verifyamericafirst001.z13.web.core.windows.net Open in urlscan Pro
20.60.7.97  Malicious Activity! Public Scan

9 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
4 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response verifyamericafirst001.z13.web.core.windows.net/	64 KB 64 KB	611ms 140ms	Document text/html	20.60.7.97 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://verifyamericafirst001.z13.web.core.windows.net/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 20.60.7.97 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash 3bb16c6f738fb943f3c20c8098541932965ee7e9d2ac2fb5b789be99a9321b61 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 accept-language fi-FI,fi;q=0.9 Response headers Accept-Ranges bytes Content-Length 65512 Content-MD5 +X/ADDkIeHP+D0mjzT5CHQ== Content-Type text/html Date Mon, 24 Apr 2023 09:44:07 GMT ETag "0x8DB4329EA1A5671" Last-Modified Sat, 22 Apr 2023 12:05:50 GMT Server Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0 x-ms-request-id 9115ed02-101e-0009-6191-76e42e000000 x-ms-version 2018-03-28
GET H2	200	ruxitagentjs_ICA27NQVfghjqrux_10259230221142207.js Show response secure.americafirst.com/	347 KB 127 KB	1151ms 249ms	Script text/javascript	104.18.29.228 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://secure.americafirst.com/ruxitagentjs_ICA27NQVfghjqrux_10259230221142207.js Requested by Host: verifyamericafirst001.z13.web.core.windows.net URL: https://verifyamericafirst001.z13.web.core.windows.net/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.18.29.228 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash bbd02ece7aaca005e3318703e318eaf5dd794fffb2dd432a5c5ba6df9a961997 Security Headers Name Value Strict-Transport-Security max-age=2592000 Request headers accept-language fi-FI,fi;q=0.9 Referer https://verifyamericafirst001.z13.web.core.windows.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Mon, 24 Apr 2023 09:44:09 GMT content-encoding gzip strict-transport-security max-age=2592000 last-modified Wed, 03 Mar 2010 07:01:40 GMT server cloudflare cf-cache-status HIT vary Accept-Encoding content-type text/javascript;charset=utf-8 cache-control public, max-age=31536000 accept-ranges bytes cf-ray 7bcd67f39aad2d6e-ARN content-length 129680 expires Tue, 23 Apr 2024 09:44:09 GMT
GET H2	404	launch-b0a09017373d.min.js secure.americafirst.com//assets.adobedtm.com/1fd1994c08c8/ef4083d7ef24/	0 0	1163ms 261ms	Script text/html	104.18.29.228 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://secure.americafirst.com//assets.adobedtm.com/1fd1994c08c8/ef4083d7ef24/launch-b0a09017373d.min.js Requested by Host: verifyamericafirst001.z13.web.core.windows.net URL: https://verifyamericafirst001.z13.web.core.windows.net/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.18.29.228 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software / Resource Hash Request headers accept-language fi-FI,fi;q=0.9 Referer https://verifyamericafirst001.z13.web.core.windows.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers
GET H2	200	analytics.js Show response www.google-analytics.com/	49 KB 20 KB	204ms 73ms	Script text/javascript	2a00:1450:4001:82f::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/analytics.js Requested by Host: verifyamericafirst001.z13.web.core.windows.net URL: https://verifyamericafirst001.z13.web.core.windows.net/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language fi-FI,fi;q=0.9 Referer https://verifyamericafirst001.z13.web.core.windows.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers strict-transport-security max-age=10886400; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff date Mon, 24 Apr 2023 08:35:44 GMT last-modified Tue, 10 Jan 2023 21:29:14 GMT server Golfe2 age 4105 vary Accept-Encoding content-type text/javascript cache-control public, max-age=7200 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 20085 expires Mon, 24 Apr 2023 10:35:44 GMT
