puraummettre.gq Open in urlscan Pro
145.239.223.18 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://puraummettre.gq/secure/c/comcast/
Submission: On January 24 via api (January 24th 2018, 7:12:35 am UTC) from CA

Summary HTTP 11 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 11 HTTP transactions. The main IP is 145.239.223.18, located in United Kingdom and belongs to OVH, FR. The main domain is puraummettre.gq.

This is the only time puraummettre.gq was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Xfinity (Consumer)

Domain & IP information

	IP Address		AS Autonomous System
11	145.239.223.18 145.239.223.18		16276 (OVH) (OVH)
11	1

11 145.239.223.18 (United Kingdom)

ASN16276 (OVH, FR)
PTR: ip18.ip-145-239-223.eu

puraummettre.gq	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	puraummettre.gq puraummettre.gq	490 KB
11	1

	Domain	Requested by
11	puraummettre.gq	puraummettre.gq
11	1

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://puraummettre.gq/secure/c/comcast/
Frame ID: (572F9A35C0BF0570FCA0D6C19A012303)
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

Page Statistics

11
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

490 kB
Transfer

488 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response puraummettre.gq/secure/c/comcast/	4 KB 4 KB	533ms 533ms	Document text/html	145.239.223.18 OVH
General Check archive.org Show headers Download Go to Full URL http://puraummettre.gq/secure/c/comcast/ Protocol HTTP/1.1 Server 145.239.223.18 , United Kingdom, ASN16276 (OVH, FR), Reverse DNS ip18.ip-145-239-223.eu Software Apache / Resource Hash `bd14fc4980ee1ef2d9e75403b8672a7783d06a56b46f36e5457a94971a8cfbe6` Request headers Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Connection keep-alive Accept-Encoding gzip, deflate Host puraummettre.gq Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Wed, 24 Jan 2018 07:12:26 GMT Server Apache Connection Keep-Alive Keep-Alive timeout=5, max=98 Transfer-Encoding chunked Content-Type text/html; charset=UTF-8
GET H/1.1	200 OK	598b4917a434005b0ffc357c4320926e.png puraummettre.gq/secure/c/comcast/images/	42 KB 42 KB	36ms 18ms	Image image/png	145.239.223.18 OVH
General Check archive.org Show headers Download Go to Show image Full URL http://puraummettre.gq/secure/c/comcast/images/598b4917a434005b0ffc357c4320926e.png Requested by Host: puraummettre.gq URL: http://puraummettre.gq/secure/c/comcast/ Protocol HTTP/1.1 Server 145.239.223.18 , United Kingdom, ASN16276 (OVH, FR), Reverse DNS ip18.ip-145-239-223.eu Software Apache / Resource Hash `f76d476752259cdab42d5d549fa2b1d32f068242e22eff3a57f0d58ec5cdd0cc` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host puraummettre.gq User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://puraummettre.gq/secure/c/comcast/ Connection keep-alive Cache-Control no-cache Referer http://puraummettre.gq/secure/c/comcast/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Wed, 24 Jan 2018 07:12:26 GMT Last-Modified Thu, 12 May 2016 23:03:54 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 43238
GET H/1.1	200 OK	shape244779640.gif puraummettre.gq/secure/c/comcast/images/	271 KB 271 KB	36ms 21ms	Image image/gif	145.239.223.18 OVH
General Check archive.org Show headers Download Go to Show image Full URL http://puraummettre.gq/secure/c/comcast/images/shape244779640.gif Requested by Host: puraummettre.gq URL: http://puraummettre.gq/secure/c/comcast/ Protocol HTTP/1.1 Server 145.239.223.18 , United Kingdom, ASN16276 (OVH, FR), Reverse DNS ip18.ip-145-239-223.eu Software Apache / Resource Hash `45f7d2dce3567282f6e14b3937d205c7f38036d168135fd1d9f654458a9f4abb` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host puraummettre.gq User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://puraummettre.gq/secure/c/comcast/ Connection keep-alive Cache-Control no-cache Referer http://puraummettre.gq/secure/c/comcast/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Wed, 24 Jan 2018 07:12:26 GMT Last-Modified Fri, 13 May 2016 01:21:46 GMT Server Apache Content-Type image/gif Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 277042
GET H/1.1	200 OK	6.png puraummettre.gq/secure/c/comcast/images/	9 KB 9 KB	120ms 88ms	Image image/png	145.239.223.18 OVH
General Check archive.org Show headers Download Go to Show image Full URL http://puraummettre.gq/secure/c/comcast/images/6.png Requested by Host: puraummettre.gq URL: http://puraummettre.gq/secure/c/comcast/ Protocol HTTP/1.1 Server 145.239.223.18 , United Kingdom, ASN16276 (OVH, FR), Reverse DNS ip18.ip-145-239-223.eu Software Apache / Resource Hash `3670d6b500ac7c10d0b804bdea1d404675fac3d344a4c97ae8e57cb72beb3499` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host puraummettre.gq User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://puraummettre.gq/secure/c/comcast/ Connection keep-alive Cache-Control no-cache Referer http://puraummettre.gq/secure/c/comcast/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Wed, 24 Jan 2018 07:12:26 GMT Last-Modified Thu, 12 May 2016 23:03:26 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 8832
GET H/1.1	200 OK	1.png puraummettre.gq/secure/c/comcast/images/	22 KB 22 KB	119ms 84ms	Image image/png	145.239.223.18 OVH
General Check archive.org Show headers Download Go to Show image Full URL http://puraummettre.gq/secure/c/comcast/images/1.png Requested by Host: puraummettre.gq URL: http://puraummettre.gq/secure/c/comcast/ Protocol HTTP/1.1 Server 145.239.223.18 , United Kingdom, ASN16276 (OVH, FR), Reverse DNS ip18.ip-145-239-223.eu Software Apache / Resource Hash `206e0fdc524e9032fef6844defb65fb26785c294565b679b5a7cac5731131104` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host puraummettre.gq User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://puraummettre.gq/secure/c/comcast/ Connection keep-alive Cache-Control no-cache Referer http://puraummettre.gq/secure/c/comcast/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Wed, 24 Jan 2018 07:12:26 GMT Last-Modified Thu, 12 May 2016 23:08:36 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 22172
