xfinitycrypto.com Open in urlscan Pro
157.173.106.252 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://xfinitycrypto.com/
Submission: On September 24 via automatic, source certstream-suspicious (September 24th 2024, 11:01:34 pm UTC) — Scanned from GB

Summary HTTP 25 Redirects Links 5 Behaviour Indicators

Summary

This website contacted 5 IPs in 4 countries across 4 domains to perform 25 HTTP transactions. The main IP is 157.173.106.252, located in United Kingdom and belongs to CONTABO, DE. The main domain is xfinitycrypto.com.
TLS certificate: Issued by R11 on September 24th 2024. Valid for: 3 months.

This is the only time xfinitycrypto.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Xfinity (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
17	157.173.106.252 157.173.106.252	51167 (CONTABO) (CONTABO)
1	2a04:4e42:200... 2a04:4e42:200::649	54113 (FASTLY) (FASTLY)
1	2a02:26f0:350... 2a02:26f0:3500:582::2af2	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
5	2a02:26f0:e30... 2a02:26f0:e300:18a::30d4	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
25	5

17 157.173.106.252 (United Kingdom)

ASN51167 (CONTABO, DE)
PTR: vmi2137883.contaboserver.net

xfinitycrypto.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:200::649 (United States)

ASN54113 (FASTLY, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:582::2af2 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

cdn.comcast.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a02:26f0:e300:18a::30d4 (Prague, Czech Republic)

ASN20940 (AKAMAI-ASN1, NL)

static.cimcontent.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
17	xfinitycrypto.com xfinitycrypto.com	144 KB
5	cimcontent.net static.cimcontent.net — Cisco Umbrella Rank: 34693	117 KB
1	comcast.com cdn.comcast.com — Cisco Umbrella Rank: 44481	9 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 851	31 KB
25	4

	Domain	Requested by
17	xfinitycrypto.com	xfinitycrypto.com code.jquery.com
5	static.cimcontent.net	cdn.comcast.com xfinitycrypto.com
1	cdn.comcast.com	xfinitycrypto.com
1	code.jquery.com	xfinitycrypto.com
25	4

This site contains links to these domains. Also see Links.

Domain
my.xfinity.com
www.xfinity.com
customer.xfinity.com
idm.xfinity.com

Subject Issuer	Validity	Valid
xfinitycrypto.com R11	`2024-09-24` - `2024-12-23`	3 months	crt.sh
*.jquery.com Sectigo ECC Domain Validation Secure Server CA	`2024-06-25` - `2025-06-25`	a year	crt.sh
xapi.xfinity.com COMODO RSA Organization Validation Secure Server CA	`2024-02-27` - `2025-02-26`	a year	crt.sh
static.cimcontent.net COMODO RSA Organization Validation Secure Server CA	`2024-03-19` - `2025-03-19`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://xfinitycrypto.com/
Frame ID: 11D8F406CED066BA994A3E5DCB9AC5F6
Requests: 25 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sign in to Xfinity

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

25
Requests

96 %
HTTPS

75 %
IPv6

4
Domains

4
Subdomains

5
IPs

4
Countries

300 kB
Transfer

726 kB
Size

1
Cookies

5 Outgoing links

These are links going to different origins than the main page.

URL: http://my.xfinity.com/terms/web/
Title: Terms of Service

Search URL Search Domain Scan URL

URL: https://www.xfinity.com/privacy/
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://customer.xfinity.com/lite
Title: Pay any balance without signing in

Search URL Search Domain Scan URL

URL: https://idm.xfinity.com/myaccount/lookup?continue=https%3A%2F%2Flogin.xfinity.com%2Flogin%3Fr%3Dcomcast.net%26s%3Dportal%26reqId%3D8844e05a-4802-4f9c-9c22-a02c613b211a%26rm%3D2%26ui_style%3Dlight&ui_style=light
Title: Find your Xfinity ID

Search URL Search Domain Scan URL

URL: https://idm.xfinity.com/myaccount/create-uid?continue=https%3A%2F%2Flogin.xfinity.com%2Flogin%3Fr%3Dcomcast.net%26s%3Dportal%26reqId%3D8844e05a-4802-4f9c-9c22-a02c613b211a%26rm%3D2%26ui_style%3Dlight&ui_style=light
Title: Create a new Xfinity ID

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

25 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response xfinitycrypto.com/	8 KB 3 KB	252ms 99ms	Document text/html	157.173.106.252 CONTABO
General Check archive.org Show headers Download Go to Full URL https://xfinitycrypto.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 157.173.106.252 , United Kingdom, ASN51167 (CONTABO, DE), Reverse DNS vmi2137883.contaboserver.net Software LiteSpeed / PHP/7.0.33 PleskLin Resource Hash `79165f8be5688d485cc06e84fe3f6b22c50179d09f1c4a648b25e4aff493d4b5` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Response headers alt-svc h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46" cache-control no-store, no-cache, must-revalidate content-encoding br content-length 2591 content-type text/html; charset=UTF-8 date Tue, 24 Sep 2024 23:01:28 GMT expires Thu, 19 Nov 1981 08:52:00 GMT pragma no-cache server LiteSpeed vary Accept-Encoding x-powered-by PHP/7.0.33 PleskLin
GET H2	200	jquery-3.6.0.min.js Show response code.jquery.com/	87 KB 31 KB	91ms 26ms	Script application/javascript	2a04:4e42:200::649 FASTLY
General Check archive.org Show headers Download Go to Full URL https://code.jquery.com/jquery-3.6.0.min.js Requested by Host: xfinitycrypto.com URL: https://xfinitycrypto.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42:200::649 , United States, ASN54113 (FASTLY, US), Reverse DNS Software nginx / Resource Hash `ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer https://xfinitycrypto.com/ Response headers content-encoding gzip etag W/"28feccc0-15d9d" age 3410993 x-cache HIT, HIT date Tue, 24 Sep 2024 23:01:28 GMT content-type application/javascript; charset=utf-8 last-modified Fri, 18 Oct 1991 12:00:00 GMT x-cache-hits 222029, 4798 x-served-by cache-lga21931-LGA, cache-man4149-MAN vary Accept-Encoding cache-control public, max-age=31536000, stale-while-revalidate=604800 x-timer S1727218889.603290,VS0,VE0 cross-origin-resource-policy cross-origin via 1.1 varnish, 1.1 varnish accept-ranges bytes access-control-allow-origin * content-length 30875 server nginx
GET H2	200	cookie-consent.css cdn.comcast.com/cmp/css/	58 KB 9 KB	368ms 67ms	Stylesheet text/css	2a02:26f0:3500:582::2af2 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://cdn.comcast.com/cmp/css/cookie-consent.css Requested by Host: xfinitycrypto.com URL: https://xfinitycrypto.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:3500:582::2af2 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash `44e0fc67298d6784f10f9cebec5a0656af66c9567f6ad000a64ecd60466aed79` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer https://xfinitycrypto.com/ Response headers x-robots-tag noindex, nofollow cache-control max-age=1605063 content-encoding br etag "8dfa7aa09a8bab0686b2d7224754e716:1714568163.244156" expires Sun, 13 Oct 2024 12:52:31 GMT accept-ranges bytes content-length 8870 date Tue, 24 Sep 2024 23:01:28 GMT content-type text/css last-modified Wed, 14 Aug 2024 07:19:58 GMT
GET H2	404	prism-ui-f31ef7f.css xfinitycrypto.com/static/resi/dist/prism-ui/	0 0	90ms 88ms	Stylesheet text/html	157.173.106.252 CONTABO
General Check archive.org Show headers Download Go to Full URL https://xfinitycrypto.com/static/resi/dist/prism-ui/prism-ui-f31ef7f.css Requested by Host: xfinitycrypto.com URL: https://xfinitycrypto.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 157.173.106.252 , United Kingdom, ASN51167 (CONTABO, DE), Reverse DNS vmi2137883.contaboserver.net Software LiteSpeed / PleskLin Resource Hash Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer https://xfinitycrypto.com/ Response headers cache-control private, no-cache, no-store, must-revalidate, max-age=0 content-length 1163 pragma no-cache date Tue, 24 Sep 2024 23:01:28 GMT content-type text/html x-powered-by PleskLin server LiteSpeed
GET H2	200	bundle-f31ef7f.css xfinitycrypto.com/static/resi/dist/	110 KB 13 KB	89ms 88ms	Stylesheet text/css	157.173.106.252 CONTABO
