urlscan.io logo urlscan.io
SecurityTrails logo

glc17.hostico.ro Open in urlscan Pro
2a00:ece1::8  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://glc17.hostico.ro/~sima/cash=update-id1991/
Submission: On July 07 via manual from RO
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 5 HTTP transactions. The main IP is 2a00:ece1::8, located in Romania and belongs to GTSCE GTS Central Europe / Antel Germany, CZ. The main domain is glc17.hostico.ro.
TLS certificate: Issued by cPanel, Inc. Certification Authority on January 21st 2020. Valid for: a year.
This is the only time glc17.hostico.ro was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Cash App (Banking)

Domain & IP information

IP Address AS Autonomous System
1 2a00:ece1::8 5588 (GTSCE GTS...)
3 151.101.113.49 54113 (FASTLY)
1 2606:4700::68... 13335 (CLOUDFLAR...)
5 3
Domain Requested by
3 cash-f.squarecdn.com glc17.hostico.ro
1 cdnjs.cloudflare.com glc17.hostico.ro
1 glc17.hostico.ro
5 3

This site contains no links.

Subject Issuer Validity Valid
glc17.hostico.ro
cPanel, Inc. Certification Authority		 2020-01-21 -
2021-01-20		 a year crt.sh
*.squarecdn.com
Entrust Certification Authority - L1K		 2020-02-06 -
2021-02-16		 a year crt.sh
cloudflare.com
Cloudflare Inc ECC CA-3		 2020-07-04 -
2021-07-04		 a year crt.sh

This page contains 1 frames:

Primary Page: https://glc17.hostico.ro/~sima/cash=update-id1991/
Frame ID: B1D8B0371ED1B97FFE0399C09232D56A
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

5
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

130 kB
Transfer

421 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
glc17.hostico.ro/~sima/cash=update-id1991/ 		4 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://glc17.hostico.ro/~sima/cash=update-id1991/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:ece1::8 , Romania, ASN5588 (GTSCE GTS Central Europe / Antel Germany, CZ),
Reverse DNS
Software
Apache / PHP/7.2.31
Resource Hash
d98d6e104348c23f68c156257070f78f0aa5a398d73390fb46e3d341eba9b5fe

Request headers

:method
GET
:authority
glc17.hostico.ro
:scheme
https
:path
/~sima/cash=update-id1991/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
200
date
Tue, 07 Jul 2020 07:34:05 GMT
server
Apache
x-powered-by
PHP/7.2.31
vary
Accept-Encoding
content-encoding
br
content-length
1421
content-type
text/html; charset=UTF-8
cash.css
cash-f.squarecdn.com/ember/8e9fede24675d26d4335a5cac93d444b49c7de11/assets/ 		274 KB
40 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cash-f.squarecdn.com/ember/8e9fede24675d26d4335a5cac93d444b49c7de11/assets/cash.css
Requested by
Host: glc17.hostico.ro
URL: https://glc17.hostico.ro/~sima/cash=update-id1991/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.113.49 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
651a9158125b43cdf7d07c79aac5b29dbc9923f351f232f75b8a56745dca90bb

Request headers

Referer
https://glc17.hostico.ro/~sima/cash=update-id1991/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id
HrGmYVfWhwQp7Vh7ehwh4Z41aOzGWUEH
content-encoding
gzip
etag
"ba03ea7176bed3ceba56d90d4c98f77c"
age
1207049
x-cache
HIT
status
200
x-amz-request-id
C5120E652F66F5FD
x-amz-id-2
IKsH9YN5MftqQ/W85MgU+GjlesakIL9WF+EH4g2izOJL/j+QGlEDXClyipOVvyurVka/oR996tg=
x-served-by
cache-hhn4042-HHN
accept-ranges
bytes
last-modified
Wed, 11 Mar 2020 04:29:11 GMT
server
AmazonS3
x-timer
S1594107247.689392,VS0,VE2
date
Tue, 07 Jul 2020 07:34:06 GMT
content-type
text/css; charset=UTF-8
via
1.1 varnish
expires
Fri, 11 Mar 2022 04:22:32 GMT
cache-control
max-age=630720000, public
content-length
40664
x-cache-hits
1
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.1.0/ 		84 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery/3.1.0/jquery.min.js
Requested by
Host: glc17.hostico.ro
URL: https://glc17.hostico.ro/~sima/cash=update-id1991/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:85e5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
702b9e051e82b32038ffdb33a4f7eb5f7b38f4cf6f514e4182d8898f4eb0b7fb
Security Headers
Name Value
Strict-Transport-Security max-age=15780000; includeSubDomains

