spy.cashnow.ee
Open in
urlscan Pro
192.254.184.96
Public Scan
Submission Tags: c2 malware projectspy Search All
Submission: On March 28 via api from CA
Summary
This is the only time spy.cashnow.ee was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
5 | 192.254.184.96 192.254.184.96 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1) | |
1 | 2a00:1450:400... 2a00:1450:4001:821::2004 | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:4001:824::2003 | 15169 (GOOGLE) (GOOGLE) | |
7 | 4 |
ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: mail.refrigeracionkycperu.com
spy.cashnow.ee |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
cashnow.ee
spy.cashnow.ee |
43 KB |
1 |
gstatic.com
www.gstatic.com |
93 KB |
1 |
google.com
www.google.com |
548 B |
7 | 3 |
Domain | Requested by | |
---|---|---|
5 | spy.cashnow.ee |
spy.cashnow.ee
|
1 | www.gstatic.com |
www.google.com
|
1 | www.google.com |
spy.cashnow.ee
|
7 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.google.com GTS CA 1O1 |
2020-03-03 - 2020-05-26 |
3 months | crt.sh |
*.google.com GTS CA 1O1 |
2020-03-03 - 2020-05-26 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
http://spy.cashnow.ee/
Frame ID: 5A33C3B704CADA8E69DD011614724935
Requests: 9 HTTP requests in this frame
Screenshot
Detected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Font Awesome (Font Scripts) Expand
Detected patterns
- html /<link[^>]* href=[^>]+(?:([\d.]+)\/)?(?:css\/)?font-awesome(?:\.min)?\.css/i
reCAPTCHA (Captchas) Expand
Detected patterns
- script /\/recaptcha\/api\.js/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
7 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
Cookie set
/
spy.cashnow.ee/ |
6 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap.min.css
spy.cashnow.ee/assets/css/ |
152 KB 35 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
api.js
www.google.com/recaptcha/ |
674 B 548 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login_bg_video.mp4
spy.cashnow.ee/video/ |
42 KB 0 |
Media
video/mp4 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
recaptcha__en.js
www.gstatic.com/recaptcha/releases/P6KLRNy7h3K160ZmYNUOAce7/ |
260 KB 93 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
715 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login_bg_video.mp4
spy.cashnow.ee/video/ |
5 KB 5 KB |
Media
video/mp4 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login_bg_video.mp4
spy.cashnow.ee/video/ |
2 MB 0 |
Media
video/mp4 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
6 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate object| ___grecaptcha_cfg object| grecaptcha boolean| __google_recaptcha_client object| recaptcha2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
spy.cashnow.ee/ | Name: projectspy_session Value: eyJpdiI6ImRzeUZvVEx3ZCtDbURLSFg5eVwvTVlBPT0iLCJ2YWx1ZSI6ImZwanJkMUMrOVhIXC82NGFVRlMzSmZBMENzXC9OVSt2YThYeGNzbVJkeVV3bmJWTlBXWGR4Y0IyNFdaXC95c01DWUwiLCJtYWMiOiJmYThmZmE0NDgzYTExOGYzM2VjNWE3M2JjYzlkNjgzZmY0MDk4ZGMxMTRkZWJhNzZmYmYyYThiNzUxYjNkY2MyIn0%3D |
|
spy.cashnow.ee/ | Name: XSRF-TOKEN Value: eyJpdiI6IlhvTlNcL05jMXlZTW5qclwvN0gzZkpTUT09IiwidmFsdWUiOiJhS1ZPMU55OEhmaXZLSkQwOVdWQ1JNeFI2c3I3ZUZOTUZoRGtnN01XWUJ4aTFZNzI0cFFTRjBGanFYbmFnU280IiwibWFjIjoiMDYyOTk3NzE3Mjk5ZGNjMzJkNWE1N2ZkZDA4YjIzZmVhNmEzODNhZGVlNDI2OTFlNWNhMDI4MDRlYWU2OTFmNyJ9 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
spy.cashnow.ee
www.google.com
www.gstatic.com
192.254.184.96
2a00:1450:4001:821::2004
2a00:1450:4001:824::2003
5a3f1dd74233f605e511f1b5b244bedf85ac88ba264caf4d6401bc7ec2017dcd
9d02d662da8a47fb5fb610b545007507b6017028043dbb63cd09ec897d3b9627
b2d6fcca7b06d9b949f7f407e9229e0323cb2a75cb6ee4ad35b53e25cf161605
beb58d113da73001dfcbbb97b0e041c737361f1ae0050e6c60c96c14d69a46a7
c1cd17ef6016137c193ea498ed5aaeb3dae8bdacc05023f656c17ea0e0d1e08f
e35a72da9be4ac68baccece670de24abb36e341817ff25cc9d0d578e6e880328
ea547aeb078f751c87417e0581ac2024bc2959b770a9dce20e6f971f502b0af9