www.aegiscremationandfuneralservices.com Open in urlscan Pro
172.81.118.86  Malicious Activity! Public Scan

11 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
4 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request index4.php Show response www.aegiscremationandfuneralservices.com/afcubank/AmericaFirstcu/	45 KB 46 KB	115ms 78ms	Document text/html	172.81.118.86 IMH-IAD
General Check archive.org Show headers Download Go to Full URL http://www.aegiscremationandfuneralservices.com/afcubank/AmericaFirstcu/index4.php Protocol HTTP/1.1 Server 172.81.118.86 , United States, ASN54641 (IMH-IAD, US), Reverse DNS vps17646.inmotionhosting.com Software Apache / Resource Hash ffbe87ed3ffbd9a6e056f722a867213432fd6122d14c7e55e3810ff7a3a4ecdc Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 accept-language en-CA,en;q=0.9 Response headers Connection close Content-Type text/html; charset=utf-8 Date Mon, 31 Oct 2022 11:36:40 GMT Server Apache Transfer-Encoding chunked
GET H/1.1	200 OK	app.2c118d38.css www.aegiscremationandfuneralservices.com/afcubank/AmericaFirstcu/	2 KB 3 KB	47ms 24ms	Stylesheet text/css	172.81.118.86 IMH-IAD
General Check archive.org Show headers Download Go to Full URL http://www.aegiscremationandfuneralservices.com/afcubank/AmericaFirstcu/app.2c118d38.css Requested by Host: www.aegiscremationandfuneralservices.com URL: http://www.aegiscremationandfuneralservices.com/afcubank/AmericaFirstcu/index4.php Protocol HTTP/1.1 Server 172.81.118.86 , United States, ASN54641 (IMH-IAD, US), Reverse DNS vps17646.inmotionhosting.com Software Apache / Resource Hash 2e6516550c9211c9bf66c2738ce5ce9710dbb1494381afb26c3123ae171d97d6 Request headers accept-language en-CA,en;q=0.9 Referer http://www.aegiscremationandfuneralservices.com/afcubank/AmericaFirstcu/index4.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers Date Mon, 31 Oct 2022 11:36:40 GMT Last-Modified Mon, 25 Apr 2022 04:53:18 GMT Server Apache Connection close Accept-Ranges bytes Content-Length 2555 Content-Type text/css
GET H/1.1	200 OK	chunk-vendors.f18ab36e.css www.aegiscremationandfuneralservices.com/afcubank/AmericaFirstcu/	703 KB 703 KB	48ms 25ms	Stylesheet text/css	172.81.118.86 IMH-IAD
General Check archive.org Show headers Download Go to Full URL http://www.aegiscremationandfuneralservices.com/afcubank/AmericaFirstcu/chunk-vendors.f18ab36e.css Requested by Host: www.aegiscremationandfuneralservices.com URL: http://www.aegiscremationandfuneralservices.com/afcubank/AmericaFirstcu/index4.php Protocol HTTP/1.1 Server 172.81.118.86 , United States, ASN54641 (IMH-IAD, US), Reverse DNS vps17646.inmotionhosting.com Software Apache / Resource Hash 74030ae7c35e81b3527afff1c008a82891b29fec189acc3aaa4f60da4c6ef201 Request headers accept-language en-CA,en;q=0.9 Referer http://www.aegiscremationandfuneralservices.com/afcubank/AmericaFirstcu/index4.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers Date Mon, 31 Oct 2022 11:36:40 GMT Last-Modified Mon, 25 Apr 2022 04:53:26 GMT Server Apache Connection close Accept-Ranges bytes Content-Length 719479 Content-Type text/css
GET DATA	200 OK	truncated /	3 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 83b34f00b6612015c941c3865d2c047ae5ce567f13530491ac4ed773b13b1bd3 Request headers accept-language en-CA,en;q=0.9 Referer http://www.aegiscremationandfuneralservices.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers Content-Type image/png
GET H/1.1	200	logo-desktop-inverse.a3a99f3a.png secure.americafirst.com/img/	9 KB 9 KB	394ms 81ms	Image image/png	216.51.43.116 XO-AS15
General Check archive.org Show headers Download Go to Show image Full URL https://secure.americafirst.com/img/logo-desktop-inverse.a3a99f3a.png Requested by Host: www.aegiscremationandfuneralservices.com URL: http://www.aegiscremationandfuneralservices.com/afcubank/AmericaFirstcu/index4.php Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_256_CBC Server 216.51.43.116 South Jordan, United States, ASN2828 (XO-AS15, US), Reverse DNS Software Fake Name / Fake Name Resource Hash c9a0078a7b8e70e1437317247095c89510a6c40bdb3bb37a26318133e2c1ab54 Security Headers Name Value Content-Security-Policy frame-ancestors 'self' Strict-Transport-Security max-age=2592000 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers accept-language en-CA,en;q=0.9 Referer http://www.aegiscremationandfuneralservices.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers Date Mon, 31 Oct 2022 11:36:40 GMT Via NS-CACHE-10.0: 155 X-Content-Type-Options nosniff Content-Security-Policy frame-ancestors 'self' Strict-Transport-Security max-age=2592000 Age 1 X-Powered-By Fake Name Connection Keep-Alive Content-Length 8898 X-Xss-Protection 1; mode=block Referrer-Policy STRICT-ORIGIN Last-Modified Fri, 10 Jun 2022 00:57:38 GMT Server Fake Name ETag W/"8898-1654822658000" Expect-CT "enforce,max-age=30" Content-Type image/png Permissions-Policy geolocation=(self "https://FAKE URL.com") Accept-Ranges bytes Keep-Alive timeout=60
GET DATA	200 OK	truncated /	2 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash a6690102b24638424202c679e3c3fafe83bdaa641e40dca06968bcad77f70821 Request headers accept-language en-CA,en;q=0.9 Referer http://www.aegiscremationandfuneralservices.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers Content-Type image/png
GET H/1.1	200 OK	dest5.html Show response americafirstcreditunion.demdex.net/ Frame 910D	7 KB 3 KB	161ms 25ms	Document text/html	18.235.129.68 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://americafirstcreditunion.demdex.net/dest5.html?d_nsid=0 Requested by Host: www.aegiscremationandfuneralservices.com URL: http://www.aegiscremationandfuneralservices.com/afcubank/AmericaFirstcu/index4.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 18.235.129.68 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-18-235-129-68.compute-1.amazonaws.com Software / Resource Hash 7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer http://www.aegiscremationandfuneralservices.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 accept-language en-CA,en;q=0.9 Response headers Accept-Ranges bytes Cache-Control no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private Connection keep-alive Content-Length 2791 Content-Type text/html;charset=UTF-8 DCS dcs-prod-va6-1-v044-0d8119880.edge-va6.demdex.com 0 ms Expires Thu, 01 Jan 1970 00:00:00 UTC P3P policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT" Pragma no-cache Strict-Transport-Security max-age=31536000; includeSubDomains X-TID xG5Oxd/MTvY= content-encoding gzip date Mon, 31 Oct 2022 11:36:40 GMT last-modified Fri, 28 Oct 2022 11:03:31 GMT vary accept-encoding
GET DATA	200 OK	truncated /	3 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash df808b2ea829eac97e99d46d91fa6a005269d58a9dfd57ff40f7084e6f027f7b Request headers accept-language en-CA,en;q=0.9 Referer http://www.aegiscremationandfuneralservices.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	3 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 986dae282bc4d35f7234bbf7c3eafd4b4bb990b89143be1f5c8a8aa4a04ee2b4 Request headers accept-language en-CA,en;q=0.9 Referer http://www.aegiscremationandfuneralservices.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers Content-Type image/png