Request headers

Referer
https://glc17.hostico.ro/~sima/cash=update-id1991/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 07 Jul 2020 07:34:06 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
age
8069178
status
200
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
03c9cb4fd9000005dce317b200000001
served-in-seconds
0.029
timing-allow-origin
*
last-modified
Thu, 17 May 2018 09:20:15 GMT
server
cloudflare
etag
W/"5afd494f-1514f"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000; includeSubDomains
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
cf-ray
5aefe192fa7e05dc-FRA
expires
Sun, 27 Jun 2021 07:34:06 GMT
sqmarket-medium.woff2
cash-f.squarecdn.com/static/fonts/sqmarket/ 		30 KB
30 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cash-f.squarecdn.com/static/fonts/sqmarket/sqmarket-medium.woff2
Requested by
Host: glc17.hostico.ro
URL: https://glc17.hostico.ro/~sima/cash=update-id1991/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.113.49 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
bd4d2e29f503390e4951af9232fc43780b43d349647188d8f3f600835f16afb7

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://cash-f.squarecdn.com/ember/8e9fede24675d26d4335a5cac93d444b49c7de11/assets/cash.css
Origin
https://glc17.hostico.ro

Response headers

x-amz-version-id
HQXsfZXRdMigI_XNcsTyCxxarhj.qi4u
content-encoding
gzip
etag
"10712e59acb43654c06388064d0d5483"
age
32595862
via
1.1 varnish
x-cache
HIT
status
200
x-amz-request-id
BF555F1168A8682E
x-amz-id-2
KXr8lIYsqEqXfOIWY/Sgb44zVT/TuZb+Np3QFWZYRgAcz2k2AHBcKG93LaQBXKa9NosLCLOO/bc=
x-served-by
cache-hhn4045-HHN
accept-ranges
bytes
last-modified
Tue, 14 Jun 2016 01:15:07 GMT
server
AmazonS3
x-timer
S1594107247.934484,VS0,VE41
date
Tue, 07 Jul 2020 07:34:06 GMT
content-type
application/octet-stream
access-control-allow-origin
*
expires
Thu, 14 Jun 2018 01:15:03 GMT
cache-control
max-age=630720000, public
content-length
30750
x-cache-hits
1
sqmarket-regular.woff2
cash-f.squarecdn.com/static/fonts/sqmarket/ 		28 KB
29 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cash-f.squarecdn.com/static/fonts/sqmarket/sqmarket-regular.woff2
Requested by
Host: glc17.hostico.ro
URL: https://glc17.hostico.ro/~sima/cash=update-id1991/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.113.49 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
229ec17324b239127841118369b6ba49cb6acbc054be11dd6b27e68c115565c7

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://cash-f.squarecdn.com/ember/8e9fede24675d26d4335a5cac93d444b49c7de11/assets/cash.css
Origin
https://glc17.hostico.ro

Response headers

x-amz-version-id
shNaE6HDcG6RVoQdJVAuNFeG0s8AeBNR
content-encoding
gzip
etag
"34fba7c3b6a75f32ffac7b04704a8a72"
age
27156281
via
1.1 varnish
x-cache
HIT
status
200
x-amz-request-id
2A67D1812B0AD32F
x-amz-id-2
0JxFECNtpAevYmm5Nue1jVLGIqZ+Yp2rJ3d4B81ekeIQ4yhllsEXsS31cAD7yisUnnurcSyq0FA=
x-served-by
cache-hhn4045-HHN
accept-ranges
bytes
last-modified
Tue, 14 Jun 2016 01:15:07 GMT
server
AmazonS3
x-timer
S1594107247.934472,VS0,VE1
date
Tue, 07 Jul 2020 07:34:06 GMT
content-type
application/octet-stream
access-control-allow-origin
*
expires
Thu, 14 Jun 2018 01:15:03 GMT
cache-control
max-age=630720000, public
content-length
29068
x-cache-hits
1

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Cash App (Banking)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery

0 Cookies