Play interactive tour

Edit tour

Analysis Report https://cmp.cws.xfinity.com/utility/tracking/tracking/ClickedUrl?targetId=77c4595f-da98-411a-a244-4d839d2609af&serverId=c3po&templateId=533c9870-0a68-4a92-8ce3-35a58075180d&targetUrl=https://customer.xfinity.com/Secure/UserSettings/?INTCMP=ILC:MA:UP:GEN56cb762b0345d

Overview

General Information

Joe Sandbox Version:	28.0.0 Lapis Lazuli
Analysis ID:	225998
Start date:	28.04.2020
Start time:	18:47:32
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 5m 40s
Hypervisor based Inspection enabled:	false
Report type:	light
Cookbook file name:	browseurl.jbs
Sample URL:	https://cmp.cws.xfinity.com/utility/tracking/tracking/ClickedUrl?targetId=77c4595f-da98-411a-a244-4d839d2609af&serverId=c3po&templateId=533c9870-0a68-4a92-8ce3-35a58075180d&targetUrl=https://customer.xfinity.com/Secure/UserSettings/?INTCMP=ILC:MA:UP:GEN56cb762b0345d
Analysis system description:	Windows 10 64 bit (version 1803) with Office 2016, Adobe Reader DC 19, Chrome 70, Firefox 63, Java 8.171, Flash 30.0.0.113
Number of analysed new started processes analysed:	5
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@3/231@52/36
Cookbook Comments:	Adjust boot time Enable AMSI Browsing link: https://xfinity.com/prepare Browsing link: https://customer.xfinity.com/lite Browsing link: https://businessclass.comcast.net/?INTCMP=ILC-XfinityCom-MyAccountSigninCTA-BCPSignin01 Browsing link: https://login.xfinity.com/proxy/nucaptcha/help.html?lang=en Browsing link: https://idm.xfinity.com/myaccount/lookup?continue=https%3A%2F%2Flogin.xfinity.com%2Flogin%3FselectAccount%3Dfalse%26ipAddrAuthn%3Dfalse%26passive%3Dfalse%26client_id%3Dmy-account-web%26reqId%3D76ce6366-98dc-492d-8a3c-c5cff05343e3%26r%3Dcomcast.net%26s%3Doauth%26deviceAuthn%3Dfalse%26continue%3Dhttps%253A%252F%252Foauth.xfinity.com%252Foauth%252Fauthorize%253Fclient_id%253Dmy-account-web%2526prompt%253Dlogin%2526redirect_uri%253Dhttps%25253A%25252F%25252Fcustomer.xfinity.com%25252Foauth%25252Fcallback%2526response_type%253Dcode%2526state%253Dhttps%25253A%25252F%25252Fcustomer.xfinity.com%25252Fusers%25252F%2526response%253D1%26forceAuthn%3D1%26lang%3Den%26rm%3D2%26ui_style%3Dlight&lang=en&ui_style=light Browsing link: https://idm.xfinity.com/myaccount/reset?continue=https%3A%2F%2Flogin.xfinity.com%2Flogin%3FselectAccount%3Dfalse%26ipAddrAuthn%3Dfalse%26passive%3Dfalse%26client_id%3Dmy-account-web%26reqId%3D76ce6366-98dc-492d-8a3c-c5cff05343e3%26r%3Dcomcast.net%26s%3Doauth%26deviceAuthn%3Dfalse%26continue%3Dhttps%253A%252F%252Foauth.xfinity.com%252Foauth%252Fauthorize%253Fclient_id%253Dmy-account-web%2526prompt%253Dlogin%2526redirect_uri%253Dhttps%25253A%25252F%25252Fcustomer.xfinity.com%25252Foauth%25252Fcallback%2526response_type%253Dcode%2526state%253Dhttps%25253A%25252F%25252Fcustomer.xfinity.com%25252Fusers%25252F%2526response%253D1%26forceAuthn%3D1%26lang%3Den%26rm%3D2%26ui_style%3Dlight&lang=en&ui_style=light Browsing link: https://idm.xfinity.com/myaccount/create-uid?continue=https%3A%2F%2Flogin.xfinity.com%2Flogin%3FselectAccount%3Dfalse%26ipAddrAuthn%3Dfalse%26passive%3Dfalse%26client_id%3Dmy-account-web%26reqId%3D76ce6366-98dc-492d-8a3c-c5cff05343e3%26r%3Dcomcast.net%26s%3Doauth%26deviceAuthn%3Dfalse%26continue%3Dhttps%253A%252F%252Foauth.xfinity.com%252Foauth%252Fauthorize%253Fclient_id%253Dmy-account-web%2526prompt%253Dlogin%2526redirect_uri%253Dhttps%25253A%25252F%25252Fcustomer.xfinity.com%25252Foauth%25252Fcallback%2526response_type%253Dcode%2526state%253Dhttps%25253A%25252F%25252Fcustomer.xfinity.com%25252Fusers%25252F%2526response%253D1%26forceAuthn%3D1%26lang%3Den%26rm%3D2%26ui_style%3Dlight&lang=en&ui_style=light Browsing link: http://my.xfinity.com/terms/web/ Browsing link: http://xfinity.comcast.net/privacy/ Browsing link: https://www.xfinity.com/privacy/policy Browsing link: http://www.comcast.net/adinformation
Warnings:	Show All Exclude process from analysis (whitelisted): taskhostw.exe, ielowutil.exe, WMIADAP.exe TCP Packets have been reduced to 100 Created / dropped Files have been reduced to 100 Excluded IPs from analysis (whitelisted): 23.73.221.94, 92.123.27.168, 92.123.28.95, 72.247.225.88, 23.36.101.139, 92.123.27.207, 66.117.28.86, 204.79.197.200, 13.107.21.200, 172.217.168.8, 205.185.216.42, 205.185.216.10, 172.217.168.68, 151.101.2.217, 151.101.66.217, 151.101.130.217, 151.101.194.217, 104.86.45.72, 88.221.61.67, 72.247.224.69, 91.199.212.52, 46.228.164.13, 152.199.19.161, 72.21.81.200, 172.217.168.14, 151.101.2.49, 151.101.66.49, 151.101.130.49, 151.101.194.49 Excluded domains from analysis (whitelisted): d.turn.com.akadns.net, cn-assets.adobedtm.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net, e11290.dspg.akamaiedge.net, cdn.comcast.com.edgekey.net, www.google.com, api-traffic01.trafficmanager.net, www.google-analytics.com, customer.xfinity.com.edgekey.net, fs.microsoft.com, dual-a-0001.a-msedge.net, e7010.dscf.akamaiedge.net, cm.everesttech.net.akadns.net, ag-5-split.ag.innovid.com.akadns.net, www.xfinity.com.edgekey.net, cmp-dnd.awsxfinity.akadns.net, e12500.dscb.akamaiedge.net, iperceptions01.azureedge.net, static.cimcontent.net.edgekey.net, crt.comodoca.com, sdx.xfinity.com.edgekey.net, c.bing.com, cs9.wpc.v0cdn.net, h2.shared.global.fastly.net, cds.f7f2q8c3.hwcdn.net, www.googleadservices.com, c-bing-com.a-0001.a-msedge.net, dl-ingest-east1.cws.xfinity.com.edgekey.net, adservice.google.com, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, iecvlist.microsoft.com, e10994.dscg.akamaiedge.net, go.microsoft.com, e10994.dscx.akamaiedge.net, www.googletagmanager.com, bat.bing.com, iperceptions01.ec.azureedge.net, prod.fs.microsoft.com.akadns.net, e11270.b.akamaiedge.net, www-google-analytics.l.google.com, ie9comview.vo.msecnd.net, www-googletagmanager.l.google.com, cmp-dnd-east1.cws.xfinity.com.edgekey.net, e1723.g.akamaiedge.net, k3.shared.global.fastly.net, e11270.dscb.akamaiedge.net, bat-bing-com.a-0001.a-msedge.net, e17029.dscb.akamaiedge.net, e7808.dscg.akamaiedge.net, go.microsoft.com.edgekey.net, dl-ingest-v2.awsxfinity.akadns.net, aws-uk-neb-virg-oh-oreg.ag.innovid.com.akadns.net Report size getting too big, too many NtCreateFile calls found. Report size getting too big, too many NtDeviceIoControlFile calls found.