GET H2	200	AppMeasurement.min.js Show response assets.adobedtm.com/extensions/EPbde2f7ca14e540399dcc1f8208860b7b/	33 KB 12 KB	268ms 58ms	Script application/x-javascript	2a02:26f0:480:7b1::1e80 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://assets.adobedtm.com/extensions/EPbde2f7ca14e540399dcc1f8208860b7b/AppMeasurement.min.js Requested by Host: verifyamericafirst001.z13.web.core.windows.net URL: https://verifyamericafirst001.z13.web.core.windows.net/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:480:7b1::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software AkamaiNetStorage / Resource Hash d6b423c91328eec9c218dd8b21ae1e676987d574e5432411a32806e5dd2bde32 Request headers accept-language fi-FI,fi;q=0.9 Referer https://verifyamericafirst001.z13.web.core.windows.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Mon, 24 Apr 2023 09:44:10 GMT content-encoding gzip last-modified Wed, 12 Aug 2020 22:09:52 GMT server AkamaiNetStorage etag "f259ee6445c19c2ce3c64a1b117a4f35:1597270192.577101" vary Accept-Encoding content-type application/x-javascript access-control-allow-origin https://verifyamericafirst001.z13.web.core.windows.net cache-control no-cache accept-ranges bytes timing-allow-origin * content-length 12184 expires Mon, 24 Apr 2023 10:44:10 GMT
GET H2	200	app.e04516b5.js Show response secure.americafirst.com/js/	267 KB 63 KB	957ms 56ms	Script application/javascript	104.18.29.228 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://secure.americafirst.com/js/app.e04516b5.js Requested by Host: verifyamericafirst001.z13.web.core.windows.net URL: https://verifyamericafirst001.z13.web.core.windows.net/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.18.29.228 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 58e0e4e5132641cf25f0e48b5b3ed0d4abdfd71310df220e2d02dd171f17854a Security Headers Name Value Strict-Transport-Security max-age=2592000 Request headers accept-language fi-FI,fi;q=0.9 Referer https://verifyamericafirst001.z13.web.core.windows.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Mon, 24 Apr 2023 09:44:09 GMT strict-transport-security max-age=2592000 content-encoding gzip cf-cache-status HIT last-modified Fri, 14 Oct 2022 03:48:34 GMT server cloudflare age 6396 etag W/"273444-1665719314000" vary Accept-Encoding content-type application/javascript x-oneagent-js-injection true cache-control public, max-age=14400 server-timing dtRpid;desc="1466688898", dtSInfo;desc="0" cf-ray 7bcd67f39ab22d6e-ARN expires Mon, 24 Apr 2023 13:44:09 GMT
GET H2	200	chunk-vendors.fbc9bc66.js Show response secure.americafirst.com/js/	625 KB 191 KB	1002ms 102ms	Script application/javascript	104.18.29.228 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://secure.americafirst.com/js/chunk-vendors.fbc9bc66.js Requested by Host: verifyamericafirst001.z13.web.core.windows.net URL: https://verifyamericafirst001.z13.web.core.windows.net/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.18.29.228 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 34187a38569a802dc332a07845645a1aaf0cf0b404e9f5cfaeff6e63cfc2d4c8 Security Headers Name Value Strict-Transport-Security max-age=2592000 Request headers accept-language fi-FI,fi;q=0.9 Referer https://verifyamericafirst001.z13.web.core.windows.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Mon, 24 Apr 2023 09:44:09 GMT strict-transport-security max-age=2592000 content-encoding gzip cf-cache-status HIT last-modified Fri, 14 Oct 2022 03:48:34 GMT server cloudflare age 6396 etag W/"640320-1665719314000" vary Accept-Encoding content-type application/javascript x-oneagent-js-injection true cache-control public, max-age=14400 server-timing dtRpid;desc="-183582269", dtSInfo;desc="0" cf-ray 7bcd67f39ab32d6e-ARN expires Mon, 24 Apr 2023 13:44:09 GMT
GET H2	200	chunk-vendors.f18ab36e.css secure.americafirst.com/css/	703 KB 105 KB	1174ms 275ms	Stylesheet text/css	104.18.29.228 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://secure.americafirst.com/css/chunk-vendors.f18ab36e.css Requested by Host: verifyamericafirst001.z13.web.core.windows.net URL: https://verifyamericafirst001.z13.web.core.windows.net/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.18.29.228 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 29768c3d57703b64fd76864f8ddd828660f7bdde4f2bf2c39349e831573b8d9e Security Headers Name Value Strict-Transport-Security max-age=2592000 Request headers accept-language fi-FI,fi;q=0.9 Referer https://verifyamericafirst001.z13.web.core.windows.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers cteonnt-length 719475 date Mon, 24 Apr 2023 09:44:09 GMT strict-transport-security max-age=2592000 content-encoding gzip cf-cache-status MISS last-modified Fri, 14 Oct 2022 03:48:34 GMT server cloudflare etag W/"719475-1665719314000" vary Accept-Encoding content-type text/css x-oneagent-js-injection true cache-control public, max-age=14400 server-timing dtRpid;desc="-845501879", dtSInfo;desc="0" cf-ray 7bcd67f39aa92d6e-ARN expires Mon, 24 Apr 2023 13:44:09 GMT
