Welcome to Comcast Help & Support Forums
Find solutions, share knowledge, and get answers from customers and experts

New to the Community? Start here.

5,649,192

members

7

online now

1,825,046

discussions

Back to Top

Account Hacking

SOLVED
Posted by
Regular Visitor
  • Thank you contributor for your first reply to the community!
 Posting replies is the best way to get involved.
  • Congrats on Posting your first topic!

Message 1 of 12
11,154 Views

I received an email message that purports to be from the security team at comcast asking me to download a form to confirm my identity because they can't find my account. Here is the header - 

 

Return-Path: membersmail@delivery.org
Received: from reszmta-po-01v.sys.comcast.net (LHLO
 reszmta-po-01v.sys.comcast.net) (96.114.154.193) by
 resmail-ch2-012v.sys.comcast.net with LMTP; Fri, 14 Nov 2014 13:17:03 +0000
 (UTC)
Received: from resimta-po-08v.sys.comcast.net ([96.114.154.136])
	by reszmta-po-01v.sys.comcast.net with comcast
	id FRGg1p02U2wqHZL01RH3or; Fri, 14 Nov 2014 13:17:03 +0000
Received: from smtprelay.b.hostedemail.com ([64.98.42.145])
	by resimta-po-08v.sys.comcast.net with comcast
	id FRGz1p00E37vLZ401RGzlv; Fri, 14 Nov 2014 13:17:03 +0000
X-CAA-SPAM: 00000
X-Authority-Analysis: v=2.1 cv=I+zrRbQg c=1 sm=1 tr=0
 p=twJ8+Yuv55LtfkbGj3EmSQ==:17 a=Bd3zJdQdsWBfG3AWe4eSWg==:117 a=1oljH2EnAAAA:8
 a=C_IRinGWAAAA:8 a=GGcpBh7Jt_oA:10 a=9cW_t1CCXrUA:10 a=8EU9Q7FnrCoA:10
 a=z52zN7X3AAAA:8 a=0gi-pdlpAAAA:8 a=GuK3APyXAAAA:8 a=r77TgQKjGQsHNAKrUKIA:9
 a=9iDbn-4jx3cA:10 a=cKsnjEOsciEA:10 a=QdKRc8GWAAAA:8 a=fyguRmbXAAAA:8
 a=ZWAWxpkhKIWSBV3pVuMA:9 a=hqyaPBCtVdiluMAu:21 a=GW_ZcgirRucMB0_n:21
 a=mN_lIVraK5o7gAkb:21 a=Ft8UYL4EG9YA:10 a=obJSzicfz8UdNmPPmq0A:9
Received: from filter.hostedemail.com (b-bigip1 [10.5.19.254])
	by smtprelay01.b.hostedemail.com (Postfix) with ESMTP id 547C42D2CE9;
	Fri, 14 Nov 2014 13:16:56 +0000 (UTC)
X-Session-Marker: 6B696D2E73696C766140686177616969616E74656C2E6E6574
X-Spam-Summary: 
X-HE-Tag: judge78_99fbc184153
X-Filterd-Recvd-Size: 7537
Received: from User (h2147593.stratoserver.net [85.214.197.173])
	(Authenticated sender: kim.silva@hawaiiantel.net)
	by omf09.b.hostedemail.com (Postfix) with ESMTPA;
	Fri, 14 Nov 2014 13:16:44 +0000 (UTC)
From: "Customer Service Bill Payment"<MembersMail@delivery.org>
Subject: Alert: Comcast Account Notification.
Date: Fri, 14 Nov 2014 14:16:50 +0100
MIME-Version: 1.0
Content-Type: multipart/mixed;
	boundary="----=_NextPart_000_0077_01C2A9A6.4B3FF52


11 REPLIES
Posted by
Official Employee

Message 2 of 12
13,940 Views
Solution

I've forwarded this on to our security team.

 

Thanks for letting us know.

 

- Dan




Community Icon
I am an Official Comcast Employee.
Official Employees are from multiple teams within Comcast: Product, Support, Leadership.
We ask that you post publicly so people with similar questions may benefit from the conversation.

Was your question answered? Mark it as an accepted solution!solution Icon
Community Icon
I am an Offical Comcast Employee.
Official Employees are from multiple teams within Comcast.
We ask that you post publicly so people with similar questions may benefit.
Was your question answered? Mark it as an accepted solution!solution Icon
Community Icon
I am a Comcast Employee.
Please post so people with similar questions may benefit.
Was your question answered?
Mark it as a solution!solution Icon
Posted by
Contributor

Message 3 of 12
11,000 Views

ComcastDaniel:

Don't know if this will help, but I ran the mime header through a program I have and these are the results. Maybe you could pass this on as well to your security team. Looks like it traveled through eight hops and
I think Number 7 may be the most interesting.

