hedwork.sbs Open in urlscan Pro
172.67.132.122 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://hedwork.sbs/
Submission: On June 22 via api (June 22nd 2024, 8:08:49 am UTC) from BE — Scanned from DE

Summary HTTP 23 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 4 IPs in 3 countries across 3 domains to perform 23 HTTP transactions. The main IP is 172.67.132.122, located in United States and belongs to CLOUDFLARENET, US. The main domain is hedwork.sbs.
TLS certificate: Issued by GTS CA 1P5 on May 21st 2024. Valid for: 3 months.

This is the only time hedwork.sbs was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Cloudflare (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 7	172.67.132.122 172.67.132.122	13335 (CLOUDFLAR...) (CLOUDFLARENET)
16	2a00:1450:400... 2a00:1450:4001:80e::2016	15169 (GOOGLE) (GOOGLE)
1	104.17.25.14 104.17.25.14	13335 (CLOUDFLAR...) (CLOUDFLARENET)
23	4

7 172.67.132.122 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

hedwork.sbs	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2a00:1450:4001:80e::2016 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

play-lh.googleusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.17.25.14 (None, )

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
16	googleusercontent.com play-lh.googleusercontent.com — Cisco Umbrella Rank: 534	4 MB
7	hedwork.sbs 1 redirects hedwork.sbs	1 MB
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 268	76 KB
23	3

	Domain	Requested by
16	play-lh.googleusercontent.com	hedwork.sbs
7	hedwork.sbs	1 redirects hedwork.sbs
1	cdnjs.cloudflare.com	hedwork.sbs
23	3

This site contains links to these domains. Also see Links.

Domain
play.google.com
www.youtube.com

Subject Issuer	Validity	Valid
hedwork.sbs GTS CA 1P5	`2024-05-21` - `2024-08-19`	3 months	crt.sh
edgestatic.com WR2	`2024-06-03` - `2024-08-26`	3 months	crt.sh
cdnjs.cloudflare.com E1	`2024-06-02` - `2024-08-31`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://hedwork.sbs/
Frame ID: 755E92D671CDE8886284B5FC814D181A
Requests: 27 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Roblox

Page URL History Show full URLs

https://hedwork.sbs/ Page URL
https://hedwork.sbs/cdn-cgi/phish-bypass?atok=ATYcU6_6lf1ClDLPyd_zKhK3QMd4svafSB0csXPTPtw-171904... HTTP 301
https://hedwork.sbs/ Page URL

Detected technologies

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Page Statistics

23
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

4
IPs

3
Countries

5649 kB
Transfer

7107 kB
Size

1
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://play.google.com/store/apps/details?id=com.roblox.client&hl=ru&gl=US
Title: App store

Search URL Search Domain Scan URL

URL: https://www.youtube.com/watch?v=HsiMDb-mn5s

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://hedwork.sbs/ Page URL
https://hedwork.sbs/cdn-cgi/phish-bypass?atok=ATYcU6_6lf1ClDLPyd_zKhK3QMd4svafSB0csXPTPtw-1719043718-0.0.1.1-%2F HTTP 301
https://hedwork.sbs/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

23 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3 200 / Show response
hedwork.sbs/ 4 KB
2 KB 79ms
17ms Document
text/html 172.67.132.122
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hedwork.sbs/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.132.122 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9fceb2e67011a89e7c77a8edee94fc785816f717b8a6faa1eb8a5bc9d4775f67

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

cf-ray: 897ac068ad3c1d9e-FRA
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Sat, 22 Jun 2024 08:08:38 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=foG5nifWALbR%2BMpGqFwwkxl5iqRsylrtrwLr7cMb59xmmR0xC2ZfUB10zbxH5c9NDOeLuV7Sg6XWVAJ1pLHMmlbWEOO4KbQvtUtDYMbp8d%2FB%2F%2Fg5Tr5ALke89YmjOw%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-frame-options: SAMEORIGIN

