useraccess-hostmobile08.ddns.ms Open in urlscan Pro
159.89.184.169 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://useraccess-hostmobile08.ddns.ms/
Submission: On August 19 via api (August 19th 2023, 10:08:42 am UTC) from US — Scanned from US

Summary HTTP 11 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 1 countries across 2 domains to perform 11 HTTP transactions. The main IP is 159.89.184.169, located in Clifton, United States and belongs to DIGITALOCEAN-ASN, US. The main domain is useraccess-hostmobile08.ddns.ms.
TLS certificate: Issued by cPanel, Inc. Certification Authority on August 18th 2023. Valid for: 3 months.

This is the only time useraccess-hostmobile08.ddns.ms was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Xfinity (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
8	159.89.184.169 159.89.184.169	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
3	2600:141b:13:... 2600:141b:13:794::30d4	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
11	3

8 159.89.184.169 (Clifton, United States)

ASN14061 (DIGITALOCEAN-ASN, US)

useraccess-hostmobile08.ddns.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:141b:13:794::30d4 (Secaucus, United States)

ASN20940 (AKAMAI-ASN1, NL)

static.cimcontent.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	ddns.ms useraccess-hostmobile08.ddns.ms	81 KB
3	cimcontent.net static.cimcontent.net — Cisco Umbrella Rank: 25452	80 KB
11	2

	Domain	Requested by
8	useraccess-hostmobile08.ddns.ms	useraccess-hostmobile08.ddns.ms
3	static.cimcontent.net	useraccess-hostmobile08.ddns.ms
11	2

This site contains no links.

Subject Issuer	Validity	Valid
useraccess-hostmobile08.ddns.ms cPanel, Inc. Certification Authority	`2023-08-18` - `2023-11-16`	3 months	crt.sh
static.cimcontent.net COMODO RSA Organization Validation Secure Server CA	`2023-03-30` - `2024-03-29`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://useraccess-hostmobile08.ddns.ms/
Frame ID: 9D1292B4159344A779C5988B157E6D6E
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Consumer banking | Personal banking | U.S. Bank

