mail.twcbc.com
Open in
urlscan Pro
47.43.26.70
Malicious Activity!
Public Scan
Submission: On February 24 via manual from US — Scanned from DE
Summary
TLS certificate: Issued by DigiCert SHA2 Secure Server CA on August 3rd 2021. Valid for: a year.
This is the only time mail.twcbc.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Spectrum (Telecommunication)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
8 | 47.43.26.70 47.43.26.70 | 40294 (CHARTER-4...) (CHARTER-40294-DC) | |
8 | 1 |
ASN40294 (CHARTER-40294-DC, US)
PTR: p-bc5-mail-vip.twcbc.com
mail.twcbc.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
twcbc.com
mail.twcbc.com — Cisco Umbrella Rank: 831167 |
111 KB |
8 | 1 |
Domain | Requested by | |
---|---|---|
8 | mail.twcbc.com |
mail.twcbc.com
|
8 | 1 |
This site contains links to these domains. Also see Links.
Domain |
---|
business.timewarnercable.com |
business.spectrum.com |
www.spectrum.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
mail.twc.com DigiCert SHA2 Secure Server CA |
2021-08-03 - 2022-09-03 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://mail.twcbc.com/do/redirect?url=https%253A%252F%252Finfo.key.com%252Fpub%252Fcc%253F_ri_%253DX0Gzc2X%25253DAQpglLjHJlTQGijdB0TFzbJUzbvzgwDROyzbmm0W9w6ze2Jo4lWj19zcCWdwW0useJjvzbzdVXtpKX%25253DYCAWURTT%2526_ei_%253DEq2tf9zs59idfPO1Sc_9BbkIlvezbk7f6-dZNL2-unWqxcgzLXU2CRgrkoc-o9sgBJVcknzzoi_yqg.%2526_di_%253D8n0jr6495ab84c6ec4rb37rt593ik67eq0ngij8h5uthr8ls4tj0&hmac=68211d938b3318e7666789a47b3217dc
Frame ID: B15C265F9740E05D7CFB3489402A3DA9
Requests: 8 HTTP requests in this frame
4 Outgoing links
These are links going to different origins than the main page.
Title: Need Help Signing In?
Search URL Search Domain Scan URL
Title: Your Privacy Rights
Search URL Search Domain Scan URL
Title: California Privacy Policy
Search URL Search Domain Scan URL
Title: Policies
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
8 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
redirect
mail.twcbc.com/do/ |
6 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
common_js.jsp;jsessionid=aaaR3gnP5K1C27O4PzT8x
mail.twcbc.com/includes/ |
17 KB 18 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
reset-min.221a.css;jsessionid=aaaR3gnP5K1C27O4PzT8x
mail.twcbc.com/includes/ |
1 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
webmail.221a.css;jsessionid=aaaR3gnP5K1C27O4PzT8x
mail.twcbc.com/includes/ |
59 KB 59 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
javascript_js.jsp;jsessionid=aaaR3gnP5K1C27O4PzT8x
mail.twcbc.com/login/ |
6 KB 6 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
spectrum_logo_login.gif;jsessionid=aaaR3gnP5K1C27O4PzT8x
mail.twcbc.com/images/ |
3 KB 4 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
adlogin_bg.jpg
mail.twcbc.com/images/ |
14 KB 14 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
in_page_btn_blue.png
mail.twcbc.com/images/webmail_images/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Spectrum (Telecommunication)68 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| structuredClone function| validateLoginForm function| validateMailSettingsBlockingForm function| validateComposeForm function| validateDestinationForm function| validateMailSettingsListExternalForm function| validateFamilyMboxForm function| validateFilterForm function| validateFilterListForm function| validateAddEditFolderForm function| trim function| validateMailSettingsFilterForm function| validateMailSettingsForwardingForm function| validateMailSettingsJunkMailForm function| validateMailSettingsJunkMailCMForm function| validateMailSettingsJunkMailCTForm function| validateMailSettingsAntivirusCTForm function| validateMailSettingsAntivirusForm function| validateMailSettingsAliasForm function| validateMailSettingsExternalForm function| validateMailSettingsPreferencesForm function| validateMessageSearchForm function| validateMailSettingsSignatureForm function| validateMailSettingsVacationForm function| validateNotificationForm function| validateMailSettingsReturnReceiptForm function| validateGeneralSettingsGreetingsForm function| validateGeneralSettingsPasswordForm function| validateGeneralSettingsPinForm function| validateGeneralSettingsTimeZoneForm function| validateGeneralSettingsUserLocaleForm function| validateMailSettingsSendersControlForm function| validateVoicemailSettingsPreferencesForm function| validateVoicemailSettingsFaxForm function| validateVoicemailSettingsLanguagesForm function| validateVoicemailSettingsPhoneNumberForm function| validateVoicemailSettingsFmfmForm function| validateVoicemailSettingsNewFmfmForm function| hint function| doMoveTop function| confirmDelete function| doDelete function| confirmForwardAsSpam function| doForwardAsSpam function| confirmForwardAsPhishing function| doForwardAsPhishing function| selectAllCheckboxes function| selectAllEnabledCheckboxes function| capitalize function| validateData function| verifyAndSubmit function| isCheckBoxSelected function| validateSendersForm function| validateAddressesContactsForm function| openWin function| navigating function| preserveSelectedAddresses function| doSwitchFolder string| domain string| temp boolean| runOnce function| onKeyPressBlockNumbers function| getCheckedValue function| readCookie function| createCookie function| eraseCookie function| checkSavedLogin function| loginCompletion2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
mail.twcbc.com/ | Name: JSESSIONID Value: aaaR3gnP5K1C27O4PzT8x |
|
mail.twcbc.com/ | Name: UqZBpD3n Value: v1r8oFpg@@lWh |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
mail.twcbc.com
47.43.26.70
0e191c235fdf9ca105b96d92e4d147c169a8cee249efa02eed2563b3b5913120
2fdee7fcce101484e22d5c6f6ad3bcb3932a3551a64c43da390ce80b48b45bc1
37a2f9238d1beea9e3333e3cdb945492ea6375f5eae9fbc322c90c73fa09370d
59cd1543e9e02259174f7b83965ac6424359c077e364564893b231a84f5461d2
7846c7b80959e9a2db4099308825654a98386d26902377ab7800d56a81c09714
8799aad889259becb5cf527d70eaa92c2fdd304d84f7ee2f7eef1bc82652fbbf
c6f80a5417d879b175ebf6866aa2faa174d0b11ed056f5148a7b89620a1c53c4
e00ab3bed5846a55fb2e8c6f73ea7d047c105bbf59ea88c3f9157c2e5251eb20