GET H/1.1	200 OK	7.png puraummettre.gq/secure/c/comcast/images/	40 KB 41 KB	121ms 84ms	Image image/png	145.239.223.18 OVH
General Check archive.org Show headers Download Go to Show image Full URL http://puraummettre.gq/secure/c/comcast/images/7.png Requested by Host: puraummettre.gq URL: http://puraummettre.gq/secure/c/comcast/ Protocol HTTP/1.1 Server 145.239.223.18 , United Kingdom, ASN16276 (OVH, FR), Reverse DNS ip18.ip-145-239-223.eu Software Apache / Resource Hash `fc2e8e45b9bf7326f2a7f277cd654bc4249ac0abbf62155a576fcf98fd1c1882` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host puraummettre.gq User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://puraummettre.gq/secure/c/comcast/ Connection keep-alive Cache-Control no-cache Referer http://puraummettre.gq/secure/c/comcast/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Wed, 24 Jan 2018 07:12:26 GMT Last-Modified Thu, 12 May 2016 23:13:18 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 41310
GET H/1.1	200 OK	2.png puraummettre.gq/secure/c/comcast/images/	649 B 890 B	123ms 59ms	Image image/png	145.239.223.18 OVH
General Check archive.org Show headers Download Go to Show image Full URL http://puraummettre.gq/secure/c/comcast/images/2.png Requested by Host: puraummettre.gq URL: http://puraummettre.gq/secure/c/comcast/ Protocol HTTP/1.1 Server 145.239.223.18 , United Kingdom, ASN16276 (OVH, FR), Reverse DNS ip18.ip-145-239-223.eu Software Apache / Resource Hash `185d99ae979f9f1efde97bde65c7a05609e9f0dd99f88bda636f52f8d13c4d13` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host puraummettre.gq User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://puraummettre.gq/secure/c/comcast/ Connection keep-alive Cache-Control no-cache Referer http://puraummettre.gq/secure/c/comcast/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Wed, 24 Jan 2018 07:12:26 GMT Last-Modified Thu, 12 May 2016 21:55:18 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 649
GET H/1.1	200 OK	3.png puraummettre.gq/secure/c/comcast/images/	2 KB 2 KB	29ms 16ms	Image image/png	145.239.223.18 OVH
General Check archive.org Show headers Download Go to Show image Full URL http://puraummettre.gq/secure/c/comcast/images/3.png Requested by Host: puraummettre.gq URL: http://puraummettre.gq/secure/c/comcast/ Protocol HTTP/1.1 Server 145.239.223.18 , United Kingdom, ASN16276 (OVH, FR), Reverse DNS ip18.ip-145-239-223.eu Software Apache / Resource Hash `26d3234dcfe53919d338449306a4a69743347e4f0732a07019675981075d279e` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host puraummettre.gq User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://puraummettre.gq/secure/c/comcast/ Connection keep-alive Cache-Control no-cache Referer http://puraummettre.gq/secure/c/comcast/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Wed, 24 Jan 2018 07:12:26 GMT Last-Modified Thu, 12 May 2016 21:55:26 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 1627
GET H/1.1	200 OK	4.png puraummettre.gq/secure/c/comcast/images/	2 KB 2 KB	34ms 24ms	Image image/png	145.239.223.18 OVH
General Check archive.org Show headers Download Go to Show image Full URL http://puraummettre.gq/secure/c/comcast/images/4.png Requested by Host: puraummettre.gq URL: http://puraummettre.gq/secure/c/comcast/ Protocol HTTP/1.1 Server 145.239.223.18 , United Kingdom, ASN16276 (OVH, FR), Reverse DNS ip18.ip-145-239-223.eu Software Apache / Resource Hash `e5d39240b6afb09f0433652f1f6001b8f981955dc1bec8c9d3637b7b3a3c235c` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host puraummettre.gq User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://puraummettre.gq/secure/c/comcast/ Connection keep-alive Cache-Control no-cache Referer http://puraummettre.gq/secure/c/comcast/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Wed, 24 Jan 2018 07:12:26 GMT Last-Modified Thu, 12 May 2016 21:55:36 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 2114
GET H/1.1	200 OK	captcha_challenge.gif puraummettre.gq/secure/c/comcast/images/	94 KB 95 KB	115ms 112ms	Image image/gif	145.239.223.18 OVH
General Check archive.org Show headers Download Go to Show image Full URL http://puraummettre.gq/secure/c/comcast/images/captcha_challenge.gif Requested by Host: puraummettre.gq URL: http://puraummettre.gq/secure/c/comcast/ Protocol HTTP/1.1 Server 145.239.223.18 , United Kingdom, ASN16276 (OVH, FR), Reverse DNS ip18.ip-145-239-223.eu Software Apache / Resource Hash `269b5eb48e86e5a89553e891344972f8f3264cfae74318a0c9e7eb5ecd9fe866` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host puraummettre.gq User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://puraummettre.gq/secure/c/comcast/ Connection keep-alive Cache-Control no-cache Referer http://puraummettre.gq/secure/c/comcast/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Wed, 24 Jan 2018 07:12:26 GMT Last-Modified Thu, 12 May 2016 21:54:38 GMT Server Apache Content-Type image/gif Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=97 Content-Length 96734
GET H/1.1	200 OK	signin.png puraummettre.gq/secure/c/comcast/images/	1 KB 2 KB	32ms 19ms	Image image/png	145.239.223.18 OVH
General Check archive.org Show headers Download Go to Show image Full URL http://puraummettre.gq/secure/c/comcast/images/signin.png Requested by Host: puraummettre.gq URL: http://puraummettre.gq/secure/c/comcast/ Protocol HTTP/1.1 Server 145.239.223.18 , United Kingdom, ASN16276 (OVH, FR), Reverse DNS ip18.ip-145-239-223.eu Software Apache / Resource Hash `7df34b7fe82edd17af75cb4d44d904a8c89801bb9a3ce4e1eae6d84caf2fbf93` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host puraummettre.gq User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://puraummettre.gq/secure/c/comcast/ Connection keep-alive Cache-Control no-cache Referer http://puraummettre.gq/secure/c/comcast/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Wed, 24 Jan 2018 07:12:26 GMT Last-Modified Thu, 12 May 2016 23:29:46 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 1316