Detection

Strategy	Score	Range	Reporting	Whitelisted	Detection
Threshold	0	0 - 100		false

Confidence

Strategy	Score	Range	Further Analysis Required?	Confidence
Threshold	4	0 - 5	false

Classification Spiderchart

Analysis Advice

Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Drive-by Compromise1	Graphical User Interface1	Winlogon Helper DLL	Process Injection1	Masquerading1	Credential Dumping	File and Directory Discovery1	Application Deployment Software	Data from Local System	Data Compressed	Standard Cryptographic Protocol2	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Replication Through Removable Media	Service Execution	Port Monitors	Accessibility Features	Process Injection1	Network Sniffing	Application Window Discovery	Remote Services	Data from Removable Media	Exfiltration Over Other Network Medium	Standard Non-Application Layer Protocol1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
External Remote Services	Windows Management Instrumentation	Accessibility Features	Path Interception	Rootkit	Input Capture	Query Registry	Windows Remote Management	Data from Network Shared Drive	Automated Exfiltration	Standard Application Layer Protocol2	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data

Signature Overview

Click to jump to signature section

Phishing:

Found iframes

Show sources

Source: https://login.xfinity.com/login?r=comcast.net&s=oauth&continue=https%3A%2F%2Foauth.xfinity.com%2Foauth%2Fauthorize%3Fclient_id%3Dmy-account-web%26prompt%3Dlogin%26redirect_uri%3Dhttps%253A%252F%252Fcustomer.xfinity.com%252Foauth%252Fcallback%26response_type%3Dcode%26state%3Dhttps%253A%252F%252Fcustomer.xfinity.com%252Fusers%252F%26response%3D1&forceAuthn=1&client_id=my-account-web&reqId=76ce6366-98dc-492d-8a3c-c5cff05343e3

HTTP Parser: Iframe src: https://comcast.demdex.net/dest5.html?d_nsid=0#https%3A%2F%2Flogin.xfinity.com%2Flogin%3Fr%3Dcomcast.net%26s%3Doauth%26continue%3Dhttps%253A%252F%252Foauth.xfinity.com%252Foauth%252Fauthorize%253Fclient_id%253Dmy-account-web%2526prompt%253Dlogin%2526redirect_uri%253Dhttps%25253A%25252F%25252Fcustomer.xfinity.com%25252Foauth%25252Fcallback%2526response_type%253Dcode%2526state%253Dhttps%25253A%25252F%25252Fcustomer.xfinity.com%25252Fusers%25252F%2526response%253D1%26forceAuthn%3D1%26client_id%3Dmy-account-web%26reqId%3D76ce6366-98dc-492d-8a3c-c5cff05343e3

META author tag missing

Show sources

HTTP Parser: No <meta name="author".. found

META copyright tag missing

Show sources

HTTP Parser: No <meta name="copyright".. found

Networking:

