exprezssender.duckdns.org Open in urlscan Pro
18.118.144.53  Malicious Activity! Public Scan

11 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
4 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request login.php Show response exprezssender.duckdns.org/amfcu/	44 KB 45 KB	349ms 138ms	Document text/html	18.118.144.53 AMAZON-02
General Check archive.org Show headers Download Go to Full URL http://exprezssender.duckdns.org/amfcu/login.php Protocol HTTP/1.1 Server 18.118.144.53 Columbus, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-18-118-144-53.us-east-2.compute.amazonaws.com Software Apache / Resource Hash 3b3fd6091cd6fb0974fd64532cbe53013d2be1f5aa81642a13792af2529e9ff1 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Connection Keep-Alive Content-Type text/html; charset=UTF-8 Date Mon, 22 May 2023 16:29:55 GMT Keep-Alive timeout=5, max=100 Server Apache Transfer-Encoding chunked
GET H2	404	app.2c118d38.css secure.americafirst.com/css/	0 0	249ms 204ms	Stylesheet text/html	104.18.29.228 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://secure.americafirst.com/css/app.2c118d38.css Requested by Host: exprezssender.duckdns.org URL: http://exprezssender.duckdns.org/amfcu/login.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.18.29.228 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software / Resource Hash Request headers accept-language de-DE,de;q=0.9 Referer http://exprezssender.duckdns.org/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers
GET H2	404	chunk-vendors.f18ab36e.css secure.americafirst.com/css/	0 0	251ms 207ms	Stylesheet text/html	104.18.29.228 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://secure.americafirst.com/css/chunk-vendors.f18ab36e.css Requested by Host: exprezssender.duckdns.org URL: http://exprezssender.duckdns.org/amfcu/login.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.18.29.228 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software / Resource Hash Request headers accept-language de-DE,de;q=0.9 Referer http://exprezssender.duckdns.org/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers
GET H2	404	app.a5c51a1f.js secure.americafirst.com/js/	0 0	257ms 213ms	Script text/html	104.18.29.228 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://secure.americafirst.com/js/app.a5c51a1f.js Requested by Host: exprezssender.duckdns.org URL: http://exprezssender.duckdns.org/amfcu/login.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.18.29.228 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software / Resource Hash Request headers accept-language de-DE,de;q=0.9 Referer http://exprezssender.duckdns.org/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers
GET H2	404	chunk-vendors.8038b66b.js secure.americafirst.com/js/	0 0	255ms 211ms	Script text/html	104.18.29.228 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://secure.americafirst.com/js/chunk-vendors.8038b66b.js Requested by Host: exprezssender.duckdns.org URL: http://exprezssender.duckdns.org/amfcu/login.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.18.29.228 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software / Resource Hash Request headers accept-language de-DE,de;q=0.9 Referer http://exprezssender.duckdns.org/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers
GET DATA	200 OK	truncated /	3 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 83b34f00b6612015c941c3865d2c047ae5ce567f13530491ac4ed773b13b1bd3 Request headers accept-language de-DE,de;q=0.9 Referer http://exprezssender.duckdns.org/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers Content-Type image/png
GET H2	200	logo-desktop-inverse.a3a99f3a.png secure.americafirst.com/img/	9 KB 9 KB	28ms 28ms	Image image/png	104.18.29.228 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://secure.americafirst.com/img/logo-desktop-inverse.a3a99f3a.png Requested by Host: exprezssender.duckdns.org URL: http://exprezssender.duckdns.org/amfcu/login.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.18.29.228 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash c9a0078a7b8e70e1437317247095c89510a6c40bdb3bb37a26318133e2c1ab54 Security Headers Name Value Strict-Transport-Security max-age=2592000 Request headers accept-language de-DE,de;q=0.9 Referer http://exprezssender.duckdns.org/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Mon, 22 May 2023 16:29:55 GMT strict-transport-security max-age=2592000 cf-cache-status HIT age 2198 x-oneagent-js-injection true server-timing dtRpid;desc="1764985807", dtSInfo;desc="0" content-length 8898 last-modified Thu, 06 Apr 2023 19:51:12 GMT server cloudflare etag W/"8898-1680810672000" vary Accept-Encoding content-type image/png cache-control public, max-age=14400 accept-ranges bytes cf-ray 7cb670d52c7337cc-FRA expires Mon, 22 May 2023 20:29:55 GMT
GET DATA	200 OK	truncated /	2 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash a6690102b24638424202c679e3c3fafe83bdaa641e40dca06968bcad77f70821 Request headers accept-language de-DE,de;q=0.9 Referer http://exprezssender.duckdns.org/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	3 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash df808b2ea829eac97e99d46d91fa6a005269d58a9dfd57ff40f7084e6f027f7b Request headers accept-language de-DE,de;q=0.9 Referer http://exprezssender.duckdns.org/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers Content-Type image/png
GET		frame-0840CEFE714112C19EA673722D93481E@mhtml.blink / Frame C947	0 0
GET DATA	200 OK	truncated /	3 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 986dae282bc4d35f7234bbf7c3eafd4b4bb990b89143be1f5c8a8aa4a04ee2b4 Request headers accept-language de-DE,de;q=0.9 Referer http://exprezssender.duckdns.org/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers Content-Type image/png

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

mhtml.blink

URL

cid:frame-0840CEFE714112C19EA673722D93481E@mhtml.blink

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: America First Credit Union (Banking)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 boolean| credentialless

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.americafirst.com/	1970-01-20 11:59:34	Name: __cf_bm Value: 0bEfWmD9tL.osrOBTZ8LbmthFeOS5cgMZoFYJoHUI_g-1684772995-0-AXnnUEzFcwBIbLLTUGumRP+7cXTpvsGFA29QSpDqggcCmm7PO8sqw7unXLzwjish+MGm+GNb/IkEny2w1kMfBt4=

6 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://secure.americafirst.com/css/app.2c118d38.css Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://secure.americafirst.com/css/chunk-vendors.f18ab36e.css Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://secure.americafirst.com/js/chunk-vendors.8038b66b.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://secure.americafirst.com/js/app.a5c51a1f.js Message: Failed to load resource: the server responded with a status of 404 ()
javascript	warning	URL: http://exprezssender.duckdns.org/amfcu/login.php Message: The resource https://secure.americafirst.com/js/app.a5c51a1f.js was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: http://exprezssender.duckdns.org/amfcu/login.php Message: The resource https://secure.americafirst.com/js/chunk-vendors.8038b66b.js was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

exprezssender.duckdns.org
mhtml.blink
secure.americafirst.com
mhtml.blink
104.18.29.228
18.118.144.53
3b3fd6091cd6fb0974fd64532cbe53013d2be1f5aa81642a13792af2529e9ff1
83b34f00b6612015c941c3865d2c047ae5ce567f13530491ac4ed773b13b1bd3
986dae282bc4d35f7234bbf7c3eafd4b4bb990b89143be1f5c8a8aa4a04ee2b4
a6690102b24638424202c679e3c3fafe83bdaa641e40dca06968bcad77f70821
c9a0078a7b8e70e1437317247095c89510a6c40bdb3bb37a26318133e2c1ab54
df808b2ea829eac97e99d46d91fa6a005269d58a9dfd57ff40f7084e6f027f7b