amfiirst.org Open in urlscan Pro
185.114.245.123 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://amfiirst.org/Authentication
Effective URL:
https://amfiirst.org/Authentication/
Submission Tags: @ecarlesi threat phishing Search All
Submission: On November 10 via api (November 10th 2024, 2:07:48 am UTC) from IT — Scanned from IT

Summary HTTP 26 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 4 domains to perform 26 HTTP transactions. The main IP is 185.114.245.123, located in St Petersburg, Russian Federation and belongs to TIMEWEB-AS, RU. The main domain is amfiirst.org.
TLS certificate: Issued by R11 on November 9th 2024. Valid for: 3 months.

This is the only time amfiirst.org was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: America's First Federal Credit Union (Financial)

Domain & IP information

	IP Address	AS Autonomous System
1 23	185.114.245.123 185.114.245.123	9123 (TIMEWEB-AS) (TIMEWEB-AS)
1	151.101.194.137 151.101.194.137	54113 (FASTLY) (FASTLY)
1	18.245.35.58 18.245.35.58	16509 (AMAZON-02) (AMAZON-02)
26	4

23 185.114.245.123 (St Petersburg, Russian Federation) 1 redirects

ASN9123 (TIMEWEB-AS, RU)
PTR: vh426.timeweb.ru

amfiirst.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.194.137 (San Francisco, United States)

ASN54113 (FASTLY, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.245.35.58 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-245-35-58.fra56.r.cloudfront.net

js.pusher.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
23	amfiirst.org 1 redirects amfiirst.org	1 MB
1	pusher.com js.pusher.com — Cisco Umbrella Rank: 18763	19 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 791	30 KB
0	github.io Failed bigcoke233.github.io Failed
26	4

	Domain	Requested by
23	amfiirst.org	1 redirects amfiirst.org
1	js.pusher.com	amfiirst.org
1	code.jquery.com	amfiirst.org
0	bigcoke233.github.io Failed	amfiirst.org
26	4

This site contains no links.

Subject Issuer	Validity	Valid
amfiirst.org R11	`2024-11-09` - `2025-02-07`	3 months	crt.sh
*.jquery.com Sectigo ECC Domain Validation Secure Server CA	`2024-06-25` - `2025-06-25`	a year	crt.sh
js.pusher.com Amazon RSA 2048 M03	`2024-03-13` - `2025-04-10`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://amfiirst.org/Authentication/
Frame ID: 656127B7687FFB3EA3F72A364E4166D6
Requests: 26 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

AmFirst

Page URL History Show full URLs

http://amfiirst.org/Authentication HTTP 307
https://amfiirst.org/Authentication HTTP 301
http://amfiirst.org/Authentication/ HTTP 307
https://amfiirst.org/Authentication/ Page URL

Detected technologies

ZURB Foundation (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]+foundation[^>"]+css

Vue.js (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

<[^>]+\sdata-v(?:ue)?-

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

26
Requests

92 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

1293 kB
Transfer

2388 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://amfiirst.org/Authentication HTTP 307
https://amfiirst.org/Authentication HTTP 301
http://amfiirst.org/Authentication/ HTTP 307
https://amfiirst.org/Authentication/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