LindaSView

 

 

 

IP Addresses Report

 

Created by using IPNetInfo

Order1IP Address209.222.14.3StatusSucceedCountryUSA - New JerseyNetwork NameNET-209-222-14-0-27Owner NameSnapNames.com, IncFrom IP209.222.14.0To IP209.222.14.31CIDR209.222.14.0/27AllocatedYesContact Name Address101 Possumtown Road
Piscataway
Emailnetwork@choopa.comAbuse Emailabuse@choopa.comWhois SourceARINHost Namedelivery.orgResolved Name209.222.14.3.choopa.net
Order2IP Address96.114.154.193StatusSucceedCountryUSA - New JerseyNetwork NameCABLE-1Owner NameComcast IP Services, L.L.C.From IP96.64.0.0To IP96.124.255.255CIDR96.64.0.0/11, 96.96.0.0/12, 96.112.0.0/13, 96.120.0.0/14, 96.124.0.0/16AllocatedYesContact NameComcast IP Services, L.L.C.Address1800 Bishops Gate Blvd
Mount Laurel
EmailCNIPEO-Ip-registration@cable.comcast.comAbuse Emailabuse@comcast.netWhois SourceARINHost Namereszmta-po-01v.sys.comcast.netResolved Namereszmta-po-01v.sys.comcast.net
Order3IP Address162.150.48.41StatusSucceedCountryUSA - New JerseyNetwork NameCABLE-1Owner NameComcast IP Services, L.L.C.From IP162.148.0.0To IP162.151.255.255CIDR162.148.0.0/14AllocatedYesContact NameComcast IP Services, L.L.C.Address1800 Bishops Gate Blvd
Mount Laurel
EmailCNIPEO-Ip-registration@cable.comcast.comAbuse Emailabuse@comcast.netWhois SourceARINHost Nameresmail-ch2-012v.sys.comcast.netResolved Nameresmail-ch2-012v.sys.comcast.net
Order4IP Address96.114.154.136StatusSucceedCountryUSA - New JerseyNetwork NameCABLE-1Owner NameComcast IP Services, L.L.C.From IP96.64.0.0To IP96.124.255.255CIDR96.124.0.0/16, 96.120.0.0/14, 96.64.0.0/11, 96.96.0.0/12, 96.112.0.0/13AllocatedYesContact NameComcast IP Services, L.L.C.Address1800 Bishops Gate Blvd
Mount Laurel
EmailCNIPEO-Ip-registration@cable.comcast.comAbuse Emailabuse@comcast.netWhois SourceARINHost Nameresimta-po-08v.sys.comcast.netResolved Nameresimta-po-08v.sys.comcast.net
Order5IP Address64.98.36.5StatusSucceedCountryCanadaNetwork NameTUCOWS-BLK2Owner NameTucows.com Co.From IP64.98.0.0To IP64.99.255.255CIDR64.98.0.0/15AllocatedYesContact NameTucows.com Co.Address96 Mowat Avenue
Toronto
Emailddiaconita@tucows.comAbuse Emailarin-abuse@tucows.comWhois SourceARINHost Namesmtprelay.b.hostedemail.comResolved Namemail.b.hostedemail.com
Order6IP Address64.98.42.145StatusSucceedCountryCanadaNetwork NameTUCOWS-BLK2Owner NameTucows.com Co.From IP64.98.0.0To IP64.99.255.255CIDR64.98.0.0/15AllocatedYesContact NameTucows.com Co.Address96 Mowat Avenue
Toronto
Emailddiaconita@tucows.comAbuse Emailarin-abuse@tucows.comWhois SourceARINHost Name Resolved Namesmtprelay0145.b.hostedemail.com
Order7IP Address85.214.197.173StatusSucceedCountryGermanyNetwork NameSTRATO-RZG-DEDIOwner NameStrato Rechenzentrum, BerlinFrom IP85.214.192.0To IP85.214.255.255CIDR85.214.192.0/18AllocatedYesContact NameRIPE contact Dedicated ServerAddressSTRATO AG
Pascalstr. 10
D-10587 Berlin
Germany
Emailripe@strato-rz.deAbuse Emailabuse@strato.deWhois SourceRIPE NCCHost Nameh2147593.stratoserver.netResolved Nameh2147593.stratoserver.net
Order8IP Address64.8.70.102StatusSucceedCountryUSA - ColoradoNetwork NameLVLT-ORG-64-8Owner NameLevel 3 Communications, Inc.From IP64.8.0.0To IP64.8.95.255CIDR64.8.0.0/18, 64.8.64.0/19AllocatedYesContact NameLevel 3 Communications, Inc.Address1025 Eldorado Blvd.
Broomfield
Emailipaddressing@level3.comAbuse Emailsecurity@level3.comWhois SourceARINHost Namehawaiiantel.netResolved Namewebportal.synacor.com
Posted by
Official Employee

Message 4 of 12
10,899 Views

 I'll let them know.

