urlscan.io logo urlscan.io
SecurityTrails logo

square-login.com Open in urlscan Pro
46.17.98.104  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://square-login.com/338/
Submission: On February 12 via automatic, source openphish — Scanned from NL
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 7 HTTP transactions. The main IP is 46.17.98.104, located in Netherlands and belongs to HOSTKEY-AS, NL. The main domain is square-login.com.
TLS certificate: Issued by R3 on February 11th 2022. Valid for: 3 months.
This is the only time square-login.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Square (Financial) Squarespace (Consumer)

Domain & IP information

IP Address AS Autonomous System
1 46.17.98.104 57043 (HOSTKEY-AS)
5 151.101.193.49 54113 (FASTLY)
1 35.188.42.15 15169 (GOOGLE)
7 3
Apex Domain
Subdomains		 Transfer
5 squarecdn.com
multipassfe-production-f.squarecdn.com — Cisco Umbrella Rank: 79831
256 KB
1 sentry.io
sentry.io — Cisco Umbrella Rank: 373
446 B
1 square-login.com
square-login.com
3 KB
7 3
Domain Requested by
5 multipassfe-production-f.squarecdn.com square-login.com
multipassfe-production-f.squarecdn.com
1 sentry.io multipassfe-production-f.squarecdn.com
1 square-login.com
7 3

This site contains no links.

Subject Issuer Validity Valid
square-login.com
R3		 2022-02-11 -
2022-05-12		 3 months crt.sh
*.squarecdn.com
Entrust Certification Authority - L1K		 2022-01-18 -
2023-02-15		 a year crt.sh
sentry.io
DigiCert SHA2 Secure Server CA		 2020-06-02 -
2022-06-07		 2 years crt.sh

This page contains 1 frames:

Primary Page: https://square-login.com/338/
Frame ID: AB75E86A10994EB8B1EC9A4960478FF3
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Sign In

Page Statistics

7
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

260 kB
Transfer

264 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
square-login.com/338/ 		9 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://square-login.com/338/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
46.17.98.104 , Netherlands, ASN57043 (HOSTKEY-AS, NL),
Reverse DNS
Software
LiteSpeed /
Resource Hash
a4a4bcb59190d57adde7ba1460c6d61b6f55f8f27335b674c8800632215d5674

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9

Response headers

content-type
text/html
last-modified
Fri, 11 Feb 2022 16:37:32 GMT
accept-ranges
bytes
content-encoding
br
vary
Accept-Encoding
content-length
2955
date
Sat, 12 Feb 2022 01:36:34 GMT
server
LiteSpeed
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
login.css
multipassfe-production-f.squarecdn.com/static/gqTacz5VF_Lg0AFKP_FBUA-nBLU/stylesheets/ 		73 KB
74 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://multipassfe-production-f.squarecdn.com/static/gqTacz5VF_Lg0AFKP_FBUA-nBLU/stylesheets/login.css
Requested by
Host: square-login.com
URL: https://square-login.com/338/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ae53ed566b5e868927fc7051483be68d1c6e4fcf75493dc5909f69da321834de

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://square-login.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-amz-version-id
.D9wdnNm1Tqam6k6QvK8JlGgBsTAcfGv
via
1.1 varnish
etag
"486a3740162f8cbdf98c30a01d23a319"
age
10
x-cache
HIT
content-length
74943
x-amz-id-2
1TKQJDbhZv19D4sw9UKeL/OLTvBAcecxw2nopIuJOy3sjGdoG4dh3p5wO7tOFWeuxaLTvzu50wM=
x-served-by
cache-ams21080-AMS
last-modified
Wed, 26 Jan 2022 16:35:43 GMT
server
AmazonS3
x-timer
S1644629795.035446,VS0,VE1
date
Sat, 12 Feb 2022 01:36:35 GMT
x-amz-request-id
M7RP8RDY2Y2FV2G2
access-control-allow-origin
*
cache-control
public
accept-ranges
bytes
content-type
text/css
x-cache-hits
1
polyfill.js
multipassfe-production-f.squarecdn.com/static/gqTacz5VF_Lg0AFKP_FBUA-nBLU/javascripts/ 		13 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://multipassfe-production-f.squarecdn.com/static/gqTacz5VF_Lg0AFKP_FBUA-nBLU/javascripts/polyfill.js
Requested by
Host: square-login.com
URL: https://square-login.com/338/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
276559c6ce4f247e1803a82d5b8c8aca5fae6e3fe8a24ff5a50c13f2f7f4c256

