urlscan.io logo urlscan.io
SecurityTrails logo

github.demo-corp.xyz Open in urlscan Pro
18.223.44.65  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://github.demo-corp.xyz/
Effective URL: https://github.demo-corp.xyz/login.html
Submission: On October 19 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 1 countries across 3 domains to perform 14 HTTP transactions. The main IP is 18.223.44.65, located in Columbus, United States and belongs to AMAZON-02, US. The main domain is github.demo-corp.xyz.
TLS certificate: Issued by R3 on September 30th 2021. Valid for: 3 months.
This is the only time github.demo-corp.xyz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: GitHub (Online)

Domain & IP information

IP Address AS Autonomous System
1 2 18.223.44.65 16509 (AMAZON-02)
12 185.199.109.154 54113 (FASTLY)
1 54.209.144.115 14618 (AMAZON-AES)
14 3
Apex Domain
Subdomains		 Transfer
12 githubassets.com
github.githubassets.com
331 KB
2 demo-corp.xyz
github.demo-corp.xyz
8 KB
1 githubapp.com
collector.githubapp.com
656 B
14 3
Domain Requested by
12 github.githubassets.com github.demo-corp.xyz
github.githubassets.com
2 github.demo-corp.xyz 1 redirects
1 collector.githubapp.com
14 3

This site contains links to these domains. Also see Links.

Domain
docs.github.com
github.com
Subject Issuer Validity Valid
github.demo-corp.xyz
R3		 2021-09-30 -
2021-12-29		 3 months crt.sh
*.githubassets.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-10-12 -
2022-10-12		 a year crt.sh
*.githubapp.com
DigiCert SHA2 High Assurance Server CA		 2020-04-16 -
2022-05-18		 2 years crt.sh

This page contains 1 frames:

Primary Page: https://github.demo-corp.xyz/login.html
Frame ID: AE183522C4A44CC0C51ED02C314795B3
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Sign in to GitHub ยท GitHub

Page URL History Show full URLs

  1. https://github.demo-corp.xyz/ HTTP 302
    https://github.demo-corp.xyz/login.html Page URL

Page Statistics

14
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

1
Countries

339 kB
Transfer

1910 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://github.demo-corp.xyz/ HTTP 302
    https://github.demo-corp.xyz/login.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request login.html
github.demo-corp.xyz/
Redirect Chain
  • https://github.demo-corp.xyz/
  • https://github.demo-corp.xyz/login.html
22 KB
7 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://github.demo-corp.xyz/login.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
18.223.44.65 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-223-44-65.us-east-2.compute.amazonaws.com
Software
Apache/2.4.41 (Ubuntu) /
Resource Hash
6a2ef161c935182e9553ef2af0d23b8e94e533558aac2500562c64d29adbc0e2

Request headers

Host
github.demo-corp.xyz
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

Date
Tue, 19 Oct 2021 16:31:32 GMT
Server
Apache/2.4.41 (Ubuntu)
Host
github.demo-corp.xyz
Content-Type
text/html; charset=UTF-8
Vary
Accept-Encoding
Content-Encoding
gzip
Keep-Alive
timeout=5, max=99
Connection
Keep-Alive
Transfer-Encoding
chunked

