urlscan.io logo urlscan.io
SecurityTrails logo

capasdetelemoveis.pt Open in urlscan Pro
2606:4700:3032::6818:7e07  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://scandalhunter.com/wp-content/themes/nasw
Effective URL: https://capasdetelemoveis.pt/modules/advancedslider/css/theme/-/comca/2bb93c493394275a342f22a89a8ebd28/
Submission Tags: @ipnigh
Submission: On April 29 via api from GB
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 3 countries across 4 domains to perform 10 HTTP transactions. The main IP is 2606:4700:3032::6818:7e07, located in United States and belongs to CLOUDFLARENET, US. The main domain is capasdetelemoveis.pt.
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on January 31st 2020. Valid for: 8 months.
This is the only time capasdetelemoveis.pt was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Xfinity (Consumer)

Domain & IP information

IP Address AS Autonomous System
2 2 89.185.228.5 24971 (MASTER-AS...)
2 7 2606:4700:303... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
3 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
1 2001:558:fe14... 7922 (COMCAST-7922)
10 5
2    89.185.228.5 (Czech Republic)

ASN24971 (MASTER-AS Czech Republic / www.master.cz, CZ)
PTR: dex65.exmasters.com
scandalhunter.com
7    2606:4700:3032::6818:7e07 (United States)

ASN13335 (CLOUDFLARENET, US)
capasdetelemoveis.pt
1    2606:4700::6810:84e5 (United States)

ASN13335 (CLOUDFLARENET, US)
ajax.cloudflare.com
3    2a02:26f0:6c00:186::1b62 (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)
sdx.xfinity.com
1    2001:558:fe14:3:68:87:29:197 (United States)

ASN7922 (COMCAST-7922, US)
login.xfinity.com
Domain Requested by
7 capasdetelemoveis.pt 2 redirects capasdetelemoveis.pt
ajax.cloudflare.com
3 sdx.xfinity.com capasdetelemoveis.pt
2 scandalhunter.com 2 redirects
1 login.xfinity.com capasdetelemoveis.pt
1 ajax.cloudflare.com capasdetelemoveis.pt
10 5

This site contains no links.

Subject Issuer Validity Valid
sni.cloudflaressl.com
CloudFlare Inc ECC CA-2		 2020-01-31 -
2020-10-09		 8 months crt.sh
cloudflare.com
CloudFlare Inc ECC CA-2		 2020-01-07 -
2020-10-09		 9 months crt.sh
www.xfinity.comcast.net
COMODO RSA Organization Validation Secure Server CA		 2020-02-24 -
2022-02-23		 2 years crt.sh
login.xfinity.com
COMODO RSA Organization Validation Secure Server CA		 2019-06-18 -
2021-06-17		 2 years crt.sh

This page contains 1 frames:

Primary Page: https://capasdetelemoveis.pt/modules/advancedslider/css/theme/-/comca/2bb93c493394275a342f22a89a8ebd28/
Frame ID: 775AFE34F6662649133BB4A89053A1F5
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://scandalhunter.com/wp-content/themes/nasw HTTP 301
    http://scandalhunter.com/wp-content/themes/nasw/ HTTP 301
    https://capasdetelemoveis.pt/modules/advancedslider/css/theme/-/comca/ HTTP 302
    https://capasdetelemoveis.pt/modules/advancedslider/css/theme/-/comca/2bb93c493394275a342f22a89a8ebd28 HTTP 301
    https://capasdetelemoveis.pt/modules/advancedslider/css/theme/-/comca/2bb93c493394275a342f22a89a8ebd28/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i

