www.safebrowse.io - urlscan.io

Summary

This website contacted 2 IPs in 2 countries across 3 domains to perform 4 HTTP transactions. The main IP is 2600:9000:2156:5600:2:bd35:ec40:93a1, located in United States and belongs to AMAZON-02, US. The main domain is www.safebrowse.io. The Cisco Umbrella rank of the primary domain is 118054.
TLS certificate: Issued by COMODO RSA Organization Validation Se... on May 28th 2020. Valid for: 2 years.

This is the only time www.safebrowse.io was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Xfinity (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
1 4	2600:9000:215... 2600:9000:2156:5600:2:bd35:ec40:93a1	16509 (AMAZON-02) (AMAZON-02)
1 1	2001:558:fe03... 2001:558:fe03:7d::2	7922 (COMCAST-7922) (COMCAST-7922)
1	2a02:26f0:170... 2a02:26f0:1700:593::30d4	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4	2

4 2600:9000:2156:5600:2:bd35:ec40:93a1 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

www.safebrowse.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:558:fe03:7d::2 (Bothell, United States) 1 redirects

ASN7922 (COMCAST-7922, US)

edge.static-assets.top.comcast.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:1700:593::30d4 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

static.cimcontent.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	safebrowse.io 1 redirects www.safebrowse.io — Cisco Umbrella Rank: 118054	10 KB
1	cimcontent.net static.cimcontent.net — Cisco Umbrella Rank: 22127	27 KB
1	comcast.net 1 redirects edge.static-assets.top.comcast.net — Cisco Umbrella Rank: 37034	457 B
4	3

	Domain	Requested by
4	www.safebrowse.io	1 redirects www.safebrowse.io
1	static.cimcontent.net	www.safebrowse.io
1	edge.static-assets.top.comcast.net	1 redirects
4	3

This site contains no links.

Subject Issuer	Validity	Valid
*.safebrowse.io COMODO RSA Organization Validation Secure Server CA	`2020-05-28` - `2022-05-28`	2 years	crt.sh

This page contains 1 frames:

Primary Page: https://www.safebrowse.io/
Frame ID: 6363D9572DA9FCDF08CD57968106C5FE
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Potential Threat Detected

Page URL History Show full URLs

http://www.safebrowse.io/ HTTP 301
https://www.safebrowse.io/ Page URL

Page Statistics

4
Requests

75 %
HTTPS

100 %
IPv6

3
Domains

3
Subdomains

2
IPs

2
Countries

37 kB
Transfer

35 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.safebrowse.io/ HTTP 301
https://www.safebrowse.io/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 2

https://edge.static-assets.top.comcast.net/staticsites/fonts/latest/Xfinity_Standard/XfinityStandard-Light.woff2 HTTP 301
https://static.cimcontent.net/staticsites/fonts/latest/Xfinity_Standard/XfinityStandard-Light.woff2

