spy.cashnow.ee Open in urlscan Pro
192.254.184.96 Public Scan

Go To Rescan
Add Verdict Report

URL:
http://spy.cashnow.ee/
Submission Tags: c2 malware projectspy Search All
Submission: On March 28 via api (March 28th 2020, 1:12:29 pm UTC) from CA

Summary HTTP 7 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 3 domains to perform 7 HTTP transactions. The main IP is 192.254.184.96, located in Houston, United States and belongs to UNIFIEDLAYER-AS-1, US. The main domain is spy.cashnow.ee.

This is the only time spy.cashnow.ee was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
5	192.254.184.96 192.254.184.96	46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1)
1	2a00:1450:400... 2a00:1450:4001:821::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:824::2003	15169 (GOOGLE) (GOOGLE)
7	4

5 192.254.184.96 (Houston, United States)

ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: mail.refrigeracionkycperu.com

spy.cashnow.ee	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:821::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:824::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	cashnow.ee spy.cashnow.ee	43 KB
1	gstatic.com www.gstatic.com	93 KB
1	google.com www.google.com	548 B
7	3

	Domain	Requested by
5	spy.cashnow.ee	spy.cashnow.ee
1	www.gstatic.com	www.google.com
1	www.google.com	spy.cashnow.ee
7	3

This site contains no links.

Subject Issuer	Validity	Valid
www.google.com GTS CA 1O1	`2020-03-03` - `2020-05-26`	3 months	crt.sh
*.google.com GTS CA 1O1	`2020-03-03` - `2020-05-26`	3 months	crt.sh

This page contains 1 frames:

Primary Page: http://spy.cashnow.ee/
Frame ID: 5A33C3B704CADA8E69DD011614724935
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+(?:([\d.]+)\/)?(?:css\/)?font-awesome(?:\.min)?\.css/i

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

script /\/recaptcha\/api\.js/i

Page Statistics

7
Requests

29 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

4
IPs

2
Countries

136 kB
Transfer

2434 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request Cookie set / Show response
spy.cashnow.ee/ 6 KB
3 KB 1050ms
845ms Document
text/html 192.254.184.96
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: http://spy.cashnow.ee/
Protocol: HTTP/1.1
Server: 192.254.184.96 Houston, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: mail.refrigeracionkycperu.com
Software: Apache /
Resource Hash: ea547aeb078f751c87417e0581ac2024bc2959b770a9dce20e6f971f502b0af9

Request headers

Host: spy.cashnow.ee
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sat, 28 Mar 2020 13:12:10 GMT
Server: Apache
Cache-Control: no-cache, private
Set-Cookie: XSRF-TOKEN=eyJpdiI6IlhvTlNcL05jMXlZTW5qclwvN0gzZkpTUT09IiwidmFsdWUiOiJhS1ZPMU55OEhmaXZLSkQwOVdWQ1JNeFI2c3I3ZUZOTUZoRGtnN01XWUJ4aTFZNzI0cFFTRjBGanFYbmFnU280IiwibWFjIjoiMDYyOTk3NzE3Mjk5ZGNjMzJkNWE1N2ZkZDA4YjIzZmVhNmEzODNhZGVlNDI2OTFlNWNhMDI4MDRlYWU2OTFmNyJ9; expires=Sat, 28-Mar-2020 15:12:11 GMT; Max-Age=7200; path=/ projectspy_session=eyJpdiI6ImRzeUZvVEx3ZCtDbURLSFg5eVwvTVlBPT0iLCJ2YWx1ZSI6ImZwanJkMUMrOVhIXC82NGFVRlMzSmZBMENzXC9OVSt2YThYeGNzbVJkeVV3bmJWTlBXWGR4Y0IyNFdaXC95c01DWUwiLCJtYWMiOiJmYThmZmE0NDgzYTExOGYzM2VjNWE3M2JjYzlkNjgzZmY0MDk4ZGMxMTRkZWJhNzZmYmYyYThiNzUxYjNkY2MyIn0%3D; expires=Sat, 28-Mar-2020 15:12:11 GMT; Max-Age=7200; path=/; httponly
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2008
Keep-Alive: timeout=5, max=75
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK bootstrap.min.css
spy.cashnow.ee/assets/css/ 152 KB
35 KB 197ms
197ms Stylesheet
text/css 192.254.184.96
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: http://spy.cashnow.ee/assets/css/bootstrap.min.css
Requested by: Host: spy.cashnow.ee
URL: http://spy.cashnow.ee/
Protocol: HTTP/1.1
Server: 192.254.184.96 Houston, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: mail.refrigeracionkycperu.com
Software: Apache /
Resource Hash: c1cd17ef6016137c193ea498ed5aaeb3dae8bdacc05023f656c17ea0e0d1e08f