Found strings which match to known social media urls

Show sources

Source: prepare[1].htm.2.dr	String found in binary or memory: "itemSubCopy": "<p>To protect the health and safety of our customers and employees, we have temporarily reduced the services available in stores to essential services and are limiting the in-home services provided by our technicians. We are also transitioning many of our call center representatives to work from home. But Xfinity help is always available on your smartphone, in X1, and online.</p><p>Chat with us anytime to get answers to a range of questions through the <a id=\"managing-assistant\" href=\"https://www.xfinity.com/xfinityassistant/\" target=\"_blank\" rel=\"noopener noreferrer\">Xfinity Assistant</a> (also available in the My Account app, the xFi app and Facebook Messenger through the Xfinity Facebook page) or the <a id=\"managing-assistant-mobile\" href=\"https://www.xfinity.com/xfinityassistant/?channel=xMobile\" target=\"_blank\" rel=\"noopener noreferrer\">Xfinity Assistant for Xfinity Mobile</a> (also available in the Xfinity Mobile app).</p><p>We also recommend using our digital tools to manage your services:</p><ul><li><strong>Manage your Xfinity account:</strong> Visit <a href=\"https://emails.xfinity.com/pub/cc?_ri_=X0Gzc2X%3DAQpglLjHJlYQGjP5bzcpeeoqj3hs8Iiw9zcBszfzc7sm5OzgTazdSN2gvBvi35Y8SHEybSDnVXtpKX%3DUTUCAAYY&_ei_=Eg6hiIRZ6IbTRQzpp7EgfWDv5wmb7wtZr_HKt4Y9565l73Y_PqZSaCEhvHs0mzNqB_YnaIJe71CzaNklDYVga24JzcfuVrWYaLyOPgXgODBg_6d9EE-SIGs-ucFcmv4FPCQn5ElXkyVfBuhNLaAvsHCIRzeQMJs8JYwgNJ5jVn-r93mZ1WpzyhqnbUgYnUOmClZ0jM_Ly_LOhPvAKi-sEl0ZGUDJRsCjgUqEm4AhpFcD4kV0QaneN94XDUqRwq1oPBP_d-0m5NSqyT99bQJUYjTFlVpBibM7ys7FRWD3_SXK9Ns1g_YQF5-6x1NiG_OrariqiyhYiSHMvmHCgQbCnHucWd2ncHEI19W1mKvnLcULBos1jE07NgPpIEo4N6Q8ttWYPZdaLbeij2TAC-fyM2yiKon2ZWct169aeVv6hrEN2KpWmYKncAhedxE_vWwY_CJm9Q69iC4eLGvBAGWleGIbnFd-Emxnm82WhPyBW7ZNZ5IrfPeqIU749fs_r7xTmtP7Ak2L0aJHjqJD82JKq_lN4qgDCVgMQMzeUNtzjcsY77w4TqB--ZtVU80bUbHd-5m66OsYBm69d841Kcn8BM.&_di_=snnaq2bckcnb805nrfqft4mvslltsfiimnuukeeiilbi7cslkav0\" target=\"_blank\" rel=\"noopener noreferrer\">My Account</a> online or use the <a href=\"https://www.xfinity.com/manage-my-account\" target=\"_blank\" rel=\"noopener noreferrer\">app</a> to view and pay your bill, change your WiFi name and password, change your Internet speed, check for service outages, explore your TV channel lineup or troubleshoot your Xfinity equipment.</li><li><strong>Manage your Xfinity Mobile account:</strong> <a href=\"https://msapp-mdp-po.sys.comcast.net/f/a/Rr52I5wgyyfPjHvbKjM31A~~/AAAAAQA~/RgRgXDhgP0EIAe88fJAHqe0XWAQAAAAASANVU0VCCgAHYLN5Xg14jG1SFG1hbGlhbndhcmRAZ21haWwuY29tUA1ORy1BVVRPUEFZXzAyUQQAAAABRCBodHRwOi8veGZpbml0eW1vYmlsZS5jb20vYWNjb3VudEeeeyJiaWxsaW5nUXJ5RmxhZyI6IkZBTFNFIiwicmVhbF9pcCI6IjE3Mi4yNC43Ny44IiwiY29tY2FzdF9icmFuZCI6ImNvbWNhc3QiLCJ1c2VyX2lkIjoibW9kZXN0bzAwMiIsImNvbWNhc3RfYmluZGluZyI6InRyYW5zYWN0aW9uYWwiLCJka2ltX3Byb2YiOiJtbzIwMTYwNDI4In0~\" target=\"_blank\" rel=\"noopener noreferrer\">Visit My Account for Xfinity Mobile</a> online or use the <a href=\"https://www.xfin
Source: s-code-contents-b64101550e11e416ccb38a09edfe73cd7cbc27de[1].js.2.dr	String found in binary or memory: C = 0; C < S.length && ((-1 < o.indexOf(S[C] + "=") \|\| -1 < o.indexOf("duckduckgo") \|\| -1 < o.indexOf("googlequicksearchbox") \|\| 0 == o.indexOf("http://www.google.") \|\| 0 == o.indexOf("https://www.google.") \|\| 0 == o.indexOf("https://search.yahoo.com/") \|\| 0 == o.indexOf("http://r.search.yahoo.com") \|\| 0 == o.indexOf("https://www.bing.com")) && (w = 1), equals www.yahoo.com (Yahoo)
Source: satellite-5e78d6ac64746d041a0023ac[1].js.2.dr	String found in binary or memory: var axel=Math.random()+"";var random=axel*10000000000000;var mcvid=_satellite.getVar("AA : MCVID");var NMTApixelSrc="https://d.agkn.com/pixel/10533/?che="+random+"&aauid="+mcvid;var NMTApixel=document.createElement('img');NMTApixel.src=NMTApixelSrc;NMTApixel.width="1";NMTApixel.height="1";NMTApixel.border="0";document.body.appendChild(NMTApixel);_satellite.notify('DTM:Neustar MTA - AGKN Pixel');var FBMTApixelSrc="https://www.facebook.com/tr?id=3570459783026493&ev=PageView&cd[order_id]="+mcvid;var FBMTApixel=document.createElement('img');FBMTApixel.src=FBMTApixelSrc;FBMTApixel.width="1";FBMTApixel.height="1";FBMTApixel.style.display="none";document.body.appendChild(FBMTApixel);_satellite.notify('DTM:Neustar MTA - FB Pixel'); equals www.facebook.com (Facebook)
Source: prepare[1].htm.2.dr	String found in binary or memory: Find tutorials and demos</a></li><li><a rel="nofollow" href="https://www.facebook.com/xfinity">Facebook equals www.facebook.com (Facebook)
Source: msapplication.xml0.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x6639bd8c,0x01d61dc8</date><accdate>0x6639bd8c,0x01d61dc8</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml0.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x6639bd8c,0x01d61dc8</date><accdate>0x663d2a62,0x01d61dc8</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml5.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x6687f8ec,0x01d61dc8</date><accdate>0x6687f8ec,0x01d61dc8</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml5.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x6687f8ec,0x01d61dc8</date><accdate>0x66892a22,0x01d61dc8</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml7.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x66944405,0x01d61dc8</date><accdate>0x66944405,0x01d61dc8</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: msapplication.xml7.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x66944405,0x01d61dc8</date><accdate>0x669620bd,0x01d61dc8</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: s82066471163920[1].js.2.dr	String found in binary or memory: if(s_c_il[1].doPostbacks)s_c_il[1].doPostbacks({"stuff":[{"cn":"fltk","cv":"segID=6804930,segID=1662899","ttl":30,"dmn":""},{"cn":"aam_tnt","cv":"a=1;offsite_aam=1852263,1852183,1898505;aam_segment=939773,1284087,1662899,1898505,2962186","ttl":0,"dmn":"nocookie.com"},{"cn":"aam_sitecore","cv":"1898505=y,2962186=y","ttl":120,"dmn":""}],"uuid":"90059548478155192753293785688670559408","dcs_region":6,"tid":"HQ31/wqHRqw=","ibs":[{"id":"21","ttl":14400,"tag":"img","fireURLSync":0,"syncOnPage":0,"url":["//aa.agkn.com/adscores/g.pixel?sid=9211132908&aam=90059548478155192753293785688670559408"]},{"id":"60","ttl":14400,"tag":"img","fireURLSync":0,"syncOnPage":0,"url":["//idsync.rlcdn.com/365868.gif?partner_uid=90059548478155192753293785688670559408"]},{"id":"411","ttl":10080,"tag":"img","fireURLSync":1,"syncOnPage":1,"url":["//cm.everesttech.net/cm/dd?d_uuid=90059548478155192753293785688670559408"]},{"id":"358","ttl":10080,"tag":"img","fireURLSync":0,"syncOnPage":0,"url":["//ib.adnxs.com/getuid?https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D358%26dpuuid%3D%24UID"]},{"id":"470","ttl":30240,"tag":"img","fireURLSync":0,"syncOnPage":0,"url":["//d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMjM2NTYzMjkvdC8y/url/https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D470%26dpuuid%3D%24!%7BTURN_UUID%7D"]},{"id":"477","ttl":14400,"tag":"img","fireURLSync":0,"syncOnPage":0,"url":["//idsync.rlcdn.com/365868.gif?partner_uid=90059548478155192753293785688670559408"]},{"id":"771","ttl":20160,"tag":"img","fireURLSync":0,"syncOnPage":0,"url":["https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm&gdpr=0&gdpr_consent="]},{"id":"1123","ttl":10080,"tag":"img","fireURLSync":0,"syncOnPage":0,"url":["//analytics.twitter.com/i/adsct?p_user_id=90059548478155192753293785688670559408&p_id=38594"]},{"id":"903","ttl":10080,"tag":"img","fireURLSync":0,"syncOnPage":0,"url":["//match.adsrvr.org/track/cmf/generic?ttd_pid=aam&gdpr=0&gdpr_consent=&ttd_tpi=1"]},{"id":"1957","ttl":10080,"tag":"img","fireURLSync":0,"syncOnPage":0,"url":["https://c.bing.com/c.gif?uid=90059548478155192753293785688670559408&Red3=MSAdobe_pd&gdpr=0&gdpr_consent="]},{"id":"3047","ttl":10080,"tag":"img","fireURLSync":0,"syncOnPage":0,"url":["//servedby.flashtalking.com/map/?key=a74thHgsfK627J6Ftt8sj5ks52bKe&url=https://dpm.demdex.net/ibs:dpid=3047&dpuuid=[%FT_GUID%]"]},{"id":"80742","ttl":10080,"tag":"img","fireURLSync":0,"syncOnPage":0,"url":["//ag.innovid.com/dv/sync?tid=6"]},{"id":"144228","ttl":10080,"tag":"img","fireURLSync":0,"syncOnPage":0,"url":["//sync-tm.everesttech.net/upi/pid/r7ifn0SL?redir=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D782%26dpuuid%3D%24%7BTM_USER_ID%7D"]},{"id":"144229","ttl":10080,"tag":"img","fireURLSync":0,"syncOnPage":0,"url":["//rtd.tubemogul.com/migrate_et3/"]},{"id":"144230","ttl":10080,"tag":"img","fireURLSync":0,"syncOnPage":0,"url":["//sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_push%26google_sc%26google_hm
Source: s82066471163920[1].js.2.dr	String found in binary or memory: if(s_c_il[1].doPostbacks)s_c_il[1].doPostbacks({"stuff":[{"cn":"fltk","cv":"segID=6804930,segID=1662899","ttl":30,"dmn":""},{"cn":"aam_tnt","cv":"a=1;offsite_aam=1852263,1852183,1898505;aam_segment=939773,1284087,1662899,1898505,2962186","ttl":0,"dmn":"nocookie.com"},{"cn":"aam_sitecore","cv":"1898505=y,2962186=y","ttl":120,"dmn":""}],"uuid":"90059548478155192753293785688670559408","dcs_region":6,"tid":"HQ31/wqHRqw=","ibs":[{"id":"21","ttl":14400,"tag":"img","fireURLSync":0,"syncOnPage":0,"url":["//aa.agkn.com/adscores/g.pixel?sid=9211132908&aam=90059548478155192753293785688670559408"]},{"id":"60","ttl":14400,"tag":"img","fireURLSync":0,"syncOnPage":0,"url":["//idsync.rlcdn.com/365868.gif?partner_uid=90059548478155192753293785688670559408"]},{"id":"411","ttl":10080,"tag":"img","fireURLSync":1,"syncOnPage":1,"url":["//cm.everesttech.net/cm/dd?d_uuid=90059548478155192753293785688670559408"]},{"id":"358","ttl":10080,"tag":"img","fireURLSync":0,"syncOnPage":0,"url":["//ib.adnxs.com/getuid?https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D358%26dpuuid%3D%24UID"]},{"id":"470","ttl":30240,"tag":"img","fireURLSync":0,"syncOnPage":0,"url":["//d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMjM2NTYzMjkvdC8y/url/https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D470%26dpuuid%3D%24!%7BTURN_UUID%7D"]},{"id":"477","ttl":14400,"tag":"img","fireURLSync":0,"syncOnPage":0,"url":["//idsync.rlcdn.com/365868.gif?partner_uid=90059548478155192753293785688670559408"]},{"id":"771","ttl":20160,"tag":"img","fireURLSync":0,"syncOnPage":0,"url":["https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm&gdpr=0&gdpr_consent="]},{"id":"1123","ttl":10080,"tag":"img","fireURLSync":0,"syncOnPage":0,"url":["//analytics.twitter.com/i/adsct?p_user_id=90059548478155192753293785688670559408&p_id=38594"]},{"id":"903","ttl":10080,"tag":"img","fireURLSync":0,"syncOnPage":0,"url":["//match.adsrvr.org/track/cmf/generic?ttd_pid=aam&gdpr=0&gdpr_consent=&ttd_tpi=1"]},{"id":"1957","ttl":10080,"tag":"img","fireURLSync":0,"syncOnPage":0,"url":["https://c.bing.com/c.gif?uid=90059548478155192753293785688670559408&Red3=MSAdobe_pd&gdpr=0&gdpr_consent="]},{"id":"3047","ttl":10080,"tag":"img","fireURLSync":0,"syncOnPage":0,"url":["//servedby.flashtalking.com/map/?key=a74thHgsfK627J6Ftt8sj5ks52bKe&url=https://dpm.demdex.net/ibs:dpid=3047&dpuuid=[%FT_GUID%]"]},{"id":"80742","ttl":10080,"tag":"img","fireURLSync":0,"syncOnPage":0,"url":["//ag.innovid.com/dv/sync?tid=6"]},{"id":"144228","ttl":10080,"tag":"img","fireURLSync":0,"syncOnPage":0,"url":["//sync-tm.everesttech.net/upi/pid/r7ifn0SL?redir=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D782%26dpuuid%3D%24%7BTM_USER_ID%7D"]},{"id":"144229","ttl":10080,"tag":"img","fireURLSync":0,"syncOnPage":0,"url":["//rtd.tubemogul.com/migrate_et3/"]},{"id":"144230","ttl":10080,"tag":"img","fireURLSync":0,"syncOnPage":0,"url":["//sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_push%26google_sc%26google_hm
Source: s-code-contents-b64101550e11e416ccb38a09edfe73cd7cbc27de[1].js.2.dr	String found in binary or memory: s.seList = "google.,googlesyndication.com,.googleadservices.com\|q,as_q\|Google>bing.com\|q\|Bing>yahoo.com,yahoo.co.jp\|p,va\|Yahoo!>ask.jp,ask.co\|q,ask\|Ask>search.aol.,suche.aolsvc.de\|q,query\|AOL>altavista.co,altavista.de\|q,r\|AltaVista>.mywebsearch.com\|searchfor\|MyWebSearch>webcrawler.com\|q\|WebCrawler>wow.com\|q\|Wow>infospace.com\|q\|InfoSpace>blekko.com\|q\|Blekko>dogpile.com\|q\|DogPile>alhea.com\|q\|Alhea>duckduckgo.com\|q\|DuckDuckGo>info.com\|qkw\|Info.com>contenko.com\|q\|Contenko>baidu.com\|word,wd\|Baidu>daum.net,search.daum.net\|q\|Daum>icqit.com\|q\|icq>myway.com\|searchfor\|MyWay.com>naver.com,search.naver.com\|query\|Naver>netscape.com\|query,search\|Netscape Search>reference.com\|q\|Reference.com>seznam\|w\|Seznam.cz>abcsok.no\|q\|Startsiden>tiscali.it,www.tiscali.co.uk\|key,query\|Tiscali>virgilio.it\|qs\|Virgilio>yandex\|text\|Yandex.ru>optimum.net\|q\|Optimum Search>search.earthlink.net\|q\|Earthlink>search.comcast.net\|q\|Comcast>libero.it\|query\|libero.it>excite.co\|search\|Excite>mail.ru\|q\|Mail.ru>isearch.avg.com\|q\|AVG>msn.com\|q\|MSN>seznam.cz\|q\|seznam.cz>so.com\|q\|so.com>ixquick.com\|query\|ixquick.com>sogou.com\|query\|sogou.com>360.cn\|q\|360.cn", equals www.yahoo.com (Yahoo)