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: America First Credit Union (Banking)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch object| navigation

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://americafirstcreditunion.demdex.net/dest5.html?d_nsid=0(Line 12) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://secure.americafirst.com') does not match the recipient window's origin ('http://www.aegiscremationandfuneralservices.com').

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

americafirstcreditunion.demdex.net
secure.americafirst.com
www.aegiscremationandfuneralservices.com
172.81.118.86
18.235.129.68
216.51.43.116
2e6516550c9211c9bf66c2738ce5ce9710dbb1494381afb26c3123ae171d97d6
74030ae7c35e81b3527afff1c008a82891b29fec189acc3aaa4f60da4c6ef201
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
83b34f00b6612015c941c3865d2c047ae5ce567f13530491ac4ed773b13b1bd3
986dae282bc4d35f7234bbf7c3eafd4b4bb990b89143be1f5c8a8aa4a04ee2b4
a6690102b24638424202c679e3c3fafe83bdaa641e40dca06968bcad77f70821
c9a0078a7b8e70e1437317247095c89510a6c40bdb3bb37a26318133e2c1ab54
df808b2ea829eac97e99d46d91fa6a005269d58a9dfd57ff40f7084e6f027f7b
ffbe87ed3ffbd9a6e056f722a867213432fd6122d14c7e55e3810ff7a3a4ecdc