myspctrum-uthe.cf
Open in
urlscan Pro
46.29.161.2
Malicious Activity!
Public Scan
Submission: On November 07 via api from CZ
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on November 3rd 2019. Valid for: 3 months.
This is the only time myspctrum-uthe.cf was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Spectrum (Telecommunication)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
9 | 46.29.161.2 46.29.161.2 | 51659 (ASBAXET) (ASBAXET) | |
4 | 34.197.1.58 34.197.1.58 | 14618 (AMAZON-AES) (AMAZON-AES - Amazon.com) | |
4 | 2.18.232.23 2.18.232.23 | 16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies) | |
1 | 142.136.81.136 142.136.81.136 | 3456 (TWC-3456-IT) (TWC-3456-IT - Charter Communications Inc) | |
1 2 | 52.30.105.51 52.30.105.51 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
2 | 35.181.91.36 35.181.91.36 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
1 | 66.117.29.3 66.117.29.3 | 15224 (OMNITURE) (OMNITURE - Adobe Systems Inc.) | |
1 | 34.247.58.231 34.247.58.231 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
25 | 9 |
ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-34-197-1-58.compute-1.amazonaws.com
registration.timewarnercable.com |
ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a2-18-232-23.deploy.static.akamaitechnologies.com
assets.adobedtm.com |
ASN3456 (TWC-3456-IT - Charter Communications Inc, US)
PTR: www.twcnc.com
www.timewarnercable.com |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-30-105-51.eu-west-1.compute.amazonaws.com
dpm.demdex.net |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-35-181-91-36.eu-west-3.compute.amazonaws.com
metrics.timewarnercable.com |
ASN15224 (OMNITURE - Adobe Systems Inc., US)
twcroadrunner.tt.omtrdc.net |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-34-247-58-231.eu-west-1.compute.amazonaws.com
roadrunner.demdex.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
myspctrum-uthe.cf
myspctrum-uthe.cf |
130 KB |
7 |
timewarnercable.com
registration.timewarnercable.com www.timewarnercable.com metrics.timewarnercable.com |
195 KB |
4 |
adobedtm.com
assets.adobedtm.com |
61 KB |
3 |
demdex.net
1 redirects
dpm.demdex.net roadrunner.demdex.net |
2 KB |
1 |
omtrdc.net
twcroadrunner.tt.omtrdc.net |
904 B |
0 |
nextit.com
Failed
twc.nextit.com Failed |
|
25 | 6 |
Domain | Requested by | |
---|---|---|
9 | myspctrum-uthe.cf |
myspctrum-uthe.cf
|
4 | assets.adobedtm.com |
myspctrum-uthe.cf
assets.adobedtm.com |
4 | registration.timewarnercable.com |
myspctrum-uthe.cf
|
2 | metrics.timewarnercable.com |
assets.adobedtm.com
myspctrum-uthe.cf |
2 | dpm.demdex.net |
1 redirects
myspctrum-uthe.cf
|
1 | roadrunner.demdex.net |
assets.adobedtm.com
|
1 | twcroadrunner.tt.omtrdc.net |
registration.timewarnercable.com
|
1 | www.timewarnercable.com |
myspctrum-uthe.cf
|
0 | twc.nextit.com Failed |
myspctrum-uthe.cf
|
25 | 9 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.timewarnercable.com |
help.twcable.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
myspctrum-uthe.cf cPanel, Inc. Certification Authority |
2019-11-03 - 2020-02-01 |
3 months | crt.sh |
registration.timewarnercable.com DigiCert SHA2 Secure Server CA |
2019-08-20 - 2020-09-08 |
a year | crt.sh |
assets.adobedtm.com DigiCert SHA2 High Assurance Server CA |
2019-10-22 - 2021-10-01 |
2 years | crt.sh |
timewarnercable.com DigiCert SHA2 Secure Server CA |
2019-09-24 - 2020-10-04 |
a year | crt.sh |
*.demdex.net DigiCert SHA2 High Assurance Server CA |
2018-01-09 - 2021-02-12 |
