urlscan.io logo urlscan.io
SecurityTrails logo

hmawani.com Open in urlscan Pro
213.210.21.52  Public Scan

Go To Rescan Add Verdict Report
URL: http://hmawani.com/
Submission Tags: @ecarlesi possiblethreat phishing Search All
Submission: On October 14 via api from IT — Scanned from GB
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 6 HTTP transactions. The main IP is 213.210.21.52, located in Nottingham, United Kingdom and belongs to AS-HOSTINGER, CY. The main domain is hmawani.com.
This is the only time hmawani.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
4 213.210.21.52 47583 (AS-HOSTINGER)
1 34.166.75.139 396982 (GOOGLE-CL...)
1 3.70.101.28 16509 (AMAZON-02)
6 3
Apex Domain
Subdomains		 Transfer
4 hmawani.com
hmawani.com
212 KB
1 mui.com
mui.com — Cisco Umbrella Rank: 156602
9 KB
1 odoo.com
dessco-stagging-15003402.dev.odoo.com
1 KB
6 3
Domain Requested by
4 hmawani.com hmawani.com
1 mui.com
1 dessco-stagging-15003402.dev.odoo.com hmawani.com
6 3

This site contains no links.

Subject Issuer Validity Valid
*.dev.odoo.com
R11		 2024-08-07 -
2024-11-05		 3 months crt.sh
*.mui.com
E6		 2024-09-11 -
2024-12-10		 3 months crt.sh

This page contains 1 frames:

Primary Page: http://hmawani.com/
Frame ID: 461F5121A288932FCE1704ED1EF911CF
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

HM

Page URL History Show full URLs

  1. http://hmawani.com/ HTTP 307
    https://hmawani.com/ HTTP 307
    http://hmawani.com/ Page URL

Page Statistics

6
Requests

33 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

222 kB
Transfer

725 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://hmawani.com/ HTTP 307
    https://hmawani.com/ HTTP 307
    http://hmawani.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
hmawani.com/
Redirect Chain
  • http://hmawani.com/
  • https://hmawani.com/
  • http://hmawani.com/
637 B
821 B 		Document
General
Check archive.org
Download Go to
Full URL
http://hmawani.com/
Protocol
HTTP/1.1
Server
213.210.21.52 Nottingham, United Kingdom, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
srv615202.hstgr.cloud
Software
nginx /
Resource Hash
0fb3e34a2b9161af4fc69a0e275daee9affbc670498a21827d9dbc207cc23e85
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html
Date
Mon, 14 Oct 2024 21:13:02 GMT
ETag
W/"670b7a5a-27d"
Last-Modified
Sun, 13 Oct 2024 07:44:26 GMT
Referrer-Policy
same-origin
Server
nginx
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
X-Permitted-Cross-Domain-Policies
master-only
X-XSS-Protection
1; mode=block

Redirect headers

Location
http://hmawani.com/
Non-Authoritative-Reason
HttpsUpgrades
main.190036af.js
hmawani.com/static/js/ 		695 KB
204 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://hmawani.com/static/js/main.190036af.js
Requested by
Host: hmawani.com
URL: http://hmawani.com/
Protocol
HTTP/1.1
Server
213.210.21.52 Nottingham, United Kingdom, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
srv615202.hstgr.cloud
Software
nginx /
Resource Hash
1a4e884e9408e4a221387b8c0a0759bc80b1f9ab58535e2e4f1d6cc819319538

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
http://hmawani.com/

Response headers

Transfer-Encoding
chunked
Cache-Control
max-age=315360000
Content-Encoding
gzip
ETag
W/"670b7a61-ada54"
Connection
keep-alive
Expires
Thu, 31 Dec 2037 23:55:55 GMT
Access-Control-Allow-Origin
*
Date
Mon, 14 Oct 2024 21:13:02 GMT
Content-Type
application/javascript
Last-Modified
Sun, 13 Oct 2024 07:44:33 GMT
Server
nginx
Vary
Accept-Encoding
main.12d3b70f.css
hmawani.com/static/css/ 		15 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://hmawani.com/static/css/main.12d3b70f.css
Requested by
Host: hmawani.com
URL: http://hmawani.com/
Protocol
HTTP/1.1
Server
213.210.21.52 Nottingham, United Kingdom, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
srv615202.hstgr.cloud
Software
nginx /
Resource Hash
743333dc6db8337a2f9c284b06c77ca41e27577a500498da4e993868fb3b5e22

