www.safebrowse.io Open in urlscan Pro
2600:9000:21dd:4e00:2:bd35:ec40:93a1 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.safebrowse.io/warn.html?url=http
Submission: On January 03 via api (January 3rd 2024, 5:25:38 pm UTC) from US — Scanned from US

Summary HTTP 9 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 3 domains to perform 9 HTTP transactions. The main IP is 2600:9000:21dd:4e00:2:bd35:ec40:93a1, located in United States and belongs to AMAZON-02, US. The main domain is www.safebrowse.io. The Cisco Umbrella rank of the primary domain is 262819.
TLS certificate: Issued by COMODO RSA Organization Validation Se... on April 25th 2023. Valid for: a year.

This is the only time www.safebrowse.io was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Xfinity (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
8	2600:9000:21d... 2600:9000:21dd:4e00:2:bd35:ec40:93a1	16509 (AMAZON-02) (AMAZON-02)
1 1	2001:558:fe36... 2001:558:fe36:100::1c	7922 (COMCAST-7922) (COMCAST-7922)
1	2600:141b:1c0... 2600:141b:1c00:d8e::30d4	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
9	2

8 2600:9000:21dd:4e00:2:bd35:ec40:93a1 (United States)

ASN16509 (AMAZON-02, US)

www.safebrowse.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:558:fe36:100::1c (United States) 1 redirects

ASN7922 (COMCAST-7922, US)

edge.static-assets.top.comcast.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:141b:1c00:d8e::30d4 (Secaucus, United States)

ASN20940 (AKAMAI-ASN1, NL)

static.cimcontent.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	safebrowse.io www.safebrowse.io — Cisco Umbrella Rank: 262819	309 KB
1	cimcontent.net static.cimcontent.net — Cisco Umbrella Rank: 33486	27 KB
1	comcast.net 1 redirects edge.static-assets.top.comcast.net — Cisco Umbrella Rank: 75392	456 B
9	3

	Domain	Requested by
8	www.safebrowse.io	www.safebrowse.io
1	static.cimcontent.net	www.safebrowse.io
1	edge.static-assets.top.comcast.net	1 redirects
9	3

This site contains links to these domains. Also see Links.

Domain
http

Subject Issuer	Validity	Valid
*.safebrowse.io COMODO RSA Organization Validation Secure Server CA	`2023-04-25` - `2024-04-24`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://www.safebrowse.io/warn.html?url=http
Frame ID: B2159688C1842B1FFAC6A70F6338D18F
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Potential Threat Detected

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

9
Requests

89 %
HTTPS

100 %
IPv6

3
Domains

3
Subdomains

2
IPs

1
Countries

336 kB
Transfer

332 kB
Size

0
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: http://http/
Title: Proceed Anyway

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 7

https://edge.static-assets.top.comcast.net/staticsites/fonts/latest/Xfinity_Standard/XfinityStandard-Light.woff2 HTTP 301
https://static.cimcontent.net/staticsites/fonts/latest/Xfinity_Standard/XfinityStandard-Light.woff2