Page Statistics

10
Requests

100 %
HTTPS

80 %
IPv6

4
Domains

5
Subdomains

5
IPs

3
Countries

158 kB
Transfer

350 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://scandalhunter.com/wp-content/themes/nasw HTTP 301
    http://scandalhunter.com/wp-content/themes/nasw/ HTTP 301
    https://capasdetelemoveis.pt/modules/advancedslider/css/theme/-/comca/ HTTP 302
    https://capasdetelemoveis.pt/modules/advancedslider/css/theme/-/comca/2bb93c493394275a342f22a89a8ebd28 HTTP 301
    https://capasdetelemoveis.pt/modules/advancedslider/css/theme/-/comca/2bb93c493394275a342f22a89a8ebd28/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
capasdetelemoveis.pt/modules/advancedslider/css/theme/-/comca/2bb93c493394275a342f22a89a8ebd28/
Redirect Chain
  • http://scandalhunter.com/wp-content/themes/nasw
  • http://scandalhunter.com/wp-content/themes/nasw/
  • https://capasdetelemoveis.pt/modules/advancedslider/css/theme/-/comca/
  • https://capasdetelemoveis.pt/modules/advancedslider/css/theme/-/comca/2bb93c493394275a342f22a89a8ebd28
  • https://capasdetelemoveis.pt/modules/advancedslider/css/theme/-/comca/2bb93c493394275a342f22a89a8ebd28/
116 KB
30 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://capasdetelemoveis.pt/modules/advancedslider/css/theme/-/comca/2bb93c493394275a342f22a89a8ebd28/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::6818:7e07 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ee6e4040a20657fab84ef0438d637e96cee83182c03aeebe075d2838c21a82f6

Request headers

:method
GET
:authority
capasdetelemoveis.pt
:scheme
https
:path
/modules/advancedslider/css/theme/-/comca/2bb93c493394275a342f22a89a8ebd28/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
__cfduid=d93d97e53e5fb3daf6b12a6efa1dd61b71588121101
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
200
date
Wed, 29 Apr 2020 00:45:01 GMT
content-type
text/html; charset=UTF-8
set-cookie
PHPSESSID=h1lbgbrjrfct1usskj0pbf8rv0; path=/
expires
Thu, 19 Nov 1981 08:52:00 GMT
cache-control
no-store, no-cache, must-revalidate
pragma
no-cache
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
58b4ff74caabd6d9-FRA
content-encoding
br
cf-request-id
0264fdfcf90000d6d994809200000001

Redirect headers

status
301
date
Wed, 29 Apr 2020 00:45:01 GMT
content-type
text/html
location
https://capasdetelemoveis.pt/modules/advancedslider/css/theme/-/comca/2bb93c493394275a342f22a89a8ebd28/
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
58b4ff749a72d6d9-FRA
cf-request-id
0264fdfce00000d6d994808200000001
fonts-remote.min-v=4d7c65c.css
capasdetelemoveis.pt/modules/advancedslider/css/theme/-/comca/2bb93c493394275a342f22a89a8ebd28/static/css/junket/ 		3 KB
417 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://capasdetelemoveis.pt/modules/advancedslider/css/theme/-/comca/2bb93c493394275a342f22a89a8ebd28/static/css/junket/fonts-remote.min-v=4d7c65c.css
Requested by
Host: capasdetelemoveis.pt
URL: https://capasdetelemoveis.pt/modules/advancedslider/css/theme/-/comca/2bb93c493394275a342f22a89a8ebd28/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::6818:7e07 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
25910ca8aaacdd039f7e596b4f446ac4c71f67ff3911d5969dfba9b7f1a6688f

