cafcachoeiro.com.br Open in urlscan Pro
50.116.87.174 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://cafcachoeiro.com.br/webxfinity/web/web/login.php?web/auth/signon
Effective URL:
https://cafcachoeiro.com.br/webxfinity/web/web/login.php?web/auth/signon
Submission: On June 25 via api (June 25th 2024, 6:27:51 pm UTC) from US — Scanned from DE

Summary HTTP 11 Redirects Links 8 Behaviour Indicators

Summary

This website contacted 5 IPs in 3 countries across 4 domains to perform 11 HTTP transactions. The main IP is 50.116.87.174, located in United States and belongs to NETWORK-SOLUTIONS-HOSTING, US. The main domain is cafcachoeiro.com.br.
TLS certificate: Issued by R3 on June 3rd 2024. Valid for: 3 months.

This is the only time cafcachoeiro.com.br was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Xfinity (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
5	50.116.87.174 50.116.87.174	19871 (NETWORK-S...) (NETWORK-SOLUTIONS-HOSTING)
1	63.34.25.224 63.34.25.224	16509 (AMAZON-02) (AMAZON-02)
3	2a02:26f0:310... 2a02:26f0:3100::1725:e260	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a02:26f0:310... 2a02:26f0:3100:794::30d4	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
11	5

5 50.116.87.174 (United States)

ASN19871 (NETWORK-SOLUTIONS-HOSTING, US)
PTR: 50-116-87-174.unifiedlayer.com

cafcachoeiro.com.br	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 63.34.25.224 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-63-34-25-224.eu-west-1.compute.amazonaws.com

comcast.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:26f0:3100::1725:e260 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

login.xfinity.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:3100:794::30d4 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

static.cimcontent.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	cafcachoeiro.com.br cafcachoeiro.com.br	70 KB
3	xfinity.com login.xfinity.com — Cisco Umbrella Rank: 31594	3 KB
2	cimcontent.net static.cimcontent.net — Cisco Umbrella Rank: 31981	114 KB
1	demdex.net comcast.demdex.net — Cisco Umbrella Rank: 8489
11	4

	Domain	Requested by
5	cafcachoeiro.com.br	cafcachoeiro.com.br
3	login.xfinity.com	cafcachoeiro.com.br
2	static.cimcontent.net	cafcachoeiro.com.br
1	comcast.demdex.net	cafcachoeiro.com.br
11	4

This site contains links to these domains. Also see Links.

Domain
my.xfinity.com
xfinity.comcast.net
customer.xfinity.com
idm.xfinity.com
www.xfinity.com

Subject Issuer	Validity	Valid
cafcachoeiro.com.br R3	`2024-06-03` - `2024-09-01`	3 months	crt.sh
*.demdex.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-26` - `2024-10-26`	a year	crt.sh
login.xfinity.com COMODO RSA Organization Validation Secure Server CA	`2023-10-18` - `2024-10-17`	a year	crt.sh
static.cimcontent.net COMODO RSA Organization Validation Secure Server CA	`2024-03-19` - `2025-03-19`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://cafcachoeiro.com.br/webxfinity/web/web/login.php?web/auth/signon
Frame ID: A9C5102893F5BA71A1CFC4C29986AB7C
Requests: 11 HTTP requests in this frame

Frame: https://comcast.demdex.net/dest5.html?d_nsid=0
Frame ID: E3F430D275CD81E5FC1CE38BD2D9A043
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sign in to Xfinity

Page URL History Show full URLs

http://cafcachoeiro.com.br/webxfinity/web/web/login.php?web/auth/signon HTTP 307
https://cafcachoeiro.com.br/webxfinity/web/web/login.php?web/auth/signon Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

11
Requests

100 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

5
IPs

3
Countries

188 kB
Transfer

450 kB
Size

1
Cookies

8 Outgoing links

These are links going to different origins than the main page.

URL: http://my.xfinity.com/terms/web/
Title: Terms of Service

Search URL Search Domain Scan URL

URL: http://xfinity.comcast.net/privacy/
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://customer.xfinity.com/lite
Title: Pay any balance without signing in

Search URL Search Domain Scan URL

URL: https://idm.xfinity.com/myaccount/lookup?continue=https%3A%2F%2Flogin.xfinity.com%2Flogin%3FselectAccount%3Dfalse%26ipAddrAuthn%3Dfalse%26passive%3Dfalse%26client_id%3Dres_beta%26reqId%3Df7aea335-4622-495e-85aa-adc25eb417d6%26r%3Dcomcast.net%26s%3Doauth%26deviceAuthn%3Dfalse%26continue%3Dhttps%253A%252F%252Foauth.xfinity.com%252Foauth%252Fauthorize%253Fclient_id%253Dres_beta%2526response_type%253Dcode%2526redirect_uri%253Dhttps%253A%252F%252Fconnect.xfinity.com%252Fappsuite%252Fapi%252Fcomcast%252Fopenid%2526scope%253Durn%253Acsp%253Ascope%253Aself-help%253Aaccount%252520prefmgr%253Aadoptout%253Arendpoint%252520openid%252520email%252520profile%252520address%252520phone%2526state%253DeyJmYWlsdXJlQ291bnQiOjAsInR6T2Zmc2V0IjoiLTIxNjAwMDAwIiwidWlTdGF0ZSI6e319%2526response%253D1%26forceAuthn%3D0%26lang%3Den%26rm%3D2%26ui_style%3Dlight&lang=en&ui_style=light
Title: Find your Xfinity ID

Search URL Search Domain Scan URL

URL: https://idm.xfinity.com/myaccount/create-uid?continue=https%3A%2F%2Flogin.xfinity.com%2Flogin%3FselectAccount%3Dfalse%26ipAddrAuthn%3Dfalse%26passive%3Dfalse%26client_id%3Dres_beta%26reqId%3Df7aea335-4622-495e-85aa-adc25eb417d6%26r%3Dcomcast.net%26s%3Doauth%26deviceAuthn%3Dfalse%26continue%3Dhttps%253A%252F%252Foauth.xfinity.com%252Foauth%252Fauthorize%253Fclient_id%253Dres_beta%2526response_type%253Dcode%2526redirect_uri%253Dhttps%253A%252F%252Fconnect.xfinity.com%252Fappsuite%252Fapi%252Fcomcast%252Fopenid%2526scope%253Durn%253Acsp%253Ascope%253Aself-help%253Aaccount%252520prefmgr%253Aadoptout%253Arendpoint%252520openid%252520email%252520profile%252520address%252520phone%2526state%253DeyJmYWlsdXJlQ291bnQiOjAsInR6T2Zmc2V0IjoiLTIxNjAwMDAwIiwidWlTdGF0ZSI6e319%2526response%253D1%26forceAuthn%3D0%26lang%3Den%26rm%3D2%26ui_style%3Dlight&lang=en&ui_style=light
Title: Create a new Xfinity ID

Search URL Search Domain Scan URL

URL: https://www.xfinity.com/privacy/policy/staterights#california
Title: CA Notice at collection

Search URL Search Domain Scan URL

URL: https://www.xfinity.com/privacy/manage-preference
Title: Your privacy choices

Search URL Search Domain Scan URL

URL: https://my.xfinity.com/adinformation
Title: Ad choices

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://cafcachoeiro.com.br/webxfinity/web/web/login.php?web/auth/signon HTTP 307
https://cafcachoeiro.com.br/webxfinity/web/web/login.php?web/auth/signon Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request login.php Show response
cafcachoeiro.com.br/webxfinity/web/web/
Redirect Chain

http://cafcachoeiro.com.br/webxfinity/web/web/login.php?web/auth/signon
https://cafcachoeiro.com.br/webxfinity/web/web/login.php?web/auth/signon

100 KB
20 KB

756ms
252ms

Document
text/html

50.116.87.174
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://cafcachoeiro.com.br/webxfinity/web/web/login.php?web/auth/signon
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 50.116.87.174 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 50-116-87-174.unifiedlayer.com
Software: Apache /
Resource Hash: 561e15731f3e9d31d5f388820b5da6abf0ecbf6d1417010687a12326ccf68391

