xfinity.ecrfx.com Open in urlscan Pro
188.114.96.3 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://xfinity.ecrfx.com/
Submission: On January 12 via automatic, source certstream-suspicious (January 12th 2025, 11:47:21 am UTC) — Scanned from NL

Summary HTTP 15 Redirects Links 5 Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 3 domains to perform 15 HTTP transactions. The main IP is 188.114.96.3, located in Amsterdam, Netherlands and belongs to CLOUDFLARENET, US. The main domain is xfinity.ecrfx.com.
TLS certificate: Issued by WE1 on December 25th 2024. Valid for: 3 months.

This is the only time xfinity.ecrfx.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Xfinity (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
10	188.114.96.3 188.114.96.3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a02:26f0:e20... 2a02:26f0:e200::58dd:7b81	20940 (AKAMAI-AS...) (AKAMAI-ASN1 Akamai International B.V.)
3	2a02:26f0:b70... 2a02:26f0:b700:18e::30d4	20940 (AKAMAI-AS...) (AKAMAI-ASN1 Akamai International B.V.)
15	4

10 188.114.96.3 (Amsterdam, Netherlands)

ASN13335 (CLOUDFLARENET, US)

xfinity.ecrfx.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:e200::58dd:7b81 (Hamburg, Germany)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)

login.xfinity.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:26f0:b700:18e::30d4 (Hamburg, Germany)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)

static.cimcontent.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	ecrfx.com xfinity.ecrfx.com	203 KB
3	cimcontent.net static.cimcontent.net — Cisco Umbrella Rank: 35873	144 KB
2	xfinity.com login.xfinity.com — Cisco Umbrella Rank: 34390	2 KB
15	3

	Domain	Requested by
10	xfinity.ecrfx.com	xfinity.ecrfx.com
3	static.cimcontent.net	xfinity.ecrfx.com
2	login.xfinity.com	xfinity.ecrfx.com
15	3

This site contains links to these domains. Also see Links.

Domain
my.xfinity.com
xfinity.comcast.net
www.xfinity.com

Subject Issuer	Validity	Valid
ecrfx.com WE1	`2024-12-25` - `2025-03-25`	3 months	crt.sh
login.xfinity.com COMODO RSA Organization Validation Secure Server CA	`2024-10-01` - `2025-10-01`	a year	crt.sh
static.cimcontent.net COMODO RSA Organization Validation Secure Server CA	`2024-03-19` - `2025-03-19`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://xfinity.ecrfx.com/
Frame ID: 3EA17F053BE671AFE15412AA7EC20B25
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sign in to Xfinity

Page Statistics

15
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

4
IPs

2
Countries

349 kB
Transfer

811 kB
Size

2
Cookies

5 Outgoing links

These are links going to different origins than the main page.

URL: http://my.xfinity.com/terms/web/
Title: Terms of Service

Search URL Search Domain Scan URL

URL: http://xfinity.comcast.net/privacy/
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://www.xfinity.com/privacy/policy/staterights#california
Title: CA Notice at collection

Search URL Search Domain Scan URL

URL: https://www.xfinity.com/privacy/manage-preference
Title: Your privacy choices

Search URL Search Domain Scan URL

URL: https://my.xfinity.com/adinformation
Title: Ad choices

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3 200 Primary Request / Show response
xfinity.ecrfx.com/ 85 KB
11 KB 322ms
290ms Document
text/html 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://xfinity.ecrfx.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 703dea3416691cf50a4623aaa1a1df3d02e05d5243dff87486d10a2bdea28a5b

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 900ce927fefa66c3-AMS
content-encoding: zstd
content-type: text/html; charset=UTF-8
date: Sun, 12 Jan 2025 11:47:16 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
priority: u=0,i
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CUuLXpVSViPIKXRjQHy4hG53%2BkAEq7Be6iQCG1UMEHVt5qKFn9Bxuvx6YDbx0ps7ei4sJ8Zj7N6TY73v5WE44OOvE80EchiWVOBpcISMpO0RKiVh2JiIz06dAS6vKr1uwvsiPg%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
server-timing: cfL4;desc="?proto=QUIC&rtt=15397&min_rtt=14775&rtt_var=2761&sent=11&recv=10&lost=0&retrans=0&sent_bytes=4163&recv_bytes=4490&delivery_rate=695&cwnd=12000&unsent_bytes=0&cid=bba69b78ec65bdf7&ts=299&x=1" cfExtPri cfHdrFlush;dur=0
vary: Accept-Encoding

