![](/screenshots/c3352d31-b1c1-4b52-ae24-e9879c46538a.png)
www.districtcouriers.com
Open in
urlscan Pro
199.181.238.254
Malicious Activity!
Public Scan
Submission: On December 19 via automatic, source openphish
Summary
This is the only time www.districtcouriers.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Bank of Guam (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 7 | 199.181.238.254 199.181.238.254 | 54540 (INCERO-HVVC) (INCERO-HVVC) | |
8 | 8.248.5.231 8.248.5.231 | 3356 (LEVEL3) (LEVEL3) | |
18 | 3 |
ASN54540 (INCERO-HVVC, US)
PTR: dalserver7.catalysthost.net
www.districtcouriers.com | |
districtcouriers.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
onlineaccess1.com
cdn1.onlineaccess1.com |
557 KB |
7 |
districtcouriers.com
1 redirects
www.districtcouriers.com districtcouriers.com |
95 KB |
18 | 2 |
Domain | Requested by | |
---|---|---|
8 | cdn1.onlineaccess1.com |
www.districtcouriers.com
cdn1.onlineaccess1.com |
6 | www.districtcouriers.com |
1 redirects
www.districtcouriers.com
|
1 | districtcouriers.com |
www.districtcouriers.com
|
18 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
cdn1.onlineaccess1.com DigiCert SHA2 Secure Server CA |
2020-01-22 - 2022-01-29 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
http://www.districtcouriers.com/Login_step_2.html
Frame ID: 83F3889E90440248BDFDFE2417D5C4B9
Requests: 18 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 3- http://www.districtcouriers.com/files/add-engine-meta.html HTTP 301
- http://districtcouriers.com/files/add-engine-meta.html
- http://www.districtcouriers.com/files/fonts/OpenSans/OpenSans-Regular.woff HTTP 301
- http://districtcouriers.com/files/fonts/OpenSans/OpenSans-Regular.woff
- http://www.districtcouriers.com/files/fonts/OpenSans/OpenSans-Semibold.woff HTTP 301
- http://districtcouriers.com/files/fonts/OpenSans/OpenSans-Semibold.woff
- http://www.districtcouriers.com/files/fonts/OpenSans/OpenSans-Regular.ttf HTTP 301
- http://districtcouriers.com/files/fonts/OpenSans/OpenSans-Regular.ttf
- http://www.districtcouriers.com/files/fonts/OpenSans/OpenSans-Semibold.ttf HTTP 301
- http://districtcouriers.com/files/fonts/OpenSans/OpenSans-Semibold.ttf
18 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
Login_step_2.html
www.districtcouriers.com/ |
148 KB 16 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
app.css
www.districtcouriers.com/files/ |
96 KB 18 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
highcontrast-faeb96f0648bcaf3054ef11d5696ee43.css
www.districtcouriers.com/files/ |
226 KB 29 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
theme-q2-9855f9ef95bcf00d6f666b0cc50aa040.css
www.districtcouriers.com/files/ |
218 KB 30 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
add-engine-meta.html
districtcouriers.com/files/ Redirect Chain
|
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headersRedirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
tecton-2f616577dbd335c1ce3db6dd61e6741d.css
www.districtcouriers.com/files/ |
8 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
highcontrast-blessed2-884b0f8f98c674f9e067b22932e17b55.css
cdn1.onlineaccess1.com/cdn/depot/3274_01/503/784d317f36f837a08b130b733b72dde1/assets/ |
283 KB 36 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
highcontrast-blessed1-abab3b6a22d43874bd58d60c8cca78fa.css
cdn1.onlineaccess1.com/cdn/depot/3274_01/503/784d317f36f837a08b130b733b72dde1/assets/ |
