www.jeffreycleveland.com Open in urlscan Pro
75.119.202.213 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.jeffreycleveland.com/cust.html
Submission: On November 28 via manual (November 28th 2022, 2:11:41 pm UTC) from US — Scanned from DE

Summary HTTP 12 Redirects Links 5 Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 4 domains to perform 12 HTTP transactions. The main IP is 75.119.202.213, located in United States and belongs to DREAMHOST-AS, US. The main domain is www.jeffreycleveland.com.
TLS certificate: Issued by R3 on November 26th 2022. Valid for: 3 months.

This is the only time www.jeffreycleveland.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Credit Agricole (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1	75.119.202.213 75.119.202.213	26347 (DREAMHOST-AS) (DREAMHOST-AS)
6	2a00:1450:400... 2a00:1450:4001:810::200a	15169 (GOOGLE) (GOOGLE)
1	65.9.66.92 65.9.66.92	16509 (AMAZON-02) (AMAZON-02)
4	13.224.189.85 13.224.189.85	16509 (AMAZON-02) (AMAZON-02)
12	4

1 75.119.202.213 (United States)

ASN26347 (DREAMHOST-AS, US)
PTR: apache2-argon.luckylabrador.dreamhost.com

www.jeffreycleveland.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:810::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.66.92 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-66-92.fra56.r.cloudfront.net

d15k2d11r6t6rl.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 13.224.189.85 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-189-85.fra2.r.cloudfront.net

app-rsrc.getbee.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 107	3 KB
4	getbee.io app-rsrc.getbee.io — Cisco Umbrella Rank: 15328	12 KB
1	cloudfront.net d15k2d11r6t6rl.cloudfront.net	14 KB
1	jeffreycleveland.com www.jeffreycleveland.com	3 KB
12	4

	Domain	Requested by
6	fonts.googleapis.com	www.jeffreycleveland.com
4	app-rsrc.getbee.io	www.jeffreycleveland.com
1	d15k2d11r6t6rl.cloudfront.net	www.jeffreycleveland.com
1	www.jeffreycleveland.com
12	4

This site contains links to these domains. Also see Links.

Domain
admiring-driscoll.54-39-209-232.plesk.page
fr-fr.facebook.com
twitter.com
www.instagram.com
www.youtube.com

Subject Issuer	Validity	Valid
www.jeffreycleveland.com R3	`2022-11-26` - `2023-02-24`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
*.cloudfront.net Amazon	`2022-02-01` - `2023-01-31`	a year	crt.sh
*.getbee.io Amazon	`2022-03-05` - `2023-04-02`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://www.jeffreycleveland.com/cust.html
Frame ID: E22AFC7B98BDEDB4986ED1196B1635AA
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Page Statistics

12
Requests

100 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

32 kB
Transfer

45 kB
Size

0
Cookies

5 Outgoing links

These are links going to different origins than the main page.

URL: https://admiring-driscoll.54-39-209-232.plesk.page/original
Title: ACTIVATION

Search URL Search Domain Scan URL

URL: https://fr-fr.facebook.com/CreditAgricole/

Search URL Search Domain Scan URL

URL: https://twitter.com/creditagricole

Search URL Search Domain Scan URL

URL: https://www.instagram.com/creditagricole/?hl=fr

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCwK3SPhGD6EmPeROug6f8bQ

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request cust.html Show response
www.jeffreycleveland.com/ 14 KB
3 KB 896ms
212ms Document
text/html 75.119.202.213
DREAMHOST-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.jeffreycleveland.com/cust.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 75.119.202.213 , United States, ASN26347 (DREAMHOST-AS, US),
Reverse DNS: apache2-argon.luckylabrador.dreamhost.com
Software: Apache /
Resource Hash: f28779736e27bb448913ebaefef453998e7bd3a37faa14bfeef2fa77e01bae81

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=600
content-encoding: gzip
content-length: 2906
content-type: text/html
date: Mon, 28 Nov 2022 14:11:36 GMT
etag: "36ff-5ee4b5bbfe038-gzip"
expires: Mon, 28 Nov 2022 14:21:36 GMT
last-modified: Fri, 25 Nov 2022 13:18:32 GMT
server: Apache
vary: Accept-Encoding,User-Agent