Page Statistics

11
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

3
IPs

1
Countries

161 kB
Transfer

161 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response useraccess-hostmobile08.ddns.ms/	5 KB 5 KB	228ms 62ms	Document text/html	159.89.184.169 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://useraccess-hostmobile08.ddns.ms/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 159.89.184.169 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS Software Apache / Resource Hash `735f0a36b73f520c78114d92e6b95f2a882cd5a567fbc998babbc5e7220fc0a8` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 accept-language en-US,en;q=0.9 Response headers Accept-Ranges bytes Connection Keep-Alive Content-Length 5184 Content-Type text/html Date Sat, 19 Aug 2023 10:08:36 GMT Keep-Alive timeout=5, max=100 Last-Modified Sun, 05 Mar 2023 20:52:10 GMT Server Apache
GET H/1.1	200 OK	fonts-remote.css useraccess-hostmobile08.ddns.ms/index_files/	3 KB 4 KB	62ms 62ms	Stylesheet text/css	159.89.184.169 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://useraccess-hostmobile08.ddns.ms/index_files/fonts-remote.css Requested by Host: useraccess-hostmobile08.ddns.ms URL: https://useraccess-hostmobile08.ddns.ms/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 159.89.184.169 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS Software Apache / Resource Hash `032d8b49c68572a6136937e3f8f4fb10d94eefaf95418e557f44f1f04b715ba8` Request headers accept-language en-US,en;q=0.9 Referer https://useraccess-hostmobile08.ddns.ms/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers Date Sat, 19 Aug 2023 10:08:36 GMT Last-Modified Tue, 11 Oct 2022 18:13:20 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 3375
GET H/1.1	200 OK	styles-light.css useraccess-hostmobile08.ddns.ms/index_files/	44 KB 45 KB	130ms 67ms	Stylesheet text/css	159.89.184.169 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://useraccess-hostmobile08.ddns.ms/index_files/styles-light.css Requested by Host: useraccess-hostmobile08.ddns.ms URL: https://useraccess-hostmobile08.ddns.ms/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 159.89.184.169 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS Software Apache / Resource Hash `e34d0b3d548b1b98667170a8e43697acf9f3eefb2af1595c21f949fd1d21583d` Request headers accept-language en-US,en;q=0.9 Referer https://useraccess-hostmobile08.ddns.ms/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers Date Sat, 19 Aug 2023 10:08:36 GMT Last-Modified Tue, 11 Oct 2022 18:13:22 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 45455
GET H/1.1	200 OK	146.64.png useraccess-hostmobile08.ddns.ms/index_files/	3 KB 3 KB	181ms 61ms	Image image/png	159.89.184.169 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://useraccess-hostmobile08.ddns.ms/index_files/146.64.png Requested by Host: useraccess-hostmobile08.ddns.ms URL: https://useraccess-hostmobile08.ddns.ms/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 159.89.184.169 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS Software Apache / Resource Hash `11bb8962d8e59580418e218d85a6759248fee65345a8478d7c617b02efa32bf6` Request headers accept-language en-US,en;q=0.9 Referer https://useraccess-hostmobile08.ddns.ms/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers Date Sat, 19 Aug 2023 10:08:36 GMT Last-Modified Tue, 11 Oct 2022 18:15:34 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 2926
GET H/1.1	200 OK	501.46.png useraccess-hostmobile08.ddns.ms/index_files/	5 KB 5 KB	186ms 62ms	Image image/png	159.89.184.169 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://useraccess-hostmobile08.ddns.ms/index_files/501.46.png Requested by Host: useraccess-hostmobile08.ddns.ms URL: https://useraccess-hostmobile08.ddns.ms/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 159.89.184.169 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS Software Apache / Resource Hash `b0faee268e1c32ab1afdc968c172735060ebd4ff6750ccaec05bfd217ef56ac9` Request headers accept-language en-US,en;q=0.9 Referer https://useraccess-hostmobile08.ddns.ms/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers Date Sat, 19 Aug 2023 10:08:36 GMT Last-Modified Tue, 11 Oct 2022 18:15:42 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 5116
GET H/1.1	200 OK	581.40.png useraccess-hostmobile08.ddns.ms/index_files/	6 KB 7 KB	187ms 62ms	Image image/png	159.89.184.169 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://useraccess-hostmobile08.ddns.ms/index_files/581.40.png Requested by Host: useraccess-hostmobile08.ddns.ms URL: https://useraccess-hostmobile08.ddns.ms/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 159.89.184.169 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS Software Apache / Resource Hash `eb73de377a1d518bef6582556aa4f68b4ae90899e3c9e24b08bce5734094b2cc` Request headers accept-language en-US,en;q=0.9 Referer https://useraccess-hostmobile08.ddns.ms/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers Date Sat, 19 Aug 2023 10:08:36 GMT Last-Modified Tue, 11 Oct 2022 18:16:12 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 6423
GET H/1.1	200 OK	202.108.png useraccess-hostmobile08.ddns.ms/index_files/	3 KB 3 KB	192ms 63ms	Image image/png	159.89.184.169 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://useraccess-hostmobile08.ddns.ms/index_files/202.108.png Requested by Host: useraccess-hostmobile08.ddns.ms URL: https://useraccess-hostmobile08.ddns.ms/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 159.89.184.169 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS Software Apache / Resource Hash `272834001e14501604cc6cd8358c35dca3002501a043dc68fbab364cd573cfdf` Request headers accept-language en-US,en;q=0.9 Referer https://useraccess-hostmobile08.ddns.ms/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers Date Sat, 19 Aug 2023 10:08:36 GMT Last-Modified Tue, 11 Oct 2022 18:16:18 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 3154
GET H/1.1	200 OK	343.107.png useraccess-hostmobile08.ddns.ms/index_files/	9 KB 9 KB	134ms 62ms	Image image/png	159.89.184.169 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://useraccess-hostmobile08.ddns.ms/index_files/343.107.png Requested by Host: useraccess-hostmobile08.ddns.ms URL: https://useraccess-hostmobile08.ddns.ms/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 159.89.184.169 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS Software Apache / Resource Hash `321638b2aca6d18d6a6cf76fb41b24b0f154fd8beb37297dde463c42161237cf` Request headers accept-language en-US,en;q=0.9 Referer https://useraccess-hostmobile08.ddns.ms/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers Date Sat, 19 Aug 2023 10:08:36 GMT Last-Modified Tue, 11 Oct 2022 18:16:24 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 9260
GET DATA	200 OK	truncated /	3 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `58fd862aaa51daaa186ee3fecfd805c0f8eea09146e9c7deb44a3f30a1ad01b5` Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers Content-Type image/svg+xml
GET H2	200	XfinityStandard-Regular.woff2 static.cimcontent.net/fonts/latest/Xfinity_Standard/	26 KB 26 KB	312ms 64ms	Font font/woff2	2600:141b:13:794::30d4 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://static.cimcontent.net/fonts/latest/Xfinity_Standard/XfinityStandard-Regular.woff2 Requested by Host: useraccess-hostmobile08.ddns.ms URL: https://useraccess-hostmobile08.ddns.ms/index_files/fonts-remote.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2600:141b:13:794::30d4 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software AmazonS3 / Resource Hash `138c0ead0fbcd09dd455df9870920e8725b367fbf02ac0cef0c62874000ab176` Request headers Referer https://useraccess-hostmobile08.ddns.ms/ Origin https://useraccess-hostmobile08.ddns.ms accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers x-amz-version-id kLBQWhXkUwwuS0hOSKJ2GQ_XrNE.oQFF date Sat, 19 Aug 2023 10:08:37 GMT last-modified Fri, 24 Jan 2020 21:23:01 GMT server AmazonS3 x-amz-cf-pop EWR53-C2 etag "e3e79cd377b28c1e7ffea64b194136cf" content-type font/woff2 access-control-allow-origin * cache-control max-age=396099 accept-ranges bytes content-length 26768 x-amz-cf-id 7ji2rF2ID1b0u9s-BvY6hxw0Z7XRfwLB_kv6J-FK9IsbTxFWHBJoIw==
GET H2	200	XfinityStandard-Light.woff2 static.cimcontent.net/fonts/latest/Xfinity_Standard/	27 KB 27 KB	383ms 136ms	Font font/woff2	2600:141b:13:794::30d4 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://static.cimcontent.net/fonts/latest/Xfinity_Standard/XfinityStandard-Light.woff2 Requested by Host: useraccess-hostmobile08.ddns.ms URL: https://useraccess-hostmobile08.ddns.ms/index_files/fonts-remote.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2600:141b:13:794::30d4 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software AmazonS3 / Resource Hash `fc6cd95261064c28600405c9c8dd51813abf8367e85b6e00f0f3031a8338988a` Request headers Referer https://useraccess-hostmobile08.ddns.ms/ Origin https://useraccess-hostmobile08.ddns.ms accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers x-amz-version-id wnCwOacXycelzt78IMkr55wWB9WkMd2W date Sat, 19 Aug 2023 10:08:37 GMT last-modified Fri, 24 Jan 2020 21:23:01 GMT server AmazonS3 x-amz-cf-pop EWR53-C2 etag "f05d3ebe80809d82ab14d62a79da544e" content-type font/woff2 access-control-allow-origin * cache-control max-age=399691 accept-ranges bytes content-length 27420 x-amz-cf-id KpS8Spp3hb7soAiUaTCzkhQgN7EKFwwrPTOlEJcK2hTjKISVPAKofw==
GET H2	200	XfinityStandard-Bold.woff2 static.cimcontent.net/fonts/latest/Xfinity_Standard/	26 KB 27 KB	380ms 134ms	Font font/woff2	2600:141b:13:794::30d4 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://static.cimcontent.net/fonts/latest/Xfinity_Standard/XfinityStandard-Bold.woff2 Requested by Host: useraccess-hostmobile08.ddns.ms URL: https://useraccess-hostmobile08.ddns.ms/index_files/fonts-remote.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2600:141b:13:794::30d4 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software AmazonS3 / Resource Hash `020e9e48d93ba9d27e827e8246dd9f855c388ff4697ba14d647fcc4d9b1ccdef` Request headers Referer https://useraccess-hostmobile08.ddns.ms/ Origin https://useraccess-hostmobile08.ddns.ms accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers x-amz-version-id LDG6wJQl1INH_wTGu7a9uUI1eheA5q.9 date Sat, 19 Aug 2023 10:08:37 GMT last-modified Fri, 24 Jan 2020 21:23:01 GMT server AmazonS3 x-amz-cf-pop EWR53-C2 etag "4cf223c306de5325b4939d9d4ea2c5a5" content-type font/woff2 access-control-allow-origin * cache-control max-age=417262 accept-ranges bytes content-length 26896 x-amz-cf-id fti-84NeMd4PwXC1yNHGb_3wYak9qmcbGRk9d2uKB1fysUUwot1mWQ==

