xfinitty.securemessages.us Open in urlscan Pro
54.226.19.244 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://jjdlguvizixls.onlinemailportals.top/cast/qsbjgg%20kd%20bixdnsa/xgczvytjruvguvizixls/%7b%7bemailb64%7d%7d
Effective URL:
https://xfinitty.securemessages.us/comcast/
Submission: On August 05 via manual (August 5th 2022, 3:34:50 am UTC) from IN — Scanned from CA

Summary HTTP 25 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 7 IPs in 2 countries across 6 domains to perform 25 HTTP transactions. The main IP is 54.226.19.244, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is xfinitty.securemessages.us.
TLS certificate: Issued by R3 on August 4th 2022. Valid for: 3 months.

This is the only time xfinitty.securemessages.us was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Xfinity (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
1	40.69.97.32 40.69.97.32	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
14	54.226.19.244 54.226.19.244	14618 (AMAZON-AES) (AMAZON-AES)
3	2600:141b:13:... 2600:141b:13:a8c::30d4	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 1	2620:100:a001::c 2620:100:a001::c	19750 (AS-CRITEO) (AS-CRITEO)
1	74.119.119.139 74.119.119.139	19750 (AS-CRITEO) (AS-CRITEO)
1	68.67.160.132 68.67.160.132	29990 (ASN-APPNEX) (ASN-APPNEX)
1 2	68.67.178.10 68.67.178.10	29990 (ASN-APPNEX) (ASN-APPNEX)
25	7

1 40.69.97.32 (Québec, Canada)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

jjdlguvizixls.onlinemailportals.top	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 54.226.19.244 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-226-19-244.compute-1.amazonaws.com

xfinitty.securemessages.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:141b:13:a8c::30d4 (Secaucus, United States)

ASN20940 (AKAMAI-ASN1, NL)

static.cimcontent.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:100:a001::c (United States) 1 redirects

ASN19750 (AS-CRITEO, US)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 74.119.119.139 (United States)

ASN19750 (AS-CRITEO, US)

mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 68.67.160.132 (New York, United States)

ASN29990 (ASN-APPNEX, US)
PTR: 674.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

nym1-ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 68.67.178.10 (Secaucus, United States) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 634.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	securemessages.us xfinitty.securemessages.us	79 KB
3	adnxs.com 1 redirects nym1-ib.adnxs.com — Cisco Umbrella Rank: 1218 ib.adnxs.com — Cisco Umbrella Rank: 238	2 KB
3	cimcontent.net static.cimcontent.net — Cisco Umbrella Rank: 20940	80 KB
2	criteo.com 1 redirects gum.criteo.com — Cisco Umbrella Rank: 401 mug.criteo.com — Cisco Umbrella Rank: 2755	1 KB
1	onlinemailportals.top jjdlguvizixls.onlinemailportals.top	390 B
0	Failed function sub() { [native code] }. Failed
25	6

	Domain	Requested by
14	xfinitty.securemessages.us	jjdlguvizixls.onlinemailportals.top xfinitty.securemessages.us
3	static.cimcontent.net	xfinitty.securemessages.us
2	ib.adnxs.com	1 redirects xfinitty.securemessages.us
1	nym1-ib.adnxs.com	xfinitty.securemessages.us
1	mug.criteo.com	xfinitty.securemessages.us
1	gum.criteo.com	1 redirects
1	jjdlguvizixls.onlinemailportals.top
0	lmcboojgmmaafdmgacncdpjnpnnhpmei Failed	xfinitty.securemessages.us
25	8

This site contains links to these domains. Also see Links.

Domain
my.xfinity.com

Subject Issuer	Validity	Valid
xfinitty.securemessages.us R3	`2022-08-04` - `2022-11-02`	3 months	crt.sh
static.cimcontent.net COMODO RSA Organization Validation Secure Server CA	`2022-04-06` - `2023-04-06`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2022-02-11` - `2023-03-14`	a year	crt.sh

This page contains 4 frames:

Primary Page: https://xfinitty.securemessages.us/comcast/
Frame ID: D37B4FE92F5BA2E9CC01B93506F86560
Requests: 15 HTTP requests in this frame

Frame: https://xfinitty.securemessages.us/comcast/index_files/saved_resource.html
Frame ID: 84407B4AA8F90519BB9109B1B01667BC
Requests: 6 HTTP requests in this frame

Frame: https://xfinitty.securemessages.us/comcast/index_files/syncframe.html
Frame ID: CE9CDC91AB99B0F5F4E1B8F13B0BCE09
Requests: 2 HTTP requests in this frame

Frame: https://xfinitty.securemessages.us/comcast/index_files/async_usersync.html
Frame ID: 70FD9901D8AA0A5DF884591CDC0ED952
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sign in to Xfinity

Page URL History Show full URLs

http://jjdlguvizixls.onlinemailportals.top/cast/qsbjgg%20kd%20bixdnsa/xgczvytjruvguvizixls/%7b%7bemailb64%7d%7d Page URL
https://xfinitty.securemessages.us/comcast/ Page URL

