helping-deskforquery.com
Open in
urlscan Pro
2606:4700:3030::6815:53e9
Malicious Activity!
Public Scan
Effective URL: https://helping-deskforquery.com/AFCU/login
Submission: On April 21 via api from BE — Scanned from DE
Summary
TLS certificate: Issued by GTS CA 1P5 on April 11th 2023. Valid for: 3 months.
This is the only time helping-deskforquery.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Cloudflare (Online) America First Credit Union (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 3 | 104.196.59.135 104.196.59.135 | 15169 (GOOGLE) (GOOGLE) | |
1 8 | 2606:4700:303... 2606:4700:3030::6815:53e9 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
4 | 104.18.29.228 104.18.29.228 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a00:1450:400... 2a00:1450:4001:828::200a | 15169 (GOOGLE) (GOOGLE) | |
13 | 5 |
ASN15169 (GOOGLE, US)
PTR: 135.59.196.104.bc.googleusercontent.com
www.redheadsinc.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
helping-deskforquery.com
1 redirects
helping-deskforquery.com |
210 KB |
4 |
americafirst.com
secure.americafirst.com — Cisco Umbrella Rank: 436330 |
9 KB |
3 |
redheadsinc.com
2 redirects
www.redheadsinc.com |
902 B |
1 |
googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 607 |
31 KB |
13 | 4 |
Domain | Requested by | |
---|---|---|
8 | helping-deskforquery.com |
1 redirects
www.redheadsinc.com
helping-deskforquery.com |
4 | secure.americafirst.com |
helping-deskforquery.com
|
3 | www.redheadsinc.com | 2 redirects |
1 | ajax.googleapis.com |
helping-deskforquery.com
|
13 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.americafirst.com |
secure.americafirst.com |
portal.hud.gov |
www.ncua.gov |
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.redheadsinc.com R3 |
2023-01-21 - 2023-04-21 |
3 months | crt.sh |
*.helping-deskforquery.com GTS CA 1P5 |
2023-04-11 - 2023-07-10 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2023-04-11 - 2024-04-10 |
a year | crt.sh |
upload.video.google.com GTS CA 1C3 |
2023-04-03 - 2023-06-26 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://helping-deskforquery.com/AFCU/login
Frame ID: 784BDFA7837DAF8360A1A7A5A4B2FDE9
Requests: 17 HTTP requests in this frame
Screenshot
Page Title
America First Credit UnionPage URL History Show full URLs
-
https://www.redheadsinc.com/update
HTTP 301
http://www.redheadsinc.com/update/ HTTP 301
https://www.redheadsinc.com/update/ Page URL
- https://helping-deskforquery.com/AFCU/login Page URL
-
https://helping-deskforquery.com/cdn-cgi/phish-bypass?atok=ZqRez7g8hv9HAGsCGaz4Tbbu80k0j2op6k2XHEOtGfQ-168211...