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Xfinity (Consumer)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture undefined| frmvalidator

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

static.cimcontent.net
useraccess-hostmobile08.ddns.ms
159.89.184.169
2600:141b:13:794::30d4
020e9e48d93ba9d27e827e8246dd9f855c388ff4697ba14d647fcc4d9b1ccdef
032d8b49c68572a6136937e3f8f4fb10d94eefaf95418e557f44f1f04b715ba8
11bb8962d8e59580418e218d85a6759248fee65345a8478d7c617b02efa32bf6
138c0ead0fbcd09dd455df9870920e8725b367fbf02ac0cef0c62874000ab176
272834001e14501604cc6cd8358c35dca3002501a043dc68fbab364cd573cfdf
321638b2aca6d18d6a6cf76fb41b24b0f154fd8beb37297dde463c42161237cf
58fd862aaa51daaa186ee3fecfd805c0f8eea09146e9c7deb44a3f30a1ad01b5
735f0a36b73f520c78114d92e6b95f2a882cd5a567fbc998babbc5e7220fc0a8
b0faee268e1c32ab1afdc968c172735060ebd4ff6750ccaec05bfd217ef56ac9
e34d0b3d548b1b98667170a8e43697acf9f3eefb2af1595c21f949fd1d21583d
eb73de377a1d518bef6582556aa4f68b4ae90899e3c9e24b08bce5734094b2cc
fc6cd95261064c28600405c9c8dd51813abf8367e85b6e00f0f3031a8338988a

useraccess-hostmobile08.ddns.ms Open in urlscan Pro 159.89.184.169 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

11 Requests

100 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

3 IPs

1 Countries

161 kBTransfer

161 kBSize

0 Cookies

0 Outgoing links

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

0 Cookies

Indicators

useraccess-hostmobile08.ddns.ms Open in urlscan Pro
159.89.184.169 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

3
IPs

1
Countries

161 kB
Transfer

161 kB
Size

0
Cookies

11 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!