 

Thanks,

 

- Dan




Community Icon
I am an Official Comcast Employee.
Official Employees are from multiple teams within Comcast: Product, Support, Leadership.
We ask that you post publicly so people with similar questions may benefit from the conversation.

Was your question answered? Mark it as an accepted solution!solution Icon
Community Icon
I am an Offical Comcast Employee.
Official Employees are from multiple teams within Comcast.
We ask that you post publicly so people with similar questions may benefit.
Was your question answered? Mark it as an accepted solution!solution Icon
Community Icon
I am a Comcast Employee.
Please post so people with similar questions may benefit.
Was your question answered?
Mark it as a solution!solution Icon
Posted by
Visitor
  • Thank you contributor for your first reply to the community!
 Posting replies is the best way to get involved.

Message 5 of 12
10,661 Views

I received something similar, and it's long.  Part of it is like this:

 

 

From - Wed Jan 28 18:10:10 2015
X-Account-Key: account1
X-UIDL: 604180.a,2GCSpWhLNwlrLvhJeboq8shp4xTCRGJ28yAyqv,50=
X-Mozilla-Status: 0000
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Return-Path: test@intohispeed.com
Received: from reszmta-po-05v.sys.comcast.net (LHLO
reszmta-po-05v.sys.comcast.net) (96.114.154.197) by
resmail-ch2-501v.sys.comcast.net with LMTP; Wed, 28 Jan 2015 19:39:49 +0000
(UTC)
Received: from resimta-po-24v.sys.comcast.net ([96.114.154.155])
by reszmta-po-05v.sys.comcast.net with comcast
id lXek1p00V3MS3yQ01XfoBn; Wed, 28 Jan 2015 19:39:48 +0000
Received: from vps.phetracon.co.uk ([94.76.219.188])
by resimta-po-24v.sys.comcast.net with comcast
id lXfm1p01q44UviN01XfnSX; Wed, 28 Jan 2015 19:39:48 +0000
X-CAA-SPAM: 00000
X-Authority-Analysis: v=2.1 cv=NdRo1gz4 c=1 sm=1 tr=0
a=OFFf+DprU0xnCjOpph7R9g==:117 a=OFFf+DprU0xnCjOpph7R9g==:17 a=MkLz90pSAAAA:8
a=C_IRinGWAAAA:8 a=GGcpBh7Jt_oA:10 a=9cW_t1CCXrUA:10 a=9iGyhAwwAAAA:8
a=AaNzqAuHAAAA:8 a=YNv0rlydsVwA:10 a=r77TgQKjGQsHNAKrUKIA:9 a=9iDbn-4jx3cA:10
a=cKsnjEOsciEA:10 a=gZbpxnkM3yUA:10 a=hKD2aJX_fzNAg90SUnUA:9
a=Ft8UYL4EG9YA:10 a=0j76WyVU1wIA:10 a=0n8IIrT8qlMA:10 a=4IsA2zOlcNAA:10
a=_G526XGYltIA:10 a=rajsCgNhLDo5NTj3sC8A:9 a=_W_S_7VecoQA:10
a=SAUHNy6hz7JygnwNui0A:9 a=IKIoO-ieCDEA:10 a=Sf_gFPzhefAA:10
Received: from [37.151.134.84] (port=60653 helo=static.199.20.243.136.clients.your-server.de)
by vps.phetracon.co.uk with esmtpsa (UNKNOWNHE-RSA-AES256-GCM-SHA384:256)
(Exim 4.82)
(envelope-from <test@intohispeed.com>)
id 1YGYSS-0007aW-F8; Wed, 28 Jan 2015 19:39:28 +0000
Message-ID: <585DEBB8B36749FA26236AD6D29DAE30@tzkfm>
Reply-To: "lo" <suport@axiomist.org>
From: "lo" <test@intohispeed.com>
Subject: You've received a new fax
Date: Wed, 28 Jan 2015 22:39:09 +0300
Organization: c
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_10DF_01D03B4B.3B073B20"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Windows Live Mail 16.4.3528.331
X-MimeOLE: Produced By Microsoft MimeOLE V16.4.3528.331
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - vps.phetracon.co.uk
X-AntiAbuse: Original Domain - comcast.net
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - intohispeed.com
X-Get-Message-Sender-Via: vps.phetracon.co.uk: authenticated_id: test@intohispeed.com

This is a multi-part message in MIME format.