GET
H2 200 css
fonts.googleapis.com/ 722 B
446 B 88ms
36ms Stylesheet
text/css 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Abril+Fatface

Requested by

Host: www.jeffreycleveland.com
URL: https://www.jeffreycleveland.com/cust.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ff0b683f20f821e1329f3dedccffeae3a259c9b41701e73a8073a3134bccdccd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.jeffreycleveland.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 28 Nov 2022 14:11:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 28 Nov 2022 13:56:55 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 28 Nov 2022 14:11:36 GMT

GET
H2 200 css
fonts.googleapis.com/ 2 KB
631 B 89ms
37ms Stylesheet
text/css 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Alegreya

Requested by

Host: www.jeffreycleveland.com
URL: https://www.jeffreycleveland.com/cust.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

aec710c6ba4d907b044d7c7c10d623c9e74d5e5ab3c4c6dc0c37965b360236b8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.jeffreycleveland.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 28 Nov 2022 14:11:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 28 Nov 2022 13:57:04 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 28 Nov 2022 14:11:36 GMT

GET
H2 200 css
fonts.googleapis.com/ 356 B
791 B 83ms
31ms Stylesheet
text/css 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Arvo

Requested by

Host: www.jeffreycleveland.com
URL: https://www.jeffreycleveland.com/cust.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

b3974d529dfe79cc7959c1d293d84fe4d633f1415d60c9c9ff15cbb996fc464b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.jeffreycleveland.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 28 Nov 2022 14:11:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 28 Nov 2022 13:21:56 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 28 Nov 2022 14:11:36 GMT

GET
H2 200 css
fonts.googleapis.com/ 2 KB
595 B 87ms
35ms Stylesheet
text/css 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Bitter

Requested by

Host: www.jeffreycleveland.com
URL: https://www.jeffreycleveland.com/cust.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

731b7179500596455906cca88663e99ccd87c340ebb2c14f170294898a9fc13d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.jeffreycleveland.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 28 Nov 2022 14:11:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 28 Nov 2022 12:40:14 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 28 Nov 2022 14:11:36 GMT

GET
H2 200 css
fonts.googleapis.com/ 1 KB
528 B 86ms
34ms Stylesheet
text/css 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Cabin

Requested by

Host: www.jeffreycleveland.com
URL: https://www.jeffreycleveland.com/cust.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

1d2966af8e4fdee00173b233f2d437710427471eeee2483820c6a5044fc2711b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.jeffreycleveland.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 28 Nov 2022 14:11:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 28 Nov 2022 12:49:48 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 28 Nov 2022 14:11:36 GMT

GET
H2 200 css
fonts.googleapis.com/ 2 KB
554 B 91ms
39ms Stylesheet
text/css 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Ubuntu

Requested by

Host: www.jeffreycleveland.com
URL: https://www.jeffreycleveland.com/cust.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

89dc85aa13da8847f7a4243eb8ab841b40e936ea5cc810a1b174d1507e5a7524

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.jeffreycleveland.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 28 Nov 2022 14:11:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 28 Nov 2022 13:03:11 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 28 Nov 2022 14:11:36 GMT

GET
H2 200 credit-agricole-vector-logo-2022.png
d15k2d11r6t6rl.cloudfront.net/public/users/Integrators/BeeProAgency/892694_876947/ 13 KB
14 KB 90ms
29ms Image
image/png 65.9.66.92
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d15k2d11r6t6rl.cloudfront.net/public/users/Integrators/BeeProAgency/892694_876947/credit-agricole-vector-logo-2022.png
Requested by: Host: www.jeffreycleveland.com
URL: https://www.jeffreycleveland.com/cust.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.92 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-92.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 1ba76faa5d4ebb3164eec30f91400d455c0fa552fdfdcab5a7ec4f90b19827f0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.jeffreycleveland.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 13:10:04 GMT
via: 1.1 36d9e1bd4f00d39c57a56679dc44e264.cloudfront.net (CloudFront)
last-modified: Fri, 11 Nov 2022 09:04:04 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 3693
etag: "c74699fee3ce3b279f588cf984a96499"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/png
accept-ranges: bytes
content-length: 13612
x-amz-cf-id: vONT1WQmXVtChvCp9XdtEdZI7m-4dZIhniHkU0vCiqlZ_WmftnfzZQ==