Performs DNS lookups

Show sources

Source: unknown

DNS traffic detected: queries for: cmp.cws.xfinity.com

Urls found in memory or binary data

Show sources

Source: prepare[1].htm.2.dr, policy[1].htm.2.dr	String found in binary or memory: http://business.comcast.com/triple-play-bundle?CMP=ILC:MA:GNV:SUB:COM:GEN:INT55c0dd2b31b24&utm_sourc
Source: adrum45162845[1].js.2.dr	String found in binary or memory: http://cdn.appdynamics.com
Source: adrumext7a88a5f34b3368a060fd963640d8c56b[1].js.2.dr	String found in binary or memory: http://code.google.com/p/episodes/
Source: adrum45162845[1].js.2.dr	String found in binary or memory: http://col.eum-appdynamics.com
Source: A39151EFA847C2B4260D7830C1FB6C550.2.dr	String found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
Source: bundle.5bf26510[1].js.2.dr	String found in binary or memory: http://dataplan.xfinity.com
Source: s-code-contents-b64101550e11e416ccb38a09edfe73cd7cbc27de[1].js.2.dr	String found in binary or memory: http://fls.doubleclick.net/json?spot=
Source: vendor-libraries.bundle[1].js.2.dr	String found in binary or memory: http://fusejs.io)
Source: vendor-libraries.bundle[1].js.2.dr	String found in binary or memory: http://github.com/janl/mustache.js
Source: vendor-libraries.bundle[1].js.2.dr	String found in binary or memory: http://greensock.com
Source: vendor-libraries.bundle[1].js.2.dr	String found in binary or memory: http://greensock.com/standard-license
Source: vendor-libraries.bundle[1].js.2.dr	String found in binary or memory: http://jedwatson.github.io/classnames
Source: vendor-libraries.bundle[1].js.2.dr	String found in binary or memory: http://kiro.me)
Source: {8D06BA19-89BB-11EA-AADD-C25F135D3C65}.dat.1.dr	String found in binary or memory: http://my.xfinity.com/
Source: {8D06BA19-89BB-11EA-AADD-C25F135D3C65}.dat.1.dr	String found in binary or memory: http://my.xfinity.com/terms/web/
Source: ~DF16F0C626C60CF8FD.TMP.1.dr	String found in binary or memory: http://my.xfinity.com/terms/web/create-uid?continue=https%3A%2F%2Flogin.xfinity.com%2Flogin%3Fselect
Source: A39151EFA847C2B4260D7830C1FB6C550.2.dr	String found in binary or memory: http://ocsp.comodoca.com0
Source: prepare[1].htm.2.dr	String found in binary or memory: http://ogp.me/ns#
Source: s-code-contents-b64101550e11e416ccb38a09edfe73cd7cbc27de[1].js.2.dr	String found in binary or memory: http://r.search.yahoo.com
Source: bundle.5bf26510[1].js.2.dr	String found in binary or memory: http://speedtest.xfinity.com/
Source: vendor-libraries.bundle[1].js.2.dr	String found in binary or memory: http://validatejs.org/
Source: msapplication.xml.1.dr	String found in binary or memory: http://www.amazon.com/
Source: adrumext7a88a5f34b3368a060fd963640d8c56b[1].js.2.dr, vendor-libraries.bundle[1].js.2.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: {8D06BA19-89BB-11EA-AADD-C25F135D3C65}.dat.1.dr	String found in binary or memory: http://www.comcast.net
Source: {8D06BA19-89BB-11EA-AADD-C25F135D3C65}.dat.1.dr	String found in binary or memory: http://www.comcast.net/adinformation
Source: ~DF16F0C626C60CF8FD.TMP.1.dr	String found in binary or memory: http://www.comcast.net/adinformation&
Source: s-code-contents-b64101550e11e416ccb38a09edfe73cd7cbc27de[1].js.2.dr	String found in binary or memory: http://www.google.
Source: msapplication.xml1.1.dr	String found in binary or memory: http://www.google.com/
Source: prepare[1].htm.2.dr	String found in binary or memory: http://www.internetessentials.com/
Source: msapplication.xml2.1.dr	String found in binary or memory: http://www.live.com/
Source: msapplication.xml3.1.dr	String found in binary or memory: http://www.nytimes.com/
Source: msapplication.xml4.1.dr	String found in binary or memory: http://www.reddit.com/
Source: msapplication.xml5.1.dr	String found in binary or memory: http://www.twitter.com/
Source: msapplication.xml6.1.dr	String found in binary or memory: http://www.wikipedia.com/
Source: prepare[1].htm.2.dr	String found in binary or memory: http://www.xfinity.com/apps-stream
Source: prepare[1].htm.2.dr	String found in binary or memory: http://www.xfinity.com/apps-stream/
Source: satellite-58349d6e64746d6762001b86[1].js.2.dr	String found in binary or memory: http://www.xfinity.com/customer-home
Source: satellite-58349d6e64746d6762001b86[1].js.2.dr	String found in binary or memory: http://www.xfinity.com/customer-home:
Source: prepare[1].htm.2.dr	String found in binary or memory: http://www.xfinity.com/myaccount
Source: prepare[1].htm.2.dr	String found in binary or memory: http://www.xfinity.com/outage
Source: msapplication.xml7.1.dr	String found in binary or memory: http://www.youtube.com/
Source: bundle.5bf26510[1].js.2.dr	String found in binary or memory: http://wwwapps.ups.com/WebTracking/track?track=yes&trackNums=
Source: prepare[1].htm.2.dr	String found in binary or memory: http://xfinity.com/apps-myaccount
Source: prepare[1].htm.2.dr	String found in binary or memory: http://xfinity.com/myaccount
Source: prepare[1].htm.2.dr	String found in binary or memory: http://xfinity.com/myxFi
Source: prepare[1].htm.2.dr	String found in binary or memory: http://xfinity.com/selfinstall
Source: prepare[1].htm.2.dr	String found in binary or memory: http://xfinity.com/xfinityassistant
Source: {8D06BA19-89BB-11EA-AADD-C25F135D3C65}.dat.1.dr	String found in binary or memory: http://xfinity.comcast
Source: {8D06BA19-89BB-11EA-AADD-C25F135D3C65}.dat.1.dr, ~DF16F0C626C60CF8FD.TMP.1.dr	String found in binary or memory: http://xfinity.comcast.net/privacy/
Source: ~DF16F0C626C60CF8FD.TMP.1.dr	String found in binary or memory: http://xfinity.comcast.net/privacy/eate-uid?continue=https%3A%2F%2Flogin.xfinity.com%2Flogin%3Fselec
Source: {8D06BA19-89BB-11EA-AADD-C25F135D3C65}.dat.1.dr	String found in binary or memory: https://4053494.fls.doubleclick.net/activityi;src=4053494;type=comca517;cat=20_xf000;ord=65088180783
Source: satellite-58349d6e64746d6762001b86[1].js.2.dr	String found in binary or memory: https://4053494.fls.doubleclick.net/activityi;src=4053494;type=comca517;cat=xfini01s;dc_lat=;dc_rdid
Source: satellite-58349d6e64746d6762001b86[1].js.2.dr	String found in binary or memory: https://ad.doubleclick.net/ddm/activity/src=4053494;type=comca517;cat=xfini01s;dc_lat=;dc_rdid=;tag_
Source: js[2].js.2.dr	String found in binary or memory: https://adservice.google.com/ddm/regclk
Source: analytics[1].js.2.dr	String found in binary or memory: https://ampcid.google.com/v1/publisher:getClientId
Source: bundle.5bf26510[1].js.2.dr	String found in binary or memory: https://approval.xfinity.com/receipt?continue=
Source: f[1].txt.2.dr	String found in binary or memory: https://bid.g.doubleclick.net/xbbe/pixel?d=KAE
Source: prepare[1].htm.2.dr	String found in binary or memory: https://business.comcast.com/response
Source: {8D06BA19-89BB-11EA-AADD-C25F135D3C65}.dat.1.dr, ~DF16F0C626C60CF8FD.TMP.1.dr	String found in binary or memory: https://businessclass.comcast.net/?INTCMP=ILC-XfinityCom-MyAccountSigninCTA-BCPSignin01
Source: ~DF16F0C626C60CF8FD.TMP.1.dr	String found in binary or memory: https://businessclass.comcast.net/?INTCMP=ILC-XfinityCom-MyAccountSigninCTA-BCPSignin01d
Source: login[1].htm.2.dr	String found in binary or memory: https://businessclass.comcast.net?INTCMP=ILC-XfinityCom-MyAccountSigninCTA-BCPSignin01
Source: adrum45162845[1].js.2.dr	String found in binary or memory: https://cdn.appdynamics.com
Source: policy[1].htm.2.dr	String found in binary or memory: https://cdn.comcast.com/-/media/8E21491D44D24C0E9E98F9DB79CC2685
Source: prepare[1].htm.2.dr	String found in binary or memory: https://cdn.comcast.com/-/media/E020F7373720426891AC068F01DA5A2A
Source: policy[1].htm.2.dr	String found in binary or memory: https://cdn.comcast.com/-/media/Images/cpp-privacy-portal/policy/policy__hero-mobile-2x.png?rev=eef8
Source: policy[1].htm.2.dr	String found in binary or memory: https://cdn.comcast.com/-/media/Images/cpp-privacy-portal/policy/policy__hero.jpg?rev=a04d9a33-e084-
Source: prepare[1].htm.2.dr	String found in binary or memory: https://cdn.comcast.com/-/media/Images/www_xfinity_com/prepare/Covid-Support-hero-Desktop-2.jpg?rev=
Source: prepare[1].htm.2.dr	String found in binary or memory: https://cdn.comcast.com/-/media/Images/www_xfinity_com/prepare/Covid-Support-hero-Mobile.png?rev=4d2
Source: Y7S5MSZY.htm.2.dr	String found in binary or memory: https://cdn.comcast.com/-/media/common/analytics/data-layer-non-prod-3-4-2-min.js
Source: Y7S5MSZY.htm.2.dr	String found in binary or memory: https://cdn.comcast.com/-/media/common/analytics/data-layer-prod-3-4-2-min.js
Source: ~DF16F0C626C60CF8FD.TMP.1.dr	String found in binary or memory: https://cdn.comcast.com/learn/-/media/common/favicon/favicon-32x32.png
Source: imagestore.dat.2.dr	String found in binary or memory: https://cdn.comcast.com/learn/-/media/common/favicon/favicon-32x32.png4
Source: satellite-5d1b853864746d5f15000706[1].js.2.dr	String found in binary or memory: https://cdn.quantummetric.com/qscripts/quantum-comcast.js
