login-accountverify.serveuser.com
Open in
urlscan Pro
18.216.129.85
Malicious Activity!
Public Scan
Submission: On October 28 via manual from IT
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on October 26th 2020. Valid for: 3 months.
This is the only time login-accountverify.serveuser.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Cash App (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 18.216.129.85 18.216.129.85 | 16509 (AMAZON-02) (AMAZON-02) | |
8 | 151.101.193.49 151.101.193.49 | 54113 (FASTLY) (FASTLY) | |
9 | 2 |
ASN16509 (AMAZON-02, US)
PTR: ec2-18-216-129-85.us-east-2.compute.amazonaws.com
login-accountverify.serveuser.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
squarecdn.com
cash-f.squarecdn.com |
682 KB |
1 |
serveuser.com
login-accountverify.serveuser.com |
5 KB |
9 | 2 |
Domain | Requested by | |
---|---|---|
8 | cash-f.squarecdn.com |
login-accountverify.serveuser.com
cash-f.squarecdn.com |
1 | login-accountverify.serveuser.com | |
9 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
login-accountverify.serveuser.com cPanel, Inc. Certification Authority |
2020-10-26 - 2021-01-24 |
3 months | crt.sh |
*.squarecdn.com Entrust Certification Authority - L1K |
2020-02-06 - 2021-02-16 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://login-accountverify.serveuser.com/cash.app/login.php
Frame ID: 37665F642DFA67DA2A052DAA032545A0
Requests: 9 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
9 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
login.php
login-accountverify.serveuser.com/cash.app/ |
5 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cash-market-rounded-light.woff2
cash-f.squarecdn.com/assets/fonts/cashmarket/ |
23 KB 23 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cash-market-rounded-regular.woff2
cash-f.squarecdn.com/assets/fonts/cashmarket/ |
33 KB 33 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cash-market-rounded-medium.woff2
cash-f.squarecdn.com/assets/fonts/cashmarket/ |
35 KB 35 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
vendor.js
cash-f.squarecdn.com/ember/a548ae1339eed15b0a557cd7cc8ba0b2f9645ac5/assets/ |
1 MB 297 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cash.js
cash-f.squarecdn.com/ember/a548ae1339eed15b0a557cd7cc8ba0b2f9645ac5/assets/ |
978 KB 188 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cash.css
cash-f.squarecdn.com/ember/a548ae1339eed15b0a557cd7cc8ba0b2f9645ac5/assets/ |
239 KB 36 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cash-market-rounded-medium.woff2
cash-f.squarecdn.com/static/fonts/cashmarket/ |
35 KB 36 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cash-market-rounded-regular.woff2
cash-f.squarecdn.com/static/fonts/cashmarket/ |
33 KB 33 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Cash App (Banking)28 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes function| createDeprecatedModule boolean| runningTests object| loader function| define function| requireModule function| require function| requirejs object| EmberENV function| moment function| $ function| jQuery object| Ember object| Em object| showdown object| Bugsnag object| Placeholders object| FieldKit object| LGTM function| clearAnimationFrame function| Spinner object| cropit function| UAParser function| Fingerprint2 object| CryptoJS0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cash-f.squarecdn.com
login-accountverify.serveuser.com
151.101.193.49
18.216.129.85
0cab6ae142696ceae7265aa7f93941de14df3d4e06ac2487808d4bbf1d8fea0f
1c26acb2b3c796a0af628e7a737c95ef4f01cfd6cd03b3b6f46238e596cee141
32ce0116ec544d7c3a3f10163fabb110f4c8e49be67489b60957badd5acc8bc3
66a0e64c291a95a1197f6e2b6a31a0e4dfd0758ae47bdf71581883c7c8c11957
a1abd94048e822be4d2b551ce86d9250314fb453a2b87092a6bb1138ae167c14
de531e5c7be5d41643ca0ca0eda3794751eb52275c95a774da8df60ef8729b3b
f4ab87ede11229a08e5450acd4d6e6e1604fa1cb45da54387b56711f9043fc58