26 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response amfiirst.org/Authentication/ Redirect Chain http://amfiirst.org/Authentication https://amfiirst.org/Authentication http://amfiirst.org/Authentication/ https://amfiirst.org/Authentication/	24 KB 5 KB	98ms 97ms	Document text/html	185.114.245.123 TIMEWEB-AS
General Check archive.org Show headers Download Go to Full URL https://amfiirst.org/Authentication/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 185.114.245.123 St Petersburg, Russian Federation, ASN9123 (TIMEWEB-AS, RU), Reverse DNS vh426.timeweb.ru Software nginx/1.26.1 / Resource Hash `a1d700ca68ce39889883d9670b67345dd1eb0af73c2bb792d3ad9d99da594a17` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Response headers content-encoding gzip content-type text/html; charset=utf-8 date Sun, 10 Nov 2024 02:07:43 GMT etag W/"61fd-60ae68592a500" last-modified Fri, 24 Nov 2023 14:11:00 GMT server nginx/1.26.1 vary Accept-Encoding Redirect headers Location https://amfiirst.org/Authentication/ Non-Authoritative-Reason HttpsUpgrades
GET H2	200	yui-reset.min.css amfiirst.org/css/	793 B 971 B	90ms 87ms	Stylesheet text/css	185.114.245.123 TIMEWEB-AS
General Check archive.org Show headers Download Go to Full URL https://amfiirst.org/css/yui-reset.min.css Requested by Host: amfiirst.org URL: https://amfiirst.org/Authentication/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 185.114.245.123 St Petersburg, Russian Federation, ASN9123 (TIMEWEB-AS, RU), Reverse DNS vh426.timeweb.ru Software nginx/1.26.1 / Resource Hash `590fcd2ea2a3de691c86ecf564fff1fcb0982271cf723ae4d6e2453c9e6f5434` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://amfiirst.org/Authentication/ Response headers cache-control max-age=31536000 etag "656089e2-319" expires Mon, 10 Nov 2025 02:07:43 GMT accept-ranges bytes content-length 793 date Sun, 10 Nov 2024 02:07:43 GMT content-type text/css last-modified Fri, 24 Nov 2023 11:32:50 GMT server nginx/1.26.1
GET H2	200	jquery-ui.min.css amfiirst.org/css/	31 KB 8 KB	92ms 89ms	Stylesheet text/css	185.114.245.123 TIMEWEB-AS
General Check archive.org Show headers Download Go to Full URL https://amfiirst.org/css/jquery-ui.min.css Requested by Host: amfiirst.org URL: https://amfiirst.org/Authentication/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 185.114.245.123 St Petersburg, Russian Federation, ASN9123 (TIMEWEB-AS, RU), Reverse DNS vh426.timeweb.ru Software nginx/1.26.1 / Resource Hash `75d3513cd72651dab00071d36b00c1546142fa141167f7fc770af9bce061028e` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://amfiirst.org/Authentication/ Response headers cache-control max-age=31536000 content-encoding gzip etag W/"656089e2-7a5a" expires Mon, 10 Nov 2025 02:07:43 GMT date Sun, 10 Nov 2024 02:07:43 GMT content-type text/css last-modified Fri, 24 Nov 2023 11:32:50 GMT server nginx/1.26.1 vary Accept-Encoding
GET H2	200	jquery.daterangepicker.min.css amfiirst.org/css/	3 KB 1000 B	93ms 91ms	Stylesheet text/css	185.114.245.123 TIMEWEB-AS
General Check archive.org Show headers Download Go to Full URL https://amfiirst.org/css/jquery.daterangepicker.min.css Requested by Host: amfiirst.org URL: https://amfiirst.org/Authentication/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 185.114.245.123 St Petersburg, Russian Federation, ASN9123 (TIMEWEB-AS, RU), Reverse DNS vh426.timeweb.ru Software nginx/1.26.1 / Resource Hash `ab9c55dea4e2d8b7e988cb51b7f82d7dda04336a90e7b9400ac417198590077b` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://amfiirst.org/Authentication/ Response headers cache-control max-age=31536000 content-encoding gzip etag W/"656089e2-a4d" expires Mon, 10 Nov 2025 02:07:43 GMT date Sun, 10 Nov 2024 02:07:43 GMT content-type text/css last-modified Fri, 24 Nov 2023 11:32:50 GMT server nginx/1.26.1 vary Accept-Encoding
GET H2	200	ext-all.min.css amfiirst.org/css/	123 KB 17 KB	154ms 151ms	Stylesheet text/css	185.114.245.123 TIMEWEB-AS