Posted by
Visitor
  • Thank you contributor for your first reply to the community!
 Posting replies is the best way to get involved.

Message 6 of 12
10,074 Views
Someone keeps trying to change my password. I keep getting texts about a password change request but I didn't make any. I did change my password a few days ago through my profile online and have been getting these texts every since. How can I stop the hacking?
Posted by
Contributor

Message 7 of 12
10,033 Views

Hi Joyces74:

I think the password change messages you are getting may be informing you of the password change you did a couple of days ago. You could PM ComcastDaniels or call Comcast, but unless you know for sure, someone has hacked you, such as, hearing from contacts that you sent just a link to something and it was strange, or hearing from Comcast directly that you are sending a massive amount of emails out, I do not think your account has been hacked. It could be just a glitch in notifying you that a password was changed. I got three notifications last week that a user under my account had changed a password. It was perfectly ok as it was my sister and she had forgotten her password-thus, had to change it.

So,  you may not have been hacked-the system is just letting you know a password change was made and it should also tell you when. If it wasn't you, if the date does not match when you changed your password, there is a link where you can let Comcast know, it wasn't you. Hope this helps.

LindaSView

Posted by
Visitor
  • Thank you contributor for your first reply to the community!
 Posting replies is the best way to get involved.

Message 8 of 12
9,803 Views

I recently received an email from the "Billing Department" with a subject of: Action Required: Xfinity Account Notifcation. The body of the email stated: (with the Xfinity logo first)

Important Information Regarding Your Account 

 


Dear Valued XFINITY Customer,

During our regular update and verification of the Comcast Online Services, We were
unable to process your most recent payment. Did you recently change your phone
number or account number ? Keeping your online profile up-to-date is a quick and
easy way to help us contact you with important information about your accounts.
To avoid an interruption of your services or to reactivate suspended service(s),
simply follow the steps below to verify your account. and update your billing
information today.

  1. To Verify your account status simply follow the steps. We take your security
    very seriously

  2. To get started, please click this link Update Your Contact Information. Please
    provide the correct answer to the following question. Xfinity will not be held
    responsible for any errors or omissions. Missing or incorrect information.

We apologize for any inconvenience this may cause and appreciate your assistance
in helping us maintain the integrity of the entire system. Thank you for being
Comcast customer.

Sincerely

Comcast Member Services Team

 

First, the grammar and punctuation is poor, if you read it thoroughly. Second, the link address isn't even Comcast ( // ahlegalsolutions.com/refresh/data/comment/?login?hl=en&co=US&service=draw&var=drawsignup&continu... If you mouse over the "Billing" addy, that comes back as babteddies@sc.rr.com. Of course, I didn't click the link and had a difficult time finding a way to report this to Comcast. I certainly hope you can help and at least make a link to reporting spam of this sort a lot easier in the future.

 

Posted by
Frequent Visitor

Message 9 of 12
9,045 Views

I received some suspicious email today from the same source. Some link was included. Did not click.
JL

 