Redirect headers

Date
Tue, 19 Oct 2021 16:31:32 GMT
Server
Apache/2.4.41 (Ubuntu)
Host
github.demo-corp.xyz
X-Powered-By
PHP/7.4.3
Location
login.html
Content-type
text/html; charset=UTF-8
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Transfer-Encoding
chunked
frameworks-93d34cfdadb1618eb00917161bb7f744.css
github.githubassets.com/assets/ 		430 KB
40 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://github.githubassets.com/assets/frameworks-93d34cfdadb1618eb00917161bb7f744.css
Requested by
Host: github.demo-corp.xyz
URL: https://github.demo-corp.xyz/login.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.199.109.154 , United States, ASN54113 (FASTLY, US),
Reverse DNS
cdn-185-199-109-154.github.com
Software
AmazonS3 /
Resource Hash
26f9aab378d6f0787ac4abeb77d36872242cce6c1fb749694f2b951b7e03ee04
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://github.demo-corp.xyz/
Origin
https://github.demo-corp.xyz
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-fastly-request-id
6e1f142067ab60fe86ebde3a31be704215c01848
date
Tue, 19 Oct 2021 16:31:32 GMT
content-encoding
gzip
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
age
2271635
x-cache
HIT, HIT
strict-transport-security
max-age=31536000
content-length
41193
via
1.1 varnish, 1.1 varnish
x-served-by
cache-dca17772-DCA, cache-fra19133-FRA
last-modified
Mon, 25 Jan 2021 21:12:35 GMT
server
AmazonS3
etag
"dab5fb0c843979206c170c3725e2377f"
access-control-max-age
3600
access-control-allow-methods
GET
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
x-cache-hits
1, 1
site-6547fa2bebd0a8c63e461573691982cb.css
github.githubassets.com/assets/ 		381 KB
54 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://github.githubassets.com/assets/site-6547fa2bebd0a8c63e461573691982cb.css
Requested by
Host: github.demo-corp.xyz
URL: https://github.demo-corp.xyz/login.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.199.109.154 , United States, ASN54113 (FASTLY, US),
Reverse DNS
cdn-185-199-109-154.github.com
Software
AmazonS3 /
Resource Hash
fc6ed4abfdd575ff047279687ed805021f39e808a938b8bc24da7200ec277b2a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://github.demo-corp.xyz/
Origin
https://github.demo-corp.xyz
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-fastly-request-id
f2cc7460176e892fc0f9ba5206e244275eba83aa
date
Tue, 19 Oct 2021 16:31:32 GMT
content-encoding
gzip
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
age
1679293
x-cache
HIT, HIT
strict-transport-security
max-age=31536000
content-length
55005
via
1.1 varnish, 1.1 varnish
x-served-by
cache-dca17747-DCA, cache-fra19133-FRA
last-modified
Mon, 25 Jan 2021 21:12:42 GMT
server
AmazonS3
etag
"ae675425d0062b02fc38952af144dd81"
access-control-max-age
3600
access-control-allow-methods
GET
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
x-cache-hits
1, 1
behaviors-9a6d928a0cc4b9d03dc52f27ca22afa4.css
github.githubassets.com/assets/ 		210 KB
33 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://github.githubassets.com/assets/behaviors-9a6d928a0cc4b9d03dc52f27ca22afa4.css
Requested by
Host: github.demo-corp.xyz
URL: https://github.demo-corp.xyz/login.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.199.109.154 , United States, ASN54113 (FASTLY, US),
Reverse DNS
cdn-185-199-109-154.github.com
Software
AmazonS3 /
Resource Hash
d986e51d1b6e11f8f2551ee33411a615404b5223b8ffdbd99eb6474ac1fe973a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://github.demo-corp.xyz/
Origin
https://github.demo-corp.xyz
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-fastly-request-id
bc1f3c8edf8287a1ab80ef4eb7655c703b8b097f
date
Tue, 19 Oct 2021 16:31:32 GMT
content-encoding
gzip
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
age
2251160
x-cache
HIT, HIT
strict-transport-security
max-age=31536000
content-length
33552
via
1.1 varnish, 1.1 varnish
x-served-by
cache-dca17744-DCA, cache-fra19133-FRA
last-modified
Thu, 28 Jan 2021 01:13:27 GMT
server
AmazonS3
etag
"86ba7072742a118e464d76ec47dc4aba"
access-control-max-age
3600
access-control-allow-methods
GET
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
x-cache-hits
1, 1
github-003c4118ffbf123b9fde175f5edd433c.css
github.githubassets.com/assets/ 		383 KB
66 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://github.githubassets.com/assets/github-003c4118ffbf123b9fde175f5edd433c.css
Requested by
Host: github.demo-corp.xyz
URL: https://github.demo-corp.xyz/login.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.199.109.154 , United States, ASN54113 (FASTLY, US),
Reverse DNS
cdn-185-199-109-154.github.com
Software
AmazonS3 /
Resource Hash
309ceeb31381734297f40a4db700d680cfdd3d4a530d0577a8b71eec9b8214f0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://github.demo-corp.xyz/
Origin
https://github.demo-corp.xyz
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-fastly-request-id
c2a758110a4828ac39a1592ca5b03dd61c341651
date
Tue, 19 Oct 2021 16:31:32 GMT
content-encoding
gzip
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
age
1712438
x-cache
HIT, HIT
strict-transport-security
max-age=31536000
content-length
67409
via
1.1 varnish, 1.1 varnish
x-served-by
cache-dca17765-DCA, cache-fra19133-FRA
last-modified
Tue, 26 Jan 2021 01:05:38 GMT
server
AmazonS3
etag
"e6e27a0f3ed8daca72557cec7bc6b4c8"
access-control-max-age
3600
access-control-allow-methods
GET
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
x-cache-hits
1, 5
environment-f0adafbf.js
github.githubassets.com/assets/ 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://github.githubassets.com/assets/environment-f0adafbf.js
Requested by
Host: github.demo-corp.xyz
