support-xfinity.141-98-115-112.cprapid.com Open in urlscan Pro
141.98.115.112 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://support-xfinity.141-98-115-112.cprapid.com/&&/&%20.php
Effective URL:
https://support-xfinity.141-98-115-112.cprapid.com/Billing-Online.html?Review%20-%20Verification%20MyAccount
Submission: On July 09 via automatic, source openphish (July 9th 2024, 3:14:44 pm UTC) — Scanned from DE

Summary HTTP 17 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 17 HTTP transactions. The main IP is 141.98.115.112, located in Turkey and belongs to POYRAZ, TR. The main domain is support-xfinity.141-98-115-112.cprapid.com.
TLS certificate: Issued by R11 on July 2nd 2024. Valid for: 3 months.

This is the only time support-xfinity.141-98-115-112.cprapid.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Xfinity (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
1 14	141.98.115.112 141.98.115.112	210574 (POYRAZ) (POYRAZ)
4	2a02:26f0:310... 2a02:26f0:3100:791::1b62	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
17	3

14 141.98.115.112 (Turkey) 1 redirects

ASN210574 (POYRAZ, TR)
PTR: server.poyrazhosting.com

support-xfinity.141-98-115-112.cprapid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:26f0:3100:791::1b62 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

sdx.xfinity.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	cprapid.com 1 redirects support-xfinity.141-98-115-112.cprapid.com	611 KB
4	xfinity.com sdx.xfinity.com — Cisco Umbrella Rank: 92846	86 KB
17	2

	Domain	Requested by
14	support-xfinity.141-98-115-112.cprapid.com	1 redirects support-xfinity.141-98-115-112.cprapid.com
4	sdx.xfinity.com	support-xfinity.141-98-115-112.cprapid.com
17	2

This site contains no links.

Subject Issuer	Validity	Valid
webmail.support-xfinity.141-98-115-112.cprapid.com R11	`2024-07-02` - `2024-09-30`	3 months	crt.sh
www.xfinity.comcast.net COMODO RSA Organization Validation Secure Server CA	`2023-08-30` - `2024-08-29`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://support-xfinity.141-98-115-112.cprapid.com/Billing-Online.html?Review%20-%20Verification%20MyAccount
Frame ID: D826BFFBE133D1764245D3C02A9D50FA
Requests: 20 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

XFINITY | Update Your Account | EcoBill® Online Bill Pay

Page URL History Show full URLs

http://support-xfinity.141-98-115-112.cprapid.com/&&/&%20.php HTTP 307
https://support-xfinity.141-98-115-112.cprapid.com/&&/&%20.php HTTP 302
https://support-xfinity.141-98-115-112.cprapid.com/Process.php Page URL
https://support-xfinity.141-98-115-112.cprapid.com/Billing-Online.html?Review%20-%20Verification%20MyAccount Page URL

Page Statistics

17
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

697 kB
Transfer

874 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://support-xfinity.141-98-115-112.cprapid.com/&&/&%20.php HTTP 307
https://support-xfinity.141-98-115-112.cprapid.com/&&/&%20.php HTTP 302
https://support-xfinity.141-98-115-112.cprapid.com/Process.php Page URL
https://support-xfinity.141-98-115-112.cprapid.com/Billing-Online.html?Review%20-%20Verification%20MyAccount Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://support-xfinity.141-98-115-112.cprapid.com/&&/&%20.php HTTP 307
https://support-xfinity.141-98-115-112.cprapid.com/&&/&%20.php HTTP 302
https://support-xfinity.141-98-115-112.cprapid.com/Process.php

