![](/screenshots/e0611d11-daac-4c5c-b1fd-da6c5ccc89a3.png)
hedwork.sbs
Open in
urlscan Pro
172.67.132.122
Malicious Activity!
Public Scan
Submission: On June 22 via api from BE — Scanned from DE
Summary
TLS certificate: Issued by GTS CA 1P5 on May 21st 2024. Valid for: 3 months.
This is the only time hedwork.sbs was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Cloudflare (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 7 | 172.67.132.122 172.67.132.122 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
16 | 2a00:1450:400... 2a00:1450:4001:80e::2016 | 15169 (GOOGLE) (GOOGLE) | |
1 | 104.17.25.14 104.17.25.14 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
23 | 4 |
ASN15169 (GOOGLE, US)
play-lh.googleusercontent.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
16 |
googleusercontent.com
play-lh.googleusercontent.com — Cisco Umbrella Rank: 534 |
4 MB |
7 |
hedwork.sbs
1 redirects
hedwork.sbs |
1 MB |
1 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 268 |
76 KB |
23 | 3 |
Domain | Requested by | |
---|---|---|
16 | play-lh.googleusercontent.com |
hedwork.sbs
|
7 | hedwork.sbs |
1 redirects
hedwork.sbs
|
1 | cdnjs.cloudflare.com |
hedwork.sbs
|
23 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
play.google.com |
www.youtube.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
hedwork.sbs GTS CA 1P5 |
2024-05-21 - 2024-08-19 |
3 months | crt.sh |
edgestatic.com WR2 |
2024-06-03 - 2024-08-26 |
3 months | crt.sh |
cdnjs.cloudflare.com E1 |
2024-06-02 - 2024-08-31 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://hedwork.sbs/
Frame ID: 755E92D671CDE8886284B5FC814D181A
Requests: 27 HTTP requests in this frame
Screenshot
![](/screenshots/e0611d11-daac-4c5c-b1fd-da6c5ccc89a3.png)
Page Title
RobloxPage URL History Show full URLs
- https://hedwork.sbs/ Page URL
-
https://hedwork.sbs/cdn-cgi/phish-bypass?atok=ATYcU6_6lf1ClDLPyd_zKhK3QMd4svafSB0csXPTPtw-171904...
HTTP 301
https://hedwork.sbs/ Page URL
Detected technologies
![](/vendor/wappa/icons/Font Awesome.png)
Detected patterns
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Page Statistics
2 Outgoing links
These are links going to different origins than the main page.
Title: App store
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://hedwork.sbs/ Page URL
-
https://hedwork.sbs/cdn-cgi/phish-bypass?atok=ATYcU6_6lf1ClDLPyd_zKhK3QMd4svafSB0csXPTPtw-1719043718-0.0.1.1-%2F
HTTP 301
https://hedwork.sbs/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
23 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H3 |
/
hedwork.sbs/ |
4 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
cf.errors.css
hedwork.sbs/cdn-cgi/styles/ |
23 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
icon-exclamation.png
hedwork.sbs/cdn-cgi/images/ |
452 B 634 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
favicon.ico
hedwork.sbs/ |
4 KB 1 KB |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Primary Request
/
hedwork.sbs/ Redirect Chain
|
2 MB 1019 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
WNWZaxi9RdJKe2GQM3vqXIAkk69mnIl4Cc8EyZcir2SKlVOxeUv9tZGfNTmNaLC717Ht=w50-h50-p
play-lh.googleusercontent.com/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
42o2UxL838Sd40WTybGEA7R2JR-umMAyBmTI_S0lCUQoIFRo4vGiiwkh9i-NLnFguiU
play-lh.googleusercontent.com/ |
233 KB 233 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
8 KB 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
8 KB 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
G_z_n75p61XXIJt4sUdcDG0PLNqOVo-5WRYC4joUgHeW-uXNuVvhJyAhS5FhRATAplM
play-lh.googleusercontent.com/ |
251 KB 251 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
42o2UxL838Sd40WTybGEA7R2JR-umMAyBmTI_S0lCUQoIFRo4vGiiwkh9i-NLnFguiU=w900-h500-p
play-lh.googleusercontent.com/ |
559 KB 559 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
t4KdVGs61HEVg6soJUXkVTXLmWEoK8fQP4tJS2hartD20PuD1vlDCJ7h5Tc-eqxN7TM
play-lh.googleusercontent.com/ |
261 KB 261 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
9O4kTJ6LNdH7dfhRfmiFiW92MTldhiD7fVeH_15aqk2jrjuN43i6Sj-mMz0CVcNRZ41f
play-lh.googleusercontent.com/ |
270 KB 270 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