URL: https://github.demo-corp.xyz/login.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.199.109.154 , United States, ASN54113 (FASTLY, US),
Reverse DNS
cdn-185-199-109-154.github.com
Software
AmazonS3 /
Resource Hash
99e12150311ee1e37a1e9232b7ab35823904d2f455aa6ee49e0acfab3577f939
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://github.demo-corp.xyz/
Origin
https://github.demo-corp.xyz
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-fastly-request-id
6e6367baaf4fbb3845532f010a4fe14b44dfb204
date
Tue, 19 Oct 2021 16:31:32 GMT
content-encoding
gzip
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
age
2995639
x-cache
HIT, HIT
strict-transport-security
max-age=31536000
content-length
4122
via
1.1 varnish, 1.1 varnish
x-served-by
cache-dca17720-DCA, cache-fra19133-FRA
last-modified
Mon, 26 Oct 2020 15:36:26 GMT
server
AmazonS3
etag
"7fdb2ab21a067220674f6b1787a1b8fc"
access-control-max-age
3600
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
x-cache-hits
1, 1
chunk-frameworks-39ff961b.js
github.githubassets.com/assets/ 		78 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://github.githubassets.com/assets/chunk-frameworks-39ff961b.js
Requested by
Host: github.demo-corp.xyz
URL: https://github.demo-corp.xyz/login.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.199.109.154 , United States, ASN54113 (FASTLY, US),
Reverse DNS
cdn-185-199-109-154.github.com
Software
AmazonS3 /
Resource Hash
1917ce9ada6b1c1af74a15ae4618a84a7235cf8d6a0f6896b4335a3bd9c15bd5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://github.demo-corp.xyz/
Origin
https://github.demo-corp.xyz
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-fastly-request-id
c5507ec6b72105fc6675f804be752acfd20e6c58
date
Tue, 19 Oct 2021 16:31:32 GMT
content-encoding
gzip
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
age
2261981
x-cache
HIT, HIT
strict-transport-security
max-age=31536000
content-length
24873
via
1.1 varnish, 1.1 varnish
x-served-by
cache-dca17735-DCA, cache-fra19133-FRA
last-modified
Thu, 21 Jan 2021 12:06:26 GMT
server
AmazonS3
etag
"3e46c78446376aade4099967d261e5d0"
access-control-max-age
3600
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
x-cache-hits
112, 1
chunk-vendor-ec6bcae2.js
github.githubassets.com/assets/ 		146 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://github.githubassets.com/assets/chunk-vendor-ec6bcae2.js
Requested by
Host: github.demo-corp.xyz
URL: https://github.demo-corp.xyz/login.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.199.109.154 , United States, ASN54113 (FASTLY, US),
Reverse DNS
cdn-185-199-109-154.github.com
Software
AmazonS3 /
Resource Hash
10e672ac46f7a21c0af1daeff44a54b236d82c50441f3569272f3bada3fde5a1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://github.demo-corp.xyz/
Origin
https://github.demo-corp.xyz
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-fastly-request-id
0729f5c9010a85e72fbd275aa2ddd6756d808fc4
date
Tue, 19 Oct 2021 16:31:32 GMT
content-encoding
gzip
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
age
1062505
x-cache
HIT, HIT
strict-transport-security
max-age=31536000
content-length
40352
via
1.1 varnish, 1.1 varnish
x-served-by
cache-dca17775-DCA, cache-fra19133-FRA
last-modified
Mon, 25 Jan 2021 20:40:08 GMT
server
AmazonS3
etag
"1a628f315cdef63f63bfe3816078a472"
access-control-max-age
3600
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
x-cache-hits
1, 1
behaviors-2eb95b16.js
github.githubassets.com/assets/ 		194 KB
54 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://github.githubassets.com/assets/behaviors-2eb95b16.js
Requested by
Host: github.demo-corp.xyz
URL: https://github.demo-corp.xyz/login.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.199.109.154 , United States, ASN54113 (FASTLY, US),
Reverse DNS
cdn-185-199-109-154.github.com
Software
AmazonS3 /
Resource Hash
82982c33430663aa9ae3d636c5d66014e20671c12f48f8f292d1ae4bd27c77e2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://github.demo-corp.xyz/
Origin
https://github.demo-corp.xyz
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-fastly-request-id
0f3639ccb639bbdb7c924d3adde5d2e45531b30d
date
Tue, 19 Oct 2021 16:31:32 GMT
content-encoding
gzip
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
age
1075790
x-cache
HIT, HIT
strict-transport-security
max-age=31536000
content-length
55177
via
1.1 varnish, 1.1 varnish
x-served-by
cache-dca17753-DCA, cache-fra19133-FRA
last-modified
Wed, 27 Jan 2021 13:52:56 GMT
server
AmazonS3
etag
"b3778a1b7f4ff06f791393f6147e8b56"
access-control-max-age
3600
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
x-cache-hits
1, 1
unsupported-a85b1284.js
github.githubassets.com/assets/ 		685 B
503 B 		Script
General
Check archive.org
Download Go to
Full URL
https://github.githubassets.com/assets/unsupported-a85b1284.js
Requested by
Host: github.demo-corp.xyz
URL: https://github.demo-corp.xyz/login.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.199.109.154 , United States, ASN54113 (FASTLY, US),
Reverse DNS
cdn-185-199-109-154.github.com
Software
AmazonS3 /
Resource Hash
bfe4b3682322b25b2860679d1be3965b5d58daafd0976ab81a7ba3e8cae7af18
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://github.demo-corp.xyz/
Origin
https://github.demo-corp.xyz
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-fastly-request-id
c1f2abed4b0c022c5fd04b866fdc914d902e0c9c
date
Tue, 19 Oct 2021 16:31:32 GMT
content-encoding
gzip
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
age
1674840
x-cache
HIT, HIT
strict-transport-security
max-age=31536000
content-length
344
via
1.1 varnish, 1.1 varnish
x-served-by
cache-dca17771-DCA, cache-fra19133-FRA
last-modified
Mon, 26 Oct 2020 15:36:35 GMT
