www.safebrowse.io
Open in
urlscan Pro
2600:9000:2156:5600:2:bd35:ec40:93a1
Malicious Activity!
Public Scan
Effective URL: https://www.safebrowse.io/
Submission: On April 14 via manual from IN — Scanned from DE
Summary
TLS certificate: Issued by COMODO RSA Organization Validation Se... on May 28th 2020. Valid for: 2 years.
This is the only time www.safebrowse.io was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Xfinity (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 4 | 2600:9000:215... 2600:9000:2156:5600:2:bd35:ec40:93a1 | 16509 (AMAZON-02) (AMAZON-02) | |
1 1 | 2001:558:fe03... 2001:558:fe03:7d::2 | 7922 (COMCAST-7922) (COMCAST-7922) | |
1 | 2a02:26f0:170... 2a02:26f0:1700:593::30d4 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
4 | 2 |
ASN7922 (COMCAST-7922, US)
edge.static-assets.top.comcast.net |
ASN20940 (AKAMAI-ASN1, NL)
static.cimcontent.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
4 |
safebrowse.io
1 redirects
www.safebrowse.io — Cisco Umbrella Rank: 118054 |
10 KB |
1 |
cimcontent.net
static.cimcontent.net — Cisco Umbrella Rank: 22127 |
27 KB |
1 |
comcast.net
1 redirects
edge.static-assets.top.comcast.net — Cisco Umbrella Rank: 37034 |
457 B |
4 | 3 |
Domain | Requested by | |
---|---|---|
4 | www.safebrowse.io |
1 redirects
www.safebrowse.io
|
1 | static.cimcontent.net |
www.safebrowse.io
|
1 | edge.static-assets.top.comcast.net | 1 redirects |
4 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.safebrowse.io COMODO RSA Organization Validation Secure Server CA |
2020-05-28 - 2022-05-28 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.safebrowse.io/
Frame ID: 6363D9572DA9FCDF08CD57968106C5FE
Requests: 4 HTTP requests in this frame
Screenshot
Page Title
Potential Threat DetectedPage URL History Show full URLs
-
http://www.safebrowse.io/
HTTP 301
https://www.safebrowse.io/ Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://www.safebrowse.io/
HTTP 301
https://www.safebrowse.io/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 2- https://edge.static-assets.top.comcast.net/staticsites/fonts/latest/Xfinity_Standard/XfinityStandard-Light.woff2 HTTP 301
- https://static.cimcontent.net/staticsites/fonts/latest/Xfinity_Standard/XfinityStandard-Light.woff2
4 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
www.safebrowse.io/ Redirect Chain
|
2 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
theme-xdns-security.min.css
www.safebrowse.io/css/ |
2 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon_enhanced-security-no-threats.svg
www.safebrowse.io/img/ |
4 KB 4 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
XfinityStandard-Light.woff2
static.cimcontent.net/staticsites/fonts/latest/Xfinity_Standard/ Redirect Chain
|
27 KB 27 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Xfinity (Consumer)4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| structuredClone object| oncontextlost object| oncontextrestored function| getScreenDetails0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
edge.static-assets.top.comcast.net
static.cimcontent.net
www.safebrowse.io
2001:558:fe03:7d::2
2600:9000:2156:5600:2:bd35:ec40:93a1
2a02:26f0:1700:593::30d4
200db542016a7037a6911f83c9cd51916b0e1e4416fc553faa76ec35cf6c1f57
3d2e5e260d41e308cde1291873f9024ef20bd487b5d011f102e7c495ad321be4
fc6cd95261064c28600405c9c8dd51813abf8367e85b6e00f0f3031a8338988a
ff8d1b0a7ac6581fb3038b5bae8c777b75d991a262b7692112063c0fccfa4eae