08EmsP3h75MKzS1nKED2S3zNnW5yHDGDkJ1MrziVcdxb1aUCEDkIWlqwHhlNCGRCcS8
play-lh.googleusercontent.com/ |
233 KB 233 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
QAXfynov1Ps4th2dFBFPO5EavVRt1BE8EHS0L31MzgmLWZpumT5BIfct-80cGFYSAw
play-lh.googleusercontent.com/ |
224 KB 224 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
OLUKc-bdCMtpmsoZhMhT2NNNDazR-RUK1yDYyx7Ssgm0K5zF7EXO7Q2lSszegDAOAw
play-lh.googleusercontent.com/ |
184 KB 184 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
PtWYPKUa9aYKNOvF0Nb0xPJFGCgqkqroTi5j_fTC4bfw1hryZQ9d22wgrdDTnQuurw
play-lh.googleusercontent.com/ |
233 KB 233 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bXvv_SEb3XW4ueFAHe2JHAS4dEE8r3cPXiQU-8F9Tpgf6STujxTwFNHJ4Yi40j3yLA
play-lh.googleusercontent.com/ |
251 KB 251 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
7GGhHTfCtxnmIkGypwEJWH2nP_2LdodQTotyZ5Y7uetDM27mol-ddYNu8MEHZTkeNuq5
play-lh.googleusercontent.com/ |
261 KB 261 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
JiImUPYW2s2cTS_USyhZDiRs9OzuTwxSkqGsTSBvawku_OMa323QmDkVCqfma6xAz5E
play-lh.googleusercontent.com/ |
270 KB 270 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
R7z1fVsomb1OvixzyZzWcKR3j4lPlCi27P1EJ-a93QSuqJI3lOHydidxgPASYt3wxfY
play-lh.googleusercontent.com/ |
233 KB 233 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
PvMBPwnzKcezxNi_q36n7lWHQXMPvi42KDsTBuTT4ZEIJwf5SjPlgo2oh2avDWBbFnE
play-lh.googleusercontent.com/ |
224 KB 224 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
3QXghSccRPL5r2ruGDdNJ2YqLXEYGuuHfiD6Fw3anbgsk8zgXd15jpmHKjJgiIaZivYx
play-lh.googleusercontent.com/ |
184 KB 184 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
email-decode.min.js
hedwork.sbs/cdn-cgi/scripts/5c5dd728/cloudflare-static/ |
1 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
615 KB 615 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
fontawesome-webfont.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/ |
75 KB 76 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
54 KB 54 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Cloudflare (Online)22 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
undefined| event object| fence object| sharedStorage undefined| oldgs object| punchgs object| _gsScope object| ParallaxScroll function| $ function| jQuery undefined| oldgs_queue undefined| GreenSockGlobals undefined| _gsQueue function| EvEmitter function| imagesLoaded function| jQueryBridget function| getSize function| matchesSelector object| fizzyUIUtils function| Outlayer function| Isotope function| Masonry function| Swiper1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.hedwork.sbs/ | Name: __cf_mw_byp Value: ATYcU6_6lf1ClDLPyd_zKhK3QMd4svafSB0csXPTPtw-1719043718-0.0.1.1-/ |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Frame-Options | SAMEORIGIN |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdnjs.cloudflare.com
hedwork.sbs
play-lh.googleusercontent.com
104.17.25.14
172.67.132.122
2a00:1450:4001:80e::2016
00f9608b3cbbb28d65eca172de8b338e505e76c228ca385e25f3f6784e29552c
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
3c82914031141e67b455f4fc9e3dd49d176268cc38429c8bc0c8a96173434109
50f7d507f414194dc6a2c9c8fe6b15c9b220215e31711b09c85ed30c8fcdd0b8
537754c7b6ef0aded351273dbce0a7f62f1d1268388ff93ea2d71353ff456142
57942e391f8fa69cc4aa21ee040a084139aaa0d8f1e8385df2987d389997ce60
7f1a51dbc9ad29a0e5fb0c6b2a4607c439866a7d8bc01d542a213737ad06bb4a
8138aa1d582de69d277be062d9f1507406525f927b8de5357c9094eec5ed3dee
819eec574bee4dc146a59488498a9c56ab651ad81f4b5183269ad8a1cc154e5f
84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091
8b9698b125465728ebf25761db6f2ba7d113091e3251a7cfa2410ee40ea2b24c
8ef6937b4ca76a32f0b8a07d4c80f4451a64e6eeeba5514a0f7e0a729106ed3a
9f0566ee8e8104709b6f8e08617d963ff06f4ef225b1bbb05b6978a52236cffc
9fceb2e67011a89e7c77a8edee94fc785816f717b8a6faa1eb8a5bc9d4775f67
bf1694791b58019367c4bdfcbc4e85e9b2fc02e460b720cc1c9c0bcbe0bd4779
cb325e8d8cd3ad12e6455e9d2c08df3d2d13ac6ff063a1122973483e9cea9e96
ce2de61b9b186fb18fbf62e2c29ac18c1f5d23ba81fbc7b62d68d5063a2e48b5
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016
f16c5d27b9951b8df0ae94a44f75f7a36afdd30eea834bc4e49ac90751a10ba4