sawsadhikar.com Open in urlscan Pro
50.28.1.103 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://sawsadhikar.com/loginxfinity/login
Submission: On April 30 via automatic, source phishtank (April 30th 2020, 3:04:50 am UTC)

Summary HTTP 31 Redirects Links 11 Behaviour Indicators

Summary

This website contacted 11 IPs in 5 countries across 8 domains to perform 31 HTTP transactions. The main IP is 50.28.1.103, located in Lansing, United States and belongs to LIQUIDWEB, US. The main domain is sawsadhikar.com.

This is the only time sawsadhikar.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Xfinity (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
10	50.28.1.103 50.28.1.103	32244 (LIQUIDWEB) (LIQUIDWEB)
1	54.82.173.247 54.82.173.247	14618 (AMAZON-AES) (AMAZON-AES)
1	2607:ae80:2::230 2607:ae80:2::230	26558 (FREEWHEEL) (FREEWHEEL)
1 2	52.50.184.22 52.50.184.22	16509 (AMAZON-02) (AMAZON-02)
1	178.250.2.157 178.250.2.157	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
3	2a02:26f0:6c0... 2a02:26f0:6c00:186::1b62	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	204.13.194.235 204.13.194.235	29990 (ASN-APPNEX) (ASN-APPNEX)
11	2.18.235.40 2.18.235.40	16625 (AKAMAI-AS) (AKAMAI-AS)
1	151.101.13.108 151.101.13.108	54113 (FASTLY) (FASTLY)
1	2a02:26f0:6c0... 2a02:26f0:6c00:18c::2c06	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
31	11

10 50.28.1.103 (Lansing, United States)

ASN32244 (LIQUIDWEB, US)
PTR: mango.exacthosting.com

sawsadhikar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.82.173.247 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-82-173-247.compute-1.amazonaws.com

dmp.tidaltv.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:ae80:2::230 (United States)

ASN26558 (FREEWHEEL, US)

7468.v.fwmrm.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.50.184.22 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-50-184-22.eu-west-1.compute.amazonaws.com

xfinitydigital.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.2.157 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

rtax.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:26f0:6c00:186::1b62 (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)

sdx.xfinity.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 204.13.194.235 (United States)

ASN29990 (ASN-APPNEX, US)

oascentral.xfinity.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2.18.235.40 (Ascension Island)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-235-40.deploy.static.akamaitechnologies.com

z.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
px.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.13.108 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

cdn.oas-c18.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00:18c::2c06 (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)

dl.cws.xfinity.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	moatads.com z.moatads.com px.moatads.com	97 KB
10	sawsadhikar.com sawsadhikar.com	71 KB
5	xfinity.com sdx.xfinity.com oascentral.xfinity.com dl.cws.xfinity.com	82 KB
2	demdex.net 1 redirects xfinitydigital.demdex.net	2 KB
1	adnxs.com cdn.oas-c18.adnxs.com	690 B
1	criteo.com rtax.criteo.com	86 B
1	fwmrm.net 7468.v.fwmrm.net	399 B
1	tidaltv.com dmp.tidaltv.com	706 B
31	8

	Domain	Requested by
10	px.moatads.com	sawsadhikar.com
10	sawsadhikar.com	sawsadhikar.com
3	sdx.xfinity.com	sawsadhikar.com
2	xfinitydigital.demdex.net	1 redirects sawsadhikar.com
1	dl.cws.xfinity.com	sawsadhikar.com
1	cdn.oas-c18.adnxs.com	sawsadhikar.com
1	z.moatads.com	oascentral.xfinity.com
1	oascentral.xfinity.com	sawsadhikar.com
1	rtax.criteo.com	sawsadhikar.com
1	7468.v.fwmrm.net	sawsadhikar.com
1	dmp.tidaltv.com	sawsadhikar.com
31	11

This site contains links to these domains. Also see Links.

Domain
oascentral.xfinity.com
www.comcast.net
www.surveymonkey.com
idm.xfinity.com
customer.xfinity.com
my.xfinity.com
xfinity.comcast.net
customer.comcast.com

Subject Issuer	Validity	Valid
*.v.fwmrm.net DigiCert SHA2 High Assurance Server CA	`2017-11-01` - `2021-01-13`	3 years	crt.sh
*.demdex.net DigiCert SHA2 High Assurance Server CA	`2018-01-09` - `2021-02-12`	3 years	crt.sh
www.xfinity.comcast.net COMODO RSA Organization Validation Secure Server CA	`2020-02-24` - `2022-02-23`	2 years	crt.sh
moatads.com DigiCert SHA2 Secure Server CA	`2020-01-17` - `2021-03-17`	a year	crt.sh
*.cws.xfinity.com Sectigo RSA Organization Validation Secure Server CA	`2019-01-28` - `2021-01-27`	2 years	crt.sh

This page contains 1 frames:

Primary Page: http://sawsadhikar.com/loginxfinity/login
Frame ID: 4BA1AE63D3DFE2CD8969441A0285A604
Requests: 33 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

html /<(?:iframe|img)[^>]+adnxs\.(?:net|com)/i

Lodash (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /lodash.*\.js/i

Page Statistics

31
Requests

55 %
HTTPS

30 %
IPv6

8
Domains

11
Subdomains

11
IPs

5
Countries

253 kB
Transfer

575 kB
Size

3
Cookies

11 Outgoing links

These are links going to different origins than the main page.

