hb-dne.pages.dev Open in urlscan Pro
2606:4700:310c::ac42:2cf1  Malicious Activity! Public Scan

URL: https://hb-dne.pages.dev/
Submission: On February 18 via manual from QA — Scanned from DE

Summary

This website contacted 3 IPs in 1 countries across 3 domains to perform 5 HTTP transactions. The main IP is 2606:4700:310c::ac42:2cf1, located in United States and belongs to CLOUDFLARENET, US. The main domain is hb-dne.pages.dev.
TLS certificate: Issued by E1 on February 13th 2024. Valid for: 3 months.
This is the only time hb-dne.pages.dev was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Email (Online)

Domain & IP information

IP Address AS Autonomous System
1 2606:4700:310... 13335 (CLOUDFLAR...)
2 2606:4700::68... 13335 (CLOUDFLAR...)
2 2600:9000:225... 16509 (AMAZON-02)
5 3
Apex Domain
Subdomains
Transfer
2 imagekit.io
ik.imagekit.io — Cisco Umbrella Rank: 23993
183 KB
2 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 257
54 KB
1 pages.dev
hb-dne.pages.dev
2 KB
5 3
Domain Requested by
2 ik.imagekit.io hb-dne.pages.dev
2 cdnjs.cloudflare.com hb-dne.pages.dev
1 hb-dne.pages.dev
5 3

This site contains no links.

Subject Issuer Validity Valid
hb-dne.pages.dev
E1
2024-02-13 -
2024-05-13
3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2023-07-03 -
2024-07-02
a year crt.sh
*.imagekit.io
Amazon RSA 2048 M02
2024-01-23 -
2025-02-19
a year crt.sh

This page contains 1 frames:

Primary Page: https://hb-dne.pages.dev/
Frame ID: EE56B864E6402CD29B39ED1FE683F7C4
Requests: 5 HTTP requests in this frame

Screenshot

Page Title

Document

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href="[^"]*materialize(?:\.min)?\.css
  • materialize(?:\.min)?\.js