General Check archive.org Show headers Download Go to Full URL https://xfinitycrypto.com/static/resi/dist/bundle-f31ef7f.css Requested by Host: xfinitycrypto.com URL: https://xfinitycrypto.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 157.173.106.252 , United Kingdom, ASN51167 (CONTABO, DE), Reverse DNS vmi2137883.contaboserver.net Software LiteSpeed / PleskLin Resource Hash `072abf32e05eccea6ffbc53888a3ab267116baeca5f02b7d4aa25956e9318aa4` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer https://xfinitycrypto.com/ Response headers cache-control public, max-age=604800 content-encoding br etag "1b615-66edbfe4-987704ea08ecc413;br" expires Tue, 01 Oct 2024 23:01:28 GMT accept-ranges bytes content-length 13376 date Tue, 24 Sep 2024 23:01:28 GMT content-type text/css last-modified Fri, 20 Sep 2024 18:33:08 GMT vary Accept-Encoding server LiteSpeed x-powered-by PleskLin
GET H2	200	prism-ui.esm-f31ef7f.js Show response xfinitycrypto.com/static/resi/dist/prism-ui/	15 KB 4 KB	88ms 87ms	Script application/javascript	157.173.106.252 CONTABO
General Check archive.org Show headers Download Go to Full URL https://xfinitycrypto.com/static/resi/dist/prism-ui/prism-ui.esm-f31ef7f.js Requested by Host: xfinitycrypto.com URL: https://xfinitycrypto.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 157.173.106.252 , United Kingdom, ASN51167 (CONTABO, DE), Reverse DNS vmi2137883.contaboserver.net Software LiteSpeed / PleskLin Resource Hash `429f2467a85f164f6b31fbc138d607ad503a83925babd7508996b184e91749e5` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Origin https://xfinitycrypto.com Referer https://xfinitycrypto.com/ Response headers cache-control public, max-age=604800 content-encoding br etag "3cb2-66edbfe4-462a2d2f73a3c00;br" expires Tue, 01 Oct 2024 23:01:28 GMT accept-ranges bytes content-length 4106 date Tue, 24 Sep 2024 23:01:28 GMT content-type application/javascript last-modified Fri, 20 Sep 2024 18:33:08 GMT vary Accept-Encoding server LiteSpeed x-powered-by PleskLin
GET H3	200	bundle-f31ef7f.js Show response xfinitycrypto.com/static/resi/dist/	7 KB 2 KB	49ms 48ms	Script application/javascript	157.173.106.252 CONTABO
General Check archive.org Show headers Download Go to Full URL https://xfinitycrypto.com/static/resi/dist/bundle-f31ef7f.js Requested by Host: xfinitycrypto.com URL: https://xfinitycrypto.com/ Protocol H3 Security QUIC, , AES_128_GCM Server 157.173.106.252 , United Kingdom, ASN51167 (CONTABO, DE), Reverse DNS vmi2137883.contaboserver.net Software LiteSpeed / PleskLin Resource Hash `fb4952c9fc3a6cd968668bf23a97450563a1605a4950ac64142499a3ff725cce` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer https://xfinitycrypto.com/ Response headers cache-control public, max-age=604800 content-encoding br etag "1b26-66edbfe4-3c1bf798984066cb;br" expires Tue, 01 Oct 2024 23:01:28 GMT accept-ranges bytes content-length 1858 date Tue, 24 Sep 2024 23:01:28 GMT content-type application/javascript last-modified Fri, 20 Sep 2024 18:33:08 GMT vary Accept-Encoding server LiteSpeed x-powered-by PleskLin
GET H2	200	foto.jpg xfinitycrypto.com/	82 KB 83 KB	88ms 87ms	Image image/jpeg	157.173.106.252 CONTABO
General Check archive.org Show headers Download Go to Show image Full URL https://xfinitycrypto.com/foto.jpg Requested by Host: xfinitycrypto.com URL: https://xfinitycrypto.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 157.173.106.252 , United Kingdom, ASN51167 (CONTABO, DE), Reverse DNS vmi2137883.contaboserver.net Software LiteSpeed / PleskLin Resource Hash `340c4a9903e44f5cee84d1868edeeb80b50b70bb28da93a69fff90050fedb6d2` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer https://xfinitycrypto.com/ Response headers cache-control public, max-age=604800 etag "149b7-66f07acc-39bf5b94d432ada6;;;" expires Tue, 01 Oct 2024 23:01:28 GMT accept-ranges bytes content-length 84407 date Tue, 24 Sep 2024 23:01:28 GMT content-type image/jpeg last-modified Sun, 22 Sep 2024 20:15:08 GMT server LiteSpeed x-powered-by PleskLin
GET H3	200	p-2e5f7a36.js Show response xfinitycrypto.com/static/resi/dist/prism-ui/	49 KB 11 KB	43ms 42ms	Script application/javascript	157.173.106.252 CONTABO
General Check archive.org Show headers Download Go to Full URL https://xfinitycrypto.com/static/resi/dist/prism-ui/p-2e5f7a36.js Requested by Host: xfinitycrypto.com URL: https://xfinitycrypto.com/ Protocol H3 Security QUIC, , AES_128_GCM Server 157.173.106.252 , United Kingdom, ASN51167 (CONTABO, DE), Reverse DNS vmi2137883.contaboserver.net Software LiteSpeed / PleskLin Resource Hash `3b10e3a8806a574c2d4df2429d96881b0734a05913b88dd748674018861278b6` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Origin https://xfinitycrypto.com Referer https://xfinitycrypto.com/static/resi/dist/prism-ui/prism-ui.esm-f31ef7f.js Response headers cache-control public, max-age=604800 content-encoding br etag "c4f6-66edbfe4-5419f4b3d409a5cd;br" expires Tue, 01 Oct 2024 23:01:28 GMT accept-ranges bytes alt-svc h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46" content-length 11151 date Tue, 24 Sep 2024 23:01:28 GMT content-type application/javascript last-modified Fri, 20 Sep 2024 18:33:08 GMT vary Accept-Encoding server LiteSpeed x-powered-by PleskLin