General Check archive.org Show headers Download Go to Full URL https://amfiirst.org/css/ext-all.min.css Requested by Host: amfiirst.org URL: https://amfiirst.org/Authentication/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 185.114.245.123 St Petersburg, Russian Federation, ASN9123 (TIMEWEB-AS, RU), Reverse DNS vh426.timeweb.ru Software nginx/1.26.1 / Resource Hash `fe6518a82d150e495968afb508b00fd52328ff1329056b3524acf12051fb543a` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://amfiirst.org/Authentication/ Response headers cache-control max-age=31536000 content-encoding gzip etag W/"656089e2-1ecc2" expires Mon, 10 Nov 2025 02:07:43 GMT date Sun, 10 Nov 2024 02:07:43 GMT content-type text/css last-modified Fri, 24 Nov 2023 11:32:50 GMT server nginx/1.26.1 vary Accept-Encoding
GET H2	200	base.min.css amfiirst.org/css/	197 KB 32 KB	211ms 208ms	Stylesheet text/css	185.114.245.123 TIMEWEB-AS
General Check archive.org Show headers Download Go to Full URL https://amfiirst.org/css/base.min.css Requested by Host: amfiirst.org URL: https://amfiirst.org/Authentication/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 185.114.245.123 St Petersburg, Russian Federation, ASN9123 (TIMEWEB-AS, RU), Reverse DNS vh426.timeweb.ru Software nginx/1.26.1 / Resource Hash `17b7f6b4aa751e6a66b4fdeaf596f48c2e153b8552d63f89e48726992169025d` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://amfiirst.org/Authentication/ Response headers cache-control max-age=31536000 content-encoding gzip etag W/"656089e2-313c1" expires Mon, 10 Nov 2025 02:07:43 GMT date Sun, 10 Nov 2024 02:07:43 GMT content-type text/css last-modified Fri, 24 Nov 2023 11:32:50 GMT server nginx/1.26.1 vary Accept-Encoding
GET H2	200	grid.min.css amfiirst.org/css/	6 KB 2 KB	229ms 226ms	Stylesheet text/css	185.114.245.123 TIMEWEB-AS
General Check archive.org Show headers Download Go to Full URL https://amfiirst.org/css/grid.min.css Requested by Host: amfiirst.org URL: https://amfiirst.org/Authentication/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 185.114.245.123 St Petersburg, Russian Federation, ASN9123 (TIMEWEB-AS, RU), Reverse DNS vh426.timeweb.ru Software nginx/1.26.1 / Resource Hash `7b0c166ec17b75456e72c3b4ac8e4adf76dd6d13c965f25c26f74587a9b6ef35` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://amfiirst.org/Authentication/ Response headers cache-control max-age=31536000 content-encoding gzip etag W/"656089e2-1862" expires Mon, 10 Nov 2025 02:07:43 GMT date Sun, 10 Nov 2024 02:07:43 GMT content-type text/css last-modified Fri, 24 Nov 2023 11:32:50 GMT server nginx/1.26.1 vary Accept-Encoding
GET H2	200	sidebar.min.css amfiirst.org/css/	3 KB 1 KB	230ms 227ms	Stylesheet text/css	185.114.245.123 TIMEWEB-AS
General Check archive.org Show headers Download Go to Full URL https://amfiirst.org/css/sidebar.min.css Requested by Host: amfiirst.org URL: https://amfiirst.org/Authentication/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 185.114.245.123 St Petersburg, Russian Federation, ASN9123 (TIMEWEB-AS, RU), Reverse DNS vh426.timeweb.ru Software nginx/1.26.1 / Resource Hash `4ce72ae45e1aafaa5cd4cc684c0000459c6d154c31450aad92bbd51a34107c93` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://amfiirst.org/Authentication/ Response headers cache-control max-age=31536000 content-encoding gzip etag W/"656089e2-ac2" expires Mon, 10 Nov 2025 02:07:43 GMT date Sun, 10 Nov 2024 02:07:43 GMT content-type text/css last-modified Fri, 24 Nov 2023 11:32:50 GMT server nginx/1.26.1 vary Accept-Encoding
GET H2	200	iris.shim.desktop.min.css amfiirst.org/css/	673 B 851 B	230ms 227ms	Stylesheet text/css	185.114.245.123 TIMEWEB-AS