4 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response www.safebrowse.io/ Redirect Chain http://www.safebrowse.io/ https://www.safebrowse.io/	2 KB 3 KB	35ms 10ms	Document text/html	2600:9000:2156:5600:2:bd35:ec40:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.safebrowse.io/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:5600:2:bd35:ec40:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash `3d2e5e260d41e308cde1291873f9024ef20bd487b5d011f102e7c495ad321be4` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers accept-ranges bytes age 21436 content-length 2423 content-type text/html date Thu, 14 Apr 2022 09:07:51 GMT etag "ffefb34afb77ac67efe53254573d55f4" last-modified Thu, 07 Oct 2021 10:07:39 GMT server AmazonS3 via 1.1 9eb0e845437929074828e0cf53f179ae.cloudfront.net (CloudFront) x-amz-cf-id k2Juv_92aFDqJA-abRoVsjDOSMTXwzcvqoligCd3vMXRw5k7YhAlzg== x-amz-cf-pop FRA50-C1 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront Redirect headers Connection keep-alive Content-Length 183 Content-Type text/html Date Thu, 14 Apr 2022 15:05:06 GMT Location https://www.safebrowse.io/ Server CloudFront Via 1.1 9ab847fabb8c9edbd39cff57c2a2f4c0.cloudfront.net (CloudFront) X-Amz-Cf-Id G_MCNHH-G9Gp_iwAIP7vCjSD_75pYnpN0uk0MAKlSoEZzv8UInzQfQ== X-Amz-Cf-Pop FRA50-C1 X-Cache Redirect from cloudfront
GET H2	200	theme-xdns-security.min.css www.safebrowse.io/css/	2 KB 3 KB	8ms 7ms	Stylesheet text/css	2600:9000:2156:5600:2:bd35:ec40:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.safebrowse.io/css/theme-xdns-security.min.css Requested by Host: www.safebrowse.io URL: https://www.safebrowse.io/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:5600:2:bd35:ec40:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash `ff8d1b0a7ac6581fb3038b5bae8c777b75d991a262b7692112063c0fccfa4eae` Request headers accept-language de-DE,de;q=0.9 Referer https://www.safebrowse.io/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Response headers date Thu, 14 Apr 2022 05:23:33 GMT via 1.1 9eb0e845437929074828e0cf53f179ae.cloudfront.net (CloudFront) etag "ea8ec468b2faf4cb98701435443b0484" last-modified Thu, 07 Oct 2021 10:07:51 GMT server AmazonS3 age 34894 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront content-type text/css x-amz-cf-pop FRA50-C1 accept-ranges bytes content-length 2533 x-amz-cf-id Ldl-yRopKQSo_8xP0yifChkMnUU-f7V5q0WJOAsqZNKMEuwx-F00KQ==
GET H2	200	icon_enhanced-security-no-threats.svg www.safebrowse.io/img/	4 KB 4 KB	8ms 8ms	Image image/svg+xml	2600:9000:2156:5600:2:bd35:ec40:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://www.safebrowse.io/img/icon_enhanced-security-no-threats.svg Requested by Host: www.safebrowse.io URL: https://www.safebrowse.io/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:5600:2:bd35:ec40:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash `200db542016a7037a6911f83c9cd51916b0e1e4416fc553faa76ec35cf6c1f57` Request headers accept-language de-DE,de;q=0.9 Referer https://www.safebrowse.io/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Response headers date Thu, 14 Apr 2022 02:13:55 GMT via 1.1 9eb0e845437929074828e0cf53f179ae.cloudfront.net (CloudFront) etag "18e00b384972f311d8855ca60adb903e" last-modified Thu, 07 Oct 2021 10:07:57 GMT server AmazonS3 age 46272 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront content-type image/svg+xml x-amz-cf-pop FRA50-C1 accept-ranges bytes content-length 3747 x-amz-cf-id GzV8RkaJVNMi9pqhV2ozsXR555JSOBiErmenyewGKy38UWK5fcuVfw==
GET H2	200	XfinityStandard-Light.woff2 static.cimcontent.net/staticsites/fonts/latest/Xfinity_Standard/ Redirect Chain https://edge.static-assets.top.comcast.net/staticsites/fonts/latest/Xfinity_Standard/XfinityStandard-Light.woff2 https://static.cimcontent.net/staticsites/fonts/latest/Xfinity_Standard/XfinityStandard-Light.woff2	27 KB 27 KB	305ms 43ms	Font font/woff2	2a02:26f0:1700:593::30d4 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://static.cimcontent.net/staticsites/fonts/latest/Xfinity_Standard/XfinityStandard-Light.woff2 Requested by Host: www.safebrowse.io URL: https://www.safebrowse.io/css/theme-xdns-security.min.css Protocol H2 Server 2a02:26f0:1700:593::30d4 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software AmazonS3 / Resource Hash `fc6cd95261064c28600405c9c8dd51813abf8367e85b6e00f0f3031a8338988a` Request headers accept-language de-DE,de;q=0.9 Referer https://www.safebrowse.io/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Response headers x-amz-version-id wnCwOacXycelzt78IMkr55wWB9WkMd2W last-modified Fri, 24 Jan 2020 21:23:01 GMT server AmazonS3 x-amz-cf-pop FRA53-C1 etag "f05d3ebe80809d82ab14d62a79da544e" content-type font/woff2 access-control-allow-origin * cache-control max-age=2506310 date Thu, 14 Apr 2022 15:05:08 GMT accept-ranges bytes content-length 27420 x-amz-cf-id i3nOvr6yhXHbJ-R1qoW0IJD1V_dgJYUvVFaR6WqrtHPtTqAZoFQiCQ== Redirect headers Date Thu, 14 Apr 2022 15:05:07 GMT Via http/1.1 odol-atsec-har-16.wallingford.ct.hartford.comcast.net (18.c0350c9.el7 [uSc s f p eN:tNc p s ]) Server 18.c0350c9.el7 Location https://static.cimcontent.net/staticsites/fonts/latest/Xfinity_Standard/XfinityStandard-Light.woff2 Content-Language en Access-Control-Allow-Origin * Cache-Control no-store Connection keep-alive Content-Type text/html Content-Length 381

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Xfinity (Consumer)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| structuredClone object| oncontextlost object| oncontextrestored function| getScreenDetails

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

edge.static-assets.top.comcast.net
static.cimcontent.net
www.safebrowse.io
2001:558:fe03:7d::2
2600:9000:2156:5600:2:bd35:ec40:93a1
2a02:26f0:1700:593::30d4
200db542016a7037a6911f83c9cd51916b0e1e4416fc553faa76ec35cf6c1f57
3d2e5e260d41e308cde1291873f9024ef20bd487b5d011f102e7c495ad321be4
fc6cd95261064c28600405c9c8dd51813abf8367e85b6e00f0f3031a8338988a
ff8d1b0a7ac6581fb3038b5bae8c777b75d991a262b7692112063c0fccfa4eae

www.safebrowse.io Open in urlscan Pro 2600:9000:2156:5600:2:bd35:ec40:93a1 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

4 Requests

75 %HTTPS

100 %IPv6

3 Domains

3 Subdomains

2 IPs

2 Countries

37 kBTransfer

35 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

4 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

0 Cookies

Indicators

www.safebrowse.io Open in urlscan Pro
2600:9000:2156:5600:2:bd35:ec40:93a1 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

4
Requests

75 %
HTTPS

100 %
IPv6

3
Domains

3
Subdomains

2
IPs

2
Countries

37 kB
Transfer

35 kB
Size

0
Cookies

4 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!