Request headers

Referer: http://spy.cashnow.ee/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sat, 28 Mar 2020 13:12:11 GMT
Content-Encoding: gzip
Last-Modified: Wed, 18 Dec 2019 20:46:14 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/css
Transfer-Encoding: chunked
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=74

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 674 B
548 B 18ms
17ms Script
text/javascript 2a00:1450:4001:821::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?

Requested by

Host: spy.cashnow.ee
URL: http://spy.cashnow.ee/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

beb58d113da73001dfcbbb97b0e041c737361f1ae0050e6c60c96c14d69a46a7

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://spy.cashnow.ee/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sat, 28 Mar 2020 13:12:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
status: 200
cache-control: private, max-age=300
content-security-policy: frame-ancestors 'self'
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 447
x-xss-protection: 1; mode=block
expires: Sat, 28 Mar 2020 13:12:11 GMT

GET
H/1.1 206
Partial Content login_bg_video.mp4
spy.cashnow.ee/video/ 42 KB
0 373ms
361ms Media
video/mp4 192.254.184.96
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: http://spy.cashnow.ee/video/login_bg_video.mp4
Requested by: Host: spy.cashnow.ee
URL: http://spy.cashnow.ee/
Protocol: HTTP/1.1
Server: 192.254.184.96 Houston, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: mail.refrigeracionkycperu.com
Software: Apache /
Resource Hash

Request headers

Referer: http://spy.cashnow.ee/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Range: bytes=0-

Response headers

Date: Sat, 28 Mar 2020 13:12:11 GMT
Last-Modified: Wed, 18 Dec 2019 20:46:14 GMT
Server: Apache
Upgrade: h2,h2c
Content-Range: bytes 0-10130290/10130291
Connection: Upgrade, Keep-Alive
Accept-Ranges: bytes
Content-Type: video/mp4
Keep-Alive: timeout=5, max=75
Content-Length: 10130291

GET
H2 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/P6KLRNy7h3K160ZmYNUOAce7/ 260 KB
93 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:824::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/P6KLRNy7h3K160ZmYNUOAce7/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b2d6fcca7b06d9b949f7f407e9229e0323cb2a75cb6ee4ad35b53e25cf161605

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://spy.cashnow.ee/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Mon, 23 Mar 2020 16:31:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 23 Mar 2020 04:07:14 GMT
server: sffe
age: 420054
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 94799
x-xss-protection: 0
expires: Tue, 23 Mar 2021 16:31:17 GMT

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9d02d662da8a47fb5fb610b545007507b6017028043dbb63cd09ec897d3b9627

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 715 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5a3f1dd74233f605e511f1b5b244bedf85ac88ba264caf4d6401bc7ec2017dcd

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 206
Partial Content login_bg_video.mp4
spy.cashnow.ee/video/ 5 KB
5 KB 195ms
195ms Media
video/mp4 192.254.184.96
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: http://spy.cashnow.ee/video/login_bg_video.mp4
Requested by: Host: spy.cashnow.ee
URL: http://spy.cashnow.ee/
Protocol: HTTP/1.1
Server: 192.254.184.96 Houston, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: mail.refrigeracionkycperu.com
Software: Apache /
Resource Hash: e35a72da9be4ac68baccece670de24abb36e341817ff25cc9d0d578e6e880328

Request headers

Referer: http://spy.cashnow.ee/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Range: bytes=10125312-