GET
H2 200 facebook@2x.png
app-rsrc.getbee.io/public/resources/social-networks-icon-sets/t-outline-circle-default-gray/ 2 KB
2 KB 83ms
21ms Image
image/png 13.224.189.85
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://app-rsrc.getbee.io/public/resources/social-networks-icon-sets/t-outline-circle-default-gray/facebook@2x.png
Requested by: Host: www.jeffreycleveland.com
URL: https://www.jeffreycleveland.com/cust.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.85 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-85.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d2bb3bb3add67a8bd43259e1ef13b72f6adf3c1abc8b66fd92e77a106f12c420

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.jeffreycleveland.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 00:27:42 GMT
via: 1.1 41f60102fc29156bc5001d6646f75c02.cloudfront.net (CloudFront)
last-modified: Wed, 03 Feb 2021 07:41:29 GMT
server: AmazonS3
x-amz-cf-pop: FRA2-C1
age: 49440
etag: "e4c2d3fdf4bf6589b58a4d6aaaaa2280"
vary: Accept-Encoding, Origin
x-cache: Hit from cloudfront
content-type: image/png
accept-ranges: bytes
content-length: 2152
x-amz-cf-id: NmmF_hnuKqdWZqLcKyh9mcqcdUHOqFj1uxwuHsZTLZoI7ln70Ak97g==

GET
H2 200 twitter@2x.png
app-rsrc.getbee.io/public/resources/social-networks-icon-sets/t-outline-circle-default-gray/ 3 KB
3 KB 83ms
22ms Image
image/png 13.224.189.85
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://app-rsrc.getbee.io/public/resources/social-networks-icon-sets/t-outline-circle-default-gray/twitter@2x.png
Requested by: Host: www.jeffreycleveland.com
URL: https://www.jeffreycleveland.com/cust.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.85 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-85.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: aa0c3fca044d8fdcb10fe44f8fd4289559b67f5284c7bde74d6391d8e8f6a737

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.jeffreycleveland.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 00:23:18 GMT
via: 1.1 41f60102fc29156bc5001d6646f75c02.cloudfront.net (CloudFront)
last-modified: Mon, 28 Jan 2019 10:17:52 GMT
server: AmazonS3
x-amz-cf-pop: FRA2-C1
age: 49747
etag: "76439f26880a25fa019f0229b3cc09d1"
vary: Accept-Encoding, Origin
x-cache: Hit from cloudfront
content-type: image/png
accept-ranges: bytes
content-length: 2673
x-amz-cf-id: NZxmyZQKWecwW_-TUtd6HBC25GM7iDTrA3zfYdjgbJ6OIb9N-0-ZcA==
x-amz-meta-s3b-last-modified: 20180109T142509Z

GET
H2 200 instagram@2x.png
app-rsrc.getbee.io/public/resources/social-networks-icon-sets/t-outline-circle-default-gray/ 3 KB
4 KB 83ms
22ms Image
image/png 13.224.189.85
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://app-rsrc.getbee.io/public/resources/social-networks-icon-sets/t-outline-circle-default-gray/instagram@2x.png
Requested by: Host: www.jeffreycleveland.com
URL: https://www.jeffreycleveland.com/cust.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.85 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-85.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 801e6c236eee8e30d71a3d846e6a1bb673f6147061d93d2c77fa6db768289f2f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.jeffreycleveland.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 03:44:21 GMT
via: 1.1 41f60102fc29156bc5001d6646f75c02.cloudfront.net (CloudFront)
last-modified: Mon, 28 Jan 2019 10:17:49 GMT
server: AmazonS3
x-amz-cf-pop: FRA2-C1
age: 37693
etag: "2e843664d34581e5cc2257e8c00fc5b9"
vary: Accept-Encoding, Origin
x-cache: Hit from cloudfront
content-type: image/png
accept-ranges: bytes
content-length: 3454
x-amz-cf-id: oeVifTVuRIGz_dwIY5IOZ90Ju9V9RDzX-W4PIJUoDz806hpY26NndQ==
x-amz-meta-s3b-last-modified: 20180109T142509Z

