realexpert.af
Open in
urlscan Pro
162.214.66.81
Malicious Activity!
Public Scan
Submission Tags: @ipnigh
Submission: On April 05 via api from GB
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on January 15th 2020. Valid for: 3 months.
This is the only time realexpert.af was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Xfinity (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
14 | 162.214.66.81 162.214.66.81 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1) | |
1 | 23.77.209.254 23.77.209.254 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
3 | 66.117.29.6 66.117.29.6 | 15224 (OMNITURE) (OMNITURE) | |
1 | 2001:558:fe21... 2001:558:fe21:2:69:252:205:24 | 7922 (COMCAST-7922) (COMCAST-7922) | |
1 | 54.152.108.71 54.152.108.71 | 14618 (AMAZON-AES) (AMAZON-AES) | |
1 2 | 15.188.31.119 15.188.31.119 | 16509 (AMAZON-02) (AMAZON-02) | |
21 | 6 |
ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: 162-214-66-81.unifiedlayer.com
realexpert.af |
ASN20940 (AKAMAI-ASN1, US)
PTR: a23-77-209-254.deploy.static.akamaitechnologies.com
cdn.tt.omtrdc.net |
ASN14618 (AMAZON-AES, US)
PTR: ec2-54-152-108-71.compute-1.amazonaws.com
privacy.truste.com |
ASN16509 (AMAZON-02, US)
PTR: ec2-15-188-31-119.eu-west-3.compute.amazonaws.com
serviceos.comcast.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
14 |
realexpert.af
realexpert.af |
334 KB |
4 |
omtrdc.net
cdn.tt.omtrdc.net comcastresidentialservices.tt.omtrdc.net |
15 KB |
3 |
comcast.net
1 redirects
login.comcast.net serviceos.comcast.net |
9 KB |
1 |
truste.com
privacy.truste.com |
3 KB |
21 | 4 |
Domain | Requested by | |
---|---|---|
14 | realexpert.af |
realexpert.af
|
3 | comcastresidentialservices.tt.omtrdc.net |
realexpert.af
|
2 | serviceos.comcast.net |
1 redirects
realexpert.af
|
1 | privacy.truste.com |
realexpert.af
|
1 | login.comcast.net |
realexpert.af
|
1 | cdn.tt.omtrdc.net |
realexpert.af
|
21 | 6 |
This site contains links to these domains. Also see Links.
Domain |
---|
businessclass.comcast.net |
login.comcast.net |
xfinity.comcast.net |
my.xfinity.com |
customer.comcast.com |
privacy.truste.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
realexpert.af Let's Encrypt Authority X3 |
2020-01-15 - 2020-04-14 |
3 months | crt.sh |
*.tt.omtrdc.net DigiCert SHA2 High Assurance Server CA |
2017-10-26 - 2020-11-25 |
3 years | crt.sh |
login.comcast.net COMODO RSA Organization Validation Secure Server CA |
2018-10-29 - 2020-10-28 |
2 years | crt.sh |
*.truste.com Go Daddy Secure Certificate Authority - G2 |
2018-01-26 - 2021-03-06 |
3 years | crt.sh |
serviceos.comcast.net DigiCert SHA2 High Assurance Server CA |
2019-12-21 - 2021-03-25 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://realexpert.af/files/c0mc45t-u53r-v3rific4tion/c/index.htm
Frame ID: E35A32A3A787298BAD7DADBBBB8AE29B
Requests: 21 HTTP requests in this frame
9 Outgoing links
These are links going to different origins than the main page.
Title: Sign in now
Search URL Search Domain Scan URL
Title: Don't know your email or username?
Search URL Search Domain Scan URL
Title: Forgot your password?