Detected technologies

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Page Statistics

25
Requests

72 %
HTTPS

29 %
IPv6

6
Domains

8
Subdomains

7
IPs

2
Countries

162 kB
Transfer

243 kB
Size

1
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: http://my.xfinity.com/terms/web/
Title: Terms of Service

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://jjdlguvizixls.onlinemailportals.top/cast/qsbjgg%20kd%20bixdnsa/xgczvytjruvguvizixls/%7b%7bemailb64%7d%7d Page URL
https://xfinitty.securemessages.us/comcast/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 20

https://gum.criteo.com/sid/json?origin=NA&domain=xfinitty.securemessages.us&sn=ChromeSyncframe&so=0 HTTP 302
https://mug.criteo.com/sid?cpp=10H5r3x6ZVdtQ2gxM1JsNmFkSVRuRExGZE53ZnlJMU1UbW1SeGNKQ21YVzUvNHQybGJLYTg4TkMxVW01UU9ORDZsYWVIckpBS29aeFJhd3VVcFA0MXRXM2V4K1lnbEZEV3IvR2lneGJRc1A3TWFxN2xyRG1LeHFYbTZtQ1lUdE1tV09qbXhHRzRFMytDa3BrNmFGaXdKYnluclVGZ0l4SThDRHdBcnVESGZ6R0lrWnM9fA&cppv=2

Request Chain 24

https://ib.adnxs.com/async_usersync?cbfn=queuePixels HTTP 307
https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels

25 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK %7b%7bemailb64%7d%7d
jjdlguvizixls.onlinemailportals.top/cast/qsbjgg%20kd%20bixdnsa/xgczvytjruvguvizixls/ 110 B
390 B 428ms
388ms Document
text/html 40.69.97.32
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: http://jjdlguvizixls.onlinemailportals.top/cast/qsbjgg%20kd%20bixdnsa/xgczvytjruvguvizixls/%7b%7bemailb64%7d%7d
Protocol: HTTP/1.1
Server: 40.69.97.32 Québec, Canada, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: openresty / PHP/8.1.5
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Fri, 05 Aug 2022 03:34:45 GMT
Server: openresty
Transfer-Encoding: chunked
X-Powered-By: PHP/8.1.5
X-Served-By: jjdlguvizixls.onlinemailportals.top

GET
H2 200 Primary Request / Show response
xfinitty.securemessages.us/comcast/ 10 KB
5 KB 104ms
30ms Document
text/html 54.226.19.244
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://xfinitty.securemessages.us/comcast/?

Requested by

Host: jjdlguvizixls.onlinemailportals.top
URL: http://jjdlguvizixls.onlinemailportals.top/cast/qsbjgg%20kd%20bixdnsa/xgczvytjruvguvizixls/%7b%7bemailb64%7d%7d

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

54.226.19.244 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-226-19-244.compute-1.amazonaws.com

Software

nginx /

Resource Hash

be1d4b7630e08f54f878c560987546e285e4a97d6fa813cd2474fae101c7c251

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://jjdlguvizixls.onlinemailportals.top/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

content-encoding: br
content-type: text/html; charset=UTF-8
date: Fri, 05 Aug 2022 03:34:46 GMT
referrer-policy: same-origin
server: nginx
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: master-only
x-xss-protection: 1; mode=block

GET
H2 200 fonts-remote.min.css
xfinitty.securemessages.us/comcast/index_files/ 3 KB
473 B 24ms
23ms Stylesheet
text/css 54.226.19.244
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://xfinitty.securemessages.us/comcast/index_files/fonts-remote.min.css
Requested by: Host: xfinitty.securemessages.us
URL: https://xfinitty.securemessages.us/comcast/?
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 54.226.19.244 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-226-19-244.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 032d8b49c68572a6136937e3f8f4fb10d94eefaf95418e557f44f1f04b715ba8

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://xfinitty.securemessages.us/comcast/?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Fri, 05 Aug 2022 03:34:46 GMT
content-encoding: br
last-modified: Thu, 04 Aug 2022 13:52:56 GMT
server: nginx
etag: W/"62ebcf38-d2f"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 styles-stepped-out-light.min.css
xfinitty.securemessages.us/comcast/index_files/ 35 KB
9 KB 26ms
25ms Stylesheet
text/css 54.226.19.244
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://xfinitty.securemessages.us/comcast/index_files/styles-stepped-out-light.min.css
Requested by: Host: xfinitty.securemessages.us
URL: https://xfinitty.securemessages.us/comcast/?
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 54.226.19.244 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-226-19-244.compute-1.amazonaws.com
Software: nginx /
Resource Hash: f803db461ac629c0a11909f0e16d931a73e6c522223a8201752e28362c4ae373

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://xfinitty.securemessages.us/comcast/?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Fri, 05 Aug 2022 03:34:46 GMT
content-encoding: br
last-modified: Thu, 04 Aug 2022 13:53:08 GMT
server: nginx
etag: W/"62ebcf44-8b3e"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 it
xfinitty.securemessages.us/comcast/index_files/ 0
258 B 23ms
23ms Image
application/octet-stream 54.226.19.244
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://xfinitty.securemessages.us/comcast/index_files/it

Requested by

Host: xfinitty.securemessages.us
URL: https://xfinitty.securemessages.us/comcast/?