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Tue, 25 Jun 2024 18:27:45 GMT
server: Apache
vary: Accept-Encoding

Redirect headers

Location: https://cafcachoeiro.com.br/webxfinity/web/web/login.php?web/auth/signon
Non-Authoritative-Reason: HttpsUpgrades

GET
H2 200 prism-ui-293ba77.css
cafcachoeiro.com.br/webxfinity/web/web/assets/css/ 66 KB
14 KB 146ms
144ms Stylesheet
text/css 50.116.87.174
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://cafcachoeiro.com.br/webxfinity/web/web/assets/css/prism-ui-293ba77.css
Requested by: Host: cafcachoeiro.com.br
URL: https://cafcachoeiro.com.br/webxfinity/web/web/login.php?web/auth/signon
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 50.116.87.174 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 50-116-87-174.unifiedlayer.com
Software: Apache /
Resource Hash: 4d0d01d5e95e4904e89cab34bc4439558f20e3de3677990f53f8885508c71afd

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://cafcachoeiro.com.br/webxfinity/web/web/login.php?web/auth/signon
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 25 Jun 2024 18:27:46 GMT
content-encoding: gzip
last-modified: Thu, 02 Feb 2023 19:48:36 GMT
server: Apache
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
content-length: 13791

GET
H2 200 bundle-293ba77.css
cafcachoeiro.com.br/webxfinity/web/web/assets/css/ 102 KB
21 KB 274ms
273ms Stylesheet
text/css 50.116.87.174
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://cafcachoeiro.com.br/webxfinity/web/web/assets/css/bundle-293ba77.css
Requested by: Host: cafcachoeiro.com.br
URL: https://cafcachoeiro.com.br/webxfinity/web/web/login.php?web/auth/signon
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 50.116.87.174 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 50-116-87-174.unifiedlayer.com
Software: Apache /
Resource Hash: 2487c2c6fd05c1b6c7603b8656ec5658cfb6dca89d363d7f9f27dc598ab4b1f5

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://cafcachoeiro.com.br/webxfinity/web/web/login.php?web/auth/signon
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 25 Jun 2024 18:27:46 GMT
content-encoding: gzip
last-modified: Thu, 02 Feb 2023 20:02:14 GMT
server: Apache
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/css

GET
H2 200 cookie-consent.css
cafcachoeiro.com.br/webxfinity/web/web/assets/css/ 54 KB
16 KB 144ms
143ms Stylesheet
text/css 50.116.87.174
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://cafcachoeiro.com.br/webxfinity/web/web/assets/css/cookie-consent.css
Requested by: Host: cafcachoeiro.com.br
URL: https://cafcachoeiro.com.br/webxfinity/web/web/login.php?web/auth/signon
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 50.116.87.174 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 50-116-87-174.unifiedlayer.com
Software: Apache /
Resource Hash: 1db596d64a139ee0b14e98dfe183c8cb7e7ef5e528649b3f51991a8bc42eab7f

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://cafcachoeiro.com.br/webxfinity/web/web/login.php?web/auth/signon
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 25 Jun 2024 18:27:46 GMT
content-encoding: gzip
last-modified: Thu, 02 Feb 2023 19:48:36 GMT
server: Apache
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
content-length: 16226

GET
H2 200 vm-login-form-ad-293ba77.js Show response
cafcachoeiro.com.br/webxfinity/web/web/Sign%20in%20to%20Xfinity_files/ 0
17 B 265ms
264ms Script
text/html 50.116.87.174
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://cafcachoeiro.com.br/webxfinity/web/web/Sign%20in%20to%20Xfinity_files/vm-login-form-ad-293ba77.js
Requested by: Host: cafcachoeiro.com.br
URL: https://cafcachoeiro.com.br/webxfinity/web/web/login.php?web/auth/signon
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 50.116.87.174 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 50-116-87-174.unifiedlayer.com
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://cafcachoeiro.com.br/webxfinity/web/web/login.php?web/auth/signon
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 25 Jun 2024 18:27:46 GMT
server: Apache
content-length: 0
content-type: text/html; charset=UTF-8