17 HTTP transactions
3 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Process.php Show response support-xfinity.141-98-115-112.cprapid.com/ Redirect Chain http://support-xfinity.141-98-115-112.cprapid.com/&&/&%20.php https://support-xfinity.141-98-115-112.cprapid.com/&&/&%20.php https://support-xfinity.141-98-115-112.cprapid.com/Process.php	1 KB 1 KB	73ms 73ms	Document text/html	141.98.115.112 POYRAZ
General Check archive.org Show headers Download Go to Full URL https://support-xfinity.141-98-115-112.cprapid.com/Process.php Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 141.98.115.112 , Turkey, ASN210574 (POYRAZ, TR), Reverse DNS server.poyrazhosting.com Software Apache / Resource Hash `2e7f3c99031bc9f71e5888f76a91cb6c18f873628e7e807dec8c60bc5d748bdd` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Connection Keep-Alive Content-Type text/html; charset=UTF-8 Date Tue, 09 Jul 2024 15:14:39 GMT Keep-Alive timeout=5, max=99 Server Apache Transfer-Encoding chunked Redirect headers Connection Keep-Alive Content-Length 0 Content-Type text/html; charset=UTF-8 Date Tue, 09 Jul 2024 15:14:39 GMT Keep-Alive timeout=5, max=100 Server Apache location ../Process.php
GET H/1.1	200 OK	&&&%20.css support-xfinity.141-98-115-112.cprapid.com/&/	145 KB 146 KB	73ms 73ms	Stylesheet text/css	141.98.115.112 POYRAZ
General Check archive.org Show headers Download Go to Full URL https://support-xfinity.141-98-115-112.cprapid.com/&/&&&%20.css Requested by Host: support-xfinity.141-98-115-112.cprapid.com URL: https://support-xfinity.141-98-115-112.cprapid.com/Process.php Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 141.98.115.112 , Turkey, ASN210574 (POYRAZ, TR), Reverse DNS server.poyrazhosting.com Software Apache / Resource Hash `408b58c87c12589fabef13009715c27a835c1980fbf66738b7af6f79fd2ddc15` Request headers Referer https://support-xfinity.141-98-115-112.cprapid.com/Process.php User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Date Tue, 09 Jul 2024 15:14:39 GMT Last-Modified Wed, 05 Jul 2023 23:00:46 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 148936
GET H2	200	XfinityStandard-Regular.woff2 sdx.xfinity.com/fonts/latest/Xfinity_Standard/	26 KB 26 KB	408ms 34ms	Font font/woff2	2a02:26f0:3100:791::1b62 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://sdx.xfinity.com/fonts/latest/Xfinity_Standard/XfinityStandard-Regular.woff2 Requested by Host: support-xfinity.141-98-115-112.cprapid.com URL: https://support-xfinity.141-98-115-112.cprapid.com/&/&&&%20.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:3100:791::1b62 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software AmazonS3 / Resource Hash `138c0ead0fbcd09dd455df9870920e8725b367fbf02ac0cef0c62874000ab176` Request headers Referer https://support-xfinity.141-98-115-112.cprapid.com/ Origin https://support-xfinity.141-98-115-112.cprapid.com User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers unused62 8096267 x-amz-version-id kLBQWhXkUwwuS0hOSKJ2GQ_XrNE.oQFF date Tue, 09 Jul 2024 15:14:40 GMT last-modified Fri, 24 Jan 2020 21:23:01 GMT server AmazonS3 x-amz-cf-pop ZRH50-C1 etag "e3e79cd377b28c1e7ffea64b194136cf" content-type font/woff2 access-control-allow-origin * cache-control max-age=691054 accept-ranges bytes content-length 26768 x-amz-cf-id mWu3-7enAvLrVitAX53L-c8sFBLSzLkQkq1SH7ClO4S0aiBskEDNaw==
GET H/1.1	200 OK	&%20.ico support-xfinity.141-98-115-112.cprapid.com/&/	7 KB 7 KB	76ms 76ms	Other image/x-icon	141.98.115.112 POYRAZ
