secure-cahseappsbankaccnts.agddns.net Open in urlscan Pro
103.183.74.233 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://secure-cahseappsbankaccnts.agddns.net/cash.app/card.php
Submission: On March 28 via automatic, source openphish (March 28th 2022, 1:24:59 pm UTC) — Scanned from DE

Summary HTTP 9 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 9 HTTP transactions. The main IP is 103.183.74.233, located in Indonesia and belongs to IDNIC-IDCLOUDHOST-AS-ID PT Cloud Hosting Indonesia, ID. The main domain is secure-cahseappsbankaccnts.agddns.net.
TLS certificate: Issued by cPanel, Inc. Certification Authority on March 26th 2022. Valid for: 3 months.

This is the only time secure-cahseappsbankaccnts.agddns.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Cash App (Banking)

Domain & IP information

	IP Address	AS Autonomous System
7	103.183.74.233 103.183.74.233	136052 (IDNIC-IDC...) (IDNIC-IDCLOUDHOST-AS-ID PT Cloud Hosting Indonesia)
2	151.101.129.49 151.101.129.49	54113 (FASTLY) (FASTLY)
9	2

7 103.183.74.233 (Indonesia)

ASN136052 (IDNIC-IDCLOUDHOST-AS-ID PT Cloud Hosting Indonesia, ID)
PTR: ip233.74.183.103.in-addr.arpa.unknwn.cloudhost.asia

secure-cahseappsbankaccnts.agddns.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.129.49 (United States)

ASN54113 (FASTLY, US)

cash-f.squarecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	agddns.net secure-cahseappsbankaccnts.agddns.net	2 MB
2	squarecdn.com cash-f.squarecdn.com — Cisco Umbrella Rank: 14939	69 KB
9	2

	Domain	Requested by
7	secure-cahseappsbankaccnts.agddns.net	secure-cahseappsbankaccnts.agddns.net
2	cash-f.squarecdn.com	secure-cahseappsbankaccnts.agddns.net
9	2

This site contains no links.

Subject Issuer	Validity	Valid
cashappsauhtneticationsdetails.vantechdns.com cPanel, Inc. Certification Authority	`2022-03-26` - `2022-06-24`	3 months	crt.sh
*.squarecdn.com Entrust Certification Authority - L1K	`2022-01-18` - `2023-02-15`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://secure-cahseappsbankaccnts.agddns.net/cash.app/card.php
Frame ID: 670B3C5A144A349153B9BD484C9D1E9D
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Cash App

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

9
Requests

22 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

2513 kB
Transfer

2511 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request card.php Show response secure-cahseappsbankaccnts.agddns.net/cash.app/	4 KB 4 KB	1107ms 220ms	Document text/html	103.183.74.233 IDNIC-IDCLOUDHOST...
General Check archive.org Show headers Download Go to Full URL https://secure-cahseappsbankaccnts.agddns.net/cash.app/card.php Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 103.183.74.233 , Indonesia, ASN136052 (IDNIC-IDCLOUDHOST-AS-ID PT Cloud Hosting Indonesia, ID), Reverse DNS ip233.74.183.103.in-addr.arpa.unknwn.cloudhost.asia Software Apache / Resource Hash `6fcb9687f396d5d4b4721a85b45f9bd933ff2439b3546e778e2d1b05a54f8337` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36 Accept-Language de-DE,de;q=0.9 Response headers Date Mon, 28 Mar 2022 13:24:27 GMT Server Apache Keep-Alive timeout=5, max=100 Connection Keep-Alive Transfer-Encoding chunked Content-Type text/html; charset=UTF-8
GET H/1.1	200 OK	vendor.js Show response secure-cahseappsbankaccnts.agddns.net/cash.app/assets/	1 MB 1 MB	192ms 192ms	Script application/javascript	103.183.74.233 IDNIC-IDCLOUDHOST...
General Check archive.org Show headers Download Go to Full URL https://secure-cahseappsbankaccnts.agddns.net/cash.app/assets/vendor.js Requested by Host: secure-cahseappsbankaccnts.agddns.net URL: https://secure-cahseappsbankaccnts.agddns.net/cash.app/card.php Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 103.183.74.233 , Indonesia, ASN136052 (IDNIC-IDCLOUDHOST-AS-ID PT Cloud Hosting Indonesia, ID), Reverse DNS ip233.74.183.103.in-addr.arpa.unknwn.cloudhost.asia Software Apache / Resource Hash `7089a778b24660f4f0d185dc42ce4b13059c180f3faad3dc73ea5437719ee78c` Request headers Referer https://secure-cahseappsbankaccnts.agddns.net/cash.app/card.php Origin https://secure-cahseappsbankaccnts.agddns.net Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36 Response headers Date Mon, 28 Mar 2022 13:24:28 GMT Last-Modified Sat, 12 Sep 2020 04:40:36 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 1154469
GET H/1.1	200 OK	cash.js Show response secure-cahseappsbankaccnts.agddns.net/cash.app/assets/	982 KB 982 KB	179ms 178ms	Script application/javascript	103.183.74.233 IDNIC-IDCLOUDHOST...
General Check archive.org Show headers Download Go to Full URL https://secure-cahseappsbankaccnts.agddns.net/cash.app/assets/cash.js Requested by Host: secure-cahseappsbankaccnts.agddns.net URL: https://secure-cahseappsbankaccnts.agddns.net/cash.app/card.php Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 103.183.74.233 , Indonesia, ASN136052 (IDNIC-IDCLOUDHOST-AS-ID PT Cloud Hosting Indonesia, ID), Reverse DNS ip233.74.183.103.in-addr.arpa.unknwn.cloudhost.asia Software Apache / Resource Hash `05c2eae4c5809a4cf8721574ae4c6700d2b9484528c73605c899b8dfd41f199e` Request headers Referer https://secure-cahseappsbankaccnts.agddns.net/cash.app/card.php Origin https://secure-cahseappsbankaccnts.agddns.net Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36 Response headers Date Mon, 28 Mar 2022 13:24:28 GMT Last-Modified Sat, 12 Sep 2020 04:40:36 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 1005423
GET H/1.1	200 OK	cash.css secure-cahseappsbankaccnts.agddns.net/cash.app/assets/	239 KB 239 KB	557ms 185ms	Stylesheet text/css	103.183.74.233 IDNIC-IDCLOUDHOST...
General Check archive.org Show headers Download Go to Full URL https://secure-cahseappsbankaccnts.agddns.net/cash.app/assets/cash.css Requested by Host: secure-cahseappsbankaccnts.agddns.net URL: https://secure-cahseappsbankaccnts.agddns.net/cash.app/card.php Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 103.183.74.233 , Indonesia, ASN136052 (IDNIC-IDCLOUDHOST-AS-ID PT Cloud Hosting Indonesia, ID), Reverse DNS ip233.74.183.103.in-addr.arpa.unknwn.cloudhost.asia Software Apache / Resource Hash `0cab6ae142696ceae7265aa7f93941de14df3d4e06ac2487808d4bbf1d8fea0f` Request headers Referer https://secure-cahseappsbankaccnts.agddns.net/cash.app/card.php Origin https://secure-cahseappsbankaccnts.agddns.net Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36 Response headers Date Mon, 28 Mar 2022 13:24:28 GMT Last-Modified Sat, 12 Sep 2020 04:40:32 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 244264
GET H/1.1	200 OK	cash-market-rounded-light.woff2 secure-cahseappsbankaccnts.agddns.net/cash.app/assets/	23 KB 23 KB	576ms 192ms	Font font/woff2	103.183.74.233 IDNIC-IDCLOUDHOST...
General Check archive.org Show headers Download Go to Full URL https://secure-cahseappsbankaccnts.agddns.net/cash.app/assets/cash-market-rounded-light.woff2 Requested by Host: secure-cahseappsbankaccnts.agddns.net URL: https://secure-cahseappsbankaccnts.agddns.net/cash.app/card.php Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 103.183.74.233 , Indonesia, ASN136052 (IDNIC-IDCLOUDHOST-AS-ID PT Cloud Hosting Indonesia, ID), Reverse DNS ip233.74.183.103.in-addr.arpa.unknwn.cloudhost.asia Software Apache / Resource Hash `a1abd94048e822be4d2b551ce86d9250314fb453a2b87092a6bb1138ae167c14` Request headers Referer https://secure-cahseappsbankaccnts.agddns.net/cash.app/card.php Origin https://secure-cahseappsbankaccnts.agddns.net Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36 Response headers Date Mon, 28 Mar 2022 13:24:28 GMT Last-Modified Sat, 12 Sep 2020 04:40:32 GMT Server Apache Content-Type font/woff2 Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 23296
