akmsystems.com
Open in
urlscan Pro
192.185.96.164
Malicious Activity!
Public Scan
URL:
http://akmsystems.com/Magento/comcast.net/Xfinity.com/index.htm
Submission: On June 28 via automatic, source phishtank
Submission: On June 28 via automatic, source phishtank
Summary
This website contacted 5 IPs
in 2 countries
across 5 domains to perform 17 HTTP transactions.
The main IP is 192.185.96.164, located in
United States and
belongs to UNIFIEDLAYER-AS-1, US.
The main domain is akmsystems.com.
This is the only time akmsystems.com was scanned on urlscan.io!
This is the only time akmsystems.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Xfinity (Consumer)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 2 | 192.185.96.164 192.185.96.164 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1) | |
| 10 | 2001:558:fe16... 2001:558:fe16:109:96:114:156:145 | 7922 (COMCAST-7922) (COMCAST-7922) | |
| 1 | 2600:1f18:659... 2600:1f18:6593:f608:78e4:ddc4:e083:81a6 | 14618 (AMAZON-AES) (AMAZON-AES) | |
| 1 2 | 54.72.144.189 54.72.144.189 | 16509 (AMAZON-02) (AMAZON-02) | |
| 17 | 5 |
1
2600:1f18:6593:f608:78e4:ddc4:e083:81a6
(Ashburn, United States)
ASN14618 (AMAZON-AES, US)
ASN14618 (AMAZON-AES, US)
| 7468.v.fwmrm.net |
2
54.72.144.189
(Dublin, Ireland)
ASN16509 (AMAZON-02, US)
PTR: ec2-54-72-144-189.eu-west-1.compute.amazonaws.com
ASN16509 (AMAZON-02, US)
PTR: ec2-54-72-144-189.eu-west-1.compute.amazonaws.com
| xfinitydigital.demdex.net |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 10 |
xfinity.com
login.xfinity.com |
11 KB |
| 2 |
demdex.net
1 redirects
xfinitydigital.demdex.net |
2 KB |
| 2 |
akmsystems.com
akmsystems.com |
13 KB |
| 1 |
fwmrm.net
7468.v.fwmrm.net |
411 B |
| 0 |
Failed
function sub() { [native code] }. Failed |
|
| 17 | 5 |
| Domain | Requested by | |
|---|---|---|
| 10 | login.xfinity.com |
akmsystems.com
|
| 2 | xfinitydigital.demdex.net |
1 redirects
akmsystems.com
|
| 2 | akmsystems.com |
akmsystems.com
|
| 1 | 7468.v.fwmrm.net |
akmsystems.com
|
| 0 | login.xfinity.comstatic Failed |
akmsystems.com
|
| 17 | 5 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| www.comcast.net |
| www.surveymonkey.com |
| idm.xfinity.com |
| customer.xfinity.com |
| my.xfinity.com |
| xfinity.comcast.net |
| customer.comcast.com |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| *.identity.xfinity.com COMODO RSA Organization Validation Secure Server CA |
2020-10-02 - 2021-10-02 |
a year | crt.sh |
| *.v.fwmrm.net DigiCert TLS RSA SHA256 2020 CA1 |
2020-11-17 - 2021-12-18 |
a year | crt.sh |
| *.demdex.net DigiCert TLS RSA SHA256 2020 CA1 |
2020-12-02 - 2022-01-02 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
http://akmsystems.com/Magento/comcast.net/Xfinity.com/index.htm
Frame ID: 25A67D18FB82770B58AFB07E8BBF5BAF
Requests: 19 HTTP requests in this frame
10 Outgoing links
These are links going to different origins than the main page.
URL: http://www.comcast.net/adinformation
Title: Ad Info
Title: Ad Info
Search URL Search Domain Scan URL
URL: https://www.surveymonkey.com/s.aspx?sm=FyNNVDhj_2f2FNc2KVOHQ4eg_3d_3d
Title: Ad Feedback
Title: Ad Feedback
Search URL Search Domain Scan URL
URL: https://idm.xfinity.com/myaccount/lookup?continue=https%3A%2F%2Flogin.xfinity.com%2Flogin%3FipAddrAuthn%3Dfalse%26passive%3Dfalse%26client_id%3Dxcp-prod%26reqId%3Dcdd1babd-2c09-4b89-b152-b93fc911e7ed%26r%3Dcomcast.net%26s%3Doauth%26deviceAuthn%3Dfalse%26continue%3Dhttps%253A%252F%252Foauth.xfinity.com%252Foauth%252Fauthorize%253Fclient_id%253Dxcp-prod%2526response_type%253Dcode%2526redirect_uri%253Dhttps%253A%252F%252Fxfinityconnect.email.comcast.net%252FxcPreAuth%252Fui%252Fweb%2526state%253D0%2526response%253D1%26forceAuthn%3D0%26lang%3Den%26rm%3D2%26ui_style%3Dlight&lang=en&ui_style=light
Title: username
Title: username
Search URL Search Domain Scan URL
URL: https://idm.xfinity.com/myaccount/reset?continue=https%3A%2F%2Flogin.xfinity.com%2Flogin%3FipAddrAuthn%3Dfalse%26passive%3Dfalse%26client_id%3Dxcp-prod%26reqId%3Dcdd1babd-2c09-4b89-b152-b93fc911e7ed%26r%3Dcomcast.net%26s%3Doauth%26deviceAuthn%3Dfalse%26continue%3Dhttps%253A%252F%252Foauth.xfinity.com%252Foauth%252Fauthorize%253Fclient_id%253Dxcp-prod%2526response_type%253Dcode%2526redirect_uri%253Dhttps%253A%252F%252Fxfinityconnect.email.comcast.net%252FxcPreAuth%252Fui%252Fweb%2526state%253D0%2526response%253D1%26forceAuthn%3D0%26lang%3Den%26rm%3D2%26ui_style%3Dlight&lang=en&ui_style=light
Title: password
Title: password
Search URL Search Domain Scan URL