3 years | crt.sh |
metrics.timewarnercable.com DigiCert SHA2 High Assurance Server CA |
2019-09-30 - 2021-01-06 |
a year | crt.sh |
*.tt.omtrdc.net DigiCert SHA2 High Assurance Server CA |
2017-10-19 - 2020-11-25 |
3 years | crt.sh |
This page contains 2 frames:
Primary Page:
https://myspctrum-uthe.cf/.DL/Spect/Spect/Zo/5th15be1thn65ed41tnh65e4d1gt6541nhed65t4g1nhj6e5d4g16/log/sycho/4.php?526839ca0017c7b64415c6b5b3a1470c-526839ca0017c7b64415c6b5b3a1470c-526839ca0017c7b64415c6b5b3a1470c526839ca0017c7b64415c6b5b3a1470c526839ca0017c7b64415c6b5b3a1470c526839ca0017c7b64415c6b5b3a1470c526839ca0017c7b64415c6b5b3a1470c526839ca0017c7b64415c6b5b3a1470c526839ca0017c7b64415c6b5b3a1470c526839ca0017c7b64415c6b5b3a1470c526839ca0017c7b64415c6b5b3a1470c
Frame ID: DC5DF75FADD34620606B836A18F57D84
Requests: 24 HTTP requests in this frame
Frame:
https://roadrunner.demdex.net/dest5.html?d_nsid=0
Frame ID: 0F3AE0E3B8812CB7F4185E170818DBDE
Requests: 1 HTTP requests in this frame
Screenshot
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- url /\.php(?:$|\?)/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i
Adobe DTM (Tag Managers) Expand
Detected patterns
- script /\/\/assets.adobedtm.com\//i
Page Statistics
8 Outgoing links
These are links going to different origins than the main page.
Title: Learn how to enable cookies >
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Title: Privacy Policy
Search URL Search Domain Scan URL
Title: Terms, Conditions & Policies
Search URL Search Domain Scan URL
Title: Regulatory
Search URL Search Domain Scan URL
Title: Forward-Looking Statements Caution
Search URL Search Domain Scan URL
Title: California Privacy Rights
Search URL Search Domain Scan URL
Title: Website Terms of Use
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 11- https://dpm.demdex.net/id?d_visid_ver=1.5.2&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=5BB1123F5245AE4E0A490D45%40AdobeOrg&d_nsid=0&d_cb=s_c_il%5B0%5D._setMarketingCloudFields HTTP 302
- https://dpm.demdex.net/id/rd?d_visid_ver=1.5.2&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=5BB1123F5245AE4E0A490D45%40AdobeOrg&d_nsid=0&d_cb=s_c_il%5B0%5D._setMarketingCloudFields
25 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
Cookie set
4.php
myspctrum-uthe.cf/.DL/Spect/Spect/Zo/5th15be1thn65ed41tnh65e4d1gt6541nhed65t4g1nhj6e5d4g16/log/sycho/ |
13 KB 13 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
live-engage-33ab08eac0fc563c11786eaeaeafa297.js
myspctrum-uthe.cf/assets/manifests/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
NIT.Alme.Combined.min.css
twc.nextit.com/LiveEngage/css/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main-e0840a2377ffb951560096d54780f0cc.css
myspctrum-uthe.cf/.DL/Spect/Spect/Zo/5th15be1thn65ed41tnh65e4d1gt6541nhed65t4g1nhj6e5d4g16/log/sycho/ |
117 KB 117 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
residential-3fb2aab5e1ac64a4882e2cd3667dd61b.js
registration.timewarnercable.com/assets/manifests/ |
757 KB 189 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
satelliteLib-bf4c9cc3c49ed4732bad6e252bbb04506eb5ba85.js
assets.adobedtm.com/a011e94b6ba81cdcfdf24acdb480b5e4204c4dea/ |
91 KB 29 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
password-073824b0f6d47b0bea411aa56050a644.css
registration.timewarnercable.com/assets/layouts/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
username-89f3e24688a380aa37e16091c863d204.css
registration.timewarnercable.com/assets/password/reset/ |
