myfiveotravel.top
Open in
urlscan Pro
2606:4700:30::681b:9e7c
Malicious Activity!
Public Scan
Submission: On July 04 via automatic, source openphish
Summary
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on July 1st 2019. Valid for: a year.
This is the only time myfiveotravel.top was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: First BanCorp (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
4 | 2606:4700:30:... 2606:4700:30::681b:9e7c | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
1 | 24.139.99.67 24.139.99.67 | 14638 (LCPRL) (LCPRL - Liberty Cablevision of Puerto Rico) | |
10 | 3 |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
myfiveotravel.top |
ASN14638 (LCPRL - Liberty Cablevision of Puerto Rico, US)
digitalbanking.1firstbank.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
4 |
myfiveotravel.top
myfiveotravel.top |
127 KB |
1 |
1firstbank.com
digitalbanking.1firstbank.com Failed |
4 KB |
0 |
Failed
function sub() { [native code] }. Failed |
|
10 | 3 |
Domain | Requested by | |
---|---|---|
4 | myfiveotravel.top |
myfiveotravel.top
|
1 | digitalbanking.1firstbank.com |
myfiveotravel.top
|
0 | truncated Failed |
myfiveotravel.top
|
10 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com CloudFlare Inc ECC CA-2 |
2019-07-01 - 2020-06-30 |
a year | crt.sh |
digitalbanking.1firstbank.com Network Solutions OV Server CA 2 |
2018-08-09 - 2020-06-26 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://myfiveotravel.top/h/Login_Step2.html
Frame ID: A75CE2B524D2A217A9AB1D822ADA4A93
Requests: 11 HTTP requests in this frame
Screenshot
Detected technologies
CloudFlare (CDN) ExpandDetected patterns
- headers server /^cloudflare$/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
10 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
Login_Step2.html
myfiveotravel.top/h/ |
735 KB 115 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index.css
myfiveotravel.top/h/files/ |
77 KB 11 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
001.png
myfiveotravel.top/h/files/ |
823 B 881 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
din-regular-webfont.woff2
digitalbanking.1firstbank.com/Resources/Fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo_positivo_login.png
digitalbanking.1firstbank.com/Resources/images/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
streamline.woff
digitalbanking.1firstbank.com/Resources/Fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
email-decode.min.js
myfiveotravel.top/cdn-cgi/scripts/5c5dd728/cloudflare-static/ |
1 KB 736 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
truncated
/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
din-regular.ttf
digitalbanking.1firstbank.com/Resources/Fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
streamline.ttf
digitalbanking.1firstbank.com/Resources/Fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
din-regular.woff
digitalbanking.1firstbank.com/Resources/Fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- digitalbanking.1firstbank.com
- URL
- https://digitalbanking.1firstbank.com/Resources/Fonts/din-regular-webfont.woff2
- Domain
- digitalbanking.1firstbank.com
- URL
- https://digitalbanking.1firstbank.com/Resources/Fonts/streamline.woff?19c5cw
- Domain
- truncated
- URL
- data:truncated
- Domain
- digitalbanking.1firstbank.com
- URL
- https://digitalbanking.1firstbank.com/Resources/Fonts/din-regular.ttf
- Domain
- digitalbanking.1firstbank.com
- URL
- https://digitalbanking.1firstbank.com/Resources/Fonts/streamline.ttf?19c5cw
- Domain
- digitalbanking.1firstbank.com
- URL
- https://digitalbanking.1firstbank.com/Resources/Fonts/din-regular.woff
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: First BanCorp (Banking)3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.myfiveotravel.top/ | Name: __cfduid Value: d7d75c21dd0d9f8721c3893888b3fe8d81562205961 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
digitalbanking.1firstbank.com
myfiveotravel.top
truncated
digitalbanking.1firstbank.com
truncated
24.139.99.67
2606:4700:30::681b:9e7c
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
443d47d763d3a764fd983f40ca73b15ac84591adbfde9e69e99555db39d271bd
603c1e2294dbcbe88ddc591d9821a240265908ca32e76ec55166afee2a6a33eb
f6517076c00f573d760dfb1a8cbdd28e6a83e542fb20d0c83c25812afd1d2cc5
ff4dc3a2e11c43149fa86a09ad8d277d376cec3fbfe09238b27d6c7024c1b963