General Check archive.org Show headers Download Go to Full URL https://amfiirst.org/css/iris.shim.desktop.min.css Requested by Host: amfiirst.org URL: https://amfiirst.org/Authentication/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 185.114.245.123 St Petersburg, Russian Federation, ASN9123 (TIMEWEB-AS, RU), Reverse DNS vh426.timeweb.ru Software nginx/1.26.1 / Resource Hash `59f12ecd0c381fee3367ffac176a581a966727684a5ce94390b4390b2fc06ca4` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://amfiirst.org/Authentication/ Response headers cache-control max-age=31536000 etag "656089e2-2a1" expires Mon, 10 Nov 2025 02:07:43 GMT accept-ranges bytes content-length 673 date Sun, 10 Nov 2024 02:07:43 GMT content-type text/css last-modified Fri, 24 Nov 2023 11:32:50 GMT server nginx/1.26.1
GET H2	200	iris.min.css amfiirst.org/css/	105 KB 14 KB	230ms 228ms	Stylesheet text/css	185.114.245.123 TIMEWEB-AS
General Check archive.org Show headers Download Go to Full URL https://amfiirst.org/css/iris.min.css Requested by Host: amfiirst.org URL: https://amfiirst.org/Authentication/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 185.114.245.123 St Petersburg, Russian Federation, ASN9123 (TIMEWEB-AS, RU), Reverse DNS vh426.timeweb.ru Software nginx/1.26.1 / Resource Hash `1c543b56837786677f63e55f292b29997fb823a403d900069e5868f69d1bbef5` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://amfiirst.org/Authentication/ Response headers cache-control max-age=31536000 content-encoding gzip etag W/"656089e4-1a2b8" expires Mon, 10 Nov 2025 02:07:43 GMT date Sun, 10 Nov 2024 02:07:43 GMT content-type text/css last-modified Fri, 24 Nov 2023 11:32:52 GMT server nginx/1.26.1 vary Accept-Encoding
GET H2	200	iris-foundation.min.css amfiirst.org/css/	50 KB 7 KB	230ms 228ms	Stylesheet text/css	185.114.245.123 TIMEWEB-AS
General Check archive.org Show headers Download Go to Full URL https://amfiirst.org/css/iris-foundation.min.css Requested by Host: amfiirst.org URL: https://amfiirst.org/Authentication/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 185.114.245.123 St Petersburg, Russian Federation, ASN9123 (TIMEWEB-AS, RU), Reverse DNS vh426.timeweb.ru Software nginx/1.26.1 / Resource Hash `037e5f8a4d2ef765d97f6c14e087cab4f8f27a1ac2a6a7584793b1a76a08fb8f` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://amfiirst.org/Authentication/ Response headers cache-control max-age=31536000 content-encoding gzip etag W/"656089e4-c86e" expires Mon, 10 Nov 2025 02:07:43 GMT date Sun, 10 Nov 2024 02:07:43 GMT content-type text/css last-modified Fri, 24 Nov 2023 11:32:52 GMT server nginx/1.26.1 vary Accept-Encoding
GET H2	200	iris-components.shim.desktop.min.css amfiirst.org/css/	1 KB 757 B	230ms 228ms	Stylesheet text/css	185.114.245.123 TIMEWEB-AS
General Check archive.org Show headers Download Go to Full URL https://amfiirst.org/css/iris-components.shim.desktop.min.css Requested by Host: amfiirst.org URL: https://amfiirst.org/Authentication/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 185.114.245.123 St Petersburg, Russian Federation, ASN9123 (TIMEWEB-AS, RU), Reverse DNS vh426.timeweb.ru Software nginx/1.26.1 / Resource Hash `7005f69e2e4e579a7101c909c9ab97e112754aa1fd908f4507a324a1dc7af0ad` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://amfiirst.org/Authentication/ Response headers cache-control max-age=31536000 content-encoding gzip etag W/"656089e4-506" expires Mon, 10 Nov 2025 02:07:43 GMT date Sun, 10 Nov 2024 02:07:43 GMT content-type text/css last-modified Fri, 24 Nov 2023 11:32:52 GMT server nginx/1.26.1 vary Accept-Encoding
GET H2	404	iris-foundation.min(1).css amfiirst.org/css/	0 0	233ms 231ms	Stylesheet text/html	185.114.245.123 TIMEWEB-AS
General Check archive.org Show headers Download Go to Full URL https://amfiirst.org/css/iris-foundation.min(1).css Requested by Host: amfiirst.org URL: https://amfiirst.org/Authentication/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 185.114.245.123 St Petersburg, Russian Federation, ASN9123 (TIMEWEB-AS, RU), Reverse DNS vh426.timeweb.ru Software nginx/1.26.1 / Resource Hash Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://amfiirst.org/Authentication/ Response headers content-length 196 date Sun, 10 Nov 2024 02:07:43 GMT content-type text/html; charset=iso-8859-1 server nginx/1.26.1
GET H2	200	iris-components.min.css amfiirst.org/css/	355 KB 46 KB	230ms 228ms	Stylesheet text/css	185.114.245.123 TIMEWEB-AS
General Check archive.org Show headers Download Go to Full URL https://amfiirst.org/css/iris-components.min.css Requested by Host: amfiirst.org URL: https://amfiirst.org/Authentication/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 185.114.245.123 St Petersburg, Russian Federation, ASN9123 (TIMEWEB-AS, RU), Reverse DNS vh426.timeweb.ru Software nginx/1.26.1 / Resource Hash `4821c46c55bbe77216e5001ae95378f918498da7c50608e904abcf63a855a640` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://amfiirst.org/Authentication/ Response headers cache-control max-age=31536000 content-encoding gzip etag W/"656089e4-58cd4" expires Mon, 10 Nov 2025 02:07:43 GMT date Sun, 10 Nov 2024 02:07:43 GMT content-type text/css last-modified Fri, 24 Nov 2023 11:32:52 GMT server nginx/1.26.1 vary Accept-Encoding
GET H2	200	isotope.min.css amfiirst.org/css/	24 KB 4 KB	234ms 232ms	Stylesheet text/css	185.114.245.123 TIMEWEB-AS
General Check archive.org Show headers Download Go to Full URL https://amfiirst.org/css/isotope.min.css Requested by Host: amfiirst.org URL: https://amfiirst.org/Authentication/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 185.114.245.123 St Petersburg, Russian Federation, ASN9123 (TIMEWEB-AS, RU), Reverse DNS vh426.timeweb.ru Software nginx/1.26.1 / Resource Hash `a0997cde42801229b38c9da4b670536722add4fdf3614686ad894cd6c50a1eb2` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://amfiirst.org/Authentication/ Response headers cache-control max-age=31536000 content-encoding gzip etag W/"656089e4-6045" expires Mon, 10 Nov 2025 02:07:43 GMT date Sun, 10 Nov 2024 02:07:43 GMT content-type text/css last-modified Fri, 24 Nov 2023 11:32:52 GMT server nginx/1.26.1 vary Accept-Encoding
GET H2	200	font-icons.css amfiirst.org/css/	120 KB 8 KB	234ms 232ms	Stylesheet text/css	185.114.245.123 TIMEWEB-AS
General Check archive.org Show headers Download Go to Full URL https://amfiirst.org/css/font-icons.css Requested by Host: amfiirst.org URL: https://amfiirst.org/Authentication/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 185.114.245.123 St Petersburg, Russian Federation, ASN9123 (TIMEWEB-AS, RU), Reverse DNS vh426.timeweb.ru Software nginx/1.26.1 / Resource Hash `b25e2e9de5f01056f1d82b6e8b116ef1977263cd062e5a07e1231e54f9bf7f2e` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://amfiirst.org/Authentication/ Response headers cache-control max-age=31536000 content-encoding gzip etag W/"656089e2-1e13a" expires Mon, 10 Nov 2025 02:07:43 GMT date Sun, 10 Nov 2024 02:07:43 GMT content-type text/css last-modified Fri, 24 Nov 2023 11:32:50 GMT server nginx/1.26.1 vary Accept-Encoding
GET H2	200	theme.desktop.min.css amfiirst.org/css/	56 KB 9 KB	231ms 230ms	Stylesheet text/css	185.114.245.123 TIMEWEB-AS
General Check archive.org Show headers Download Go to Full URL https://amfiirst.org/css/theme.desktop.min.css Requested by Host: amfiirst.org URL: https://amfiirst.org/Authentication/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 185.114.245.123 St Petersburg, Russian Federation, ASN9123 (TIMEWEB-AS, RU), Reverse DNS vh426.timeweb.ru Software nginx/1.26.1 / Resource Hash `47ba5e2c0a2dd920484b3961eb77f57ac3c95f4fe2649006039a5ac9c434d47f` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://amfiirst.org/Authentication/ Response headers cache-control max-age=31536000 content-encoding gzip etag W/"656089e4-e064" expires Mon, 10 Nov 2025 02:07:43 GMT date Sun, 10 Nov 2024 02:07:43 GMT content-type text/css last-modified Fri, 24 Nov 2023 11:32:52 GMT server nginx/1.26.1 vary Accept-Encoding
GET H2	200	fi.desktop.min.css amfiirst.org/css/	51 KB 10 KB	231ms 230ms	Stylesheet text/css	185.114.245.123 TIMEWEB-AS