Source: s82066471163920[1].js.2.dr	String found in binary or memory: https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm&gdpr=0&gdpr_consent=
Source: adrum45162845[1].js.2.dr	String found in binary or memory: https://col.eum-appdynamics.com
Source: {8D06BA19-89BB-11EA-AADD-C25F135D3C65}.dat.1.dr	String found in binary or memory: https://comcast.demdex.net/dest5.html?d_nsid=0
Source: {8D06BA19-89BB-11EA-AADD-C25F135D3C65}.dat.1.dr	String found in binary or memory: https://comcast.demdex.net/dest5.html?d_nsid=0#https%3A%2F%2Flogin.xfinity.com%2Flogin%3Fr%3Dcomcast
Source: {8D06BA19-89BB-11EA-AADD-C25F135D3C65}.dat.1.dr	String found in binary or memory: https://comcast.demdex.net/dest5.html?d_nsid=0#https%3A%2F%2Fwww.xfinity.com
Source: quantum-comcast[1].js.2.dr	String found in binary or memory: https://comcast.quantummetric.com/#/users/search?qmSessionCookie=
Source: satellite-58349d6e64746d6762001b87[1].js.2.dr	String found in binary or memory: https://connect.facebook.net/en_US/fbevents.js
Source: prepare[1].htm.2.dr, policy[1].htm.2.dr	String found in binary or memory: https://connect.xfinity.com/voice
Source: prepare[1].htm.2.dr	String found in binary or memory: https://customer.xfinity.com/#
Source: ~DF16F0C626C60CF8FD.TMP.1.dr	String found in binary or memory: https://customer.xfinity.com/#/users?INTCMP=ILC:MA:UP:GEN56cb762b0345d
Source: {8D06BA19-89BB-11EA-AADD-C25F135D3C65}.dat.1.dr	String found in binary or memory: https://customer.xfinity.com/#/users?INTCMP=ILC:MA:UP:GEN56cb762b0345dRoot
Source: {8D06BA19-89BB-11EA-AADD-C25F135D3C65}.dat.1.dr	String found in binary or memory: https://customer.xfinity.com/#/users?INTCMP=ILC:MA:UP:GEN56cb762b0345dty.com/users/?INTCMP=ILC:MA:UP
Source: prepare[1].htm.2.dr, policy[1].htm.2.dr	String found in binary or memory: https://customer.xfinity.com/Overview/?CMP=ILC_myaccount_xfinity-learn_re
Source: prepare[1].htm.2.dr	String found in binary or memory: https://customer.xfinity.com/Secure/Home.aspx
Source: prepare[1].htm.2.dr, policy[1].htm.2.dr	String found in binary or memory: https://customer.xfinity.com/help-and-support/?CMP=ILC_support_xfinity-learn_re
Source: login[1].htm.2.dr	String found in binary or memory: https://customer.xfinity.com/lite
Source: {8D06BA19-89BB-11EA-AADD-C25F135D3C65}.dat.1.dr	String found in binary or memory: https://customer.xfinity.com/users/
Source: ~DF16F0C626C60CF8FD.TMP.1.dr	String found in binary or memory: https://customer.xfinity.com/users/?INTCMP=ILC:MA:UP:GEN56cb762b0345d
Source: satellite-5e78d6ac64746d041a0023ac[1].js.2.dr	String found in binary or memory: https://d.agkn.com/pixel/10533/?che=
Source: 12345;91797;9487;iframe[1].htm0.2.dr	String found in binary or memory: https://dpm.demdex.net/ibs:dpid=3047&dpuuid=4501C36F860F20&
Source: 12345;91797;9487;iframe[1].htm.2.dr	String found in binary or memory: https://dpm.demdex.net/ibs:dpid=3047&dpuuid=99999999999999&
Source: prepare[1].htm.2.dr	String found in binary or memory: https://emails.xfinity.com/pub/cc?_ri_=X0Gzc2X%3DAQpglLjHJlYQGjP5bzcpeeoqj3hs8Iiw9zcBszfzc7sm5OzgTaz
Source: prepare[1].htm.2.dr	String found in binary or memory: https://es.xfinity.com/prepare
Source: policy[1].htm.2.dr	String found in binary or memory: https://es.xfinity.com/privacy/policy
Source: vendor-libraries.bundle[1].js.2.dr	String found in binary or memory: https://feross.org
Source: vendor-libraries.bundle[1].js.2.dr	String found in binary or memory: https://git.io/vwTVl
Source: dl-plugin-exceptions[1].js.2.dr	String found in binary or memory: https://github.com/jonschlinkert/assign-deep
Source: dl-plugin-exceptions[1].js.2.dr	String found in binary or memory: https://github.com/jonschlinkert/assign-symbols
Source: js[2].js.2.dr	String found in binary or memory: https://github.com/krux/postscribe/blob/master/LICENSE.
Source: quantum-comcast[1].js.2.dr	String found in binary or memory: https://github.com/nodeca/pako/blob/master/LICENSE
Source: quantum-comcast[1].js.2.dr	String found in binary or memory: https://github.com/vibornoff/asmcrypto.js/blob/master/LICENSE
Source: britebill.96ee1fdb[1].css.2.dr	String found in binary or memory: https://github.com/yahoo/pure/blob/master/LICENSE.md
Source: prepare[1].htm.2.dr, policy[1].htm.2.dr	String found in binary or memory: https://home.xfinity.com
Source: {8D06BA19-89BB-11EA-AADD-C25F135D3C65}.dat.1.dr	String found in binary or memory: https://idm.xfinity.co
Source: ~DF16F0C626C60CF8FD.TMP.1.dr	String found in binary or memory: https://idm.xfinity.com/myaccount/create-uid?continue=https%3A%2F%2Flogin.xfinity.com%2Flogin%3Fsele
Source: ~DF16F0C626C60CF8FD.TMP.1.dr	String found in binary or memory: https://idm.xfinity.com/myaccount/lookup?continue=https%3A%2F%2Flogin.xfinity.com%2Flogin%3FselectAc
Source: ~DF16F0C626C60CF8FD.TMP.1.dr	String found in binary or memory: https://idm.xfinity.com/myaccount/reset?continue=https%3A%2F%2Flogin.xfinity.com%2Flogin%3FselectAcc
Source: prepare[1].htm.2.dr, policy[1].htm.2.dr	String found in binary or memory: https://internet.xfinity.com/
Source: prepare[1].htm.2.dr	String found in binary or memory: https://internetsecurity.xfinity.com/help/alerts/
Source: prepare[1].htm.2.dr	String found in binary or memory: https://internetsecurity.xfinity.com/help/report-abuse/
Source: vendor-libraries.bundle[1].js.2.dr	String found in binary or memory: https://jquery.com/
Source: vendor-libraries.bundle[1].js.2.dr	String found in binary or memory: https://jquery.org/license
Source: prepare[1].htm.2.dr, policy[1].htm.2.dr	String found in binary or memory: https://login.comcast.net/login?s=wnamp&ts=a59b39b0
Source: {8D06BA19-89BB-11EA-AADD-C25F135D3C65}.dat.1.dr	String found in binary or memory: https://login.xfi
Source: {8D06BA19-89BB-11EA-AADD-C25F135D3C65}.dat.1.dr	String found in binary or memory: https://login.xfi26ipAddrAuthn%3Dfalse%26passive%3Dfalse%26client_id%3Dmy-account-web%26reqId%3D76ce
Source: {8D06BA19-89BB-11EA-AADD-C25F135D3C65}.dat.1.dr	String found in binary or memory: https://login.xfiAddrAuthn%3Dfalse%26passive%3Dfalse%26client_id%3Dmy-account-web%26reqId%3D76ce6366
Source: {8D06BA19-89BB-11EA-AADD-C25F135D3C65}.dat.1.dr	String found in binary or memory: https://login.xfiddrAuthn%3Dfalse%26passive%3Dfalse%26client_id%3Dmy-account-web%26reqId%3D76ce6366-
Source: {8D06BA19-89BB-11EA-AADD-C25F135D3C65}.dat.1.dr	String found in binary or memory: https://login.xfinity.
Source: login[1].htm.2.dr	String found in binary or memory: https://login.xfinity.com/login
Source: ~DF16F0C626C60CF8FD.TMP.1.dr, policy[1].htm.2.dr	String found in binary or memory: https://login.xfinity.com/login?r=comcast.net&s=oauth&continue=https%3A%2F%2Foauth.xfinity.com%2Foau
Source: {8D06BA19-89BB-11EA-AADD-C25F135D3C65}.dat.1.dr	String found in binary or memory: https://login.xfinity.com/proxy/nucaptcha/help.html?lang=en
Source: ~DF16F0C626C60CF8FD.TMP.1.dr	String found in binary or memory: https://login.xfinity.com/proxy/nucaptcha/help.html?lang=enccountSigninCTA-BCPSignin01
Source: ~DF16F0C626C60CF8FD.TMP.1.dr	String found in binary or memory: https://login.xfinity.com/proxy/nucaptcha/help.html?lang=enccountSigninCTA-BCPSignin01%3Dcomcast.net
Source: login[1].htm.2.dr	String found in binary or memory: https://login.xfinity.com/proxy/nudetect/3.67.107200/w-341498/captcha?token=1.w-341498.1.2.ABjCc-swL
Source: imagestore.dat.2.dr	String found in binary or memory: https://login.xfinity.com/static/images/favicon/android-icon-192x192.png
Source: {8D06BA19-89BB-11EA-AADD-C25F135D3C65}.dat.1.dr	String found in binary or memory: https://login.xfinity.ty.com/users/?INTCMP=ILC:MA:UP:GEN56cb762b0345dcom/login?r=comcast.net&s=oauth
Source: {8D06BA19-89BB-11EA-AADD-C25F135D3C65}.dat.1.dr	String found in binary or memory: https://m/preparer=comcast.net&s=oauth&continue=https%3A%2F%2Foauth.xfinity.com%2Foauth%2Fauthorize%
Source: vendor-libraries.bundle[1].js.2.dr	String found in binary or memory: https://markjs.io/
Source: inqChatLaunch10006690[1].js.2.dr	String found in binary or memory: https://media.xchat.xfinity.com
Source: prepare[1].htm.2.dr	String found in binary or memory: https://msapp-mdp-po.sys.comcast.net/f/a/Rr52I5wgyyfPjHvbKjM31A~~/AAAAAQA~/RgRgXDhgP0EIAe88fJAHqe0XW
Source: prepare[1].htm.2.dr, policy[1].htm.2.dr	String found in binary or memory: https://my.xfinity.com/?CMP=ILC_myxfinity_xfinity-learn_re
Source: login[1].htm.2.dr	String found in binary or memory: https://oauth.xfinity.com/oauth/authorize?client_id=my-account-web&prompt=login&redirect_uri
Source: {8D06BA19-89BB-11EA-AADD-C25F135D3C65}.dat.1.dr	String found in binary or memory: https://oauth.xfinity.com/oauth/authorize?client_id=my-account-web&prompt=login&redirect_uri=https%3
Source: {8D06BA19-89BB-11EA-AADD-C25F135D3C65}.dat.1.dr	String found in binary or memory: https://payments.xfini
Source: {8D06BA19-89BB-11EA-AADD-C25F135D3C65}.dat.1.dr, ~DF16F0C626C60CF8FD.TMP.1.dr	String found in binary or memory: https://payments.xfinity.com/lite