GET H3	200	p-40a2e185.js Show response xfinitycrypto.com/static/resi/dist/prism-ui/	64 KB 7 KB	43ms 43ms	Script application/javascript	157.173.106.252 CONTABO
General Check archive.org Show headers Download Go to Full URL https://xfinitycrypto.com/static/resi/dist/prism-ui/p-40a2e185.js Requested by Host: xfinitycrypto.com URL: https://xfinitycrypto.com/ Protocol H3 Security QUIC, , AES_128_GCM Server 157.173.106.252 , United Kingdom, ASN51167 (CONTABO, DE), Reverse DNS vmi2137883.contaboserver.net Software LiteSpeed / PleskLin Resource Hash `5dfc2f8c0c3b15a1cae760f5705395396f219ffb11b54732dc04a4d61e61bbdb` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Origin https://xfinitycrypto.com Referer https://xfinitycrypto.com/static/resi/dist/prism-ui/prism-ui.esm-f31ef7f.js Response headers cache-control public, max-age=604800 content-encoding br etag "ff04-66edbfe4-a7b9c78ed18d35b0;br" expires Tue, 01 Oct 2024 23:01:28 GMT accept-ranges bytes content-length 7575 date Tue, 24 Sep 2024 23:01:28 GMT content-type application/javascript last-modified Fri, 20 Sep 2024 18:33:08 GMT vary Accept-Encoding server LiteSpeed x-powered-by PleskLin
GET H3	200	xfinity-logo-grey.svg xfinitycrypto.com/static/images/global/	939 B 581 B	45ms 45ms	Image image/svg+xml	157.173.106.252 CONTABO
General Check archive.org Show headers Download Go to Show image Full URL https://xfinitycrypto.com/static/images/global/xfinity-logo-grey.svg Requested by Host: xfinitycrypto.com URL: https://xfinitycrypto.com/static/resi/dist/bundle-f31ef7f.css Protocol H3 Security QUIC, , AES_128_GCM Server 157.173.106.252 , United Kingdom, ASN51167 (CONTABO, DE), Reverse DNS vmi2137883.contaboserver.net Software LiteSpeed / PleskLin Resource Hash `15334e1a1a24d9f0f0a3daaedc6f438e3bdd6ef11d7fefb7d37e3208094c7089` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer https://xfinitycrypto.com/static/resi/dist/bundle-f31ef7f.css Response headers cache-control public, max-age=604800 content-encoding br etag "3ab-66edbfe4-d6fd9712c096d821;br" expires Tue, 01 Oct 2024 23:01:28 GMT accept-ranges bytes content-length 517 date Tue, 24 Sep 2024 23:01:28 GMT content-type image/svg+xml last-modified Fri, 20 Sep 2024 18:33:08 GMT vary Accept-Encoding server LiteSpeed x-powered-by PleskLin
GET H2	200	dmsans-regular.woff2 static.cimcontent.net/common-web-assets/fonts/dm-sans/	29 KB 30 KB	427ms 59ms	Font binary/octet-stream	2a02:26f0:e300:18a::30d4 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://static.cimcontent.net/common-web-assets/fonts/dm-sans/dmsans-regular.woff2 Requested by Host: cdn.comcast.com URL: https://cdn.comcast.com/cmp/css/cookie-consent.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:e300:18a::30d4 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software AmazonS3 / Resource Hash `40aefc09f33205666c2c42f20d54285147ae9434ef5f8018481950fd67ddcb68` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Origin https://xfinitycrypto.com Referer https://cdn.comcast.com/ Response headers cache-control max-age=31536000 etag "b9d5e5cad821648da76e2fedb6c6a680" x-amz-version-id LTrIZt0ZiG46W6fMSET6X5_wAZOXYp7t accept-ranges bytes access-control-allow-origin * content-length 29920 x-amz-cf-id cShWuMK8EypDnBphfVzfZ7CNZ9l0_4M6Ywa_D6X0HmzdG3k9shY11A== date Tue, 24 Sep 2024 23:01:29 GMT content-type binary/octet-stream last-modified Wed, 31 Jan 2024 22:21:43 GMT server AmazonS3 x-amz-cf-pop PRG50-C1 x-amz-server-side-encryption AES256
GET H3	200	p-e342f715.entry.js Show response xfinitycrypto.com/static/resi/dist/prism-ui/	22 KB 4 KB	83ms 81ms	Script application/javascript	157.173.106.252 CONTABO