Return-Path: subscribe@currentconservation.org Received: from reszmta-ch2-01v.sys.comcast.net (LHLO reszmta-ch2-01v.sys.comcast.net) (69.252.207.65) by resmail-po-135v.sys.comcast.net with LMTP; Thu, 7 Jan 2016 19:05:33 +0000 (UTC) Received: from resimta-ch2-07v.sys.comcast.net ([69.252.207.7]) by reszmta-ch2-01v.sys.comcast.net with comcast id 371v1s02U0A6odR0175Ziz; Thu, 07 Jan 2016 19:05:33 +0000 Received: from server.envlaws.org ([192.163.244.207]) by resimta-ch2-07v.sys.comcast.net with comcast id 373Y1s0394VCPSw0173YVP; Thu, 07 Jan 2016 19:03:33 +0000 X-CAA-SPAM: 00000 X-Authority-Analysis: v=2.1 cv=YNliskyx c=1 sm=1 tr=0 a=wMHHO69kTN7Aa7hmnq0HmQ==:117 a=wMHHO69kTN7Aa7hmnq0HmQ==:17 a=p94qOgJEAAAA:8 a=C_IRinGWAAAA:8 a=L9H7d07YOLsA:10 a=9cW_t1CCXrUA:10 a=s5jvgZ67dGcA:10 a=Y1_8Fw2QAAAA:8 a=ayC55rCoAAAA:8 a=9+rZDBEiDlHhcck0kWbJtElFXBc=:19 a=IkcTkHD0fZMA:10 a=7aQ_Q-yQQ-AA:10 a=g0WpMZ27AAAA:20 a=CjxXgO3LAAAA:8 a=BNexLQDlSEcNdBLBS2MA:9 a=QEXdDO2ut3YA:10 a=vsXivbhLMk0A:10 a=_W_S_7VecoQA:10 a=fXcDZKxH-csA:10 a=PpvQEwnPbwYA:10 a=NWVoK91CQyQA:10 Received: from cpe-71-64-4-36.insight.res.rr.com ([71.64.4.36]:52828 helo=bissig) by server.envlaws.org with esmtpsa (TLSv1:DHE-RSA-AES256-SHA:256) (Exim 4.86) (envelope-from <subscribe@currentconservation.org>) id 1aHFqK-0007yY-6v for larocqueman@comcast.net; Thu, 07 Jan 2016 19:03:31 +0000 Date: Thu, 07 Jan 2016 20:03:01 +0100 From: "Patricia J." <subscribe@currentconservation.org> To: <larocqueman@comcast.net> Message-ID: <A7F996B.3D9B07C.FD03F486@bissig> Subject: really? MIME-Version: 1.0 Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - server.envlaws.org X-AntiAbuse: Original Domain - comcast.net X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - currentconservation.org X-Get-Message-Sender-Via: server.envlaws.org: authenticated_id: subscribe@currentconservation.org X-Authenticated-Sender: server.envlaws.org: subscribe@currentconservation.org X-Source: X-Source-Args: X-Source-Dir: <html> <style>orfcarrytulyraq</style> <body topmargin=3D"0" leftmargin=3D"0"> <a href=3D"http://tinyurl.com/izqebl1?v=3Dezfqe"> <img src=3D"http://tinyurl.com/izqebl1?i=3Dezfqe"></a><br><br><br> <div style=3D"position: absolute; width: 10px; height: 10px; z-index: 1; vi= sibility: visible; top:1500" id=3D"=CC=AB=C4=A8=C2=BB=C3=AB=C7=87a=CE=B3=C4= =A8=C5=8D=D0=B4=C7=9E=D0=AA=CF=8D=C4=91=C8=B5=C6=B7~=D0=A1=C3=9A=C3=9E=C8= =B5=C8=93=CF=B5=C6=9F=C6=A3=CA=A4=C9=8F=C5=9A=CD=91=C3=B1=CE=B1=C7=B8=C5=9D= |=CB=BA=CF=9B=C3=B2=CC=80=C8=83=CA=86=CE=88=CB=B5=CC=B3=D0=8C=CF=A1=CB=A1= =C3=A1=CC=BA=CA=BE=C5=A5=C9=AC=C2=84=CD=A5=C8=83=CC=9C=C6=B0=CF=94=CA=B0=CA= =B7=D1=84=C3=82=C8=9D=CF=A3=CA=B0=C5=9A=CB=85=D0=BF=D0=BC=CA=B7=CA=B7=C8=BF= =CE=B0=CC=9E=D0=A1=C3=8B=C3=85=C3=BD=CA=A0=C2=97=D1=8E=C6=A7=C5=89=CD=81=CC= =A6=CF=8D=C5=B7=D0=AC=CF=98=C6=BC=C9=93=CC=9F=CC=91=CD=98=C4=A4=C2=9C=CB=86= =CF=9C=C9=9C=D0=81=