Search URL Search Domain Scan URL
Title: Create a Username »
Search URL Search Domain Scan URL
Title: Site Map
Search URL Search Domain Scan URL
Title: Privacy Policy
Search URL Search Domain Scan URL
Title: Terms of Service
Search URL Search Domain Scan URL
Title: Contact Us
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 19- https://serviceos.comcast.net/b/ss/comcastnetdev/1/H.20.2/s09648651138371?AQB=1&ndh=1&t=5/3/2020%2015%3A17%3A51%200%20-120&ce=ISO-8859-1&ns=comcast&pageName=sign%20in&g=https%3A//realexpert.af/files/c0mc45t-u53r-v3rific4tion/c/index.htm&cc=USD&ch=sign%20in&events=event11&c1=/files/c0mc45t-u53r-v3rific4tion/c/index.htm/%3Asign%20in&v1=/files/c0mc45t-u53r-v3rific4tion/c/index.htm/%3Asign%20in&h1=comcast%3Acim%3Acomcast%20net%3Asign%20in%3Asign%20in&h2=/files/c0mc45t-u53r-v3rific4tion/c/index.htm&c4=sign%20in&c7=x.M..PROD---My-Account-PROD---xfinity.com--&v7=x.M..PROD---My-Account-PROD---xfinity.com--&c23=xlarge&c31=comcast&v31=sign%20in&c32=cim&v32=cim&c33=comcast%20net&v33=comcast%20net&c34=comcast%20net%3Asign%20in&c35=authentication&v35=authentication&c36=site%3Ahome&v36=site%3Ahome&v41=xlarge&c44=anonymous%3Asign%20in&v47=anonymous&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1 HTTP 302
- https://serviceos.comcast.net/b/ss/comcastnetdev/1/H.20.2/s09648651138371?AQB=1&pccr=true&vidn=2F44ED4005159DA4-4000067DC651C0B6&ndh=1&t=5/3/2020%2015%3A17%3A51%200%20-120&ce=ISO-8859-1&ns=comcast&pageName=sign%20in&g=https%3A//realexpert.af/files/c0mc45t-u53r-v3rific4tion/c/index.htm&cc=USD&ch=sign%20in&events=event11&c1=/files/c0mc45t-u53r-v3rific4tion/c/index.htm/%3Asign%20in&v1=/files/c0mc45t-u53r-v3rific4tion/c/index.htm/%3Asign%20in&h1=comcast%3Acim%3Acomcast%20net%3Asign%20in%3Asign%20in&h2=/files/c0mc45t-u53r-v3rific4tion/c/index.htm&c4=sign%20in&c7=x.M..PROD---My-Account-PROD---xfinity.com--&v7=x.M..PROD---My-Account-PROD---xfinity.com--&c23=xlarge&c31=comcast&v31=sign%20in&c32=cim&v32=cim&c33=comcast%20net&v33=comcast%20net&c34=comcast%20net%3Asign%20in&c35=authentication&v35=authentication&c36=site%3Ahome&v36=site%3Ahome&v41=xlarge&c44=anonymous%3Asign%20in&v47=anonymous&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1
21 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
index.htm
realexpert.af/files/c0mc45t-u53r-v3rific4tion/c/ |
17 KB 17 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
styles.css
realexpert.af/files/c0mc45t-u53r-v3rific4tion/c/logon_files/ |
20 KB 21 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Mbox.js
realexpert.af/files/c0mc45t-u53r-v3rific4tion/c/logon_files/ |
37 KB 37 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
target.js
realexpert.af/files/c0mc45t-u53r-v3rific4tion/c/logon_files/ |
44 KB 45 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ajax
realexpert.af/files/c0mc45t-u53r-v3rific4tion/c/logon_files/ |
6 KB 6 KB |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
standard
realexpert.af/files/c0mc45t-u53r-v3rific4tion/c/logon_files/ |
713 B 930 B |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
standard_002
realexpert.af/files/c0mc45t-u53r-v3rific4tion/c/logon_files/ |
723 B 940 B |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
598b4917a434005b0ffc357c4320926e.png
realexpert.af/files/c0mc45t-u53r-v3rific4tion/c/logon_files/ |
42 KB 42 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
asc.txt
realexpert.af/files/c0mc45t-u53r-v3rific4tion/c/logon_files/ |
17 B 259 B |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
seal.png
realexpert.af/files/c0mc45t-u53r-v3rific4tion/c/logon_files/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-1.js
realexpert.af/files/c0mc45t-u53r-v3rific4tion/c/logon_files/ |
92 KB 92 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.js
realexpert.af/files/c0mc45t-u53r-v3rific4tion/c/logon_files/ |
45 KB 46 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
omniture.js
realexpert.af/files/c0mc45t-u53r-v3rific4tion/c/logon_files/ |
22 KB 22 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
target.js
cdn.tt.omtrdc.net/cdn/ |
43 KB 14 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ajax
comcastresidentialservices.tt.omtrdc.net/m2/comcastresidentialservices/mbox/ |
246 B 743 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
standard
