login.secure.xfinity.com.us.verify.authentification-id.aspenaromas.com Open in urlscan Pro
146.70.44.226 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://l.wl.co/l?u=https://t.co/8rtzAPqE6l
Effective URL:
https://login.secure.xfinity.com.us.verify.authentification-id.aspenaromas.com/?return=&visitorId=66eb786614c1940801e194a3
Submission: On September 19 via automatic, source phishtank (September 19th 2024, 1:03:38 am UTC) — Scanned from DE

Summary HTTP 14 Redirects Behaviour Indicators

Summary

This website contacted 6 IPs in 4 countries across 6 domains to perform 14 HTTP transactions. The main IP is 146.70.44.226, located in Los Angeles, United States and belongs to M247, RO. The main domain is login.secure.xfinity.com.us.verify.authentification-id.aspenaromas.com.
TLS certificate: Issued by R10 on September 4th 2024. Valid for: 3 months.

This is the only time login.secure.xfinity.com.us.verify.authentification-id.aspenaromas.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Xfinity (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
1	157.240.0.13 157.240.0.13	32934 (FACEBOOK) (FACEBOOK)
1	162.159.140.229 162.159.140.229	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	172.64.147.222 172.64.147.222	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	162.241.61.23 162.241.61.23	19871 (NETWORK-S...) (NETWORK-SOLUTIONS-HOSTING)
7	146.70.44.226 146.70.44.226	9009 (M247) (M247)
3	2a02:26f0:e30... 2a02:26f0:e300:184::30d4	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
14	6

1 157.240.0.13 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
PTR: edge-star-shv-02-fra3.facebook.com

l.wl.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.159.140.229 (None, )

ASN13335 (CLOUDFLARENET, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.64.147.222 (San Francisco, United States)

ASN13335 (CLOUDFLARENET, US)

zxcvbnmqwerty.carrd.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.241.61.23 (United States) 1 redirects

ASN19871 (NETWORK-SOLUTIONS-HOSTING, US)
PTR: 162-241-61-23.unifiedlayer.com

beta.parquedasflores.com.br	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 146.70.44.226 (Los Angeles, United States)

ASN9009 (M247, RO)
PTR: tre1.captionindustry.com

login.secure.xfinity.com.us.verify.authentification-id.aspenaromas.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:26f0:e300:184::30d4 (Prague, Czech Republic)

ASN20940 (AKAMAI-ASN1, NL)

static.cimcontent.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	aspenaromas.com login.secure.xfinity.com.us.verify.authentification-id.aspenaromas.com	407 KB
3	cimcontent.net static.cimcontent.net — Cisco Umbrella Rank: 34642	146 KB
1	parquedasflores.com.br 1 redirects beta.parquedasflores.com.br	188 B
1	carrd.co zxcvbnmqwerty.carrd.co	6 KB
1	t.co t.co — Cisco Umbrella Rank: 834	792 B
1	wl.co l.wl.co — Cisco Umbrella Rank: 229508	313 B
14	6

	Domain	Requested by
7	login.secure.xfinity.com.us.verify.authentification-id.aspenaromas.com	zxcvbnmqwerty.carrd.co login.secure.xfinity.com.us.verify.authentification-id.aspenaromas.com
3	static.cimcontent.net	login.secure.xfinity.com.us.verify.authentification-id.aspenaromas.com
1	beta.parquedasflores.com.br	1 redirects
1	zxcvbnmqwerty.carrd.co	t.co
1	t.co	l.wl.co
1	l.wl.co
14	6

This site contains no links.