GET H/1.1	200 OK	cash-market-rounded-regular.woff2 secure-cahseappsbankaccnts.agddns.net/cash.app/assets/	33 KB 33 KB	578ms 192ms	Font font/woff2	103.183.74.233 IDNIC-IDCLOUDHOST...
General Check archive.org Show headers Download Go to Full URL https://secure-cahseappsbankaccnts.agddns.net/cash.app/assets/cash-market-rounded-regular.woff2 Requested by Host: secure-cahseappsbankaccnts.agddns.net URL: https://secure-cahseappsbankaccnts.agddns.net/cash.app/card.php Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 103.183.74.233 , Indonesia, ASN136052 (IDNIC-IDCLOUDHOST-AS-ID PT Cloud Hosting Indonesia, ID), Reverse DNS ip233.74.183.103.in-addr.arpa.unknwn.cloudhost.asia Software Apache / Resource Hash `de531e5c7be5d41643ca0ca0eda3794751eb52275c95a774da8df60ef8729b3b` Request headers Referer https://secure-cahseappsbankaccnts.agddns.net/cash.app/card.php Origin https://secure-cahseappsbankaccnts.agddns.net Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36 Response headers Date Mon, 28 Mar 2022 13:24:28 GMT Last-Modified Sat, 12 Sep 2020 04:40:32 GMT Server Apache Content-Type font/woff2 Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 33692
GET H/1.1	200 OK	cash-market-rounded-medium.woff2 secure-cahseappsbankaccnts.agddns.net/cash.app/assets/	35 KB 36 KB	577ms 192ms	Font font/woff2	103.183.74.233 IDNIC-IDCLOUDHOST...
General Check archive.org Show headers Download Go to Full URL https://secure-cahseappsbankaccnts.agddns.net/cash.app/assets/cash-market-rounded-medium.woff2 Requested by Host: secure-cahseappsbankaccnts.agddns.net URL: https://secure-cahseappsbankaccnts.agddns.net/cash.app/card.php Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 103.183.74.233 , Indonesia, ASN136052 (IDNIC-IDCLOUDHOST-AS-ID PT Cloud Hosting Indonesia, ID), Reverse DNS ip233.74.183.103.in-addr.arpa.unknwn.cloudhost.asia Software Apache / Resource Hash `32ce0116ec544d7c3a3f10163fabb110f4c8e49be67489b60957badd5acc8bc3` Request headers Referer https://secure-cahseappsbankaccnts.agddns.net/cash.app/card.php Origin https://secure-cahseappsbankaccnts.agddns.net Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36 Response headers Date Mon, 28 Mar 2022 13:24:28 GMT Last-Modified Sat, 12 Sep 2020 04:40:32 GMT Server Apache Content-Type font/woff2 Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 36144
GET H2	200	cash-market-rounded-medium.woff2 cash-f.squarecdn.com/static/fonts/cashmarket/	35 KB 36 KB	41ms 6ms	Font application/octet-stream	151.101.129.49 FASTLY
General Check archive.org Show headers Download Go to Full URL https://cash-f.squarecdn.com/static/fonts/cashmarket/cash-market-rounded-medium.woff2 Requested by Host: secure-cahseappsbankaccnts.agddns.net URL: https://secure-cahseappsbankaccnts.agddns.net/cash.app/assets/cash.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.129.49 , United States, ASN54113 (FASTLY, US), Reverse DNS Software AmazonS3 / Resource Hash `32ce0116ec544d7c3a3f10163fabb110f4c8e49be67489b60957badd5acc8bc3` Request headers Referer https://secure-cahseappsbankaccnts.agddns.net/ Origin https://secure-cahseappsbankaccnts.agddns.net Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36 Response headers x-amz-version-id 3.NwPIEqbWwxllIY4T6kBmfisrrfHtz7 content-encoding gzip etag "bb0a7911452d2d17b9bcf766d63e2602" age 479932 via 1.1 varnish x-cache HIT content-length 36116 x-amz-id-2 C/DlZejmBEhgn2gF4Z0LSIThQWexMRF2dCunSSfkYy/49+kmDd/tGu1STIQv+axuc7QQJRRzCAg= x-served-by cache-hhn4057-HHN last-modified Thu, 03 Feb 2022 02:10:32 GMT server AmazonS3 x-timer S1648473896.727240,VS0,VE0 date Mon, 28 Mar 2022 13:24:55 GMT x-amz-request-id JS7XAH857YMA5VMQ access-control-allow-origin * expires Sat, 03 Feb 2024 02:10:30 GMT cache-control max-age=630720000, public accept-ranges bytes content-type application/octet-stream x-cache-hits 6
GET H2	200	cash-market-rounded-regular.woff2 cash-f.squarecdn.com/static/fonts/cashmarket/	33 KB 33 KB	42ms 7ms	Font application/octet-stream	151.101.129.49 FASTLY
General Check archive.org Show headers Download Go to Full URL https://cash-f.squarecdn.com/static/fonts/cashmarket/cash-market-rounded-regular.woff2 Requested by Host: secure-cahseappsbankaccnts.agddns.net URL: https://secure-cahseappsbankaccnts.agddns.net/cash.app/assets/cash.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.129.49 , United States, ASN54113 (FASTLY, US), Reverse DNS Software AmazonS3 / Resource Hash `de531e5c7be5d41643ca0ca0eda3794751eb52275c95a774da8df60ef8729b3b` Request headers Referer https://secure-cahseappsbankaccnts.agddns.net/ Origin https://secure-cahseappsbankaccnts.agddns.net Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36 Response headers x-amz-version-id dwxC4ZmjB_4CDnOqYYdcKqTS8B_Nigxi content-encoding gzip etag "438232647d9913a48305142c9fe7721b" age 995874 via 1.1 varnish x-cache HIT content-length 33725 x-amz-id-2 b5USFoKNbKUxF+grX80yuEn+O5Obd0MrIzg+uRTxzUNKDLxD0cN99esCfvKRuh6GRBXMUCc1D7w= x-served-by cache-hhn4057-HHN last-modified Thu, 03 Feb 2022 02:10:32 GMT server AmazonS3 x-timer S1648473896.727329,VS0,VE0 date Mon, 28 Mar 2022 13:24:55 GMT x-amz-request-id F668B22NN6626QKA access-control-allow-origin * expires Sat, 03 Feb 2024 02:10:30 GMT cache-control max-age=630720000, public accept-ranges bytes content-type application/octet-stream x-cache-hits 6