GET
H3 200 comcast-common.js Show response
xfinity.ecrfx.com/js/ 237 KB
130 KB 493ms
493ms Script
text/javascript 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://xfinity.ecrfx.com/js/comcast-common.js
Requested by: Host: xfinity.ecrfx.com
URL: https://xfinity.ecrfx.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 14500096a5ad4d9d53e232c14928d3d60232a29f26c2c09aac5fc89ad23c2e09

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://xfinity.ecrfx.com/

Response headers

server: cloudflare
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: zstd
cf-cache-status: MISS
etag: W/"3b448-65fae8e2-1fc6c5;br"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=86AecPap5%2BSCTe4GKit8hIqS5NDEp9IqH9vK8kJwZAUdQTtxQB52vkBV%2FjYfxIYLygqKhXKz1ab6%2B8IsBWK7g7mvTJ3Sd088eyTIIu0IrbCg0qTfCwkdbnmnTTYkw03v%2BGcYpg%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 900ce929d8e466c3-AMS
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=15617&min_rtt=14668&rtt_var=534&sent=72&recv=44&lost=0&retrans=0&sent_bytes=68401&recv_bytes=7458&delivery_rate=1085937&cwnd=27600&unsent_bytes=0&cid=bba69b78ec65bdf7&ts=795&x=1", cfExtPri, cfHdrFlush;dur=0
date: Sun, 12 Jan 2025 11:47:16 GMT
content-type: text/javascript
last-modified: Wed, 20 Mar 2024 13:47:14 GMT
vary: Accept-Encoding
priority: u=1,i=?0

GET
H3 200 prism-ui-cef2f07.css
xfinity.ecrfx.com/css/ 66 KB
9 KB 345ms
344ms Stylesheet
text/css 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://xfinity.ecrfx.com/css/prism-ui-cef2f07.css
Requested by: Host: xfinity.ecrfx.com
URL: https://xfinity.ecrfx.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4d0d01d5e95e4904e89cab34bc4439558f20e3de3677990f53f8885508c71afd

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://xfinity.ecrfx.com/

Response headers

content-encoding: zstd
cf-cache-status: MISS
etag: W/"10980-65fae8e2-1fc6a9;br"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=k%2B%2BiqYTpIFcFBT3w8kfxmeuTUhseoDpi6MV47xlwW0K3J%2BQr%2BwWn1Ph6LeJY8gTRHO%2Bpp1mER%2FSRItg4sbYMUJb%2BCfF9i5LzgpvNDN0UAZZj1mQwp5dLMWZ9i1CjqMsemQF2Rg%3D%3D"}],"group":"cf-nel","max_age":604800}
expires: Sun, 19 Jan 2025 11:47:16 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=15550&min_rtt=14668&rtt_var=697&sent=62&recv=33&lost=0&retrans=0&sent_bytes=58677&recv_bytes=6979&delivery_rate=1212324&cwnd=27600&unsent_bytes=0&cid=bba69b78ec65bdf7&ts=646&x=1", cfExtPri, cfHdrFlush;dur=0
date: Sun, 12 Jan 2025 11:47:16 GMT
content-type: text/css
last-modified: Wed, 20 Mar 2024 13:47:14 GMT
vary: Accept-Encoding
priority: u=0,i=?0
cache-control: public, max-age=604800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 900ce929d8e666c3-AMS
server: cloudflare

GET
H3 200 bundle-cef2f07.css
xfinity.ecrfx.com/css/ 88 KB
13 KB 324ms
323ms Stylesheet
text/css 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://xfinity.ecrfx.com/css/bundle-cef2f07.css
Requested by: Host: xfinity.ecrfx.com
URL: https://xfinity.ecrfx.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a9adb899c167f01d969696a58403d3089cf6cf452df0a53ab42afe90000fbc52