GET
H3 200 cf.errors.css
hedwork.sbs/cdn-cgi/styles/ 23 KB
5 KB 15ms
15ms Stylesheet
text/css 172.67.132.122
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hedwork.sbs/cdn-cgi/styles/cf.errors.css

Requested by

Host: hedwork.sbs
URL: https://hedwork.sbs/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.132.122 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://hedwork.sbs/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 22 Jun 2024 08:08:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 19 Jun 2024 08:39:00 GMT
server: cloudflare
etag: W/"66729924-5df3"
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=7200, public
cf-ray: 897ac068cd7a1d9e-FRA
expires: Sat, 22 Jun 2024 10:08:38 GMT

GET
H3 200 icon-exclamation.png
hedwork.sbs/cdn-cgi/images/ 452 B
634 B 15ms
14ms Image
image/png 172.67.132.122
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://hedwork.sbs/cdn-cgi/images/icon-exclamation.png?1376755637

Requested by

Host: hedwork.sbs
URL: https://hedwork.sbs/cdn-cgi/styles/cf.errors.css

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.132.122 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://hedwork.sbs/cdn-cgi/styles/cf.errors.css
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 22 Jun 2024 08:08:38 GMT
x-content-type-options: nosniff
last-modified: Wed, 19 Jun 2024 08:39:00 GMT
server: cloudflare
etag: "66729924-1c4"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=7200, public
accept-ranges: bytes
cf-ray: 897ac068ed9a1d9e-FRA
content-length: 452
expires: Sat, 22 Jun 2024 10:08:38 GMT

GET
H3 200 favicon.ico
hedwork.sbs/ 4 KB
1 KB 437ms
437ms Other
image/x-icon 172.67.132.122
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hedwork.sbs/favicon.ico
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.132.122 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9f0566ee8e8104709b6f8e08617d963ff06f4ef225b1bbb05b6978a52236cffc

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://hedwork.sbs/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 22 Jun 2024 08:08:39 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Tue, 15 Jun 2021 16:57:49 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"60c8dc0d-10be"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=r%2Ftummds8r8TmnjJDFC0u7281MI60dvtN2ZHjAh9hImiU48isMlP1EtJW6UatOZyTw3kzMdm1IhT%2BxJsdvvX8z6QRHiSw3NtokduA6f%2FK0lgMJlCSjfbQtmj%2BTTr%2BA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/x-icon
cache-control: max-age=14400
cf-ray: 897ac0691de91d9e-FRA
alt-svc: h3=":443"; ma=86400

GET
H3

200

Primary Request / Show response
hedwork.sbs/
Redirect Chain

https://hedwork.sbs/cdn-cgi/phish-bypass?atok=ATYcU6_6lf1ClDLPyd_zKhK3QMd4svafSB0csXPTPtw-1719043718-0.0.1.1-%2F
https://hedwork.sbs/

2 MB
1019 KB

535ms
535ms

Document
text/html

172.67.132.122
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hedwork.sbs/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.132.122 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f16c5d27b9951b8df0ae94a44f75f7a36afdd30eea834bc4e49ac90751a10ba4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://hedwork.sbs/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-origin: *
access-control-expose-headers: Authorization
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 897ac07f587c1d9e-FRA
content-encoding: br
content-language: de-DE
content-type: text/html; charset=utf-8
date: Sat, 22 Jun 2024 08:08:42 GMT
expect-ct: max-age=0
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: no-referrer
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wvODO61jJdaSy5KarIFrPBV0RZRbQoS9bpLu17l6TQo7uYk6ftzpN2RUBWsMhS7fj3oYRvAEGBSqmaDK4Cqh0inzuWPofGOX1mmGZQ2J30DOnfMBRJ%2F0ICDLlt%2FrLA%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-xss-protection: 0