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://square-login.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-amz-version-id
9hBp74N8D5Nk3aH64X3a9F34tYyNLu2D
via
1.1 varnish
etag
"4f1af59a0138ba892d6f74228e7f3338"
age
10
x-cache
HIT
content-length
13473
x-amz-id-2
1z8yxjOm/k8+603g/fBQA8q7WNRvk61RJiN+e1mUgrt5QKmp8Q/MyXgwgVjanJ0QH/jrk5IWnNA=
x-served-by
cache-ams21080-AMS
last-modified
Fri, 04 Feb 2022 16:23:35 GMT
server
AmazonS3
x-timer
S1644629795.035557,VS0,VE2
date
Sat, 12 Feb 2022 01:36:35 GMT
x-amz-request-id
BDA8XEV2HY6B4GNB
access-control-allow-origin
*
cache-control
public
accept-ranges
bytes
content-type
application/javascript
x-cache-hits
1
sentry.js
multipassfe-production-f.squarecdn.com/static/gqTacz5VF_Lg0AFKP_FBUA-nBLU/javascripts/ 		63 KB
63 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://multipassfe-production-f.squarecdn.com/static/gqTacz5VF_Lg0AFKP_FBUA-nBLU/javascripts/sentry.js
Requested by
Host: square-login.com
URL: https://square-login.com/338/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
710873b026dee25206fb5dab2fadfd5ec55819fa7fd4bf5f19bf63c5196d3749

Request headers

Referer
https://square-login.com/
Origin
https://square-login.com
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-amz-version-id
K5cQH8o3TjySNhYju1mEB.DYI4bkvuib
via
1.1 varnish
etag
"6fe482d60002e5aeee9ee3836e5c4409"
age
10
x-cache
HIT
content-length
64262
x-amz-id-2
Xl34DG2Vup/yekKJhBmM95qJNvZLZfaBtlSjq/ZTRxGfkxg/xKSJRvaSW4A3p1sj4yAcnjBn3iE=
x-served-by
cache-ams21029-AMS
last-modified
Fri, 04 Feb 2022 16:23:35 GMT
server
AmazonS3
x-timer
S1644629795.035210,VS0,VE1
date
Sat, 12 Feb 2022 01:36:35 GMT
x-amz-request-id
TVF58S5T9ZTQ59BE
access-control-allow-origin
*
cache-control
public
accept-ranges
bytes
content-type
application/javascript
x-cache-hits
1
sqmarket-regular.otf
multipassfe-production-f.squarecdn.com/static/gqTacz5VF_Lg0AFKP_FBUA-nBLU/fonts/sqmarket/ 		49 KB
49 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://multipassfe-production-f.squarecdn.com/static/gqTacz5VF_Lg0AFKP_FBUA-nBLU/fonts/sqmarket/sqmarket-regular.otf
Requested by
Host: multipassfe-production-f.squarecdn.com
URL: https://multipassfe-production-f.squarecdn.com/static/gqTacz5VF_Lg0AFKP_FBUA-nBLU/stylesheets/login.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
1fc4881cab9110cf5a212890ce46537bb5192d99bc820fb447a7cd708c78e8da