D0=A5=CD=8F=CD=9E=CD=A1=D0=BD=CF=85=C4=90=C4=9F=CD=AC=C9= =9B=CC=A5=CD=90=CE=8C=CF=B0=D0=A7=C3=8E=C3=9C=C6=A4=C9=87=D0=9C=C6=B0=C4=91= =C3=A4=CF=BD=C3=99=D1=8C=CB=9D=C7=93=CB=92=C6=9A=C6=97=C6=B8=C6=AF=CB=B2=C3= =8D=D1=9E=CF=86=C4=B7=CC=9B=CA=A7=C4=9A=CC=B1=CD=88=CC=83=CE=8B=D1=90=C9=96= =C2=8D=C7=80=CC=A1=C9=8B=CF=A5=C3=90=CE=8C=C6=BD=C7=8B=C2=B3=C3=94=D0=A0=CE= =80=CD=AB=CD=8B=CB=90=C3=9D=CB=B2=C7=98=CB=9D=D0=B0=C7=A2=CC=AA=CE=98=CF=9A= =CB=A7=CA=B9=C7=A1=C6=A9=CB=A5=C6=81=D0=AE=CF=B6=C7=A8=C9=BE=CD=9C~=CB=8F= =CB=A6=D0=B6=C4=81=C6=B8=C8=A9=C7=86=C6=9C=C4=AA=C6=A9=D1=9E=C3=A7=C8=85=D0= =B9=C5=A4=C7=8E=C8=AA=C5=97=CF=A1=CC=B0=C7=AA=D0=A9=C7=89=C4=B9=D0=B0=C8=BA= =C8=88=C2=80=C5=AD=C7=B1=CD=91=CB=A0=C5=86=C3=95=CE=A5=C8=96=CC=80=C6=82=C2= =A5=D0=9F=C2=A7=C5=AA=C2=99=C5=8F=C4=81=C9=8D=D0=BC=D0=B1=D0=B6=CD=B6=C5=8D= =CC=A2=CC=BC=CA=BB=C7=96=CE=AC=C8=84=C4=B2=D0=BA=CE=A3f=CE=B3=D0=82=D0=82= =C7=8D=CC=92=CD=A4=C6=83=CE=A2=D0=99=C6=97=CC=80=C9=BA=CD=88=C7=99=C6=8C=C7= =BE=D1=8C=CC=BC=C9=90=CE=9E=C4=BF=C4=B4=C8=A7=CF=B5=C6=A5=C3=A2=CB=B9=CB=BA= =C4=A2=CC=9E=CB=98=CB=AC=C7=BD=CD=87=C3=9C=C7=BC=CD=95=CB=8A=CE=BF=CA=B7=CC= =A5=C5=B3=C8=B7=CC=BA=CF=B9=C9=B6=C4=97=CC=94=C9=AD=C8=BC=CC=A4=CF=B9=C9=AA= =C3=AF=CA=B8=C4=AC=D0=A0=C7=84=C4=99=C6=AA=C3=83=CC=8B=CE=96=C4=97=CC=85=CB= =B8=C9=A7=CD=AA=CD=96=C4=AF=C5=82=CD=97=CF=9E=C4=91=C6=BD=CD=BF=D0=B6=C3=89= =CD=A7=C9=9A=C3=AA=C4=95=C6=A4=C3=A0=CA=AF=C7=94=CD=8C=CF=BA=C5=A5=CD=94=D0= =83=C2=AC=CB=8B=D1=99=CD=96=CB=BF=C4=84=C3=AD=C6=9A=CE=AF=C3=8D=C7=AB=CA=85= =C2=99=CD=BB=C5=89=C6=89=CF=A3=C2=B7=CC=A8=CF=B4=C7=A9=CF=BA=CE=9D=C3=89=C7= =AB=C7=86=C4=BD=C9=9C=C5=B7=C2=AAk=C6=AF=CA=97=C7=B3=CD=A1=CE=8F=C2=BB=C8= =B2=CB=BF=CD=AEe=C5=B2=D1=96=CF=BF=C6=97=CC=B6=CB=B4=C6=94=C3=BC=C8=B5=CF= =AD=C8=B7=CF=98=CF=94=C6=AE=CE=8A=CA=B1=CD=A7=C2=81=C9=9F=CA=BB=C4=A8=CF=9F= =D0=96=C8=84=C3=B3y=C6=BA=C9=A4=C3=87=CC=85=C3=9A=CC=A2=CB=BD=CF=89=C8=A9= =C5=A6=D1=86=CB=A8=C7=95=CD=A3=C5=A6=C5=B0=C6=A7=C9=81=C2=B2=CC=9F=C3=9F=CB= =8B=CD=8A=C3=B8=C7=8D=C3=9D=C8=97=C2=8A=C4=AF=C6=8B=CA=83=CF=BB=CD=8E=D0=92= =CB=BB=CB=97=CB=97=C5=BF=CC=A6=CE=9B=C5=BA=CC=A1=CF=A2=C7=BF=C9=84=CE=B0=CC= =83=C8=87=C6=BD=CC=BA=CB=8A=CF=88=CF=81=C7=91=C4=A7=CF=BB=CC=9F=C3=B6=CA=AF= =C5=83=CB=B3=CF=83=C5=9B=C8=BE=C7=83=C7=9C=CC=86=D1=8D=C9=9C=C4=94=CE=A4=CC= =A4=C9=AB=C7=9E=CD=83=C4=90=CB=9A=C9=BA=CF=84=D0=8B=C7=B0=C3=9B=C9=96=CE=82= =CC=A7=CD=9A=C2=B6=CB=A0=C3=8C=D0=9D=C8=A7=C3=A2=CD=99=CD=85=D0=B3=CE=9A=CA= =92=CF=9B=CC=A0=C5=80b=CD=B8=C8=B1=C6=BC=C5=B3=C2=B6=CE=A2=C3=B4=CE=8F=D1= =9Aa=C7=95=C6=B9=C4=BE=CE=8C=C8=A3=C8=8A=CB=BF=C6=AE=CC=81=C5=8D=CD=AC=CE= =B9=C9=80=D1=9A=CA=A9=C7=83g=CC=B3=C8=A6=C6=81=CE=86=C7=A0=C9=84=C2=84=CA= =BB=CC=8A=CB=81=C8=B5=CA=81=D1=99=C7=A7=C6=91=C6=BC=C2=8F=C9=B9=CA=A5=CE=85= =CD=A1=D1=98=CF=89=C6=B5=CC=99=CF=B8=CA=9C=D0=B3=CF=AD=C2=87=C3=83=C3=BE=C4= =9C=C3=97=D1=A0=C3=B9=CF=8E=CC=8F=D1=94=C5=BA=CE=A9=CC=96