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

54.226.19.244 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-226-19-244.compute-1.amazonaws.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://xfinitty.securemessages.us/comcast/?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Fri, 05 Aug 2022 03:34:46 GMT
referrer-policy: same-origin
last-modified: Thu, 04 Aug 2022 13:52:57 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: "62ebcf39-0"
vary: Accept-Encoding
content-type: application/octet-stream
x-permitted-cross-domain-policies: master-only
x-content-type-options: nosniff
accept-ranges: bytes
content-length: 0
x-xss-protection: 1; mode=block

GET
H2 200 u
xfinitty.securemessages.us/comcast/index_files/ 42 B
311 B 24ms
23ms Image
application/octet-stream 54.226.19.244
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://xfinitty.securemessages.us/comcast/index_files/u

Requested by

Host: xfinitty.securemessages.us
URL: https://xfinitty.securemessages.us/comcast/?

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

54.226.19.244 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-226-19-244.compute-1.amazonaws.com

Software

nginx /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://xfinitty.securemessages.us/comcast/?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Fri, 05 Aug 2022 03:34:46 GMT
referrer-policy: same-origin
last-modified: Thu, 04 Aug 2022 13:53:09 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: "62ebcf45-2a"
vary: Accept-Encoding
content-type: application/octet-stream
x-permitted-cross-domain-policies: master-only
x-content-type-options: nosniff
accept-ranges: bytes
content-length: 42
x-xss-protection: 1; mode=block

GET
H2 200 event
xfinitty.securemessages.us/comcast/index_files/ 42 B
311 B 24ms
24ms Image
application/octet-stream 54.226.19.244
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://xfinitty.securemessages.us/comcast/index_files/event

Requested by

Host: xfinitty.securemessages.us
URL: https://xfinitty.securemessages.us/comcast/?

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

54.226.19.244 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-226-19-244.compute-1.amazonaws.com

Software

nginx /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://xfinitty.securemessages.us/comcast/?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Fri, 05 Aug 2022 03:34:46 GMT
referrer-policy: same-origin
last-modified: Thu, 04 Aug 2022 13:52:56 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: "62ebcf38-2a"
vary: Accept-Encoding
content-type: application/octet-stream
x-permitted-cross-domain-policies: master-only
x-content-type-options: nosniff
accept-ranges: bytes
content-length: 42
x-xss-protection: 1; mode=block

GET icon-128.png
lmcboojgmmaafdmgacncdpjnpnnhpmei/icons/ 0
0

GET logo.svg
lmcboojgmmaafdmgacncdpjnpnnhpmei/icons/ 0
0

GET copy.svg
lmcboojgmmaafdmgacncdpjnpnnhpmei/icons/ 0
0

GET r-arrow.svg
lmcboojgmmaafdmgacncdpjnpnnhpmei/icons/ 0
0

GET
H2 200 saved_resource.html Show response
xfinitty.securemessages.us/comcast/index_files/ Frame 8440 10 KB
4 KB 24ms
23ms Document
text/html 54.226.19.244
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://xfinitty.securemessages.us/comcast/index_files/saved_resource.html

Requested by

Host: xfinitty.securemessages.us
URL: https://xfinitty.securemessages.us/comcast/?

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

54.226.19.244 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-226-19-244.compute-1.amazonaws.com

Software

nginx /

Resource Hash

784a2ba0688d4d03520e3f4d98f18f44102e22b74a9ac5694019a79e8c2090be

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://xfinitty.securemessages.us/comcast/?
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

content-encoding: br
content-type: text/html
date: Fri, 05 Aug 2022 03:34:46 GMT
etag: W/"62ebcf3b-26d7"
last-modified: Thu, 04 Aug 2022 13:52:59 GMT
referrer-policy: same-origin
server: nginx
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: master-only
x-xss-protection: 1; mode=block

GET
H2 200 syncframe.html Show response
xfinitty.securemessages.us/comcast/index_files/ Frame CE9C 13 KB
5 KB 29ms
29ms Document
text/html 54.226.19.244
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://xfinitty.securemessages.us/comcast/index_files/syncframe.html

Requested by

Host: xfinitty.securemessages.us
URL: https://xfinitty.securemessages.us/comcast/?