General Check archive.org Show headers Download Go to Full URL https://support-xfinity.141-98-115-112.cprapid.com/&/&%20.ico Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 141.98.115.112 , Turkey, ASN210574 (POYRAZ, TR), Reverse DNS server.poyrazhosting.com Software Apache / Resource Hash `b81ca95427455e8704ed486c9b37346dc71d2f01e5353bbfc37614cdd067b23a` Request headers Referer https://support-xfinity.141-98-115-112.cprapid.com/Process.php User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Date Tue, 09 Jul 2024 15:14:40 GMT Last-Modified Wed, 05 Jul 2023 23:00:46 GMT Server Apache Content-Type image/x-icon Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=97 Content-Length 7406
GET H/1.1	200 OK	Primary Request Billing-Online.html Show response support-xfinity.141-98-115-112.cprapid.com/	13 KB 13 KB	78ms 77ms	Document text/html	141.98.115.112 POYRAZ
General Check archive.org Show headers Download Go to Full URL https://support-xfinity.141-98-115-112.cprapid.com/Billing-Online.html?Review%20-%20Verification%20MyAccount Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 141.98.115.112 , Turkey, ASN210574 (POYRAZ, TR), Reverse DNS server.poyrazhosting.com Software Apache / Resource Hash `171f261d459e831c9290eabc0a9e91d81e7d4daf8319a55e1ade9e31a319f18c` Request headers Referer https://support-xfinity.141-98-115-112.cprapid.com/Process.php Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Accept-Ranges bytes Connection Keep-Alive Content-Length 13430 Content-Type text/html Date Tue, 09 Jul 2024 15:14:41 GMT Keep-Alive timeout=5, max=96 Last-Modified Wed, 05 Jul 2023 23:00:46 GMT Server Apache
GET H/1.1	200 OK	&%20.css support-xfinity.141-98-115-112.cprapid.com/&/	60 KB 60 KB	76ms 75ms	Stylesheet text/css	141.98.115.112 POYRAZ
General Check archive.org Show headers Download Go to Full URL https://support-xfinity.141-98-115-112.cprapid.com/&/&%20.css Requested by Host: support-xfinity.141-98-115-112.cprapid.com URL: https://support-xfinity.141-98-115-112.cprapid.com/Billing-Online.html?Review%20-%20Verification%20MyAccount Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 141.98.115.112 , Turkey, ASN210574 (POYRAZ, TR), Reverse DNS server.poyrazhosting.com Software Apache / Resource Hash `14d652380817f35a1d5570fbf76a3195d57aa27e918b362ac99c1ad9133db54e` Request headers Referer https://support-xfinity.141-98-115-112.cprapid.com/Billing-Online.html?Review%20-%20Verification%20MyAccount User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Date Tue, 09 Jul 2024 15:14:41 GMT Last-Modified Wed, 05 Jul 2023 23:00:46 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=95 Content-Length 61230
GET H/1.1	200 OK	&&%20.css support-xfinity.141-98-115-112.cprapid.com/&/	112 KB 112 KB	213ms 72ms	Stylesheet text/css	141.98.115.112 POYRAZ
General Check archive.org Show headers Download Go to Full URL https://support-xfinity.141-98-115-112.cprapid.com/&/&&%20.css Requested by Host: support-xfinity.141-98-115-112.cprapid.com URL: https://support-xfinity.141-98-115-112.cprapid.com/Billing-Online.html?Review%20-%20Verification%20MyAccount Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 141.98.115.112 , Turkey, ASN210574 (POYRAZ, TR), Reverse DNS server.poyrazhosting.com Software Apache / Resource Hash `be98a71333624c41265d90e6cc689fc9ba72174d0c400dabffc3fd4321d43e4e` Request headers Referer https://support-xfinity.141-98-115-112.cprapid.com/Billing-Online.html?Review%20-%20Verification%20MyAccount User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Date Tue, 09 Jul 2024 15:14:41 GMT Last-Modified Wed, 05 Jul 2023 23:00:46 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 114665
GET H/1.1	200 OK	&&&%20.css support-xfinity.141-98-115-112.cprapid.com/&/	145 KB 0	1ms 1ms	Stylesheet text/css	141.98.115.112 POYRAZ
