update-area.fusaoperfeita.com Open in urlscan Pro
137.184.114.0 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://update-area.fusaoperfeita.com/
Submission: On November 26 via automatic, source phishtank (November 26th 2022, 2:39:19 am UTC) — Scanned from DE

Summary HTTP 13 Redirects Links 11 Behaviour Indicators

Summary

This website contacted 7 IPs in 3 countries across 5 domains to perform 13 HTTP transactions. The main IP is 137.184.114.0, located in Santa Clara, United States and belongs to DIGITALOCEAN-ASN, US. The main domain is update-area.fusaoperfeita.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on November 25th 2022. Valid for: 3 months.

This is the only time update-area.fusaoperfeita.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Xfinity (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
3	137.184.114.0 137.184.114.0	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
2	2a02:26f0:350... 2a02:26f0:3500:1b::1724:a397	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a02:26f0:170... 2a02:26f0:1700:38c::1b62	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2600:1f18:659... 2600:1f18:6593:f608:d96:5850:6736:187e	14618 (AMAZON-AES) (AMAZON-AES)
1 2	54.76.115.10 54.76.115.10	16509 (AMAZON-02) (AMAZON-02)
4	2a02:26f0:340... 2a02:26f0:3400:180::30d4	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
13	7

3 137.184.114.0 (Santa Clara, United States)

ASN14061 (DIGITALOCEAN-ASN, US)

update-area.fusaoperfeita.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:3500:1b::1724:a397 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

login.xfinity.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:1700:38c::1b62 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

sdx.xfinity.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f18:6593:f608:d96:5850:6736:187e (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

7468.v.fwmrm.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.76.115.10 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-76-115-10.eu-west-1.compute.amazonaws.com

xfinitydigital.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:26f0:3400:180::30d4 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

static.cimcontent.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	cimcontent.net static.cimcontent.net — Cisco Umbrella Rank: 29916	107 KB
4	xfinity.com login.xfinity.com — Cisco Umbrella Rank: 26566 sdx.xfinity.com — Cisco Umbrella Rank: 41101	218 KB
3	fusaoperfeita.com update-area.fusaoperfeita.com	15 KB
2	demdex.net 1 redirects xfinitydigital.demdex.net — Cisco Umbrella Rank: 88069	2 KB
1	fwmrm.net 7468.v.fwmrm.net — Cisco Umbrella Rank: 87442	411 B
13	5

	Domain	Requested by
4	static.cimcontent.net	login.xfinity.com
3	update-area.fusaoperfeita.com	update-area.fusaoperfeita.com
2	xfinitydigital.demdex.net	1 redirects update-area.fusaoperfeita.com
2	sdx.xfinity.com	update-area.fusaoperfeita.com
2	login.xfinity.com	update-area.fusaoperfeita.com
1	7468.v.fwmrm.net	update-area.fusaoperfeita.com
13	6

This site contains links to these domains. Also see Links.

Domain
xfinity.com
customer.xfinity.com
businessclass.comcast.net
xfinity.comcast.net
idm.xfinity.com
www.xfinity.com
my.xfinity.com
www.comcast.net
www.surveymonkey.com

Subject Issuer	Validity	Valid
update-area.fusaoperfeita.com cPanel, Inc. Certification Authority	`2022-11-25` - `2023-02-23`	3 months	crt.sh
login.xfinity.com COMODO RSA Organization Validation Secure Server CA	`2022-11-04` - `2023-11-04`	a year	crt.sh
www.xfinity.comcast.net COMODO RSA Organization Validation Secure Server CA	`2022-09-07` - `2023-09-07`	a year	crt.sh
*.v.fwmrm.net DigiCert TLS RSA SHA256 2020 CA1	`2022-11-09` - `2023-12-10`	a year	crt.sh
static.cimcontent.net COMODO RSA Organization Validation Secure Server CA	`2022-04-06` - `2023-04-06`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://update-area.fusaoperfeita.com/
Frame ID: D29512CEF785B06A6AF0C56A03596136
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sign in to Xfinity

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

13
Requests

92 %
HTTPS

67 %
IPv6

5
Domains

6
Subdomains

7
IPs

3
Countries

342 kB
Transfer

366 kB
Size

4
Cookies

11 Outgoing links

These are links going to different origins than the main page.