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

54.226.19.244 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-226-19-244.compute-1.amazonaws.com

Software

nginx /

Resource Hash

5db15b826707e48e458664451362f6728864e8419bf06e8b16d8b92ce22c3d71

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://xfinitty.securemessages.us/comcast/?
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

content-encoding: br
content-type: text/html
date: Fri, 05 Aug 2022 03:34:46 GMT
etag: W/"62ebcf45-3522"
last-modified: Thu, 04 Aug 2022 13:53:09 GMT
referrer-policy: same-origin
server: nginx
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: master-only
x-xss-protection: 1; mode=block

GET
H2 200 XfinityStandard-Regular.woff2
static.cimcontent.net/fonts/latest/Xfinity_Standard/ 26 KB
26 KB 119ms
20ms Font
font/woff2 2600:141b:13:a8c::30d4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cimcontent.net/fonts/latest/Xfinity_Standard/XfinityStandard-Regular.woff2
Requested by: Host: xfinitty.securemessages.us
URL: https://xfinitty.securemessages.us/comcast/index_files/fonts-remote.min.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:13:a8c::30d4 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 138c0ead0fbcd09dd455df9870920e8725b367fbf02ac0cef0c62874000ab176

Request headers

Referer: https://xfinitty.securemessages.us/
Origin: https://xfinitty.securemessages.us
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

unused62: 8096267
x-amz-version-id: kLBQWhXkUwwuS0hOSKJ2GQ_XrNE.oQFF
last-modified: Fri, 24 Jan 2020 21:23:01 GMT
server: AmazonS3
x-amz-cf-pop: EWR52-C2
etag: "e3e79cd377b28c1e7ffea64b194136cf"
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=1078531
date: Fri, 05 Aug 2022 03:34:46 GMT
accept-ranges: bytes
content-length: 26768
x-amz-cf-id: geXXkBgzb12_o1noGBYj2vw-954MH7VytZT-DJO_LUJv2h4Xhwl5Nw==

GET
DATA 200
OK truncated
/ 933 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4bd9c8ed57b1dd8fddcc2910170e9b81b40f7b628e272924e88a98f45ebb9aea

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 XfinityStandard-Medium.woff2
static.cimcontent.net/fonts/latest/Xfinity_Standard/ 27 KB
27 KB 132ms
41ms Font
font/woff2 2600:141b:13:a8c::30d4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cimcontent.net/fonts/latest/Xfinity_Standard/XfinityStandard-Medium.woff2
Requested by: Host: xfinitty.securemessages.us
URL: https://xfinitty.securemessages.us/comcast/index_files/fonts-remote.min.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:13:a8c::30d4 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 2a031939885bb7efba89d423c9ee7c0fe2bab465f18db63f40a9ae2bd7bc0228

Request headers

Referer: https://xfinitty.securemessages.us/
Origin: https://xfinitty.securemessages.us
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

unused62: 8096267
x-amz-version-id: 6t4RA2DS89tdf_2IK5vrc9JAOKCy9A40
last-modified: Fri, 24 Jan 2020 21:23:01 GMT
server: AmazonS3
x-amz-cf-pop: EWR52-C2
etag: "13709eac065721ba8cd0e2d1b6fa8026"
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=1078531
date: Fri, 05 Aug 2022 03:34:46 GMT
accept-ranges: bytes
content-length: 27152
x-amz-cf-id: NwSC4T0Mq-IIV_nX0RtpQ7NSTbbcrol-VBFgu2ozdauUwjXJ4sMZ6A==

GET
H2 200 XfinityStandard-Light.woff2
static.cimcontent.net/fonts/latest/Xfinity_Standard/ 27 KB
27 KB 142ms
52ms Font
font/woff2 2600:141b:13:a8c::30d4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cimcontent.net/fonts/latest/Xfinity_Standard/XfinityStandard-Light.woff2
Requested by: Host: xfinitty.securemessages.us
URL: https://xfinitty.securemessages.us/comcast/index_files/fonts-remote.min.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:13:a8c::30d4 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AmazonS3 /
Resource Hash: fc6cd95261064c28600405c9c8dd51813abf8367e85b6e00f0f3031a8338988a

Request headers

Referer: https://xfinitty.securemessages.us/
Origin: https://xfinitty.securemessages.us
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

unused62: 8096267
x-amz-version-id: wnCwOacXycelzt78IMkr55wWB9WkMd2W
last-modified: Fri, 24 Jan 2020 21:23:01 GMT
server: AmazonS3
x-amz-cf-pop: EWR52-C2
etag: "f05d3ebe80809d82ab14d62a79da544e"
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=1117490
date: Fri, 05 Aug 2022 03:34:46 GMT
accept-ranges: bytes
content-length: 27420
x-amz-cf-id: _0eQdgxZyzPvewUgOcrW-vCzUqi1Kjt-qXwuNP3OivPIvp0heyiEPw==

GET
H2 200 90ab4098-d89f-4617-bb26-3aff721f7879.jpg
xfinitty.securemessages.us/comcast/index_files/ Frame 8440 37 KB
36 KB 25ms
25ms Image
image/jpeg 54.226.19.244
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://xfinitty.securemessages.us/comcast/index_files/90ab4098-d89f-4617-bb26-3aff721f7879.jpg
Requested by: Host: xfinitty.securemessages.us
URL: https://xfinitty.securemessages.us/comcast/index_files/saved_resource.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 54.226.19.244 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-226-19-244.compute-1.amazonaws.com
Software: nginx /
Resource Hash: aba4bb7ac151945a9655a953c1a575843800759fb6d03d06cc3b25c62541f9ed

