exprezssender.duckdns.org
Open in
urlscan Pro
18.118.144.53
Malicious Activity!
Public Scan
Submission: On May 22 via automatic, source openphish — Scanned from DE
Summary
This is the only time exprezssender.duckdns.org was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: America First Credit Union (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 18.118.144.53 18.118.144.53 | 16509 (AMAZON-02) (AMAZON-02) | |
5 | 104.18.29.228 104.18.29.228 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
7 | 3 |
ASN16509 (AMAZON-02, US)
PTR: ec2-18-118-144-53.us-east-2.compute.amazonaws.com
exprezssender.duckdns.org |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
americafirst.com
secure.americafirst.com — Cisco Umbrella Rank: 323152 |
9 KB |
1 |
duckdns.org
exprezssender.duckdns.org |
45 KB |
0 |
Failed
function sub() { [native code] }. Failed |
|
7 | 3 |
Domain | Requested by | |
---|---|---|
5 | secure.americafirst.com |
exprezssender.duckdns.org
|
1 | exprezssender.duckdns.org | |
0 | mhtml.blink Failed |
exprezssender.duckdns.org
|
7 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.americafirst.com |
secure.americafirst.com |
portal.hud.gov |
www.ncua.gov |
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2023-04-11 - 2024-04-10 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
http://exprezssender.duckdns.org/amfcu/login.php
Frame ID: C5631E73646DD5D7ACF1C1CCBA62C856
Requests: 10 HTTP requests in this frame
Frame:
cid://frame-0840CEFE714112C19EA673722D93481E@mhtml.blink
Frame ID: C947011F39EDC64E2F227CF23625F7CB
Requests: 1 HTTP requests in this frame
11 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Title: Enroll Now
Search URL Search Domain Scan URL
Title: Forgot Password
Search URL Search Domain Scan URL
Title: Contact Us
Search URL Search Domain Scan URL
Title: terms
Search URL Search Domain Scan URL
Title: branch locator
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: Privacy Policy
Search URL Search Domain Scan URL
Title: Email Opt Out Procedure
Search URL Search Domain Scan URL
Title: Fraud Alert Text/SMS Notification Terms and Conditions
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
7 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
login.php
exprezssender.duckdns.org/amfcu/ |
44 KB 45 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app.2c118d38.css
secure.americafirst.com/css/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
chunk-vendors.f18ab36e.css
secure.americafirst.com/css/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app.a5c51a1f.js
secure.americafirst.com/js/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
chunk-vendors.8038b66b.js
secure.americafirst.com/js/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo-desktop-inverse.a3a99f3a.png
secure.americafirst.com/img/ |
9 KB 9 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
frame-0840CEFE714112C19EA673722D93481E@mhtml.blink
/ Frame C947 |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- mhtml.blink
- URL
- cid:frame-0840CEFE714112C19EA673722D93481E@mhtml.blink
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: America First Credit Union (Banking)2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 boolean| credentialless1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.americafirst.com/ | Name: __cf_bm Value: 0bEfWmD9tL.osrOBTZ8LbmthFeOS5cgMZoFYJoHUI_g-1684772995-0-AXnnUEzFcwBIbLLTUGumRP+7cXTpvsGFA29QSpDqggcCmm7PO8sqw7unXLzwjish+MGm+GNb/IkEny2w1kMfBt4= |
6 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
exprezssender.duckdns.org
mhtml.blink
secure.americafirst.com
mhtml.blink
104.18.29.228
18.118.144.53
3b3fd6091cd6fb0974fd64532cbe53013d2be1f5aa81642a13792af2529e9ff1
83b34f00b6612015c941c3865d2c047ae5ce567f13530491ac4ed773b13b1bd3
986dae282bc4d35f7234bbf7c3eafd4b4bb990b89143be1f5c8a8aa4a04ee2b4
a6690102b24638424202c679e3c3fafe83bdaa641e40dca06968bcad77f70821
c9a0078a7b8e70e1437317247095c89510a6c40bdb3bb37a26318133e2c1ab54
df808b2ea829eac97e99d46d91fa6a005269d58a9dfd57ff40f7084e6f027f7b