www.comcast-server2.serveusers.com
Open in
urlscan Pro
185.183.96.219
Malicious Activity!
Public Scan
Submission: On October 22 via manual from US
Summary
This is the only time www.comcast-server2.serveusers.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Xfinity (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
7 | 185.183.96.219 185.183.96.219 | 60117 (HS) (HS) | |
1 | 2001:558:fe03... 2001:558:fe03:33::2 | 7922 (COMCAST-7922) (COMCAST-7922 - Comcast Cable Communications) | |
2 | 52.17.182.129 52.17.182.129 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
3 | 2a02:26f0:64:... 2a02:26f0:64:4a4::1b62 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 | 2.16.186.105 2.16.186.105 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 | 172.82.228.16 172.82.228.16 | 15224 (OMNITURE) (OMNITURE - Adobe Systems Inc.) | |
1 1 | 66.117.28.86 66.117.28.86 | 15224 (OMNITURE) (OMNITURE - Adobe Systems Inc.) | |
1 | 23.211.8.45 23.211.8.45 | 16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies) | |
16 | 8 |
ASN7922 (COMCAST-7922 - Comcast Cable Communications, LLC, US)
edge.static-assets.top.comcast.net |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-17-182-129.eu-west-1.compute.amazonaws.com
dpm.demdex.net |
ASN20940 (AKAMAI-ASN1, US)
PTR: a2-16-186-105.deploy.static.akamaitechnologies.com
fast.comcast.demdex.net |
ASN15224 (OMNITURE - Adobe Systems Inc., US)
PTR: *.d1.sc.omtrdc.net
comcastcom.d1.sc.omtrdc.net |
ASN15224 (OMNITURE - Adobe Systems Inc., US)
cm.everesttech.net |
ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a23-211-8-45.deploy.static.akamaitechnologies.com
assets.adobedtm.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
serveusers.com
www.comcast-server2.serveusers.com |
403 KB |
3 |
xfinity.com
sdx.xfinity.com |
80 KB |
3 |
demdex.net
dpm.demdex.net fast.comcast.demdex.net |
3 KB |
1 |
adobedtm.com
assets.adobedtm.com |
35 KB |
1 |
everesttech.net
1 redirects
cm.everesttech.net |
526 B |
1 |
omtrdc.net
comcastcom.d1.sc.omtrdc.net |
492 B |
1 |
comcast.net
edge.static-assets.top.comcast.net |
170 KB |
16 | 7 |
Domain | Requested by | |
---|---|---|
7 | www.comcast-server2.serveusers.com |
www.comcast-server2.serveusers.com
|
3 | sdx.xfinity.com |
www.comcast-server2.serveusers.com
|
2 | dpm.demdex.net |
www.comcast-server2.serveusers.com
|
1 | assets.adobedtm.com |
www.comcast-server2.serveusers.com
|
1 | cm.everesttech.net | 1 redirects |
1 | comcastcom.d1.sc.omtrdc.net |
www.comcast-server2.serveusers.com
|
1 | fast.comcast.demdex.net |
www.comcast-server2.serveusers.com
|
1 | edge.static-assets.top.comcast.net |
www.comcast-server2.serveusers.com
|
16 | 8 |
This site contains links to these domains. Also see Links.
Domain |
---|
customer.xfinity.com |
businessclass.comcast.net |
idm.xfinity.com |
my.xfinity.com |
xfinity.comcast.net |
customer.comcast.com |
www.comcast.net |
www.surveymonkey.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
edge.static-assets.top.comcast.net COMODO RSA Organization Validation Secure Server CA |
2017-03-31 - 2019-03-31 |
2 years | crt.sh |
www.xfinity.comcast.net COMODO RSA Organization Validation Secure Server CA |
2017-09-22 - 2019-09-22 |
2 years | crt.sh |
This page contains 2 frames:
Primary Page:
http://www.comcast-server2.serveusers.com/www.comcast.net/
Frame ID: 79C473556DF79DE3B35E2A736BE7C89A
Requests: 17 HTTP requests in this frame
Frame:
http://fast.comcast.demdex.net/dest5.html?d_nsid=0
Frame ID: 118C232CF627D5C55DB56D4A8E65BC8A
Requests: 1 HTTP requests in this frame
Screenshot
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- headers server /php\/?([\d.]+)?/i
CentOS (Operating Systems) Expand
Detected patterns
- headers server /CentOS/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
SiteCatalyst (Analytics) Expand
Detected patterns
- env /^s_(?:account|objectID|code|INST)$/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery(?:\-|\.)([\d.]*\d)[^\/]*\.js/i
- script /jquery.*\.js/i
- env /^jQuery$/i
Lo-dash () Expand
Detected patterns
- script /lodash.*\.js/i
Page Statistics
11 Outgoing links
These are links going to different origins than the main page.