GET H2	200	app.de9aa883.css secure.americafirst.com/css/	3 KB 1 KB	1168ms 269ms	Stylesheet text/css	104.18.29.228 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://secure.americafirst.com/css/app.de9aa883.css Requested by Host: verifyamericafirst001.z13.web.core.windows.net URL: https://verifyamericafirst001.z13.web.core.windows.net/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.18.29.228 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 1bf51ee7d69e1865c9c15685ef1298d59f6ace1d4d09c2fd9f2485a2a1ee6cdb Security Headers Name Value Strict-Transport-Security max-age=2592000 Request headers accept-language fi-FI,fi;q=0.9 Referer https://verifyamericafirst001.z13.web.core.windows.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Mon, 24 Apr 2023 09:44:09 GMT strict-transport-security max-age=2592000 content-encoding gzip cf-cache-status MISS ntcoent-length 2605 x-oneagent-js-injection true server-timing dtRpid;desc="-1406033307", dtSInfo;desc="0" content-length 1028 last-modified Fri, 14 Oct 2022 03:48:34 GMT server cloudflare etag W/"2605-1665719314000" vary Accept-Encoding content-type text/css cache-control public, max-age=14400 accept-ranges bytes cf-ray 7bcd67f39aac2d6e-ARN expires Mon, 24 Apr 2023 13:44:09 GMT
GET H2	200	icon fonts.googleapis.com/	569 B 775 B	235ms 104ms	Stylesheet text/css	2a00:1450:4001:802::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/icon?family=Material+Icons Requested by Host: verifyamericafirst001.z13.web.core.windows.net URL: https://verifyamericafirst001.z13.web.core.windows.net/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 5848fed0499a99763526e2178efc1bec18842259a88cb1cf12600be9ddabbdcd Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language fi-FI,fi;q=0.9 Referer https://verifyamericafirst001.z13.web.core.windows.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers strict-transport-security max-age=31536000 date Mon, 24 Apr 2023 09:44:08 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 0 last-modified Mon, 24 Apr 2023 09:44:08 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Mon, 24 Apr 2023 09:44:08 GMT
GET H2	200	logo-desktop-inverse.a3a99f3a.png secure.americafirst.com/img/	9 KB 9 KB	50ms 50ms	Image image/png	104.18.29.228 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://secure.americafirst.com/img/logo-desktop-inverse.a3a99f3a.png Requested by Host: verifyamericafirst001.z13.web.core.windows.net URL: https://verifyamericafirst001.z13.web.core.windows.net/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.18.29.228 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash c9a0078a7b8e70e1437317247095c89510a6c40bdb3bb37a26318133e2c1ab54 Security Headers Name Value Strict-Transport-Security max-age=2592000 Request headers accept-language fi-FI,fi;q=0.9 Referer https://verifyamericafirst001.z13.web.core.windows.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Mon, 24 Apr 2023 09:44:09 GMT strict-transport-security max-age=2592000 cf-cache-status HIT age 6396 x-oneagent-js-injection true server-timing dtRpid;desc="-1035540807", dtSInfo;desc="0" content-length 8898 last-modified Fri, 14 Oct 2022 03:48:34 GMT server cloudflare etag W/"8898-1665719314000" vary Accept-Encoding content-type image/png cache-control public, max-age=14400 accept-ranges bytes cf-ray 7bcd67f59db72d6e-ARN expires Mon, 24 Apr 2023 13:44:09 GMT
GET H2	200	jquery.min.js Show response ajax.googleapis.com/ajax/libs/jquery/2.2.4/	84 KB 30 KB	191ms 61ms	Script text/javascript	2a00:1450:4001:80b::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js Requested by Host: verifyamericafirst001.z13.web.core.windows.net URL: https://verifyamericafirst001.z13.web.core.windows.net/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language fi-FI,fi;q=0.9 Referer https://verifyamericafirst001.z13.web.core.windows.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Mon, 24 Apr 2023 08:35:00 GMT content-encoding gzip x-content-type-options nosniff age 4149 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 30028 x-xss-protection 0 last-modified Tue, 03 Mar 2020 19:15:00 GMT server sffe cross-origin-opener-policy same-origin; report-to="hosted-libraries-pushers" vary Accept-Encoding report-to {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]} content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=31536000, stale-while-revalidate=2592000 accept-ranges bytes timing-allow-origin * expires Tue, 23 Apr 2024 08:35:00 GMT