Request headers

Referer
https://capasdetelemoveis.pt/modules/advancedslider/css/theme/-/comca/2bb93c493394275a342f22a89a8ebd28/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 29 Apr 2020 00:45:01 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Wed, 29 Apr 2020 00:45:01 GMT
server
cloudflare
etag
W/"5ea8ce0d-cab"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=691200
cf-ray
58b4ff75ec4bd6d9-FRA
cf-request-id
0264fdfdae0000d6d994816200000001
styles-light.min-v=4d7c65c.css
capasdetelemoveis.pt/modules/advancedslider/css/theme/-/comca/2bb93c493394275a342f22a89a8ebd28/static/css/junket/ 		44 KB
10 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://capasdetelemoveis.pt/modules/advancedslider/css/theme/-/comca/2bb93c493394275a342f22a89a8ebd28/static/css/junket/styles-light.min-v=4d7c65c.css
Requested by
Host: capasdetelemoveis.pt
URL: https://capasdetelemoveis.pt/modules/advancedslider/css/theme/-/comca/2bb93c493394275a342f22a89a8ebd28/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::6818:7e07 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
292d3d633e304bb204ec7da1837f450a2e527be4fc6ed0ca43d85ced08723c58

Request headers

Referer
https://capasdetelemoveis.pt/modules/advancedslider/css/theme/-/comca/2bb93c493394275a342f22a89a8ebd28/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 29 Apr 2020 00:45:01 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Wed, 29 Apr 2020 00:45:01 GMT
server
cloudflare
etag
W/"5ea8ce0d-b051"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=691200
cf-ray
58b4ff75ec4dd6d9-FRA
cf-request-id
0264fdfdaf0000d6d994817200000001
rocket-loader.min.js
ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/ 		12 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js
Requested by
Host: capasdetelemoveis.pt
URL: https://capasdetelemoveis.pt/modules/advancedslider/css/theme/-/comca/2bb93c493394275a342f22a89a8ebd28/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:84e5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b08cdbc2d30e656a86b20f8342428d5863f70f4b30135b4f4061f754ce932f5e
Security Headers
Name Value
Strict-Transport-Security max-age=15780000; includeSubDomains
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://capasdetelemoveis.pt/modules/advancedslider/css/theme/-/comca/2bb93c493394275a342f22a89a8ebd28/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 29 Apr 2020 00:45:01 GMT
content-encoding
gzip
last-modified
Tue, 21 Apr 2020 17:12:03 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
W/"5e9f2963-3016"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=172800, public
strict-transport-security
max-age=15780000; includeSubDomains
cf-ray
58b4ff75eea9d72d-FRA
cf-request-id
0264fdfdaf0000d72d6ea77200000001
expires
Fri, 01 May 2020 00:45:01 GMT
XfinityStandard-Regular.woff2
sdx.xfinity.com/fonts/latest/Xfinity_Standard/ 		26 KB
26 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://sdx.xfinity.com/fonts/latest/Xfinity_Standard/XfinityStandard-Regular.woff2
Requested by
Host: capasdetelemoveis.pt
URL: https://capasdetelemoveis.pt/modules/advancedslider/css/theme/-/comca/2bb93c493394275a342f22a89a8ebd28/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:186::1b62 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
AmazonS3 /
Resource Hash
138c0ead0fbcd09dd455df9870920e8725b367fbf02ac0cef0c62874000ab176

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://capasdetelemoveis.pt/modules/advancedslider/css/theme/-/comca/2bb93c493394275a342f22a89a8ebd28/static/css/junket/fonts-remote.min-v=4d7c65c.css
Origin
https://capasdetelemoveis.pt

Response headers

x-amz-version-id
kLBQWhXkUwwuS0hOSKJ2GQ_XrNE.oQFF
last-modified
Fri, 24 Jan 2020 21:23:01 GMT
server
AmazonS3
x-amz-cf-pop
FRA54
etag
"e3e79cd377b28c1e7ffea64b194136cf"
content-type
font/woff2
status
200
cache-control
max-age=1638773
date
Wed, 29 Apr 2020 00:45:01 GMT
accept-ranges
bytes
access-control-allow-origin
*
content-length
26768
x-amz-cf-id
Yu7GdW6qDINufnHFknfu1Bg1h3698wzu63ZwyePDi_4B_4q5WCrIhg==
truncated
/ 		933 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4bd9c8ed57b1dd8fddcc2910170e9b81b40f7b628e272924e88a98f45ebb9aea