HTTP 301
https://helping-deskforquery.com/AFCU/login Page URL
- https://helping-deskforquery.com/AFCU/login Page URL
Detected technologies
jQuery (JavaScript Libraries) ExpandDetected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
11 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Title: Enroll Now
Search URL Search Domain Scan URL
Title: Forgot Password
Search URL Search Domain Scan URL
Title: Contact Us
Search URL Search Domain Scan URL
Title: terms
Search URL Search Domain Scan URL
Title: branch locator
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: Privacy Policy
Search URL Search Domain Scan URL
Title: Email Opt Out Procedure
Search URL Search Domain Scan URL
Title: Fraud Alert Text/SMS Notification Terms and Conditions
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://www.redheadsinc.com/update
HTTP 301
http://www.redheadsinc.com/update/ HTTP 301
https://www.redheadsinc.com/update/ Page URL
- https://helping-deskforquery.com/AFCU/login Page URL
-
https://helping-deskforquery.com/cdn-cgi/phish-bypass?atok=ZqRez7g8hv9HAGsCGaz4Tbbu80k0j2op6k2XHEOtGfQ-1682117561-0-%2FAFCU%2Flogin
HTTP 301
https://helping-deskforquery.com/AFCU/login Page URL
- https://helping-deskforquery.com/AFCU/login Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://www.redheadsinc.com/update HTTP 301
- http://www.redheadsinc.com/update/ HTTP 301
- https://www.redheadsinc.com/update/
- https://helping-deskforquery.com/cdn-cgi/phish-bypass?atok=ZqRez7g8hv9HAGsCGaz4Tbbu80k0j2op6k2XHEOtGfQ-1682117561-0-%2FAFCU%2Flogin HTTP 301
- https://helping-deskforquery.com/AFCU/login
13 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
www.redheadsinc.com/update/ Redirect Chain
|
380 B 497 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login
helping-deskforquery.com/AFCU/ |
4 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cf.errors.css
helping-deskforquery.com/cdn-cgi/styles/ |
24 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon-exclamation.png
helping-deskforquery.com/cdn-cgi/images/ |
452 B 540 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login
helping-deskforquery.com/AFCU/ Redirect Chain
|
192 B 525 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
login
helping-deskforquery.com/AFCU/ |
63 KB 17 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app.76ff82e5.css
secure.americafirst.com/css/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
chunk-vendors.eab46e62.css
helping-deskforquery.com/AFCU/assets/css/ |
886 KB 94 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app.48c40f3c.js
secure.americafirst.com/js/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
chunk-vendors.662cf618.js
secure.americafirst.com/js/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
2.css
helping-deskforquery.com/AFCU/assets/css/ |
700 KB 91 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo-desktop-inverse.a3a99f3a.png
secure.americafirst.com/img/ |
9 KB 9 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.5.1/ |
87 KB 31 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Cloudflare (Online) America First Credit Union (Banking)3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless function| $ function| jQuery4 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.helping-deskforquery.com/ | Name: __cf_mw_byp Value: ZqRez7g8hv9HAGsCGaz4Tbbu80k0j2op6k2XHEOtGfQ-1682117561-0-/AFCU/login |
|
helping-deskforquery.com/ | Name: chk Value: test |
|
helping-deskforquery.com/ | Name: PHPSESSID Value: 25263480de74d7952a3b7d06f5a7c671 |
|
.americafirst.com/ | Name: __cf_bm Value: ATdD6o24PI4wtn7CqDsWqteMF3tr6lJ4k.Pn1vUWdzs-1682117568-0-AV3qcp62pj39LmlZBAVz8cctNDCymTJvbjk1vEf4JpdM9/oY/gTB0678o4H0zHSOoiVtaMxB8rcwbl7u0JJgUns= |
3 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
helping-deskforquery.com
secure.americafirst.com
www.redheadsinc.com
104.18.29.228
104.196.59.135
2606:4700:3030::6815:53e9
2a00:1450:4001:828::200a
1103290e25ebda2712abe344a87facbac00ddaba712729be9fe5feef807bf91b
132be03c8c9db7608f259244074dc7aea6860a22020c4a6a1786dda4bc80a664
2be19a8b52fbf9826f39491fe2110fc04dd6a5e9fb713a000c2660afbf5c910b
3afdc7f310e2b1aab09770184598bd862fe4c0a042febc1e54f54c4b8e6a133c
6bec0843de82ee85e6cd579670cba1d1956913ac3933142e78bde4f42a0582df
83b34f00b6612015c941c3865d2c047ae5ce567f13530491ac4ed773b13b1bd3
986dae282bc4d35f7234bbf7c3eafd4b4bb990b89143be1f5c8a8aa4a04ee2b4
a6690102b24638424202c679e3c3fafe83bdaa641e40dca06968bcad77f70821
c9a0078a7b8e70e1437317247095c89510a6c40bdb3bb37a26318133e2c1ab54
d65875873cabc4fb2d0b8c78fd8c179725cb5fb9ac598fe7a81a526a16db6452
df808b2ea829eac97e99d46d91fa6a005269d58a9dfd57ff40f7084e6f027f7b
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d