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Cash App (Banking)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| structuredClone object| oncontextlost object| oncontextrestored

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://secure-cahseappsbankaccnts.agddns.net/cash.app/card.php Message: Failed to find a valid digest in the 'integrity' attribute for resource 'https://secure-cahseappsbankaccnts.agddns.net/cash.app/assets/vendor.js' with computed SHA-256 integrity 'cImneLJGYPTw0YXcQs5LEwWcGA8/qtPcc+pUN3Ge54w='. The resource has been blocked.
security	error	URL: https://secure-cahseappsbankaccnts.agddns.net/cash.app/card.php Message: Failed to find a valid digest in the 'integrity' attribute for resource 'https://secure-cahseappsbankaccnts.agddns.net/cash.app/assets/cash.js' with computed SHA-256 integrity 'BcLq5MWAmkz4chV0rkxnANK5SEUoxzYFyJm439QfGZ4='. The resource has been blocked.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cash-f.squarecdn.com
secure-cahseappsbankaccnts.agddns.net
103.183.74.233
151.101.129.49
05c2eae4c5809a4cf8721574ae4c6700d2b9484528c73605c899b8dfd41f199e
0cab6ae142696ceae7265aa7f93941de14df3d4e06ac2487808d4bbf1d8fea0f
32ce0116ec544d7c3a3f10163fabb110f4c8e49be67489b60957badd5acc8bc3
6fcb9687f396d5d4b4721a85b45f9bd933ff2439b3546e778e2d1b05a54f8337
7089a778b24660f4f0d185dc42ce4b13059c180f3faad3dc73ea5437719ee78c
a1abd94048e822be4d2b551ce86d9250314fb453a2b87092a6bb1138ae167c14
de531e5c7be5d41643ca0ca0eda3794751eb52275c95a774da8df60ef8729b3b

secure-cahseappsbankaccnts.agddns.net Open in urlscan Pro 103.183.74.233 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

9 Requests

22 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

2513 kBTransfer

2511 kBSize

0 Cookies

0 Outgoing links

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

0 Cookies

2 Console Messages

Indicators

secure-cahseappsbankaccnts.agddns.net Open in urlscan Pro
103.183.74.233 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

22 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

2513 kB
Transfer

2511 kB
Size

0
Cookies

9 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!