General Check archive.org Show headers Download Go to Full URL https://support-xfinity.141-98-115-112.cprapid.com/&/&&&%20.css Requested by Host: support-xfinity.141-98-115-112.cprapid.com URL: https://support-xfinity.141-98-115-112.cprapid.com/Billing-Online.html?Review%20-%20Verification%20MyAccount Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 141.98.115.112 , Turkey, ASN210574 (POYRAZ, TR), Reverse DNS server.poyrazhosting.com Software Apache / Resource Hash `408b58c87c12589fabef13009715c27a835c1980fbf66738b7af6f79fd2ddc15` Request headers Referer https://support-xfinity.141-98-115-112.cprapid.com/Billing-Online.html?Review%20-%20Verification%20MyAccount User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Date Tue, 09 Jul 2024 15:14:39 GMT Last-Modified Wed, 05 Jul 2023 23:00:46 GMT Server Apache Accept-Ranges bytes Content-Length 148936 Content-Type text/css
GET H/1.1	200 OK	&%20.js Show response support-xfinity.141-98-115-112.cprapid.com/&&&/	15 KB 15 KB	229ms 85ms	Script text/javascript	141.98.115.112 POYRAZ
General Check archive.org Show headers Download Go to Full URL https://support-xfinity.141-98-115-112.cprapid.com/&&&/&%20.js Requested by Host: support-xfinity.141-98-115-112.cprapid.com URL: https://support-xfinity.141-98-115-112.cprapid.com/Billing-Online.html?Review%20-%20Verification%20MyAccount Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 141.98.115.112 , Turkey, ASN210574 (POYRAZ, TR), Reverse DNS server.poyrazhosting.com Software Apache / Resource Hash `24a26882d08d35333479e59ea7a76824670a9ae935e505da8401ecaf61ee0695` Request headers Referer https://support-xfinity.141-98-115-112.cprapid.com/Billing-Online.html?Review%20-%20Verification%20MyAccount User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Date Tue, 09 Jul 2024 15:14:41 GMT Last-Modified Wed, 05 Jul 2023 23:00:46 GMT Server Apache Content-Type text/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 15543
GET H/1.1	200 OK	&.%20.js Show response support-xfinity.141-98-115-112.cprapid.com/&&&/	15 KB 15 KB	232ms 81ms	Script text/javascript	141.98.115.112 POYRAZ
General Check archive.org Show headers Download Go to Full URL https://support-xfinity.141-98-115-112.cprapid.com/&&&/&.%20.js Requested by Host: support-xfinity.141-98-115-112.cprapid.com URL: https://support-xfinity.141-98-115-112.cprapid.com/Billing-Online.html?Review%20-%20Verification%20MyAccount Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 141.98.115.112 , Turkey, ASN210574 (POYRAZ, TR), Reverse DNS server.poyrazhosting.com Software Apache / Resource Hash `8f77d855075159f6093ce44c92256d4b127d6c28486039c22476533f1290f330` Request headers Referer https://support-xfinity.141-98-115-112.cprapid.com/Billing-Online.html?Review%20-%20Verification%20MyAccount User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Date Tue, 09 Jul 2024 15:14:41 GMT Last-Modified Wed, 05 Jul 2023 23:00:46 GMT Server Apache Content-Type text/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=94 Content-Length 15296
GET H/1.1	200 OK	&1%20.js Show response support-xfinity.141-98-115-112.cprapid.com/&&&/	120 KB 121 KB	248ms 91ms	Script text/javascript	141.98.115.112 POYRAZ
General Check archive.org Show headers Download Go to Full URL https://support-xfinity.141-98-115-112.cprapid.com/&&&/&1%20.js Requested by Host: support-xfinity.141-98-115-112.cprapid.com URL: https://support-xfinity.141-98-115-112.cprapid.com/Billing-Online.html?Review%20-%20Verification%20MyAccount Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 141.98.115.112 , Turkey, ASN210574 (POYRAZ, TR), Reverse DNS server.poyrazhosting.com Software Apache / Resource Hash `fe917dddbfaf57e06fae1017c6ebcbf4fa915aa9c7c06f825a456ca77d167be9` Request headers Referer https://support-xfinity.141-98-115-112.cprapid.com/Billing-Online.html?Review%20-%20Verification%20MyAccount User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Date Tue, 09 Jul 2024 15:14:41 GMT Last-Modified Wed, 05 Jul 2023 23:00:46 GMT Server Apache Content-Type text/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 123233
