"
X-Frame-Options
sameorigin
Content-Type
image/gif
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
1649399
homepage-smallcert.png
www.he.net/images/ 		40 KB
40 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.he.net/images/homepage-smallcert.png
Requested by
Host: www.he.net
URL: https://www.he.net/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
216.218.236.2 Delta, United States, ASN6939 (HURRICANE, US),
Reverse DNS
he.net
Software
Apache /
Resource Hash
79809fe44dd448292dcbdbcdabbf2971c40ef8d4cdd11c60ddfc6a624b99c4e8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options sameorigin

Request headers

Referer
https://www.he.net/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date
Mon, 22 Jul 2024 03:58:06 GMT
X-Content-Type-Options
nosniff
Last-Modified
Wed, 08 Apr 2009 20:15:18 GMT
Server
Apache
ETag
"a08e-46710ca4ca180"
X-Frame-Options
sameorigin
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
41102
homepage-smallcolo.png
www.he.net/images/ 		47 KB
48 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.he.net/images/homepage-smallcolo.png
Requested by
Host: www.he.net
URL: https://www.he.net/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
216.218.236.2 Delta, United States, ASN6939 (HURRICANE, US),
Reverse DNS
he.net
Software
Apache /
Resource Hash
736e56efc37ad17a6f0d40a9c987094cbb23e74291997e7175ce2ceb62d92d26
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options sameorigin

Request headers

Referer
https://www.he.net/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date
Mon, 22 Jul 2024 03:58:06 GMT
X-Content-Type-Options
nosniff
Last-Modified
Thu, 02 Apr 2009 19:06:15 GMT
Server
Apache
ETag
"bd76-46697204f37c0"
X-Frame-Options
sameorigin
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
48502
ga.js
ssl.google-analytics.com/ 		45 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ssl.google-analytics.com/ga.js
Requested by
Host: www.he.net
URL: https://www.he.net/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.40 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f8.1e100.net
Software
Golfe2 /
Resource Hash
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.he.net/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Mon, 22 Jul 2024 02:51:36 GMT
last-modified
Tue, 12 Dec 2023 18:09:08 GMT
server
Golfe2
age
3990
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
17168
expires
Mon, 22 Jul 2024 04:51:36 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/1068215855/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1068215855/?random=1721620686916&cv=11&fst=1721620686916&bg=ffffff&guid=ON&async=1&gtm=45be47h0v898168298za200&gcd=13l3l3l3l1&dma=0&tag_exp=95250752&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.he.net%2F&hn=www.googleadservices.com&frm=0&tiba=Hurricane%20Electric%20Internet%20Services%20-%20Internet%20Backbone%20and%20Colocation%20Provider&npa=0&pscdl=noapi&auid=2072260296.1721620687&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&data=event%3Dgtag.config&rfmt=3&fmt=4
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-1068215855
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.212.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
ams15s22-in-f162.1e100.net
Software
cafe /
Resource Hash
4ba7f15b4a9a4b2769cc9659e7c8a57fc727b2e6fafcd047d541b6572a8d8839
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.he.net/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 22 Jul 2024 03:58:07 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1403
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/1068215855/ 		42 B
455 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/1068215855/?random=1721620686916&cv=11&fst=1721617200000&bg=ffffff&guid=ON&async=1&gtm=45be47h0v898168298za200&gcd=13l3l3l3l1&dma=0&tag_exp=95250752&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.he.net%2F&hn=www.googleadservices.com&frm=0&tiba=Hurricane%20Electric%20Internet%20Services%20-%20Internet%20Backbone%20and%20Colocation%20Provider&npa=0&pscdl=noapi&auid=2072260296.1721620687&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&data=event%3Dgtag.config&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDaQooLB0uuZpXXQEqKjMvrsf_7aakYyGGjsA&random=1773510915&rmt_tld=0&ipr=y
Requested by
Host: www.he.net
URL: https://www.he.net/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.196 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s11-in-f4.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.he.net/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 22 Jul 2024 03:58:08 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

19 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| gtag object| dataLayer string| baseTitle function| findPage function| setVisibility function| toggleVisibility function| buildMenu function| buildTitle function| setTitle function| newWindow function| setCookie function| getCookie function| checkCookie string| gaJsHost object| _gat object| _gaq object| google_tag_manager object| google_tag_data object| GooglebQhCsO

4 Cookies

Domain/Path Name / Value
.he.net/ Name: tracker_referrer
Value: direct_reference
.he.net/ Name: tracker_landing
Value: https%3A//www.he.net/
.he.net/ Name: _gcl_au
Value: 1.1.2072260296.1721620687
.doubleclick.net/ Name: test_cookie
Value: CheckForPermission

1 Console Messages

Source Level URL
Text
network error URL: https://nitrogen.he.net/favicon.ico
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)