=D0=B5=CA=91=C4=B3= =CE=BB=D0=8E=C8=98=C7=AA=CA=A4=CF=99=CD=BF=C8=A5=CB=BD=CA=BD=D1=94=C2=A9=CB= =9C=C8=88=C6=95=D0=8A=CD=B6=CF=AB=C6=B6=C7=88=D0=84=C7=B7=CD=B0=CC=A5=CD=B3= =CD=9B=C5=8F=CF=87=C3=8E=CB=9A=C7=BA=C8=92=C9=AC=C2=8F=C5=81=C5=83=CF=99=CD= =A1=C7=A9=C5=8D=CA=85=C9=84=D0=B7t=C4=AE=C4=B4=C4=BD=CA=AA=C8=8F=C7=B2=CB= =A6=CA=AC=CF=86}=C3=83=C3=9C=C4=86=CD=8F=C6=94=CF=9D=CC=81=CD=9D=C6=96=CB= =B1=CA=92=CF=8B=C6=90=C8=92=D0=AE=C5=B3=CA=9B=CF=91=CA=89=C8=94=CA=B4=C3=B2= =D0=87=CD=9A=C8=83=C7=85=CB=A9=C6=92=C3=A8=C5=82=D0=B4=C8=A9=CB=8B=C7=AC=C5= =A0=C7=A9=C6=A0b=C3=86=CB=B4=C8=BD=CF=85=C3=87=C9=BC=C5=9B=CF=8D=C6=BB=C9= =88=C5=AE=C2=AA=CA=A0=C7=A6=C4=A5=C2=9C=7F=CE=B0=CA=BF=CD=91=C2=9D=C6=81=D0= =94=CC=82=C5=A7=C4=B5=CD=9E=CD=8C=C8=9B=C3=A2=C3=8C=C7=8F=C4=B6=CB=97=C3=85= =C2=88=C6=A1=C5=99=CB=BC=C7=AF=CA=9A=C8=98=C8=B8=CB=90=C9=A3=C5=B3=C3=A1=C7= =A9=CE=AD=C5=B0=C9=8A=C5=89=C7=83y=C3=80=C5=A3=CD=B7=CF=97=D1=96=C7=B5=C3= =8D=C7=B0=C9=AE=C2=9B=CD=A9=D1=80=C8=88=C4=B2=C6=B8=C4=99=C3=8A=CF=AD=C3=A1= =C4=9A=C3=93=C4=B9=C5=AAq=CD=80=CD=92=CA=AA=CF=90=CD=BA=C6=A2=C3=B3=C4=B0= =CD=86=C7=9D=C9=BB=D1=88=CE=8A=CB=9E=CC=8F=CB=8C=C7=A0=C4=BE=C9=B6f=CB=9C= =C6=B9=C6=A6=C9=B5=C4=9D=C5=82=CA=A9=CE=88=C4=96=CB=A0=CD=8D=CA=99=C6=9A=CD= =8F=CA=8E=C8=8A=C4=A9=C9=96=C3=84=C9=A0=CF=BD=C7=A9=CA=8D=C3=81=CB=92=CB=BF= =C9=B8=C4=AE=C9=B9=D0=B1=C5=B6=C2=81=D0=9B=C8=98=C8=81=C8=A6=C9=8E=C5=A3=C8= =89=C6=99=CB=99=CA=BA=CE=A3=CE=A3=C5=87=D1=96q=CD=94=C8=AE=C5=9D=CF=8F=CA= =BF=CC=BC=CB=BE=CF=82=CD=B8=D0=87=CD=91=C2=A1=CB=8E=CE=91=C7=AC=CE=81=C7=89= =CA=9C=C9=85=CD=A2=C3=A2=CA=B3=CF=8A=C4=9B=CE=85=C7=B5=CF=82=C8=85=CD=87=CE= =A0=C3=A1=C5=AA=CB=A7=C5=A1=C2=AE=C2=AC=C4=86=C5=9E=CA=95=C8=B5=CA=A6=C3=BF= =C3=8B=CC=A2=C5=A4=C2=80=CB=A6=CE=AE=C5=B5=CC=B8=C8=B8=C9=A0=CD=A2=C2=A6=CF= =AF=C7=B4=C6=83=C9=80=C3=AD=C8=8B=C4=BD=C7=BC=CD=A8=CA=92=CF=BB=C6=9B=C9=81= =C7=B2=CF=AD=CA=B8=C8=A5=C7=BC=C2=83=CE=94f=CE=92=CA=A8=C2=9E=CE=97=C4=96= =C2=BF=CB=85=C7=A9=CE=94=C9=9E=C9=BE=C5=88=CA=AF=CF=8D=CE=94=C4=B5=CD=8C=C4= =BD=C6=B3=C9=A2=C4=80=C7=88=C6=B2=D0=8F=C8=BA=C8=AC=CE=A4=CC=A7=CC=B0=CD=87= =C6=9D=CC=99=CE=8B=D1=92=CD=84x=CB=91=C3=9D=C8=9D=C5=91=CE=96=CA=8E=CA=93= =CD=90=C5=A2=CA=99=C7=88=CE=91=C5=A1=CB=BF=D0=9D=D1=87=C7=8D=CE=86=C2=80=D0= =8F=D0=9C=C9=BBx=CC=92=C7=A9=C4=AA=C3=B2=C7=9D=C2=A3=D0=9A=CF=89=C8=80=CF= =B7=CC=89=C8=97h=CB=BE=C2=AA=CC=BE=C5=BC=D0=A6=C8=A1=C2=B4=CB=BA=CF=A2=C8= =BA=CA=92=CE=90=C8=91m=C3=9C=D0=BA=C8=AF=CE=92=C6=8E=CD=9E=C8=BEd=CD=AB=C6= =A9r=CE=B8=C6=85=C2=A7=CE=9Fy=CE=8B=CC=A5=C9=A3=C5=AA=CB=95=CD=87=C4=93=CA= =9B=D0=B1=C9=A8=C9=A6=CA=A8=C9=AB=CA=B4=CB=A4=CE=B5=C6=9E=CA=87=CC=8C=D0=A9= =CC=BD=C6=84=D1=88=CC=AD=CB=A0=CD=B5=C2=91=C3=A3=CF=90=C3=A6=C3=A2=C9=A7=CD= =91=C6=80=C9=9E"><a href=3D"http://tinyurl.com/izqebl1?ezfqeh"><p>ezfqe<p><= img border=3D"0" src=3D"http://www.yahoo.com" width=3D"7" height=3D"7"></a>= </div> </body> </html>

