id-thunder-3a75.ugtreceson.workers.dev
Open in
urlscan Pro
2606:4700:3037::ac43:8292
Malicious Activity!
Public Scan
Submission: On December 04 via api from US — Scanned from US
Summary
TLS certificate: Issued by GTS CA 1P5 on October 22nd 2023. Valid for: 3 months.
This is the only time id-thunder-3a75.ugtreceson.workers.dev was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Xfinity (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 2606:4700:303... 2606:4700:3037::ac43:8292 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 2a04:4e42::649 2a04:4e42::649 | 54113 (FASTLY) (FASTLY) | |
1 | () () | ||
4 | 2620:0:890::100 2620:0:890::100 | 54113 (FASTLY) (FASTLY) | |
1 | 2600:141b:1c0... 2600:141b:1c00:2296::1b62 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
4 | 2600:141b:1c0... 2600:141b:1c00:22a3::30d4 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
13 | 7 |
ASN13335 (CLOUDFLARENET, US)
id-thunder-3a75.ugtreceson.workers.dev |
ASN20940 (AKAMAI-ASN1, NL)
static.cimcontent.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
4 |
cimcontent.net
static.cimcontent.net — Cisco Umbrella Rank: 27018 |
107 KB |
4 |
web.app
riionlnatthl.web.app |
85 KB |
2 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 735 |
60 KB |
2 |
workers.dev
id-thunder-3a75.ugtreceson.workers.dev |
280 KB |
1 |
xfinity.com
sdx.xfinity.com — Cisco Umbrella Rank: 62105 |
133 KB |
13 | 5 |
Domain | Requested by | |
---|---|---|
4 | static.cimcontent.net |
riionlnatthl.web.app
|
4 | riionlnatthl.web.app |
id-thunder-3a75.ugtreceson.workers.dev
|
2 | code.jquery.com |
id-thunder-3a75.ugtreceson.workers.dev
|
2 | id-thunder-3a75.ugtreceson.workers.dev |
id-thunder-3a75.ugtreceson.workers.dev
|
1 | sdx.xfinity.com |
id-thunder-3a75.ugtreceson.workers.dev
|
13 | 5 |
This site contains links to these domains. Also see Links.
Domain |
---|
xfinity.com |
customer.xfinity.com |
businessclass.comcast.net |
idm.xfinity.com |
my.xfinity.com |
xfinity.comcast.net |
www.xfinity.com |
www.comcast.net |
www.surveymonkey.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
ugtreceson.workers.dev GTS CA 1P5 |
2023-10-22 - 2024-01-20 |
3 months | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2023-07-11 - 2024-07-14 |
a year | crt.sh |
web.app GTS CA 1D4 |
2023-11-13 - 2024-02-11 |
3 months | crt.sh |
www.xfinity.comcast.net COMODO RSA Organization Validation Secure Server CA |
2023-08-30 - 2024-08-29 |
a year | crt.sh |
static.cimcontent.net COMODO RSA Organization Validation Secure Server CA |
2023-03-30 - 2024-03-29 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://id-thunder-3a75.ugtreceson.workers.dev/17acf79b-e12b-448a-b4e8-e2c5d0c32ae7
Frame ID: EEF1E94E4D9C828A8D72987EE91B8CAF
Requests: 15 HTTP requests in this frame
12 Outgoing links
These are links going to different origins than the main page.
Title: Get help going virtual
Search URL Search Domain Scan URL
Title: quick bill pay
Search URL Search Domain Scan URL
Title: Sign in here
Search URL Search Domain Scan URL
Title: Xfinity ID
Search URL Search Domain Scan URL
Title: password
Search URL Search Domain Scan URL
Title: Create one
Search URL Search Domain Scan URL
Title: Terms of Service
Search URL Search Domain Scan URL
Title: Privacy Policy
Search URL Search Domain Scan URL
Title: Privacy Policy
Search URL Search Domain Scan URL
Title: Ad Info
Search URL Search Domain Scan URL
Title: Ad Feedback
Search URL Search Domain Scan URL
Title: Do Not Sell My Personal Information
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
13 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
17acf79b-e12b-448a-b4e8-e2c5d0c32ae7
id-thunder-3a75.ugtreceson.workers.dev/ |
869 KB 280 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.4.1.min.js
code.jquery.com/ |
86 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET BLOB |
a2e2fee1-5bc3-4cc0-916e-4d7423dc14b5
https://id-thunder-3a75.ugtreceson.workers.dev/ |
651 KB 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fonts-remote.min.css
riionlnatthl.web.app/ |
3 KB 370 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
styles-light.min.css
riionlnatthl.web.app/ |
45 KB 10 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.4.1.min.js
code.jquery.com/ |