Subject Issuer	Validity	Valid
*.wl.co DigiCert SHA2 High Assurance Server CA	`2024-06-28` - `2024-09-26`	3 months	crt.sh
t.co E6	`2024-07-31` - `2024-10-29`	3 months	crt.sh
carrd.co Cloudflare Inc ECC CA-3	`2024-02-29` - `2024-12-31`	10 months	crt.sh
R10	`2024-09-04` - `2024-12-03`	3 months	crt.sh
static.cimcontent.net COMODO RSA Organization Validation Secure Server CA	`2024-03-19` - `2025-03-19`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://login.secure.xfinity.com.us.verify.authentification-id.aspenaromas.com/?return=&visitorId=66eb786614c1940801e194a3
Frame ID: 6ADF77583BAE49F1110DAFB6B18A3873
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Internet, TV, Phone, Smart Home and Security - Xfinity by Comcast

Page URL History Show full URLs

https://l.wl.co/l?u=https://t.co/8rtzAPqE6l Page URL
https://t.co/8rtzAPqE6l Page URL
https://zxcvbnmqwerty.carrd.co/ Page URL
https://beta.parquedasflores.com.br/modules/mod_simplefileuploadv1.3/elements/yyqtqrwqtrteqwe.php?img=view HTTP 302
https://login.secure.xfinity.com.us.verify.authentification-id.aspenaromas.com/?return=&visitorId=66eb786614c1940801e194a3 Page URL

Page Statistics

14
Requests

93 %
HTTPS

17 %
IPv6

6
Domains

6
Subdomains

6
IPs

4
Countries

560 kB
Transfer

565 kB
Size

4
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://l.wl.co/l?u=https://t.co/8rtzAPqE6l Page URL
https://t.co/8rtzAPqE6l Page URL
https://zxcvbnmqwerty.carrd.co/ Page URL
https://beta.parquedasflores.com.br/modules/mod_simplefileuploadv1.3/elements/yyqtqrwqtrteqwe.php?img=view HTTP 302
https://login.secure.xfinity.com.us.verify.authentification-id.aspenaromas.com/?return=&visitorId=66eb786614c1940801e194a3 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3 200 l
l.wl.co/ 217 B
313 B 262ms
190ms Document
text/html 157.240.0.13
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://l.wl.co/l?u=https://t.co/8rtzAPqE6l

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.0.13 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-shv-02-fra3.facebook.com

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' data: blob: https://.wl.co https://.fbcdn.net;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: zstd
content-security-policy: default-src 'self' 'unsafe-inline' data: blob: https://*.wl.co https://*.fbcdn.net;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-type: text/html; charset="utf-8"
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
cross-origin-resource-policy: same-origin
date: Thu, 19 Sep 2024 01:03:32 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
origin-agent-cluster: ?1
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
pragma: no-cache
priority: u=0,i
referrer-policy: origin
refresh: 1;URL=https://t.co/8rtzAPqE6l
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=11, rtx=0, c=23, mss=1232, tbw=4823, tp=11, tpl=0, uplat=156, ullat=0
x-fb-debug: 4lKIYcE+vGsMuhX0spy62xMGo88FJXnjqymmOQufxhVT4TgFqAjGgbyL1JhUSzY+WgWG2aFoc+fyYzUPAJZ/Pg==
x-frame-options: DENY
x-robots-tag: noindex, nofollow
x-xss-protection: 0

GET
H2 200 8rtzAPqE6l
t.co/ 244 B
792 B 263ms
143ms Document
text/html 162.159.140.229
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://t.co/8rtzAPqE6l

Requested by

Host: l.wl.co
URL: https://l.wl.co/l?u=https://t.co/8rtzAPqE6l

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.140.229 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare tsa_o /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Xss-Protection	0

Request headers

Referer: https://l.wl.co/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cache-control: private,max-age=300
cf-cache-status: DYNAMIC
cf-ray: 8c55a8143a20d380-FRA
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Thu, 19 Sep 2024 01:03:32 GMT
expires: Thu, 19 Sep 2024 01:08:32 GMT
perf: 7402827104
server: cloudflare tsa_o
strict-transport-security: max-age=0
vary: Origin
x-connection-hash: 7667bfd227fae8dd2cfa5c3f38737617695e542dd68e3529321a0efa607a3f70
x-response-time: 112
x-transaction-id: 1f0368e9dd12b043
x-xss-protection: 0

GET
H2 200 / Show response
zxcvbnmqwerty.carrd.co/ 16 KB
6 KB 502ms
329ms Document
text/html 172.64.147.222
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://zxcvbnmqwerty.carrd.co/
Requested by: Host: t.co
URL: https://t.co/8rtzAPqE6l
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.147.222 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4d62ec921c15fef64ed56a3caed1e3350e355becd185e40220850f8993b53f8c