GET H/1.1	200 OK	&2%20.js Show response support-xfinity.141-98-115-112.cprapid.com/&&&/	4 KB 4 KB	249ms 92ms	Script text/javascript	141.98.115.112 POYRAZ
General Check archive.org Show headers Download Go to Full URL https://support-xfinity.141-98-115-112.cprapid.com/&&&/&2%20.js Requested by Host: support-xfinity.141-98-115-112.cprapid.com URL: https://support-xfinity.141-98-115-112.cprapid.com/Billing-Online.html?Review%20-%20Verification%20MyAccount Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 141.98.115.112 , Turkey, ASN210574 (POYRAZ, TR), Reverse DNS server.poyrazhosting.com Software Apache / Resource Hash `69e2cb3881bf49cfae772e2fb133d16e455792121fc2f0781b8d8e84a8284a48` Request headers Referer https://support-xfinity.141-98-115-112.cprapid.com/Billing-Online.html?Review%20-%20Verification%20MyAccount User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Date Tue, 09 Jul 2024 15:14:41 GMT Last-Modified Wed, 05 Jul 2023 23:00:46 GMT Server Apache Content-Type text/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 3729
GET H/1.1	200 OK	&3%20.js Show response support-xfinity.141-98-115-112.cprapid.com/&&&/	115 KB 116 KB	246ms 89ms	Script text/javascript	141.98.115.112 POYRAZ
General Check archive.org Show headers Download Go to Full URL https://support-xfinity.141-98-115-112.cprapid.com/&&&/&3%20.js Requested by Host: support-xfinity.141-98-115-112.cprapid.com URL: https://support-xfinity.141-98-115-112.cprapid.com/Billing-Online.html?Review%20-%20Verification%20MyAccount Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 141.98.115.112 , Turkey, ASN210574 (POYRAZ, TR), Reverse DNS server.poyrazhosting.com Software Apache / Resource Hash `f55488618d647866393d1fb92d7d2318e2f40e00464f8f91ee9fd154a049ff8e` Request headers Referer https://support-xfinity.141-98-115-112.cprapid.com/Billing-Online.html?Review%20-%20Verification%20MyAccount User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Date Tue, 09 Jul 2024 15:14:41 GMT Last-Modified Wed, 05 Jul 2023 23:00:46 GMT Server Apache Content-Type text/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 118070
GET DATA	200 OK	truncated /	803 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `33334f9570433022429c5bf482204947d8526638535fbde7acee35bd09dfbb79` Request headers Referer User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml;charset=US-ASCII
GET DATA	200 OK	truncated /	935 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `9fa9a5dd7702d14574417221a210b07c55bea87995796e1ac175864254bc0b16` Request headers Referer User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml;charset=utf-8
GET H2	200	XfinityStandard-Regular.woff2 sdx.xfinity.com/fonts/latest/Xfinity_Standard/	26 KB 0	0ms 0ms	Font font/woff2	2a02:26f0:3100:791::1b62 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://sdx.xfinity.com/fonts/latest/Xfinity_Standard/XfinityStandard-Regular.woff2 Requested by Host: support-xfinity.141-98-115-112.cprapid.com URL: https://support-xfinity.141-98-115-112.cprapid.com/&/&&&%20.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:3100:791::1b62 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software AmazonS3 / Resource Hash `138c0ead0fbcd09dd455df9870920e8725b367fbf02ac0cef0c62874000ab176` Request headers Referer https://support-xfinity.141-98-115-112.cprapid.com/ Origin https://support-xfinity.141-98-115-112.cprapid.com User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers unused62 8096267 x-amz-version-id kLBQWhXkUwwuS0hOSKJ2GQ_XrNE.oQFF date Tue, 09 Jul 2024 15:14:40 GMT last-modified Fri, 24 Jan 2020 21:23:01 GMT server AmazonS3 x-amz-cf-pop ZRH50-C1 etag "e3e79cd377b28c1e7ffea64b194136cf" content-type font/woff2 access-control-allow-origin * cache-control max-age=691054 accept-ranges bytes content-length 26768 x-amz-cf-id mWu3-7enAvLrVitAX53L-c8sFBLSzLkQkq1SH7ClO4S0aiBskEDNaw==