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
58fd862aaa51daaa186ee3fecfd805c0f8eea09146e9c7deb44a3f30a1ad01b5

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/svg+xml
XfinityStandard-Light.woff2
sdx.xfinity.com/fonts/latest/Xfinity_Standard/ 		27 KB
27 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://sdx.xfinity.com/fonts/latest/Xfinity_Standard/XfinityStandard-Light.woff2
Requested by
Host: capasdetelemoveis.pt
URL: https://capasdetelemoveis.pt/modules/advancedslider/css/theme/-/comca/2bb93c493394275a342f22a89a8ebd28/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:186::1b62 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
AmazonS3 /
Resource Hash
fc6cd95261064c28600405c9c8dd51813abf8367e85b6e00f0f3031a8338988a

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://capasdetelemoveis.pt/modules/advancedslider/css/theme/-/comca/2bb93c493394275a342f22a89a8ebd28/static/css/junket/fonts-remote.min-v=4d7c65c.css
Origin
https://capasdetelemoveis.pt

Response headers

x-amz-version-id
wnCwOacXycelzt78IMkr55wWB9WkMd2W
last-modified
Fri, 24 Jan 2020 21:23:01 GMT
server
AmazonS3
x-amz-cf-pop
FRA54
etag
"f05d3ebe80809d82ab14d62a79da544e"
content-type
font/woff2
status
200
cache-control
max-age=1699219
date
Wed, 29 Apr 2020 00:45:01 GMT
accept-ranges
bytes
access-control-allow-origin
*
content-length
27420
x-amz-cf-id
HmbckvoMkEQpSCOrr_AGwMM6VWf2yM9dlOnQ4zG8xV_E1QTbXi5lRg==
XfinityStandard-Medium.woff2
sdx.xfinity.com/fonts/latest/Xfinity_Standard/ 		27 KB
27 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://sdx.xfinity.com/fonts/latest/Xfinity_Standard/XfinityStandard-Medium.woff2
Requested by
Host: capasdetelemoveis.pt
URL: https://capasdetelemoveis.pt/modules/advancedslider/css/theme/-/comca/2bb93c493394275a342f22a89a8ebd28/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:186::1b62 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
AmazonS3 /
Resource Hash
2a031939885bb7efba89d423c9ee7c0fe2bab465f18db63f40a9ae2bd7bc0228

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://capasdetelemoveis.pt/modules/advancedslider/css/theme/-/comca/2bb93c493394275a342f22a89a8ebd28/static/css/junket/fonts-remote.min-v=4d7c65c.css
Origin
https://capasdetelemoveis.pt

Response headers

x-amz-version-id
6t4RA2DS89tdf_2IK5vrc9JAOKCy9A40
last-modified
Fri, 24 Jan 2020 21:23:01 GMT
server
AmazonS3
x-amz-cf-pop
FRA54
etag
"13709eac065721ba8cd0e2d1b6fa8026"
content-type
font/woff2
status
200
cache-control
max-age=1698701
date
Wed, 29 Apr 2020 00:45:01 GMT
accept-ranges
bytes
access-control-allow-origin
*
content-length
27152
x-amz-cf-id
bQQDytdT-UjRKNPI5m8xgyFmiq-Hq86TmZW7kkORor54F8pdErwAcA==
scripts-responsive.min-v=4d7c65c.js
capasdetelemoveis.pt/modules/advancedslider/css/theme/-/comca/2bb93c493394275a342f22a89a8ebd28/static/js/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://capasdetelemoveis.pt/modules/advancedslider/css/theme/-/comca/2bb93c493394275a342f22a89a8ebd28/static/js/scripts-responsive.min-v=4d7c65c.js
Requested by
Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::6818:7e07 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aceb470e2f0767fe13270d4f84dc14e347889dd34762dd6eb095db9581051e89