General Check archive.org Show headers Download Go to Full URL https://amfiirst.org/css/fi.desktop.min.css Requested by Host: amfiirst.org URL: https://amfiirst.org/Authentication/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 185.114.245.123 St Petersburg, Russian Federation, ASN9123 (TIMEWEB-AS, RU), Reverse DNS vh426.timeweb.ru Software nginx/1.26.1 / Resource Hash `707e10face0d3d64d053845a4d00e20039d177b92f9ad20b7995fe463046e8ff` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://amfiirst.org/Authentication/ Response headers cache-control max-age=31536000 content-encoding gzip etag W/"656089e6-ccb4" expires Mon, 10 Nov 2025 02:07:43 GMT date Sun, 10 Nov 2024 02:07:43 GMT content-type text/css last-modified Fri, 24 Nov 2023 11:32:54 GMT server nginx/1.26.1 vary Accept-Encoding
GET H2	200	Logo.png amfiirst.org/css/	1 MB 1 MB	232ms 231ms	Image image/png	185.114.245.123 TIMEWEB-AS
General Check archive.org Show headers Download Go to Show image Full URL https://amfiirst.org/css/Logo.png Requested by Host: amfiirst.org URL: https://amfiirst.org/Authentication/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 185.114.245.123 St Petersburg, Russian Federation, ASN9123 (TIMEWEB-AS, RU), Reverse DNS vh426.timeweb.ru Software nginx/1.26.1 / Resource Hash `45e597939bbae1b35678935906d9ed5fc5e6bf095c030297eeca42b7484e7c29` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://amfiirst.org/Authentication/ Response headers cache-control max-age=31536000 etag "656089e6-100000" expires Mon, 10 Nov 2025 02:07:43 GMT accept-ranges bytes content-length 1048576 date Sun, 10 Nov 2024 02:07:43 GMT content-type image/png last-modified Fri, 24 Nov 2023 11:32:54 GMT server nginx/1.26.1
GET H2	200	jquery-3.7.0.min.js Show response code.jquery.com/	85 KB 30 KB	466ms 32ms	Script application/javascript	151.101.194.137 FASTLY
General Check archive.org Show headers Download Go to Full URL https://code.jquery.com/jquery-3.7.0.min.js Requested by Host: amfiirst.org URL: https://amfiirst.org/Authentication/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.194.137 San Francisco, United States, ASN54113 (FASTLY, US), Reverse DNS Software nginx / Resource Hash `d8f9afbf492e4c139e9d2bcb9ba6ef7c14921eb509fb703bc7a3f911b774eff8` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://amfiirst.org/ Response headers content-encoding gzip etag W/"28feccc0-155a6" age 8713013 x-cache HIT, HIT date Sun, 10 Nov 2024 02:07:43 GMT content-type application/javascript; charset=utf-8 vary Accept-Encoding x-cache-hits 14581, 30446 last-modified Fri, 18 Oct 1991 12:00:00 GMT x-served-by cache-lga21977-LGA, cache-mxp6931-MXP cache-control public, max-age=31536000, stale-while-revalidate=604800 x-timer S1731204464.734293,VS0,VE0 via 1.1 varnish, 1.1 varnish accept-ranges bytes access-control-allow-origin * content-length 30308 server nginx
GET H2	200	pusher.min.js Show response js.pusher.com/7.2/	69 KB 19 KB	248ms 68ms	Script application/javascript	18.245.35.58 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.pusher.com/7.2/pusher.min.js Requested by Host: amfiirst.org URL: https://amfiirst.org/Authentication/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.245.35.58 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-245-35-58.fra56.r.cloudfront.net Software AmazonS3 / Resource Hash `b39f0b274992d4d7c19b5ce5b56e9020dd1666ad1ee7fc4a378d26679efc6029` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://amfiirst.org/ Response headers cache-control max-age=2592000 content-encoding gzip etag W/"99f7f95a02d32c6b8587afa7e7440d3f" age 1825140 access-control-allow-methods GET, HEAD via 1.1 a96420fb093cd21d1dea3700ef4d43ca.cloudfront.net (CloudFront) access-control-allow-origin * x-cache Hit from cloudfront x-amz-cf-id xPEaSBNwgA93HxlAszMf_-S9hJbJxrXqV2JKFs13g-xds4dyisVJ0A== date Sat, 19 Oct 2024 23:08:44 GMT content-type application/javascript last-modified Fri, 15 Jul 2022 13:45:32 GMT server AmazonS3 x-amz-cf-pop FRA56-P8 vary Accept-Encoding
GET		toaster.js bigcoke233.github.io/toaster.js/	0 0