9 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request warn.html Show response www.safebrowse.io/	3 KB 4 KB	147ms 24ms	Document text/html	2600:9000:21dd:4e00:2:bd35:ec40:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.safebrowse.io/warn.html?url=http Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:21dd:4e00:2:bd35:ec40:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash `4dc02f52216eee33e946e81e21860f951e2f5d47b54a7615209b02071ce3480c` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 accept-language en-US,en;q=0.9 Response headers accept-ranges bytes age 50101 content-length 3397 content-type text/html date Wed, 03 Jan 2024 03:30:33 GMT etag "3156be07422242480a766e9bc39cf1a9" last-modified Tue, 21 Feb 2023 10:39:43 GMT server AmazonS3 via 1.1 a0b94a243c49df97658a8a3ea0fe2d20.cloudfront.net (CloudFront) x-amz-cf-id 6WRyh9uGGGsKytNBDRA0HivyKPglu1f5ZeYVNYtq656bzxRcV1Ls8A== x-amz-cf-pop EWR53-C2 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront
GET H2	200	theme-xdns-security.min.css www.safebrowse.io/css/	2 KB 3 KB	28ms 24ms	Stylesheet text/css	2600:9000:21dd:4e00:2:bd35:ec40:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.safebrowse.io/css/theme-xdns-security.min.css Requested by Host: www.safebrowse.io URL: https://www.safebrowse.io/warn.html?url=http Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:21dd:4e00:2:bd35:ec40:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash `ff8d1b0a7ac6581fb3038b5bae8c777b75d991a262b7692112063c0fccfa4eae` Request headers accept-language en-US,en;q=0.9 Referer https://www.safebrowse.io/warn.html?url=http User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 Response headers date Tue, 02 Jan 2024 22:03:49 GMT via 1.1 a0b94a243c49df97658a8a3ea0fe2d20.cloudfront.net (CloudFront) last-modified Tue, 21 Feb 2023 10:39:42 GMT server AmazonS3 x-amz-cf-pop EWR53-C2 age 69732 x-amz-server-side-encryption AES256 etag "ea8ec468b2faf4cb98701435443b0484" x-cache Hit from cloudfront content-type text/css accept-ranges bytes content-length 2533 x-amz-cf-id NjEXcAN0LxnOvFiwR8GN7L9YoocpgbUBz1r6BrxUkJ_MsuWOsYzY_g==
GET H2	200	jquery.js Show response www.safebrowse.io/js/jquery/	261 KB 262 KB	32ms 29ms	Script application/javascript	2600:9000:21dd:4e00:2:bd35:ec40:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.safebrowse.io/js/jquery/jquery.js Requested by Host: www.safebrowse.io URL: https://www.safebrowse.io/warn.html?url=http Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:21dd:4e00:2:bd35:ec40:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash `3f7988848629a37276f40ffca86c8f305fe29a635900e6a196e459c4e58e16e0` Request headers accept-language en-US,en;q=0.9 Referer https://www.safebrowse.io/warn.html?url=http User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 Response headers date Wed, 03 Jan 2024 08:03:20 GMT via 1.1 a0b94a243c49df97658a8a3ea0fe2d20.cloudfront.net (CloudFront) last-modified Tue, 21 Feb 2023 10:39:45 GMT server AmazonS3 x-amz-cf-pop EWR53-C2 age 33740 x-amz-server-side-encryption AES256 etag "2e7e62431f8e5b1f3eaca60016ab0acc" x-cache Hit from cloudfront content-type application/javascript accept-ranges bytes content-length 267316 x-amz-cf-id nhlvgRlhNcD0I3pya7wIfAbFApTNO6JHn7BiRGUNDmsqR3mkURkavA==
GET H2	200	class.min.js Show response www.safebrowse.io/js/class/	1 KB 1 KB	105ms 102ms	Script application/javascript	2600:9000:21dd:4e00:2:bd35:ec40:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.safebrowse.io/js/class/class.min.js Requested by Host: www.safebrowse.io URL: https://www.safebrowse.io/warn.html?url=http Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:21dd:4e00:2:bd35:ec40:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash `35d6e6e27335bc6aa9db9daa7ec1dd91d24dcf71ae080c127792d27404a78e58` Request headers accept-language en-US,en;q=0.9 Referer https://www.safebrowse.io/warn.html?url=http User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 Response headers date Wed, 03 Jan 2024 08:13:39 GMT via 1.1 a0b94a243c49df97658a8a3ea0fe2d20.cloudfront.net (CloudFront) last-modified Tue, 21 Feb 2023 10:39:42 GMT server AmazonS3 x-amz-cf-pop EWR53-C2 age 33115 x-amz-server-side-encryption AES256 etag "a5a92e382596afa5c3911a96a6d3a565" x-cache Hit from cloudfront content-type application/javascript accept-ranges bytes content-length 1077 x-amz-cf-id dljBVA39tZjr0vu_U_9PTh-SwdDKsx3ZWpTzGMWs6oJBX38wFq9xjQ==
GET H2	200	jquery.jquery-encoder.min.js Show response www.safebrowse.io/js/jquery-encoder/	14 KB 15 KB	106ms 103ms	Script application/javascript	2600:9000:21dd:4e00:2:bd35:ec40:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.safebrowse.io/js/jquery-encoder/jquery.jquery-encoder.min.js Requested by Host: www.safebrowse.io URL: https://www.safebrowse.io/warn.html?url=http Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:21dd:4e00:2:bd35:ec40:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash `f2bac02ac2474097a9f25cb37d52340787899944d4963f8b1ea9cf610cd33e30` Request headers accept-language en-US,en;q=0.9 Referer https://www.safebrowse.io/warn.html?url=http User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 Response headers date Wed, 03 Jan 2024 13:40:36 GMT via 1.1 a0b94a243c49df97658a8a3ea0fe2d20.cloudfront.net (CloudFront) last-modified Tue, 21 Feb 2023 10:39:42 GMT server AmazonS3 x-amz-cf-pop EWR53-C2 age 13498 x-amz-server-side-encryption AES256 etag "a531acac988426d0e9cfb8899370efb4" x-cache Hit from cloudfront content-type application/javascript accept-ranges bytes content-length 14551 x-amz-cf-id jmOLMO4flJ7NkHChvkM37sFzLkbvvqAFA9y2asvpjOILMtPru5QllQ==