Request headers

Referer
https://capasdetelemoveis.pt/modules/advancedslider/css/theme/-/comca/2bb93c493394275a342f22a89a8ebd28/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 29 Apr 2020 00:45:01 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Wed, 29 Apr 2020 00:45:01 GMT
server
cloudflare
etag
W/"5ea8ce0d-1c87"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=691200
cf-ray
58b4ff76dde8d6d9-FRA
cf-request-id
0264fdfe4a0000d6d994823200000001
jquery-3.3.1.min.js
capasdetelemoveis.pt/modules/advancedslider/css/theme/-/comca/2bb93c493394275a342f22a89a8ebd28/static/js/libs/ 		85 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://capasdetelemoveis.pt/modules/advancedslider/css/theme/-/comca/2bb93c493394275a342f22a89a8ebd28/static/js/libs/jquery-3.3.1.min.js
Requested by
Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::6818:7e07 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

Request headers

Referer
https://capasdetelemoveis.pt/modules/advancedslider/css/theme/-/comca/2bb93c493394275a342f22a89a8ebd28/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 29 Apr 2020 00:45:01 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Wed, 29 Apr 2020 00:45:01 GMT
server
cloudflare
etag
W/"5ea8ce0d-1538f"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=691200
cf-ray
58b4ff76ddebd6d9-FRA
cf-request-id
0264fdfe4a0000d6d994824200000001
w
login.xfinity.com/proxy/nudetect/3.67.107200/w-341498/ 		19 B
738 B 		Script
General
Check archive.org
Download Go to
Full URL
https://login.xfinity.com/proxy/nudetect/3.67.107200/w-341498/w?r=423112&wt=1.w-341498.1.2.6W8ndXwrgu1KSUgXZWjuTQ,,.AwY1yUjAahEJCJVpB3nMvjP1yBVcw0p6We6DzyyJOkDXZEtnj84ycT7f5eHVrZuxDtcNiTnWh1Tz9jtjAwYMarF4ofb0wp0TXcyxiXJuOUNo49ZNtKBsIOaUKnVQqF5t4Fo4s5NdzCe9vTKEUwjw8QESSH1vllEr_l0As0uPyAHpHCh72_GFDAc9OBZMX3TQH3m2GH_D7qw0k0qkVeNGhfnI0Esgq2Swysk7yo1x192nxUYp2f5lN7aKqVcvZlp8fNhW7lMTvxm92tr9VMEgAdEhKotoVqGIUXzQiHhBtzqF86ubuE9iRS1iGCt2HmdJnxrUWionFTeDU2pn2Un1amO2E84VbZkKGPQ_CYLdq04,
Requested by
Host: capasdetelemoveis.pt
URL: https://capasdetelemoveis.pt/modules/advancedslider/css/theme/-/comca/2bb93c493394275a342f22a89a8ebd28/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:558:fe14:3:68:87:29:197 , United States, ASN7922 (COMCAST-7922, US),
Reverse DNS
Software
/
Resource Hash
805deeab03ee3225cda84d751b981d786629951880799ef61950f6950aa90ea4
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains;, max-age=31536000; includeSubDomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://capasdetelemoveis.pt/modules/advancedslider/css/theme/-/comca/2bb93c493394275a342f22a89a8ebd28/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 29 Apr 2020 00:45:02 GMT
Via
1.1 login.xfinity.com
X-Content-Type-Options
nosniff
x-frame-options
SAMEORIGIN
Access-Control-Allow-Methods
GET, POST
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Connection
Keep-Alive
Strict-Transport-Security
max-age=63072000; includeSubDomains;, max-age=31536000; includeSubDomains;
Content-Encoding
gzip
Vary
Accept-Encoding
Content-Length
39
x-xss-protection
1; mode=block
Keep-Alive
timeout=5, max=500

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Xfinity (Consumer)