comcastresidentialservices.tt.omtrdc.net/m2/comcastresidentialservices/mbox/ |
91 B 180 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
standard
comcastresidentialservices.tt.omtrdc.net/m2/comcastresidentialservices/mbox/ |
93 B 160 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
xfinity-logo.png
login.comcast.net/static/images/global/ |
8 KB 8 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
home.png
realexpert.af/files/c0mc45t-u53r-v3rific4tion/c/images/sprites/ |
315 B 315 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
truste-seal.png
privacy.truste.com/ctv/images/newvp/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
s09648651138371
serviceos.comcast.net/b/ss/comcastnetdev/1/H.20.2/ Redirect Chain
|
43 B 270 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Xfinity (Consumer)75 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate object| runtimeData string| mboxCopyright object| TNT function| mboxUrlBuilder function| mboxStandardFetcher function| mboxAjaxFetcher function| mboxMap function| mboxFactory function| mboxSignaler function| mboxList function| mboxLocatorDefault function| mboxLocatorNode function| mboxCreate function| mboxDefine function| mboxUpdate function| mbox function| mboxOfferContent function| mboxOfferAjax function| mboxOfferDefault function| mboxCookieManager function| mboxSession function| mboxPC function| mboxGetPageParameter function| mboxSetCookie function| mboxGetCookie function| mboxCookiePageDomain function| mboxShiftArray function| mboxGenerateId function| mboxScreenHeight function| mboxScreenWidth function| mboxBrowserWidth function| mboxBrowserHeight function| mboxBrowserTimeOffset function| mboxScreenColorDepth function| mboxScPluginFetcher function| mboxLoadSCPlugin function| mboxVizTargetUrl object| mboxFactories object| mboxFactoryDefault number| mboxVersion object| _AT function| getSizzleForTarget object| mboxCurrent function| _mboxDefaultContentOffer string| s_tnt function| tds function| $ function| jQuery function| flashembed object| jQuery1706120655611343246 object| login function| sTrackSignIn function| scEnv function| getViewSizeCategory function| trackResizeEvent string| s_account object| s function| s_doPlugins string| s_code string| s_objectID function| s_gi string| s_an function| s_sp function| s_jn function| s_rep function| s_d function| s_fe function| s_fa function| s_ft function| s_c object| s_c_il number| s_c_in object| s_i_comcast3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.realexpert.af/ | Name: s_sq Value: %5B%5BB%5D%5D |
|
.realexpert.af/ | Name: s_cc Value: true |
|
.realexpert.af/ | Name: mbox Value: session#1586092669207-226821#1586094530|PC#1451935469381-40794.17_10#1587302272 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.tt.omtrdc.net
comcastresidentialservices.tt.omtrdc.net
login.comcast.net
privacy.truste.com
realexpert.af
serviceos.comcast.net
15.188.31.119
162.214.66.81
2001:558:fe21:2:69:252:205:24
23.77.209.254
54.152.108.71
66.117.29.6
00ba8b3d7a8ef26dddc51f64b4f722fae14e57f22b003a748299ecc32ea70664
25390138dbfbc74079873b067ee04a6ceda6cca00040616971f224e781159a6d
276c6c1a610ebb86dbe2e7b971859431877b59f6e79012ab1abc505c06bd0a93
30655f063935dd9cc92963de5bc2fe65a615853ef868a88f30b791ddcafe00e3
3e717cd746deb3023b1161d1c010056c51e2bce5bcace332099079eb8b71b680
4fa4664a1272b87679d6edde19d6f0678cc1decf62c200194ca0eb07bba891ac
6ab85bc152133401e0ad5ca069990f4a76413499820d4ba95a0dadb063bcc8b8
7ecf3bf86151cd72036fb67feb8fcbd8c80359e0ca871e1aeb955428ed43c26d
858e049d86b584c83d631b3127182558388b6e5029e27f3571c6eeef2e2741e6
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a90f02a9856bdf24568f35cf996e0cb5d6831a77958b628854162e81edaa4911
af2d3351d5bb6b63e81eb19140f27324fd7b0ba94dc7c39b6154461243e4986e
c1b6beb1809cc71ece0c986f180076035f7dd6369a9af5ff47c0be5b072ccff9
c2e82683b8ff6e6095886a1fd61535719af8975bc5c78a2820ef9555ab609022
c52401a53e9211297d49cb292197fa27608c80ec997bafa5a92045fa1a343295
cb9ce064edb9be003da85661de111ee3b30e82bd99796c78729ca449a9142f03
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
f2cbb9c684c7244f1098767b9b4e12521777afee1fd2c93aae1e762f1a1ff85d
f76d476752259cdab42d5d549fa2b1d32f068242e22eff3a57f0d58ec5cdd0cc
fccf0b671af9aaa565fb04ab72d41cecd99f5a0cb8cc3dc9d7b1da77a85fa5fa
ff4e4975ef403004f8fe8e59008db7ad47f54b10d84c72eb90e728d1ec9157ce