Source: ~DF16F0C626C60CF8FD.TMP.1.dr	String found in binary or memory: https://payments.xfinity.com/litecomcast.net&s=oauth&continue=https%3A%2F%2Foauth.xfinity.com%2Foaut
Source: ~DF16F0C626C60CF8FD.TMP.1.dr	String found in binary or memory: https://payments.xfinity.com/lited
Source: {8D06BA19-89BB-11EA-AADD-C25F135D3C65}.dat.1.dr	String found in binary or memory: https://polaris.xfinity.com/orc.html?domain=www.xfinity.com
Source: prepare[1].htm.2.dr	String found in binary or memory: https://polaris.xfinity.com/polaris
Source: vendor-libraries.bundle[1].js.2.dr	String found in binary or memory: https://raw.githubusercontent.com/jakearchibald/es6-promise/master/LICENSE
Source: login[1].htm.2.dr	String found in binary or memory: https://scripts.webcontentassessor.com/scripts/e5d00e87ba3bf67af60bbc75377626fb1f0b0a10c2e83ca40b7a2
Source: login[1].htm.2.dr	String found in binary or memory: https://sdx.xfinity.com/cms/data/cima/bin-202004/7a861a63da9e91e6bc60570a2bab359c.png
Source: s-code-contents-b64101550e11e416ccb38a09edfe73cd7cbc27de[1].js.2.dr	String found in binary or memory: https://search.yahoo.com/
Source: {8D06BA19-89BB-11EA-AADD-C25F135D3C65}.dat.1.dr	String found in binary or memory: https://servedby.flashtalking.com/container/12345;91797;9487;iframe/?U6=37468928-dc11-4df5-8de8-bd57
Source: 12345;91797;9487;iframe[1].htm.2.dr	String found in binary or memory: https://servedby.flashtalking.com/segment/modify/
Source: 12345;91797;9487;iframe[1].htm.2.dr, 12345;91797;9487;iframe[1].htm0.2.dr	String found in binary or memory: https://servedby.flashtalking.com/spot/1/12345;108289;11135/?spotName=Comcast_SiteVisit&ftXRef=
Source: vendor-libraries.bundle[1].js.2.dr	String found in binary or memory: https://sizzlejs.com/
Source: Y7S5MSZY.htm.2.dr, imagestore.dat.2.dr	String found in binary or memory: https://static.cimcontent.net/common-web-assets/favicon/android-icon-192x192.png
Source: Y7S5MSZY.htm.2.dr	String found in binary or memory: https://static.cimcontent.net/common-web-assets/favicon/apple-icon-114x114.png
Source: Y7S5MSZY.htm.2.dr	String found in binary or memory: https://static.cimcontent.net/common-web-assets/favicon/apple-icon-120x120.png
Source: Y7S5MSZY.htm.2.dr	String found in binary or memory: https://static.cimcontent.net/common-web-assets/favicon/apple-icon-144x144.png
Source: Y7S5MSZY.htm.2.dr	String found in binary or memory: https://static.cimcontent.net/common-web-assets/favicon/apple-icon-152x152.png
Source: Y7S5MSZY.htm.2.dr	String found in binary or memory: https://static.cimcontent.net/common-web-assets/favicon/apple-icon-180x180.png
Source: Y7S5MSZY.htm.2.dr	String found in binary or memory: https://static.cimcontent.net/common-web-assets/favicon/apple-icon-57x57.png
Source: Y7S5MSZY.htm.2.dr	String found in binary or memory: https://static.cimcontent.net/common-web-assets/favicon/apple-icon-60x60.png
Source: Y7S5MSZY.htm.2.dr	String found in binary or memory: https://static.cimcontent.net/common-web-assets/favicon/apple-icon-72x72.png
Source: Y7S5MSZY.htm.2.dr	String found in binary or memory: https://static.cimcontent.net/common-web-assets/favicon/apple-icon-76x76.png
Source: Y7S5MSZY.htm.2.dr	String found in binary or memory: https://static.cimcontent.net/common-web-assets/favicon/favicon-16x16.png
Source: Y7S5MSZY.htm.2.dr	String found in binary or memory: https://static.cimcontent.net/common-web-assets/favicon/favicon-32x32.png
Source: Y7S5MSZY.htm.2.dr	String found in binary or memory: https://static.cimcontent.net/common-web-assets/favicon/favicon-96x96.png
Source: Y7S5MSZY.htm.2.dr	String found in binary or memory: https://static.cimcontent.net/common-web-assets/favicon/favicon.ico
Source: Y7S5MSZY.htm.2.dr	String found in binary or memory: https://static.cimcontent.net/common-web-assets/favicon/safari-pinned-tab.svg
Source: Y7S5MSZY.htm.2.dr	String found in binary or memory: https://static.cimcontent.net/common-web-assets/favicon/site.webmanifest
Source: bundle.5bf26510[1].js.2.dr	String found in binary or memory: https://static.cimcontent.net/common-web-assets/svg/brand-updates/storefront-header.svg
Source: bundle.5bf26510[1].js.2.dr	String found in binary or memory: https://static.cimcontent.net/common-web-assets/svg/eid/service_flex_issue.svg
Source: bundle.5bf26510[1].js.2.dr	String found in binary or memory: https://static.cimcontent.net/common-web-assets/svg/eid/service_flex_noissue.svg
Source: bundle.5bf26510[1].js.2.dr	String found in binary or memory: https://static.cimcontent.net/common-web-assets/svg/eid/service_flex_null.svg
Source: bundle.5bf26510[1].js.2.dr	String found in binary or memory: https://static.cimcontent.net/common-web-assets/svg/eid/service_flex_outage.svg
Source: prepare[1].htm.2.dr, login[1].htm.2.dr	String found in binary or memory: https://static.cimcontent.net/data-layer/
Source: fonts-remote.min[1].css.2.dr	String found in binary or memory: https://static.cimcontent.net/fonts/latest/Xfinity_Standard/XfinityStandard-Bold.woff
Source: fonts-remote.min[1].css.2.dr	String found in binary or memory: https://static.cimcontent.net/fonts/latest/Xfinity_Standard/XfinityStandard-Bold.woff2
Source: fonts-remote.min[1].css.2.dr	String found in binary or memory: https://static.cimcontent.net/fonts/latest/Xfinity_Standard/XfinityStandard-BoldItalic.woff
Source: fonts-remote.min[1].css.2.dr	String found in binary or memory: https://static.cimcontent.net/fonts/latest/Xfinity_Standard/XfinityStandard-BoldItalic.woff2
Source: fonts-remote.min[1].css.2.dr	String found in binary or memory: https://static.cimcontent.net/fonts/latest/Xfinity_Standard/XfinityStandard-ExtraLight.woff
Source: fonts-remote.min[1].css.2.dr	String found in binary or memory: https://static.cimcontent.net/fonts/latest/Xfinity_Standard/XfinityStandard-ExtraLight.woff2
Source: fonts-remote.min[1].css.2.dr	String found in binary or memory: https://static.cimcontent.net/fonts/latest/Xfinity_Standard/XfinityStandard-ExtraLightItalic.woff
Source: fonts-remote.min[1].css.2.dr	String found in binary or memory: https://static.cimcontent.net/fonts/latest/Xfinity_Standard/XfinityStandard-ExtraLightItalic.woff2
Source: fonts-remote.min[1].css.2.dr	String found in binary or memory: https://static.cimcontent.net/fonts/latest/Xfinity_Standard/XfinityStandard-Light.woff
Source: fonts-remote.min[1].css.2.dr	String found in binary or memory: https://static.cimcontent.net/fonts/latest/Xfinity_Standard/XfinityStandard-Light.woff2
Source: fonts-remote.min[1].css.2.dr	String found in binary or memory: https://static.cimcontent.net/fonts/latest/Xfinity_Standard/XfinityStandard-LightItalic.woff
Source: fonts-remote.min[1].css.2.dr	String found in binary or memory: https://static.cimcontent.net/fonts/latest/Xfinity_Standard/XfinityStandard-LightItalic.woff2
Source: fonts-remote.min[1].css.2.dr	String found in binary or memory: https://static.cimcontent.net/fonts/latest/Xfinity_Standard/XfinityStandard-Medium.woff
Source: fonts-remote.min[1].css.2.dr	String found in binary or memory: https://static.cimcontent.net/fonts/latest/Xfinity_Standard/XfinityStandard-Medium.woff2
Source: fonts-remote.min[1].css.2.dr	String found in binary or memory: https://static.cimcontent.net/fonts/latest/Xfinity_Standard/XfinityStandard-MediumItalic.woff
Source: fonts-remote.min[1].css.2.dr	String found in binary or memory: https://static.cimcontent.net/fonts/latest/Xfinity_Standard/XfinityStandard-MediumItalic.woff2
Source: fonts-remote.min[1].css.2.dr	String found in binary or memory: https://static.cimcontent.net/fonts/latest/Xfinity_Standard/XfinityStandard-Regular.woff
Source: fonts-remote.min[1].css.2.dr	String found in binary or memory: https://static.cimcontent.net/fonts/latest/Xfinity_Standard/XfinityStandard-Regular.woff2
Source: fonts-remote.min[1].css.2.dr	String found in binary or memory: https://static.cimcontent.net/fonts/latest/Xfinity_Standard/XfinityStandard-RegularItalic.woff
Source: fonts-remote.min[1].css.2.dr	String found in binary or memory: https://static.cimcontent.net/fonts/latest/Xfinity_Standard/XfinityStandard-RegularItalic.woff2
Source: fonts-remote.min[1].css.2.dr	String found in binary or memory: https://static.cimcontent.net/fonts/latest/Xfinity_Standard/XfinityStandard-Thin.woff
Source: fonts-remote.min[1].css.2.dr	String found in binary or memory: https://static.cimcontent.net/fonts/latest/Xfinity_Standard/XfinityStandard-Thin.woff2
Source: analytics[1].js.2.dr	String found in binary or memory: https://stats.g.doubleclick.net/j/collect
Source: analytics[1].js.2.dr	String found in binary or memory: https://stats.g.doubleclick.net/r/collect?t=dc&aip=1&_r=3&
Source: {8D06BA19-89BB-11EA-AADD-C25F135D3C65}.dat.1.dr	String found in binary or memory: https://universal.iperceptions.com/iFrame.html
Source: prepare[1].htm.2.dr	String found in binary or memory: https://urldefense.com/v3/__https:/www.westernunion.com/us/en/agent-locator.html__;
Source: prepare[1].htm.2.dr	String found in binary or memory: https://www.fedex.com/global/choose-location.html