URL: https://idm.xfinity.com/myaccount/create-uid?continue=https%3A%2F%2Flogin.xfinity.com%2Flogin%3FipAddrAuthn%3Dfalse%26passive%3Dfalse%26client_id%3Dxcp-prod%26reqId%3Dcdd1babd-2c09-4b89-b152-b93fc911e7ed%26r%3Dcomcast.net%26s%3Doauth%26deviceAuthn%3Dfalse%26continue%3Dhttps%253A%252F%252Foauth.xfinity.com%252Foauth%252Fauthorize%253Fclient_id%253Dxcp-prod%2526response_type%253Dcode%2526redirect_uri%253Dhttps%253A%252F%252Fxfinityconnect.email.comcast.net%252FxcPreAuth%252Fui%252Fweb%2526state%253D0%2526response%253D1%26forceAuthn%3D0%26lang%3Den%26rm%3D2%26ui_style%3Dlight&lang=en&ui_style=light
Title: Create one
Title: Create one
Search URL Search Domain Scan URL
URL: https://customer.xfinity.com/lite
Title: Pay any balance
Title: Pay any balance
Search URL Search Domain Scan URL
URL: http://my.xfinity.com/terms/web/
Title: Terms of Service
Title: Terms of Service
Search URL Search Domain Scan URL
URL: http://xfinity.comcast.net/privacy/
Title: Privacy Policy
Title: Privacy Policy
Search URL Search Domain Scan URL
URL: http://xfinity.comcast.net/siteindex/
Title: Site Map
Title: Site Map
Search URL Search Domain Scan URL
URL: https://customer.comcast.com/contact-us/
Title: Contact Us
Title: Contact Us
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 9- https://xfinitydigital.demdex.net/event?d_sid=4702129 HTTP 302
- https://xfinitydigital.demdex.net/firstevent?d_sid=4702129
17 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
Primary Request
index.htm
akmsystems.com/Magento/comcast.net/Xfinity.com/ |
15 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
lodash-slim.min.js
login.xfinity.com/static/js/data-layer/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
tracking-aws.min.js
login.xfinity.com/static/js/data-layer/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
tracking-DTM.min.js
login.xfinity.com/static/js/data-layer/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
tracking.min.js
login.xfinity.com/static/js/data-layer/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
satelliteLib-531bc4f46256650a84099973f0ed331f809ea5f4.js
akmsystems.com/https://login.xfinity.com/assets.adobedtm.com/43896e740dcedef854392e0be6ea80deb8eb2ba5/ |
32 KB 8 KB |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
styles-light.min.css
login.xfinity.com/static/css/junket/ |
45 KB 11 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
vm-login-form-ad.js
login.xfinity.comstatic/js/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
data.json
login.xfinity.com/dmp.tidaltv.com/audience/browser/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
u
7468.v.fwmrm.net/ad/ |
0 411 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
firstevent
xfinitydigital.demdex.net/ Redirect Chain
|
42 B 980 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
jquery-3.3.1.min.js
login.xfinity.comstatic/js/libs/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
scripts-responsive.min.js
login.xfinity.comstatic/js/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
tracking-aws.min.js
login.xfinity.com/static/js/data-layer/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
tracking-DTM.min.js
login.xfinity.com/static/js/data-layer/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
tracking.min.js
login.xfinity.com/static/js/data-layer/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
data.json
login.xfinity.com/dmp.tidaltv.com/audience/browser/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
933 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- login.xfinity.comstatic
- URL
- https://login.xfinity.comstatic/js/vm-login-form-ad.js
- Domain
- login.xfinity.comstatic
- URL
- https://login.xfinity.comstatic/js/libs/jquery-3.3.1.min.js
- Domain
- login.xfinity.comstatic
- URL
- https://login.xfinity.comstatic/js/scripts-responsive.min.js?v=6dacc1f
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Xfinity (Consumer)8 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated object| runtimeData0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
7468.v.fwmrm.net
akmsystems.com
login.xfinity.com
login.xfinity.comstatic
xfinitydigital.demdex.net
login.xfinity.comstatic
192.185.96.164
2001:558:fe16:109:96:114:156:145
2600:1f18:6593:f608:78e4:ddc4:e083:81a6
54.72.144.189
2068bd12213b7dc012b336cd409ec2b6cfb995ec92cd593cf32e6b867a8ebef1
3903b9bda75f7b41db2f2fd295a8051074eb7fbfffbad060802aa80f3af57d46
4bd9c8ed57b1dd8fddcc2910170e9b81b40f7b628e272924e88a98f45ebb9aea
58fd862aaa51daaa186ee3fecfd805c0f8eea09146e9c7deb44a3f30a1ad01b5
a4e88a727d7938762cc210f832b5b33bc812817962e7d2aed98bafb4453da4cb
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629