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://xfinitty.securemessages.us/comcast/index_files/saved_resource.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Fri, 05 Aug 2022 03:34:46 GMT
content-encoding: br
last-modified: Thu, 04 Aug 2022 13:52:51 GMT
server: nginx
etag: W/"62ebcf33-94ff"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 404 moatad.js.download
xfinitty.securemessages.us/comcast/index_files/ Frame 8440 0
0 26ms
26ms Script
text/html 54.226.19.244
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://xfinitty.securemessages.us/comcast/index_files/moatad.js.download
Requested by: Host: xfinitty.securemessages.us
URL: https://xfinitty.securemessages.us/comcast/index_files/saved_resource.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 54.226.19.244 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-226-19-244.compute-1.amazonaws.com
Software: nginx /
Resource Hash

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://xfinitty.securemessages.us/comcast/index_files/saved_resource.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Fri, 05 Aug 2022 03:34:46 GMT
content-encoding: br
server: nginx
vary: Accept-Encoding
content-type: text/html

GET
H2 200 rd_log Show response
xfinitty.securemessages.us/comcast/index_files/ Frame 8440 0
258 B 25ms
25ms Script
application/octet-stream 54.226.19.244
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://xfinitty.securemessages.us/comcast/index_files/rd_log

Requested by

Host: xfinitty.securemessages.us
URL: https://xfinitty.securemessages.us/comcast/index_files/saved_resource.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

54.226.19.244 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-226-19-244.compute-1.amazonaws.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://xfinitty.securemessages.us/comcast/index_files/saved_resource.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Fri, 05 Aug 2022 03:34:46 GMT
referrer-policy: same-origin
last-modified: Thu, 04 Aug 2022 13:52:57 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: "62ebcf39-0"
vary: Accept-Encoding
content-type: application/octet-stream
x-permitted-cross-domain-policies: master-only
x-content-type-options: nosniff
accept-ranges: bytes
content-length: 0
x-xss-protection: 1; mode=block

GET
H2 404 trk.js.download
xfinitty.securemessages.us/comcast/index_files/ Frame 8440 0
0 25ms
25ms Script
text/html 54.226.19.244
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://xfinitty.securemessages.us/comcast/index_files/trk.js.download
Requested by: Host: xfinitty.securemessages.us
URL: https://xfinitty.securemessages.us/comcast/index_files/saved_resource.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 54.226.19.244 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-226-19-244.compute-1.amazonaws.com
Software: nginx /
Resource Hash

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://xfinitty.securemessages.us/comcast/index_files/saved_resource.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Fri, 05 Aug 2022 03:34:46 GMT
content-encoding: br
server: nginx
vary: Accept-Encoding
content-type: text/html

GET
H2

200

sid Show response
mug.criteo.com/ Frame CE9C
Redirect Chain

https://gum.criteo.com/sid/json?origin=NA&domain=xfinitty.securemessages.us&sn=ChromeSyncframe&so=0
https://mug.criteo.com/sid?cpp=10H5r3x6ZVdtQ2gxM1JsNmFkSVRuRExGZE53ZnlJMU1UbW1SeGNKQ21YVzUvNHQybGJLYTg4TkMxVW01UU9ORDZsYWVIckpBS29aeFJhd3VVcFA0MXRXM2V4K1lnbEZEV3IvR2lneGJRc1A3TWFxN2xyRG1LeHFYbTZtQ1...

212 B
516 B

158ms
24ms

Fetch
application/json

74.119.119.139
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=10H5r3x6ZVdtQ2gxM1JsNmFkSVRuRExGZE53ZnlJMU1UbW1SeGNKQ21YVzUvNHQybGJLYTg4TkMxVW01UU9ORDZsYWVIckpBS29aeFJhd3VVcFA0MXRXM2V4K1lnbEZEV3IvR2lneGJRc1A3TWFxN2xyRG1LeHFYbTZtQ1lUdE1tV09qbXhHRzRFMytDa3BrNmFGaXdKYnluclVGZ0l4SThDRHdBcnVESGZ6R0lrWnM9fA&cppv=2

Requested by

Host: xfinitty.securemessages.us
URL: https://xfinitty.securemessages.us/comcast/?

Protocol

Server

74.119.119.139 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

1ce235e51535b1828a0d88cb956d3a1a6a23bda59da78c6e2d695350c3829afe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 05 Aug 2022 03:34:46 GMT
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 1377738
strict-transport-security: max-age=31536000; preload;
expires: 0

Redirect headers

pragma: no-cache
date: Fri, 05 Aug 2022 03:34:46 GMT
location: https://mug.criteo.com/sid?cpp=10H5r3x6ZVdtQ2gxM1JsNmFkSVRuRExGZE53ZnlJMU1UbW1SeGNKQ21YVzUvNHQybGJLYTg4TkMxVW01UU9ORDZsYWVIckpBS29aeFJhd3VVcFA0MXRXM2V4K1lnbEZEV3IvR2lneGJRc1A3TWFxN2xyRG1LeHFYbTZtQ1lUdE1tV09qbXhHRzRFMytDa3BrNmFGaXdKYnluclVGZ0l4SThDRHdBcnVESGZ6R0lrWnM9fA&cppv=2
strict-transport-security: max-age=31536000; preload;
access-control-allow-methods: GET
content-type: text/html; charset=utf-8
access-control-allow-origin: https://xfinitty.securemessages.us
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 1504
content-length: 397
expires: 0