 

Posted by
Contributor

Message 10 of 12
9,041 Views

Make sure you let Comcast security know. The mime header had a "trace abuse" request so the hosting email server is aware there is a problem. I'll run it through IPNet Info and see what it shows. It appears the server for currentconservation.org was hacked and someone is sending out critters on this address. It went through about six hops, all US based. The security people at Comcast will probably pick up on this. When you include the mime header, it really helps! You are right-do not click on any links.Smiley Wink

LindaSView

Posted by
Visitor
  • Thank you contributor for your first reply to the community!
 Posting replies is the best way to get involved.
  • Congrats on Posting your first topic!

Message 11 of 12
1,425 Views

Hi, is this extension a product of Comcast/Xfinity? the URL is misleading if this is not.

 

xfinityconnectlive.sys.comcast.net    Xfinity Desktop Streamer

 

It's been implied that this is a Phishing scam.

 

Play Store EXT view-source:https://chrome.google.com/webstore/detail/xfinity-desktop-streamer/higifgbolklnpiaddjmmdhmfodikogfi?...

 

I'd like a verification... thanks for your time.   -tom-

Posted by
Frequent Visitor
  • Thank you contributor for your first reply to the community!
 Posting replies is the best way to get involved.
  • Congrats on Posting your first topic!

Message 12 of 12
1,257 Views

I received the following email and believe it to be a scam because the "From" email address appears not to be an XFINITY Comcast email and because my online features have not been suspended, as the scam email says.I have not replied in any form to the email. Thank you.

From: system support <alert@e-mail.net>:

Subject:  Secure Message From Xfinty

XFINITY_Scam Email.png