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://xfinity.ecrfx.com/

Response headers

content-encoding: zstd
cf-cache-status: MISS
etag: W/"161b5-65fae8e2-1fc6a2;br"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pGWouZe1WddLQEq%2FwqjIzAaYCPVqluWEuscmjxuq1jNIWdB%2FKVnoe95DCZKDhXsLLGfzzicyccIrXFOtaQnBUxp1LL4SWOd902WU4Q%2B4SdhEImu1iGRzTJ6urxA4QoLDqvBe5g%3D%3D"}],"group":"cf-nel","max_age":604800}
expires: Sun, 19 Jan 2025 11:47:16 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=15046&min_rtt=14668&rtt_var=426&sent=37&recv=25&lost=0&retrans=0&sent_bytes=31853&recv_bytes=6635&delivery_rate=39827&cwnd=24000&unsent_bytes=0&cid=bba69b78ec65bdf7&ts=626&x=1", cfExtPri, cfHdrFlush;dur=0
date: Sun, 12 Jan 2025 11:47:16 GMT
content-type: text/css
last-modified: Wed, 20 Mar 2024 13:47:14 GMT
vary: Accept-Encoding
priority: u=0,i=?0
cache-control: public, max-age=604800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 900ce929d8ea66c3-AMS
server: cloudflare

GET
H3 200 bundle.css
xfinity.ecrfx.com/css/ 106 KB
16 KB 307ms
307ms Stylesheet
text/css 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://xfinity.ecrfx.com/css/bundle.css
Requested by: Host: xfinity.ecrfx.com
URL: https://xfinity.ecrfx.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 55ebcc68f8185eb8af8000a1cd4a4da5643ff026873d5753183ce452bc6df75a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://xfinity.ecrfx.com/

Response headers

content-encoding: zstd
cf-cache-status: MISS
etag: W/"1a925-65fae8e2-1fc6a3;br"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BMzq0PD%2FZKI2Knbf8VpKZyJ1X7k37ygmkaIna8MycSiiW15EcbbVBXjBcUtb8EXPTaAY0MklWoUyozHaCutv7alE8XjbHMKomzwdUZ8K%2BPBJE%2B8HmeqFkOaYdYv5fJHB%2BZWXFw%3D%3D"}],"group":"cf-nel","max_age":604800}
expires: Sun, 19 Jan 2025 11:47:16 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=15281&min_rtt=14775&rtt_var=732&sent=23&recv=20&lost=0&retrans=0&sent_bytes=15353&recv_bytes=6420&delivery_rate=752399&cwnd=12000&unsent_bytes=0&cid=bba69b78ec65bdf7&ts=610&x=1", cfExtPri, cfHdrFlush;dur=0
date: Sun, 12 Jan 2025 11:47:16 GMT
content-type: text/css
last-modified: Wed, 20 Mar 2024 13:47:14 GMT
vary: Accept-Encoding
priority: u=0,i=?0
cache-control: public, max-age=604800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 900ce929d8ec66c3-AMS
server: cloudflare

GET
H3 200 bundle-cef2f07.js Show response
xfinity.ecrfx.com/js/ 15 KB
7 KB 280ms
280ms Script
text/javascript 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://xfinity.ecrfx.com/js/bundle-cef2f07.js
Requested by: Host: xfinity.ecrfx.com
URL: https://xfinity.ecrfx.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 686a33f005c28796f3dd0a3fc0b63f9c4103e33b71c8f1d4551d219ee4138903

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://xfinity.ecrfx.com/

Response headers

server: cloudflare
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: zstd
cf-cache-status: MISS
etag: W/"3a1d-65fae8e2-1fc6c4;br"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1TrIr8QdI0ki1Mqf2C3JR34lGkA%2FbitJ8O0Q%2Bwyz9UgzjhS%2Fvv2OLYAMZu1CE1Tipxf1Vu7yhDoeGvpfsaRYZQcoS4dpo5a%2FvR7mTTOXm%2FWnvUU3l%2BLr1F%2BkqD434Df1Zcj4pA%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 900ce92decc466c3-AMS
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=15572&min_rtt=14668&rtt_var=284&sent=189&recv=73&lost=0&retrans=0&sent_bytes=204848&recv_bytes=9724&delivery_rate=3759628&cwnd=90000&unsent_bytes=0&cid=bba69b78ec65bdf7&ts=1232&x=1", cfExtPri, cfHdrFlush;dur=0
date: Sun, 12 Jan 2025 11:47:17 GMT
content-type: text/javascript
last-modified: Wed, 20 Mar 2024 13:47:14 GMT
vary: Accept-Encoding
priority: u=3,i=?0

