verfysdetailscashappsauthenticationsd.vantechdns.com Open in urlscan Pro
103.183.74.233  Malicious Activity! Public Scan

URL: https://verfysdetailscashappsauthenticationsd.vantechdns.com/cash.app/billing.php
Submission Tags: falconsandbox
Submission: On March 30 via api from US — Scanned from DE

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 9 HTTP transactions. The main IP is 103.183.74.233, located in Indonesia and belongs to IDNIC-IDCLOUDHOST-AS-ID PT Cloud Hosting Indonesia, ID. The main domain is verfysdetailscashappsauthenticationsd.vantechdns.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on March 26th 2022. Valid for: 3 months.
This is the only time verfysdetailscashappsauthenticationsd.vantechdns.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Cash App (Banking)

Domain & IP information

IP Address AS Autonomous System
7 103.183.74.233 136052 (IDNIC-IDC...)
2 151.101.65.49 54113 (FASTLY)
9 2
Apex Domain
Subdomains
Transfer
7 vantechdns.com
verfysdetailscashappsauthenticationsd.vantechdns.com
2 MB
2 squarecdn.com
cash-f.squarecdn.com — Cisco Umbrella Rank: 17028
69 KB
9 2
Domain Requested by
7 verfysdetailscashappsauthenticationsd.vantechdns.com verfysdetailscashappsauthenticationsd.vantechdns.com
2 cash-f.squarecdn.com verfysdetailscashappsauthenticationsd.vantechdns.com
9 2

This site contains no links.

Subject Issuer Validity Valid
verfysdetailscashappsauthenticationsd.vantechdns.com
cPanel, Inc. Certification Authority
2022-03-26 -
2022-06-24
3 months crt.sh
*.squarecdn.com
Entrust Certification Authority - L1K
2022-01-18 -
2023-02-15
a year crt.sh

This page contains 1 frames:

Primary Page: https://verfysdetailscashappsauthenticationsd.vantechdns.com/cash.app/billing.php
Frame ID: 26A2313D916492A203A00C1E142D8BF5
Requests: 9 HTTP requests in this frame

Screenshot

Page Title

Cash App

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)

Page Statistics

9
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

2515 kB
Transfer

2512 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request billing.php
verfysdetailscashappsauthenticationsd.vantechdns.com/cash.app/
5 KB
5 KB
Document
General
Full URL
https://verfysdetailscashappsauthenticationsd.vantechdns.com/cash.app/billing.php
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
103.183.74.233 , Indonesia, ASN136052 (IDNIC-IDCLOUDHOST-AS-ID PT Cloud Hosting Indonesia, ID),
Reverse DNS
ip233.74.183.103.in-addr.arpa.unknwn.cloudhost.asia
Software
Apache /
Resource Hash
3377c30da10f59dad3d7b1d936dfe4dbe922f7e1f5610435b10ae4eba6eb85e6

Request headers

Accept-Language
de-DE,de;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8
Date
Wed, 30 Mar 2022 20:34:33 GMT
Keep-Alive
timeout=5, max=100
Server
Apache
Transfer-Encoding
chunked
vendor.js
verfysdetailscashappsauthenticationsd.vantechdns.com/cash.app/assets/
1 MB
1 MB
Script
General
Full URL
https://verfysdetailscashappsauthenticationsd.vantechdns.com/cash.app/assets/vendor.js
Requested by
Host: verfysdetailscashappsauthenticationsd.vantechdns.com
URL: https://verfysdetailscashappsauthenticationsd.vantechdns.com/cash.app/billing.php
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
103.183.74.233 , Indonesia, ASN136052 (IDNIC-IDCLOUDHOST-AS-ID PT Cloud Hosting Indonesia, ID),
Reverse DNS
ip233.74.183.103.in-addr.arpa.unknwn.cloudhost.asia
Software
Apache /
Resource Hash
7089a778b24660f4f0d185dc42ce4b13059c180f3faad3dc73ea5437719ee78c

Request headers

Referer
https://verfysdetailscashappsauthenticationsd.vantechdns.com/cash.app/billing.php
Origin
https://verfysdetailscashappsauthenticationsd.vantechdns.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date
Wed, 30 Mar 2022 20:34:34 GMT
Last-Modified
Sat, 12 Sep 2020 04:40:36 GMT
Server
Apache
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
1154469
cash.js
verfysdetailscashappsauthenticationsd.vantechdns.com/cash.app/assets/
982 KB
982 KB
Script
General
Full URL
https://verfysdetailscashappsauthenticationsd.vantechdns.com/cash.app/assets/cash.js
Requested by
Host: verfysdetailscashappsauthenticationsd.vantechdns.com
URL: https://verfysdetailscashappsauthenticationsd.vantechdns.com/cash.app/billing.php
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
103.183.74.233 , Indonesia, ASN136052 (IDNIC-IDCLOUDHOST-AS-ID PT Cloud Hosting Indonesia, ID),
Reverse DNS
ip233.74.183.103.in-addr.arpa.unknwn.cloudhost.asia
Software
Apache /
Resource Hash
05c2eae4c5809a4cf8721574ae4c6700d2b9484528c73605c899b8dfd41f199e