GET H/1.1	404 The requested content does not exist.	ruxitagentjs_D_10261230220152234.js verifyamericafirst001.z13.web.core.windows.net/	321 B 629 B	138ms 137ms	Other text/html	20.60.7.97 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://verifyamericafirst001.z13.web.core.windows.net/ruxitagentjs_D_10261230220152234.js Requested by Host: verifyamericafirst001.z13.web.core.windows.net URL: https://verifyamericafirst001.z13.web.core.windows.net/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 20.60.7.97 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash a525acf96907a125a21f69f0152c86846d5887fdbd24ae2d1f01ff92bd4407e3 Request headers accept-language fi-FI,fi;q=0.9 Referer https://verifyamericafirst001.z13.web.core.windows.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers x-ms-request-id 9115f04f-101e-0009-4691-76e42e000000 Date Mon, 24 Apr 2023 09:44:09 GMT x-ms-version 2018-03-28 Server Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0 x-ms-error-code WebContentNotFound Content-Length 321 Content-Type text/html
GET H/1.1	200 OK	d2e56x9ul6ndlib7seb3wevxl.jpg canarytokens.com/	43 B 238 B	536ms 331ms	Image image/gif	52.18.63.80 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://canarytokens.com/d2e56x9ul6ndlib7seb3wevxl.jpg?l=https://verifyamericafirst001.z13.web.core.windows.net/&r= Requested by Host: verifyamericafirst001.z13.web.core.windows.net URL: https://verifyamericafirst001.z13.web.core.windows.net/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 52.18.63.80 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-18-63-80.eu-west-1.compute.amazonaws.com Software nginx / Resource Hash afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277 Request headers accept-language fi-FI,fi;q=0.9 Referer https://verifyamericafirst001.z13.web.core.windows.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers Date Mon, 24 Apr 2023 09:44:10 GMT Content-Encoding gzip Server nginx Connection keep-alive Transfer-Encoding chunked Content-Type image/gif
GET DATA	200 OK	truncated /	3 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 83b34f00b6612015c941c3865d2c047ae5ce567f13530491ac4ed773b13b1bd3 Request headers accept-language fi-FI,fi;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	2 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash a6690102b24638424202c679e3c3fafe83bdaa641e40dca06968bcad77f70821 Request headers accept-language fi-FI,fi;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	3 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash df808b2ea829eac97e99d46d91fa6a005269d58a9dfd57ff40f7084e6f027f7b Request headers accept-language fi-FI,fi;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	3 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 986dae282bc4d35f7234bbf7c3eafd4b4bb990b89143be1f5c8a8aa4a04ee2b4 Request headers accept-language fi-FI,fi;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers Content-Type image/png
GET H/1.1	404 The requested content does not exist.	ruxitagentjs_D_10261230220152234.js verifyamericafirst001.z13.web.core.windows.net/	0 0	140ms 139ms	Script text/html	20.60.7.97 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://verifyamericafirst001.z13.web.core.windows.net/ruxitagentjs_D_10261230220152234.js Requested by Host: secure.americafirst.com URL: https://secure.americafirst.com/ruxitagentjs_ICA27NQVfghjqrux_10259230221142207.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 20.60.7.97 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash Request headers Referer https://verifyamericafirst001.z13.web.core.windows.net/ Origin https://verifyamericafirst001.z13.web.core.windows.net accept-language fi-FI,fi;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers x-ms-request-id 9115f0ba-101e-0009-2891-76e42e000000 Date Mon, 24 Apr 2023 09:44:09 GMT x-ms-version 2018-03-28 Server Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0 x-ms-error-code WebContentNotFound Content-Length 321 Content-Type text/html
