verifyamericafirst001.z13.web.core.windows.net
Open in
urlscan Pro
20.60.7.97
Malicious Activity!
Public Scan
Submission Tags: https://phish.report @phish_report Search All
Submission: On April 24 via api from FI — Scanned from FI
Summary
TLS certificate: Issued by Microsoft RSA TLS CA 02 on March 23rd 2023. Valid for: a year.
This is the only time verifyamericafirst001.z13.web.core.windows.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: America First Credit Union (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
5 | 20.60.7.97 20.60.7.97 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
7 | 104.18.29.228 104.18.29.228 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a00:1450:400... 2a00:1450:4001:82f::200e | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a02:26f0:480... 2a02:26f0:480:7b1::1e80 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 | 2a00:1450:400... 2a00:1450:4001:802::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:4001:80b::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 52.18.63.80 52.18.63.80 | 16509 (AMAZON-02) (AMAZON-02) | |
17 | 8 |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
verifyamericafirst001.z13.web.core.windows.net |
ASN15169 (GOOGLE, US)
www.google-analytics.com |
ASN20940 (AKAMAI-ASN1, NL)
assets.adobedtm.com |
ASN16509 (AMAZON-02, US)
PTR: ec2-52-18-63-80.eu-west-1.compute.amazonaws.com
canarytokens.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
americafirst.com
secure.americafirst.com — Cisco Umbrella Rank: 436330 |
497 KB |
5 |
windows.net
verifyamericafirst001.z13.web.core.windows.net |
66 KB |
2 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 119 ajax.googleapis.com — Cisco Umbrella Rank: 607 |
31 KB |
1 |
canarytokens.com
canarytokens.com — Cisco Umbrella Rank: 500262 |
238 B |
1 |
adobedtm.com
assets.adobedtm.com — Cisco Umbrella Rank: 430 |
12 KB |
1 |
google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 91 |
20 KB |
17 | 6 |
Domain | Requested by | |
---|---|---|
7 | secure.americafirst.com |
verifyamericafirst001.z13.web.core.windows.net
|
5 | verifyamericafirst001.z13.web.core.windows.net |
verifyamericafirst001.z13.web.core.windows.net
secure.americafirst.com |
1 | canarytokens.com |
verifyamericafirst001.z13.web.core.windows.net
|
1 | ajax.googleapis.com |
verifyamericafirst001.z13.web.core.windows.net
|
1 | fonts.googleapis.com |
verifyamericafirst001.z13.web.core.windows.net
|
1 | assets.adobedtm.com |
verifyamericafirst001.z13.web.core.windows.net
|
1 | www.google-analytics.com |
verifyamericafirst001.z13.web.core.windows.net
|
17 | 7 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.americafirst.com |
portal.hud.gov |
www.ncua.gov |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.web.core.windows.net Microsoft RSA TLS CA 02 |
2023-03-23 - 2024-03-23 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2023-04-11 - 2024-04-10 |
a year | crt.sh |
*.google-analytics.com GTS CA 1C3 |
2023-04-03 - 2023-06-26 |
3 months | crt.sh |
assets.adobedtm.com DigiCert TLS RSA SHA256 2020 CA1 |
2022-07-19 - 2023-08-19 |
a year | crt.sh |
upload.video.google.com GTS CA 1C3 |
2023-04-03 - 2023-06-26 |
3 months | crt.sh |
canarytokens.org R3 |
2023-03-17 - 2023-06-15 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://verifyamericafirst001.z13.web.core.windows.net/
Frame ID: 284D5356883EAF041B4E15E6E6F98926
Requests: 21 HTTP requests in this frame
Screenshot
Page Title
America First Credit UnionDetected technologies
Google Analytics (Analytics) ExpandDetected patterns
- google-analytics\.com/(?:ga|urchin|analytics)\.js
jQuery (JavaScript Libraries) Expand
Detected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
9 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Title: terms
Search URL Search Domain Scan URL
Title: branch locator
Search URL Search Domain Scan URL
Title: contact us
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: Privacy Policy
Search URL Search Domain Scan URL
Title: Email Opt Out Procedure
Search URL Search Domain Scan URL
Title: Fraud Alert Text/SMS Notification Terms and Conditions
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
17 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
verifyamericafirst001.z13.web.core.windows.net/ |
64 KB 64 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ruxitagentjs_ICA27NQVfghjqrux_10259230221142207.js
secure.americafirst.com/ |
347 KB 127 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