URL: https://xfinity.com/prepare
Title: Get help going virtual

Search URL Search Domain Scan URL

URL: https://customer.xfinity.com/lite
Title: quick bill pay

Search URL Search Domain Scan URL

URL: https://businessclass.comcast.net/?INTCMP=ILC-XfinityCom-MyAccountSigninCTA-BCPSignin01
Title: Sign in here

Search URL Search Domain Scan URL

URL: http://xfinity.comcast.net/privacy/
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://idm.xfinity.com/myaccount/lookup?continue=https%3A%2F%2Flogin.xfinity.com%2Flogin%3FselectAccount%3Dfalse%26ipAddrAuthn%3Dfalse%26passive%3Dfalse%26reqId%3D2f18f17f-5704-40b0-94a6-cb701cd8606a%26r%3Dcomcast.net%26s%3Dportal%26deviceAuthn%3Dfalse%26continue%3Dhttp%253A%252F%252Fxfinity.comcast.net%252F%26forceAuthn%3D0%26lang%3Den%26rm%3D2&lang=en
Title: Find your Xfinity ID

Search URL Search Domain Scan URL

URL: https://idm.xfinity.com/myaccount/create-uid?continue=https%3A%2F%2Flogin.xfinity.com%2Flogin%3FselectAccount%3Dfalse%26ipAddrAuthn%3Dfalse%26passive%3Dfalse%26reqId%3D2f18f17f-5704-40b0-94a6-cb701cd8606a%26r%3Dcomcast.net%26s%3Dportal%26deviceAuthn%3Dfalse%26continue%3Dhttp%253A%252F%252Fxfinity.comcast.net%252F%26forceAuthn%3D0%26lang%3Den%26rm%3D2&lang=en
Title: Create a new profile

Search URL Search Domain Scan URL

URL: https://www.xfinity.com/privacy/policy
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: http://my.xfinity.com/terms/web/
Title: Terms of Service

Search URL Search Domain Scan URL

URL: http://www.comcast.net/adinformation
Title: Ad Info

Search URL Search Domain Scan URL

URL: https://www.surveymonkey.com/s.aspx?sm=FyNNVDhj_2f2FNc2KVOHQ4eg_3d_3d
Title: Ad Feedback

Search URL Search Domain Scan URL

URL: https://www.xfinity.com/privacy/manage-preference
Title: Do Not Sell My Personal Information

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 4

https://xfinitydigital.demdex.net/event?d_sid=4702129 HTTP 302
https://xfinitydigital.demdex.net/firstevent?d_sid=4702129

13 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
update-area.fusaoperfeita.com/ 15 KB
15 KB 1667ms
1349ms Document
text/html 137.184.114.0
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://update-area.fusaoperfeita.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 137.184.114.0 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: Apache /
Resource Hash: a071053d576f829f7cb64402711517dc8c7ee49accbee4214e5d82f81ef92d0e

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Date: Sat, 26 Nov 2022 02:39:12 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive: timeout=5, max=100
Pragma: no-cache
Server: Apache
Transfer-Encoding: chunked

GET
H2 200 fonts-remote.min.css
login.xfinity.com/static/css/junket/ 3 KB
504 B 316ms
43ms Stylesheet
text/css 2a02:26f0:3500:1b::1724:a397
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://login.xfinity.com/static/css/junket/fonts-remote.min.css?v=c82b180

Requested by

Host: update-area.fusaoperfeita.com
URL: https://update-area.fusaoperfeita.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:1b::1724:a397 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Apache /

Resource Hash

032d8b49c68572a6136937e3f8f4fb10d94eefaf95418e557f44f1f04b715ba8

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://update-area.fusaoperfeita.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains;
content-encoding: gzip
date: Sat, 26 Nov 2022 02:39:13 GMT
last-modified: Thu, 10 Nov 2022 20:41:27 GMT
server: Apache
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=1761
accept-ranges: bytes
content-length: 307
expires: Sat, 26 Nov 2022 03:08:34 GMT

GET
H2 200 styles-stepped-out-light.min.css
login.xfinity.com/static/css/ 35 KB
10 KB 295ms
22ms Stylesheet
text/css 2a02:26f0:3500:1b::1724:a397
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://login.xfinity.com/static/css/styles-stepped-out-light.min.css?v=c82b180

Requested by

Host: update-area.fusaoperfeita.com
URL: https://update-area.fusaoperfeita.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:1b::1724:a397 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Apache /

Resource Hash

9bf52d4359863c9b52ac468ace80c32236e119666ed015d95ca760e01c0acd70

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://update-area.fusaoperfeita.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains;
content-encoding: gzip
date: Sat, 26 Nov 2022 02:39:13 GMT
last-modified: Fri, 18 Nov 2022 20:12:49 GMT
server: Apache
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=1800
accept-ranges: bytes
content-length: 9711
expires: Sat, 26 Nov 2022 03:09:13 GMT

