jeffersonfront.github.io Open in urlscan Pro
2606:50c0:8001::153 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://jeffersonfront.github.io/csb-m790td/
Submission: On February 27 via api (February 27th 2023, 7:42:22 am UTC) from US — Scanned from US

Summary HTTP 9 Redirects Behaviour Indicators

Summary

This website contacted 7 IPs in 1 countries across 7 domains to perform 9 HTTP transactions. The main IP is 2606:50c0:8001::153, located in United States and belongs to FASTLY, US. The main domain is jeffersonfront.github.io.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on April 7th 2022. Valid for: a year.

This is the only time jeffersonfront.github.io was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Netflix (Online)

Domain & IP information

	IP Address	AS Autonomous System
3	2606:50c0:800... 2606:50c0:8001::153	54113 (FASTLY) (FASTLY)
1	2607:f8b0:400... 2607:f8b0:400d:c0d::5f	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6811:190e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:303... 2606:4700:3030::6815:29c8	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	23.33.44.137 23.33.44.137	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2607:f8b0:400... 2607:f8b0:4006:817::2003	15169 (GOOGLE) (GOOGLE)
1	104.196.232.237 104.196.232.237	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
9	7

3 2606:50c0:8001::153 (United States)

ASN54113 (FASTLY, US)

jeffersonfront.github.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:400d:c0d::5f (Morganton, United States)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3030::6815:29c8 (United States)

ASN13335 (CLOUDFLARENET, US)

pipocasclub.com.br	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.33.44.137 (Piscataway, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-33-44-137.deploy.static.akamaitechnologies.com

p16-sign.tiktokcdn-us.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:817::2003 (Nutley, United States)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.196.232.237 (The Dalles, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 237.232.196.104.bc.googleusercontent.com

flash.quickstaart.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	github.io jeffersonfront.github.io	3 KB
1	quickstaart.com flash.quickstaart.com	499 B
1	gstatic.com fonts.gstatic.com	8 KB
1	tiktokcdn-us.com p16-sign.tiktokcdn-us.com — Cisco Umbrella Rank: 1250
1	pipocasclub.com.br pipocasclub.com.br	207 KB
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 195	5 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 36	849 B
9	7

	Domain	Requested by
3	jeffersonfront.github.io	jeffersonfront.github.io
1	flash.quickstaart.com	jeffersonfront.github.io
1	fonts.gstatic.com	fonts.googleapis.com
1	p16-sign.tiktokcdn-us.com	jeffersonfront.github.io
1	pipocasclub.com.br	jeffersonfront.github.io
1	cdnjs.cloudflare.com	jeffersonfront.github.io
1	fonts.googleapis.com	jeffersonfront.github.io
9	7

This site contains no links.

Subject Issuer	Validity	Valid
*.github.com DigiCert TLS RSA SHA256 2020 CA1	`2022-04-07` - `2023-04-07`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-02-08` - `2023-05-03`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-08-03` - `2023-08-02`	a year	crt.sh
*.tiktokcdn-us.com RapidSSL Global TLS RSA4096 SHA256 2022 CA1	`2022-08-22` - `2023-09-22`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2023-02-08` - `2023-05-03`	3 months	crt.sh
flash.quickstaart.com R3	`2023-01-10` - `2023-04-10`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://jeffersonfront.github.io/csb-m790td/
Frame ID: 16ED0FF8F73480D3BF491F1AF53A9FD9
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

O Início de um Sonho

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

animate.css (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link [^>]+(?:/([\d.]+)/)?animate\.(?:min\.)?css

GitHub Pages (CDN) Expand

Overall confidence: 100%
Detected patterns

^https?://[^/]+\.github\.io

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Page Statistics

9
Requests

100 %
HTTPS

71 %
IPv6

7
Domains

7
Subdomains

7
IPs

1
Countries

224 kB
Transfer

290 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
jeffersonfront.github.io/csb-m790td/ 2 KB
1 KB 94ms
34ms Document
text/html 2606:50c0:8001::153
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://jeffersonfront.github.io/csb-m790td/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:50c0:8001::153 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