399 B 480 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Spectrum_Logo_White.png
www.timewarnercable.com/content/dam/careportals/common/images/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
username-68b329da9893e34099c7d8ad5cb9c940.js
myspctrum-uthe.cf/assets/password/reset/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
residential-deferred-57a7c928205befe7cef982d99c35f28f.js
myspctrum-uthe.cf/assets/manifests/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
NIT.Alme.Combined.min.js
twc.nextit.com/LiveEngage/js/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
rd
dpm.demdex.net/id/ Redirect Chain
|
1 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
satellite-55f30acb66383100170008e0.js
assets.adobedtm.com/a011e94b6ba81cdcfdf24acdb480b5e4204c4dea/scripts/ |
77 KB 27 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
password-073824b0f6d47b0bea411aa56050a644.css
registration.timewarnercable.com/assets/layouts/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
id
metrics.timewarnercable.com/ |
114 B 498 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
standard
twcroadrunner.tt.omtrdc.net/m2/twcroadrunner/mbox/ |
988 B 904 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
username-68b329da9893e34099c7d8ad5cb9c940.js
myspctrum-uthe.cf/assets/password/reset/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
OpenSans-Regular.ttf
myspctrum-uthe.cf/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
OpenSans-Bold.ttf
myspctrum-uthe.cf/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
residential-deferred-57a7c928205befe7cef982d99c35f28f.js
myspctrum-uthe.cf/assets/manifests/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
satellite-5577350c66303900141c0500.js
assets.adobedtm.com/a011e94b6ba81cdcfdf24acdb480b5e4204c4dea/scripts/ |
234 B 445 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
satellite-544855f6618ab202cc0001c0.js
assets.adobedtm.com/a011e94b6ba81cdcfdf24acdb480b5e4204c4dea/scripts/ |
15 KB 4 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
s61453048562524
metrics.timewarnercable.com/b/ss/tsg2resdev3/1/JS-1.6.3/ |
43 B 219 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Cookie set
dest5.html
roadrunner.demdex.net/ Frame 0F3A |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- twc.nextit.com
- URL
- https://twc.nextit.com/LiveEngage/css/NIT.Alme.Combined.min.css
- Domain
- twc.nextit.com
- URL
- https://twc.nextit.com/LiveEngage/js/NIT.Alme.Combined.min.js
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Spectrum (Telecommunication)97 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate object| lpTag string| liveEngageSiteId string| mboxCopyright number| mboxVersion object| mboxFactories object| mboxFactoryDefault function| mboxLoadSCPlugin function| mboxTrack function| mboxTrackDefer function| mboxTrackLink undefined| demdex_raw undefined| tapMboxBuilder function| $ function| jQuery function| DP_jQuery_1573093141182 function| _ object| Backbone function| mboxUrlBuilder function| mboxStandardFetcher function| mboxAjaxFetcher function| mboxMap function| mboxFactory function| mboxSignaler function| mboxList function| mboxLocatorDefault function| mboxLocatorNode function| mboxCreate function| mboxDefine function| mboxUpdate function| mbox function| mboxOfferContent function| mboxOfferAjax function| mboxOfferDefault function| mboxCookieManager function| mboxSession function| mboxPC function| mboxGetPageParameter function| mboxSetCookie function| mboxGetCookie function| mboxCookiePageDomain