GET		toaster.css bigcoke233.github.io/toaster.js/	0 0

GET H2	200	print.min.css amfiirst.org/css/	8 KB 2 KB	208ms 208ms	Stylesheet text/css	185.114.245.123 TIMEWEB-AS
General Check archive.org Show headers Download Go to Full URL https://amfiirst.org/css/print.min.css Requested by Host: amfiirst.org URL: https://amfiirst.org/Authentication/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 185.114.245.123 St Petersburg, Russian Federation, ASN9123 (TIMEWEB-AS, RU), Reverse DNS vh426.timeweb.ru Software nginx/1.26.1 / Resource Hash `e8dd85575a3b0e42bdcc47774096e2d43a1917bcaa69966bce1de6289a268ea3` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://amfiirst.org/Authentication/ Response headers cache-control max-age=31536000 content-encoding gzip etag W/"656089e2-1e07" expires Mon, 10 Nov 2025 02:07:43 GMT date Sun, 10 Nov 2024 02:07:43 GMT content-type text/css last-modified Fri, 24 Nov 2023 11:32:50 GMT server nginx/1.26.1 vary Accept-Encoding
GET H2	200	Alkami.woff2 amfiirst.org/css/	52 KB 52 KB	180ms 179ms	Font application/font-woff2	185.114.245.123 TIMEWEB-AS
General Check archive.org Show headers Download Go to Full URL https://amfiirst.org/css/Alkami.woff2 Requested by Host: amfiirst.org URL: https://amfiirst.org/css/font-icons.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 185.114.245.123 St Petersburg, Russian Federation, ASN9123 (TIMEWEB-AS, RU), Reverse DNS vh426.timeweb.ru Software nginx/1.26.1 / Resource Hash `f5f4b674046a09ea54af03379ce0e2a5b3eb3bbe4bdec81d8e3068c5b43fcf28` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Origin https://amfiirst.org Referer https://amfiirst.org/css/font-icons.css Response headers cache-control max-age=31536000 etag "6488ce66-ce08" expires Mon, 10 Nov 2025 02:07:43 GMT accept-ranges bytes content-length 52744 date Sun, 10 Nov 2024 02:07:43 GMT content-type application/font-woff2 last-modified Tue, 13 Jun 2023 20:15:34 GMT server nginx/1.26.1
GET H2	404	favicon.png amfiirst.org/	196 B 278 B	93ms 92ms	Other text/html	185.114.245.123 TIMEWEB-AS
General Check archive.org Show headers Download Go to Full URL https://amfiirst.org/favicon.png Protocol H2 Security TLS 1.3, , AES_256_GCM Server 185.114.245.123 St Petersburg, Russian Federation, ASN9123 (TIMEWEB-AS, RU), Reverse DNS vh426.timeweb.ru Software nginx/1.26.1 / Resource Hash `80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://amfiirst.org/Authentication/ Response headers content-length 196 date Sun, 10 Nov 2024 02:07:44 GMT content-type text/html; charset=iso-8859-1 server nginx/1.26.1

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: bigcoke233.github.io
URL: https://bigcoke233.github.io/toaster.js/toaster.js

Domain: bigcoke233.github.io
URL: https://bigcoke233.github.io/toaster.js/toaster.css

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: America's First Federal Credit Union (Financial)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery function| Pusher

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://amfiirst.org/css/iris-foundation.min(1).css Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://amfiirst.org/favicon.png Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

amfiirst.org
bigcoke233.github.io
code.jquery.com
js.pusher.com
bigcoke233.github.io
151.101.194.137
18.245.35.58
185.114.245.123
037e5f8a4d2ef765d97f6c14e087cab4f8f27a1ac2a6a7584793b1a76a08fb8f
17b7f6b4aa751e6a66b4fdeaf596f48c2e153b8552d63f89e48726992169025d
1c543b56837786677f63e55f292b29997fb823a403d900069e5868f69d1bbef5
45e597939bbae1b35678935906d9ed5fc5e6bf095c030297eeca42b7484e7c29
47ba5e2c0a2dd920484b3961eb77f57ac3c95f4fe2649006039a5ac9c434d47f
4821c46c55bbe77216e5001ae95378f918498da7c50608e904abcf63a855a640
4ce72ae45e1aafaa5cd4cc684c0000459c6d154c31450aad92bbd51a34107c93
590fcd2ea2a3de691c86ecf564fff1fcb0982271cf723ae4d6e2453c9e6f5434
59f12ecd0c381fee3367ffac176a581a966727684a5ce94390b4390b2fc06ca4
7005f69e2e4e579a7101c909c9ab97e112754aa1fd908f4507a324a1dc7af0ad
707e10face0d3d64d053845a4d00e20039d177b92f9ad20b7995fe463046e8ff
75d3513cd72651dab00071d36b00c1546142fa141167f7fc770af9bce061028e
7b0c166ec17b75456e72c3b4ac8e4adf76dd6d13c965f25c26f74587a9b6ef35
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
a0997cde42801229b38c9da4b670536722add4fdf3614686ad894cd6c50a1eb2
a1d700ca68ce39889883d9670b67345dd1eb0af73c2bb792d3ad9d99da594a17
ab9c55dea4e2d8b7e988cb51b7f82d7dda04336a90e7b9400ac417198590077b
b25e2e9de5f01056f1d82b6e8b116ef1977263cd062e5a07e1231e54f9bf7f2e
b39f0b274992d4d7c19b5ce5b56e9020dd1666ad1ee7fc4a378d26679efc6029
d8f9afbf492e4c139e9d2bcb9ba6ef7c14921eb509fb703bc7a3f911b774eff8
e8dd85575a3b0e42bdcc47774096e2d43a1917bcaa69966bce1de6289a268ea3
f5f4b674046a09ea54af03379ce0e2a5b3eb3bbe4bdec81d8e3068c5b43fcf28
fe6518a82d150e495968afb508b00fd52328ff1329056b3524acf12051fb543a

amfiirst.org Open in urlscan Pro 185.114.245.123 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

26 Requests

92 %HTTPS

0 %IPv6

4 Domains

4 Subdomains

4 IPs

2 Countries

1293 kBTransfer

2388 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

26 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

0 Cookies

2 Console Messages

Indicators

amfiirst.org Open in urlscan Pro
185.114.245.123 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

26
Requests

92 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

1293 kB
Transfer

2388 kB
Size

0
Cookies

26 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!