GitHub.com /

Resource Hash

7142bc966925fa2dbd6c2fdbf5f97677b65259245ffba60e1e588513b688add4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556952

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 0
cache-control: max-age=600
content-encoding: gzip
content-length: 805
content-type: text/html; charset=utf-8
date: Mon, 27 Feb 2023 07:42:14 GMT
etag: W/"63f7b062-73d"
expires: Mon, 27 Feb 2023 07:52:14 GMT
last-modified: Thu, 23 Feb 2023 18:28:50 GMT
permissions-policy: interest-cohort=()
server: GitHub.com
strict-transport-security: max-age=31556952
vary: Accept-Encoding
via: 1.1 varnish
x-cache: MISS
x-cache-hits: 0
x-fastly-request-id: a29cd5cba3849ff9ade93cdc9470c143d8dae3d5
x-github-request-id: 563A:478A:1A4CE09:2402BD9:63FC5ED6
x-proxy-cache: MISS
x-served-by: cache-nyc-kteb1890057-NYC
x-timer: S1677483734.254843,VS0,VE14

GET
H2 200 css2
fonts.googleapis.com/ 1 KB
849 B 108ms
36ms Stylesheet
text/css 2607:f8b0:400d:c0d::5f
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Poppins:wght@700&display=swap

Requested by

Host: jeffersonfront.github.io
URL: https://jeffersonfront.github.io/csb-m790td/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400d:c0d::5f Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

d170a2f2203628c3d176defebdafabb71fff8f192d16f4d13a8f57f30fd2774a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://jeffersonfront.github.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 27 Feb 2023 07:42:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 27 Feb 2023 06:41:48 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 27 Feb 2023 07:42:14 GMT

GET
H2 200 style.css
jeffersonfront.github.io/csb-m790td/css/ 2 KB
924 B 36ms
35ms Stylesheet
text/css 2606:50c0:8001::153
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://jeffersonfront.github.io/csb-m790td/css/style.css

Requested by

Host: jeffersonfront.github.io
URL: https://jeffersonfront.github.io/csb-m790td/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:50c0:8001::153 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

GitHub.com /

Resource Hash

075faf8b0c2add3c51b2579939ea24ac842dfa18490c0f7c01cdafcdaf277090

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556952

Request headers

accept-language: en-US,en;q=0.9
Referer: https://jeffersonfront.github.io/csb-m790td/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

x-fastly-request-id: b90b7bfa8cc5402b6c6525126c10e3cfdca251d1
strict-transport-security: max-age=31556952
content-encoding: gzip
via: 1.1 varnish
date: Mon, 27 Feb 2023 07:42:14 GMT
age: 0
x-cache: MISS
x-cache-hits: 0
x-proxy-cache: MISS
content-length: 763
x-served-by: cache-nyc-kteb1890057-NYC
last-modified: Thu, 23 Feb 2023 18:28:50 GMT
server: GitHub.com
x-github-request-id: 62F4:158C:18EB22D:229F4A6:63FC5ED6
x-timer: S1677483734.305659,VS0,VE14
etag: W/"63f7b062-7a2"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=600
permissions-policy: interest-cohort=()
accept-ranges: bytes
expires: Mon, 27 Feb 2023 07:52:14 GMT

GET
H2 200 animate.min.css
cdnjs.cloudflare.com/ajax/libs/animate.css/4.1.1/ 70 KB
5 KB 54ms
23ms Stylesheet
text/css 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/animate.css/4.1.1/animate.min.css

