square-login.com
Open in
urlscan Pro
46.17.98.104
Malicious Activity!
Public Scan
Submission: On February 11 via automatic, source certstream-suspicious — Scanned from NL
Summary
TLS certificate: Issued by R3 on February 11th 2022. Valid for: 3 months.
This is the only time square-login.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Square (Financial) Squarespace (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 46.17.98.104 46.17.98.104 | 57043 (HOSTKEY-AS) (HOSTKEY-AS) | |
5 | 151.101.193.49 151.101.193.49 | 54113 (FASTLY) (FASTLY) | |
1 | 35.188.42.15 35.188.42.15 | 15169 (GOOGLE) (GOOGLE) | |
7 | 3 |
ASN15169 (GOOGLE, US)
PTR: 15.42.188.35.bc.googleusercontent.com
sentry.io |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
squarecdn.com
multipassfe-production-f.squarecdn.com — Cisco Umbrella Rank: 79831 |
256 KB |
1 |
sentry.io
sentry.io — Cisco Umbrella Rank: 373 |
447 B |
1 |
square-login.com
square-login.com |
3 KB |
7 | 3 |
Domain | Requested by | |
---|---|---|
5 | multipassfe-production-f.squarecdn.com |
square-login.com
multipassfe-production-f.squarecdn.com |
1 | sentry.io |
multipassfe-production-f.squarecdn.com
|
1 | square-login.com | |
7 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
square-login.com R3 |
2022-02-11 - 2022-05-12 |
3 months | crt.sh |
*.squarecdn.com Entrust Certification Authority - L1K |
2022-01-18 - 2023-02-15 |
a year | crt.sh |
sentry.io DigiCert SHA2 Secure Server CA |
2020-06-02 - 2022-06-07 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://square-login.com/
Frame ID: 2291E6287589F7958479D87A1FE1CCBF
Requests: 7 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
7 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
square-login.com/ |
9 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login.css
multipassfe-production-f.squarecdn.com/static/gqTacz5VF_Lg0AFKP_FBUA-nBLU/stylesheets/ |
73 KB 73 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
polyfill.js
multipassfe-production-f.squarecdn.com/static/gqTacz5VF_Lg0AFKP_FBUA-nBLU/javascripts/ |
13 KB 14 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sentry.js
multipassfe-production-f.squarecdn.com/static/gqTacz5VF_Lg0AFKP_FBUA-nBLU/javascripts/ |
63 KB 63 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
/
sentry.io/api/1474740/store/ |
41 B 447 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sqmarket-regular.otf
multipassfe-production-f.squarecdn.com/static/gqTacz5VF_Lg0AFKP_FBUA-nBLU/fonts/sqmarket/ |
49 KB 49 KB |
Font
application/x-font-opentype |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sqmarket-medium.otf
multipassfe-production-f.squarecdn.com/static/gqTacz5VF_Lg0AFKP_FBUA-nBLU/fonts/sqmarket/ |
56 KB 57 KB |
Font
application/x-font-opentype |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Square (Financial) Squarespace (Consumer)3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| structuredClone object| Sentry object| __SENTRY__0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
multipassfe-production-f.squarecdn.com
sentry.io
square-login.com
151.101.193.49
35.188.42.15
46.17.98.104
1fc4881cab9110cf5a212890ce46537bb5192d99bc820fb447a7cd708c78e8da
276559c6ce4f247e1803a82d5b8c8aca5fae6e3fe8a24ff5a50c13f2f7f4c256
2aea0f852e733cb28f9596cc402972ab7459684c2006a1aa94838b05ff6126c6
550adada1bc65c641da935bced98f7240863cc6ca61f9d38fe0ffdf1a085aeb3
710873b026dee25206fb5dab2fadfd5ec55819fa7fd4bf5f19bf63c5196d3749
a4a4bcb59190d57adde7ba1460c6d61b6f55f8f27335b674c8800632215d5674
ae53ed566b5e868927fc7051483be68d1c6e4fcf75493dc5909f69da321834de