Request headers

Referer: https://t.co/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cache-control: max-age=0
cf-cache-status: DYNAMIC
cf-ray: 8c55a817499d9006-FRA
content-encoding: gzip
content-type: text/html
date: Thu, 19 Sep 2024 01:03:33 GMT
expires: Thu, 19 Sep 2024 01:03:33 GMT
last-modified: Sat, 07 Sep 2024 07:35:45 GMT
server: cloudflare
vary: Accept-Encoding

GET
H/1.1

200
OK

Primary Request / Show response
login.secure.xfinity.com.us.verify.authentification-id.aspenaromas.com/
Redirect Chain

https://beta.parquedasflores.com.br/modules/mod_simplefileuploadv1.3/elements/yyqtqrwqtrteqwe.php?img=view
https://login.secure.xfinity.com.us.verify.authentification-id.aspenaromas.com/?return=&visitorId=66eb786614c1940801e194a3

406 B
1 KB

1756ms
562ms

Document
text/html

146.70.44.226
M247

General

Check archive.org

Show headers Download Go to

Full URL

https://login.secure.xfinity.com.us.verify.authentification-id.aspenaromas.com/?return=&visitorId=66eb786614c1940801e194a3

Requested by

Host: zxcvbnmqwerty.carrd.co
URL: https://zxcvbnmqwerty.carrd.co/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

146.70.44.226 Los Angeles, United States, ASN9009 (M247, RO),

Reverse DNS

tre1.captionindustry.com

Software

Apache /

Resource Hash

aebcd9c6b615fde8ba429b2b2067f82fea830082d8c16a98df9d89b0a0b1561f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://zxcvbnmqwerty.carrd.co/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
Access-Control-Allow-Methods: POST, OPTIONS, GET
Access-Control-Allow-Origin: *
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Date: Thu, 19 Sep 2024 01:03:35 GMT
Keep-Alive: timeout=5, max=100
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Transfer-Encoding: chunked
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block

Redirect headers

access-control-allow-origin: *
content-length: 0
content-type: text/html; charset=UTF-8
date: Thu, 19 Sep 2024 01:03:34 GMT
location: https://login.secure.xfinity.com.us.verify.authentification-id.aspenaromas.com/?return=&visitorId=66eb786614c1940801e194a3
server: Apache
x-content-type-options: nosniff

GET
H/1.1 200
OK main.266790ce.js Show response
login.secure.xfinity.com.us.verify.authentification-id.aspenaromas.com/static/js/ 357 KB
358 KB 181ms
179ms Script
text/javascript 146.70.44.226
M247

General

Check archive.org

Show headers Download Go to

Full URL

https://login.secure.xfinity.com.us.verify.authentification-id.aspenaromas.com/static/js/main.266790ce.js

Requested by

Host: login.secure.xfinity.com.us.verify.authentification-id.aspenaromas.com
URL: https://login.secure.xfinity.com.us.verify.authentification-id.aspenaromas.com/?return=&visitorId=66eb786614c1940801e194a3

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

146.70.44.226 Los Angeles, United States, ASN9009 (M247, RO),

Reverse DNS

tre1.captionindustry.com

Software

Apache /

Resource Hash

8f62c6907f5f466e37ab845ff67e83ece16f5e7e4ee153ac631038a7b902f060

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://login.secure.xfinity.com.us.verify.authentification-id.aspenaromas.com/?return=&visitorId=66eb786614c1940801e194a3

Response headers

Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Connection: Keep-Alive
X-Content-Type-Options: nosniff
Access-Control-Allow-Methods: POST, OPTIONS, GET
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Length: 365984
Keep-Alive: timeout=5, max=99
Date: Thu, 19 Sep 2024 01:03:36 GMT
X-XSS-Protection: 1; mode=block
Last-Modified: Wed, 04 Sep 2024 07:15:12 GMT
Content-Type: text/javascript
Server: Apache
X-Frame-Options: DENY