Response headers

Date: Sat, 28 Mar 2020 13:12:11 GMT
Last-Modified: Wed, 18 Dec 2019 20:46:14 GMT
Server: Apache
Content-Type: video/mp4
Content-Range: bytes 10125312-10130290/10130291
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=73
Content-Length: 4979

GET
H/1.1 206
Partial Content login_bg_video.mp4
spy.cashnow.ee/video/ 2 MB
0 195ms
195ms Media
video/mp4 192.254.184.96
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: http://spy.cashnow.ee/video/login_bg_video.mp4
Requested by: Host: spy.cashnow.ee
URL: http://spy.cashnow.ee/
Protocol: HTTP/1.1
Server: 192.254.184.96 Houston, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: mail.refrigeracionkycperu.com
Software: Apache /
Resource Hash

Request headers

Referer: http://spy.cashnow.ee/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Range: bytes=32768-

Response headers

Date: Sat, 28 Mar 2020 13:12:11 GMT
Last-Modified: Wed, 18 Dec 2019 20:46:14 GMT
Server: Apache
Content-Type: video/mp4
Content-Range: bytes 32768-10130290/10130291
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=72
Content-Length: 10097523

Verdicts & Comments Add Verdict or Comment

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			spy.cashnow.ee/	1970-01-19 08:23:28	Name: projectspy_session Value: eyJpdiI6ImRzeUZvVEx3ZCtDbURLSFg5eVwvTVlBPT0iLCJ2YWx1ZSI6ImZwanJkMUMrOVhIXC82NGFVRlMzSmZBMENzXC9OVSt2YThYeGNzbVJkeVV3bmJWTlBXWGR4Y0IyNFdaXC95c01DWUwiLCJtYWMiOiJmYThmZmE0NDgzYTExOGYzM2VjNWE3M2JjYzlkNjgzZmY0MDk4ZGMxMTRkZWJhNzZmYmYyYThiNzUxYjNkY2MyIn0%3D
			spy.cashnow.ee/	1970-01-19 08:23:28	Name: XSRF-TOKEN Value: eyJpdiI6IlhvTlNcL05jMXlZTW5qclwvN0gzZkpTUT09IiwidmFsdWUiOiJhS1ZPMU55OEhmaXZLSkQwOVdWQ1JNeFI2c3I3ZUZOTUZoRGtnN01XWUJ4aTFZNzI0cFFTRjBGanFYbmFnU280IiwibWFjIjoiMDYyOTk3NzE3Mjk5ZGNjMzJkNWE1N2ZkZDA4YjIzZmVhNmEzODNhZGVlNDI2OTFlNWNhMDI4MDRlYWU2OTFmNyJ9

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

spy.cashnow.ee
www.google.com
www.gstatic.com
192.254.184.96
2a00:1450:4001:821::2004
2a00:1450:4001:824::2003
5a3f1dd74233f605e511f1b5b244bedf85ac88ba264caf4d6401bc7ec2017dcd
9d02d662da8a47fb5fb610b545007507b6017028043dbb63cd09ec897d3b9627
b2d6fcca7b06d9b949f7f407e9229e0323cb2a75cb6ee4ad35b53e25cf161605
beb58d113da73001dfcbbb97b0e041c737361f1ae0050e6c60c96c14d69a46a7
c1cd17ef6016137c193ea498ed5aaeb3dae8bdacc05023f656c17ea0e0d1e08f
e35a72da9be4ac68baccece670de24abb36e341817ff25cc9d0d578e6e880328
ea547aeb078f751c87417e0581ac2024bc2959b770a9dce20e6f971f502b0af9

spy.cashnow.ee Open in urlscan Pro 192.254.184.96 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

7 Requests

29 %HTTPS

67 %IPv6

3 Domains

3 Subdomains

4 IPs

2 Countries

136 kBTransfer

2434 kBSize

2 Cookies

0 Outgoing links

Redirected requests

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

6 JavaScript Global Variables

2 Cookies

Indicators

spy.cashnow.ee Open in urlscan Pro
192.254.184.96 Public Scan

Screenshot
Live screenshot

Full Image

7
Requests

29 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

4
IPs

2
Countries

136 kB
Transfer

2434 kB
Size

2
Cookies

7 HTTP transactions
2 data transactions