Redirect headers

cache-control: private, no-cache
cf-ray: 897ac07f485a1d9e-FRA
content-length: 167
content-type: text/html
date: Sat, 22 Jun 2024 08:08:42 GMT
location: https://hedwork.sbs/
server: cloudflare
x-content-type-options: nosniff
x-frame-options: DENY

GET
H2 200 WNWZaxi9RdJKe2GQM3vqXIAkk69mnIl4Cc8EyZcir2SKlVOxeUv9tZGfNTmNaLC717Ht=w50-h50-p
play-lh.googleusercontent.com/ 3 KB
3 KB 262ms
168ms Image
image/png 2a00:1450:4001:80e::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/WNWZaxi9RdJKe2GQM3vqXIAkk69mnIl4Cc8EyZcir2SKlVOxeUv9tZGfNTmNaLC717Ht=w50-h50-p

Requested by

Host: hedwork.sbs
URL: https://hedwork.sbs/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

8138aa1d582de69d277be062d9f1507406525f927b8de5357c9094eec5ed3dee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 22 Jun 2024 06:34:28 GMT
x-content-type-options: nosniff
age: 5656
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2911
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 23 Jun 2024 06:34:28 GMT

GET
H2 200 42o2UxL838Sd40WTybGEA7R2JR-umMAyBmTI_S0lCUQoIFRo4vGiiwkh9i-NLnFguiU
play-lh.googleusercontent.com/ 233 KB
233 KB 131ms
37ms Image
image/png 2a00:1450:4001:80e::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/42o2UxL838Sd40WTybGEA7R2JR-umMAyBmTI_S0lCUQoIFRo4vGiiwkh9i-NLnFguiU

Requested by

Host: hedwork.sbs
URL: https://hedwork.sbs/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

57942e391f8fa69cc4aa21ee040a084139aaa0d8f1e8385df2987d389997ce60

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 22 Jun 2024 05:28:18 GMT
x-content-type-options: nosniff
age: 9626
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 238604
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 23 Jun 2024 05:28:18 GMT

GET
DATA 200
OK truncated
/ 8 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8ef6937b4ca76a32f0b8a07d4c80f4451a64e6eeeba5514a0f7e0a729106ed3a

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
DATA 200
OK truncated
/ 8 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cb325e8d8cd3ad12e6455e9d2c08df3d2d13ac6ff063a1122973483e9cea9e96

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
H2 200 G_z_n75p61XXIJt4sUdcDG0PLNqOVo-5WRYC4joUgHeW-uXNuVvhJyAhS5FhRATAplM
play-lh.googleusercontent.com/ 251 KB
251 KB 256ms
162ms Image
image/png 2a00:1450:4001:80e::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/G_z_n75p61XXIJt4sUdcDG0PLNqOVo-5WRYC4joUgHeW-uXNuVvhJyAhS5FhRATAplM

Requested by

Host: hedwork.sbs
URL: https://hedwork.sbs/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

8b9698b125465728ebf25761db6f2ba7d113091e3251a7cfa2410ee40ea2b24c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 22 Jun 2024 05:28:18 GMT
x-content-type-options: nosniff
age: 9626
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 256776
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 23 Jun 2024 05:28:18 GMT

GET
H2 200 42o2UxL838Sd40WTybGEA7R2JR-umMAyBmTI_S0lCUQoIFRo4vGiiwkh9i-NLnFguiU=w900-h500-p
play-lh.googleusercontent.com/ 559 KB
559 KB 303ms
209ms Image
image/png 2a00:1450:4001:80e::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/42o2UxL838Sd40WTybGEA7R2JR-umMAyBmTI_S0lCUQoIFRo4vGiiwkh9i-NLnFguiU=w900-h500-p

Requested by

Host: hedwork.sbs
URL: https://hedwork.sbs/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

ce2de61b9b186fb18fbf62e2c29ac18c1f5d23ba81fbc7b62d68d5063a2e48b5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 22 Jun 2024 07:57:11 GMT
x-content-type-options: nosniff
age: 693
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 572114
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 23 Jun 2024 07:57:11 GMT