launch-b0a09017373d.min.js
secure.americafirst.com//assets.adobedtm.com/1fd1994c08c8/ef4083d7ef24/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytics.js
www.google-analytics.com/ |
49 KB 20 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
AppMeasurement.min.js
assets.adobedtm.com/extensions/EPbde2f7ca14e540399dcc1f8208860b7b/ |
33 KB 12 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app.e04516b5.js
secure.americafirst.com/js/ |
267 KB 63 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
chunk-vendors.fbc9bc66.js
secure.americafirst.com/js/ |
625 KB 191 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
chunk-vendors.f18ab36e.css
secure.americafirst.com/css/ |
703 KB 105 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app.de9aa883.css
secure.americafirst.com/css/ |
3 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon
fonts.googleapis.com/ |
569 B 775 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo-desktop-inverse.a3a99f3a.png
secure.americafirst.com/img/ |
9 KB 9 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/2.2.4/ |
84 KB 30 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ruxitagentjs_D_10261230220152234.js
verifyamericafirst001.z13.web.core.windows.net/ |
321 B 629 B |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
d2e56x9ul6ndlib7seb3wevxl.jpg
canarytokens.com/ |
43 B 238 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ruxitagentjs_D_10261230220152234.js
verifyamericafirst001.z13.web.core.windows.net/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
rb_91ff799f-0e75-4cb9-8377-13f2f674d3ac
verifyamericafirst001.z13.web.core.windows.net/ |
335 B 673 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
rb_91ff799f-0e75-4cb9-8377-13f2f674d3ac
verifyamericafirst001.z13.web.core.windows.net/ |
335 B 673 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: America First Credit Union (Banking)21 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless object| dT_ object| dtrum object| dynatrace string| r object| m string| u string| a string| urlx string| urlw object| google_tag_data function| ga object| gaplugins function| $ string| land number| count function| AppMeasurement function| s_gi function| s_pgicq number| s_objectID number| s_giq7 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.windows.net/ | Name: dtCookie Value: v_4_srv_-2D33_sn_5R5F3F6HBONTRICIHKI912P9B3ELUPVK |
|
.americafirst.com/ | Name: __cf_bm Value: ZpaEHskO_E5jkhzSDXBWz_Ujn8Bo2ooa9rwDiYQYpV8-1682329449-0-AdDzcCK3gfZJzZLRTVwEpCTmf4/3wRSIb/eXxzyOtQHcP1tl5fTEGNcTvAd/BpMCQqQgRCcMgaBr3qS9PpQmyRw= |
|
.windows.net/ | Name: rxVisitor Value: 1682329449796I9I86A9G5QVRB490UURF9SL3LM4VU40N |
|
.windows.net/ | Name: dtLatC Value: 236 |
|
.windows.net/ | Name: dtSa Value: - |
|
.windows.net/ | Name: rxvt Value: 1682331250382|1682329449798 |
|
.windows.net/ | Name: dtPC Value: -33$529449794_584h-vFTLVTQRFKRKMHMOWJUMJRCMFDFOTTVCM-0e0 |
6 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
assets.adobedtm.com
canarytokens.com
fonts.googleapis.com
secure.americafirst.com
verifyamericafirst001.z13.web.core.windows.net
www.google-analytics.com
104.18.29.228
20.60.7.97
2a00:1450:4001:802::200a
2a00:1450:4001:80b::200a
2a00:1450:4001:82f::200e
2a02:26f0:480:7b1::1e80
52.18.63.80
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
1bf51ee7d69e1865c9c15685ef1298d59f6ace1d4d09c2fd9f2485a2a1ee6cdb
22ef398076992be07623862dc605e19b591f02b9d424a817c7a46941768d6a4c
29768c3d57703b64fd76864f8ddd828660f7bdde4f2bf2c39349e831573b8d9e
34187a38569a802dc332a07845645a1aaf0cf0b404e9f5cfaeff6e63cfc2d4c8
3bb16c6f738fb943f3c20c8098541932965ee7e9d2ac2fb5b789be99a9321b61
540e4a8539900fa466bbe11e54a03b853f47887050a4843a0b2dcf29216ff486
5848fed0499a99763526e2178efc1bec18842259a88cb1cf12600be9ddabbdcd
58e0e4e5132641cf25f0e48b5b3ed0d4abdfd71310df220e2d02dd171f17854a
5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de
83b34f00b6612015c941c3865d2c047ae5ce567f13530491ac4ed773b13b1bd3
986dae282bc4d35f7234bbf7c3eafd4b4bb990b89143be1f5c8a8aa4a04ee2b4
a525acf96907a125a21f69f0152c86846d5887fdbd24ae2d1f01ff92bd4407e3
a6690102b24638424202c679e3c3fafe83bdaa641e40dca06968bcad77f70821
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
bbd02ece7aaca005e3318703e318eaf5dd794fffb2dd432a5c5ba6df9a961997
c9a0078a7b8e70e1437317247095c89510a6c40bdb3bb37a26318133e2c1ab54
d6b423c91328eec9c218dd8b21ae1e676987d574e5432411a32806e5dd2bde32
df808b2ea829eac97e99d46d91fa6a005269d58a9dfd57ff40f7084e6f027f7b