68.87.29.197 Open in urlscan Pro
68.87.29.197 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://68.87.29.197/login/lib/plugins/usermanager/lang/pl/edit.txt...
Submission: On January 29 via automatic, source openphish (January 29th 2021, 1:20:00 am UTC)

Summary HTTP 45 Redirects Links 10 Behaviour Indicators

Summary

This website contacted 18 IPs in 6 countries across 15 domains to perform 45 HTTP transactions. The main IP is 68.87.29.197, located in United States and belongs to COMCAST-7922, US. The main domain is 68.87.29.197.
TLS certificate: Issued by COMODO RSA Organization Validation Se... on October 2nd 2020. Valid for: a year.

This is the only time 68.87.29.197 was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Xfinity (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
7	68.87.29.197 68.87.29.197	7922 (COMCAST-7922) (COMCAST-7922)
5	2a02:26f0:6c0... 2a02:26f0:6c00:2bd::30d4	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	151.101.114.217 151.101.114.217	54113 (FASTLY) (FASTLY)
1	2600:1f18:659... 2600:1f18:6593:f602:82a0:df8e:67ea:6e72	14618 (AMAZON-AES) (AMAZON-AES)
1 4	34.254.147.143 34.254.147.143	16509 (AMAZON-02) (AMAZON-02)
10	2a02:26f0:6c0... 2a02:26f0:6c00:292::2c06	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4	2a02:26f0:6c0... 2a02:26f0:6c00:2be::1e80	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	13.224.192.34 13.224.192.34	16509 (AMAZON-02) (AMAZON-02)
1	2.18.232.130 2.18.232.130	16625 (AKAMAI-AS) (AKAMAI-AS)
2	178.250.0.165 178.250.0.165	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1 3	34.98.64.218 34.98.64.218	15169 (GOOGLE) (GOOGLE)
1	165.227.252.242 165.227.252.242	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
1	69.173.144.143 69.173.144.143	26667 (RUBICONPR...) (RUBICONPROJECT)
1	15.237.76.117 15.237.76.117	16509 (AMAZON-02) (AMAZON-02)
1	185.33.221.14 185.33.221.14	29990 (ASN-APPNEX) (ASN-APPNEX)
1	2a02:2638::1c 2a02:2638::1c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2a02:2638::3 2a02:2638::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1 1	2a00:1450:400... 2a00:1450:4001:800::2002	15169 (GOOGLE) (GOOGLE)
45	18

7 68.87.29.197 (United States)

ASN7922 (COMCAST-7922, US)

68.87.29.197	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a02:26f0:6c00:2bd::30d4 (Ascension Island)

ASN20940 (AKAMAI-ASN1, NL)

static.cimcontent.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.114.217 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

scripts.webcontentassessor.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f18:6593:f602:82a0:df8e:67ea:6e72 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

7468.v.fwmrm.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 34.254.147.143 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-254-147-143.eu-west-1.compute.amazonaws.com

xfinitydigital.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
comcast.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a02:26f0:6c00:292::2c06 (Ascension Island)

ASN20940 (AKAMAI-ASN1, NL)

dl.cws.xfinity.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:26f0:6c00:2be::1e80 (Ascension Island)

ASN20940 (AKAMAI-ASN1, NL)

assets.adobedtm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.224.192.34 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-192-34.fra2.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.18.232.130 (Ascension Island)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-232-130.deploy.static.akamaitechnologies.com

acdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.0.165 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
PTR: bidder.par.vip.prod.criteo.com

bidder.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.98.64.218 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 218.64.98.34.bc.googleusercontent.com

comcast-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
eu-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 165.227.252.242 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN, US)

e.serverbid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.143 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

fastlane.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 15.237.76.117 (Paris, France)

ASN16509 (AMAZON-02, US)
PTR: ec2-15-237-76-117.eu-west-3.compute.amazonaws.com

comcastcom.d1.sc.omtrdc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.33.221.14 (Netherlands)

