urlscan.io logo urlscan.io
SecurityTrails logo

curibooun.ml Open in urlscan Pro
2606:4700:30::681c:bd4  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://curibooun.ml/ghj/cascome.htm
Effective URL: https://curibooun.ml/ghj/cascome.htm
Submission: On December 21 via manual from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 2 countries across 5 domains to perform 9 HTTP transactions. The main IP is 2606:4700:30::681c:bd4, located in United States and belongs to CLOUDFLARENET - Cloudflare, Inc., US. The main domain is curibooun.ml.
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on December 19th 2018. Valid for: a year.
This is the only time curibooun.ml was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Xfinity (Consumer)

Domain & IP information

IP Address AS Autonomous System
1 1 2606:4700:30:... 13335 (CLOUDFLAR...)
1 2606:4700:30:... 13335 (CLOUDFLAR...)
4 2001:558:fe21... 7922 (COMCAST-7922)
2 204.13.194.239 29990 (ASN-APPNEXUS)
1 2.18.235.40 16625 (AKAMAI-AS)
9 5
1    2606:4700:30::681c:ad4 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
curibooun.ml
1    2606:4700:30::681c:bd4 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
curibooun.ml
4    2001:558:fe21:2:69:252:205:24 (United States)

ASN7922 (COMCAST-7922 - Comcast Cable Communications, LLC, US)
login.comcast.net
2    204.13.194.239 (New York, United States)

ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US)
oasc09.247realmedia.com
1    2.18.235.40 (European Union)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a2-18-235-40.deploy.static.akamaitechnologies.com
z.moatads.com
Apex Domain
Subdomains		 Transfer
4 comcast.net
login.comcast.net
13 KB
2 247realmedia.com
oasc09.247realmedia.com
2 KB
2 curibooun.ml
curibooun.ml
10 KB
1 moatads.com
z.moatads.com
84 KB
0 openx.net Failed
comcast-d.openx.net Failed
9 5
Domain Requested by
4 login.comcast.net curibooun.ml
2 oasc09.247realmedia.com curibooun.ml
oasc09.247realmedia.com
2 curibooun.ml 1 redirects
1 z.moatads.com oasc09.247realmedia.com
0 comcast-d.openx.net Failed curibooun.ml
9 5

This site contains links to these domains. Also see Links.

Domain
xfinity.comcast.net
Subject Issuer Validity Valid
sni.cloudflaressl.com
CloudFlare Inc ECC CA-2		 2018-12-19 -
2019-12-19		 a year crt.sh
login.comcast.net
COMODO RSA Organization Validation Secure Server CA		 2018-10-29 -
2020-10-28		 2 years crt.sh
*.247realmedia.com
GeoTrust RSA CA 2018		 2018-01-25 -
2019-06-25		 a year crt.sh
moatads.com
DigiCert ECC Secure Server CA		 2018-11-10 -
2020-02-09		 a year crt.sh

This page contains 1 frames:

Primary Page: https://curibooun.ml/ghj/cascome.htm
Frame ID: ED3F1A0174FBFED994BE670591B5E09C
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://curibooun.ml/ghj/cascome.htm HTTP 301
    https://curibooun.ml/ghj/cascome.htm Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /cloudflare/i

Page Statistics

9
Requests

89 %
HTTPS

60 %
IPv6

5
Domains

5
Subdomains

5
IPs

2
Countries

109 kB
Transfer

316 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://curibooun.ml/ghj/cascome.htm HTTP 301
    https://curibooun.ml/ghj/cascome.htm Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request cascome.htm
curibooun.ml/ghj/
Redirect Chain
  • http://curibooun.ml/ghj/cascome.htm
  • https://curibooun.ml/ghj/cascome.htm
20 KB
10 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://curibooun.ml/ghj/cascome.htm
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700:30::681c:bd4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
7fe187b239a2c1d59ebb4d28a47eac796c20af4e898581f347776a02feab62f8

Request headers

:method
GET
:authority
curibooun.ml
:scheme
https
:path
/ghj/cascome.htm
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

status
200
date
Fri, 21 Dec 2018 15:06:21 GMT
content-type
text/html
set-cookie
__cfduid=dd5d5612e97228692679947aa509fcbe11545404780; expires=Sat, 21-Dec-19 15:06:20 GMT; path=/; domain=.curibooun.ml; HttpOnly; Secure
last-modified
Thu, 20 Dec 2018 18:36:35 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
48cb40887f9597b6-FRA
content-encoding
br