General Check archive.org Show headers Download Go to Full URL https://xfinitycrypto.com/static/resi/dist/prism-ui/p-e342f715.entry.js Requested by Host: xfinitycrypto.com URL: https://xfinitycrypto.com/static/resi/dist/prism-ui/p-2e5f7a36.js Protocol H3 Security QUIC, , AES_128_GCM Server 157.173.106.252 , United Kingdom, ASN51167 (CONTABO, DE), Reverse DNS vmi2137883.contaboserver.net Software LiteSpeed / PleskLin Resource Hash `f7473097e7aab6b9e3c9f55278543eb5921235a7c08625d5389e83f5890dd21f` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Origin https://xfinitycrypto.com Referer https://xfinitycrypto.com/static/resi/dist/prism-ui/p-2e5f7a36.js Response headers cache-control public, max-age=604800 content-encoding br etag "585b-66edbfe4-e4131dd0fdbc073;br" expires Tue, 01 Oct 2024 23:01:29 GMT accept-ranges bytes content-length 3725 date Tue, 24 Sep 2024 23:01:29 GMT content-type application/javascript last-modified Fri, 20 Sep 2024 18:33:08 GMT vary Accept-Encoding server LiteSpeed x-powered-by PleskLin
GET H3	200	p-4b872300.entry.js Show response xfinitycrypto.com/static/resi/dist/prism-ui/	9 KB 2 KB	83ms 81ms	Script application/javascript	157.173.106.252 CONTABO
General Check archive.org Show headers Download Go to Full URL https://xfinitycrypto.com/static/resi/dist/prism-ui/p-4b872300.entry.js Requested by Host: xfinitycrypto.com URL: https://xfinitycrypto.com/static/resi/dist/prism-ui/p-2e5f7a36.js Protocol H3 Security QUIC, , AES_128_GCM Server 157.173.106.252 , United Kingdom, ASN51167 (CONTABO, DE), Reverse DNS vmi2137883.contaboserver.net Software LiteSpeed / PleskLin Resource Hash `2295be302793d2f42405a98e28fabc5b59b592326bc91f34bce7c7d170542bf5` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Origin https://xfinitycrypto.com Referer https://xfinitycrypto.com/static/resi/dist/prism-ui/p-2e5f7a36.js Response headers cache-control public, max-age=604800 content-encoding br etag "23d1-66edbfe4-2e7d9cade493f9a3;br" expires Tue, 01 Oct 2024 23:01:29 GMT accept-ranges bytes content-length 2479 date Tue, 24 Sep 2024 23:01:29 GMT content-type application/javascript last-modified Fri, 20 Sep 2024 18:33:08 GMT vary Accept-Encoding server LiteSpeed x-powered-by PleskLin
GET H3	200	p-970d020d.entry.js Show response xfinitycrypto.com/static/resi/dist/prism-ui/	60 KB 6 KB	83ms 81ms	Script application/javascript	157.173.106.252 CONTABO
General Check archive.org Show headers Download Go to Full URL https://xfinitycrypto.com/static/resi/dist/prism-ui/p-970d020d.entry.js Requested by Host: xfinitycrypto.com URL: https://xfinitycrypto.com/static/resi/dist/prism-ui/p-2e5f7a36.js Protocol H3 Security QUIC, , AES_128_GCM Server 157.173.106.252 , United Kingdom, ASN51167 (CONTABO, DE), Reverse DNS vmi2137883.contaboserver.net Software LiteSpeed / PleskLin Resource Hash `4139b1e543d66e9fb6dbf7a7eefef0a885df8bd1abcc420b425bf09133b212cc` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Origin https://xfinitycrypto.com Referer https://xfinitycrypto.com/static/resi/dist/prism-ui/p-2e5f7a36.js Response headers cache-control public, max-age=604800 content-encoding br etag "ee7f-66edbfe4-6e29d04ed7ef1ac3;br" expires Tue, 01 Oct 2024 23:01:29 GMT accept-ranges bytes content-length 6491 date Tue, 24 Sep 2024 23:01:29 GMT content-type application/javascript last-modified Fri, 20 Sep 2024 18:33:08 GMT vary Accept-Encoding server LiteSpeed x-powered-by PleskLin
GET H3	200	p-e6702d2f.entry.js Show response xfinitycrypto.com/static/resi/dist/prism-ui/	24 KB 5 KB	83ms 82ms	Script application/javascript	157.173.106.252 CONTABO
General Check archive.org Show headers Download Go to Full URL https://xfinitycrypto.com/static/resi/dist/prism-ui/p-e6702d2f.entry.js Requested by Host: xfinitycrypto.com URL: https://xfinitycrypto.com/static/resi/dist/prism-ui/p-2e5f7a36.js Protocol H3 Security QUIC, , AES_128_GCM Server 157.173.106.252 , United Kingdom, ASN51167 (CONTABO, DE), Reverse DNS vmi2137883.contaboserver.net Software LiteSpeed / PleskLin Resource Hash `f6ea410bbc67ad53752bf791cc29b496431a30c87030fe800df75128e113bc41` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Origin https://xfinitycrypto.com Referer https://xfinitycrypto.com/static/resi/dist/prism-ui/p-2e5f7a36.js Response headers cache-control public, max-age=604800 content-encoding br etag "6103-66edbfe4-cbb4ec622f124c2d;br" expires Tue, 01 Oct 2024 23:01:29 GMT accept-ranges bytes content-length 5011 date Tue, 24 Sep 2024 23:01:29 GMT content-type application/javascript last-modified Fri, 20 Sep 2024 18:33:08 GMT vary Accept-Encoding server LiteSpeed x-powered-by PleskLin
GET H3	200	p-ffcc84e7.js Show response xfinitycrypto.com/static/resi/dist/prism-ui/	2 KB 891 B	40ms 39ms	Script application/javascript	157.173.106.252 CONTABO
