hb-dne.pages.dev Open in urlscan Pro
2606:4700:310c::ac42:2f0f  Malicious Activity! Public Scan

Submitted URL: http://hb-dne.pages.dev/
Effective URL: https://hb-dne.pages.dev/
Submission: On February 15 via api from US — Scanned from US

Summary

This website contacted 3 IPs in 1 countries across 3 domains to perform 5 HTTP transactions. The main IP is 2606:4700:310c::ac42:2f0f, located in United States and belongs to CLOUDFLARENET, US. The main domain is hb-dne.pages.dev.
TLS certificate: Issued by E1 on February 13th 2024. Valid for: 3 months.
This is the only time hb-dne.pages.dev was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Email (Online)

Domain & IP information

IP Address AS Autonomous System
1 2606:4700:310... 13335 (CLOUDFLAR...)
2 2606:4700::68... 13335 (CLOUDFLAR...)
2 2600:9000:215... 16509 (AMAZON-02)
5 3
Apex Domain
Subdomains
Transfer
2 imagekit.io
ik.imagekit.io — Cisco Umbrella Rank: 23993
178 KB
2 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 257
54 KB
1 pages.dev
hb-dne.pages.dev
2 KB
5 3
Domain Requested by
2 ik.imagekit.io hb-dne.pages.dev
2 cdnjs.cloudflare.com hb-dne.pages.dev
1 hb-dne.pages.dev
5 3

This site contains no links.

Subject Issuer Validity Valid
hb-dne.pages.dev
E1
2024-02-13 -
2024-05-13
3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2023-07-03 -
2024-07-02
a year crt.sh
*.imagekit.io
Amazon RSA 2048 M02
2024-01-23 -
2025-02-19
a year crt.sh

This page contains 1 frames:

Primary Page: https://hb-dne.pages.dev/
Frame ID: B4C40B0AA9FD5B835E8EFD69EC7DF033
Requests: 5 HTTP requests in this frame

Screenshot

Page Title

Document

Page URL History Show full URLs

  1. http://hb-dne.pages.dev/ HTTP 307
    https://hb-dne.pages.dev/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href="[^"]*materialize(?:\.min)?\.css
  • materialize(?:\.min)?\.js

Page Statistics

5
Requests

100 %
HTTPS

100 %
IPv6

3
Domains

3
Subdomains

3
IPs

1
Countries

235 kB
Transfer

499 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://hb-dne.pages.dev/ HTTP 307
    https://hb-dne.pages.dev/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
hb-dne.pages.dev/
Redirect Chain
  • http://hb-dne.pages.dev/
  • https://hb-dne.pages.dev/
6 KB
2 KB
Document
General
Full URL
https://hb-dne.pages.dev/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:310c::ac42:2f0f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ef7e6e02f213e034f7ccc6dba12b75ab18206da95143636348dca90a47f0ed9f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=0, must-revalidate
cf-ray
85608ea9db60334d-MIA
content-encoding
br
content-type
text/html; charset=utf-8
date
Thu, 15 Feb 2024 21:13:53 GMT
etag
W/"1531a13ce00fd54c673af98123c2cb5d"
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wUTp8tLUPSq4bPr4W6tWjNUPybFdqdzSi9k1BIJVit8HxY5qzZ5ZBxWnJASNmx%2B8mtAYeixOYN%2FHIBjfNjauWk14m0DcTVs6B%2BB1NqpG8lDP4XkWs2WONNhH8oVIT%2FbaASjq8coBGKJkERuWcQ25"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-content-type-options
nosniff