GET
H2 200 youtube@2x.png
app-rsrc.getbee.io/public/resources/social-networks-icon-sets/t-outline-circle-default-gray/ 2 KB
3 KB 82ms
23ms Image
image/png 13.224.189.85
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://app-rsrc.getbee.io/public/resources/social-networks-icon-sets/t-outline-circle-default-gray/youtube@2x.png
Requested by: Host: www.jeffreycleveland.com
URL: https://www.jeffreycleveland.com/cust.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.85 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-85.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 1bf18208572a399bfd13c097e683762d0201b3809ce4d9288e6e3070d8aecfc0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.jeffreycleveland.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 00:21:25 GMT
via: 1.1 41f60102fc29156bc5001d6646f75c02.cloudfront.net (CloudFront)
last-modified: Mon, 28 Jan 2019 10:17:53 GMT
server: AmazonS3
x-amz-cf-pop: FRA2-C1
age: 49824
etag: "ed0c29e796629e605d94db59f40f7c9c"
vary: Accept-Encoding, Origin
x-cache: Hit from cloudfront
content-type: image/png
accept-ranges: bytes
content-length: 2508
x-amz-cf-id: SpA8zxRxpGRcU6tLieij94AQp-0P4ZEsMdr-ioAasQoZ8rB2-KgdNg==
x-amz-meta-s3b-last-modified: 20180109T142509Z

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Credit Agricole (Banking)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

app-rsrc.getbee.io
d15k2d11r6t6rl.cloudfront.net
fonts.googleapis.com
www.jeffreycleveland.com
13.224.189.85
2a00:1450:4001:810::200a
65.9.66.92
75.119.202.213
1ba76faa5d4ebb3164eec30f91400d455c0fa552fdfdcab5a7ec4f90b19827f0
1bf18208572a399bfd13c097e683762d0201b3809ce4d9288e6e3070d8aecfc0
1d2966af8e4fdee00173b233f2d437710427471eeee2483820c6a5044fc2711b
731b7179500596455906cca88663e99ccd87c340ebb2c14f170294898a9fc13d
801e6c236eee8e30d71a3d846e6a1bb673f6147061d93d2c77fa6db768289f2f
89dc85aa13da8847f7a4243eb8ab841b40e936ea5cc810a1b174d1507e5a7524
aa0c3fca044d8fdcb10fe44f8fd4289559b67f5284c7bde74d6391d8e8f6a737
aec710c6ba4d907b044d7c7c10d623c9e74d5e5ab3c4c6dc0c37965b360236b8
b3974d529dfe79cc7959c1d293d84fe4d633f1415d60c9c9ff15cbb996fc464b
d2bb3bb3add67a8bd43259e1ef13b72f6adf3c1abc8b66fd92e77a106f12c420
f28779736e27bb448913ebaefef453998e7bd3a37faa14bfeef2fa77e01bae81
ff0b683f20f821e1329f3dedccffeae3a259c9b41701e73a8073a3134bccdccd

www.jeffreycleveland.com Open in urlscan Pro 75.119.202.213 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

12 Requests

100 %HTTPS

25 %IPv6

4 Domains

4 Subdomains

4 IPs

2 Countries

32 kBTransfer

45 kBSize

0 Cookies

5 Outgoing links

Redirected requests

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

0 Cookies

Indicators

www.jeffreycleveland.com Open in urlscan Pro
75.119.202.213 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

12
Requests

100 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

32 kB
Transfer

45 kB
Size

0
Cookies

12 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!