Requested by

Host: jeffersonfront.github.io
URL: https://jeffersonfront.github.io/csb-m790td/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5fbaeb9f8e25d7e0143bae61d4b1802c16ce7390b96ceb2d498b0d96ff4c853f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://jeffersonfront.github.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Mon, 27 Feb 2023 07:42:14 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 2015389
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4216
last-modified: Mon, 07 Sep 2020 12:33:38 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5f5628a2-11846"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9McJi2LOVMo0OMRTgaGhKY91bZfPcDqpjzPfmhhTTN%2FYQnQTKXhnqcBXme0HwwjqxoAS9Kq6PMU6vLgJw145iJi5SrXdQ36RVLliD73S9tbz2NCjoSMobADrqOrXXttbx4k5%2B5c8Gjt9yCOhZiWVa8pg"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 79ff485b9dced163-BUF
expires: Sat, 17 Feb 2024 07:42:14 GMT

GET
H2 200 fun%C3%A7%C3%B5es.js Show response
jeffersonfront.github.io/csb-m790td/Javascript/ 1011 B
672 B 34ms
33ms Script
application/javascript 2606:50c0:8001::153
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://jeffersonfront.github.io/csb-m790td/Javascript/fun%C3%A7%C3%B5es.js

Requested by

Host: jeffersonfront.github.io
URL: https://jeffersonfront.github.io/csb-m790td/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:50c0:8001::153 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

GitHub.com /

Resource Hash

37ea29ce2a6838b14d96ad29fec3111f72e267278f35fedc858154c9972b21ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556952

Request headers

accept-language: en-US,en;q=0.9
Referer: https://jeffersonfront.github.io/csb-m790td/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

x-fastly-request-id: 4d5e8896d28ece8766699c9541eef1614758cb89
strict-transport-security: max-age=31556952
content-encoding: gzip
via: 1.1 varnish
date: Mon, 27 Feb 2023 07:42:14 GMT
age: 0
x-cache: MISS
x-cache-hits: 0
x-proxy-cache: MISS
content-length: 501
x-served-by: cache-nyc-kteb1890057-NYC
last-modified: Thu, 23 Feb 2023 18:28:50 GMT
server: GitHub.com
x-github-request-id: 8074:7BCB:18F7B4D:22AC64D:63FC5ED6
x-timer: S1677483734.306116,VS0,VE13
etag: W/"63f7b062-3f3"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=600
permissions-policy: interest-cohort=()
accept-ranges: bytes
expires: Mon, 27 Feb 2023 07:52:14 GMT

GET
H2 200 netflix-3.jpg
pipocasclub.com.br/wp-content/uploads/2019/10/ 206 KB
207 KB 366ms
159ms Image
image/jpeg 2606:4700:3030::6815:29c8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pipocasclub.com.br/wp-content/uploads/2019/10/netflix-3.jpg

Requested by

Host: jeffersonfront.github.io
URL: https://jeffersonfront.github.io/csb-m790td/css/style.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3030::6815:29c8 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

92e769c503cd6e9cd597057e3e97233ffc72030b9c406e2232fff22659b05a8e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://jeffersonfront.github.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Mon, 27 Feb 2023 07:42:14 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-cache: HIT from Backend
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Wed, 30 Oct 2019 19:27:33 GMT
server: cloudflare
etag: W/"5db9e425-3390c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DOa3VWjMpMCdgDa0CnSyHRmCW7nCc%2BgKk6GxOh3Zw7%2BHZsCiW7p0GG8Bv2MWNLC%2F%2FacAZnAJO5%2BOC4ybBGTNC43DHIZ%2FadqDIgkuvGRx7CUTFvoV9%2BJ%2BxKhNlHL4WaAFjlajmgWJzW3EMb%2BSxG2UZHk%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=315360000
cf-ray: 79ff485d6d6a184d-EWR
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 403 84428eae99c40b78a6d7dccd6805fc76~c5_720x720.jpeg
p16-sign.tiktokcdn-us.com/tos-useast5-avt-0068-tx/ 0
0 123ms
22ms Image
text/html 23.33.44.137
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p16-sign.tiktokcdn-us.com/tos-useast5-avt-0068-tx/84428eae99c40b78a6d7dccd6805fc76~c5_720x720.jpeg?x-expires=1659153600&x-signature=NmzstdR5v0cskEIDAtR%2F%2FPFkAAA%3D
Requested by: Host: jeffersonfront.github.io
URL: https://jeffersonfront.github.io/csb-m790td/css/style.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.33.44.137 Piscataway, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-33-44-137.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://jeffersonfront.github.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

