kuzov-shik.ru Open in urlscan Pro
195.54.214.88 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://kuzov-shik.ru/uploads/wsecu/castnum/1/comcast.html
Submission: On July 24 via automatic, source openphish (July 24th 2018, 11:24:17 pm UTC)

Summary HTTP 127 Redirects Links 21 Behaviour Indicators

Summary

This website contacted 21 IPs in 7 countries across 12 domains to perform 127 HTTP transactions. The main IP is 195.54.214.88, located in Moscow, Russian Federation and belongs to RINET-AS Cronyx Plus Ltd, RU. The main domain is kuzov-shik.ru.

This is the only time kuzov-shik.ru was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Xfinity (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
35	195.54.214.88 195.54.214.88	8331 (RINET-AS ...) (RINET-AS Cronyx Plus Ltd)
3	34.247.143.160 34.247.143.160	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
7	2.18.232.23 2.18.232.23	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
1	178.250.2.100 178.250.2.100	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
3	2a02:26f0:6c0... 2a02:26f0:6c00:19d::1b62	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
10	204.13.194.235 204.13.194.235	29990 (ASN-APPNEXUS) (ASN-APPNEXUS - AppNexus)
1	2.16.186.90 2.16.186.90	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	172.82.228.16 172.82.228.16	15224 (OMNITURE) (OMNITURE - Adobe Systems Inc.)
1 1	66.117.28.86 66.117.28.86	15224 (OMNITURE) (OMNITURE - Adobe Systems Inc.)
2	52.16.89.247 52.16.89.247	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	23.67.129.200 23.67.129.200	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
13	2.18.235.40 2.18.235.40	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
11	69.173.144.142 69.173.144.142	26667 (RUBICONPR...) (RUBICONPROJECT - The Rubicon Project)
11	69.173.144.152 69.173.144.152	26667 (RUBICONPR...) (RUBICONPROJECT - The Rubicon Project)
1	18.197.99.32 18.197.99.32	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
9	151.101.113.108 151.101.113.108	54113 (FASTLY) (FASTLY - Fastly)
7	52.203.32.250 52.203.32.250	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
2	18.204.190.178 18.204.190.178	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
2	213.19.162.27 213.19.162.27	26667 (RUBICONPR...) (RUBICONPROJECT - The Rubicon Project)
2	2001:558:fe14... 2001:558:fe14:3:68:87:29:197	7922 (COMCAST-7922) (COMCAST-7922 - Comcast Cable Communications)
2	2a02:26f0:eb:... 2a02:26f0:eb:199::2c06	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
127	21

35 195.54.214.88 (Moscow, Russian Federation)

ASN8331 (RINET-AS Cronyx Plus Ltd, RU)
PTR: 88-214.vm.vmco.ru

kuzov-shik.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.247.143.160 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-34-247-143-160.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2.18.232.23 (European Union)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a2-18-232-23.deploy.static.akamaitechnologies.com

assets.adobedtm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.2.100 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
PTR: rtax.criteo.com

rtax.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:26f0:6c00:19d::1b62 (European Union)

ASN20940 (AKAMAI-ASN1, US)

sdx.xfinity.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 204.13.194.235 (New York, United States)

ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US)

oascentral.xfinity.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
oascentral.comcast.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.16.186.90 (European Union)

ASN20940 (AKAMAI-ASN1, US)
PTR: a2-16-186-90.deploy.static.akamaitechnologies.com

fast.comcast.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.82.228.16 (Lehi, United States)

ASN15224 (OMNITURE - Adobe Systems Inc., US)
PTR: *.d1.sc.omtrdc.net

comcastcom.d1.sc.omtrdc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 66.117.28.86 (Lehi, United States) 1 redirects

ASN15224 (OMNITURE - Adobe Systems Inc., US)

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.16.89.247 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-16-89-247.eu-west-1.compute.amazonaws.com

comcastathena.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.67.129.200 (Amsterdam, Netherlands)

ASN20940 (AKAMAI-ASN1, US)
PTR: a23-67-129-200.deploy.static.akamaitechnologies.com

ads.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2.18.235.40 (European Union)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a2-18-235-40.deploy.static.akamaitechnologies.com

z.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
px.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 69.173.144.142 (Smithfield, United States)

ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US)

optimized-by.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 69.173.144.152 (Smithfield, United States)

ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US)

beacon-eu2.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.197.99.32 (Cambridge, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-18-197-99-32.eu-central-1.compute.amazonaws.com

pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 151.101.113.108 (San Francisco, United States)