Page Statistics

5
Requests

100 %
HTTPS

100 %
IPv6

3
Domains

3
Subdomains

3
IPs

1
Countries

240 kB
Transfer

504 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
hb-dne.pages.dev/
6 KB
2 KB
Document
General
Full URL
https://hb-dne.pages.dev/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:310c::ac42:2cf1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ef7e6e02f213e034f7ccc6dba12b75ab18206da95143636348dca90a47f0ed9f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=0, must-revalidate
cf-ray
85743678fe96927a-FRA
content-encoding
br
content-type
text/html; charset=utf-8
date
Sun, 18 Feb 2024 06:28:55 GMT
etag
W/"1531a13ce00fd54c673af98123c2cb5d"
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Hh1hciulcNUMpxtUrJifpI%2Fq52549iYzXfmtTHDYV%2FmclOMgIH%2BHDsWnqIcDG%2BOBCVsoRlx%2FHSk6lSwk2dkgIxORKJcgz6326ujI%2BjxfLdhJfEVXvyViPKC69Jtls8MApr4EoeLlOJoDShAszWrY"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-content-type-options
nosniff
materialize.min.css
cdnjs.cloudflare.com/ajax/libs/materialize/1.0.0/css/
139 KB
17 KB
Stylesheet
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/materialize/1.0.0/css/materialize.min.css
Requested by
Host: hb-dne.pages.dev
URL: https://hb-dne.pages.dev/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3b079a3ff21ceabb15fa5cac7f24b887e2cceac470b8eddeb9361fafa335db88
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hb-dne.pages.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Sun, 18 Feb 2024 06:28:55 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
3330723
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
17475
last-modified
Mon, 04 May 2020 16:12:46 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03efe-22a11"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y1f4X9MiJ%2Fs2JrsZtjDVr6ZcLVMrj%2BljEhVksAat%2FZlurhZTVwxcPiO6t6AC7WodQXNDNSY74bAf6iCyDrMNWNhNKJ7yeaCIrWs8szMObeErHXqvrpNENt1Ufk3bOFZZZxkhy483SonkcuyQEHcSU0rL"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
85743679af211992-FRA
expires
Fri, 07 Feb 2025 06:28:55 GMT
Rolling-1s-200px__1__trHCWXy9jD.gif
ik.imagekit.io/escrowmade/
54 KB
55 KB
Image
General
Full URL
https://ik.imagekit.io/escrowmade/Rolling-1s-200px__1__trHCWXy9jD.gif
Requested by
Host: hb-dne.pages.dev
URL: https://hb-dne.pages.dev/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2250:8000:15:c281:3500:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
669c17cde38dd0ab9673de77a674c5b192e934399bbee3ebed65bd70b05bff5f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hb-dne.pages.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Thu, 01 Feb 2024 00:34:10 GMT
via
1.1 61c90c70feca5f532bf48bc0dc85d516.cloudfront.net (CloudFront), 1.1 db1cc9ceb7681bf2a56c0f22acac3a36.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P2
age
1490085
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
55202
x-request-id
b5219f3c-5455-4706-92bc-1607d368c509
last-modified
Sun, 31 Dec 2023 19:31:51 GMT
etag
"d536d58ea2f4cfe5d5b734e7893fb09e"
vary
Accept
access-control-allow-methods
GET
content-type
image/gif
access-control-allow-origin
*
cache-control
public, s-maxage=31536000, max-age=31536000, must-revalidate
x-server
ImageKit.io
timing-allow-origin
*
access-control-allow-headers
*
x-amz-cf-id
3ALUqGHdQOOpGaNe0RsUPMfW2cb6w44M9dk8fgqlC9ghmDXlSf-DhQ==
materialize.min.js
cdnjs.cloudflare.com/ajax/libs/materialize/1.0.0/js/
177 KB
37 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/materialize/1.0.0/js/materialize.min.js
Requested by
Host: hb-dne.pages.dev
URL: https://hb-dne.pages.dev/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
53f7070cc4c81c278c72f7a106fd71434e766cf49b26d6ee8b0e1003d7132b3d
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hb-dne.pages.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Sun, 18 Feb 2024 06:28:55 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
2112857
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
36877
last-modified
Mon, 04 May 2020 16:12:46 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03efe-2c375"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FrdviFGOLTmSqnnMmUko3G%2BYTAiD1FB3T%2FpQLw97ibcy2QGqnZV6Ki5P7WA1z3uYxyFr3Nm16wU47bGcKXUeneaBYmt4JoQMvoSCIpvj3F3kcPdVauHZgXQHDbvkVnYY%2F5F%2Byli%2BuD1phwNa5UQRj5tF"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
85743679af241992-FRA
expires
Fri, 07 Feb 2025 06:28:55 GMT
sfexpress.png
ik.imagekit.io/konxumwja/
128 KB
129 KB
Image
General
Full URL
https://ik.imagekit.io/konxumwja/sfexpress.png
Requested by
Host: hb-dne.pages.dev
URL: https://hb-dne.pages.dev/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2250:8000:15:c281:3500:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
7cc81bf35f576764bc9265478855982adfab503b0580184d1f37892b716559cc

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hb-dne.pages.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Thu, 08 Feb 2024 02:56:31 GMT
via
1.1 6278ee254a7d35c23aae5e936b5a56ee.cloudfront.net (CloudFront), 1.1 db1cc9ceb7681bf2a56c0f22acac3a36.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P2
age
876744
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
131206
x-request-id
00b6d52d-0c10-4117-9130-55e2cfc74982
etag
W/"20086-vOe5Yb922UYBlEUz+ZFUgUcA7C0"
vary
Accept
access-control-allow-methods
GET
content-type
image/webp
access-control-allow-origin
*
cache-control
public, s-maxage=31536000, max-age=31536000, must-revalidate
x-server
ImageKit.io
timing-allow-origin
*
access-control-allow-headers
*
x-amz-cf-id
HbruSj8zgmwNwNLEoiHo4JJw7sadUtsjjnMVpnLqFtLYeP5lp7RQEg==

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Email (Online)

16 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| _get function| _createClass function| _possibleConstructorReturn function| _inherits function| _classCallCheck function| Component function| docHandleKeydown function| docHandleKeyup function| docHandleFocus function| docHandleBlur function| getTime object| $jscomp object| $jscomp$this function| cash object| M object| Waves

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff