guitosa.com
Open in
urlscan Pro
162.241.62.191
Malicious Activity!
Public Scan
URL:
https://guitosa.com/acccccc/Sign%20in%20to%20Xfinity.htm
Submission: On September 08 via automatic, source phishtank — Scanned from DE
Submission: On September 08 via automatic, source phishtank — Scanned from DE
Summary
This website contacted 4 IPs
in 3 countries
across 3 domains to perform 12 HTTP transactions.
The main IP is 162.241.62.191, located in
United States and
belongs to NETWORK-SOLUTIONS-HOSTING, US.
The main domain is guitosa.com.
TLS certificate: Issued by R10 on September 1st 2024. Valid for: 3 months.
This is the only time guitosa.com was scanned on urlscan.io!
TLS certificate: Issued by R10 on September 1st 2024. Valid for: 3 months.
This is the only time guitosa.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Xfinity (Consumer)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 5 | 162.241.62.191 162.241.62.191 | 19871 (NETWORK-S...) (NETWORK-SOLUTIONS-HOSTING) | |
| 3 | 2a02:26f0:480... 2a02:26f0:480:36::212:4021 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
| 4 | 2a02:26f0:e30... 2a02:26f0:e300:184::30d4 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
| 12 | 4 |
5
162.241.62.191
(United States)
ASN19871 (NETWORK-SOLUTIONS-HOSTING, US)
PTR: 162-241-62-191.unifiedlayer.com
ASN19871 (NETWORK-SOLUTIONS-HOSTING, US)
PTR: 162-241-62-191.unifiedlayer.com
| guitosa.com |
3
2a02:26f0:480:36::212:4021
(Frankfurt am Main, Germany)
ASN20940 (AKAMAI-ASN1, NL)
ASN20940 (AKAMAI-ASN1, NL)
| login.xfinity.com |
4
2a02:26f0:e300:184::30d4
(Prague, Czech Republic)
ASN20940 (AKAMAI-ASN1, NL)
ASN20940 (AKAMAI-ASN1, NL)
| static.cimcontent.net |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 5 |
guitosa.com
guitosa.com |
71 KB |
| 4 |
cimcontent.net
static.cimcontent.net — Cisco Umbrella Rank: 38344 |
173 KB |
| 3 |
xfinity.com
login.xfinity.com — Cisco Umbrella Rank: 42020 |
3 KB |
| 12 | 3 |
| Domain | Requested by | |
|---|---|---|
| 5 | guitosa.com |
guitosa.com
|
| 4 | static.cimcontent.net |
guitosa.com
|
| 3 | login.xfinity.com |
guitosa.com
|
| 12 | 3 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| my.xfinity.com |
| xfinity.comcast.net |
| domicomsolutions.co.ke |
| www.xfinity.com |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| *.guitosa.com R10 |
2024-09-01 - 2024-11-30 |
3 months | crt.sh |
| login.xfinity.com COMODO RSA Organization Validation Secure Server CA |
2023-10-18 - 2024-10-17 |
a year | crt.sh |
| static.cimcontent.net COMODO RSA Organization Validation Secure Server CA |
2024-03-19 - 2025-03-19 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://guitosa.com/acccccc/Sign%20in%20to%20Xfinity.htm
Frame ID: BC33649FEF7ECDB26706B1A7409C77ED
Requests: 13 HTTP requests in this frame
6 Outgoing links
These are links going to different origins than the main page.