GET
H3 200 cookie-consent.css
xfinity.ecrfx.com/css/ 54 KB
12 KB 336ms
335ms Stylesheet
text/css 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://xfinity.ecrfx.com/css/cookie-consent.css
Requested by: Host: xfinity.ecrfx.com
URL: https://xfinity.ecrfx.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1db596d64a139ee0b14e98dfe183c8cb7e7ef5e528649b3f51991a8bc42eab7f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://xfinity.ecrfx.com/

Response headers

content-encoding: zstd
cf-cache-status: MISS
etag: W/"d90a-65fae8e2-1fc6a4;br"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=40wYTu3ziPH%2Fh53ojCGemcUcdmL9Wy3ONLR42lCsT9eVnHt4K0%2BQB2Mcw7lwVCCjVXMWoDNEe%2F753T9zLnSH%2Byx2gdQ9O8d9lS%2BXPEKYH8HgoQyS0uhWoqAz1K7oAY2qMG6mFA%3D%3D"}],"group":"cf-nel","max_age":604800}
expires: Sun, 19 Jan 2025 11:47:16 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=15046&min_rtt=14668&rtt_var=426&sent=50&recv=25&lost=0&retrans=0&sent_bytes=45717&recv_bytes=6635&delivery_rate=39827&cwnd=24000&unsent_bytes=0&cid=bba69b78ec65bdf7&ts=638&x=1", cfExtPri, cfHdrFlush;dur=0
date: Sun, 12 Jan 2025 11:47:16 GMT
content-type: text/css
last-modified: Wed, 20 Mar 2024 13:47:14 GMT
vary: Accept-Encoding
priority: u=0,i=?0
cache-control: public, max-age=604800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 900ce929d8ed66c3-AMS
server: cloudflare

GET
H2 200 xfinity-logo-grey.svg
login.xfinity.com/static/images/global/ 939 B
1 KB 814ms
527ms Image
image/svg+xml 2a02:26f0:e200::58dd:7b81
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://login.xfinity.com/static/images/global/xfinity-logo-grey.svg

Requested by

Host: xfinity.ecrfx.com
URL: https://xfinity.ecrfx.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:e200::58dd:7b81 Hamburg, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

Software

Resource Hash

15334e1a1a24d9f0f0a3daaedc6f438e3bdd6ef11d7fefb7d37e3208094c7089

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://xfinity.ecrfx.com/

Response headers

strict-transport-security: max-age=31536000 ; includeSubDomains
cache-control: max-age=0, no-cache, no-store
content-encoding: gzip
pragma: no-cache
expires: Sun, 12 Jan 2025 11:47:16 GMT
accept-ranges: bytes
content-length: 539
date: Sun, 12 Jan 2025 11:47:16 GMT
content-type: image/svg+xml
last-modified: Tue, 17 Dec 2024 02:54:02 GMT
vary: Accept-Encoding

GET
H2 200 xfinity-logo-black.svg
login.xfinity.com/static/images/global/ 939 B
1 KB 795ms
507ms Image
image/svg+xml 2a02:26f0:e200::58dd:7b81
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://login.xfinity.com/static/images/global/xfinity-logo-black.svg

Requested by

Host: xfinity.ecrfx.com
URL: https://xfinity.ecrfx.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:e200::58dd:7b81 Hamburg, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

Software

Resource Hash

f831f28eea507b3e762cc59806bb6c8b6f2101cbf56f4689981055d77a7bffb5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://xfinity.ecrfx.com/

Response headers

strict-transport-security: max-age=31536000 ; includeSubDomains
cache-control: max-age=0, no-cache, no-store
content-encoding: gzip
pragma: no-cache
expires: Sun, 12 Jan 2025 11:47:16 GMT
accept-ranges: bytes
content-length: 536
date: Sun, 12 Jan 2025 11:47:16 GMT
content-type: image/svg+xml
last-modified: Tue, 17 Dec 2024 02:54:02 GMT
vary: Accept-Encoding

GET
H3 404 xfinity-logo-grey.svg
xfinity.ecrfx.com/static/images/global/ 1 KB
1 KB 284ms
284ms Image
text/html 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://xfinity.ecrfx.com/static/images/global/xfinity-logo-grey.svg
Requested by: Host: xfinity.ecrfx.com
URL: https://xfinity.ecrfx.com/css/bundle.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 679e7e62b81267c93d0778083ae0fd0efe24172ff0ac581835b54165b3d9ed43

