urlscan.io logo urlscan.io
SecurityTrails logo

myfiveotravel.top Open in urlscan Pro
2606:4700:30::681b:9e7c  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://myfiveotravel.top/h/Login_Step2.html
Submission: On July 04 via automatic, source openphish
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 10 HTTP transactions. The main IP is 2606:4700:30::681b:9e7c, located in United States and belongs to CLOUDFLARENET - Cloudflare, Inc., US. The main domain is myfiveotravel.top.
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on July 1st 2019. Valid for: a year.
This is the only time myfiveotravel.top was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: First BanCorp (Banking)

Domain & IP information

IP Address AS Autonomous System
4 2606:4700:30:... 13335 (CLOUDFLAR...)
1 24.139.99.67 14638 (LCPRL)
10 3
Apex Domain
Subdomains		 Transfer
4 myfiveotravel.top
myfiveotravel.top
127 KB
1 1firstbank.com
digitalbanking.1firstbank.com Failed
4 KB
0 Failed
function sub() { [native code] }. Failed
10 3
Domain Requested by
4 myfiveotravel.top myfiveotravel.top
1 digitalbanking.1firstbank.com myfiveotravel.top
0 truncated Failed myfiveotravel.top
10 3

This site contains no links.

Subject Issuer Validity Valid
sni.cloudflaressl.com
CloudFlare Inc ECC CA-2		 2019-07-01 -
2020-06-30		 a year crt.sh
digitalbanking.1firstbank.com
Network Solutions OV Server CA 2		 2018-08-09 -
2020-06-26		 2 years crt.sh

This page contains 1 frames:

Primary Page: https://myfiveotravel.top/h/Login_Step2.html
Frame ID: A75CE2B524D2A217A9AB1D822ADA4A93
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i

Page Statistics

10
Requests

50 %
HTTPS

50 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

132 kB
Transfer

818 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Login_Step2.html
myfiveotravel.top/h/ 		735 KB
115 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://myfiveotravel.top/h/Login_Step2.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:30::681b:9e7c , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
f6517076c00f573d760dfb1a8cbdd28e6a83e542fb20d0c83c25812afd1d2cc5

Request headers

:method
GET
:authority
myfiveotravel.top
:scheme
https
:path
/h/Login_Step2.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
200
date
Thu, 04 Jul 2019 02:06:01 GMT
content-type
text/html
set-cookie
__cfduid=d7d75c21dd0d9f8721c3893888b3fe8d81562205961; expires=Fri, 03-Jul-20 02:06:01 GMT; path=/; domain=.myfiveotravel.top; HttpOnly; Secure
last-modified
Wed, 03 Jul 2019 12:45:16 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
4f0d8998c85d26dc-FRA
content-encoding
br
index.css
myfiveotravel.top/h/files/ 		77 KB
11 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://myfiveotravel.top/h/files/index.css
Requested by
Host: myfiveotravel.top
URL: https://myfiveotravel.top/h/Login_Step2.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:30::681b:9e7c , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
ff4dc3a2e11c43149fa86a09ad8d277d376cec3fbfe09238b27d6c7024c1b963

Request headers

Referer
https://myfiveotravel.top/h/Login_Step2.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 04 Jul 2019 02:06:01 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sat, 11 May 2019 12:29:30 GMT
server
cloudflare
age
945
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
public, max-age=14400
cf-ray
4f0d8999788226dc-FRA
expires
Thu, 04 Jul 2019 06:06:01 GMT
001.png
myfiveotravel.top/h/files/ 		823 B
881 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://myfiveotravel.top/h/files/001.png
Requested by
Host: myfiveotravel.top
URL: https://myfiveotravel.top/h/Login_Step2.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:30::681b:9e7c , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
443d47d763d3a764fd983f40ca73b15ac84591adbfde9e69e99555db39d271bd

Request headers

Referer
https://myfiveotravel.top/h/Login_Step2.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 04 Jul 2019 02:06:01 GMT
cf-cache-status
HIT
last-modified
Sat, 11 May 2019 12:29:30 GMT
server
cloudflare
age
945
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
public, max-age=14400
accept-ranges
bytes
cf-ray
4f0d899a08ac26dc-FRA
content-length
823
expires
Thu, 04 Jul 2019 06:06:01 GMT
din-regular-webfont.woff2
digitalbanking.1firstbank.com/Resources/Fonts/ 		0
0
logo_positivo_login.png
digitalbanking.1firstbank.com/Resources/images/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://digitalbanking.1firstbank.com/Resources/images/logo_positivo_login.png
Requested by
Host: myfiveotravel.top
URL: https://myfiveotravel.top/h/Login_Step2.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
24.139.99.67 Guaynabo, Puerto Rico, ASN14638 (LCPRL - Liberty Cablevision of Puerto Rico, US),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
603c1e2294dbcbe88ddc591d9821a240265908ca32e76ec55166afee2a6a33eb

Request headers

Referer
https://myfiveotravel.top/h/Login_Step2.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Thu, 04 Jul 2019 02:05:59 GMT
ETag
"0c9a482bf74d41:0"
Last-Modified
Mon, 05 Nov 2018 04:24:58 GMT
Server
Microsoft-IIS/8.5
X-Powered-By
ASP.NET
Content-Type
image/png
Accept-Ranges
bytes
Content-Length
4310
streamline.woff
digitalbanking.1firstbank.com/Resources/Fonts/ 		0
0
email-decode.min.js
myfiveotravel.top/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 		1 KB
736 B 		Script
General
Check archive.org
Download Go to
Full URL
https://myfiveotravel.top/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
Requested by
Host: myfiveotravel.top
URL: https://myfiveotravel.top/h/Login_Step2.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:30::681b:9e7c , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://myfiveotravel.top/h/Login_Step2.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 04 Jul 2019 02:06:01 GMT
content-encoding
gzip
last-modified
Wed, 03 Jul 2019 16:00:03 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
W/"5d1cd103-4d7"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=172800, public
cf-ray
4f0d899a48cc26dc-FRA
expires
Sat, 06 Jul 2019 02:06:01 GMT
truncated
/ 		0
0
din-regular.ttf
digitalbanking.1firstbank.com/Resources/Fonts/ 		0
0
streamline.ttf
digitalbanking.1firstbank.com/Resources/Fonts/ 		0
0
din-regular.woff
digitalbanking.1firstbank.com/Resources/Fonts/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
digitalbanking.1firstbank.com
URL
https://digitalbanking.1firstbank.com/Resources/Fonts/din-regular-webfont.woff2
Domain
digitalbanking.1firstbank.com
URL
https://digitalbanking.1firstbank.com/Resources/Fonts/streamline.woff?19c5cw
Domain
truncated
URL
data:truncated
Domain
digitalbanking.1firstbank.com
URL
https://digitalbanking.1firstbank.com/Resources/Fonts/din-regular.ttf
Domain
digitalbanking.1firstbank.com
URL
https://digitalbanking.1firstbank.com/Resources/Fonts/streamline.ttf?19c5cw
Domain
digitalbanking.1firstbank.com
URL
https://digitalbanking.1firstbank.com/Resources/Fonts/din-regular.woff

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: First BanCorp (Banking)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask

1 Cookies

Domain/Path Name / Value
.myfiveotravel.top/ Name: __cfduid
Value: d7d75c21dd0d9f8721c3893888b3fe8d81562205961