Source: satellite-59aff67c64746d516b00508e[1].js.2.dr, js[2].js.2.dr, satellite-5a8c96af64746d60a1004c38[1].js.2.dr	String found in binary or memory: https://www.google-analytics.com/analytics.js
Source: analytics[1].js.2.dr	String found in binary or memory: https://www.google-analytics.com/gtm/js?id=
Source: s-code-contents-b64101550e11e416ccb38a09edfe73cd7cbc27de[1].js.2.dr	String found in binary or memory: https://www.google.
Source: analytics[1].js.2.dr	String found in binary or memory: https://www.google.%/ads/ga-audiences
Source: f[1].txt0.2.dr, f[2].txt.2.dr	String found in binary or memory: https://www.google.co.uk/pagead/1p-user-list/1023869955/?random
Source: f[1].txt.2.dr	String found in binary or memory: https://www.google.com/ads/mrc?sku=
Source: f[1].txt0.2.dr, f[2].txt.2.dr	String found in binary or memory: https://www.google.com/pagead/1p-user-list/1023869955/?random
Source: js[2].js.2.dr	String found in binary or memory: https://www.google.com/pagead/conversion_async.js
Source: js[2].js.2.dr	String found in binary or memory: https://www.google.com/pagead/landing?
Source: js[2].js.2.dr	String found in binary or memory: https://www.google.com/travel/flights/click/conversion/
Source: satellite-5a2ea0b564746d3f4e00e094[1].js.2.dr, satellite-5a2ea19b64746d7c6f007f98[1].js.2.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=AW-1023869955
Source: satellite-58349d6e64746d6762001b86[1].js.2.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=DC-4053494
Source: js[2].js.2.dr	String found in binary or memory: https://www.googletraveladservices.com/travel/clk/pagead/conversion/
Source: js[2].js.2.dr	String found in binary or memory: https://www.googletraveladservices.com/travel/vacations/clk/pagead/conversion/
Source: quantum-comcast[1].js.2.dr	String found in binary or memory: https://www.quantummetric.com/legal/eula
Source: login[1].htm.2.dr	String found in binary or memory: https://www.surveymonkey.com/s.aspx?sm=FyNNVDhj_2f2FNc2KVOHQ4eg_3d_3d
Source: prepare[1].htm.2.dr	String found in binary or memory: https://www.theupsstore.com/
Source: {8D06BA19-89BB-11EA-AADD-C25F135D3C65}.dat.1.dr	String found in binary or memory: https://www.xfinity.co
Source: {8D06BA19-89BB-11EA-AADD-C25F135D3C65}.dat.1.dr	String found in binary or memory: https://www.xfinity.cocom/login?r=comcast.net&s=oauth&continue=https%3A%2F%2Foauth.xfinity.com%2Foau
Source: prepare[1].htm.2.dr	String found in binary or memory: https://www.xfinity.com
Source: prepare[1].htm.2.dr	String found in binary or memory: https://www.xfinity.com/-/media/B50BCD1D42B44D62977C8259DE36C1E9.ashx
Source: bundle.5bf26510[1].js.2.dr	String found in binary or memory: https://www.xfinity.com/addmore
Source: prepare[1].htm.2.dr	String found in binary or memory: https://www.xfinity.com/akam/11/6d18fb7a
Source: prepare[1].htm.2.dr	String found in binary or memory: https://www.xfinity.com/akam/11/pixel_6d18fb7a?a=dD1mMzJlYzcxNzAzMjY2NzRmNzg0NDQ5NWJkNGU0ZWU0YzNhYWM
Source: prepare[1].htm.2.dr	String found in binary or memory: https://www.xfinity.com/apps#b096aa0b-a647-45db-9186-bdc2e2569572
Source: prepare[1].htm.2.dr	String found in binary or memory: https://www.xfinity.com/apps-mobile
Source: prepare[1].htm.2.dr	String found in binary or memory: https://www.xfinity.com/cart
Source: prepare[1].htm.2.dr	String found in binary or memory: https://www.xfinity.com/chat/
Source: prepare[1].htm.2.dr	String found in binary or memory: https://www.xfinity.com/hub/tv-video/peacock-on-xfinity/
Source: prepare[1].htm.2.dr	String found in binary or memory: https://www.xfinity.com/learn/bundles/internet-cable-packages
Source: prepare[1].htm.2.dr	String found in binary or memory: https://www.xfinity.com/learn/flex
Source: prepare[1].htm.2.dr	String found in binary or memory: https://www.xfinity.com/learn/help-me-decide
Source: prepare[1].htm.2.dr	String found in binary or memory: https://www.xfinity.com/learn/home-security#XHCallBackForm
Source: {8D06BA19-89BB-11EA-AADD-C25F135D3C65}.dat.1.dr	String found in binary or memory: https://www.xfinity.com/learn/nuance/xfinityChat.html?IFRAME
Source: quantum-comcast[1].js.2.dr	String found in binary or memory: https://www.xfinity.com/learn/offers
Source: prepare[1].htm.2.dr, policy[1].htm.2.dr	String found in binary or memory: https://www.xfinity.com/learn/offers?CMP=ILC_shop_xfinity-learn_re
Source: prepare[1].htm.2.dr	String found in binary or memory: https://www.xfinity.com/learn/offers?lob=tv
Source: prepare[1].htm.2.dr	String found in binary or memory: https://www.xfinity.com/manage-my-account
Source: prepare[1].htm.2.dr, policy[1].htm.2.dr	String found in binary or memory: https://www.xfinity.com/mobile/
Source: prepare[1].htm.2.dr	String found in binary or memory: https://www.xfinity.com/mobile/support/article/how-to-use-phone-as-personal-hotspot
Source: prepare[1].htm.2.dr	String found in binary or memory: https://www.xfinity.com/mobile/support/article/returns-and-exchanges
Source: prepare[1].htm.2.dr	String found in binary or memory: https://www.xfinity.com/myaccount
Source: {8D06BA19-89BB-11EA-AADD-C25F135D3C65}.dat.1.dr	String found in binary or memory: https://www.xfinity.com/prepare
Source: satellite-5e7bb2e664746d703b00134f[1].js.2.dr	String found in binary or memory: https://www.xfinity.com/prepare:
Source: bundle.5bf26510[1].js.2.dr	String found in binary or memory: https://www.xfinity.com/prepare?tab=physical-support&accordion=5
Source: {8D06BA19-89BB-11EA-AADD-C25F135D3C65}.dat.1.dr	String found in binary or memory: https://www.xfinity.com/prepareTXfinity
Source: ~DF16F0C626C60CF8FD.TMP.1.dr	String found in binary or memory: https://www.xfinity.com/preparer=comcast.net&s=oauth&continue=https%3A%2F%2Foauth.xfinity.com%2Foaut
Source: policy[1].htm.2.dr	String found in binary or memory: https://www.xfinity.com/privacy
Source: login[1].htm.2.dr	String found in binary or memory: https://www.xfinity.com/privacy/manage-preference
Source: policy[1].htm.2.dr	String found in binary or memory: https://www.xfinity.com/privacy/policy
Source: ~DF16F0C626C60CF8FD.TMP.1.dr	String found in binary or memory: https://www.xfinity.com/privacy/policy&
Source: {8D06BA19-89BB-11EA-AADD-C25F135D3C65}.dat.1.dr	String found in binary or memory: https://www.xfinity.com/privacy/policyVXfinity
Source: ~DF16F0C626C60CF8FD.TMP.1.dr	String found in binary or memory: https://www.xfinity.com/privacy/policyn
Source: prepare[1].htm.2.dr	String found in binary or memory: https://www.xfinity.com/returns
Source: prepare[1].htm.2.dr	String found in binary or memory: https://www.xfinity.com/stores
Source: prepare[1].htm.2.dr, policy[1].htm.2.dr	String found in binary or memory: https://www.xfinity.com/stream/
Source: prepare[1].htm.2.dr	String found in binary or memory: https://www.xfinity.com/student
Source: prepare[1].htm.2.dr	String found in binary or memory: https://www.xfinity.com/support
Source: prepare[1].htm.2.dr	String found in binary or memory: https://www.xfinity.com/support/account-management/issue-reporting
Source: prepare[1].htm.2.dr	String found in binary or memory: https://www.xfinity.com/support/articles/enroll-2-step-verification
Source: prepare[1].htm.2.dr	String found in binary or memory: https://www.xfinity.com/support/articles/set-up-parental-controls-with-comcast-networking
Source: prepare[1].htm.2.dr	String found in binary or memory: https://www.xfinity.com/support/articles/using-xfinity-xfi-advanced-security
Source: bundle.5bf26510[1].js.2.dr	String found in binary or memory: https://www.xfinity.com/support/internet/#get-started/your-home-network
Source: policy[1].htm.2.dr	String found in binary or memory: https://www.xfinity.com/support/privacy
Source: prepare[1].htm.2.dr	String found in binary or memory: https://www.xfinity.com/tips/things-that-affect-your-wifi-speed
Source: prepare[1].htm.2.dr	String found in binary or memory: https://www.xfinity.com/xfinityassistant/
Source: prepare[1].htm.2.dr	String found in binary or memory: https://www.xfinity.com/xfinityassistant/?channel=xMobile
Source: policy[1].htm.2.dr	String found in binary or memory: https://www.xfinity.com/xfinityassistant/?intent=other-privacy_center
Source: prepare[1].htm.2.dr	String found in binary or memory: https://www.xfinityprepaid.com/
Source: businessEventsmin[1].js.2.dr	String found in binary or memory: https://xapi.xfinity.com/api/xact/webevents
Source: inqChatLaunch10006690[1].js.2.dr	String found in binary or memory: https://xchat.xfinity.com
Source: xfinityChat[1].htm.2.dr, satellite-58347fc764746d5576002863[1].js.2.dr	String found in binary or memory: https://xchat.xfinity.com/chatskins/launch/inqChatLaunch10006690.js
Source: login[1].htm.2.dr	String found in binary or memory: https://xfinity.com/prepare
Source: prepare[1].htm.2.dr	String found in binary or memory: https://xfinity.com/wifi
Source: bundle.5bf26510[1].js.2.dr	String found in binary or memory: https://xfinity.com/xap
Source: prepare[1].htm.2.dr	String found in binary or memory: https://youtu.be/CSMl1yjBBiU