GET
H2 200 dest5.html
comcast.demdex.net/ Frame E3F4 0
0 313ms
49ms Document
text/html 63.34.25.224
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://comcast.demdex.net/dest5.html?d_nsid=0

Requested by

Host: cafcachoeiro.com.br
URL: https://cafcachoeiro.com.br/webxfinity/web/web/login.php?web/auth/signon

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.34.25.224 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-63-34-25-224.eu-west-1.compute.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://cafcachoeiro.com.br/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

accept-ranges: bytes
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
content-type: text/html;charset=UTF-8
date: Tue, 25 Jun 2024 18:27:46 GMT
dcs: dcs-prod-irl1-1-v061-0c54dbee3.edge-irl1.demdex.com 0 ms
expires: Thu, 01 Jan 1970 00:00:00 UTC
last-modified: Thu, 9 May 2024 11:54:45 GMT
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains
vary: accept-encoding
x-tid: c2F0r8SMSLk=

GET
H2 200 xfinity-logo-grey.svg
login.xfinity.com/static/images/global/ 939 B
1 KB 944ms
638ms Image
image/svg+xml 2a02:26f0:3100::1725:e260
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://login.xfinity.com/static/images/global/xfinity-logo-grey.svg

Requested by

Host: cafcachoeiro.com.br
URL: https://cafcachoeiro.com.br/webxfinity/web/web/assets/css/bundle-293ba77.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3100::1725:e260 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

15334e1a1a24d9f0f0a3daaedc6f438e3bdd6ef11d7fefb7d37e3208094c7089

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://cafcachoeiro.com.br/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
date: Tue, 25 Jun 2024 18:27:47 GMT
last-modified: Tue, 25 Jun 2024 12:37:04 GMT
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 539
expires: Tue, 25 Jun 2024 18:27:47 GMT

GET
H2 200 xfinity-logo-black.svg
login.xfinity.com/static/images/global/ 939 B
1 KB 927ms
625ms Image
image/svg+xml 2a02:26f0:3100::1725:e260
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://login.xfinity.com/static/images/global/xfinity-logo-black.svg

Requested by

Host: cafcachoeiro.com.br
URL: https://cafcachoeiro.com.br/webxfinity/web/web/assets/css/bundle-293ba77.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3100::1725:e260 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

f831f28eea507b3e762cc59806bb6c8b6f2101cbf56f4689981055d77a7bffb5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://cafcachoeiro.com.br/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
date: Tue, 25 Jun 2024 18:27:47 GMT
last-modified: Tue, 25 Jun 2024 12:37:04 GMT
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 536
expires: Tue, 25 Jun 2024 18:27:47 GMT

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ebec0a242eb62dac37ad10740e7797b748ff93103796ed6509414a751ce86820

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 dmsans-regular.woff2
static.cimcontent.net/common-web-assets/fonts/dm-sans/ 29 KB
30 KB 351ms
51ms Font
binary/octet-stream 2a02:26f0:3100:794::30d4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cimcontent.net/common-web-assets/fonts/dm-sans/dmsans-regular.woff2
Requested by: Host: cafcachoeiro.com.br
URL: https://cafcachoeiro.com.br/webxfinity/web/web/assets/css/prism-ui-293ba77.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3100:794::30d4 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 40aefc09f33205666c2c42f20d54285147ae9434ef5f8018481950fd67ddcb68

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://cafcachoeiro.com.br/
Origin: https://cafcachoeiro.com.br
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: LTrIZt0ZiG46W6fMSET6X5_wAZOXYp7t
date: Tue, 25 Jun 2024 18:27:46 GMT
last-modified: Wed, 31 Jan 2024 22:21:43 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P7
etag: "b9d5e5cad821648da76e2fedb6c6a680"
x-amz-server-side-encryption: AES256
content-type: binary/octet-stream
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 29920
x-amz-cf-id: 8wtRUUeuat7QJ01P1kZCb6x__DMMyCZLTyTTBfQDRou6ZBCrOgWvYA==