293 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate object| __cfQR string| nslyyidtyi function| nskhnr string| nslgf function| nsqjj string| nsdwhx object| nsviymjoy function| nsqjjvtddz function| nsuqvpydfo object| nsbopifk function| unbindNDEventHandlers string| nsbopi string| nsgukk string| nscav function| nsanfr string| nsgukkebk string| nsviymjoyg function| nsehwxse function| nsanf boolean| nslyyidt function| nsxazzsz string| nsfkgjo string| nscavjy string| nscavj function| ndwti string| nslyyid function| nsuevb boolean| nsdwhxu function| ndwtr number| nsviym function| ndwtw function| nsehw number| nsviy function| nsehwx function| nsuqv object| nsfkgjoq object| nsdwhxurq string| nsfkgjoqr function| nsuev object| nsdwhxur object| nds function| nsqjjvtd function| nshmwjptfc function| nskhnrcu function| nsuevblsh function| nshmwjp function| nsxazzszbf function| nsuevbls function| nsqjjvt function| nsanfrso function| nsxaz function| nsuqvpydf function| nsuqvp function| nsanfrs object| nsfkgj function| nsqjjvtdd object| ndoWidgetUtil number| nsdwhxurqd function| nsanfrsod object| nslgfnp boolean| nsguk object| nsgukke object| nslyyi boolean| nsbopifkzi boolean| nslyyidty string| nslgfnpyxj string| nsviymjo function| nshmwjpt string| nslgfn string| nslgfnpyx function| nsanfrsoda function| nsuevblshm string| nscavjyd string| nsfkg function| nsfkgjoqrf function| nslyy function| nsbop function| nshmwjptf function| nslgfnpy function| nsviymj function| nsqjjv function| nsdwh function| nsbopif function| nsropmkbvr function| nsropmkb string| nscavjydj function| nsklwafppf function| nshnvbg string| nsbopifkz string| nsgukkeb function| nshnvbgib string| nsgukkebkh string| nscavjydje string| nsehwxsesp string| nsehwxs string| nsuqvpy function| nsjonsm string| nskhn string| nsuevbl string| nsxazz string| nskhnrcuo number| nsxazzszb number| nsehwxses number| nshmw number| nsuqvpyd number| nshmwj number| nskhnrc string| nskhnrcuov string| nsxazzs object| autofillList object| ndsapi function| ndpd_load object| ncLanguages object| ncLanguageDict function| ncInitServerRequestIntercept function| ncInitPropertyChangeEvent function| ncInputProfileAutofillMutationHandler function| ncMatchAutofillSources function| ncInputProfileRegisterEventHandler function| ncInputProfileKeydownHandler function| ncIndexOf function| ncOnVideoClick function| ncSetElementHref function| ncSetElementVisible function| ncGetElement function| ncGetElementInternal function| ncGetElementValue function| ncGetChildElement function| ncRemoveElement function| ncSafeGet function| ncSafeGetInt function| ncGetUnixTime function| ncGetTimeMS function| ncLocText function| ncLocSecurityText object| ncWaitForDOMCallbacks number| ncWaitForDOMTotal number| ncWaitForDOMTimeout function| ncWaitForDOM object| ncInitData function| ncLoadPlayer function| ncLoadPlayerExternal function| ncInitWidgetIDs function| ncNotifyWidgetLoaded string| ncDataServer string| ncR boolean| ncHighlightAnswerBox number| ncIndex string| ncPlayerTypeNoScript string| ncPlayerTypeScript string| ncPlayerType string| ncPlayerModeAudio string| ncPlayerModeVideo string| ncPlayerMode string| ncBrowserName string| ncPlatformName string| ncAutofocusAudioElemID boolean| ncEnableMediaToggle boolean| ncEnableAudioControls string| ncStateInit string| ncStateVideo string| ncStateAudio string| ncPreviousState string| ncCurrentState string| ncCurrentSubState number| ncStateEnterTime string| ncToken