Uses HTTPS

Show sources

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49876 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49877 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49854 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866

System Summary:

Classification label

Show sources

Source: classification engine

Classification label: clean0.win@3/231@52/36

Creates files inside the user directory

Show sources

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High

Jump to behavior

Creates temporary files

Show sources

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DF23D077FD1B24BF49.TMP

Jump to behavior

Reads ini files

Show sources

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Spawns processes

Show sources

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknown	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:3456 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:3456 CREDAT:17410 /prefetch:2

Tries to open an application configuration file (.cfg)

Show sources

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Windows\SysWOW64\Macromed\Flash\ss.cfg

Found graphical window changes (likely an installer)

Show sources

Source: Window Recorder

Window detected: More than 3 window changes detected

Uses new MSVCR Dlls

Show sources

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_171\bin\msvcr100.dll

Malware Configuration

No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Simulations

Behavior and APIs

No simulations

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

Source	Detection	Scanner	Link
mboxedge26.tt.omtrdc.net	0%	Virustotal	Browse
platform.twitter.map.fastly.net	0%	Virustotal	Browse
d.impactradius-event.com	0%	Virustotal	Browse
api-iperceptions03.cloudapp.net	0%	Virustotal	Browse
comcastresidentialservices.tt.omtrdc.net	0%	Virustotal	Browse
comcastcom.d1.sc.omtrdc.net	0%	Virustotal	Browse
www.google.co.uk	0%	Virustotal	Browse
h33snt2.x.incapdns.net	0%	Virustotal	Browse
static.ads-twitter.com	0%	Virustotal	Browse
scripts.webcontentassessor.com	0%	Virustotal	Browse
static.cimcontent.net	0%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label	Link
https://static.cimcontent.net/common-web-assets/favicon/favicon-32x32.png	0%	Avira URL Cloud	safe
https://scripts.webcontentassessor.com/scripts/e5d00e87ba3bf67af60bbc75377626fb1f0b0a10c2e83ca40b7a2	0%	Avira URL Cloud	safe
https://login.xfinity.	0%	Avira URL Cloud	safe
https://static.cimcontent.net/common-web-assets/favicon/favicon.ico	0%	Avira URL Cloud	safe
https://static.cimcontent.net/fonts/latest/Xfinity_Standard/XfinityStandard-Thin.woff2	0%	Avira URL Cloud	safe
https://static.cimcontent.net/common-web-assets/favicon/apple-icon-76x76.png	0%	Avira URL Cloud	safe
https://static.cimcontent.net/common-web-assets/favicon/apple-icon-120x120.png	0%	Avira URL Cloud	safe
https://static.cimcontent.net/common-web-assets/svg/eid/service_flex_outage.svg	0%	Avira URL Cloud	safe
https://urldefense.com/v3/__https:/www.westernunion.com/us/en/agent-locator.html__;	0%	Avira URL Cloud	safe
https://static.cimcontent.net/common-web-assets/favicon/android-icon-192x192.png	0%	Avira URL Cloud	safe
https://static.cimcontent.net/fonts/latest/Xfinity_Standard/XfinityStandard-MediumItalic.woff2	0%	Avira URL Cloud	safe
https://static.cimcontent.net/common-web-assets/favicon/apple-icon-180x180.png	0%	Avira URL Cloud	safe
https://www.xfinity.cocom/login?r=comcast.net&s=oauth&continue=https%3A%2F%2Foauth.xfinity.com%2Foau	0%	Avira URL Cloud	safe
https://idm.xfinity.co	0%	Avira URL Cloud	safe
https://static.cimcontent.net/fonts/latest/Xfinity_Standard/XfinityStandard-Bold.woff2	0%	Avira URL Cloud	safe
https://static.cimcontent.net/fonts/latest/Xfinity_Standard/XfinityStandard-Medium.woff	0%	Virustotal		Browse
https://static.cimcontent.net/fonts/latest/Xfinity_Standard/XfinityStandard-Medium.woff	0%	Avira URL Cloud	safe
https://payments.xfini	0%	Avira URL Cloud	safe
http://fusejs.io)	0%	Avira URL Cloud	safe
https://static.cimcontent.net/fonts/latest/Xfinity_Standard/XfinityStandard-LightItalic.woff	0%	Avira URL Cloud	safe
https://static.cimcontent.net/fonts/latest/Xfinity_Standard/XfinityStandard-BoldItalic.woff	0%	Avira URL Cloud	safe

Yara Overview

Initial Sample

No yara matches

PCAP (Network Traffic)

No yara matches

Dropped Files

No yara matches

Memory Dumps

No yara matches

Unpacked PEs

No yara matches

Sigma Overview

No Sigma rule has matched

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report https://cmp.cws.xfinity.com/utility/tracking/tracking/ClickedUrl?targetId=77c4595f-da98-411a-a244-4d839d2609af&serverId=c3po&templateId=533c9870-0a68-4a92-8ce3-35a58075180d&targetUrl=https://customer.xfinity.com/Secure/UserSettings/?INTCMP=ILC:MA:UP:GEN56cb762b0345d

Overview

General Information

Detection

Confidence

Classification Spiderchart

Analysis Advice

Mitre Att&ck Matrix

Signature Overview

Phishing:

Networking:

System Summary:

Malware Configuration

Behavior Graph

Simulations

Behavior and APIs

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Yara Overview

Initial Sample

PCAP (Network Traffic)

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Overview

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Screenshots

Thumbnails