GET H2	200	purify.min.js Show response www.safebrowse.io/js/dom-purify/	18 KB 18 KB	106ms 103ms	Script application/javascript	2600:9000:21dd:4e00:2:bd35:ec40:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.safebrowse.io/js/dom-purify/purify.min.js Requested by Host: www.safebrowse.io URL: https://www.safebrowse.io/warn.html?url=http Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:21dd:4e00:2:bd35:ec40:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash `2c5a2d264308f6c151d5dff66eb835371c50657bd14fcc907c25e0759391b445` Request headers accept-language en-US,en;q=0.9 Referer https://www.safebrowse.io/warn.html?url=http User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 Response headers date Wed, 03 Jan 2024 15:28:56 GMT via 1.1 a0b94a243c49df97658a8a3ea0fe2d20.cloudfront.net (CloudFront) last-modified Tue, 21 Feb 2023 10:39:42 GMT server AmazonS3 x-amz-cf-pop EWR53-C2 age 6998 x-amz-server-side-encryption AES256 etag "53f76b860eedb3705170d5da9372b2ac" x-cache Hit from cloudfront content-type application/javascript accept-ranges bytes content-length 17979 x-amz-cf-id Ff3ia_zJQLydxZ7qh89hlVrvc1rocG-d7foIen0w41cL9C7jQ7iGlg==
GET H2	200	warn.js Show response www.safebrowse.io/js/	2 KB 3 KB	107ms 104ms	Script application/javascript	2600:9000:21dd:4e00:2:bd35:ec40:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.safebrowse.io/js/warn.js Requested by Host: www.safebrowse.io URL: https://www.safebrowse.io/warn.html?url=http Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:21dd:4e00:2:bd35:ec40:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash `3d7c472344dda8575363db8b0e222fc1df6ea81fdf12ec791b925dc6027eaf90` Request headers accept-language en-US,en;q=0.9 Referer https://www.safebrowse.io/warn.html?url=http User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 Response headers date Wed, 03 Jan 2024 10:28:51 GMT via 1.1 a0b94a243c49df97658a8a3ea0fe2d20.cloudfront.net (CloudFront) last-modified Tue, 21 Feb 2023 10:39:42 GMT server AmazonS3 x-amz-cf-pop EWR53-C2 age 25002 etag "2a992c4387c94fd58edce472fc8c8c59" x-amz-server-side-encryption AES256 x-cache Hit from cloudfront content-type application/javascript accept-ranges bytes content-length 2255 x-amz-cf-id sIPqe9_hvSQXmhTW0x5AeaVEEowd7uJKZknnb5hd4v50Jf4Xwd_lSQ==
GET H2	200	icon_enhanced-security-no-threats.svg www.safebrowse.io/img/	4 KB 4 KB	107ms 104ms	Image image/svg+xml	2600:9000:21dd:4e00:2:bd35:ec40:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://www.safebrowse.io/img/icon_enhanced-security-no-threats.svg Requested by Host: www.safebrowse.io URL: https://www.safebrowse.io/warn.html?url=http Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:21dd:4e00:2:bd35:ec40:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash `200db542016a7037a6911f83c9cd51916b0e1e4416fc553faa76ec35cf6c1f57` Request headers accept-language en-US,en;q=0.9 Referer https://www.safebrowse.io/warn.html?url=http User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 Response headers date Wed, 03 Jan 2024 07:17:12 GMT via 1.1 a0b94a243c49df97658a8a3ea0fe2d20.cloudfront.net (CloudFront) last-modified Tue, 21 Feb 2023 10:39:42 GMT server AmazonS3 x-amz-cf-pop EWR53-C2 age 36501 x-amz-server-side-encryption AES256 etag "18e00b384972f311d8855ca60adb903e" x-cache Hit from cloudfront content-type image/svg+xml accept-ranges bytes content-length 3747 x-amz-cf-id RCjGD5OCT5p5khX8QqkxQFMcFHLeD0yWFraSHNtsds2HJoAWaLyXFA==
GET H2	200	XfinityStandard-Light.woff2 static.cimcontent.net/staticsites/fonts/latest/Xfinity_Standard/ Redirect Chain https://edge.static-assets.top.comcast.net/staticsites/fonts/latest/Xfinity_Standard/XfinityStandard-Light.woff2 https://static.cimcontent.net/staticsites/fonts/latest/Xfinity_Standard/XfinityStandard-Light.woff2	27 KB 27 KB	171ms 52ms	Font font/woff2	2600:141b:1c00:d8e::30d4 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://static.cimcontent.net/staticsites/fonts/latest/Xfinity_Standard/XfinityStandard-Light.woff2 Requested by Host: www.safebrowse.io URL: https://www.safebrowse.io/css/theme-xdns-security.min.css Protocol H2 Server 2600:141b:1c00:d8e::30d4 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software AmazonS3 / Resource Hash `fc6cd95261064c28600405c9c8dd51813abf8367e85b6e00f0f3031a8338988a` Request headers accept-language en-US,en;q=0.9 Referer https://www.safebrowse.io/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 Response headers x-amz-version-id wnCwOacXycelzt78IMkr55wWB9WkMd2W date Wed, 03 Jan 2024 17:25:34 GMT last-modified Fri, 24 Jan 2020 21:23:01 GMT server AmazonS3 x-amz-cf-pop EWR53-C2 etag "f05d3ebe80809d82ab14d62a79da544e" content-type font/woff2 access-control-allow-origin * cache-control max-age=1773317 accept-ranges bytes content-length 27420 x-amz-cf-id N8vMMisPo_vNqF4FX916t1IIDQuAcH0FPrmj9d6AFJws5qhDnMCD_Q== Redirect headers Date Wed, 03 Jan 2024 17:25:34 GMT Via http/1.1 cdn-ec-njs-355.eastwindsor.nj.panjde.comcast.net (61.f5518ec27.el8 [uSc s f p eN:tNc p s ]) Server 61.f5518ec27.el8 Content-Language en Location https://static.cimcontent.net/staticsites/fonts/latest/Xfinity_Standard/XfinityStandard-Light.woff2 Access-Control-Allow-Origin * Content-Type text/html Cache-Control no-store Connection keep-alive Content-Length 381