GET DATA	200 OK	truncated /	194 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `0a468887e9dc29ce2f7bf7d335c9bfaab005f7807b368ec979bccf4d34611a8e` Request headers Referer User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml;charset=US-ASCII
GET H2	200	XfinityStandard-ExtraLight.woff2 sdx.xfinity.com/fonts/latest/Xfinity_Standard/	32 KB 33 KB	35ms 34ms	Font font/woff2	2a02:26f0:3100:791::1b62 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://sdx.xfinity.com/fonts/latest/Xfinity_Standard/XfinityStandard-ExtraLight.woff2 Requested by Host: support-xfinity.141-98-115-112.cprapid.com URL: https://support-xfinity.141-98-115-112.cprapid.com/&/&&&%20.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:3100:791::1b62 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software AmazonS3 / Resource Hash `8107d336fd1e5fee55e5a439af3165b98a39d84e25a0d55af1179d8e1b7b19ea` Request headers Referer https://support-xfinity.141-98-115-112.cprapid.com/ Origin https://support-xfinity.141-98-115-112.cprapid.com User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers unused62 8096267 x-amz-version-id Bbube12IJwZsgLOR0dnsP3Zw8NdGE3DL date Tue, 09 Jul 2024 15:14:41 GMT last-modified Fri, 24 Jan 2020 21:23:01 GMT server AmazonS3 x-amz-cf-pop FRA56-C1 etag "a626342f1fe2e8793440bc6f0882cb57" content-type font/woff2 access-control-allow-origin * cache-control max-age=697100 accept-ranges bytes content-length 33268 x-amz-cf-id 56M51IyU7lsYb3Xv06qADznJI0xhMz9h-QLlIwGEX27agZpjksoTyQ==
GET H2	200	XfinityStandard-Light.woff2 sdx.xfinity.com/fonts/latest/Xfinity_Standard/	27 KB 27 KB	52ms 52ms	Font font/woff2	2a02:26f0:3100:791::1b62 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://sdx.xfinity.com/fonts/latest/Xfinity_Standard/XfinityStandard-Light.woff2 Requested by Host: support-xfinity.141-98-115-112.cprapid.com URL: https://support-xfinity.141-98-115-112.cprapid.com/&/&&&%20.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:3100:791::1b62 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software AmazonS3 / Resource Hash `fc6cd95261064c28600405c9c8dd51813abf8367e85b6e00f0f3031a8338988a` Request headers Referer https://support-xfinity.141-98-115-112.cprapid.com/ Origin https://support-xfinity.141-98-115-112.cprapid.com User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers unused62 8096267 x-amz-version-id wnCwOacXycelzt78IMkr55wWB9WkMd2W date Tue, 09 Jul 2024 15:14:41 GMT last-modified Fri, 24 Jan 2020 21:23:01 GMT server AmazonS3 x-amz-cf-pop ZRH50-C1 etag "f05d3ebe80809d82ab14d62a79da544e" content-type font/woff2 access-control-allow-origin * cache-control max-age=499690 accept-ranges bytes content-length 27420 x-amz-cf-id P9xccIoO-c5ACMDSvYVv1dx7mmtlzDVjJ45L0HuV_QOmIJ_i6QAEKA==
GET H/1.1	200 OK	&%20.ico support-xfinity.141-98-115-112.cprapid.com/&/	7 KB 0	0ms 0ms	Other image/x-icon	141.98.115.112 POYRAZ
General Check archive.org Show headers Download Go to Full URL https://support-xfinity.141-98-115-112.cprapid.com/&/&%20.ico Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 141.98.115.112 , Turkey, ASN210574 (POYRAZ, TR), Reverse DNS server.poyrazhosting.com Software Apache / Resource Hash `b81ca95427455e8704ed486c9b37346dc71d2f01e5353bbfc37614cdd067b23a` Request headers Referer https://support-xfinity.141-98-115-112.cprapid.com/Billing-Online.html?Review%20-%20Verification%20MyAccount User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Date Tue, 09 Jul 2024 15:14:40 GMT Last-Modified Wed, 05 Jul 2023 23:00:46 GMT Server Apache Accept-Ranges bytes Content-Length 7406 Content-Type image/x-icon

