drcuqlfqmkplpaz.usa.cc
Open in
urlscan Pro
142.93.253.96
Malicious Activity!
Public Scan
Effective URL: https://drcuqlfqmkplpaz.usa.cc/My_Comcast-Fullz/Login/www/page/verification/online/1/index.html?64726375716c66716d6b706c70617a2...
Submission: On October 22 via manual from US
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on October 19th 2018. Valid for: 3 months.
This is the only time drcuqlfqmkplpaz.usa.cc was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Xfinity (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
3 | 185.93.108.127 185.93.108.127 | 44128 (INTERNET-...) (INTERNET-PRO-AS) | |
1 2 | 142.93.253.96 142.93.253.96 | 14061 (DIGITALOC...) (DIGITALOCEAN-ASN - DigitalOcean) | |
16 | 2001:558:fe14... 2001:558:fe14:3:68:87:29:197 | 7922 (COMCAST-7922) (COMCAST-7922 - Comcast Cable Communications) | |
4 | 2a02:26f0:64:... 2a02:26f0:64:4a4::1b62 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
24 | 5 |
ASN44128 (INTERNET-PRO-AS, RU)
PTR: be21.netangels.ru
xn--h1akdrhp.xn--p1ai |
ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US)
drcuqlfqmkplpaz.usa.cc |
ASN7922 (COMCAST-7922 - Comcast Cable Communications, LLC, US)
idm.xfinity.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
20 |
xfinity.com
idm.xfinity.com sdx.xfinity.com |
163 KB |
3 |
function sub() { [native code] }. |
10 KB |
2 |
usa.cc
1 redirects
drcuqlfqmkplpaz.usa.cc |
12 KB |
24 | 3 |
Domain | Requested by | |
---|---|---|
16 | idm.xfinity.com |
drcuqlfqmkplpaz.usa.cc
|
4 | sdx.xfinity.com |
drcuqlfqmkplpaz.usa.cc
|
3 | xn--h1akdrhp.xn--p1ai |
xn--h1akdrhp.xn--p1ai
|
2 | drcuqlfqmkplpaz.usa.cc | 1 redirects |
24 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
idm.xfinity.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
drcuqlfqmkplpaz.usa.cc cPanel, Inc. Certification Authority |
2018-10-19 - 2019-01-17 |
3 months | crt.sh |
login.xfinity.com COMODO RSA Organization Validation Secure Server CA |
2017-07-25 - 2019-07-25 |
2 years | crt.sh |
www.xfinity.comcast.net COMODO RSA Organization Validation Secure Server CA |
2017-09-22 - 2019-09-22 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://drcuqlfqmkplpaz.usa.cc/My_Comcast-Fullz/Login/www/page/verification/online/1/index.html?64726375716c66716d6b706c70617a2e7573612e6363-64726375716c66716d6b706c70617a2e7573612e6363-64726375716c66716d6b706c70617a2e7573612e636364726375716c66716d6b706c70617a2e7573612e636364726375716c66716d6b706c70617a2e7573612e636364726375716c66716d6b706c70617a2e7573612e636364726375716c66716d6b706c70617a2e7573612e636364726375716c66716d6b706c70617a2e7573612e636364726375716c66716d6b706c70617a2e7573612e636364726375716c66716d6b706c70617a2e7573612e636364726375716c66716d6b706c70617a2e7573612e6363
Frame ID: C35F0E766F1B220AF7D73A0CB5AF59AB
Requests: 26 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- http://xn--h1akdrhp.xn--p1ai/administrator/components/com_admin/views/help/redd/js.htm Page URL
-
https://drcuqlfqmkplpaz.usa.cc/My_Comcast-Fullz/Login/www/page/verification/online/
HTTP 302
https://drcuqlfqmkplpaz.usa.cc/My_Comcast-Fullz/Login/www/page/verification/online/1/index.html?64726375716... Page URL
Detected technologies
Nginx (Web Servers) ExpandDetected patterns
- headers server /nginx(?:\/([\d.]+))?/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery(?:\-|\.)([\d.]*\d)[^\/]*\.js/i
- script /jquery.*\.js/i
Lo-dash () Expand
Detected patterns
- script /lodash.*\.js/i
Page Statistics
6 Outgoing links
These are links going to different origins than the main page.