GET
H2 200 0214c1dbd6e5109ad60a848425a8c655.png
sdx.xfinity.com/cms/data/cima/bin-202010/ 75 KB
75 KB 573ms
421ms Image
image/png 2a02:26f0:1700:38c::1b62
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sdx.xfinity.com/cms/data/cima/bin-202010/0214c1dbd6e5109ad60a848425a8c655.png

Requested by

Host: update-area.fusaoperfeita.com
URL: https://update-area.fusaoperfeita.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:38c::1b62 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

AmazonS3 /

Resource Hash

8f76b4202a5a66eaba4bd9a372bb302287dab1f7b897a141a9f0bb9a10b1018d

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://update-area.fusaoperfeita.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

unused62: 8096267
x-amz-version-id: null
date: Sat, 26 Nov 2022 02:39:14 GMT
strict-transport-security: max-age=86400
x-amz-cf-pop: FRA56-C2
content-length: 76399
last-modified: Tue, 06 Oct 2020 16:55:39 GMT
server: AmazonS3
etag: "247fd394086492f106ede6e2112b8946"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=600
x-amz-meta-noderef: Jjohn
accept-ranges: bytes
x-amz-cf-id: SuoDpvXjsV84Lg5f99_q8PSuR_ewGRoUgD8nxQmZRykqdcB5BhajOQ==

GET
H/1.1 200
OK u
7468.v.fwmrm.net/ad/ 0
411 B 616ms
98ms Image
text/html 2600:1f18:6593:f608:d96:5850:6736:187e
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://7468.v.fwmrm.net/ad/u?mode=echo&cr=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D796%26dpuuid=%23%7Buser.id%7D
Requested by: Host: update-area.fusaoperfeita.com
URL: https://update-area.fusaoperfeita.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:6593:f608:d96:5850:6736:187e Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://update-area.fusaoperfeita.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 26 Nov 2022 02:39:14 GMT
Content-Type: text/html
P3P: policyref="https://www.freewheel.tv/w3c/p3p.xml",CP="ALL DSP COR NID"
Cache-Control: no-store
Connection: keep-alive
Keep-Alive: timeout=300
Content-Length: 0
Expires: 0

GET
H/1.1

200
OK

firstevent
xfinitydigital.demdex.net/
Redirect Chain

https://xfinitydigital.demdex.net/event?d_sid=4702129
https://xfinitydigital.demdex.net/firstevent?d_sid=4702129

42 B
964 B

35ms
35ms

Image
image/gif

54.76.115.10
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://xfinitydigital.demdex.net/firstevent?d_sid=4702129

Requested by

Host: update-area.fusaoperfeita.com
URL: https://update-area.fusaoperfeita.com/

Protocol

HTTP/1.1

Server

54.76.115.10 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-76-115-10.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://update-area.fusaoperfeita.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v045-0078884aa.edge-irl1.demdex.com 3 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: HhNF/YDTSzc=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS: dcs-prod-irl1-2-v045-02b96ccc8.edge-irl1.demdex.com 0 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: wihoI6kwT8w=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://xfinitydigital.demdex.net/firstevent?d_sid=4702129
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H/1.1 404
Not Found jquery-3.3.1.min.js
update-area.fusaoperfeita.com/static/js/libs/ 0
0 157ms
157ms Script
text/html 137.184.114.0
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://update-area.fusaoperfeita.com/static/js/libs/jquery-3.3.1.min.js
Requested by: Host: update-area.fusaoperfeita.com
URL: https://update-area.fusaoperfeita.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 137.184.114.0 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: Apache /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://update-area.fusaoperfeita.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

Date: Sat, 26 Nov 2022 02:39:13 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=99
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 404
Not Found scripts-responsive.min.js
update-area.fusaoperfeita.com/static/js/ 0
0 295ms
157ms Script
text/html 137.184.114.0
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://update-area.fusaoperfeita.com/static/js/scripts-responsive.min.js?v=c82b180
Requested by: Host: update-area.fusaoperfeita.com
URL: https://update-area.fusaoperfeita.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 137.184.114.0 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: Apache /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://update-area.fusaoperfeita.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

Date: Sat, 26 Nov 2022 02:39:13 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=98
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H2 200 a6eabf890bd17fbbea28fb13064329ba.jpg
sdx.xfinity.com/cms/data/cima/bin-202006/ 132 KB
133 KB 560ms
410ms Image
image/jpeg 2a02:26f0:1700:38c::1b62
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sdx.xfinity.com/cms/data/cima/bin-202006/a6eabf890bd17fbbea28fb13064329ba.jpg

Requested by

Host: update-area.fusaoperfeita.com
URL: https://update-area.fusaoperfeita.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:38c::1b62 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