GET
H2 200 async_usersync.html Show response
xfinitty.securemessages.us/comcast/index_files/ Frame 70FD 52 KB
16 KB 26ms
26ms Document
text/html 54.226.19.244
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://xfinitty.securemessages.us/comcast/index_files/async_usersync.html

Requested by

Host: xfinitty.securemessages.us
URL: https://xfinitty.securemessages.us/comcast/index_files/saved_resource.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

54.226.19.244 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-226-19-244.compute-1.amazonaws.com

Software

nginx /

Resource Hash

06906c9ff3615211299c3616c663237a1b20562869695f8d742765d22f0bb7c7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://xfinitty.securemessages.us/comcast/index_files/saved_resource.html
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

content-encoding: br
content-type: text/html
date: Fri, 05 Aug 2022 03:34:46 GMT
etag: W/"62ebcf36-d072"
last-modified: Thu, 04 Aug 2022 13:52:54 GMT
referrer-policy: same-origin
server: nginx
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: master-only
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK rd_log Show response
nym1-ib.adnxs.com/ Frame 8440 0
662 B 60ms
19ms Script
text/html 68.67.160.132
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://nym1-ib.adnxs.com/rd_log?an_audit=0&referrer=https%3A%2F%2Flogin.xfinity.com%2Flogin%3FselectAccount%3Dfalse%26ipAddrAuthn%3Dfalse%26passive%3Dfalse%26reqId%3De39c9565-173d-4f93-bd31-d4c1a1abb1a5%26r%3Dcomcast.net%26s%3Dportal%26deviceAuthn%3Dfalse%26continue%3Dhttp%253A%252F%252Fxfinity.comcast.net%252F%26forceAuthn%3D0%26lang%3Den%26rm%3D2&e=wqT_3QLwDaDwBgAAAwDWAAUBCMago5EGEIuU7uzNkbbvBxiBvq7roZnHhXEqNgkAAAkCABEJBywAABkAAADgehQQQCEREgApEQnQMQAAAMD1KPg_MP7Hkwc41DtA1DtIAlCho_ikAViZnG5gAGjMiI4BeMy2BYABAYoBA1VTRJIFBvBVmAGsAqAB-gGoAQGwAQC4AQHAAQPIAQLQAQDYAQDgAQDwAQCKAll1ZignYScsIDM0NTgxMTYsIDE2NDY4NDE5MjYpO3VmKCdpJywgMTQyMTU0MSwgMTY2HQAAcgk6FDkwMzUyMTY8APBlkgL1AyFtMGZ0UmdpajdaY1JFS0dqLUtRQkdBQWdtWnh1TUFRNEFFQUVTTlE3VVA3SGt3ZFlBR0M1Qm1nQWNBQjRBSUFCQUlnQkFKQUJBWmdCQWFBQkVxZ0JBN0FCQUxrQkFBQUFBBQQMREJBUQUJBQE0eVFIYWRFLVRwQmtDUU4ZKCw4RF9nQWVYaFZ2VUIFKShKZ0NBS0FDQUxVQwUQBEwwCQjwTE1BQ0FNZ0NBTkFDQU5nQ0FPQUNBT2dDQVBnQ0FJQURBWmdEQWJvRENVNVpUVEk2TkRZNE1PQUQ1aTJBQkFDSUJBQ1FCQUNZQkFIQkJBBVoFAQR5UR2lGE5nRUFQRUUFGQUBIENJQmNna3FRVQUOHEFBRHdQN0VGDQ0BEARCQh0_AHkVKAxBQUFOMigAAFouKACoNEFVQThBV2tsTzhFLUFYRWlOTUJnZ1lEVlZORWlBWUFrQVlCbUFZQW9RWQFKCQEkS2dHQWJJR0pBawkQAQEAQh2rBEJrARIJAQBDHRhETGdHQkEuLpoCmQEha1FfRnBBOvkBKEptY2JpQUVLQUF4CT4FAQA2MkkBEEVEbUxVEWEQRHdQMUUFJQUBAEYRGAxBQUFHHRgARx0YAEgdGBBIZ0FpUR0QoEEuLtgC7mPgApGcPOoC7gFodHRwczovL2xvZ2luLnhmaW5pdHkuY29tCRJ8P3NlbGVjdEFjY291bnQ9ZmFsc2UmaXBBZGRyQXV0aG4NEhhwYXNzaXZlDQ7wSXJlcUlkPWUzOWM5NTY1LTE3M2QtNGY5My1iZDMxLWQ0YzFhMWFiYjFhNSZyPWNvbWNhc3QubmV0JnM9cG9ydGFsJmRldmljZUF1GWIgY29udGludWU9AbEgJTNBJTJGJTJGHbAAYw1FHCUyRiZmb3JjDT50MCZsYW5nPWVuJnJtPTLyAhEKBkFEVl9JRBIHMzQ1Ye8c8gISCgZDUEcBFCAIMTAyMDk4MjgBKQgFQ1AFFDAzNjA0MjQwM_ICDQoIAT0YRlJFURIBMAUQHFJFTV9VU0VSBRAADAkgGENPREUSAPIBDwFYEQ8QCwoHQ1AVDhAQCgVJTwFgCAcxNIVaAPIBIQRJTxUhOBMKD0NVU1RPTV9NT0RFTAErFADyAhoKFjIWABxMRUFGX05BTQVxCB4KGjYdAAhBU1QBPhBJRklFRAE-HA0KCFNQTElUAU3wnwEwgAMAiAMBkAMAmAMXoAMBqgMAwAOsAsgDANgD27lT4AMA6AMA-AMBgAQAkgQGL3V0L3YzmAQAogQMMTU0LjYuMjAuMTE1qASLpQKyBBAIABABGPgKIKAGKAAwADgCuAQAwAQAyAQA0gQONzYzNiNOWU0yOjQ2ODDaBAIIAeAEAfAEoaP4pAGIBQGYBQCgBf___________wHABQDJBQCl_hTwP9IFCQkFC3QAAADYBQHgBQHwBQH6BQQIABAAkAYAmAYAuAYAwQYBHzAAAPA_0AaHJ9oGFgoQCREZAVwQABgA4AYB8gYCCACABwGIBwCgBwG6Bw8BSEgYACAAMAA42x5AAMgHzLYF0gcNFXQBOAjaBwYJJ0jgBwDqBwIIAPAH0fqaB4oIAhAA&s=672d541ac2a48b32be287a94d93bf00e34adbf82&bdref=https%3A%2F%2Fxfinitty.securemessages.us%2Fcomcast%2F%3F&bdtop=true&bdifs=1&bstk=https%3A%2F%2Fxfinitty.securemessages.us%2Fcomcast%2F%3F,https%3A%2F%2Fxfinitty.securemessages.us%2Fcomcast%2Findex_files%2Fsaved_resource.html&