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://xfinity.ecrfx.com/css/bundle.css

Response headers

cache-control: private, no-cache, max-age=0
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: zstd
cf-cache-status: BYPASS
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ybo8E8YLviYenpEbLGs5%2BM2EHMIvg7vtFOORVGhOiXkpJIFPdEhKbYFucPMbgTtcZAh735wGdcOBJHIZ2KL9BnqggZCs%2Fu0ITClyK0%2BL0TUMhlDA%2Bauqj6NvYuZikE4Ac0D4Zw%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 900ce92decc766c3-AMS
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=15572&min_rtt=14668&rtt_var=284&sent=196&recv=73&lost=0&retrans=0&sent_bytes=212309&recv_bytes=9724&delivery_rate=3759628&cwnd=90000&unsent_bytes=0&cid=bba69b78ec65bdf7&ts=1239&x=1", cfExtPri, cfHdrFlush;dur=0
date: Sun, 12 Jan 2025 11:47:17 GMT
content-type: text/html
vary: Accept-Encoding
server: cloudflare
priority: u=3,i

GET
H3 404 xfinity-logo-black.svg
xfinity.ecrfx.com/static/images/global/ 1 KB
1 KB 291ms
291ms Image
text/html 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://xfinity.ecrfx.com/static/images/global/xfinity-logo-black.svg
Requested by: Host: xfinity.ecrfx.com
URL: https://xfinity.ecrfx.com/css/bundle.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 679e7e62b81267c93d0778083ae0fd0efe24172ff0ac581835b54165b3d9ed43

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://xfinity.ecrfx.com/css/bundle.css

Response headers

cache-control: private, no-cache, max-age=0
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: zstd
cf-cache-status: BYPASS
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QbcPmbhekiz04WAaiFD5aIoMQbbFlZRiNRjVlw5%2F2qGbI2e4OtRWlIw7Rs73YSJSHGdb1ZNvV02MhAW91HgrYJ7M5cnR3yFMM%2FJQ8u7MPns4NLJzibR%2F7Tdez1JJ2bZTUVm8Ng%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 900ce92decc866c3-AMS
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=15572&min_rtt=14668&rtt_var=284&sent=198&recv=73&lost=0&retrans=0&sent_bytes=213791&recv_bytes=9724&delivery_rate=3759628&cwnd=90000&unsent_bytes=0&cid=bba69b78ec65bdf7&ts=1247&x=1", cfExtPri, cfHdrFlush;dur=0
date: Sun, 12 Jan 2025 11:47:17 GMT
content-type: text/html
vary: Accept-Encoding
server: cloudflare
priority: u=3,i

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ebec0a242eb62dac37ad10740e7797b748ff93103796ed6509414a751ce86820

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml

GET
H2 200 dmsans-bold.woff2
static.cimcontent.net/common-web-assets/fonts/dm-sans/ 29 KB
29 KB 314ms
22ms Font
font/woff2 2a02:26f0:b700:18e::30d4
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cimcontent.net/common-web-assets/fonts/dm-sans/dmsans-bold.woff2
Requested by: Host: xfinity.ecrfx.com
URL: https://xfinity.ecrfx.com/css/cookie-consent.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:b700:18e::30d4 Hamburg, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f4fc8ea1d0db62d19b2320e0299afe1c60abc0aacb7ba34d4169d56bcc828fe2

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://xfinity.ecrfx.com
Referer: https://xfinity.ecrfx.com/

Response headers

cache-control: max-age=31536000
etag: "5f8fa708197e8666b28fecf16ab5c7f9"
x-amz-version-id: VaZO4U2FUcd1LyiYoG6JGel7GaFGPQaX
accept-ranges: bytes
access-control-allow-origin: *
content-length: 29872
x-amz-cf-id: J_tcPpy2nE453uJu_9V0MERcqGBCr6rRtfsWklYos79QRnDoBIBjPw==
date: Sun, 12 Jan 2025 11:47:17 GMT
content-type: font/woff2
last-modified: Mon, 25 Nov 2024 20:43:51 GMT
server: AmazonS3
x-amz-cf-pop: HAM50-C1
x-amz-server-side-encryption: AES256