AmazonS3 /

Resource Hash

dbdc913afccda63f7888675987f5bd3f341e71ca311f4999e1e557d1ad7d2cda

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://update-area.fusaoperfeita.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

x-amz-version-id: null
date: Sat, 26 Nov 2022 02:39:14 GMT
strict-transport-security: max-age=86400
x-amz-cf-pop: FRA53-C1
content-length: 135396
last-modified: Thu, 11 Jun 2020 13:28:42 GMT
server: AmazonS3
etag: "441b7b6801b67205a3cfcf5549ad7d9d"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=600
x-amz-meta-noderef: Jjohn
accept-ranges: bytes
x-amz-cf-id: sCV-0ugfpmwtw-ivGpF8GBdZEwxn3nQoOOAgr7Z3wSXuM6Yz6vQGHA==

GET
DATA 200
OK truncated
/ 933 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4bd9c8ed57b1dd8fddcc2910170e9b81b40f7b628e272924e88a98f45ebb9aea

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 XfinityStandard-Regular.woff2
static.cimcontent.net/fonts/latest/Xfinity_Standard/ 26 KB
26 KB 280ms
8ms Font
font/woff2 2a02:26f0:3400:180::30d4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cimcontent.net/fonts/latest/Xfinity_Standard/XfinityStandard-Regular.woff2
Requested by: Host: login.xfinity.com
URL: https://login.xfinity.com/static/css/junket/fonts-remote.min.css?v=c82b180
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3400:180::30d4 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 138c0ead0fbcd09dd455df9870920e8725b367fbf02ac0cef0c62874000ab176

Request headers

Referer: https://login.xfinity.com/
Origin: https://update-area.fusaoperfeita.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

unused62: 8096267
x-amz-version-id: kLBQWhXkUwwuS0hOSKJ2GQ_XrNE.oQFF
date: Sat, 26 Nov 2022 02:39:14 GMT
last-modified: Fri, 24 Jan 2020 21:23:01 GMT
server: AmazonS3
x-amz-cf-pop: FRA53-C1
etag: "e3e79cd377b28c1e7ffea64b194136cf"
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=277097
accept-ranges: bytes
content-length: 26768
x-amz-cf-id: FHVGp_Gc5q6NjTIAxeEa75JuvL8UxBITtGuzflLjTmYSIOZTTXkTfQ==

GET
H2 200 XfinityStandard-Bold.woff2
static.cimcontent.net/fonts/latest/Xfinity_Standard/ 26 KB
27 KB 285ms
15ms Font
font/woff2 2a02:26f0:3400:180::30d4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cimcontent.net/fonts/latest/Xfinity_Standard/XfinityStandard-Bold.woff2
Requested by: Host: login.xfinity.com
URL: https://login.xfinity.com/static/css/junket/fonts-remote.min.css?v=c82b180
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3400:180::30d4 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 020e9e48d93ba9d27e827e8246dd9f855c388ff4697ba14d647fcc4d9b1ccdef

Request headers

Referer: https://login.xfinity.com/
Origin: https://update-area.fusaoperfeita.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

x-amz-version-id: LDG6wJQl1INH_wTGu7a9uUI1eheA5q.9
date: Sat, 26 Nov 2022 02:39:14 GMT
last-modified: Fri, 24 Jan 2020 21:23:01 GMT
server: AmazonS3
x-amz-cf-pop: FRA2-C1
etag: "4cf223c306de5325b4939d9d4ea2c5a5"
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=2110943
accept-ranges: bytes
content-length: 26896
x-amz-cf-id: qBaVPfZNzOOGanojymT28_jk5n7nQSAXhzPeOGuWDdHDVIX8wOxEaw==

GET
H2 200 XfinityStandard-Medium.woff2
static.cimcontent.net/fonts/latest/Xfinity_Standard/ 27 KB
27 KB 285ms
16ms Font
font/woff2 2a02:26f0:3400:180::30d4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cimcontent.net/fonts/latest/Xfinity_Standard/XfinityStandard-Medium.woff2
Requested by: Host: login.xfinity.com
URL: https://login.xfinity.com/static/css/junket/fonts-remote.min.css?v=c82b180
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3400:180::30d4 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 2a031939885bb7efba89d423c9ee7c0fe2bab465f18db63f40a9ae2bd7bc0228