GET
H2 200 xfinitybrown-regular.woff2
static.cimcontent.net/common-web-assets/fonts/xfinity-brown-optimized/ 84 KB
85 KB 352ms
52ms Font
binary/octet-stream 2a02:26f0:3100:794::30d4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cimcontent.net/common-web-assets/fonts/xfinity-brown-optimized/xfinitybrown-regular.woff2
Requested by: Host: cafcachoeiro.com.br
URL: https://cafcachoeiro.com.br/webxfinity/web/web/assets/css/cookie-consent.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3100:794::30d4 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ac7ab1854db99c8278486132a7cef4a5d4f2992fd59488d02b4a5c5a071407d0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://cafcachoeiro.com.br/
Origin: https://cafcachoeiro.com.br
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: 1EnCam0i4AF_AVFEuJPL8NEPaMZpwTgK
date: Tue, 25 Jun 2024 18:27:46 GMT
last-modified: Wed, 20 Sep 2023 04:13:24 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P8
etag: "7852867d778f90102ccdec973b475759"
x-amz-server-side-encryption: AES256
content-type: binary/octet-stream
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 86524
x-amz-cf-id: ORtIMqORcPYIIAaDtup6wXdUsvLkjn1XGg6Iw9pzenUPVSfZtAZxxQ==

GET
H2 200 favicon.ico
login.xfinity.com/static/images/favicon/ 11 KB
1 KB 73ms
73ms Other
image/x-icon 2a02:26f0:3100::1725:e260
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://login.xfinity.com/static/images/favicon/favicon.ico

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3100::1725:e260 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

aa050de8862f7eaa8ea290eb9612bf949d6a2c8a6ea60ce60df5af3697c89a7d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://cafcachoeiro.com.br/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
date: Tue, 25 Jun 2024 18:27:47 GMT
last-modified: Tue, 25 Jun 2024 12:37:04 GMT
vary: Accept-Encoding
content-type: image/x-icon
accept-ranges: bytes
content-length: 998

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Xfinity (Consumer)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 undefined| event object| fence object| sharedStorage

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			login.xfinity.com/	1970-01-20 21:45:44	Name: AWSALBCORS Value: wdSmdUCFo53NYVdoYVnQvw76grctDNeyCgyrO2Kc6B3v0zYHRiPhq5FzdI/HsuNaWvRXtLz2ZrzxT3Yu0zBx9kULDCAjwncV0Mqm02t+DsNIw9m5WzAqLB9KEVmR

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cafcachoeiro.com.br
comcast.demdex.net
login.xfinity.com
static.cimcontent.net
2a02:26f0:3100:794::30d4
2a02:26f0:3100::1725:e260
50.116.87.174
63.34.25.224
15334e1a1a24d9f0f0a3daaedc6f438e3bdd6ef11d7fefb7d37e3208094c7089
1db596d64a139ee0b14e98dfe183c8cb7e7ef5e528649b3f51991a8bc42eab7f
2487c2c6fd05c1b6c7603b8656ec5658cfb6dca89d363d7f9f27dc598ab4b1f5
40aefc09f33205666c2c42f20d54285147ae9434ef5f8018481950fd67ddcb68
4d0d01d5e95e4904e89cab34bc4439558f20e3de3677990f53f8885508c71afd
561e15731f3e9d31d5f388820b5da6abf0ecbf6d1417010687a12326ccf68391
aa050de8862f7eaa8ea290eb9612bf949d6a2c8a6ea60ce60df5af3697c89a7d
ac7ab1854db99c8278486132a7cef4a5d4f2992fd59488d02b4a5c5a071407d0
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ebec0a242eb62dac37ad10740e7797b748ff93103796ed6509414a751ce86820
f831f28eea507b3e762cc59806bb6c8b6f2101cbf56f4689981055d77a7bffb5

cafcachoeiro.com.br Open in urlscan Pro 50.116.87.174 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

11 Requests

100 %HTTPS

50 %IPv6

4 Domains

4 Subdomains

5 IPs

3 Countries

188 kBTransfer

450 kBSize

1 Cookies

8 Outgoing links

Page URL History

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

1 Cookies

Indicators

cafcachoeiro.com.br Open in urlscan Pro
50.116.87.174 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

100 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

5
IPs

3
Countries

188 kB
Transfer

450 kB
Size

1
Cookies

11 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!