86 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
data-layer.jpg
riionlnatthl.web.app/ |
269 B 518 B |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
0214c1dbd6e5109ad60a848425a8c655.png
riionlnatthl.web.app/ |
75 KB 74 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
a6eabf890bd17fbbea28fb13064329ba.jpg
sdx.xfinity.com/cms/data/cima/bin-202006/ |
132 KB 133 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
933 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
XfinityStandard-Regular.woff2
static.cimcontent.net/fonts/latest/Xfinity_Standard/ |
26 KB 26 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
XfinityStandard-Bold.woff2
static.cimcontent.net/fonts/latest/Xfinity_Standard/ |
26 KB 27 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
XfinityStandard-Medium.woff2
static.cimcontent.net/fonts/latest/Xfinity_Standard/ |
27 KB 27 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
XfinityStandard-Light.woff2
static.cimcontent.net/fonts/latest/Xfinity_Standard/ |
27 KB 27 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Xfinity (Consumer)113 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| documentPictureInPicture function| _0x84a8 function| _0x157afb function| _0x4188 function| _0x3e18be function| _0x1051 function| _0x780d string| s string| m object| runtimeData string| version_ function| _0x45da08 function| _0x3a3c function| _0x20d4 function| _0x4c0de1 function| _0x3fb7be function| _0x1cf1 function| _0x278f function| _0x51f1 function| _0x4377 function| _0x195053 function| _0x3c3d function| _0x2a0b function| _0x447e function| _0x3bc8 function| _0x21a424 function| _0xe856 function| _0x3654 function| _0x455896 function| _0x51d1 function| _0x17f5 function| _0x2671f4 function| _0x2a68 function| _0x3888 function| _0x1a1a function| _0x24ee function| $ function| jQuery function| iiii6y4cA56Nc1o2nfu6se6iiii function| lLLI6Y4Ca56Nc1o2nfu6se6iiii function| llli6y4ca56nc1o2nfu6se6iiii function| iiii6y4ca56nc1o2nfu6se6iiii function| llii6y4ca56nc1o2nfu6se6iiii object| rusVa0 function| fzm5jK object| rRwCOJ number| sYPiXX object| dr3eTV string| d8o51I string| lYs4mtW string| TZj8mj string| UiMmgz string| DUpYn2S string| YTdcK6 string| I04bRUR string| TkrJEwS string| L792EmH string| Vm3GItq string| pkf8TS string| XPnCfz string| ZhC9xE string| WWtX2xx string| aZB7qY7 string| YIswNJ string| bVtyh5a string| Uux86S string| i4HpGmC string| mmQPdrf string| OMLKiYM string| Cxl4tJF string| TvbctS string| A1QIjY string| f9w_h2 string| zq2FRD string| nc5bCF string| JE0SDO string| zZqnWbg string| EkfXJ4U string| Lh95Bqo string| IHwvwmr string| ueOohn string| ED8f7hY string| dRbPke string| rL_UasH string| FYULbZY string| QgQ2fyz string| r8FuPkc string| juv7zX string| tU0KkKr string| YdxioI string| rEJj2in string| Lv0Q_4 string| mIrxB1 string| kL4ADXA string| E5ntAGx string| kX7_5X string| Ti6zt2F string| j7qTWL string| FDI0jgG string| ZDrCBK object| QZVNWx7 object| DrkQyQA object| zHJCXu object| M4REj32 function| fnaB1C1 function| TqDX3p function| V0lULR function| bOrk4v function| wHYFRa function| _CnUiQS function| i4YAQH function| EoFHu4V function| lllll6y4ca56nc1o2nfu6se6llll0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
code.jquery.com
id-thunder-3a75.ugtreceson.workers.dev
riionlnatthl.web.app
sdx.xfinity.com
static.cimcontent.net
2600:141b:1c00:2296::1b62
2600:141b:1c00:22a3::30d4
2606:4700:3037::ac43:8292
2620:0:890::100
2a04:4e42::649
020e9e48d93ba9d27e827e8246dd9f855c388ff4697ba14d647fcc4d9b1ccdef
032d8b49c68572a6136937e3f8f4fb10d94eefaf95418e557f44f1f04b715ba8
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
138c0ead0fbcd09dd455df9870920e8725b367fbf02ac0cef0c62874000ab176
1e7f3c05149c71105fb0f29c114b9ab0daaf6db4639aea823b4da4ae76f0b36b
2a031939885bb7efba89d423c9ee7c0fe2bab465f18db63f40a9ae2bd7bc0228
4bd9c8ed57b1dd8fddcc2910170e9b81b40f7b628e272924e88a98f45ebb9aea
4f6c8fe3d9d39c232c48874cb05e4b88fc313b703b4671333badf8c96ff9b130
58fd862aaa51daaa186ee3fecfd805c0f8eea09146e9c7deb44a3f30a1ad01b5
8f76b4202a5a66eaba4bd9a372bb302287dab1f7b897a141a9f0bb9a10b1018d
dbdc913afccda63f7888675987f5bd3f341e71ca311f4999e1e557d1ad7d2cda
f087c79b54ced888350a539e10ce79e6376fe68e1f24786073475712410677b7
fc6cd95261064c28600405c9c8dd51813abf8367e85b6e00f0f3031a8338988a