GET
H/1.1 200
OK main.5323b123.css
login.secure.xfinity.com.us.verify.authentification-id.aspenaromas.com/static/css/ 16 KB
16 KB 486ms
165ms Stylesheet
text/css 146.70.44.226
M247

General

Check archive.org

Show headers Download Go to

Full URL

https://login.secure.xfinity.com.us.verify.authentification-id.aspenaromas.com/static/css/main.5323b123.css

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

146.70.44.226 Los Angeles, United States, ASN9009 (M247, RO),

Reverse DNS

tre1.captionindustry.com

Software

Apache /

Resource Hash

acd8ef6fd1e688660377995db2838047aaed172f49c4044245b87c57c8e43243

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://login.secure.xfinity.com.us.verify.authentification-id.aspenaromas.com/?return=&visitorId=66eb786614c1940801e194a3

Response headers

Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Connection: Keep-Alive
X-Content-Type-Options: nosniff
Access-Control-Allow-Methods: POST, OPTIONS, GET
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Length: 16085
Keep-Alive: timeout=5, max=100
Date: Thu, 19 Sep 2024 01:03:36 GMT
X-XSS-Protection: 1; mode=block
Last-Modified: Wed, 04 Sep 2024 07:15:12 GMT
Content-Type: text/css
Server: Apache
X-Frame-Options: DENY

GET
H/1.1 200
OK supply Show response
login.secure.xfinity.com.us.verify.authentification-id.aspenaromas.com/api// 999 B
1 KB 287ms
287ms XHR
application/json 146.70.44.226
M247

General

Check archive.org

Show headers Download Go to

Full URL

https://login.secure.xfinity.com.us.verify.authentification-id.aspenaromas.com/api//supply

Requested by

Host: login.secure.xfinity.com.us.verify.authentification-id.aspenaromas.com
URL: https://login.secure.xfinity.com.us.verify.authentification-id.aspenaromas.com/static/js/main.266790ce.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

146.70.44.226 Los Angeles, United States, ASN9009 (M247, RO),

Reverse DNS

tre1.captionindustry.com

Software

Apache /

Resource Hash

0c2e15a231c0a851070f329bff0598c4bd265f6db08ffde6a4d990603f456e53

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept: application/json, text/plain, */*
Referer: https://login.secure.xfinity.com.us.verify.authentification-id.aspenaromas.com/?return=&visitorId=66eb786614c1940801e194a3

Response headers

Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Transfer-Encoding: chunked
Connection: Keep-Alive
X-Content-Type-Options: nosniff
Access-Control-Allow-Methods: POST, OPTIONS, GET
Access-Control-Allow-Origin: *
Keep-Alive: timeout=5, max=98
Date: Thu, 19 Sep 2024 01:03:37 GMT
X-XSS-Protection: 1; mode=block
Content-Type: application/json
Server: Apache
X-Frame-Options: DENY

GET
H/1.1 200
OK logo.6ecf68de5343a130bb6f.svg
login.secure.xfinity.com.us.verify.authentification-id.aspenaromas.com/static/media/ 939 B
1 KB 166ms
166ms Image
image/svg+xml 146.70.44.226
M247

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://login.secure.xfinity.com.us.verify.authentification-id.aspenaromas.com/static/media/logo.6ecf68de5343a130bb6f.svg

Requested by

Host: login.secure.xfinity.com.us.verify.authentification-id.aspenaromas.com
URL: https://login.secure.xfinity.com.us.verify.authentification-id.aspenaromas.com/static/css/main.5323b123.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

146.70.44.226 Los Angeles, United States, ASN9009 (M247, RO),

Reverse DNS

tre1.captionindustry.com

Software

Apache /

Resource Hash

15334e1a1a24d9f0f0a3daaedc6f438e3bdd6ef11d7fefb7d37e3208094c7089

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://login.secure.xfinity.com.us.verify.authentification-id.aspenaromas.com/static/css/main.5323b123.css

Response headers

Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Connection: Keep-Alive
X-Content-Type-Options: nosniff
Access-Control-Allow-Methods: POST, OPTIONS, GET
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Length: 939
Keep-Alive: timeout=5, max=99
Date: Thu, 19 Sep 2024 01:03:37 GMT
X-XSS-Protection: 1; mode=block
Last-Modified: Wed, 04 Sep 2024 07:15:12 GMT
Content-Type: image/svg+xml
Server: Apache
X-Frame-Options: DENY