ASN54113 (FASTLY - Fastly, US)

cdn.oas-c18.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 52.203.32.250 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-52-203-32-250.compute-1.amazonaws.com

s.update.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.204.190.178 (Cambridge, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-18-204-190-178.compute-1.amazonaws.com

s.update.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.19.162.27 (United Kingdom)

ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US)

beacon-eu-ams3.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:558:fe14:3:68:87:29:197 (United States)

ASN7922 (COMCAST-7922 - Comcast Cable Communications, LLC, US)

login.xfinity.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:eb:199::2c06 (European Union)

ASN20940 (AKAMAI-ASN1, US)

dl.cws.xfinity.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
35	kuzov-shik.ru kuzov-shik.ru	1 MB
34	rubiconproject.com ads.rubiconproject.com optimized-by.rubiconproject.com beacon-eu2.rubiconproject.com s.update.rubiconproject.com beacon-eu-ams3.rubiconproject.com	168 KB
13	moatads.com z.moatads.com px.moatads.com	81 KB
9	adnxs.com cdn.oas-c18.adnxs.com	376 KB
9	comcast.net oascentral.comcast.net	11 KB
8	xfinity.com sdx.xfinity.com oascentral.xfinity.com login.xfinity.com dl.cws.xfinity.com	161 KB
7	adobedtm.com assets.adobedtm.com	68 KB
6	demdex.net dpm.demdex.net fast.comcast.demdex.net comcastathena.demdex.net	6 KB
3	omtrdc.net comcastcom.d1.sc.omtrdc.net	12 KB
1	quantserve.com pixel.quantserve.com	471 B
1	everesttech.net 1 redirects cm.everesttech.net	526 B
1	criteo.com rtax.criteo.com	640 B
127	12

	Domain	Requested by
35	kuzov-shik.ru	kuzov-shik.ru
12	px.moatads.com	kuzov-shik.ru
11	beacon-eu2.rubiconproject.com	kuzov-shik.ru
11	optimized-by.rubiconproject.com	ads.rubiconproject.com kuzov-shik.ru
9	s.update.rubiconproject.com	kuzov-shik.ru s.update.rubiconproject.com
9	cdn.oas-c18.adnxs.com	kuzov-shik.ru z.moatads.com
9	oascentral.comcast.net	kuzov-shik.ru
7	assets.adobedtm.com	kuzov-shik.ru
3	comcastcom.d1.sc.omtrdc.net	kuzov-shik.ru
3	sdx.xfinity.com	kuzov-shik.ru z.moatads.com
3	dpm.demdex.net	kuzov-shik.ru
2	dl.cws.xfinity.com	kuzov-shik.ru
2	login.xfinity.com	kuzov-shik.ru
2	beacon-eu-ams3.rubiconproject.com	kuzov-shik.ru
2	comcastathena.demdex.net	kuzov-shik.ru
1	pixel.quantserve.com	optimized-by.rubiconproject.com
1	z.moatads.com	oascentral.xfinity.com
1	ads.rubiconproject.com	oascentral.xfinity.com
1	cm.everesttech.net	1 redirects
1	fast.comcast.demdex.net	kuzov-shik.ru
1	oascentral.xfinity.com	kuzov-shik.ru
1	rtax.criteo.com	kuzov-shik.ru
127	22

This site contains links to these domains. Also see Links.

Domain
oascentral.comcast.net
www.comcast.net
www.surveymonkey.com
login.xfinity.com
idm.xfinity.com
customer.xfinity.com
my.xfinity.com
xfinity.comcast.net
customer.comcast.com

Subject Issuer	Validity	Valid

This page contains 5 frames:

Primary Page: http://kuzov-shik.ru/uploads/wsecu/castnum/1/comcast.html
Frame ID: 3420C4E52045A78EC566247067BA4729
Requests: 126 HTTP requests in this frame

Frame: http://fast.comcast.demdex.net/dest5.html?d_nsid=0
Frame ID: 13B2E969AB230D8BE601D6674F748DA9
Requests: 1 HTTP requests in this frame

Frame: http://kuzov-shik.ru/uploads/wsecu/castnum/1/comcast_files/dest5.html
Frame ID: A6BAD2EFAF7A98653B1489BDB430FA93
Requests: 1 HTTP requests in this frame

Frame: http://kuzov-shik.ru/uploads/wsecu/castnum/1/comcast_files/dest5_002.html
Frame ID: F3C7A58714901C9CABC73C7889AD3C4D
Requests: 1 HTTP requests in this frame

Frame: data://truncated
Frame ID: 888FFC6CF58440EDB7674F7B0919B6EF
Requests: 1 HTTP requests in this frame