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Xfinity (Consumer)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| unhideBody

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

puraummettre.gq
145.239.223.18
185d99ae979f9f1efde97bde65c7a05609e9f0dd99f88bda636f52f8d13c4d13
206e0fdc524e9032fef6844defb65fb26785c294565b679b5a7cac5731131104
269b5eb48e86e5a89553e891344972f8f3264cfae74318a0c9e7eb5ecd9fe866
26d3234dcfe53919d338449306a4a69743347e4f0732a07019675981075d279e
3670d6b500ac7c10d0b804bdea1d404675fac3d344a4c97ae8e57cb72beb3499
45f7d2dce3567282f6e14b3937d205c7f38036d168135fd1d9f654458a9f4abb
7df34b7fe82edd17af75cb4d44d904a8c89801bb9a3ce4e1eae6d84caf2fbf93
bd14fc4980ee1ef2d9e75403b8672a7783d06a56b46f36e5457a94971a8cfbe6
e5d39240b6afb09f0433652f1f6001b8f981955dc1bec8c9d3637b7b3a3c235c
f76d476752259cdab42d5d549fa2b1d32f068242e22eff3a57f0d58ec5cdd0cc
fc2e8e45b9bf7326f2a7f277cd654bc4249ac0abbf62155a576fcf98fd1c1882

puraummettre.gq Open in urlscan Pro 145.239.223.18 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

11 Requests

0 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

490 kBTransfer

488 kBSize

0 Cookies

0 Outgoing links

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

0 Cookies

Indicators

puraummettre.gq Open in urlscan Pro
145.239.223.18 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

490 kB
Transfer

488 kB
Size

0
Cookies

11 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!