GET
H/1.1 200
OK ad-desk.59da86f159b5f2cbf19b.avif
login.secure.xfinity.com.us.verify.authentification-id.aspenaromas.com/static/media/ 16 KB
17 KB 335ms
162ms Image
image/avif 146.70.44.226
M247

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://login.secure.xfinity.com.us.verify.authentification-id.aspenaromas.com/static/media/ad-desk.59da86f159b5f2cbf19b.avif

Requested by

Host: login.secure.xfinity.com.us.verify.authentification-id.aspenaromas.com
URL: https://login.secure.xfinity.com.us.verify.authentification-id.aspenaromas.com/static/css/main.5323b123.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

146.70.44.226 Los Angeles, United States, ASN9009 (M247, RO),

Reverse DNS

tre1.captionindustry.com

Software

Apache /

Resource Hash

7df983c09501c04ef5ffc5554a8d7379eb645c7a27ad15ada00102c2918468ae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://login.secure.xfinity.com.us.verify.authentification-id.aspenaromas.com/static/css/main.5323b123.css

Response headers

Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Connection: Keep-Alive
X-Content-Type-Options: nosniff
Access-Control-Allow-Methods: POST, OPTIONS, GET
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Length: 16844
Keep-Alive: timeout=5, max=98
Date: Thu, 19 Sep 2024 01:03:37 GMT
X-XSS-Protection: 1; mode=block
Last-Modified: Wed, 04 Sep 2024 07:15:12 GMT
Content-Type: image/avif
Server: Apache
X-Frame-Options: DENY

GET
DATA 200
OK truncated
/ 967 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0b1b85df1c1346525f055eadf91f920167ee7cafeae2dded2e77ea6954131483

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml

GET
H2 200 xfinitybrown-bold.woff2
static.cimcontent.net/common-web-assets/fonts/xfinity-brown-optimized/ 87 KB
87 KB 294ms
54ms Font
binary/octet-stream 2a02:26f0:e300:184::30d4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cimcontent.net/common-web-assets/fonts/xfinity-brown-optimized/xfinitybrown-bold.woff2
Requested by: Host: login.secure.xfinity.com.us.verify.authentification-id.aspenaromas.com
URL: https://login.secure.xfinity.com.us.verify.authentification-id.aspenaromas.com/static/css/main.5323b123.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:e300:184::30d4 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 69420c9db91c689c4ea04655f57a0bcea09b71003f21cd5e56afa71b80f049f0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://login.secure.xfinity.com.us.verify.authentification-id.aspenaromas.com
Referer: https://login.secure.xfinity.com.us.verify.authentification-id.aspenaromas.com/

Response headers

unused62: 8096267
cache-control: max-age=31536000
etag: "ee9034e40cbca864ab03bdfab7ea3f8f"
x-amz-version-id: CZ_MLxzcZL3hhcinvciJrKax9c7YK2xt
accept-ranges: bytes
access-control-allow-origin: *
content-length: 88920
x-amz-cf-id: 4-lSgZauKqdRsOVJz0s0hJSBphRmSZ-bY2e9I17i0e6UBCNWJ5skUQ==
date: Thu, 19 Sep 2024 01:03:37 GMT
content-type: binary/octet-stream
last-modified: Wed, 01 Sep 2021 16:24:41 GMT
server: AmazonS3
x-amz-cf-pop: VIE50-P1

GET
H2 200 dmsans-regular.woff2
static.cimcontent.net/common-web-assets/fonts/dm-sans/ 29 KB
30 KB 334ms
94ms Font
binary/octet-stream 2a02:26f0:e300:184::30d4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cimcontent.net/common-web-assets/fonts/dm-sans/dmsans-regular.woff2
Requested by: Host: login.secure.xfinity.com.us.verify.authentification-id.aspenaromas.com
URL: https://login.secure.xfinity.com.us.verify.authentification-id.aspenaromas.com/static/css/main.5323b123.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:e300:184::30d4 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 40aefc09f33205666c2c42f20d54285147ae9434ef5f8018481950fd67ddcb68