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Xfinity (Consumer)

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

edge.static-assets.top.comcast.net
static.cimcontent.net
www.safebrowse.io
2001:558:fe36:100::1c
2600:141b:1c00:d8e::30d4
2600:9000:21dd:4e00:2:bd35:ec40:93a1
200db542016a7037a6911f83c9cd51916b0e1e4416fc553faa76ec35cf6c1f57
2c5a2d264308f6c151d5dff66eb835371c50657bd14fcc907c25e0759391b445
35d6e6e27335bc6aa9db9daa7ec1dd91d24dcf71ae080c127792d27404a78e58
3d7c472344dda8575363db8b0e222fc1df6ea81fdf12ec791b925dc6027eaf90
3f7988848629a37276f40ffca86c8f305fe29a635900e6a196e459c4e58e16e0
4dc02f52216eee33e946e81e21860f951e2f5d47b54a7615209b02071ce3480c
f2bac02ac2474097a9f25cb37d52340787899944d4963f8b1ea9cf610cd33e30
fc6cd95261064c28600405c9c8dd51813abf8367e85b6e00f0f3031a8338988a
ff8d1b0a7ac6581fb3038b5bae8c777b75d991a262b7692112063c0fccfa4eae

www.safebrowse.io Open in urlscan Pro 2600:9000:21dd:4e00:2:bd35:ec40:93a1 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

9 Requests

89 %HTTPS

100 %IPv6

3 Domains

3 Subdomains

2 IPs

1 Countries

336 kBTransfer

332 kBSize

0 Cookies

1 Outgoing links

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

10 JavaScript Global Variables

0 Cookies

Indicators

www.safebrowse.io Open in urlscan Pro
2600:9000:21dd:4e00:2:bd35:ec40:93a1 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

89 %
HTTPS

100 %
IPv6

3
Domains

3
Subdomains

2
IPs

1
Countries

336 kB
Transfer

332 kB
Size

0
Cookies

9 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!