![](/screenshots/9f9d3c47-fe9b-4aa5-a4c1-f05766c3f464.png)
cashapp.omgthisproduct.com
Open in
urlscan Pro
2606:4700:3037::ac43:b143
Malicious Activity!
Public Scan
Effective URL: https://cashapp.omgthisproduct.com/?a=18&c=449&s1=SW-03-2-vz-14
Submission: On April 28 via manual from US
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on March 22nd 2021. Valid for: a year.
This is the only time cashapp.omgthisproduct.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Scam (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 2606:4700:303... 2606:4700:3035::6815:2fc6 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
13 | 2606:4700:303... 2606:4700:3037::ac43:b143 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
13 | 1 |
ASN13335 (CLOUDFLARENET, US)
cashapp.omgthisproduct.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
13 |
omgthisproduct.com
cashapp.omgthisproduct.com |
101 KB |
1 |
sh9d6.us
1 redirects
sh9d6.us |
754 B |
13 | 2 |
Domain | Requested by | |
---|---|---|
13 | cashapp.omgthisproduct.com |
cashapp.omgthisproduct.com
|
1 | sh9d6.us | 1 redirects |
13 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2021-03-22 - 2022-03-21 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://cashapp.omgthisproduct.com/?a=18&c=449&s1=SW-03-2-vz-14
Frame ID: 344511EC43D44DBB4E1AB89A405B13B5
Requests: 13 HTTP requests in this frame
Screenshot
![](/screenshots/9f9d3c47-fe9b-4aa5-a4c1-f05766c3f464.png)
Page URL History Show full URLs
-
http://sh9d6.us/
HTTP 301
https://cashapp.omgthisproduct.com/?a=18&c=449&s1=SW-03-2-vz-14 Page URL
Detected technologies
Detected patterns
- headers server /^cloudflare$/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://sh9d6.us/
HTTP 301
https://cashapp.omgthisproduct.com/?a=18&c=449&s1=SW-03-2-vz-14 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
13 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
cashapp.omgthisproduct.com/ Redirect Chain
|
19 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
custom_style.css
cashapp.omgthisproduct.com/css/ |
10 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
en_date.js
cashapp.omgthisproduct.com/js/ |
1 KB 900 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
jquery.min.js
cashapp.omgthisproduct.com/js/ |
95 KB 32 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
box_c.png
cashapp.omgthisproduct.com/img/ |
9 KB 9 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
gift.gif
cashapp.omgthisproduct.com/img/ |
15 KB 16 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
exit.png
cashapp.omgthisproduct.com/img/ |
525 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
box_o_t.png
cashapp.omgthisproduct.com/img/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
box_o_b.png
cashapp.omgthisproduct.com/img/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
hand_pp.png
cashapp.omgthisproduct.com/img/ |
9 KB 10 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
box_o_t.png
cashapp.omgthisproduct.com/img/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
box_o_b.png
cashapp.omgthisproduct.com/img/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
hand_pp.png
cashapp.omgthisproduct.com/img/ |
9 KB 10 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Scam (Online)45 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated function| calculateDate function| showMonthandYear function| showDayOfWeek function| $ function| jQuery string| URL123 string| pdpromo string| aVowel function| getUrlParameter function| offerurl function| final boolean| cfLeave function| leave function| leave1 function| leave2 function| leave3 function| clickHandler function| addScripts function| shakeIt function| elById function| elByCl function| second_try function| third_try function| showProg function| hideProg number| everythingLoaded object| end string| trackingLink string| alert_count string| alert_exit boolean| vibrate function| launchext function| setPromoCode boolean| sLoad1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.omgthisproduct.com/ | Name: __cfduid Value: d177e04278e84e141d9b77566718bfd491619617590 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cashapp.omgthisproduct.com
sh9d6.us
2606:4700:3035::6815:2fc6
2606:4700:3037::ac43:b143
1999301c84d39ee8b6ea31d6b71f8de51a7470ea855b1080effcc67a2afe6136
3ae5d8b5a2806b811378107313b19f0b05baae4b2bbe85e19e9cd223391a0fe3
6b2c28e1e03c021256d67916384b83f706500edfa701080150d78bd9fab51bf2
763e4f08e9f2f001971bb16f17357c6746e8f29782e616cca5ffeef3e4ba917c
9aa69834456ec999b5305c0756728d5c6250d1214164e4b2b7d385d6c9cc7eb1
c4f1d8867d03d437694f1cac0c9df3a7f5006fb8df474023bfa1d78f88843ce8
cba7e9a65e59c62a6a4d4e9713e09d5415a4d9077a530cf51fc1747def97a248
ed16388bac328613e7ff4fa6933545b80a53cbcb528997e574a6f1b19f5aeeb2
f9e2740fb819e3748066a670f88ad743cfc3068d5ce2a99fbd1fa731537f6127
fdc34fd73310984f22db0235f635024c80a884c451322931892dd722567ceaaf