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://login.secure.xfinity.com.us.verify.authentification-id.aspenaromas.com
Referer: https://login.secure.xfinity.com.us.verify.authentification-id.aspenaromas.com/

Response headers

cache-control: max-age=31536000
etag: "b9d5e5cad821648da76e2fedb6c6a680"
x-amz-version-id: LTrIZt0ZiG46W6fMSET6X5_wAZOXYp7t
accept-ranges: bytes
access-control-allow-origin: *
content-length: 29920
x-amz-cf-id: cShWuMK8EypDnBphfVzfZ7CNZ9l0_4M6Ywa_D6X0HmzdG3k9shY11A==
date: Thu, 19 Sep 2024 01:03:37 GMT
content-type: binary/octet-stream
last-modified: Wed, 31 Jan 2024 22:21:43 GMT
server: AmazonS3
x-amz-cf-pop: PRG50-C1
x-amz-server-side-encryption: AES256

GET
H2 200 dmsans-medium.woff2
static.cimcontent.net/common-web-assets/fonts/dm-sans/ 29 KB
29 KB 263ms
23ms Font
binary/octet-stream 2a02:26f0:e300:184::30d4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cimcontent.net/common-web-assets/fonts/dm-sans/dmsans-medium.woff2
Requested by: Host: login.secure.xfinity.com.us.verify.authentification-id.aspenaromas.com
URL: https://login.secure.xfinity.com.us.verify.authentification-id.aspenaromas.com/static/css/main.5323b123.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:e300:184::30d4 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AmazonS3 /
Resource Hash: da319dcae9d21873bf2ad8b146767e023772a8f0a4fd7446156b3d61b9c83098

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://login.secure.xfinity.com.us.verify.authentification-id.aspenaromas.com
Referer: https://login.secure.xfinity.com.us.verify.authentification-id.aspenaromas.com/

Response headers

unused62: 8096267
cache-control: max-age=31536000
etag: "935dd4c230fc4105c9c5bca40e99f815"
x-amz-version-id: 4PsddOg8bLvjHdiYBm2tGDXlNVaJeelo
accept-ranges: bytes
access-control-allow-origin: *
content-length: 29896
x-amz-cf-id: EGLkeAqN34ofdj4bHAk-k0HCKsXEq0qa9j38yyO9QrTpcMt0uZhdJQ==
date: Thu, 19 Sep 2024 01:03:37 GMT
content-type: binary/octet-stream
last-modified: Wed, 01 Sep 2021 16:24:41 GMT
server: AmazonS3
x-amz-cf-pop: VIE50-P1

POST ping
login.secure.xfinity.com.us.verify.authentification-id.aspenaromas.com/api// 0
0

GET
H/1.1 200
OK favicon.ico
login.secure.xfinity.com.us.verify.authentification-id.aspenaromas.com/ 11 KB
11 KB 233ms
162ms Other
image/x-icon 146.70.44.226
M247

General

Check archive.org

Show headers Download Go to

Full URL

https://login.secure.xfinity.com.us.verify.authentification-id.aspenaromas.com/favicon.ico

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

146.70.44.226 Los Angeles, United States, ASN9009 (M247, RO),

Reverse DNS

tre1.captionindustry.com

Software

Apache /

Resource Hash

aa050de8862f7eaa8ea290eb9612bf949d6a2c8a6ea60ce60df5af3697c89a7d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://login.secure.xfinity.com.us.verify.authentification-id.aspenaromas.com/?return=&visitorId=66eb786614c1940801e194a3

Response headers

Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Connection: Keep-Alive
X-Content-Type-Options: nosniff
Access-Control-Allow-Methods: POST, OPTIONS, GET
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Length: 11078
Keep-Alive: timeout=5, max=100
Date: Thu, 19 Sep 2024 01:03:37 GMT
X-XSS-Protection: 1; mode=block
Last-Modified: Wed, 04 Sep 2024 07:15:12 GMT
Content-Type: image/x-icon
Server: Apache
X-Frame-Options: DENY