server
AmazonS3
etag
"3adaa43dd4b5c2721642f9839e8e1670"
access-control-max-age
3600
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
x-cache-hits
1, 1
settings-aef26cba.js
github.githubassets.com/assets/ 		50 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://github.githubassets.com/assets/settings-aef26cba.js
Requested by
Host: github.demo-corp.xyz
URL: https://github.demo-corp.xyz/login.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.199.109.154 , United States, ASN54113 (FASTLY, US),
Reverse DNS
cdn-185-199-109-154.github.com
Software
AmazonS3 /
Resource Hash
2f66e4c89c1133c75e48e95947be74429c8851c6c8b6c3c3a33e409ba2cc8b77
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://github.demo-corp.xyz/
Origin
https://github.demo-corp.xyz
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-fastly-request-id
40e4e1c9c37ae1e51429d9ef5ef9759e40143ba5
date
Tue, 19 Oct 2021 16:31:32 GMT
content-encoding
gzip
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
age
1070405
x-cache
MISS, HIT
strict-transport-security
max-age=31536000
content-length
12340
via
1.1 varnish, 1.1 varnish
x-served-by
cache-dca17750-DCA, cache-fra19133-FRA
last-modified
Mon, 25 Jan 2021 19:24:30 GMT
server
AmazonS3
etag
"91ae8d12dc4e823372ef1677accbbb50"
access-control-max-age
3600
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
x-cache-hits
0, 1
sessions-45084fea.js
github.githubassets.com/assets/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://github.githubassets.com/assets/sessions-45084fea.js
Requested by
Host: github.demo-corp.xyz
URL: https://github.demo-corp.xyz/login.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.199.109.154 , United States, ASN54113 (FASTLY, US),
Reverse DNS
cdn-185-199-109-154.github.com
Software
AmazonS3 /
Resource Hash
deeed5c7785098cf4c729fd930c8d7326d2f259516936a66a16fe0d5221d5540
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://github.demo-corp.xyz/
Origin
https://github.demo-corp.xyz
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-fastly-request-id
8c1c9dddfc1b53c15ed054ede507a924751c2b3a
date
Tue, 19 Oct 2021 16:31:32 GMT
content-encoding
gzip
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
age
1070405
x-cache
MISS, HIT
strict-transport-security
max-age=31536000
content-length
1320
via
1.1 varnish, 1.1 varnish
x-served-by
cache-dca17743-DCA, cache-fra19133-FRA
last-modified
Fri, 08 Jan 2021 16:50:21 GMT
server
AmazonS3
etag
"c33bfea5307c7eafd8d5a438826bdfda"
access-control-max-age
3600
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
x-cache-hits
0, 1
chunk-runner-groups-13e1fec0.js
github.githubassets.com/assets/ 		1 KB
860 B 		Script
General
Check archive.org
Download Go to
Full URL
https://github.githubassets.com/assets/chunk-runner-groups-13e1fec0.js
Requested by
Host: github.githubassets.com
URL: https://github.githubassets.com/assets/environment-f0adafbf.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.199.109.154 , United States, ASN54113 (FASTLY, US),
Reverse DNS
cdn-185-199-109-154.github.com
Software
AmazonS3 /
Resource Hash
a65724a736bdbc02fa8c7235aba7809997285ea7e85ea1511a6c41af0d91565b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://github.demo-corp.xyz/
Origin
https://github.demo-corp.xyz
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-fastly-request-id
47824d3abff8186431af54df0e9ec039d1e3f4dc
date
Tue, 19 Oct 2021 16:31:32 GMT
content-encoding
gzip
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
age
1356448
x-cache
HIT, HIT
strict-transport-security
max-age=31536000
content-length
681
via
1.1 varnish, 1.1 varnish
x-served-by
cache-dca17735-DCA, cache-fra19133-FRA
last-modified
Mon, 19 Oct 2020 16:17:43 GMT
server
AmazonS3
etag
"f52ea4a415bf75ad5f6d64c27bbf7d1b"
access-control-max-age
3600
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
x-cache-hits
1, 1
page_view
collector.githubapp.com/github/ 		35 B
656 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://collector.githubapp.com/github/page_view?dimensions[page]=https%3A%2F%2Fgithub.demo-corp.xyz%2Flogin.html&dimensions[title]=Sign%20in%20to%20GitHub%20%C2%B7%20GitHub&dimensions[referrer]=&dimensions[user_agent]=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F93.0.4577.63%20Safari%2F537.36&dimensions[screen_resolution]=1600x1200&dimensions[pixel_ratio]=1&dimensions[browser_resolution]=1600x1200&dimensions[tz_seconds]=0&dimensions[timestamp]=1634661092495&&dimensions[request_id]=1246%3A3087%3A6BE375%3A79E87D%3A601285A5&dimensions[visitor_id]=734835486816896391&dimensions[region_edge]=ap-southeast-1&dimensions[region_render]=iad&&measures[performance_timing]=1-319-319-628-609-609-445-425-319-319-319--628-0-319-0-319-422-421---&&&dimensions[cid]=1676800347.1634661092
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.209.144.115 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-209-144-115.compute-1.amazonaws.com
Software
GitHub.com /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=631138519, max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://github.demo-corp.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Tue, 19 Oct 2021 16:31:32 GMT
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
Connection
keep-alive
Content-Length
35
X-XSS-Protection
1; mode=block
X-Request-Id
aac98b81-7750-41b0-a32c-a8235456209a
X-Runtime
0.002555
Last-Modified
Tue, 19 Oct 2021 16:31:32 GMT
Server
GitHub.com
X-Frame-Options
DENY
X-Download-Options
noopen
Strict-Transport-Security
max-age=631138519, max-age=31536000
Content-Type
image/gif; charset=utf-8
Pragma
no-cache
Cache-Control
no-cache, no-store
Expires
Sat, 25 Nov 2000 05:00:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: GitHub (Online)

