login.secure.xfinity.com.us.verify.authentification-id.aspenaromas.com
Open in
urlscan Pro
146.70.44.226
Malicious Activity!
Public Scan
Effective URL: https://login.secure.xfinity.com.us.verify.authentification-id.aspenaromas.com/?return=&visitorId=66eb786614c1940801e194a3
Submission: On September 19 via automatic, source phishtank — Scanned from DE
Summary
TLS certificate: Issued by R10 on September 4th 2024. Valid for: 3 months.
This is the only time login.secure.xfinity.com.us.verify.authentification-id.aspenaromas.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Xfinity (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 157.240.0.13 157.240.0.13 | 32934 (FACEBOOK) (FACEBOOK) | |
1 | 162.159.140.229 162.159.140.229 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 172.64.147.222 172.64.147.222 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 1 | 162.241.61.23 162.241.61.23 | 19871 (NETWORK-S...) (NETWORK-SOLUTIONS-HOSTING) | |
7 | 146.70.44.226 146.70.44.226 | 9009 (M247) (M247) | |
3 | 2a02:26f0:e30... 2a02:26f0:e300:184::30d4 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
14 | 6 |
ASN32934 (FACEBOOK, US)
PTR: edge-star-shv-02-fra3.facebook.com
l.wl.co |
ASN19871 (NETWORK-SOLUTIONS-HOSTING, US)
PTR: 162-241-61-23.unifiedlayer.com
beta.parquedasflores.com.br |
ASN9009 (M247, RO)
PTR: tre1.captionindustry.com
login.secure.xfinity.com.us.verify.authentification-id.aspenaromas.com |
ASN20940 (AKAMAI-ASN1, NL)
static.cimcontent.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
aspenaromas.com
login.secure.xfinity.com.us.verify.authentification-id.aspenaromas.com |
407 KB |
3 |
cimcontent.net
static.cimcontent.net — Cisco Umbrella Rank: 34642 |
146 KB |
1 |
parquedasflores.com.br
1 redirects
beta.parquedasflores.com.br |
188 B |
1 |
carrd.co
zxcvbnmqwerty.carrd.co |
6 KB |
1 |
t.co
t.co — Cisco Umbrella Rank: 834 |
792 B |
1 |
wl.co
l.wl.co — Cisco Umbrella Rank: 229508 |
313 B |
14 | 6 |
Domain | Requested by | |
---|---|---|
7 | login.secure.xfinity.com.us.verify.authentification-id.aspenaromas.com |
zxcvbnmqwerty.carrd.co
login.secure.xfinity.com.us.verify.authentification-id.aspenaromas.com |
3 | static.cimcontent.net |
login.secure.xfinity.com.us.verify.authentification-id.aspenaromas.com
|
1 | beta.parquedasflores.com.br | 1 redirects |
1 | zxcvbnmqwerty.carrd.co |
t.co
|
1 | t.co |
l.wl.co
|
1 | l.wl.co | |
14 | 6 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.wl.co DigiCert SHA2 High Assurance Server CA |
2024-06-28 - 2024-09-26 |
3 months | crt.sh |
t.co E6 |
2024-07-31 - 2024-10-29 |
3 months | crt.sh |
carrd.co Cloudflare Inc ECC CA-3 |
2024-02-29 - 2024-12-31 |
10 months | crt.sh |
R10 |
2024-09-04 - 2024-12-03 |
3 months | crt.sh |
static.cimcontent.net COMODO RSA Organization Validation Secure Server CA |
2024-03-19 - 2025-03-19 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://login.secure.xfinity.com.us.verify.authentification-id.aspenaromas.com/?return=&visitorId=66eb786614c1940801e194a3
Frame ID: 6ADF77583BAE49F1110DAFB6B18A3873
Requests: 15 HTTP requests in this frame
Screenshot
Page Title
Internet, TV, Phone, Smart Home and Security - Xfinity by ComcastPage URL History Show full URLs
- https://l.wl.co/l?u=https://t.co/8rtzAPqE6l Page URL
- https://t.co/8rtzAPqE6l Page URL
- https://zxcvbnmqwerty.carrd.co/ Page URL
-
https://beta.parquedasflores.com.br/modules/mod_simplefileuploadv1.3/elements/yyqtqrwqtrteqwe.php?img=view
HTTP 302
https://login.secure.xfinity.com.us.verify.authentification-id.aspenaromas.com/?return=&visitorId=66eb786614c1940801e194a3 Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://l.wl.co/l?u=https://t.co/8rtzAPqE6l Page URL
- https://t.co/8rtzAPqE6l Page URL
- https://zxcvbnmqwerty.carrd.co/ Page URL
-
https://beta.parquedasflores.com.br/modules/mod_simplefileuploadv1.3/elements/yyqtqrwqtrteqwe.php?img=view
HTTP 302
https://login.secure.xfinity.com.us.verify.authentification-id.aspenaromas.com/?return=&visitorId=66eb786614c1940801e194a3 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
14 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H3 |
l
l.wl.co/ |
217 B 313 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
8rtzAPqE6l
t.co/ |
244 B 792 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