GET
H2 200 dmsans-regular.woff2
static.cimcontent.net/common-web-assets/fonts/dm-sans/ 29 KB
30 KB 372ms
79ms Font
font/woff2 2a02:26f0:b700:18e::30d4
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cimcontent.net/common-web-assets/fonts/dm-sans/dmsans-regular.woff2
Requested by: Host: xfinity.ecrfx.com
URL: https://xfinity.ecrfx.com/css/prism-ui-cef2f07.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:b700:18e::30d4 Hamburg, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 40aefc09f33205666c2c42f20d54285147ae9434ef5f8018481950fd67ddcb68

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://xfinity.ecrfx.com
Referer: https://xfinity.ecrfx.com/

Response headers

cache-control: max-age=31536000
etag: "b9d5e5cad821648da76e2fedb6c6a680"
x-amz-version-id: lUHU.CUTpyqdhpkay9p9Jz3kAJy1vg1J
accept-ranges: bytes
access-control-allow-origin: *
content-length: 29920
x-amz-cf-id: 2TWoMvkS-knU2F6-MRf9j2GzGQtGCLe5ljC3tQY3ZiS8Ub3L0pRBCA==
date: Sun, 12 Jan 2025 11:47:17 GMT
content-type: font/woff2
last-modified: Mon, 09 Dec 2024 16:07:32 GMT
server: AmazonS3
x-amz-cf-pop: HAM50-C1
x-amz-server-side-encryption: AES256

GET
H2 200 xfinitybrown-regular.woff2
static.cimcontent.net/common-web-assets/fonts/xfinity-brown-optimized/ 84 KB
85 KB 338ms
45ms Font
font/woff2 2a02:26f0:b700:18e::30d4
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cimcontent.net/common-web-assets/fonts/xfinity-brown-optimized/xfinitybrown-regular.woff2
Requested by: Host: xfinity.ecrfx.com
URL: https://xfinity.ecrfx.com/css/cookie-consent.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:b700:18e::30d4 Hamburg, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ac7ab1854db99c8278486132a7cef4a5d4f2992fd59488d02b4a5c5a071407d0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://xfinity.ecrfx.com
Referer: https://xfinity.ecrfx.com/

Response headers

cache-control: max-age=31536000
etag: "7852867d778f90102ccdec973b475759"
x-amz-version-id: srZskSDvy1UmIOLkjjWb3s4bVWfD_eiS
accept-ranges: bytes
access-control-allow-origin: *
content-length: 86524
x-amz-cf-id: 1IGT-K96cW8tnD1qhrVba259MEAFL9dbOqHTBR7FPxtvx3uey4qcSg==
date: Sun, 12 Jan 2025 11:47:17 GMT
content-type: font/woff2
last-modified: Mon, 09 Dec 2024 16:07:32 GMT
server: AmazonS3
x-amz-cf-pop: HAM50-C1
x-amz-server-side-encryption: AES256

GET
H3 200 favicon.ico
xfinity.ecrfx.com/css/ 11 KB
2 KB 303ms
303ms Other
image/x-icon 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://xfinity.ecrfx.com/css/favicon.ico
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa050de8862f7eaa8ea290eb9612bf949d6a2c8a6ea60ce60df5af3697c89a7d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://xfinity.ecrfx.com/

Response headers

content-encoding: zstd
cf-cache-status: MISS
etag: W/"2b46-65fae8e2-1fc6a8;br"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i2Yk2wvJYTY%2FeXnaLV1%2FuroUeGOQlcWz9riZeZYk6o98zdShHdhaX8d5aBBn3gpAiHekwMNwqU3Olvi48cFzUWIhMNVRPlfMiUTkP7%2Fk88%2F8x%2B27QS4TE94QPXo2QZ1rvpr2kA%3D%3D"}],"group":"cf-nel","max_age":604800}
expires: Sun, 19 Jan 2025 11:47:17 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=15319&min_rtt=14668&rtt_var=511&sent=202&recv=77&lost=0&retrans=0&sent_bytes=215319&recv_bytes=10240&delivery_rate=37010&cwnd=90000&unsent_bytes=0&cid=bba69b78ec65bdf7&ts=1651&x=1", cfExtPri, cfHdrFlush;dur=0
date: Sun, 12 Jan 2025 11:47:17 GMT
content-type: image/x-icon
last-modified: Wed, 20 Mar 2024 13:47:14 GMT
vary: Accept-Encoding
priority: u=1,i
cache-control: public, max-age=604800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 900ce9305f5a66c3-AMS
server: cloudflare