ASN29990 (ASN-APPNEX, US)
PTR: 730.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638::1c (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	xfinity.com dl.cws.xfinity.com	2 KB
5	cimcontent.net static.cimcontent.net	173 KB
4	adobedtm.com assets.adobedtm.com	84 KB
4	demdex.net 1 redirects xfinitydigital.demdex.net dpm.demdex.net comcast.demdex.net	3 KB
3	openx.net 1 redirects comcast-d.openx.net eu-u.openx.net us-u.openx.net	1013 B
3	criteo.com bidder.criteo.com gum.criteo.com	284 B
3	amazon-adsystem.com c.amazon-adsystem.com	34 KB
2	adnxs.com acdn.adnxs.com ib.adnxs.com	32 KB
1	doubleclick.net 1 redirects cm.g.doubleclick.net	121 B
1	criteo.net static.criteo.net	26 KB
1	omtrdc.net comcastcom.d1.sc.omtrdc.net	315 B
1	rubiconproject.com fastlane.rubiconproject.com	2 KB
1	serverbid.com e.serverbid.com	166 B
1	fwmrm.net 7468.v.fwmrm.net	411 B
1	webcontentassessor.com scripts.webcontentassessor.com	32 KB
45	15

	Domain	Requested by
10	dl.cws.xfinity.com	static.cimcontent.net
5	static.cimcontent.net	68.87.29.197
4	assets.adobedtm.com	static.cimcontent.net assets.adobedtm.com
3	c.amazon-adsystem.com	68.87.29.197 static.cimcontent.net
2	bidder.criteo.com	static.cimcontent.net
2	xfinitydigital.demdex.net	1 redirects 68.87.29.197
1	us-u.openx.net
1	cm.g.doubleclick.net	1 redirects
1	eu-u.openx.net	1 redirects
1	static.criteo.net	static.cimcontent.net
1	gum.criteo.com	68.87.29.197
1	ib.adnxs.com	static.cimcontent.net
1	comcastcom.d1.sc.omtrdc.net	static.cimcontent.net
1	comcast.demdex.net	assets.adobedtm.com
1	fastlane.rubiconproject.com	static.cimcontent.net
1	e.serverbid.com	static.cimcontent.net
1	comcast-d.openx.net	static.cimcontent.net
1	acdn.adnxs.com	68.87.29.197
1	dpm.demdex.net	static.cimcontent.net
1	7468.v.fwmrm.net	68.87.29.197
1	scripts.webcontentassessor.com	68.87.29.197
45	21

This site contains links to these domains. Also see Links.

Domain
www.comcast.net
www.surveymonkey.com
idm.xfinity.com
customer.xfinity.com
my.xfinity.com
xfinity.comcast.net
www.xfinity.com

Subject Issuer	Validity	Valid
*.identity.xfinity.com COMODO RSA Organization Validation Secure Server CA	`2020-10-02` - `2021-10-02`	a year	crt.sh
static.cimcontent.net COMODO RSA Organization Validation Secure Server CA	`2020-04-16` - `2022-04-16`	2 years	crt.sh
scripts.webcontentassessor.com GlobalSign Atlas R3 DV TLS CA 2020	`2021-01-27` - `2022-02-28`	a year	crt.sh
*.v.fwmrm.net DigiCert TLS RSA SHA256 2020 CA1	`2020-11-17` - `2021-12-18`	a year	crt.sh
*.demdex.net DigiCert TLS RSA SHA256 2020 CA1	`2020-12-02` - `2022-01-02`	a year	crt.sh
assets.adobedtm.com DigiCert TLS RSA SHA256 2020 CA1	`2021-01-08` - `2021-09-30`	9 months	crt.sh
*.cws.xfinity.com COMODO RSA Organization Validation Secure Server CA	`2020-05-04` - `2022-05-04`	2 years	crt.sh
c.amazon-adsystem.com Amazon	`2020-08-04` - `2021-08-02`	a year	crt.sh
cdn.adnxs.com GeoTrust RSA CA 2018	`2020-01-02` - `2021-04-02`	a year	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2020-11-17` - `2021-02-14`	3 months	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2020-06-18` - `2021-08-17`	a year	crt.sh
e.serverbid.com R3	`2020-12-17` - `2021-03-17`	3 months	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2020-12-18` - `2022-01-18`	a year	crt.sh
*.d1.sc.omtrdc.net DigiCert SHA2 High Assurance Server CA	`2020-02-28` - `2022-03-04`	2 years	crt.sh
*.adnxs.com DigiCert ECC Secure Server CA	`2019-01-23` - `2021-03-08`	2 years	crt.sh
*.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2020-11-17` - `2021-02-14`	3 months	crt.sh

