68.87.29.197 Open in urlscan Pro
68.87.29.197 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://68.87.29.197/login/templates/advancedthemewbflat/images/tabr.jpg.7z
Submission: On January 29 via automatic, source openphish (January 29th 2021, 1:10:30 am UTC)

Summary HTTP 45 Redirects Links 10 Behaviour Indicators

Summary

This website contacted 18 IPs in 6 countries across 15 domains to perform 45 HTTP transactions. The main IP is 68.87.29.197, located in United States and belongs to COMCAST-7922, US. The main domain is 68.87.29.197.
TLS certificate: Issued by COMODO RSA Organization Validation Se... on October 2nd 2020. Valid for: a year.

This is the only time 68.87.29.197 was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Xfinity (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
7	68.87.29.197 68.87.29.197	7922 (COMCAST-7922) (COMCAST-7922)
5	2a02:26f0:6c0... 2a02:26f0:6c00:2be::30d4	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	151.101.114.217 151.101.114.217	54113 (FASTLY) (FASTLY)
1	2607:ae80:5::130 2607:ae80:5::130	26558 (FREEWHEEL) (FREEWHEEL)
1 4	52.17.234.162 52.17.234.162	16509 (AMAZON-02) (AMAZON-02)
10	2a02:26f0:6c0... 2a02:26f0:6c00:2a2::2c06	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4	2a02:26f0:6c0... 2a02:26f0:6c00:28a::1e80	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	35.181.18.61 35.181.18.61	16509 (AMAZON-02) (AMAZON-02)
3	13.224.192.34 13.224.192.34	16509 (AMAZON-02) (AMAZON-02)
1	2.18.232.130 2.18.232.130	16625 (AKAMAI-AS) (AKAMAI-AS)
1	134.209.131.220 134.209.131.220	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
1	69.173.144.143 69.173.144.143	26667 (RUBICONPR...) (RUBICONPROJECT)
1 3	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
2	178.250.2.131 178.250.2.131	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	185.33.221.52 185.33.221.52	29990 (ASN-APPNEX) (ASN-APPNEX)
1	2a02:2638::1c 2a02:2638::1c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2a02:2638:1::3 2a02:2638:1::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1 1	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
45	18

7 68.87.29.197 (United States)

ASN7922 (COMCAST-7922, US)

68.87.29.197	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a02:26f0:6c00:2be::30d4 (Ascension Island)

ASN20940 (AKAMAI-ASN1, NL)

static.cimcontent.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.114.217 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

scripts.webcontentassessor.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:ae80:5::130 (United States)

ASN26558 (FREEWHEEL, US)

7468.v.fwmrm.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.17.234.162 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-17-234-162.eu-west-1.compute.amazonaws.com

xfinitydigital.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
comcast.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a02:26f0:6c00:2a2::2c06 (Ascension Island)

ASN20940 (AKAMAI-ASN1, NL)

dl.cws.xfinity.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:26f0:6c00:28a::1e80 (Ascension Island)

ASN20940 (AKAMAI-ASN1, NL)

assets.adobedtm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.181.18.61 (Paris, France)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-181-18-61.eu-west-3.compute.amazonaws.com

comcastcom.d1.sc.omtrdc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.224.192.34 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-192-34.fra2.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.18.232.130 (Ascension Island)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-232-130.deploy.static.akamaitechnologies.com

acdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 134.209.131.220 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN, US)

e.serverbid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.143 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

fastlane.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.244.159.8 (Mountain View, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

comcast-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
eu-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.2.131 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
PTR: bidder.am5.vip.prod.criteo.com

bidder.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.33.221.52 (Netherlands)

ASN29990 (ASN-APPNEX, US)
PTR: 725.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638::1c (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:1::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	xfinity.com dl.cws.xfinity.com	2 KB
5	cimcontent.net static.cimcontent.net	173 KB
4	adobedtm.com assets.adobedtm.com	84 KB
4	demdex.net 1 redirects xfinitydigital.demdex.net dpm.demdex.net comcast.demdex.net	3 KB
3	criteo.com bidder.criteo.com gum.criteo.com	284 B
3	openx.net 1 redirects comcast-d.openx.net eu-u.openx.net us-u.openx.net	740 B
3	amazon-adsystem.com c.amazon-adsystem.com	34 KB
2	adnxs.com acdn.adnxs.com ib.adnxs.com	32 KB
1	doubleclick.net 1 redirects cm.g.doubleclick.net	118 B
1	criteo.net static.criteo.net	26 KB
1	rubiconproject.com fastlane.rubiconproject.com	2 KB
1	serverbid.com e.serverbid.com	166 B
1	omtrdc.net comcastcom.d1.sc.omtrdc.net	88 B
1	fwmrm.net 7468.v.fwmrm.net	407 B
1	webcontentassessor.com scripts.webcontentassessor.com	32 KB
45	15