POST H/1.1	405 The resource doesn't support specified Http Verb.	rb_91ff799f-0e75-4cb9-8377-13f2f674d3ac Show response verifyamericafirst001.z13.web.core.windows.net/	335 B 673 B	136ms 136ms	XHR text/html	20.60.7.97 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://verifyamericafirst001.z13.web.core.windows.net/rb_91ff799f-0e75-4cb9-8377-13f2f674d3ac?type=js3&sn=v_4_srv_-2D33_sn_5R5F3F6HBONTRICIHKI912P9B3ELUPVK&svrid=-33&flavor=post&vi=FTLVTQRFKRKMHMOWJUMJRCMFDFOTTVCM-0&modifiedSince=1678982412430&rf=https%3A%2F%2Fverifyamericafirst001.z13.web.core.windows.net%2F&bp=3&app=ec967b149da485d6&crc=163666113&en=ztho6o9v&end=1 Requested by Host: secure.americafirst.com URL: https://secure.americafirst.com/ruxitagentjs_ICA27NQVfghjqrux_10259230221142207.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 20.60.7.97 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash 22ef398076992be07623862dc605e19b591f02b9d424a817c7a46941768d6a4c Request headers Referer https://verifyamericafirst001.z13.web.core.windows.net/ accept-language fi-FI,fi;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers Date Mon, 24 Apr 2023 09:44:10 GMT Server Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0 x-ms-error-code UnsupportedHttpVerb Allow GET,HEAD Content-Type text/html x-ms-request-id 9115f418-101e-0009-2391-76e42e000000 x-ms-version 2018-03-28 Content-Length 335
POST H/1.1	405 The resource doesn't support specified Http Verb.	rb_91ff799f-0e75-4cb9-8377-13f2f674d3ac Show response verifyamericafirst001.z13.web.core.windows.net/	335 B 673 B	136ms 135ms	XHR text/html	20.60.7.97 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://verifyamericafirst001.z13.web.core.windows.net/rb_91ff799f-0e75-4cb9-8377-13f2f674d3ac?type=js3&sn=v_4_srv_-2D33_sn_5R5F3F6HBONTRICIHKI912P9B3ELUPVK&svrid=-33&flavor=post&vi=FTLVTQRFKRKMHMOWJUMJRCMFDFOTTVCM-0&modifiedSince=1678982412430&rf=https%3A%2F%2Fverifyamericafirst001.z13.web.core.windows.net%2F&bp=3&app=ec967b149da485d6&crc=211637216&en=ztho6o9v&end=1 Requested by Host: secure.americafirst.com URL: https://secure.americafirst.com/ruxitagentjs_ICA27NQVfghjqrux_10259230221142207.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 20.60.7.97 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash 540e4a8539900fa466bbe11e54a03b853f47887050a4843a0b2dcf29216ff486 Request headers Referer https://verifyamericafirst001.z13.web.core.windows.net/ accept-language fi-FI,fi;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers Date Mon, 24 Apr 2023 09:44:12 GMT Server Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0 x-ms-error-code UnsupportedHttpVerb Allow GET,HEAD Content-Type text/html x-ms-request-id 9115f9ef-101e-0009-4491-76e42e000000 x-ms-version 2018-03-28 Content-Length 335

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: America First Credit Union (Banking)

21 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| dT_ object| dtrum object| dynatrace string| r object| m string| u string| a string| urlx string| urlw object| google_tag_data function| ga object| gaplugins function| $ string| land number| count function| AppMeasurement function| s_gi function| s_pgicq number| s_objectID number| s_giq

7 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.windows.net/	1969-12-31 23:59:59	Name: dtCookie Value: v_4_srv_-2D33_sn_5R5F3F6HBONTRICIHKI912P9B3ELUPVK
			.americafirst.com/	1970-01-20 11:18:51	Name: __cf_bm Value: ZpaEHskO_E5jkhzSDXBWz_Ujn8Bo2ooa9rwDiYQYpV8-1682329449-0-AdDzcCK3gfZJzZLRTVwEpCTmf4/3wRSIb/eXxzyOtQHcP1tl5fTEGNcTvAd/BpMCQqQgRCcMgaBr3qS9PpQmyRw=
			.windows.net/	1970-01-20 20:54:49	Name: rxVisitor Value: 1682329449796I9I86A9G5QVRB490UURF9SL3LM4VU40N
			.windows.net/	1969-12-31 23:59:59	Name: dtLatC Value: 236
			.windows.net/	1969-12-31 23:59:59	Name: dtSa Value: -
			.windows.net/	1969-12-31 23:59:59	Name: rxvt Value: 1682331250382|1682329449798
			.windows.net/	1969-12-31 23:59:59	Name: dtPC Value: -33$529449794_584h-vFTLVTQRFKRKMHMOWJUMJRCMFDFOTTVCM-0e0

6 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://secure.americafirst.com//assets.adobedtm.com/1fd1994c08c8/ef4083d7ef24/launch-b0a09017373d.min.js Message: Failed to load resource: the server responded with a status of 404 ()
security	warning	URL: https://verifyamericafirst001.z13.web.core.windows.net/ Message: Mixed Content: The page at 'https://verifyamericafirst001.z13.web.core.windows.net/' was loaded over HTTPS, but requested an insecure element 'http://canarytokens.com/d2e56x9ul6ndlib7seb3wevxl.jpg?l=https://verifyamericafirst001.z13.web.core.windows.net/&r='. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
network	error	URL: https://verifyamericafirst001.z13.web.core.windows.net/ruxitagentjs_D_10261230220152234.js Message: Failed to load resource: the server responded with a status of 404 (The requested content does not exist.)