This page contains 3 frames:

Primary Page: https://68.87.29.197/login/lib/plugins/usermanager/lang/pl/edit.txt...
Frame ID: 067C6557D958E3A16DBCD531C90D2948
Requests: 40 HTTP requests in this frame

Frame: https://comcast.demdex.net/dest5.html?d_nsid=0
Frame ID: D6143C9EDD9806589DF8792D899E18AA
Requests: 1 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?topUrl=68.87.29.197
Frame ID: 1E65F895FE32E0EB1A248E83D9D4B61B
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Statistics

45
Requests

84 %
HTTPS

39 %
IPv6

15
Domains

21
Subdomains

18
IPs

6
Countries

508 kB
Transfer

1210 kB
Size

7
Cookies

10 Outgoing links

These are links going to different origins than the main page.

URL: http://www.comcast.net/adinformation
Title: Ad Info

Search URL Search Domain Scan URL

URL: https://www.surveymonkey.com/s.aspx?sm=FyNNVDhj_2f2FNc2KVOHQ4eg_3d_3d
Title: Ad Feedback

Search URL Search Domain Scan URL

URL: https://idm.xfinity.com/myaccount/lookup?continue=https%3A%2F%2Flogin.xfinity.com%2Flogin%3FselectAccount%3Dfalse%26ipAddrAuthn%3Dfalse%26passive%3Dfalse%26reqId%3Db751cd5e-3baa-498f-8d6c-1a840c3ce282%26r%3Dcomcast.net%26s%3Dportal%26deviceAuthn%3Dfalse%26continue%3Dhttp%253A%252F%252Fxfinity.comcast.net%252F%26forceAuthn%3D0%26lang%3Den%26rm%3D2%26ui_style%3Dlight&lang=en&ui_style=light
Title: Xfinity ID

Search URL Search Domain Scan URL

URL: https://idm.xfinity.com/myaccount/reset?continue=https%3A%2F%2Flogin.xfinity.com%2Flogin%3FselectAccount%3Dfalse%26ipAddrAuthn%3Dfalse%26passive%3Dfalse%26reqId%3Db751cd5e-3baa-498f-8d6c-1a840c3ce282%26r%3Dcomcast.net%26s%3Dportal%26deviceAuthn%3Dfalse%26continue%3Dhttp%253A%252F%252Fxfinity.comcast.net%252F%26forceAuthn%3D0%26lang%3Den%26rm%3D2%26ui_style%3Dlight&lang=en&ui_style=light
Title: password

Search URL Search Domain Scan URL

URL: https://idm.xfinity.com/myaccount/create-uid?continue=https%3A%2F%2Flogin.xfinity.com%2Flogin%3FselectAccount%3Dfalse%26ipAddrAuthn%3Dfalse%26passive%3Dfalse%26reqId%3Db751cd5e-3baa-498f-8d6c-1a840c3ce282%26r%3Dcomcast.net%26s%3Dportal%26deviceAuthn%3Dfalse%26continue%3Dhttp%253A%252F%252Fxfinity.comcast.net%252F%26forceAuthn%3D0%26lang%3Den%26rm%3D2%26ui_style%3Dlight&lang=en&ui_style=light
Title: Create one

