glc17.hostico.ro
Open in
urlscan Pro
2a00:ece1::8
Malicious Activity!
Public Scan
Submission: On July 07 via manual from RO
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on January 21st 2020. Valid for: a year.
This is the only time glc17.hostico.ro was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Cash App (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 2a00:ece1::8 2a00:ece1::8 | 5588 (GTSCE GTS...) (GTSCE GTS Central Europe / Antel Germany) | |
3 | 151.101.113.49 151.101.113.49 | 54113 (FASTLY) (FASTLY) | |
1 | 2606:4700::68... 2606:4700::6810:85e5 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
5 | 3 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
3 |
squarecdn.com
cash-f.squarecdn.com |
99 KB |
1 |
cloudflare.com
cdnjs.cloudflare.com |
29 KB |
1 |
hostico.ro
glc17.hostico.ro |
2 KB |
5 | 3 |
Domain | Requested by | |
---|---|---|
3 | cash-f.squarecdn.com |
glc17.hostico.ro
|
1 | cdnjs.cloudflare.com |
glc17.hostico.ro
|
1 | glc17.hostico.ro | |
5 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
glc17.hostico.ro cPanel, Inc. Certification Authority |
2020-01-21 - 2021-01-20 |
a year | crt.sh |
*.squarecdn.com Entrust Certification Authority - L1K |
2020-02-06 - 2021-02-16 |
a year | crt.sh |
cloudflare.com Cloudflare Inc ECC CA-3 |
2020-07-04 - 2021-07-04 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://glc17.hostico.ro/~sima/cash=update-id1991/
Frame ID: B1D8B0371ED1B97FFE0399C09232D56A
Requests: 5 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
5 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
glc17.hostico.ro/~sima/cash=update-id1991/ |
4 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cash.css
cash-f.squarecdn.com/ember/8e9fede24675d26d4335a5cac93d444b49c7de11/assets/ |
274 KB 40 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.1.0/ |
84 KB 29 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sqmarket-medium.woff2
cash-f.squarecdn.com/static/fonts/sqmarket/ |
30 KB 30 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sqmarket-regular.woff2
cash-f.squarecdn.com/static/fonts/sqmarket/ |
28 KB 29 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Cash App (Banking)2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cash-f.squarecdn.com
cdnjs.cloudflare.com
glc17.hostico.ro
151.101.113.49
2606:4700::6810:85e5
2a00:ece1::8
229ec17324b239127841118369b6ba49cb6acbc054be11dd6b27e68c115565c7
651a9158125b43cdf7d07c79aac5b29dbc9923f351f232f75b8a56745dca90bb
702b9e051e82b32038ffdb33a4f7eb5f7b38f4cf6f514e4182d8898f4eb0b7fb
bd4d2e29f503390e4951af9232fc43780b43d349647188d8f3f600835f16afb7
d98d6e104348c23f68c156257070f78f0aa5a398d73390fb46e3d341eba9b5fe