Redirect headers

Date
Fri, 21 Dec 2018 15:06:20 GMT
Transfer-Encoding
chunked
Connection
keep-alive
Cache-Control
max-age=3600
Expires
Fri, 21 Dec 2018 16:06:20 GMT
Location
https://curibooun.ml/ghj/cascome.htm
Vary
Accept-Encoding
Server
cloudflare
CF-RAY
48cb408834d3befd-FRA
styles.min.css
login.comcast.net/static/css/ 		17 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://login.comcast.net/static/css/styles.min.css?v=9
Requested by
Host: curibooun.ml
URL: https://curibooun.ml/ghj/cascome.htm
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
2001:558:fe21:2:69:252:205:24 , United States, ASN7922 (COMCAST-7922 - Comcast Cable Communications, LLC, US),
Reverse DNS
Software
Apache /
Resource Hash
847ec2bbe06b316899e011a0abdd47e14a5620dd8fa83e59f02b7edb955ae54c
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains;

Request headers

Referer
https://curibooun.ml/ghj/cascome.htm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Fri, 21 Dec 2018 15:06:21 GMT
Content-Encoding
gzip
Last-Modified
Fri, 14 Dec 2018 20:54:10 GMT
Server
Apache
Vary
Accept-Encoding
Connection
Keep-Alive
Content-Type
text/css
Cache-Control
max-age=157096068
Strict-Transport-Security
max-age=63072000; includeSubDomains;
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=500
Content-Length
4532
Expires
Wed, 13 Dec 2023 20:54:10 GMT
nc.min.js
login.comcast.net/proxy/captcha/resource/13428/skins/open-comcast-cima-2/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://login.comcast.net/proxy/captcha/resource/13428/skins/open-comcast-cima-2/nc.min.js
Requested by
Host: curibooun.ml
URL: https://curibooun.ml/ghj/cascome.htm
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
2001:558:fe21:2:69:252:205:24 , United States, ASN7922 (COMCAST-7922 - Comcast Cable Communications, LLC, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains;

Request headers

Referer
https://curibooun.ml/ghj/cascome.htm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Fri, 21 Dec 2018 15:06:21 GMT
Via
1.1 d1caea62fb8c2cc700e57b182183da64.cloudfront.net (CloudFront), 1.1 login.comcast.net
Vary
Accept-Encoding
X-Cache
Error from cloudfront
Content-Type
application/xml
Connection
Keep-Alive
Strict-Transport-Security
max-age=63072000; includeSubDomains;
Content-Encoding
gzip
Keep-Alive
timeout=5, max=500
Content-Length
20
X-Amz-Cf-Id
injA2KlSF9NAuFSwcSrq5bS3A0HXyVrPpW2KEDv7ehs55ytZbLr4iQ==
omniture.js
login.comcast.net/static/js/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://login.comcast.net/static/js/omniture.js?v=9
Requested by
Host: curibooun.ml
URL: https://curibooun.ml/ghj/cascome.htm
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
2001:558:fe21:2:69:252:205:24 , United States, ASN7922 (COMCAST-7922 - Comcast Cable Communications, LLC, US),
Reverse DNS
Software
Apache /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains;

Request headers

Referer
https://curibooun.ml/ghj/cascome.htm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Strict-Transport-Security
max-age=63072000; includeSubDomains;
Content-Encoding
gzip
Server
Apache
Date
Fri, 21 Dec 2018 15:06:21 GMT
Vary
accept-language,accept-charset,Accept-Encoding
Content-Language
en
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Type
text/html; charset=iso-8859-1
Keep-Alive
timeout=5, max=500
Content-Length
687
1281463511@x32
oasc09.247realmedia.com/RealMedia/ads/adstream_jx.ads/comcast.net/login_secure/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://oasc09.247realmedia.com/RealMedia/ads/adstream_jx.ads/comcast.net/login_secure/1281463511@x32?_OAS_GEO_OVERRIDE_=US:UNKNOWN
Requested by
Host: curibooun.ml
URL: https://curibooun.ml/ghj/cascome.htm
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.13.194.239 New York, United States, ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US),
Reverse DNS
Software
nginx/1.13.10 /
Resource Hash
1ac099d98d4ca9d1df9c3a3488cfad5da44cb17126d861718431e9794d24ed91