function| mboxShiftArray function| mboxGenerateId function| mboxScreenHeight function| mboxScreenWidth function| mboxBrowserWidth function| mboxBrowserHeight function| mboxBrowserTimeOffset function| mboxScreenColorDepth function| mboxScPluginFetcher function| mboxVizTargetUrl function| jpackage object| twc string| s_account function| Visitor object| _satellite object| s_c_il number| s_c_in object| visitor object| s number| noneIndex function| AppMeasurement_Module_Integrate function| AppMeasurement_Module_ActivityMap function| AppMeasurement function| s_gi function| s_pgicq boolean| runOnce number| s_objectID number| s_giq object| mboxCurrent object| ttMETA function| ttMBX function| check function| clearSessionCookies string| val string| f0 string| j string| tempEvar75 string| n string| s_tnt object| s_i_tsg2resdev3 undefined| d undefined| expires function| queryHandler function| urlHandler object| urlObject function| getUrlObject object| entityMap function| cleanValue function| flashTrack function| getPageTitle string| pageTitle function| getPropByName function| trackPageNameFromFlash function| trackVideoActionFromFlash function| trackVideoNameFromFlash11 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.myspctrum-uthe.cf/ | Name: SC_TWCLINKS Value: %5B%5BB%5D%5D |
|
.myspctrum-uthe.cf/ | Name: new_path Value: New |
|
.myspctrum-uthe.cf/ | Name: s_nr Value: 1573093141468-New |
|
.myspctrum-uthe.cf/ | Name: gpv_ev59 Value: %20Spect%20%3E%20Spect%20%3E%20Zo%20%3E%205th15be1thn65ed41tnh65e4d1gt6541nhed65t4g1nhj6e5d4g16%20%3E%20log%20 |
|
.myspctrum-uthe.cf/ | Name: s_mtd Value: %5B%5BB%5D%5D |
|
.myspctrum-uthe.cf/ | Name: s_cc Value: true |
|
.myspctrum-uthe.cf/ | Name: s_lastvisit_s Value: First%20Visit |
|
.myspctrum-uthe.cf/ | Name: s_lastvisit Value: 1573093141467 |
|
.myspctrum-uthe.cf/ | Name: mbox Value: check#true#1573093202|session#1573093141189-168643#1573095002|PC#1573093141189-168643.26_9#1580869142 |
|
myspctrum-uthe.cf/ | Name: AMCV_5BB1123F5245AE4E0A490D45%40AdobeOrg Value: 793872103%7CMCIDTS%7C18208%7CMCMID%7C68876806259397323433140622397460594952%7CMCAAMLH-1573697941%7C6%7CMCAAMB-1573697941%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCAID%7CNONE |
|
myspctrum-uthe.cf/ | Name: PHPSESSID Value: dfa1942136da6d2f531a233d2e83b9df |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
assets.adobedtm.com
dpm.demdex.net
metrics.timewarnercable.com
myspctrum-uthe.cf
registration.timewarnercable.com
roadrunner.demdex.net
twc.nextit.com
twcroadrunner.tt.omtrdc.net
www.timewarnercable.com
twc.nextit.com
142.136.81.136
2.18.232.23
34.197.1.58
34.247.58.231
35.181.91.36
46.29.161.2
52.30.105.51
66.117.29.3
01148e0436139d091516908f6ead502ef9b79dc49e153530149d3892fcadb3b5
24a4f493bc9d71de4016f37b77e94c1a9ba9be1adb53c6d146ef601b9223b40b
2847b32984bf6c970865ea4e48ef04094bc347a4a297d6172adeb0b79a6ddbbd
2c44a15c6525cc371931ab2f9f5dfb239d43570e60e6d03bf6a484edb36b0a6c
41eea99f41554ab1d667a98cdea098faa5743d9657df391a0b41a30702b4fb6f
446996e531f44c1376f08dbc63ec4adf46c42ade401699ad0a2369a2bc9213ed
555505816de342b84adcc239e5ea0a221341c0eb6aefe1e93783006b133c5ad8
5830475d257be59e932d247b79c2d1d2e846c116664bd5ac5d8e47d8db1dc3c3
64512c670260141e49489eca8fd5de0b324c96f25ba58702152f2e6e3d4fd63f
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a93edee69f15c4f73123ec0d67b40783b6416ac2adac56c1583eb1fe9e27698c
cb515d5aff0799ec96d12e739a86ff2830ac60f7f0de307b16de7562a1f8324a
edd2ef41a58b2aadea4be395655e1a51d1dd273038fffa4ef03f512563cd59be