URL: http://my.xfinity.com/terms/web/
Title: Terms of Service
Title: Terms of Service
Search URL Search Domain Scan URL
URL: http://xfinity.comcast.net/privacy/
Title: Privacy Policy
Title: Privacy Policy
Search URL Search Domain Scan URL
URL: https://domicomsolutions.co.ke/comf/Sign%20in%20to%20Xfinity.htm
Title: Find your Xfinity ID
Title: Find your Xfinity ID
Search URL Search Domain Scan URL
URL: https://www.xfinity.com/privacy/policy/staterights#california
Title: CA Notice at collection
Title: CA Notice at collection
Search URL Search Domain Scan URL
URL: https://www.xfinity.com/privacy/manage-preference
Title: Your privacy choices
Title: Your privacy choices
Search URL Search Domain Scan URL
URL: https://my.xfinity.com/adinformation
Title: Ad choices
Title: Ad choices
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
12 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
Primary Request
Sign%20in%20to%20Xfinity.htm
guitosa.com/acccccc/ |
108 KB 20 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
comcast-common.js
guitosa.com/acccccc/Sign%20in%20to%20Xfinity_files/ |
746 B 511 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
prism-ui-293ba77.css
guitosa.com/acccccc/Sign%20in%20to%20Xfinity_files/ |
66 KB 14 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
bundle-293ba77.css
guitosa.com/acccccc/Sign%20in%20to%20Xfinity_files/ |
102 KB 21 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
cookie-consent.css
guitosa.com/acccccc/Sign%20in%20to%20Xfinity_files/ |
54 KB 16 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
xfinity-logo-grey.svg
login.xfinity.com/static/images/global/ |
939 B 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
xfinity-logo-black.svg
login.xfinity.com/static/images/global/ |
939 B 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
dmsans-medium.woff2
static.cimcontent.net/common-web-assets/fonts/dm-sans/ |
29 KB 29 KB |
Font
binary/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
dmsans-regular.woff2
static.cimcontent.net/common-web-assets/fonts/dm-sans/ |
29 KB 30 KB |
Font
binary/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
xfinitybrown-regular.woff2
static.cimcontent.net/common-web-assets/fonts/xfinity-brown-optimized/ |
84 KB 85 KB |
Font
binary/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
dmsans-bold.woff2
static.cimcontent.net/common-web-assets/fonts/dm-sans/ |
29 KB 29 KB |
Font
binary/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
favicon.ico
login.xfinity.com/static/images/favicon/ |
11 KB 1 KB |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Xfinity (Consumer)0 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| login.xfinity.com/ | Name: AWSALBCORS Value: USTN4s0lJg/q5sSyQVmpnPhSfwDJ9j6p4E8zI7KKUgwF9ikLH0/uq/LdElU1WBYfZpEO5FgnnkfKXB/P+9cM9oYcfgM5dN5bUc4ch4RPZHZlaSK7Y2V71RWSOrkd |
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
| Source | Level | URL Text |
|---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
guitosa.com
login.xfinity.com
static.cimcontent.net
162.241.62.191
2a02:26f0:480:36::212:4021
2a02:26f0:e300:184::30d4
15334e1a1a24d9f0f0a3daaedc6f438e3bdd6ef11d7fefb7d37e3208094c7089
1db596d64a139ee0b14e98dfe183c8cb7e7ef5e528649b3f51991a8bc42eab7f
2487c2c6fd05c1b6c7603b8656ec5658cfb6dca89d363d7f9f27dc598ab4b1f5
2bdd0c16c9d9178d8583b9c70f6db8d9c0d3417a11b9a0c6c3525c900d1cee5e
40aefc09f33205666c2c42f20d54285147ae9434ef5f8018481950fd67ddcb68
4d0d01d5e95e4904e89cab34bc4439558f20e3de3677990f53f8885508c71afd
63c52aa99ca361b59a27e7f51fe5fadffef99e671f8b4f9560fab204219e0666
aa050de8862f7eaa8ea290eb9612bf949d6a2c8a6ea60ce60df5af3697c89a7d
ac7ab1854db99c8278486132a7cef4a5d4f2992fd59488d02b4a5c5a071407d0
da319dcae9d21873bf2ad8b146767e023772a8f0a4fd7446156b3d61b9c83098
ebec0a242eb62dac37ad10740e7797b748ff93103796ed6509414a751ce86820
f4fc8ea1d0db62d19b2320e0299afe1c60abc0aacb7ba34d4169d56bcc828fe2
f831f28eea507b3e762cc59806bb6c8b6f2101cbf56f4689981055d77a7bffb5