Requested by

Host: xfinitty.securemessages.us
URL: https://xfinitty.securemessages.us/comcast/index_files/saved_resource.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

68.67.160.132 New York, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

674.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 05 Aug 2022 03:34:46 GMT
X-Proxy-Origin: 149.56.153.178; 149.56.153.178; 674.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
AN-X-Request-Uuid: 2681b93b-4662-44c6-9b10-71d54747d1f2
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 async_usersync Show response
xfinitty.securemessages.us/comcast/index_files/ Frame 70FD 1 KB
2 KB 23ms
23ms Script
application/octet-stream 54.226.19.244
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://xfinitty.securemessages.us/comcast/index_files/async_usersync

Requested by

Host: xfinitty.securemessages.us
URL: https://xfinitty.securemessages.us/comcast/index_files/async_usersync.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

54.226.19.244 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-226-19-244.compute-1.amazonaws.com

Software

nginx /

Resource Hash

348c79112cb51e9c7c94f716c30961d7808d500e54c1afe94272a3265ea33069

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://xfinitty.securemessages.us/comcast/index_files/async_usersync.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Fri, 05 Aug 2022 03:34:46 GMT
referrer-policy: same-origin
last-modified: Thu, 04 Aug 2022 13:52:51 GMT
server: nginx
x-frame-options: SAMEORIGIN
etag: "62ebcf33-56a"
vary: Accept-Encoding
content-type: application/octet-stream
x-permitted-cross-domain-policies: master-only
x-content-type-options: nosniff
accept-ranges: bytes
content-length: 1386
x-xss-protection: 1; mode=block

GET
H/1.1

200
OK

bounce Show response
ib.adnxs.com/ Frame 70FD
Redirect Chain

https://ib.adnxs.com/async_usersync?cbfn=queuePixels
https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels

0
817 B

24ms
24ms

Script
text/html

68.67.178.10
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels

Requested by

Host: xfinitty.securemessages.us
URL: https://xfinitty.securemessages.us/comcast/index_files/async_usersync.html

Protocol

HTTP/1.1

Server

68.67.178.10 Secaucus, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

634.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 05 Aug 2022 03:34:46 GMT
X-Proxy-Origin: 149.56.153.178; 149.56.153.178; 634.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
AN-X-Request-Uuid: d14f7d44-c826-49a4-b2d5-e063fd9639bf
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 05 Aug 2022 03:34:46 GMT
X-Proxy-Origin: 149.56.153.178; 149.56.153.178; 634.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
AN-X-Request-Uuid: 9404c387-b98a-4238-a0b5-50a4ca59d37a
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: lmcboojgmmaafdmgacncdpjnpnnhpmei
URL: chrome-extension://lmcboojgmmaafdmgacncdpjnpnnhpmei/icons/icon-128.png

Domain: lmcboojgmmaafdmgacncdpjnpnnhpmei
URL: chrome-extension://lmcboojgmmaafdmgacncdpjnpnnhpmei/icons/logo.svg