General Check archive.org Show headers Download Go to Full URL https://xfinitycrypto.com/static/resi/dist/prism-ui/p-ffcc84e7.js Requested by Host: xfinitycrypto.com URL: https://xfinitycrypto.com/ Protocol H3 Security QUIC, , AES_128_GCM Server 157.173.106.252 , United Kingdom, ASN51167 (CONTABO, DE), Reverse DNS vmi2137883.contaboserver.net Software LiteSpeed / PleskLin Resource Hash `96db8a772f2b325f667c4e08bc67d3f2af39d3725f61c4bab36b86540d3f0935` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Origin https://xfinitycrypto.com Referer https://xfinitycrypto.com/static/resi/dist/prism-ui/p-e342f715.entry.js Response headers cache-control public, max-age=604800 content-encoding br etag "7ba-66edbfe4-ace3acfccff11d56;br" expires Tue, 01 Oct 2024 23:01:29 GMT accept-ranges bytes content-length 840 date Tue, 24 Sep 2024 23:01:29 GMT content-type application/javascript last-modified Fri, 20 Sep 2024 18:33:08 GMT vary Accept-Encoding server LiteSpeed x-powered-by PleskLin
GET H3	200	p-293a686b.js Show response xfinitycrypto.com/static/resi/dist/prism-ui/	417 B 336 B	49ms 48ms	Script application/javascript	157.173.106.252 CONTABO
General Check archive.org Show headers Download Go to Full URL https://xfinitycrypto.com/static/resi/dist/prism-ui/p-293a686b.js Requested by Host: xfinitycrypto.com URL: https://xfinitycrypto.com/ Protocol H3 Security QUIC, , AES_128_GCM Server 157.173.106.252 , United Kingdom, ASN51167 (CONTABO, DE), Reverse DNS vmi2137883.contaboserver.net Software LiteSpeed / PleskLin Resource Hash `ee78ee0062aa12abe7332410786d04dd04b0a29acc9665dc42083a522e6b51f0` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Origin https://xfinitycrypto.com Referer https://xfinitycrypto.com/static/resi/dist/prism-ui/p-e6702d2f.entry.js Response headers cache-control public, max-age=604800 content-encoding br etag "1a1-66edbfe4-bc940157683fc826;br" expires Tue, 01 Oct 2024 23:01:29 GMT accept-ranges bytes content-length 285 date Tue, 24 Sep 2024 23:01:29 GMT content-type application/javascript last-modified Fri, 20 Sep 2024 18:33:08 GMT vary Accept-Encoding server LiteSpeed x-powered-by PleskLin
GET H2	200	ic_caret_button_right_outline.svg Show response static.cimcontent.net/common-web-assets/xds_icons/svg/caret_button_right/	325 B 596 B	200ms 58ms	Fetch image/svg+xml	2a02:26f0:e300:18a::30d4 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://static.cimcontent.net/common-web-assets/xds_icons/svg/caret_button_right/ic_caret_button_right_outline.svg Requested by Host: xfinitycrypto.com URL: https://xfinitycrypto.com/static/resi/dist/prism-ui/p-e342f715.entry.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:e300:18a::30d4 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software AmazonS3 / Resource Hash `4b89e9bc8788ed4548ddde508c673ecd68ebce800f378d2a051c0c7f36fd2111` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer https://xfinitycrypto.com/ Response headers cache-control max-age=31536000 etag "78473aeb0a74fcae84803ca1ce56fd88" x-amz-version-id QI4mU2d_LpwdNwvEYWns_tgK6IsUoEqu accept-ranges bytes access-control-allow-origin * content-length 325 x-amz-cf-id lG02Cg7iHqAVLcBWtGhbKGwuxanrj5sx6jsBdk6YC2uSv5tahom6VA== date Tue, 24 Sep 2024 23:01:29 GMT content-type image/svg+xml last-modified Wed, 01 Sep 2021 16:28:09 GMT server AmazonS3 x-amz-cf-pop VIE50-C2
GET H2	200	ic_caret_button_right_outline.svg Show response static.cimcontent.net/common-web-assets/xds_icons/svg/caret_button_right/	325 B 0	200ms 200ms	Fetch image/svg+xml	2a02:26f0:e300:18a::30d4 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://static.cimcontent.net/common-web-assets/xds_icons/svg/caret_button_right/ic_caret_button_right_outline.svg Requested by Host: xfinitycrypto.com URL: https://xfinitycrypto.com/static/resi/dist/prism-ui/p-e342f715.entry.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:e300:18a::30d4 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software AmazonS3 / Resource Hash `4b89e9bc8788ed4548ddde508c673ecd68ebce800f378d2a051c0c7f36fd2111` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer https://xfinitycrypto.com/ Response headers cache-control max-age=31536000 etag "78473aeb0a74fcae84803ca1ce56fd88" x-amz-version-id QI4mU2d_LpwdNwvEYWns_tgK6IsUoEqu accept-ranges bytes access-control-allow-origin * content-length 325 x-amz-cf-id lG02Cg7iHqAVLcBWtGhbKGwuxanrj5sx6jsBdk6YC2uSv5tahom6VA== date Tue, 24 Sep 2024 23:01:29 GMT content-type image/svg+xml last-modified Wed, 01 Sep 2021 16:28:09 GMT server AmazonS3 x-amz-cf-pop VIE50-C2