GET
DATA 200
OK truncated
/ 89 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 50e6072d26098d48004a30addeecabd5b22b91e5ccdf9dd86f96459783e3ac23

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Xfinity (Consumer)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			xfinity.ecrfx.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: kmv3d5a3krtdbk5rvic0ummd19
			login.xfinity.com/	1970-01-21 02:34:47	Name: AWSALBCORS Value: 7e+Iaa7AEtcDndqWIC6o9l3YjDKl9lmGiibgBe87bKBthSAxdUbpEAXIPCJJ2A6GJ0ls3m1dNYrjcO+kGXyOl/w0kJHhYX7bf5Y60Sxuky71zDRGQwzkznNeMN3m

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://xfinity.ecrfx.com/static/images/global/xfinity-logo-grey.svg Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://xfinity.ecrfx.com/static/images/global/xfinity-logo-black.svg Message: Failed to load resource: the server responded with a status of 404 ()
rendering	warning	URL: https://xfinity.ecrfx.com/ Message: [GroupMarkerNotSet(crbug.com/242999)!:A020620154130000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader flag to opt in to lower security guarantees for trusted content.
rendering	warning	URL: https://xfinity.ecrfx.com/js/comcast-common.js Message: Canvas2D: Multiple readback operations using getImageData are faster with the willReadFrequently attribute set to true. See: https://html.spec.whatwg.org/multipage/canvas.html#concept-canvas-will-read-frequently
rendering	warning	URL: https://xfinity.ecrfx.com/js/comcast-common.js Message: Canvas2D: Multiple readback operations using getImageData are faster with the willReadFrequently attribute set to true. See: https://html.spec.whatwg.org/multipage/canvas.html#concept-canvas-will-read-frequently

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

login.xfinity.com
static.cimcontent.net
xfinity.ecrfx.com
188.114.96.3
2a02:26f0:b700:18e::30d4
2a02:26f0:e200::58dd:7b81
14500096a5ad4d9d53e232c14928d3d60232a29f26c2c09aac5fc89ad23c2e09
15334e1a1a24d9f0f0a3daaedc6f438e3bdd6ef11d7fefb7d37e3208094c7089
1db596d64a139ee0b14e98dfe183c8cb7e7ef5e528649b3f51991a8bc42eab7f
40aefc09f33205666c2c42f20d54285147ae9434ef5f8018481950fd67ddcb68
4d0d01d5e95e4904e89cab34bc4439558f20e3de3677990f53f8885508c71afd
50e6072d26098d48004a30addeecabd5b22b91e5ccdf9dd86f96459783e3ac23
55ebcc68f8185eb8af8000a1cd4a4da5643ff026873d5753183ce452bc6df75a
679e7e62b81267c93d0778083ae0fd0efe24172ff0ac581835b54165b3d9ed43
686a33f005c28796f3dd0a3fc0b63f9c4103e33b71c8f1d4551d219ee4138903
703dea3416691cf50a4623aaa1a1df3d02e05d5243dff87486d10a2bdea28a5b
a9adb899c167f01d969696a58403d3089cf6cf452df0a53ab42afe90000fbc52
aa050de8862f7eaa8ea290eb9612bf949d6a2c8a6ea60ce60df5af3697c89a7d
ac7ab1854db99c8278486132a7cef4a5d4f2992fd59488d02b4a5c5a071407d0
ebec0a242eb62dac37ad10740e7797b748ff93103796ed6509414a751ce86820
f4fc8ea1d0db62d19b2320e0299afe1c60abc0aacb7ba34d4169d56bcc828fe2
f831f28eea507b3e762cc59806bb6c8b6f2101cbf56f4689981055d77a7bffb5

xfinity.ecrfx.com Open in urlscan Pro 188.114.96.3 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

15 Requests

100 %HTTPS

67 %IPv6

3 Domains

3 Subdomains

4 IPs

2 Countries

349 kBTransfer

811 kBSize

2 Cookies

5 Outgoing links

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

2 Cookies

5 Console Messages

Indicators

xfinity.ecrfx.com Open in urlscan Pro
188.114.96.3 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

4
IPs

2
Countries

349 kB
Transfer

811 kB
Size

2
Cookies

15 HTTP transactions
2 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!