	Domain	Requested by
10	dl.cws.xfinity.com	static.cimcontent.net
5	static.cimcontent.net	68.87.29.197
4	assets.adobedtm.com	static.cimcontent.net assets.adobedtm.com
3	c.amazon-adsystem.com	68.87.29.197 static.cimcontent.net
2	bidder.criteo.com	static.cimcontent.net
2	xfinitydigital.demdex.net	1 redirects 68.87.29.197
1	us-u.openx.net
1	cm.g.doubleclick.net	1 redirects
1	eu-u.openx.net	1 redirects
1	static.criteo.net	static.cimcontent.net
1	gum.criteo.com	68.87.29.197
1	ib.adnxs.com	static.cimcontent.net
1	comcast-d.openx.net	static.cimcontent.net
1	fastlane.rubiconproject.com	static.cimcontent.net
1	e.serverbid.com	static.cimcontent.net
1	acdn.adnxs.com	68.87.29.197
1	comcastcom.d1.sc.omtrdc.net	static.cimcontent.net
1	comcast.demdex.net	assets.adobedtm.com
1	dpm.demdex.net	static.cimcontent.net
1	7468.v.fwmrm.net	68.87.29.197
1	scripts.webcontentassessor.com	68.87.29.197
45	21

This site contains links to these domains. Also see Links.

Domain
www.comcast.net
www.surveymonkey.com
idm.xfinity.com
customer.xfinity.com
my.xfinity.com
xfinity.comcast.net
www.xfinity.com

Subject Issuer	Validity	Valid
*.identity.xfinity.com COMODO RSA Organization Validation Secure Server CA	`2020-10-02` - `2021-10-02`	a year	crt.sh
static.cimcontent.net COMODO RSA Organization Validation Secure Server CA	`2020-04-16` - `2022-04-16`	2 years	crt.sh
scripts.webcontentassessor.com GlobalSign Atlas R3 DV TLS CA 2020	`2021-01-27` - `2022-02-28`	a year	crt.sh
*.v.fwmrm.net DigiCert TLS RSA SHA256 2020 CA1	`2020-11-17` - `2021-12-18`	a year	crt.sh
*.demdex.net DigiCert TLS RSA SHA256 2020 CA1	`2020-12-02` - `2022-01-02`	a year	crt.sh
assets.adobedtm.com DigiCert TLS RSA SHA256 2020 CA1	`2021-01-08` - `2021-09-30`	9 months	crt.sh
*.cws.xfinity.com COMODO RSA Organization Validation Secure Server CA	`2020-05-04` - `2022-05-04`	2 years	crt.sh
*.d1.sc.omtrdc.net DigiCert SHA2 High Assurance Server CA	`2020-02-28` - `2022-03-04`	2 years	crt.sh
c.amazon-adsystem.com Amazon	`2020-08-04` - `2021-08-02`	a year	crt.sh
cdn.adnxs.com GeoTrust RSA CA 2018	`2020-01-02` - `2021-04-02`	a year	crt.sh
e.serverbid.com R3	`2020-12-17` - `2021-03-17`	3 months	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2020-12-18` - `2022-01-18`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2020-06-18` - `2021-08-17`	a year	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2020-11-17` - `2021-02-14`	3 months	crt.sh
*.adnxs.com DigiCert ECC Secure Server CA	`2019-01-23` - `2021-03-08`	2 years	crt.sh
*.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2020-11-17` - `2021-02-14`	3 months	crt.sh

This page contains 3 frames:

Primary Page: https://68.87.29.197/login/templates/advancedthemewbflat/images/tabr.jpg.7z
Frame ID: 9B21C2B2B00D33650A2325AFF26993BB
Requests: 40 HTTP requests in this frame

Frame: https://comcast.demdex.net/dest5.html?d_nsid=0
Frame ID: FC24E55CFCEFF4419A768A728E721894
Requests: 1 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?topUrl=68.87.29.197
Frame ID: 3D9D558DA281592CFCC2E6345CA9355E
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Statistics

45
Requests

84 %
HTTPS

39 %
IPv6

15
Domains

21
Subdomains

18
IPs

6
Countries

507 kB
Transfer

1210 kB
Size

7
Cookies

10 Outgoing links

These are links going to different origins than the main page.

URL: http://www.comcast.net/adinformation
Title: Ad Info

Search URL Search Domain Scan URL

URL: https://www.surveymonkey.com/s.aspx?sm=FyNNVDhj_2f2FNc2KVOHQ4eg_3d_3d
Title: Ad Feedback

Search URL Search Domain Scan URL

URL: https://idm.xfinity.com/myaccount/lookup?continue=https%3A%2F%2Flogin.xfinity.com%2Flogin%3FselectAccount%3Dfalse%26ipAddrAuthn%3Dfalse%26passive%3Dfalse%26reqId%3D755a67cf-60a0-48b5-b0ea-af50853962c0%26r%3Dcomcast.net%26s%3Dportal%26deviceAuthn%3Dfalse%26continue%3Dhttp%253A%252F%252Fxfinity.comcast.net%252F%26forceAuthn%3D0%26lang%3Den%26rm%3D2%26ui_style%3Dlight&lang=en&ui_style=light
Title: Xfinity ID

Search URL Search Domain Scan URL

URL: https://idm.xfinity.com/myaccount/reset?continue=https%3A%2F%2Flogin.xfinity.com%2Flogin%3FselectAccount%3Dfalse%26ipAddrAuthn%3Dfalse%26passive%3Dfalse%26reqId%3D755a67cf-60a0-48b5-b0ea-af50853962c0%26r%3Dcomcast.net%26s%3Dportal%26deviceAuthn%3Dfalse%26continue%3Dhttp%253A%252F%252Fxfinity.comcast.net%252F%26forceAuthn%3D0%26lang%3Den%26rm%3D2%26ui_style%3Dlight&lang=en&ui_style=light
Title: password

Search URL Search Domain Scan URL

URL: https://idm.xfinity.com/myaccount/create-uid?continue=https%3A%2F%2Flogin.xfinity.com%2Flogin%3FselectAccount%3Dfalse%26ipAddrAuthn%3Dfalse%26passive%3Dfalse%26reqId%3D755a67cf-60a0-48b5-b0ea-af50853962c0%26r%3Dcomcast.net%26s%3Dportal%26deviceAuthn%3Dfalse%26continue%3Dhttp%253A%252F%252Fxfinity.comcast.net%252F%26forceAuthn%3D0%26lang%3Den%26rm%3D2%26ui_style%3Dlight&lang=en&ui_style=light
Title: Create one

Search URL Search Domain Scan URL

URL: https://customer.xfinity.com/lite
Title: Pay any balance

Search URL Search Domain Scan URL

URL: http://my.xfinity.com/terms/web/
Title: Terms of Service

Search URL Search Domain Scan URL

URL: http://xfinity.comcast.net/privacy/
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://www.xfinity.com/privacy/policy
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://www.xfinity.com/privacy/manage-preference
Title: Do Not Sell My Personal Information

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 7

https://xfinitydigital.demdex.net/event?d_sid=4702129 HTTP 302
https://xfinitydigital.demdex.net/firstevent?d_sid=4702129

Request Chain 45

https://eu-u.openx.net/w/1.0/pd?plm=10&ph=42d504c1-bae8-4312-8ad6-a76f3705b195&gdpr=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEEGjIXuI1F_09lI4-GP36qI&google_cver=1

45 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request Cookie set tabr.jpg.7z Show response
68.87.29.197/login/templates/advancedthemewbflat/images/ 12 KB
5 KB 271ms
270ms Document
text/html 68.87.29.197
COMCAST-7922

General

Domain/Path	Expires	Name / Value
.demdex.net/	1970-01-19 20:03:54	Name: dextp Value: 21-1-1611882613085\|60-1-1611882613186\|358-1-1611882613287\|470-1-1611882613388\|477-1-1611882613489
68.87.29.197/login/templates/advancedthemewbflat/images	1970-01-20 09:15:54	Name: bid Value: pB8eydr9TJ2cgzaH0uzFIjCNofE
68.87.29.197/	1970-01-20 09:15:54	Name: AMCV_DA11332E5321D0550A490D45%40AdobeOrg Value: 359503849%7CMCIDTS%7C18657%7CMCMID%7C21944564940704639130388430357891553986%7CMCAAMLH-1612487413%7C6%7CMCAAMB-1612487413%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1611889813s%7CNONE%7CMCAID%7CNONE%7CvVersion%7C5.0.1
68.87.29.197/	1969-12-31 23:59:59	Name: BIGipServerp_loginxf-wcdc-ipv4_443 Value: !iIc4IVJdlZTKFjzab3bAYz+ZnnXVjVUmyT45Av2fzE6RS7wjQaMKZzPiYMCgpOm6ZTImkSsbyJAbwHA=
.demdex.net/	1970-01-19 20:03:54	Name: demdex Value: 21792493757401172620371971471343330917
68.87.29.197/	1969-12-31 23:59:59	Name: AMCVS_DA11332E5321D0550A490D45%40AdobeOrg Value: 1
68.87.29.197/	1969-12-31 23:59:59	Name: SESSION Value: 73d7b278-07cf-4b07-90d0-b65c5ccf80ea

Source	Level	URL Text
console-api	log	URL: https://assets.adobedtm.com/331fbea29f79/fdd77923e2da/52d5ba0fe5d1/EX42af35e02f37445ba43641984da760ce-libraryCode_source.min.js(Line 2) Message: Error, missing Report Suite ID in AppMeasurement initialization
console-api	info	URL: https://acdn.adnxs.com/ast/ast.js(Line 1) Message: AST library loaded: 0.35.0

Header	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains;
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

68.87.29.197 Open in urlscan Pro 68.87.29.197 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Statistics

45 Requests

84 %HTTPS

39 %IPv6

15 Domains

21 Subdomains

18 IPs

6 Countries

507 kBTransfer

1210 kBSize

7 Cookies

10 Outgoing links

Redirected requests

45 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

68.87.29.197 Open in urlscan Pro
68.87.29.197 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

45
Requests

84 %
HTTPS

39 %
IPv6

15
Domains

21
Subdomains

18
IPs

6
Countries

507 kB
Transfer

1210 kB
Size

7
Cookies

45 HTTP transactions
2 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!