zxcvbnmqwerty.carrd.co/ |
16 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
/
login.secure.xfinity.com.us.verify.authentification-id.aspenaromas.com/ Redirect Chain
|
406 B 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.266790ce.js
login.secure.xfinity.com.us.verify.authentification-id.aspenaromas.com/static/js/ |
357 KB 358 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.5323b123.css
login.secure.xfinity.com.us.verify.authentification-id.aspenaromas.com/static/css/ |
16 KB 16 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
supply
login.secure.xfinity.com.us.verify.authentification-id.aspenaromas.com/api// |
999 B 1 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.6ecf68de5343a130bb6f.svg
login.secure.xfinity.com.us.verify.authentification-id.aspenaromas.com/static/media/ |
939 B 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ad-desk.59da86f159b5f2cbf19b.avif
login.secure.xfinity.com.us.verify.authentification-id.aspenaromas.com/static/media/ |
16 KB 17 KB |
Image
image/avif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
967 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
xfinitybrown-bold.woff2
static.cimcontent.net/common-web-assets/fonts/xfinity-brown-optimized/ |
87 KB 87 KB |
Font
binary/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dmsans-regular.woff2
static.cimcontent.net/common-web-assets/fonts/dm-sans/ |
29 KB 30 KB |
Font
binary/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dmsans-medium.woff2
static.cimcontent.net/common-web-assets/fonts/dm-sans/ |
29 KB 29 KB |
Font
binary/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST |
ping
login.secure.xfinity.com.us.verify.authentification-id.aspenaromas.com/api// |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
favicon.ico
login.secure.xfinity.com.us.verify.authentification-id.aspenaromas.com/ |
11 KB 11 KB |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- login.secure.xfinity.com.us.verify.authentification-id.aspenaromas.com
- URL
- https://login.secure.xfinity.com.us.verify.authentification-id.aspenaromas.com/api//ping
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Xfinity (Consumer)1 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| webpackChunkxfinity4 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.t.co/ | Name: muc Value: 54245008-78a1-48cc-af9d-97db14ffda0b |
|
.t.co/ | Name: __cf_bm Value: sFmSQDY3kknwCk42q33F32C4Mt73FmOojx_E.0WMqcs-1726707812-1.0.1.1-PnEMab2jV6_jgzSRtJBw1fmUcDJngIY63AoELxMDkHNm.Pn0eYeyiat8xm1X7EUpRTu7718rChXpWZGv43ozVg |
|
login.secure.xfinity.com.us.verify.authentification-id.aspenaromas.com/ | Name: session Value: 91c299c89ad3551d5eb09f8493f2fc3f |
|
login.secure.xfinity.com.us.verify.authentification-id.aspenaromas.com/ | Name: language Value: de |
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | default-src 'self' 'unsafe-inline' data: blob: https://*.wl.co https://*.fbcdn.net;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; |
X-Content-Type-Options | nosniff |
X-Frame-Options | DENY |
X-Xss-Protection | 0 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
beta.parquedasflores.com.br
l.wl.co
login.secure.xfinity.com.us.verify.authentification-id.aspenaromas.com
static.cimcontent.net
t.co
zxcvbnmqwerty.carrd.co
login.secure.xfinity.com.us.verify.authentification-id.aspenaromas.com
146.70.44.226
157.240.0.13
162.159.140.229
162.241.61.23
172.64.147.222
2a02:26f0:e300:184::30d4
0b1b85df1c1346525f055eadf91f920167ee7cafeae2dded2e77ea6954131483
0c2e15a231c0a851070f329bff0598c4bd265f6db08ffde6a4d990603f456e53
15334e1a1a24d9f0f0a3daaedc6f438e3bdd6ef11d7fefb7d37e3208094c7089
40aefc09f33205666c2c42f20d54285147ae9434ef5f8018481950fd67ddcb68
4d62ec921c15fef64ed56a3caed1e3350e355becd185e40220850f8993b53f8c
69420c9db91c689c4ea04655f57a0bcea09b71003f21cd5e56afa71b80f049f0
7df983c09501c04ef5ffc5554a8d7379eb645c7a27ad15ada00102c2918468ae
8f62c6907f5f466e37ab845ff67e83ece16f5e7e4ee153ac631038a7b902f060
aa050de8862f7eaa8ea290eb9612bf949d6a2c8a6ea60ce60df5af3697c89a7d
acd8ef6fd1e688660377995db2838047aaed172f49c4044245b87c57c8e43243
aebcd9c6b615fde8ba429b2b2067f82fea830082d8c16a98df9d89b0a0b1561f
da319dcae9d21873bf2ad8b146767e023772a8f0a4fd7446156b3d61b9c83098