GET
H2 200 t4KdVGs61HEVg6soJUXkVTXLmWEoK8fQP4tJS2hartD20PuD1vlDCJ7h5Tc-eqxN7TM
play-lh.googleusercontent.com/ 261 KB
261 KB 293ms
200ms Image
image/png 2a00:1450:4001:80e::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/t4KdVGs61HEVg6soJUXkVTXLmWEoK8fQP4tJS2hartD20PuD1vlDCJ7h5Tc-eqxN7TM

Requested by

Host: hedwork.sbs
URL: https://hedwork.sbs/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

50f7d507f414194dc6a2c9c8fe6b15c9b220215e31711b09c85ed30c8fcdd0b8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 22 Jun 2024 05:28:18 GMT
x-content-type-options: nosniff
age: 9626
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 266809
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 23 Jun 2024 05:28:18 GMT

GET
H2 200 9O4kTJ6LNdH7dfhRfmiFiW92MTldhiD7fVeH_15aqk2jrjuN43i6Sj-mMz0CVcNRZ41f
play-lh.googleusercontent.com/ 270 KB
270 KB 343ms
250ms Image
image/png 2a00:1450:4001:80e::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/9O4kTJ6LNdH7dfhRfmiFiW92MTldhiD7fVeH_15aqk2jrjuN43i6Sj-mMz0CVcNRZ41f

Requested by

Host: hedwork.sbs
URL: https://hedwork.sbs/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

537754c7b6ef0aded351273dbce0a7f62f1d1268388ff93ea2d71353ff456142

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 22 Jun 2024 05:28:18 GMT
x-content-type-options: nosniff
age: 9626
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 276061
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 23 Jun 2024 05:28:18 GMT

GET
H2 200 08EmsP3h75MKzS1nKED2S3zNnW5yHDGDkJ1MrziVcdxb1aUCEDkIWlqwHhlNCGRCcS8
play-lh.googleusercontent.com/ 233 KB
233 KB 248ms
247ms Image
image/png 2a00:1450:4001:80e::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/08EmsP3h75MKzS1nKED2S3zNnW5yHDGDkJ1MrziVcdxb1aUCEDkIWlqwHhlNCGRCcS8

Requested by

Host: hedwork.sbs
URL: https://hedwork.sbs/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

7f1a51dbc9ad29a0e5fb0c6b2a4607c439866a7d8bc01d542a213737ad06bb4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 22 Jun 2024 05:28:18 GMT
x-content-type-options: nosniff
age: 9626
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 238604
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 23 Jun 2024 05:28:18 GMT

GET
H2 200 QAXfynov1Ps4th2dFBFPO5EavVRt1BE8EHS0L31MzgmLWZpumT5BIfct-80cGFYSAw
play-lh.googleusercontent.com/ 224 KB
224 KB 250ms
249ms Image
image/png 2a00:1450:4001:80e::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/QAXfynov1Ps4th2dFBFPO5EavVRt1BE8EHS0L31MzgmLWZpumT5BIfct-80cGFYSAw

Requested by

Host: hedwork.sbs
URL: https://hedwork.sbs/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

819eec574bee4dc146a59488498a9c56ab651ad81f4b5183269ad8a1cc154e5f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 22 Jun 2024 05:28:18 GMT
x-content-type-options: nosniff
age: 9626
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 229628
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 23 Jun 2024 05:28:18 GMT

GET
H2 200 OLUKc-bdCMtpmsoZhMhT2NNNDazR-RUK1yDYyx7Ssgm0K5zF7EXO7Q2lSszegDAOAw
play-lh.googleusercontent.com/ 184 KB
184 KB 253ms
253ms Image
image/png 2a00:1450:4001:80e::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/OLUKc-bdCMtpmsoZhMhT2NNNDazR-RUK1yDYyx7Ssgm0K5zF7EXO7Q2lSszegDAOAw