Search URL Search Domain Scan URL

URL: https://customer.xfinity.com/lite
Title: Pay any balance

Search URL Search Domain Scan URL

URL: http://my.xfinity.com/terms/web/
Title: Terms of Service

Search URL Search Domain Scan URL

URL: http://xfinity.comcast.net/privacy/
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://www.xfinity.com/privacy/policy
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://www.xfinity.com/privacy/manage-preference
Title: Do Not Sell My Personal Information

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 7

https://xfinitydigital.demdex.net/event?d_sid=4702129 HTTP 302
https://xfinitydigital.demdex.net/firstevent?d_sid=4702129

Request Chain 45

https://eu-u.openx.net/w/1.0/pd?plm=10&ph=42d504c1-bae8-4312-8ad6-a76f3705b195&gdpr=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESECbTT4mB3im828TYiJU3nuc&google_cver=1

45 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request Cookie set edit.txt... Show response
68.87.29.197/login/lib/plugins/usermanager/lang/pl/ 12 KB
5 KB 443ms
215ms Document
text/html 68.87.29.197
COMCAST-7922

General

Domain/Path	Expires	Name / Value
68.87.29.197/	1970-01-20 09:15:55	Name: AMCV_DA11332E5321D0550A490D45%40AdobeOrg Value: 359503849%7CMCIDTS%7C18657%7CMCMID%7C11349877260752951130222823983114765844%7CMCAAMLH-1612487983%7C6%7CMCAAMB-1612487983%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1611890383s%7CNONE%7CMCAID%7CNONE%7CvVersion%7C5.0.1
.demdex.net/	1970-01-19 20:03:55	Name: demdex Value: 11197603623049812940242587948768000691
68.87.29.197/	1969-12-31 23:59:59	Name: AMCVS_DA11332E5321D0550A490D45%40AdobeOrg Value: 1
68.87.29.197/	1969-12-31 23:59:59	Name: SESSION Value: d149dac4-0b3e-4f8d-97ba-de7510f2852c
68.87.29.197/	1969-12-31 23:59:59	Name: BIGipServerp_loginxf-wcdc-ipv4_443 Value: !NO7VUg577Sqf19Pab3bAYz+ZnnXVjXghlSX7JWlSBgDv9SQLgOn+uE78VVGZHpylrlsSdgYf2oTUELE=
.demdex.net/	1970-01-19 20:03:55	Name: dextp Value: 21-1-1611883183222\|60-1-1611883183324\|358-1-1611883183425
68.87.29.197/login/lib/plugins/usermanager/lang/pl	1970-01-20 09:15:55	Name: bid Value: Tb9SSpZWT6OoVbVep4NLltQ_4yE

Source	Level	URL Text
console-api	log	URL: https://assets.adobedtm.com/331fbea29f79/fdd77923e2da/52d5ba0fe5d1/EX42af35e02f37445ba43641984da760ce-libraryCode_source.min.js(Line 2) Message: Error, missing Report Suite ID in AppMeasurement initialization
console-api	info	URL: https://acdn.adnxs.com/ast/ast.js(Line 1) Message: AST library loaded: 0.35.0

Header	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains;
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

68.87.29.197 Open in urlscan Pro 68.87.29.197 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Statistics

45 Requests

84 %HTTPS

39 %IPv6

15 Domains

21 Subdomains

18 IPs

6 Countries

508 kBTransfer

1210 kBSize

7 Cookies

10 Outgoing links

Redirected requests

45 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

68.87.29.197 Open in urlscan Pro
68.87.29.197 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

45
Requests

84 %
HTTPS

39 %
IPv6

15
Domains

21
Subdomains

18
IPs

6
Countries

508 kB
Transfer

1210 kB
Size

7
Cookies

45 HTTP transactions
2 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!