object| ncLanguage string| ncRemappedLanguage number| ncVideoWidth number| ncVideoHeight number| ncSecurityLevel string| ncSecurityLevelString boolean| ncWidgetError string| ncWidgetID string| ncWidgetScriptContainerID string| ncWidgetName string| ncScriptPlayerID string| ncSkinID string| ncMediaObjectID string| ncTrackRetryID string| ncAnswerID string| ncExitTimeID string| ncEnterTimeID string| ncTokenName string| ncFallbackTokenID string| ncWidgetErrorID string| ncErrorContainerID string| ncInputProfileID string| ncEncryptedPersistentDataID string| ncAutofillServerKey string| ncAutofillPropertyKey number| ncLastRenderTime object| ncRetryDelay number| ncRetryCount number| ncAnswerTabIndex object| ncOrigDataServer number| ncGifRetryCount boolean| ncDisplayAudioLinks boolean| ncDisplayAudioDownload object| ncButtonStates object| ncButtonToggleStates object| ncWidgetElement object| ncWidgetContainerElement number| ncKDC number| ncAutofillServerRequest number| ncAutofillPropertyChange object| ndCaptchaAutofillSources string| ncSuperToken object| ncTrackRequestError boolean| ncTrackRequestLoaded number| ncTrackRequestTimeout object| ncTrackRequestTimeoutID string| ncButtonAlign number| ncDisplayFlag_Directions number| ncDisplayFlag_DirectionsVerbose number| ncDisplayFlag_ButtonHelp number| ncDisplayFlag_ButtonNewChallenge number| ncDisplayFlag_ButtonAudioChallenge number| ncDisplayFlags string| ncDomSuffix function| ncPlayerInitState function| ncDisplayFlagCheck function| ncDisplayFlagSet function| ncEnterState function| ncEnterSubState function| ncOnExitState function| ncOnEnterState function| ncOnEnterSubState function| ncOnExitSubState function| ncRefreshScriptPlayer function| ncNotifyOpenSkin function| ncSaveGlobals function| ncGetCustomSWF function| ncRenderExtDirections function| ncRenderExtDirectionsVerbose function| ncRenderExtButtons function| ncRenderExtAnswerInput function| ncGetSuperToken function| ncRenderExtPrivate function| ncRenderExtFooter function| ncRenderExtMedia function| ncRenderScriptPlayer function| ncRenderGlobalClasses function| ncRenderElementGif function| ncRenderButton function| ncRenderElementInput object| ncStoredRenderFrames object| ncRenderFrame object| ncRenderStack string| ncRenderIndent string| ncRenderIndentValue function| ncRenderStateSave function| ncRenderStateRestore function| ncRenderBegin function| ncRenderEnd function| ncRenderElementStart function| ncRenderElement function| ncRenderElementContent function| ncRenderElementEnd function| ncGetDataParams function| ncUpdateDirectionsText function| ncGetDirectionsText function| ncFilterCmd function| ncCmdNewChallenge function| ncCmdRefresh function| ncCmdReplay function| ncCmdToggleAudio function| ncCmdSetPlayerMode function| ncCmdLeaveAnswerBox function| ncCmdEnterAnswerBox function| ncCmdClickAnswerBox function| ncCmdError function| ncSetAdservTime function| ncSetDownloadTime function| ncButtonSetState function| ncButtonSetToggleState function| ncButtonDown function| ncButtonUp function| ncButtonOver function| ncButtonOut function| ncOnGifLoaded function| ncOnGifError function| ncCallRenderErrorPlayer object| nucaptcha function| $ function| jQuery object| login object| shared function| CircleLoader boolean| __cfRLUnblockHandlers

2 Cookies

Domain/Path Name / Value
capasdetelemoveis.pt/ Name: PHPSESSID
Value: h1lbgbrjrfct1usskj0pbf8rv0
.capasdetelemoveis.pt/ Name: __cfduid
Value: d93d97e53e5fb3daf6b12a6efa1dd61b71588121101