Requested by

Host: hedwork.sbs
URL: https://hedwork.sbs/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

3c82914031141e67b455f4fc9e3dd49d176268cc38429c8bc0c8a96173434109

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 22 Jun 2024 05:28:18 GMT
x-content-type-options: nosniff
age: 9626
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 188070
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 23 Jun 2024 05:28:18 GMT

GET
H2 200 PtWYPKUa9aYKNOvF0Nb0xPJFGCgqkqroTi5j_fTC4bfw1hryZQ9d22wgrdDTnQuurw
play-lh.googleusercontent.com/ 233 KB
233 KB 256ms
256ms Image
image/png 2a00:1450:4001:80e::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/PtWYPKUa9aYKNOvF0Nb0xPJFGCgqkqroTi5j_fTC4bfw1hryZQ9d22wgrdDTnQuurw

Requested by

Host: hedwork.sbs
URL: https://hedwork.sbs/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

57942e391f8fa69cc4aa21ee040a084139aaa0d8f1e8385df2987d389997ce60

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 22 Jun 2024 05:28:18 GMT
x-content-type-options: nosniff
age: 9626
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 238604
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 23 Jun 2024 05:28:18 GMT

GET
H2 200 bXvv_SEb3XW4ueFAHe2JHAS4dEE8r3cPXiQU-8F9Tpgf6STujxTwFNHJ4Yi40j3yLA
play-lh.googleusercontent.com/ 251 KB
251 KB 259ms
258ms Image
image/png 2a00:1450:4001:80e::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/bXvv_SEb3XW4ueFAHe2JHAS4dEE8r3cPXiQU-8F9Tpgf6STujxTwFNHJ4Yi40j3yLA

Requested by

Host: hedwork.sbs
URL: https://hedwork.sbs/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

8b9698b125465728ebf25761db6f2ba7d113091e3251a7cfa2410ee40ea2b24c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 22 Jun 2024 05:28:18 GMT
x-content-type-options: nosniff
age: 9626
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 256776
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 23 Jun 2024 05:28:18 GMT

GET
H2 200 7GGhHTfCtxnmIkGypwEJWH2nP_2LdodQTotyZ5Y7uetDM27mol-ddYNu8MEHZTkeNuq5
play-lh.googleusercontent.com/ 261 KB
261 KB 259ms
259ms Image
image/png 2a00:1450:4001:80e::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/7GGhHTfCtxnmIkGypwEJWH2nP_2LdodQTotyZ5Y7uetDM27mol-ddYNu8MEHZTkeNuq5

Requested by

Host: hedwork.sbs
URL: https://hedwork.sbs/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

50f7d507f414194dc6a2c9c8fe6b15c9b220215e31711b09c85ed30c8fcdd0b8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 22 Jun 2024 05:28:18 GMT
x-content-type-options: nosniff
age: 9626
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 266809
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 23 Jun 2024 05:28:18 GMT

GET
H2 200 JiImUPYW2s2cTS_USyhZDiRs9OzuTwxSkqGsTSBvawku_OMa323QmDkVCqfma6xAz5E
play-lh.googleusercontent.com/ 270 KB
270 KB 266ms
265ms Image
image/png 2a00:1450:4001:80e::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/JiImUPYW2s2cTS_USyhZDiRs9OzuTwxSkqGsTSBvawku_OMa323QmDkVCqfma6xAz5E

Requested by

Host: hedwork.sbs
URL: https://hedwork.sbs/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

537754c7b6ef0aded351273dbce0a7f62f1d1268388ff93ea2d71353ff456142

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 22 Jun 2024 05:28:18 GMT
x-content-type-options: nosniff
age: 9626
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 276061
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 23 Jun 2024 05:28:18 GMT