361 KB 51 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
theme-q2-blessed2-f7e7288f6bd7494fa78475abef2b0081.css
cdn1.onlineaccess1.com/cdn/depot/3274_01/503/784d317f36f837a08b130b733b72dde1/assets/ |
276 KB 36 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
theme-q2-blessed1-bee7118c47e721e96342d09c25061464.css
cdn1.onlineaccess1.com/cdn/depot/3274_01/503/784d317f36f837a08b130b733b72dde1/assets/ |
345 KB 50 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
desktop-background-6afec80454297b9a08d23de6a993db17.jpg
cdn1.onlineaccess1.com/cdn/depot/3274_01/503/784d317f36f837a08b130b733b72dde1/assets/images/ |
346 KB 327 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo_large-1f7a0261597679ec179a2cddec2e7af4.png
cdn1.onlineaccess1.com/cdn/depot/3274_01/503/784d317f36f837a08b130b733b72dde1/assets/images/logos/ |
8 KB 8 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
OpenSans-Regular.woff
districtcouriers.com/files/fonts/OpenSans/ Redirect Chain
|
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
OpenSans-Semibold.woff
districtcouriers.com/files/fonts/OpenSans/ Redirect Chain
|
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
OpenSans-Regular.ttf
districtcouriers.com/files/fonts/OpenSans/ Redirect Chain
|
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
OpenSans-Semibold.ttf
districtcouriers.com/files/fonts/OpenSans/ Redirect Chain
|
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
OpenSans-Regular.woff
cdn1.onlineaccess1.com/cdn/depot/3274_01/503/784d317f36f837a08b130b733b72dde1/assets/fonts/OpenSans/ |
24 KB 25 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
OpenSans-Semibold.woff
cdn1.onlineaccess1.com/cdn/depot/3274_01/503/784d317f36f837a08b130b733b72dde1/assets/fonts/OpenSans/ |
24 KB 25 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- districtcouriers.com
- URL
- http://districtcouriers.com/files/fonts/OpenSans/OpenSans-Regular.woff
- Domain
- districtcouriers.com
- URL
- http://districtcouriers.com/files/fonts/OpenSans/OpenSans-Semibold.woff
- Domain
- districtcouriers.com
- URL
- http://districtcouriers.com/files/fonts/OpenSans/OpenSans-Regular.ttf
- Domain
- districtcouriers.com
- URL
- http://districtcouriers.com/files/fonts/OpenSans/OpenSans-Semibold.ttf
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Bank of Guam (Banking)5 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| trustedTypes boolean| crossOriginIsolated0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn1.onlineaccess1.com
districtcouriers.com
www.districtcouriers.com
districtcouriers.com
199.181.238.254
8.248.5.231
194d6710bfdc31105c06e7d944bccd454382b4c76b69212ea02c47b521ebefcc
1d96939ebeb04d872b7c6629a89cb118518fc92493d74370f13a08f126b995a7
5655d187eb008122e9b5f3580073af19af7861ed4eb4e8c1a03d0995494ed040
5e335db7f8ef9f87be9dcc9c56f071d27a7b5bbd9111cfcdabd6babe5eb4e968
60fc030f9c056fe96fdec74cd2dec6ecfb10037d6f2fd010889c5327c4dc41cb
7b1da2ac308fda50fdcbf077f6159c359da942337720939920f566ab50c30c4b
95915582ecc56aa27829e7bd118b423f09cba0856ce517fdcd82e4e05726e6e6
a8f5b0754ce0df3151dedb17206fff87e055a8812a9d53131c7e8269e84c6344
c48fdd8bd5e74afb09a8a7e591a4364eb13c4f95ce35d072a5e53ac088ce1108
ccd04e53f94698141af52777aa617347c0c469fb1f8bc2e645dc949e35b9a823
cd4104550cdaf752439dcf64adf4fe5d878e22644ede5bd2a9ec77f79298fc28
d97dbcef4f8ecefe7e7643453602a882c803ea7746302caadd0f4074135d9583
f9110e7d03dc1ae2fbcde0e68011e66d5e27ef7875e70f63d9adb62586776b34