GET H2	200	ic_caret_button_right_outline.svg Show response static.cimcontent.net/common-web-assets/xds_icons/svg/caret_button_right/	325 B 0	200ms 200ms	Fetch image/svg+xml	2a02:26f0:e300:18a::30d4 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://static.cimcontent.net/common-web-assets/xds_icons/svg/caret_button_right/ic_caret_button_right_outline.svg Requested by Host: xfinitycrypto.com URL: https://xfinitycrypto.com/static/resi/dist/prism-ui/p-e342f715.entry.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:e300:18a::30d4 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software AmazonS3 / Resource Hash `4b89e9bc8788ed4548ddde508c673ecd68ebce800f378d2a051c0c7f36fd2111` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer https://xfinitycrypto.com/ Response headers cache-control max-age=31536000 etag "78473aeb0a74fcae84803ca1ce56fd88" x-amz-version-id QI4mU2d_LpwdNwvEYWns_tgK6IsUoEqu accept-ranges bytes access-control-allow-origin * content-length 325 x-amz-cf-id lG02Cg7iHqAVLcBWtGhbKGwuxanrj5sx6jsBdk6YC2uSv5tahom6VA== date Tue, 24 Sep 2024 23:01:29 GMT content-type image/svg+xml last-modified Wed, 01 Sep 2021 16:28:09 GMT server AmazonS3 x-amz-cf-pop VIE50-C2
GET H2	200	xfinitybrown-bold.woff2 static.cimcontent.net/common-web-assets/fonts/xfinity-brown-optimized/	87 KB 87 KB	162ms 59ms	Font binary/octet-stream	2a02:26f0:e300:18a::30d4 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://static.cimcontent.net/common-web-assets/fonts/xfinity-brown-optimized/xfinitybrown-bold.woff2 Requested by Host: cdn.comcast.com URL: https://cdn.comcast.com/cmp/css/cookie-consent.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:e300:18a::30d4 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software AmazonS3 / Resource Hash `69420c9db91c689c4ea04655f57a0bcea09b71003f21cd5e56afa71b80f049f0` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Origin https://xfinitycrypto.com Referer https://cdn.comcast.com/ Response headers unused62 8096267 cache-control max-age=31536000 etag "ee9034e40cbca864ab03bdfab7ea3f8f" x-amz-version-id CZ_MLxzcZL3hhcinvciJrKax9c7YK2xt accept-ranges bytes access-control-allow-origin * content-length 88920 x-amz-cf-id 4-lSgZauKqdRsOVJz0s0hJSBphRmSZ-bY2e9I17i0e6UBCNWJ5skUQ== date Tue, 24 Sep 2024 23:01:29 GMT content-type binary/octet-stream last-modified Wed, 01 Sep 2021 16:24:41 GMT server AmazonS3 x-amz-cf-pop VIE50-P1
GET H3	200	favicon.ico xfinitycrypto.com/static/images/favicon/	11 KB 940 B	42ms 42ms	Other image/vnd.microsoft.icon	157.173.106.252 CONTABO
General Check archive.org Show headers Download Go to Full URL https://xfinitycrypto.com/static/images/favicon/favicon.ico Protocol H3 Security QUIC, , AES_128_GCM Server 157.173.106.252 , United Kingdom, ASN51167 (CONTABO, DE), Reverse DNS vmi2137883.contaboserver.net Software LiteSpeed / PleskLin Resource Hash `aa050de8862f7eaa8ea290eb9612bf949d6a2c8a6ea60ce60df5af3697c89a7d` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer https://xfinitycrypto.com/ Response headers content-encoding br etag "2b46-66edbfe4-9bf8203afa270089;br" accept-ranges bytes content-length 870 date Tue, 24 Sep 2024 23:01:29 GMT content-type image/vnd.microsoft.icon last-modified Fri, 20 Sep 2024 18:33:08 GMT vary Accept-Encoding server LiteSpeed x-powered-by PleskLin
POST H3	200	veri.php Show response xfinitycrypto.com/	0 63 B	134ms 133ms	XHR text/html	157.173.106.252 CONTABO
General Check archive.org Show headers Download Go to Full URL https://xfinitycrypto.com/veri.php?ip= Requested by Host: code.jquery.com URL: https://code.jquery.com/jquery-3.6.0.min.js Protocol H3 Security QUIC, , AES_128_GCM Server 157.173.106.252 , United Kingdom, ASN51167 (CONTABO, DE), Reverse DNS vmi2137883.contaboserver.net Software LiteSpeed / PHP/7.0.33, PleskLin Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer https://xfinitycrypto.com/ X-Requested-With XMLHttpRequest User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Accept / Response headers content-length 0 date Tue, 24 Sep 2024 23:01:31 GMT content-type text/html; charset=UTF-8 x-powered-by PHP/7.0.33, PleskLin server LiteSpeed
POST		veri.php xfinitycrypto.com/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: xfinitycrypto.com
URL: https://xfinitycrypto.com/veri.php?ip=