GET
H2 200 R7z1fVsomb1OvixzyZzWcKR3j4lPlCi27P1EJ-a93QSuqJI3lOHydidxgPASYt3wxfY
play-lh.googleusercontent.com/ 233 KB
233 KB 267ms
267ms Image
image/png 2a00:1450:4001:80e::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/R7z1fVsomb1OvixzyZzWcKR3j4lPlCi27P1EJ-a93QSuqJI3lOHydidxgPASYt3wxfY

Requested by

Host: hedwork.sbs
URL: https://hedwork.sbs/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

7f1a51dbc9ad29a0e5fb0c6b2a4607c439866a7d8bc01d542a213737ad06bb4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 22 Jun 2024 05:28:18 GMT
x-content-type-options: nosniff
age: 9626
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 238604
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 23 Jun 2024 05:28:18 GMT

GET
H2 200 PvMBPwnzKcezxNi_q36n7lWHQXMPvi42KDsTBuTT4ZEIJwf5SjPlgo2oh2avDWBbFnE
play-lh.googleusercontent.com/ 224 KB
224 KB 268ms
268ms Image
image/png 2a00:1450:4001:80e::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/PvMBPwnzKcezxNi_q36n7lWHQXMPvi42KDsTBuTT4ZEIJwf5SjPlgo2oh2avDWBbFnE

Requested by

Host: hedwork.sbs
URL: https://hedwork.sbs/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

819eec574bee4dc146a59488498a9c56ab651ad81f4b5183269ad8a1cc154e5f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 22 Jun 2024 05:28:18 GMT
x-content-type-options: nosniff
age: 9626
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 229628
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 23 Jun 2024 05:28:18 GMT

GET
H2 200 3QXghSccRPL5r2ruGDdNJ2YqLXEYGuuHfiD6Fw3anbgsk8zgXd15jpmHKjJgiIaZivYx
play-lh.googleusercontent.com/ 184 KB
184 KB 269ms
269ms Image
image/png 2a00:1450:4001:80e::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/3QXghSccRPL5r2ruGDdNJ2YqLXEYGuuHfiD6Fw3anbgsk8zgXd15jpmHKjJgiIaZivYx

Requested by

Host: hedwork.sbs
URL: https://hedwork.sbs/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

3c82914031141e67b455f4fc9e3dd49d176268cc38429c8bc0c8a96173434109

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 22 Jun 2024 05:28:18 GMT
x-content-type-options: nosniff
age: 9626
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 188070
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 23 Jun 2024 05:28:18 GMT

GET
H3 200 email-decode.min.js Show response
hedwork.sbs/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 19ms
17ms Script
application/javascript 172.67.132.122
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hedwork.sbs/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: hedwork.sbs
URL: https://hedwork.sbs/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.132.122 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 22 Jun 2024 08:08:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 19 Jun 2024 08:39:32 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"66729944-4d7"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bIjiO98pUN7isBpLKMj9bBldtp2z1BI%2FwWsKoaVldnefqcBSMpv7v5SA%2BoeXD7NpWLsIN2V0bY1Nwe2MF2fo8nPrAjvGktObApiL%2FGq1WUZ9mGVO2vsDSUP%2FOcEFbA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-frame-options: DENY
cache-control: max-age=172800, public
cf-ray: 897ac08b8b941d9e-FRA
expires: Mon, 24 Jun 2024 08:08:44 GMT

GET
DATA 200
OK truncated
/ 615 KB
615 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 00f9608b3cbbb28d65eca172de8b338e505e76c228ca385e25f3f6784e29552c

Request headers

Referer
Origin: https://hedwork.sbs
Accept-Language: de-DE,de;q=0.9;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: application/font-woff

GET
H3 200 fontawesome-webfont.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/ 75 KB
76 KB 37ms
24ms Font
application/octet-stream 104.17.25.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2