Redirect headers

Cross-Origin-Resource-Policy
Cross-Origin
Location
https://hb-dne.pages.dev/
Non-Authoritative-Reason
HSTS
materialize.min.css
cdnjs.cloudflare.com/ajax/libs/materialize/1.0.0/css/
139 KB
18 KB
Stylesheet
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/materialize/1.0.0/css/materialize.min.css
Requested by
Host: hb-dne.pages.dev
URL: https://hb-dne.pages.dev/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3b079a3ff21ceabb15fa5cac7f24b887e2cceac470b8eddeb9361fafa335db88
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://hb-dne.pages.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Thu, 15 Feb 2024 21:13:53 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
4451273
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
17475
last-modified
Mon, 04 May 2020 16:12:46 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03efe-22a11"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9b0UMjyAyelZPy8QuElhlNvO6hOGNx0lK1RmukhhQcjffrx6XEKrmLVyIJvYNfmt%2FqWMjmtUOsACYKnShEep6srqiAo%2B4gt%2Ba5xfQ81VOP0EwMPJnA%2FBJQb4svX%2BekQElZA5VkujlS%2FXm%2F1eaUsrJ7uG"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
85608eaaff29da8b-MIA
expires
Tue, 04 Feb 2025 21:13:53 GMT
Rolling-1s-200px__1__trHCWXy9jD.gif
ik.imagekit.io/escrowmade/
49 KB
50 KB
Image
General
Full URL
https://ik.imagekit.io/escrowmade/Rolling-1s-200px__1__trHCWXy9jD.gif
Requested by
Host: hb-dne.pages.dev
URL: https://hb-dne.pages.dev/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:215f:ae00:15:c281:3500:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
5273bfc1cb927d24da663c10c9b4ac457f9c0486b8061b5ef896bc19b110a1b0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://hb-dne.pages.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Mon, 18 Sep 2023 02:27:17 GMT
via
1.1 68a3b1d5c75429221abc685a453afb60.cloudfront.net (CloudFront), 1.1 d02136c452505f46a849d23f2fe25350.cloudfront.net (CloudFront)
x-amz-cf-pop
YUL62-C2
age
13027596
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
50139
x-request-id
d4d4f90f-83a6-4a24-bbc9-d18544d587c3
last-modified
Tue, 04 Apr 2023 18:11:31 GMT
etag
"eb89117f70bfcaad4b1490afe0f98ba4"
vary
Accept
access-control-allow-methods
GET
content-type
image/gif
access-control-allow-origin
*
cache-control
public, s-maxage=15552000, max-age=15552000, must-revalidate
x-server
ImageKit.io
timing-allow-origin
*
access-control-allow-headers
*
x-amz-cf-id
alekKLcwXJNyxYqDjb44DWR58tMoPmaAhAG-nR080HxlAqpAdx8EFA==
materialize.min.js
cdnjs.cloudflare.com/ajax/libs/materialize/1.0.0/js/
177 KB
36 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/materialize/1.0.0/js/materialize.min.js
Requested by
Host: hb-dne.pages.dev
URL: https://hb-dne.pages.dev/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
53f7070cc4c81c278c72f7a106fd71434e766cf49b26d6ee8b0e1003d7132b3d
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://hb-dne.pages.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Thu, 15 Feb 2024 21:13:53 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
8594429
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
36877
last-modified
Mon, 04 May 2020 16:12:46 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03efe-2c375"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9Njz8BLR26fYTgmf3jDZ2f%2BDP0VBTswPcp2Q3F%2Fcls34GeqGJ5KORET9%2FkYiQmD12puzM87Lp56kzm%2BtNxjo8%2BIVPYltZ3TpoEP2c%2BHPG0PHJ2%2FA%2FQ2tGKXKZHETsuBqaFnvRtFQMYHztWJSEknD1Ksw"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
85608eaaff30da8b-MIA
expires
Tue, 04 Feb 2025 21:13:53 GMT
sfexpress.png
ik.imagekit.io/konxumwja/
128 KB
129 KB
Image
General
Full URL
https://ik.imagekit.io/konxumwja/sfexpress.png
Requested by
Host: hb-dne.pages.dev
URL: https://hb-dne.pages.dev/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:215f:ae00:15:c281:3500:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
7cc81bf35f576764bc9265478855982adfab503b0580184d1f37892b716559cc

Request headers

accept-language
en-US,en;q=0.9
Referer
https://hb-dne.pages.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Wed, 07 Feb 2024 04:53:20 GMT
via
1.1 4715507645a6516d2df35cd342cb5be0.cloudfront.net (CloudFront), 1.1 d02136c452505f46a849d23f2fe25350.cloudfront.net (CloudFront)
x-amz-cf-pop
YUL62-C2
age
750033
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
131206
x-request-id
711e7ead-2288-4734-9d62-f4eda9abadda
etag
W/"20086-vOe5Yb922UYBlEUz+ZFUgUcA7C0"
vary
Accept
access-control-allow-methods
GET
content-type
image/webp
access-control-allow-origin
*
cache-control
public, s-maxage=31536000, max-age=31536000, must-revalidate
x-server
ImageKit.io
timing-allow-origin
*
access-control-allow-headers
*
x-amz-cf-id
i8MoJKDgNP7nTNamw9zfufuOCbOAe6F_myMLLTG23L8ECnUnnJD9qw==

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Email (Online)

16 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| _get function| _createClass function| _possibleConstructorReturn function| _inherits function| _classCallCheck function| Component function| docHandleKeydown function| docHandleKeyup function| docHandleFocus function| docHandleBlur function| getTime object| $jscomp object| $jscomp$this function| cash object| M object| Waves

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff