sub-netflix.com
Open in
urlscan Pro
192.185.157.116
Malicious Activity!
Public Scan
Submitted URL: https://sub-netflix.com/
Effective URL: https://sub-netflix.com/comcast/
Submission: On March 05 via automatic, source certstream-suspicious — Scanned from DE
Effective URL: https://sub-netflix.com/comcast/
Submission: On March 05 via automatic, source certstream-suspicious — Scanned from DE
Summary
This website contacted 5 IPs
in 2 countries
across 4 domains to perform 31 HTTP transactions.
The main IP is 192.185.157.116, located in
United States and
belongs to NETWORK-SOLUTIONS-HOSTING, US.
The main domain is sub-netflix.com.
TLS certificate: Issued by R3 on March 5th 2023. Valid for: 3 months.
This is the only time sub-netflix.com was scanned on urlscan.io!
TLS certificate: Issued by R3 on March 5th 2023. Valid for: 3 months.
This is the only time sub-netflix.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Xfinity (Consumer)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 26 | 192.185.157.116 192.185.157.116 | 19871 (NETWORK-S...) (NETWORK-SOLUTIONS-HOSTING) | |
| 1 | 151.101.1.108 151.101.1.108 | 54113 (FASTLY) (FASTLY) | |
| 4 | 2a02:26f0:6c0... 2a02:26f0:6c00:181::30d4 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
| 1 | 2a02:26f0:6c0... 2a02:26f0:6c00::210:bab1 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
| 31 | 5 |
26
192.185.157.116
(United States)
ASN19871 (NETWORK-SOLUTIONS-HOSTING, US)
PTR: 192-185-157-116.unifiedlayer.com
ASN19871 (NETWORK-SOLUTIONS-HOSTING, US)
PTR: 192-185-157-116.unifiedlayer.com
| sub-netflix.com |
4
2a02:26f0:6c00:181::30d4
(Frankfurt am Main, Germany)
ASN20940 (AKAMAI-ASN1, NL)
ASN20940 (AKAMAI-ASN1, NL)
| static.cimcontent.net |
1
2a02:26f0:6c00::210:bab1
(Frankfurt am Main, Germany)
ASN20940 (AKAMAI-ASN1, NL)
ASN20940 (AKAMAI-ASN1, NL)
| login.xfinity.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 26 |
sub-netflix.com
1 redirects
sub-netflix.com |
355 KB |
| 4 |
cimcontent.net
static.cimcontent.net — Cisco Umbrella Rank: 25027 |
362 KB |
| 1 |
xfinity.com
login.xfinity.com — Cisco Umbrella Rank: 24225 |
771 B |
| 1 |
adnxs.com
acdn.adnxs.com — Cisco Umbrella Rank: 542 |
33 KB |
| 31 | 4 |
| Domain | Requested by | |
|---|---|---|
| 26 | sub-netflix.com |
1 redirects
sub-netflix.com
|
| 4 | static.cimcontent.net |
sub-netflix.com
|
| 1 | login.xfinity.com |
sub-netflix.com
|
| 1 | acdn.adnxs.com |
sub-netflix.com
|
| 31 | 4 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| www.xfinity.com |
| my.xfinity.com |
| xfinity.comcast.net |
| digital.xfinity.com |
| customer.xfinity.com |
| idm.xfinity.com |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| *.sub-netflix.com R3 |
2023-03-05 - 2023-06-03 |
3 months | crt.sh |
| cdn.adnxs.com GeoTrust TLS RSA CA G1 |
2022-03-11 - 2023-04-11 |
a year | crt.sh |
| static.cimcontent.net COMODO RSA Organization Validation Secure Server CA |
2022-04-06 - 2023-04-06 |
a year | crt.sh |
| login.xfinity.com COMODO RSA Organization Validation Secure Server CA |
2022-11-04 - 2023-11-04 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://sub-netflix.com/comcast/
Frame ID: 72D8F94B7F35E1A6D0C9CD6AD0477FD3
Requests: 31 HTTP requests in this frame
Frame:
https://sub-netflix.com/comcast/Sign%20in%20to%20Xfinity_files/dest5.html
Frame ID: 292BA67187F8A428CE02D0A2CE28FF32
Requests: 1 HTTP requests in this frame
Screenshot
Page Title
Sign in to XfinityPage URL History Show full URLs
-
https://sub-netflix.com/
HTTP 302
https://sub-netflix.com/comcast/ Page URL
Detected technologies
AppNexus
(Advertising Networks)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- adnxs\.(?:net|com)
Prebid
(Advertising Networks)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- /prebid\.js
- adnxs\.com/[^"]*(?:prebid|/pb\.js)
Page Statistics
10 Outgoing links
These are links going to different origins than the main page.
URL: https://www.xfinity.com/privacy/policy/cookienotice
Title: Cookie Notice
Title: Cookie Notice
Search URL Search Domain Scan URL
URL: http://my.xfinity.com/terms/web/
Title: Terms of Service
Title: Terms of Service
Search URL Search Domain Scan URL
URL: http://xfinity.comcast.net/privacy/
Title: Privacy Policy
Title: Privacy Policy
Search URL Search Domain Scan URL
URL: https://digital.xfinity.com/offers/plan-builder?intcmp=ILC:ACQ:BAUP:NON:GEN:GEN:COM:NA:and:6211652102
Title: New to Xfinity? View exclusive offers near you
Title: New to Xfinity? View exclusive offers near you
Search URL Search Domain Scan URL
URL: https://customer.xfinity.com/lite
Title: Pay any balance without signing in
Title: Pay any balance without signing in
Search URL Search Domain Scan URL
URL: https://idm.xfinity.com/myaccount/lookup?continue=https%3A%2F%2Flogin.xfinity.com%2Flogin%3FselectAccount%3Dfalse%26ipAddrAuthn%3Dfalse%26passive%3Dfalse%26reqId%3Db856f4d7-bbdf-4830-86ab-4a092cd518d2%26r%3Dcomcast.net%26s%3Dportal%26deviceAuthn%3Dfalse%26continue%3Dhttp%253A%252F%252Fxfinity.comcast.net%252F%26forceAuthn%3D0%26lang%3Den%26rm%3D2%26ui_style%3Dlight&lang=en&ui_style=light
Title: Find your Xfinity ID
Title: Find your Xfinity ID
Search URL Search Domain Scan URL
URL: https://idm.xfinity.com/myaccount/create-uid?continue=https%3A%2F%2Flogin.xfinity.com%2Flogin%3FselectAccount%3Dfalse%26ipAddrAuthn%3Dfalse%26passive%3Dfalse%26reqId%3Db856f4d7-bbdf-4830-86ab-4a092cd518d2%26r%3Dcomcast.net%26s%3Dportal%26deviceAuthn%3Dfalse%26continue%3Dhttp%253A%252F%252Fxfinity.comcast.net%252F%26forceAuthn%3D0%26lang%3Den%26rm%3D2%26ui_style%3Dlight&lang=en&ui_style=light
Title: Create a new Xfinity ID
Title: Create a new Xfinity ID
Search URL Search Domain Scan URL
URL: https://www.xfinity.com/privacy/policy/staterights#california
Title: CA Notice at collection
Title: CA Notice at collection
Search URL Search Domain Scan URL
URL: https://www.xfinity.com/privacy/manage-preference
Title: Your privacy choices
Title: Your privacy choices
Search URL Search Domain Scan URL
URL: https://my.xfinity.com/adinformation
Title: Ad choices
Title: Ad choices
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://sub-netflix.com/
HTTP 302
https://sub-netflix.com/comcast/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
31 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
Primary Request
/
sub-netflix.com/comcast/ Redirect Chain
|
111 KB 35 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
ast.js
acdn.adnxs.com/ast/ |
95 KB 33 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
prebid.js
static.cimcontent.net/common-web-assets/ad-assets/prebid/ |
217 KB 218 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
f.txt
sub-netflix.com/comcast/Sign%20in%20to%20Xfinity_files/ |
40 B 100 B |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
ast.js.t%C3%A9l%C3%A9chargement
sub-netflix.com/comcast/Sign%20in%20to%20Xfinity_files/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
comcast-common.js.t%C3%A9l%C3%A9chargement
sub-netflix.com/comcast/Sign%20in%20to%20Xfinity_files/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
prism-ui-293ba77.css
sub-netflix.com/comcast/Sign%20in%20to%20Xfinity_files/ |
66 KB 14 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
bundle-293ba77.css
sub-netflix.com/comcast/Sign%20in%20to%20Xfinity_files/ |
89 KB 20 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
prism-ui.esm-293ba77.js.t%C3%A9l%C3%A9chargement
sub-netflix.com/comcast/Sign%20in%20to%20Xfinity_files/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
bundle-293ba77.js.t%C3%A9l%C3%A9chargement
sub-netflix.com/comcast/Sign%20in%20to%20Xfinity_files/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
e5d00e87ba3bf67af60bbc75377626fb1f0b0a10c2e83ca40b7a245ca2cd8367
sub-netflix.com/comcast/Sign%20in%20to%20Xfinity_files/ |
244 KB 244 KB |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
cookie-consent.css
sub-netflix.com/comcast/Sign%20in%20to%20Xfinity_files/ |
54 KB 16 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
a76cdf55-ebf2-44a8-890a-2b5167b45b18.js.t%C3%A9l%C3%A9chargement
sub-netflix.com/comcast/Sign%20in%20to%20Xfinity_files/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
apstag.js.t%C3%A9l%C3%A9chargement
sub-netflix.com/comcast/Sign%20in%20to%20Xfinity_files/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
prebid.js.t%C3%A9l%C3%A9chargement
sub-netflix.com/comcast/Sign%20in%20to%20Xfinity_files/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
AppMeasurement.min.js.t%C3%A9l%C3%A9chargement
sub-netflix.com/comcast/Sign%20in%20to%20Xfinity_files/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
AppMeasurement_Module_ActivityMap.min.js.t%C3%A9l%C3%A9chargement
sub-netflix.com/comcast/Sign%20in%20to%20Xfinity_files/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
AppMeasurement_Module_AudienceManagement.min.js.t%C3%A9l%C3%A9chargement
sub-netflix.com/comcast/Sign%20in%20to%20Xfinity_files/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
vm-login-form-ad-293ba77.js.t%C3%A9l%C3%A9chargement
sub-netflix.com/comcast/Sign%20in%20to%20Xfinity_files/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
u
sub-netflix.com/comcast/Sign%20in%20to%20Xfinity_files/ |
12 KB 12 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
event
sub-netflix.com/comcast/Sign%20in%20to%20Xfinity_files/ |
42 B 93 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
launch-46f715e51bac.min.js.t%C3%A9l%C3%A9chargement
sub-netflix.com/comcast/Sign%20in%20to%20Xfinity_files/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
saved_resource
sub-netflix.com/comcast/Sign%20in%20to%20Xfinity_files/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
data-layer.jpg
sub-netflix.com/comcast/Sign%20in%20to%20Xfinity_files/ |
269 B 331 B |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
xfinity-logo-grey.svg
login.xfinity.com/static/images/global/ |
939 B 771 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
dmsans-regular.woff2
static.cimcontent.net/common-web-assets/fonts/dm-sans/ |
29 KB 30 KB |
Font
binary/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
dmsans-bold.woff2
static.cimcontent.net/common-web-assets/fonts/dm-sans/ |
29 KB 30 KB |
Font
binary/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
xfinity-logo-black.svg
sub-netflix.com/static/images/global/ |
12 KB 12 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
xfinitybrown-regular.woff2
static.cimcontent.net/common-web-assets/fonts/xfinity-brown-optimized/ |
84 KB 85 KB |
Font
binary/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
cookie-consent-293ba77.js
sub-netflix.com/static/next/dist/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
dest5.html
sub-netflix.com/comcast/Sign%20in%20to%20Xfinity_files/ Frame 292B |
7 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Xfinity (Consumer)9 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 boolean| credentialless object| apntag function| pbjsChunk object| pbjs object| __core-js_shared__ function| JSEncrypt object| runtimeData object| s_3_Integrate_DFA_get_00 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
17 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
| Source | Level | URL Text |
|---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
acdn.adnxs.com
login.xfinity.com
static.cimcontent.net
sub-netflix.com
151.101.1.108
192.185.157.116
2a02:26f0:6c00:181::30d4
2a02:26f0:6c00::210:bab1
07aa9312c3d62640466be7ba2449216f163039eebbacbc9c2fd979d07e7862ce
121d7327471295d2aa1878ef94c8ab756375856d08ae24d3df11fa549e241633
15334e1a1a24d9f0f0a3daaedc6f438e3bdd6ef11d7fefb7d37e3208094c7089
15efa7f76b851bbaae4982f92ab734ab468b8964c9dbf13ff788812dfbfa6112
1b453aee00d7c7c9e33e2897b911e9295f343a60f33283fd1fe6a9c084a18c51
1db596d64a139ee0b14e98dfe183c8cb7e7ef5e528649b3f51991a8bc42eab7f
40aefc09f33205666c2c42f20d54285147ae9434ef5f8018481950fd67ddcb68
4d0d01d5e95e4904e89cab34bc4439558f20e3de3677990f53f8885508c71afd
4f6c8fe3d9d39c232c48874cb05e4b88fc313b703b4671333badf8c96ff9b130
77001c299b0b5665730298ee2b3bdc70e2d3513a822c3f17ce4c65f6390b49e8
ac7ab1854db99c8278486132a7cef4a5d4f2992fd59488d02b4a5c5a071407d0
bccb23d41c2cc69cf0c7d22c4314ca8181a513c6999b73e45307792830f4e482
bf4aa8f1f339ab14bd142750fbd5d6aff7614187d1e2e0b491818fad0c7fb236
ebec0a242eb62dac37ad10740e7797b748ff93103796ed6509414a751ce86820
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f4fc8ea1d0db62d19b2320e0299afe1c60abc0aacb7ba34d4169d56bcc828fe2
f8f2b3571ff23c0841f26fe0eef68b81c4248df74679278e8cd27d7fbcb82567