Requested by

Host: hedwork.sbs
URL: https://hedwork.sbs/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://hedwork.sbs/
Origin: https://hedwork.sbs
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 22 Jun 2024 08:08:44 GMT
strict-transport-security: max-age=15780000
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 3634
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 77160
last-modified: Mon, 04 May 2020 16:10:07 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e5f-12d68"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BBixlCayTaykKdr8GxW%2BJwSQRtqK4zyP2OvfEgs2peBTrRhXvImBMA7hd94NFZQX25ST7S4x7GbSLeok75LRYq%2BtgguETAKEOXsoipddhOINUX%2FZAEKh8%2FIddCJsgeIr6VNvXUcv"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 897ac08bdb6a5c02-FRA
expires: Thu, 12 Jun 2025 08:08:44 GMT

GET
DATA 200
OK truncated
/ 54 KB
54 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bf1694791b58019367c4bdfcbc4e85e9b2fc02e460b720cc1c9c0bcbe0bd4779

Request headers

Referer
Origin: https://hedwork.sbs
Accept-Language: de-DE,de;q=0.9;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: application/font-woff

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Cloudflare (Online)

22 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.hedwork.sbs/	1970-01-20 21:32:10	Name: __cf_mw_byp Value: ATYcU6_6lf1ClDLPyd_zKhK3QMd4svafSB0csXPTPtw-1719043718-0.0.1.1-/

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdnjs.cloudflare.com
hedwork.sbs
play-lh.googleusercontent.com
104.17.25.14
172.67.132.122
2a00:1450:4001:80e::2016
00f9608b3cbbb28d65eca172de8b338e505e76c228ca385e25f3f6784e29552c
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
3c82914031141e67b455f4fc9e3dd49d176268cc38429c8bc0c8a96173434109
50f7d507f414194dc6a2c9c8fe6b15c9b220215e31711b09c85ed30c8fcdd0b8
537754c7b6ef0aded351273dbce0a7f62f1d1268388ff93ea2d71353ff456142
57942e391f8fa69cc4aa21ee040a084139aaa0d8f1e8385df2987d389997ce60
7f1a51dbc9ad29a0e5fb0c6b2a4607c439866a7d8bc01d542a213737ad06bb4a
8138aa1d582de69d277be062d9f1507406525f927b8de5357c9094eec5ed3dee
819eec574bee4dc146a59488498a9c56ab651ad81f4b5183269ad8a1cc154e5f
84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091
8b9698b125465728ebf25761db6f2ba7d113091e3251a7cfa2410ee40ea2b24c
8ef6937b4ca76a32f0b8a07d4c80f4451a64e6eeeba5514a0f7e0a729106ed3a
9f0566ee8e8104709b6f8e08617d963ff06f4ef225b1bbb05b6978a52236cffc
9fceb2e67011a89e7c77a8edee94fc785816f717b8a6faa1eb8a5bc9d4775f67
bf1694791b58019367c4bdfcbc4e85e9b2fc02e460b720cc1c9c0bcbe0bd4779
cb325e8d8cd3ad12e6455e9d2c08df3d2d13ac6ff063a1122973483e9cea9e96
ce2de61b9b186fb18fbf62e2c29ac18c1f5d23ba81fbc7b62d68d5063a2e48b5
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016
f16c5d27b9951b8df0ae94a44f75f7a36afdd30eea834bc4e49ac90751a10ba4

hedwork.sbs Open in urlscan Pro 172.67.132.122 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

23 Requests

100 %HTTPS

33 %IPv6

3 Domains

3 Subdomains

4 IPs

3 Countries

5649 kBTransfer

7107 kBSize

1 Cookies

2 Outgoing links

Page URL History

Redirected requests

23 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

hedwork.sbs Open in urlscan Pro
172.67.132.122 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

23
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

4
IPs

3
Countries

5649 kB
Transfer

7107 kB
Size

1
Cookies

23 HTTP transactions
4 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!