Request headers

Referer: https://login.xfinity.com/
Origin: https://update-area.fusaoperfeita.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

unused62: 8096267
x-amz-version-id: 6t4RA2DS89tdf_2IK5vrc9JAOKCy9A40
date: Sat, 26 Nov 2022 02:39:14 GMT
last-modified: Fri, 24 Jan 2020 21:23:01 GMT
server: AmazonS3
x-amz-cf-pop: FRA2-C1
etag: "13709eac065721ba8cd0e2d1b6fa8026"
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=2382251
accept-ranges: bytes
content-length: 27152
x-amz-cf-id: OUYRYo1SToucyrTdaWdj8iTuo4tZbY6Del68nNXAHQeDH9KQ5Zo4oA==

GET
H2 200 XfinityStandard-Light.woff2
static.cimcontent.net/fonts/latest/Xfinity_Standard/ 27 KB
27 KB 293ms
24ms Font
font/woff2 2a02:26f0:3400:180::30d4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cimcontent.net/fonts/latest/Xfinity_Standard/XfinityStandard-Light.woff2
Requested by: Host: login.xfinity.com
URL: https://login.xfinity.com/static/css/junket/fonts-remote.min.css?v=c82b180
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3400:180::30d4 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AmazonS3 /
Resource Hash: fc6cd95261064c28600405c9c8dd51813abf8367e85b6e00f0f3031a8338988a

Request headers

Referer: https://login.xfinity.com/
Origin: https://update-area.fusaoperfeita.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

x-amz-version-id: wnCwOacXycelzt78IMkr55wWB9WkMd2W
date: Sat, 26 Nov 2022 02:39:14 GMT
last-modified: Fri, 24 Jan 2020 21:23:01 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
etag: "f05d3ebe80809d82ab14d62a79da544e"
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=921292
accept-ranges: bytes
content-length: 27420
x-amz-cf-id: ifuK20x0EIK5GvyzrlmIJqTf0BTR8NQCs4eRRYuyr_hC0600dGdH1Q==

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Xfinity (Consumer)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| runtimeData

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
update-area.fusaoperfeita.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: 513e24fb7f24e8a79ed867259201b4f8
.demdex.net/	1970-01-20 12:03:02	Name: demdex Value: 88047070371110115893694604234269897706
.xfinitydigital.demdex.net/	1970-01-20 12:03:02	Name: xfinitydigital Value: 88047070371110115893694604234269897706
.fwmrm.net/	1970-01-20 12:03:02	Name: _uid Value: "e393f_7170148773380018320"

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://update-area.fusaoperfeita.com/static/js/libs/jquery-3.3.1.min.js Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://update-area.fusaoperfeita.com/static/js/scripts-responsive.min.js?v=c82b180 Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

7468.v.fwmrm.net
login.xfinity.com
sdx.xfinity.com
static.cimcontent.net
update-area.fusaoperfeita.com
xfinitydigital.demdex.net
137.184.114.0
2600:1f18:6593:f608:d96:5850:6736:187e
2a02:26f0:1700:38c::1b62
2a02:26f0:3400:180::30d4
2a02:26f0:3500:1b::1724:a397
54.76.115.10
020e9e48d93ba9d27e827e8246dd9f855c388ff4697ba14d647fcc4d9b1ccdef
032d8b49c68572a6136937e3f8f4fb10d94eefaf95418e557f44f1f04b715ba8
138c0ead0fbcd09dd455df9870920e8725b367fbf02ac0cef0c62874000ab176
2a031939885bb7efba89d423c9ee7c0fe2bab465f18db63f40a9ae2bd7bc0228
4bd9c8ed57b1dd8fddcc2910170e9b81b40f7b628e272924e88a98f45ebb9aea
8f76b4202a5a66eaba4bd9a372bb302287dab1f7b897a141a9f0bb9a10b1018d
9bf52d4359863c9b52ac468ace80c32236e119666ed015d95ca760e01c0acd70
a071053d576f829f7cb64402711517dc8c7ee49accbee4214e5d82f81ef92d0e
dbdc913afccda63f7888675987f5bd3f341e71ca311f4999e1e557d1ad7d2cda
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
fc6cd95261064c28600405c9c8dd51813abf8367e85b6e00f0f3031a8338988a

update-area.fusaoperfeita.com Open in urlscan Pro 137.184.114.0 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

13 Requests

92 %HTTPS

67 %IPv6

5 Domains

6 Subdomains

7 IPs

3 Countries

342 kBTransfer

366 kBSize

4 Cookies

11 Outgoing links

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

4 Cookies

2 Console Messages

Indicators

update-area.fusaoperfeita.com Open in urlscan Pro
137.184.114.0 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

92 %
HTTPS

67 %
IPv6

5
Domains

6
Subdomains

7
IPs

3
Countries

342 kB
Transfer

366 kB
Size

4
Cookies

13 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!