Title: Try quick bill pay
Search URL Search Domain Scan URL
Title: Sign in here
Search URL Search Domain Scan URL
Title: username
Search URL Search Domain Scan URL
Title: password
Search URL Search Domain Scan URL
Title: Create one
Search URL Search Domain Scan URL
Title: Terms of Service
Search URL Search Domain Scan URL
Title: Privacy Policy
Search URL Search Domain Scan URL
Title: Site Map
Search URL Search Domain Scan URL
Title: Contact Us
Search URL Search Domain Scan URL
Title: Ad Info
Search URL Search Domain Scan URL
Title: Ad Feedback
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 15- http://cm.everesttech.net/cm/dd?d_uuid=36178349293625213801144322836149125556 HTTP 302
- http://dpm.demdex.net/ibs:dpid=411&dpuuid=W83m0gAACntA2Dx0
16 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
www.comcast-server2.serveusers.com/www.comcast.net/ |
21 KB 21 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-3.1.1.min.js
www.comcast-server2.serveusers.com/www.comcast.net/assets/ |
85 KB 85 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
lodash-slim.js
www.comcast-server2.serveusers.com/www.comcast.net/assets/ |
23 KB 23 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
satelliteLib-531bc4f46256650a84099973f0ed331f809ea5f4.js
www.comcast-server2.serveusers.com/www.comcast.net/assets/ |
126 KB 126 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
styles-light.css
www.comcast-server2.serveusers.com/www.comcast.net/assets/ |
47 KB 47 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
b1372fb33a8af099efbde90184076f9b.png
edge.static-assets.top.comcast.net/cms/data/assets/bin-201705/ |
169 KB 170 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-1.js
www.comcast-server2.serveusers.com/www.comcast.net/assets/ |
94 KB 94 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
scripts-responsive.js
www.comcast-server2.serveusers.com/www.comcast.net/assets/ |
7 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
id
dpm.demdex.net/ |
5 KB 2 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
XfinityStandard-Regular.woff2
sdx.xfinity.com/fonts/latest/Xfinity_Standard/ |
26 KB 26 KB |
Font
binary/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
XfinityStandard-Medium.woff2
sdx.xfinity.com/fonts/latest/Xfinity_Standard/ |
27 KB 27 KB |
Font
binary/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headersResponse headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
933 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headersResponse headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
XfinityStandard-Light.woff2
sdx.xfinity.com/fonts/latest/Xfinity_Standard/ |
27 KB 27 KB |
Font
binary/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
dest5.html
fast.comcast.demdex.net/ Frame 118C |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
id
comcastcom.d1.sc.omtrdc.net/ |
3 B 492 B |
XHR
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ibs:dpid=411&dpuuid=W83m0gAACntA2Dx0
dpm.demdex.net/ Redirect Chain
|
42 B 769 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
s-code-contents-4a9ebf08bffa74f717ff121b2c55a295112122b4.js
assets.adobedtm.com/43896e740dcedef854392e0be6ea80deb8eb2ba5/ |
99 KB 35 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Xfinity (Consumer)29 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery function| generateStars function| maskPassword function| _ function| Visitor object| _satellite object| s_c_il number| s_c_in object| runtimeData object| login object| shared function| CircleLoader object| jQuery1113047223913260493644 string| upDate undefined| s_account object| s function| s_doPlugins undefined| c_rspers undefined| c_r undefined| c_w function| s_getLoadTime function| AppMeasurement_Module_Integrate function| AppMeasurement_Module_AudienceManagement function| AppMeasurement_Module_ActivityMap function| AppMeasurement function| s_gi function| s_pgicq number| s_objectID4 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.demdex.net/ | Name: dextp Value: 21-1-1540220626486|269-1-1540220626589|60-1-1540220626690|470-1-1540220626790|771-1-1540220626892|1123-1-1540220626993|1121-1-1540220627094|903-1-1540220627195|1957-1-1540220627296|6835-1-1540220627397|22053-1-1540220627498 |
|
.demdex.net/ | Name: demdex Value: 36178349293625213801144322836149125556 |
|
.serveusers.com/ | Name: AMCV_DA11332E5321D0550A490D45%40AdobeOrg Value: 1406116232%7CMCIDTS%7C17827%7CMCMID%7C36387248636503289631129007957056191763%7CMCAAMLH-1540825426%7C6%7CMCAAMB-1540825426%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1540227826s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-17834%7CvVersion%7C2.5.0 |
|
.serveusers.com/ | Name: AMCVS_DA11332E5321D0550A490D45%40AdobeOrg Value: 1 |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
assets.adobedtm.com
cm.everesttech.net
comcastcom.d1.sc.omtrdc.net
dpm.demdex.net
edge.static-assets.top.comcast.net
fast.comcast.demdex.net
sdx.xfinity.com
www.comcast-server2.serveusers.com
172.82.228.16
185.183.96.219
2.16.186.105
2001:558:fe03:33::2
23.211.8.45
2a02:26f0:64:4a4::1b62
52.17.182.129
66.117.28.86
1369b5b226b7aab443124ee57137783ed1e9f2fa8d9d278a2713660c3d3d4159
138c0ead0fbcd09dd455df9870920e8725b367fbf02ac0cef0c62874000ab176
1d8f2c3fca2ff6b51c1a8905e4076a31d98f58a2a421b91afb409e9485e8cd66
2a031939885bb7efba89d423c9ee7c0fe2bab465f18db63f40a9ae2bd7bc0228
49d0c079f8431833fb59275e68a7db8b9215dc52068ff63c179e32dfe618a8c4
4bd9c8ed57b1dd8fddcc2910170e9b81b40f7b628e272924e88a98f45ebb9aea
58fd862aaa51daaa186ee3fecfd805c0f8eea09146e9c7deb44a3f30a1ad01b5
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf
9e9b5e66a55094d797cfcba1a6b4d7ce9cd7d8c6abbd9a32a9da2e464e4f8475
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
d17358150301dfa4d1fe1821d9ca1d6241084827d3d6f67d4cc33420646d9e12
de29ba0f5c0f48f9e1470e94dbf1db5c9f9d0ac12b752f8d750f29fea7e1d6aa
ea523ebe5fb531893858e09aeb499f56aaa92dd8a6ff19f45f12843f0dc4184c
eab642baf412d4de18d20788e3784c47927549da84c4f0b5a0f6865fdbfb61a3
ecb916133a9376911f10bc5c659952eb0031e457f5df367cde560edbfba38fb8
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
fc6cd95261064c28600405c9c8dd51813abf8367e85b6e00f0f3031a8338988a