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: login.secure.xfinity.com.us.verify.authentification-id.aspenaromas.com
URL: https://login.secure.xfinity.com.us.verify.authentification-id.aspenaromas.com/api//ping

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Xfinity (Consumer)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| webpackChunkxfinity

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.t.co/	1970-01-21 09:08:42	Name: muc Value: 54245008-78a1-48cc-af9d-97db14ffda0b
.t.co/	1970-01-20 23:38:29	Name: __cf_bm Value: sFmSQDY3kknwCk42q33F32C4Mt73FmOojx_E.0WMqcs-1726707812-1.0.1.1-PnEMab2jV6_jgzSRtJBw1fmUcDJngIY63AoELxMDkHNm.Pn0eYeyiat8xm1X7EUpRTu7718rChXpWZGv43ozVg
login.secure.xfinity.com.us.verify.authentification-id.aspenaromas.com/	1970-01-20 23:38:31	Name: session Value: 91c299c89ad3551d5eb09f8493f2fc3f
login.secure.xfinity.com.us.verify.authentification-id.aspenaromas.com/	1970-01-20 23:38:31	Name: language Value: de

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'bluetooth'.
rendering	warning	URL: https://login.secure.xfinity.com.us.verify.authentification-id.aspenaromas.com/static/js/main.266790ce.js(Line 1) Message: Canvas2D: Multiple readback operations using getImageData are faster with the willReadFrequently attribute set to true. See: https://html.spec.whatwg.org/multipage/canvas.html#concept-canvas-will-read-frequently

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' data: blob: https://.wl.co https://.fbcdn.net;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

beta.parquedasflores.com.br
l.wl.co
login.secure.xfinity.com.us.verify.authentification-id.aspenaromas.com
static.cimcontent.net
t.co
zxcvbnmqwerty.carrd.co
login.secure.xfinity.com.us.verify.authentification-id.aspenaromas.com
146.70.44.226
157.240.0.13
162.159.140.229
162.241.61.23
172.64.147.222
2a02:26f0:e300:184::30d4
0b1b85df1c1346525f055eadf91f920167ee7cafeae2dded2e77ea6954131483
0c2e15a231c0a851070f329bff0598c4bd265f6db08ffde6a4d990603f456e53
15334e1a1a24d9f0f0a3daaedc6f438e3bdd6ef11d7fefb7d37e3208094c7089
40aefc09f33205666c2c42f20d54285147ae9434ef5f8018481950fd67ddcb68
4d62ec921c15fef64ed56a3caed1e3350e355becd185e40220850f8993b53f8c
69420c9db91c689c4ea04655f57a0bcea09b71003f21cd5e56afa71b80f049f0
7df983c09501c04ef5ffc5554a8d7379eb645c7a27ad15ada00102c2918468ae
8f62c6907f5f466e37ab845ff67e83ece16f5e7e4ee153ac631038a7b902f060
aa050de8862f7eaa8ea290eb9612bf949d6a2c8a6ea60ce60df5af3697c89a7d
acd8ef6fd1e688660377995db2838047aaed172f49c4044245b87c57c8e43243
aebcd9c6b615fde8ba429b2b2067f82fea830082d8c16a98df9d89b0a0b1561f
da319dcae9d21873bf2ad8b146767e023772a8f0a4fd7446156b3d61b9c83098

login.secure.xfinity.com.us.verify.authentification-id.aspenaromas.com Open in urlscan Pro 146.70.44.226 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

14 Requests

93 %HTTPS

17 %IPv6

6 Domains

6 Subdomains

6 IPs

4 Countries

560 kBTransfer

565 kBSize

4 Cookies

0 Outgoing links

Page URL History

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

4 Cookies

2 Console Messages

Security Headers

Indicators

login.secure.xfinity.com.us.verify.authentification-id.aspenaromas.com Open in urlscan Pro
146.70.44.226 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

93 %
HTTPS

17 %
IPv6

6
Domains

6
Subdomains

6
IPs

4
Countries

560 kB
Transfer

565 kB
Size

4
Cookies

14 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!