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
http://hmawani.com/

Response headers

Transfer-Encoding
chunked
Cache-Control
max-age=315360000
Content-Encoding
gzip
ETag
W/"670b7a5e-3bc1"
Connection
keep-alive
Expires
Thu, 31 Dec 2037 23:55:55 GMT
Access-Control-Allow-Origin
*
Date
Mon, 14 Oct 2024 21:13:02 GMT
Content-Type
text/css
Last-Modified
Sun, 13 Oct 2024 07:44:30 GMT
Server
nginx
Vary
Accept-Encoding
get_products
dessco-stagging-15003402.dev.odoo.com/ 		3 KB
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://dessco-stagging-15003402.dev.odoo.com/get_products?limit=5&page=1
Requested by
Host: hmawani.com
URL: http://hmawani.com/static/js/main.190036af.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.166.75.139 Dammam, Saudi Arabia, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
139.75.166.34.bc.googleusercontent.com
Software
Odoo.sh /
Resource Hash
28e3c555dd12e9cd6fb7b62315c40d2126209aeaa56c5283dd3ecde2f4541502
Security Headers
Name Value
Strict-Transport-Security max-age=600; includeSubDomains
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

strict-transport-security
max-age=600; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
access-control-allow-methods
GET
access-control-allow-origin
*
date
Mon, 14 Oct 2024 21:13:04 GMT
content-type
text/html; charset=utf-8
server
Odoo.sh
logo.png
mui.com/static/ 		8 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mui.com/static/logo.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.70.101.28 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-70-101-28.eu-central-1.compute.amazonaws.com
Software
Netlify /
Resource Hash
87d5051fc2e9c573490418a6b75cce4cd5b5773906972a3c9f5a9053c53cdda6
Security Headers
Name Value
Content-Security-Policy default-src * data: mediastream: blob: filesystem: about: ws: wss: 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-inline'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src-elem * data: blob: 'unsafe-inline'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; media-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors *;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

etag
"e3fa845c23621ba3eb19a28071fa9b95-ssl"
age
1647
x-content-type-options
nosniff
date
Mon, 14 Oct 2024 21:13:04 GMT
content-type
image/png
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
content-security-policy
default-src * data: mediastream: blob: filesystem: about: ws: wss: 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-inline'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src-elem * data: blob: 'unsafe-inline'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; media-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors *;
cache-control
public,max-age=0,must-revalidate
referrer-policy
strict-origin-when-cross-origin
accept-ranges
bytes
content-length
8233
x-nf-request-id
01JA6E185CY8A0P7KS8MGE2H36
cache-status
"Netlify Edge"; hit
x-xss-protection
1; mode=block
server
Netlify
favicon.ico
hmawani.com/ 		4 KB
4 KB 		Other
General
Check archive.org
Download Go to
Full URL
http://hmawani.com/favicon.ico
Protocol
HTTP/1.1
Server
213.210.21.52 Nottingham, United Kingdom, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
srv615202.hstgr.cloud
Software
nginx /
Resource Hash
3d10f7da6c603178340081668c4ac5b3ae9743ca9a262ab0fcd312fbb9f48bdd

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
http://hmawani.com/

Response headers

Cache-Control
max-age=315360000
ETag
"670b7a5a-f1e"
Connection
keep-alive
Expires
Thu, 31 Dec 2037 23:55:55 GMT
Accept-Ranges
bytes
Access-Control-Allow-Origin
*
Content-Length
3870
Date
Mon, 14 Oct 2024 21:13:04 GMT
Content-Type
image/x-icon
Last-Modified
Sun, 13 Oct 2024 07:44:26 GMT
Server
nginx
Vary
Accept-Encoding

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| webpackChunkhm_e_commerce string| __reactRouterVersion function| JsBarcode

0 Cookies

1 Console Messages

Source Level URL
Text
recommendation verbose URL: http://hmawani.com/
Message:
[DOM] Password field is not contained in a form: (More info: https://goo.gl/9p2vKq) %o

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block