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Xfinity (Consumer)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery function| gonder function| togglePassword

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			xfinitycrypto.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: 39gfnki35cmp0qd8181bgojo61

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://xfinitycrypto.com/static/resi/dist/prism-ui/prism-ui-f31ef7f.css Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.comcast.com
code.jquery.com
static.cimcontent.net
xfinitycrypto.com
xfinitycrypto.com
157.173.106.252
2a02:26f0:3500:582::2af2
2a02:26f0:e300:18a::30d4
2a04:4e42:200::649
072abf32e05eccea6ffbc53888a3ab267116baeca5f02b7d4aa25956e9318aa4
15334e1a1a24d9f0f0a3daaedc6f438e3bdd6ef11d7fefb7d37e3208094c7089
2295be302793d2f42405a98e28fabc5b59b592326bc91f34bce7c7d170542bf5
340c4a9903e44f5cee84d1868edeeb80b50b70bb28da93a69fff90050fedb6d2
3b10e3a8806a574c2d4df2429d96881b0734a05913b88dd748674018861278b6
40aefc09f33205666c2c42f20d54285147ae9434ef5f8018481950fd67ddcb68
4139b1e543d66e9fb6dbf7a7eefef0a885df8bd1abcc420b425bf09133b212cc
429f2467a85f164f6b31fbc138d607ad503a83925babd7508996b184e91749e5
44e0fc67298d6784f10f9cebec5a0656af66c9567f6ad000a64ecd60466aed79
4b89e9bc8788ed4548ddde508c673ecd68ebce800f378d2a051c0c7f36fd2111
5dfc2f8c0c3b15a1cae760f5705395396f219ffb11b54732dc04a4d61e61bbdb
69420c9db91c689c4ea04655f57a0bcea09b71003f21cd5e56afa71b80f049f0
79165f8be5688d485cc06e84fe3f6b22c50179d09f1c4a648b25e4aff493d4b5
96db8a772f2b325f667c4e08bc67d3f2af39d3725f61c4bab36b86540d3f0935
aa050de8862f7eaa8ea290eb9612bf949d6a2c8a6ea60ce60df5af3697c89a7d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ee78ee0062aa12abe7332410786d04dd04b0a29acc9665dc42083a522e6b51f0
f6ea410bbc67ad53752bf791cc29b496431a30c87030fe800df75128e113bc41
f7473097e7aab6b9e3c9f55278543eb5921235a7c08625d5389e83f5890dd21f
fb4952c9fc3a6cd968668bf23a97450563a1605a4950ac64142499a3ff725cce
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

xfinitycrypto.com Open in urlscan Pro 157.173.106.252 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

25 Requests

96 %HTTPS

75 %IPv6

4 Domains

4 Subdomains

5 IPs

4 Countries

300 kBTransfer

726 kBSize

1 Cookies

5 Outgoing links

Redirected requests

25 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

1 Cookies

1 Console Messages

Indicators

xfinitycrypto.com Open in urlscan Pro
157.173.106.252 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

25
Requests

96 %
HTTPS

75 %
IPv6

4
Domains

4
Subdomains

5
IPs

4
Countries

300 kB
Transfer

726 kB
Size

1
Cookies

25 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!