GET
H2 200 pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/ 8 KB
8 KB 81ms
21ms Font
font/woff2 2607:f8b0:4006:817::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Poppins:wght@700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:817::2003 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://jeffersonfront.github.io
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 21:24:01 GMT
x-content-type-options: nosniff
age: 296293
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7816
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:11:40 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 23 Feb 2024 21:24:01 GMT

GET
H2 200 random Show response
flash.quickstaart.com/ 267 B
499 B 1090ms
846ms Fetch
application/json 104.196.232.237
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://flash.quickstaart.com/random
Requested by: Host: jeffersonfront.github.io
URL: https://jeffersonfront.github.io/csb-m790td/Javascript/fun%C3%A7%C3%B5es.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.196.232.237 The Dalles, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 237.232.196.104.bc.googleusercontent.com
Software: railway / Express
Resource Hash: 6a13d8976ae1ef5a75361174cd7f86d99303799d8e8270e8a59446d391a388aa

Request headers

accept-language: en-US,en;q=0.9
Referer: https://jeffersonfront.github.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Mon, 27 Feb 2023 07:42:15 GMT
server: railway
x-powered-by: Express
etag: W/"10b-GVYpS/qky6FOkw65oy6p4a+ONdU"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-envoy-upstream-service-time: 771
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
content-length: 267

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Netflix (Online)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless function| revelarResposta function| proximaPergunta function| buscarInformaçao

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	Message: Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'interest-cohort'.
network	error	URL: https://p16-sign.tiktokcdn-us.com/tos-useast5-avt-0068-tx/84428eae99c40b78a6d7dccd6805fc76~c5_720x720.jpeg?x-expires=1659153600&x-signature=NmzstdR5v0cskEIDAtR%2F%2FPFkAAA%3D Message: Failed to load resource: the server responded with a status of 403 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31556952

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdnjs.cloudflare.com
flash.quickstaart.com
fonts.googleapis.com
fonts.gstatic.com
jeffersonfront.github.io
p16-sign.tiktokcdn-us.com
pipocasclub.com.br
104.196.232.237
23.33.44.137
2606:4700:3030::6815:29c8
2606:4700::6811:190e
2606:50c0:8001::153
2607:f8b0:4006:817::2003
2607:f8b0:400d:c0d::5f
075faf8b0c2add3c51b2579939ea24ac842dfa18490c0f7c01cdafcdaf277090
37ea29ce2a6838b14d96ad29fec3111f72e267278f35fedc858154c9972b21ba
5fbaeb9f8e25d7e0143bae61d4b1802c16ce7390b96ceb2d498b0d96ff4c853f
6a13d8976ae1ef5a75361174cd7f86d99303799d8e8270e8a59446d391a388aa
7142bc966925fa2dbd6c2fdbf5f97677b65259245ffba60e1e588513b688add4
92e769c503cd6e9cd597057e3e97233ffc72030b9c406e2232fff22659b05a8e
9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526
d170a2f2203628c3d176defebdafabb71fff8f192d16f4d13a8f57f30fd2774a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

jeffersonfront.github.io Open in urlscan Pro 2606:50c0:8001::153 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

9 Requests

100 %HTTPS

71 %IPv6

7 Domains

7 Subdomains

7 IPs

1 Countries

224 kBTransfer

290 kBSize

0 Cookies

0 Outgoing links

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

0 Cookies

2 Console Messages

Security Headers

Indicators

jeffersonfront.github.io Open in urlscan Pro
2606:50c0:8001::153 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

100 %
HTTPS

71 %
IPv6

7
Domains

7
Subdomains

7
IPs

1
Countries

224 kB
Transfer

290 kB
Size

0
Cookies

9 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!