network	error	URL: https://verifyamericafirst001.z13.web.core.windows.net/ruxitagentjs_D_10261230220152234.js Message: Failed to load resource: the server responded with a status of 404 (The requested content does not exist.)
network	error	URL: https://verifyamericafirst001.z13.web.core.windows.net/rb_91ff799f-0e75-4cb9-8377-13f2f674d3ac?type=js3&sn=v_4_srv_-2D33_sn_5R5F3F6HBONTRICIHKI912P9B3ELUPVK&svrid=-33&flavor=post&vi=FTLVTQRFKRKMHMOWJUMJRCMFDFOTTVCM-0&modifiedSince=1678982412430&rf=https%3A%2F%2Fverifyamericafirst001.z13.web.core.windows.net%2F&bp=3&app=ec967b149da485d6&crc=163666113&en=ztho6o9v&end=1 Message: Failed to load resource: the server responded with a status of 405 (The resource doesn't support specified Http Verb.)
network	error	URL: https://verifyamericafirst001.z13.web.core.windows.net/rb_91ff799f-0e75-4cb9-8377-13f2f674d3ac?type=js3&sn=v_4_srv_-2D33_sn_5R5F3F6HBONTRICIHKI912P9B3ELUPVK&svrid=-33&flavor=post&vi=FTLVTQRFKRKMHMOWJUMJRCMFDFOTTVCM-0&modifiedSince=1678982412430&rf=https%3A%2F%2Fverifyamericafirst001.z13.web.core.windows.net%2F&bp=3&app=ec967b149da485d6&crc=211637216&en=ztho6o9v&end=1 Message: Failed to load resource: the server responded with a status of 405 (The resource doesn't support specified Http Verb.)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
assets.adobedtm.com
canarytokens.com
fonts.googleapis.com
secure.americafirst.com
verifyamericafirst001.z13.web.core.windows.net
www.google-analytics.com
104.18.29.228
20.60.7.97
2a00:1450:4001:802::200a
2a00:1450:4001:80b::200a
2a00:1450:4001:82f::200e
2a02:26f0:480:7b1::1e80
52.18.63.80
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
1bf51ee7d69e1865c9c15685ef1298d59f6ace1d4d09c2fd9f2485a2a1ee6cdb
22ef398076992be07623862dc605e19b591f02b9d424a817c7a46941768d6a4c
29768c3d57703b64fd76864f8ddd828660f7bdde4f2bf2c39349e831573b8d9e
34187a38569a802dc332a07845645a1aaf0cf0b404e9f5cfaeff6e63cfc2d4c8
3bb16c6f738fb943f3c20c8098541932965ee7e9d2ac2fb5b789be99a9321b61
540e4a8539900fa466bbe11e54a03b853f47887050a4843a0b2dcf29216ff486
5848fed0499a99763526e2178efc1bec18842259a88cb1cf12600be9ddabbdcd
58e0e4e5132641cf25f0e48b5b3ed0d4abdfd71310df220e2d02dd171f17854a
5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de
83b34f00b6612015c941c3865d2c047ae5ce567f13530491ac4ed773b13b1bd3
986dae282bc4d35f7234bbf7c3eafd4b4bb990b89143be1f5c8a8aa4a04ee2b4
a525acf96907a125a21f69f0152c86846d5887fdbd24ae2d1f01ff92bd4407e3
a6690102b24638424202c679e3c3fafe83bdaa641e40dca06968bcad77f70821
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
bbd02ece7aaca005e3318703e318eaf5dd794fffb2dd432a5c5ba6df9a961997
c9a0078a7b8e70e1437317247095c89510a6c40bdb3bb37a26318133e2c1ab54
d6b423c91328eec9c218dd8b21ae1e676987d574e5432411a32806e5dd2bde32
df808b2ea829eac97e99d46d91fa6a005269d58a9dfd57ff40f7084e6f027f7b