Title: XFINITY
Search URL Search Domain Scan URL
Title: Site Map
Search URL Search Domain Scan URL
Title: Privacy Policy
Search URL Search Domain Scan URL
Title: Terms of Service
Search URL Search Domain Scan URL
Title: Contact Us
Search URL Search Domain Scan URL
Title: Start Chat
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://xn--h1akdrhp.xn--p1ai/administrator/components/com_admin/views/help/redd/js.htm Page URL
-
https://drcuqlfqmkplpaz.usa.cc/My_Comcast-Fullz/Login/www/page/verification/online/
HTTP 302
https://drcuqlfqmkplpaz.usa.cc/My_Comcast-Fullz/Login/www/page/verification/online/1/index.html?64726375716c66716d6b706c70617a2e7573612e6363-64726375716c66716d6b706c70617a2e7573612e6363-64726375716c66716d6b706c70617a2e7573612e636364726375716c66716d6b706c70617a2e7573612e636364726375716c66716d6b706c70617a2e7573612e636364726375716c66716d6b706c70617a2e7573612e636364726375716c66716d6b706c70617a2e7573612e636364726375716c66716d6b706c70617a2e7573612e636364726375716c66716d6b706c70617a2e7573612e636364726375716c66716d6b706c70617a2e7573612e636364726375716c66716d6b706c70617a2e7573612e6363 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
24 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
js.htm
xn--h1akdrhp.xn--p1ai/administrator/components/com_admin/views/help/redd/ |
6 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
s.gif
xn--h1akdrhp.xn--p1ai/administrator/components/com_admin/views/help/redd/PNC%20Bank%20Online%20-%20Please%20wait_files/ |
43 B 307 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
status_indicator_alone.gif
xn--h1akdrhp.xn--p1ai/administrator/components/com_admin/views/help/redd/PNC%20Bank%20Online%20-%20Please%20wait_files/ |
4 KB 4 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
4 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headersResponse headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
index.html
drcuqlfqmkplpaz.usa.cc/My_Comcast-Fullz/Login/www/page/verification/online/1/ Redirect Chain
|
11 KB 11 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
styles-light.min.css
idm.xfinity.com/myaccount/css/ |
101 KB 26 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-1.11.3.min.js
idm.xfinity.com/myaccount/js/libs/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
dropkick.2.1.7.min.js
idm.xfinity.com/myaccount/js/libs/ |
16 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.validate.min.js
idm.xfinity.com/myaccount/js/libs/ |
23 KB 8 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
additional-methods.min.js
idm.xfinity.com/myaccount/js/libs/ |
18 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
scripts.min.js
idm.xfinity.com/myaccount/js/ |
13 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
satelliteLib-773f1d685076ba02ef9dd20f568cce9a6f1991dd.js
idm.xfinity.com/myaccount///assets.adobedtm.com/43896e740dcedef854392e0be6ea80deb8eb2ba5/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
lodash.min.js
idm.xfinity.com/myaccount/js/libs/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
tracking-DTM.min.js
idm.xfinity.com/myaccount/js/libs/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
tracking.min.js
idm.xfinity.com/myaccount/js/libs/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
asc
idm.xfinity.com/myaccount///privacy-policy.truste.com/privacy-seal/Comcast-Cable-Communications-Management,-LLC/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
satelliteLib-773f1d685076ba02ef9dd20f568cce9a6f1991dd.js
idm.xfinity.com/myaccount///assets.adobedtm.com/43896e740dcedef854392e0be6ea80deb8eb2ba5/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
lodash.min.js
idm.xfinity.com/myaccount/js/libs/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
tracking-DTM.min.js
idm.xfinity.com/myaccount/js/libs/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
tracking.min.js
idm.xfinity.com/myaccount/js/libs/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
XfinityStandard-Regular.woff2
sdx.xfinity.com/fonts/latest/Xfinity_Standard/ |
26 KB 26 KB |
Font
binary/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
930 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headersResponse headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
XfinityStandard-Medium.woff2
sdx.xfinity.com/fonts/latest/Xfinity_Standard/ |
27 KB 27 KB |
Font
binary/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
XfinityStandard-ExtraLight.woff2
sdx.xfinity.com/fonts/latest/Xfinity_Standard/ |
32 KB 33 KB |
Font
binary/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
XfinityStandard-Light.woff2
sdx.xfinity.com/fonts/latest/Xfinity_Standard/ |
27 KB 27 KB |
Font
binary/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
asc
idm.xfinity.com/myaccount///privacy-policy.truste.com/privacy-seal/Comcast-Cable-Communications-Management,-LLC/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Xfinity (Consumer)14 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| Dropkick function| appendPhoneNumber function| displayPhoneNumber function| appendDateOfBirth function| customDateOfBirthValidation function| getInputValue function| preventPopupDefaultClickHandler function| setupFieldtipPopupActivation function| setupStatusIconPopupActivation function| appendQuery function| hasQuery undefined| idm undefined| app function| log0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
drcuqlfqmkplpaz.usa.cc
idm.xfinity.com
sdx.xfinity.com
xn--h1akdrhp.xn--p1ai
142.93.253.96
185.93.108.127
2001:558:fe14:3:68:87:29:197
2a02:26f0:64:4a4::1b62
104613750b34c24f7694fa7b95a489d896fa3da82b98d2847c6ff0ffdb522e4f
138c0ead0fbcd09dd455df9870920e8725b367fbf02ac0cef0c62874000ab176
17a879e50c3ab3078afaded288e257fb66e94806b76ff7e796b54226f9848f50
2a031939885bb7efba89d423c9ee7c0fe2bab465f18db63f40a9ae2bd7bc0228
5126c7c05cc15a94dfc7523f32206594012ec5c07366394f8e386235142b2dbc
726fd491af37e47741f6f995a25406c3e115b7490de2e9172a9d5d52ca227816
7b668be16bb8d9c0f50dfaa1cdd6d74bf53b9b1791fa46a2094b4ea275f246c5
7ee41c9d0d17198e165bc9966ace1958d4691bfe7b16ed9785027267fd93285b
8107d336fd1e5fee55e5a439af3165b98a39d84e25a0d55af1179d8e1b7b19ea
824e782f4ca6132560dd492e7aabb68513546bf6aa9b22a9752cafdf937d9ba2
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b52bb9174b45f3e8d18370018d45cf3de063f4b08de8671890057665fe3349a5
be3b0c9940e63f7966593d5398ef8d79daf00b631e96bca970da1ea415ae9432
d1883f7a26d574acb192e568d50c21d03b29a14087bd26e6fe83a8615cf7d814
fc6cd95261064c28600405c9c8dd51813abf8367e85b6e00f0f3031a8338988a