52 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect boolean| originAgentCluster object| System object| litHtmlVersions function| AutoCheckElement function| AutocompleteElement function| ClipboardCopyElement function| DetailsDialogElement function| DetailsMenuElement function| FileAttachmentElement function| FilterInputElement function| GEmojiElement function| IncludeFragmentElement function| ImageCropElement function| MarkdownHeaderButtonElement function| MarkdownBoldButtonElement function| MarkdownItalicButtonElement function| MarkdownQuoteButtonElement function| MarkdownCodeButtonElement function| MarkdownLinkButtonElement function| MarkdownImageButtonElement function| MarkdownUnorderedListButtonElement function| MarkdownOrderedListButtonElement function| MarkdownTaskListButtonElement function| MarkdownMentionButtonElement function| MarkdownRefButtonElement function| MarkdownToolbarElement function| RemoteInputElement function| TabContainerElement function| TaskListsElement function| TextExpanderElement function| LocalTimeElement function| RelativeTimeElement function| TimeAgoElement function| TimeUntilElement function| FuzzyListElement function| ActionsPolicyFormElement function| GitCloneHelpElement function| InViewportElement function| NotificationIndicatorElement function| NotificationsListSubscriptionFormElement function| PasswordStrengthElement function| PollIncludeFragmentElement function| PreciseTimeAgoElement function| SlashCommandExpanderElement object| _octo function| RemotePaginationElement function| ActionsPolicyPopoverElement function| RetentionFormElement function| AdvancedSecurityNewReposElement function| SelectedItemListElement function| ThemePickerElement

2 Cookies

Domain/Path Name / Value
.github.demo-corp.xyz/ Name: _octo
Value: GH1.1.1676800347.1634661092
.github.demo-corp.xyz/ Name: tz
Value: Etc%2FUnknown