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Xfinity (Consumer)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| isInputNumber object| payform function| $ function| jQuery

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

sdx.xfinity.com
support-xfinity.141-98-115-112.cprapid.com
141.98.115.112
2a02:26f0:3100:791::1b62
0a468887e9dc29ce2f7bf7d335c9bfaab005f7807b368ec979bccf4d34611a8e
138c0ead0fbcd09dd455df9870920e8725b367fbf02ac0cef0c62874000ab176
14d652380817f35a1d5570fbf76a3195d57aa27e918b362ac99c1ad9133db54e
171f261d459e831c9290eabc0a9e91d81e7d4daf8319a55e1ade9e31a319f18c
24a26882d08d35333479e59ea7a76824670a9ae935e505da8401ecaf61ee0695
2e7f3c99031bc9f71e5888f76a91cb6c18f873628e7e807dec8c60bc5d748bdd
33334f9570433022429c5bf482204947d8526638535fbde7acee35bd09dfbb79
408b58c87c12589fabef13009715c27a835c1980fbf66738b7af6f79fd2ddc15
69e2cb3881bf49cfae772e2fb133d16e455792121fc2f0781b8d8e84a8284a48
8107d336fd1e5fee55e5a439af3165b98a39d84e25a0d55af1179d8e1b7b19ea
8f77d855075159f6093ce44c92256d4b127d6c28486039c22476533f1290f330
9fa9a5dd7702d14574417221a210b07c55bea87995796e1ac175864254bc0b16
b81ca95427455e8704ed486c9b37346dc71d2f01e5353bbfc37614cdd067b23a
be98a71333624c41265d90e6cc689fc9ba72174d0c400dabffc3fd4321d43e4e
f55488618d647866393d1fb92d7d2318e2f40e00464f8f91ee9fd154a049ff8e
fc6cd95261064c28600405c9c8dd51813abf8367e85b6e00f0f3031a8338988a
fe917dddbfaf57e06fae1017c6ebcbf4fa915aa9c7c06f825a456ca77d167be9

support-xfinity.141-98-115-112.cprapid.com Open in urlscan Pro 141.98.115.112 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

17 Requests

100 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

3 IPs

2 Countries

697 kBTransfer

874 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

0 Cookies

Indicators

support-xfinity.141-98-115-112.cprapid.com Open in urlscan Pro
141.98.115.112 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

17
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

697 kB
Transfer

874 kB
Size

0
Cookies

17 HTTP transactions
3 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!