Request headers

Referer
https://multipassfe-production-f.squarecdn.com/static/gqTacz5VF_Lg0AFKP_FBUA-nBLU/stylesheets/login.css
Origin
https://square-login.com
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-amz-version-id
kJdgeo2mCDiSF_JsvMyqthR5cSelmvuR
via
1.1 varnish
etag
"25c074141e8b848dc6e7813f04b3c77c"
age
9
x-cache
HIT
content-length
50160
x-amz-id-2
fi1RI9Cc5/Lnf8oQkSoSySUXPr99eB1qjAJQdpvKImsy7Hymfwxr0z9NOMaCvqeAKby0mvX1UkY=
x-served-by
cache-ams21029-AMS
last-modified
Wed, 26 Jan 2022 16:35:28 GMT
server
AmazonS3
x-timer
S1644629795.082322,VS0,VE1
date
Sat, 12 Feb 2022 01:36:35 GMT
x-amz-request-id
KVD1QMFKB4ZWDDF7
access-control-allow-origin
*
cache-control
public
accept-ranges
bytes
content-type
application/x-font-opentype
x-cache-hits
1
sqmarket-medium.otf
multipassfe-production-f.squarecdn.com/static/gqTacz5VF_Lg0AFKP_FBUA-nBLU/fonts/sqmarket/ 		56 KB
57 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://multipassfe-production-f.squarecdn.com/static/gqTacz5VF_Lg0AFKP_FBUA-nBLU/fonts/sqmarket/sqmarket-medium.otf
Requested by
Host: multipassfe-production-f.squarecdn.com
URL: https://multipassfe-production-f.squarecdn.com/static/gqTacz5VF_Lg0AFKP_FBUA-nBLU/stylesheets/login.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
550adada1bc65c641da935bced98f7240863cc6ca61f9d38fe0ffdf1a085aeb3

Request headers

Referer
https://multipassfe-production-f.squarecdn.com/static/gqTacz5VF_Lg0AFKP_FBUA-nBLU/stylesheets/login.css
Origin
https://square-login.com
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-amz-version-id
LvH65x.5SSXTrNsuIji4isGqnzoUDnCJ
via
1.1 varnish
etag
"592f00078825742e602f348878e40989"
age
9
x-cache
HIT
content-length
57680
x-amz-id-2
gkrJ167mS0xMgZtDdT7N7s+g6QiI+zLQ4bSOU2REKm7gI4Rs/LB3YMQLV2G0eSenjFO7YG8t0x4=
x-served-by
cache-ams21029-AMS
last-modified
Fri, 04 Feb 2022 16:23:17 GMT
server
AmazonS3
x-timer
S1644629795.085296,VS0,VE1
date
Sat, 12 Feb 2022 01:36:35 GMT
x-amz-request-id
DHCKVJB8D881MK2R
access-control-allow-origin
*
cache-control
public
accept-ranges
bytes
content-type
application/x-font-opentype
x-cache-hits
1
/
sentry.io/api/1474740/store/ 		41 B
446 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://sentry.io/api/1474740/store/?sentry_key=f510e74496ac409fb59c50c52d7822da&sentry_version=7
Requested by
Host: multipassfe-production-f.squarecdn.com
URL: https://multipassfe-production-f.squarecdn.com/static/gqTacz5VF_Lg0AFKP_FBUA-nBLU/javascripts/sentry.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
35.188.42.15 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
15.42.188.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
73f41260a6a4b56b72a72b4e4fc60fa66702f86c7ea2cedd6d82da60283688a8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://square-login.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Date
Sat, 12 Feb 2022 01:36:35 GMT
vary
Origin
Server
nginx
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Type
application/json
access-control-allow-origin
https://square-login.com
access-control-expose-headers
x-sentry-error, retry-after, x-sentry-rate-limits
x-envoy-upstream-service-time
0
Connection
keep-alive
Content-Length
41

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Square (Financial) Squarespace (Consumer)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| structuredClone object| Sentry object| __SENTRY__

0 Cookies