URL: http://oascentral.xfinity.com/RealMedia/ads/click_lx.ads/comcast.net/login_secure/notve/2092131856/x32/default/empty.gif/7065654f4a4636715144554142796c76;zip=SE:164%2000?x

Search URL Search Domain Scan URL

URL: http://www.comcast.net/adinformation
Title: Ad Info

Search URL Search Domain Scan URL

URL: https://www.surveymonkey.com/s.aspx?sm=FyNNVDhj_2f2FNc2KVOHQ4eg_3d_3d
Title: Ad Feedback

Search URL Search Domain Scan URL

URL: https://idm.xfinity.com/myaccount/lookup?continue=https%3A%2F%2Flogin.xfinity.com%2Flogin%3FipAddrAuthn%3Dfalse%26passive%3Dfalse%26reqId%3D48a52541-6345-4bdd-a5ba-7d5610407746%26r%3Dcomcast.net%26s%3Dportal%26deviceAuthn%3Dfalse%26continue%3Dhttp%253A%252F%252Fxfinity.comcast.net%252F%26forceAuthn%3D0%26lang%3Den%26rm%3D2%26ui_style%3Dlight&lang=en&ui_style=light
Title: username

Search URL Search Domain Scan URL

URL: https://idm.xfinity.com/myaccount/reset?continue=https%3A%2F%2Flogin.xfinity.com%2Flogin%3FipAddrAuthn%3Dfalse%26passive%3Dfalse%26reqId%3D48a52541-6345-4bdd-a5ba-7d5610407746%26r%3Dcomcast.net%26s%3Dportal%26deviceAuthn%3Dfalse%26continue%3Dhttp%253A%252F%252Fxfinity.comcast.net%252F%26forceAuthn%3D0%26lang%3Den%26rm%3D2%26ui_style%3Dlight&lang=en&ui_style=light
Title: password

Search URL Search Domain Scan URL

URL: https://idm.xfinity.com/myaccount/create-uid?continue=https%3A%2F%2Flogin.xfinity.com%2Flogin%3FipAddrAuthn%3Dfalse%26passive%3Dfalse%26reqId%3D48a52541-6345-4bdd-a5ba-7d5610407746%26r%3Dcomcast.net%26s%3Dportal%26deviceAuthn%3Dfalse%26continue%3Dhttp%253A%252F%252Fxfinity.comcast.net%252F%26forceAuthn%3D0%26lang%3Den%26rm%3D2%26ui_style%3Dlight&lang=en&ui_style=light
Title: Create one

Search URL Search Domain Scan URL

URL: https://customer.xfinity.com/lite
Title: Pay any balance

Search URL Search Domain Scan URL

URL: http://my.xfinity.com/terms/web/
Title: Terms of Service

Search URL Search Domain Scan URL

URL: http://xfinity.comcast.net/privacy/
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: http://xfinity.comcast.net/siteindex/
Title: Site Map

Search URL Search Domain Scan URL

URL: https://customer.comcast.com/contact-us/
Title: Contact Us

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 9

https://xfinitydigital.demdex.net/event?d_sid=4702129 HTTP 302
https://xfinitydigital.demdex.net/firstevent?d_sid=4702129

31 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request login Show response
sawsadhikar.com/loginxfinity/ 13 KB
4 KB 3474ms
3139ms Document
text/html 50.28.1.103
LIQUIDWEB

General

Domain/Path	Expires	Name / Value
.sawsadhikar.com/	1970-01-19 09:53:27	Name: currency Value: BDT
.sawsadhikar.com/	1970-01-19 09:53:27	Name: language Value: en
sawsadhikar.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: cgrc7n5dlc3b6qbco8s11vl661

sawsadhikar.com Open in urlscan Pro 50.28.1.103 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

31 Requests

55 %HTTPS

30 %IPv6

8 Domains

11 Subdomains

11 IPs

5 Countries

253 kBTransfer

575 kBSize

3 Cookies

11 Outgoing links

Redirected requests

31 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

sawsadhikar.com Open in urlscan Pro
50.28.1.103 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

31
Requests

55 %
HTTPS

30 %
IPv6

8
Domains

11
Subdomains

11
IPs

5
Countries

253 kB
Transfer

575 kB
Size

3
Cookies

31 HTTP transactions
2 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!