Domain: lmcboojgmmaafdmgacncdpjnpnnhpmei
URL: chrome-extension://lmcboojgmmaafdmgacncdpjnpnnhpmei/icons/copy.svg

Domain: lmcboojgmmaafdmgacncdpjnpnnhpmei
URL: chrome-extension://lmcboojgmmaafdmgacncdpjnpnnhpmei/icons/r-arrow.svg

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Xfinity (Consumer)

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.adnxs.com/	1970-01-20 07:10:46	Name: uuid2 Value: 5788104907017324272

9 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: chrome-extension://lmcboojgmmaafdmgacncdpjnpnnhpmei/icons/icon-128.png Message: Failed to load resource: net::ERR_UNKNOWN_URL_SCHEME
network	error	URL: chrome-extension://lmcboojgmmaafdmgacncdpjnpnnhpmei/icons/logo.svg Message: Failed to load resource: net::ERR_UNKNOWN_URL_SCHEME
network	error	URL: chrome-extension://lmcboojgmmaafdmgacncdpjnpnnhpmei/icons/copy.svg Message: Failed to load resource: net::ERR_UNKNOWN_URL_SCHEME
network	error	URL: chrome-extension://lmcboojgmmaafdmgacncdpjnpnnhpmei/icons/r-arrow.svg Message: Failed to load resource: net::ERR_UNKNOWN_URL_SCHEME
network	error	URL: https://xfinitty.securemessages.us/comcast/index_files/moatad.js.download Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://xfinitty.securemessages.us/comcast/index_files/trk.js.download Message: Failed to load resource: the server responded with a status of 404 ()
security	error	URL: https://xfinitty.securemessages.us/comcast/index_files/async_usersync.html Message: Refused to execute script from 'https://xfinitty.securemessages.us/comcast/index_files/async_usersync' because its MIME type ('application/octet-stream') is not executable, and strict MIME type checking is enabled.
security	error	URL: https://xfinitty.securemessages.us/comcast/index_files/async_usersync.html Message: Refused to execute script from 'https://xfinitty.securemessages.us/comcast/index_files/async_usersync' because its MIME type ('application/octet-stream') is not executable, and strict MIME type checking is enabled.
security	error	URL: https://xfinitty.securemessages.us/comcast/index_files/saved_resource.html Message: Refused to execute script from 'https://xfinitty.securemessages.us/comcast/index_files/rd_log' because its MIME type ('application/octet-stream') is not executable, and strict MIME type checking is enabled.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

gum.criteo.com
ib.adnxs.com
jjdlguvizixls.onlinemailportals.top
lmcboojgmmaafdmgacncdpjnpnnhpmei
mug.criteo.com
nym1-ib.adnxs.com
static.cimcontent.net
xfinitty.securemessages.us
lmcboojgmmaafdmgacncdpjnpnnhpmei
2600:141b:13:a8c::30d4
2620:100:a001::c
40.69.97.32
54.226.19.244
68.67.160.132
68.67.178.10
74.119.119.139
032d8b49c68572a6136937e3f8f4fb10d94eefaf95418e557f44f1f04b715ba8
06906c9ff3615211299c3616c663237a1b20562869695f8d742765d22f0bb7c7
138c0ead0fbcd09dd455df9870920e8725b367fbf02ac0cef0c62874000ab176
1ce235e51535b1828a0d88cb956d3a1a6a23bda59da78c6e2d695350c3829afe
2a031939885bb7efba89d423c9ee7c0fe2bab465f18db63f40a9ae2bd7bc0228
348c79112cb51e9c7c94f716c30961d7808d500e54c1afe94272a3265ea33069
4bd9c8ed57b1dd8fddcc2910170e9b81b40f7b628e272924e88a98f45ebb9aea
5db15b826707e48e458664451362f6728864e8419bf06e8b16d8b92ce22c3d71
784a2ba0688d4d03520e3f4d98f18f44102e22b74a9ac5694019a79e8c2090be
aba4bb7ac151945a9655a953c1a575843800759fb6d03d06cc3b25c62541f9ed
be1d4b7630e08f54f878c560987546e285e4a97d6fa813cd2474fae101c7c251
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f803db461ac629c0a11909f0e16d931a73e6c522223a8201752e28362c4ae373
fc6cd95261064c28600405c9c8dd51813abf8367e85b6e00f0f3031a8338988a

xfinitty.securemessages.us Open in urlscan Pro 54.226.19.244 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

25 Requests

72 %HTTPS

29 %IPv6

6 Domains

8 Subdomains

7 IPs

2 Countries

162 kBTransfer

243 kBSize

1 Cookies

1 Outgoing links

Page URL History

Redirected requests

25 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

10 JavaScript Global Variables

1 Cookies

9 Console Messages

Indicators

xfinitty.securemessages.us Open in urlscan Pro
54.226.19.244 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

25
Requests

72 %
HTTPS

29 %
IPv6

6
Domains

8
Subdomains

7
IPs

2
Countries

162 kB
Transfer

243 kB
Size

1
Cookies

25 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!