Request headers

Referer
https://curibooun.ml/ghj/cascome.htm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Pragma
no-cache
Date
Fri, 21 Dec 2018 15:06:24 GMT
Content-Encoding
gzip
Server
nginx/1.13.10
Vary
Accept-Encoding
P3P
CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Cache-Control
no-cache,no-store,private
Transfer-Encoding
chunked
Connection
keep-alive
Content-Type
application/x-javascript
Expires
Fri, 30 Oct 1998 14:19:41 GMT
xfinity-logo.png
login.comcast.net/static/images/global/ 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://login.comcast.net/static/images/global/xfinity-logo.png
Requested by
Host: curibooun.ml
URL: https://curibooun.ml/ghj/cascome.htm
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
2001:558:fe21:2:69:252:205:24 , United States, ASN7922 (COMCAST-7922 - Comcast Cable Communications, LLC, US),
Reverse DNS
Software
Apache /
Resource Hash
f2cbb9c684c7244f1098767b9b4e12521777afee1fd2c93aae1e762f1a1ff85d
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains;

Request headers

Referer
https://login.comcast.net/static/css/styles.min.css?v=9
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Fri, 21 Dec 2018 15:06:21 GMT
Last-Modified
Fri, 14 Dec 2018 20:52:21 GMT
Server
Apache
Strict-Transport-Security
max-age=63072000; includeSubDomains;
Content-Type
image/png
Cache-Control
max-age=157095959
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=499
Content-Length
7836
Expires
Wed, 13 Dec 2023 20:52:21 GMT
jstag
comcast-d.openx.net/w/1.0/ 		0
0
553245584c467764415841414178366c
oasc09.247realmedia.com/RealMedia/ads/adstream_lx.ads/comcast.net/login_secure/L24/1392324215/x32/Comcast/OpenX_201507_SIG_300_NATL/300x250_RM_OpenX_SI_K2_112917_10172018.html/ 		43 B
482 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://oasc09.247realmedia.com/RealMedia/ads/adstream_lx.ads/comcast.net/login_secure/L24/1392324215/x32/Comcast/OpenX_201507_SIG_300_NATL/300x250_RM_OpenX_SI_K2_112917_10172018.html/553245584c467764415841414178366c?_RM_EMPTY_&_OAS_GEO_OVERRIDE_=US:UNKNOWN
Requested by
Host: oasc09.247realmedia.com
URL: https://oasc09.247realmedia.com/RealMedia/ads/adstream_jx.ads/comcast.net/login_secure/1281463511@x32?_OAS_GEO_OVERRIDE_=US:UNKNOWN
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.13.194.239 New York, United States, ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US),
Reverse DNS
Software
nginx/1.13.10 /
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

Referer
https://curibooun.ml/ghj/cascome.htm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 21 Dec 2018 15:06:24 GMT
Server
nginx/1.13.10
P3P
CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Cache-Control
no-cache,no-store,private
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Fri, 30 Oct 1998 14:19:41 GMT
moatad.js
z.moatads.com/comcastapn56341864860/ 		269 KB
84 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/comcastapn56341864860/moatad.js
Requested by
Host: oasc09.247realmedia.com
URL: https://oasc09.247realmedia.com/RealMedia/ads/adstream_jx.ads/comcast.net/login_secure/1281463511@x32?_OAS_GEO_OVERRIDE_=US:UNKNOWN
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2.18.235.40 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
2e33bf960b0f922932f2de9f5d60d812b6a4c05c012aa4470f39e7dce3799e33

Request headers

Referer
https://curibooun.ml/ghj/cascome.htm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date
Fri, 21 Dec 2018 15:06:25 GMT
Content-Encoding
gzip
Last-Modified
Thu, 20 Dec 2018 19:05:55 GMT
Server
AmazonS3
x-amz-request-id
003AAE60685F1757
ETag
"11510b760637582a5f16f9e0726a0ea9"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
max-age=53874
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
85335
x-amz-id-2
QZ0KpuzpRxNdIqsbvhaqrfkCbWiCe9nDZxpD9eUIkcuy62f11QUoAUcXw+q6n1tpfNPRiDG/0yM=

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
comcast-d.openx.net
URL
https://comcast-d.openx.net/w/1.0/jstag

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Xfinity (Consumer)

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask string| f_ADTARGET_ZIP object| OAS_RN string| OAS_RNS string| OAS_url string| OAS_sitepage string| OAS_pos string| OAS_GEO_OVERRIDE object| OX_ads

0 Cookies