Request headers

Referer
https://verfysdetailscashappsauthenticationsd.vantechdns.com/cash.app/billing.php
Origin
https://verfysdetailscashappsauthenticationsd.vantechdns.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date
Wed, 30 Mar 2022 20:34:34 GMT
Last-Modified
Sat, 12 Sep 2020 04:40:36 GMT
Server
Apache
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
1005423
cash.css
verfysdetailscashappsauthenticationsd.vantechdns.com/cash.app/assets/
239 KB
239 KB
Stylesheet
General
Full URL
https://verfysdetailscashappsauthenticationsd.vantechdns.com/cash.app/assets/cash.css
Requested by
Host: verfysdetailscashappsauthenticationsd.vantechdns.com
URL: https://verfysdetailscashappsauthenticationsd.vantechdns.com/cash.app/billing.php
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
103.183.74.233 , Indonesia, ASN136052 (IDNIC-IDCLOUDHOST-AS-ID PT Cloud Hosting Indonesia, ID),
Reverse DNS
ip233.74.183.103.in-addr.arpa.unknwn.cloudhost.asia
Software
Apache /
Resource Hash
0cab6ae142696ceae7265aa7f93941de14df3d4e06ac2487808d4bbf1d8fea0f

Request headers

Referer
https://verfysdetailscashappsauthenticationsd.vantechdns.com/cash.app/billing.php
Origin
https://verfysdetailscashappsauthenticationsd.vantechdns.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date
Wed, 30 Mar 2022 20:34:34 GMT
Last-Modified
Sat, 12 Sep 2020 04:40:32 GMT
Server
Apache
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
244264
cash-market-rounded-light.woff2
verfysdetailscashappsauthenticationsd.vantechdns.com/cash.app/assets/
23 KB
23 KB
Font
General
Full URL
https://verfysdetailscashappsauthenticationsd.vantechdns.com/cash.app/assets/cash-market-rounded-light.woff2
Requested by
Host: verfysdetailscashappsauthenticationsd.vantechdns.com
URL: https://verfysdetailscashappsauthenticationsd.vantechdns.com/cash.app/billing.php
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
103.183.74.233 , Indonesia, ASN136052 (IDNIC-IDCLOUDHOST-AS-ID PT Cloud Hosting Indonesia, ID),
Reverse DNS
ip233.74.183.103.in-addr.arpa.unknwn.cloudhost.asia
Software
Apache /
Resource Hash
a1abd94048e822be4d2b551ce86d9250314fb453a2b87092a6bb1138ae167c14

Request headers

Referer
https://verfysdetailscashappsauthenticationsd.vantechdns.com/cash.app/billing.php
Origin
https://verfysdetailscashappsauthenticationsd.vantechdns.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date
Wed, 30 Mar 2022 20:34:34 GMT
Last-Modified
Sat, 12 Sep 2020 04:40:32 GMT
Server
Apache
Content-Type
font/woff2
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
23296
cash-market-rounded-regular.woff2
verfysdetailscashappsauthenticationsd.vantechdns.com/cash.app/assets/
33 KB
33 KB
Font
General
Full URL
https://verfysdetailscashappsauthenticationsd.vantechdns.com/cash.app/assets/cash-market-rounded-regular.woff2
Requested by
Host: verfysdetailscashappsauthenticationsd.vantechdns.com
URL: https://verfysdetailscashappsauthenticationsd.vantechdns.com/cash.app/billing.php
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
103.183.74.233 , Indonesia, ASN136052 (IDNIC-IDCLOUDHOST-AS-ID PT Cloud Hosting Indonesia, ID),
Reverse DNS
ip233.74.183.103.in-addr.arpa.unknwn.cloudhost.asia
Software
Apache /
Resource Hash
de531e5c7be5d41643ca0ca0eda3794751eb52275c95a774da8df60ef8729b3b

Request headers

Referer
https://verfysdetailscashappsauthenticationsd.vantechdns.com/cash.app/billing.php
Origin
https://verfysdetailscashappsauthenticationsd.vantechdns.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date
Wed, 30 Mar 2022 20:34:34 GMT
Last-Modified
Sat, 12 Sep 2020 04:40:32 GMT
Server
Apache
Content-Type
font/woff2
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
33692
cash-market-rounded-medium.woff2
verfysdetailscashappsauthenticationsd.vantechdns.com/cash.app/assets/
35 KB
36 KB
Font
General
Full URL
https://verfysdetailscashappsauthenticationsd.vantechdns.com/cash.app/assets/cash-market-rounded-medium.woff2
Requested by
Host: verfysdetailscashappsauthenticationsd.vantechdns.com
URL: https://verfysdetailscashappsauthenticationsd.vantechdns.com/cash.app/billing.php
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
103.183.74.233 , Indonesia, ASN136052 (IDNIC-IDCLOUDHOST-AS-ID PT Cloud Hosting Indonesia, ID),
Reverse DNS
ip233.74.183.103.in-addr.arpa.unknwn.cloudhost.asia
Software
Apache /
Resource Hash
32ce0116ec544d7c3a3f10163fabb110f4c8e49be67489b60957badd5acc8bc3

Request headers

Referer
https://verfysdetailscashappsauthenticationsd.vantechdns.com/cash.app/billing.php
Origin
https://verfysdetailscashappsauthenticationsd.vantechdns.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date
Wed, 30 Mar 2022 20:34:34 GMT
Last-Modified
Sat, 12 Sep 2020 04:40:32 GMT
Server
Apache
Content-Type
font/woff2
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
36144
cash-market-rounded-medium.woff2
cash-f.squarecdn.com/static/fonts/cashmarket/
35 KB
36 KB
Font
General
Full URL
https://cash-f.squarecdn.com/static/fonts/cashmarket/cash-market-rounded-medium.woff2
Requested by
Host: verfysdetailscashappsauthenticationsd.vantechdns.com
URL: https://verfysdetailscashappsauthenticationsd.vantechdns.com/cash.app/assets/cash.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
32ce0116ec544d7c3a3f10163fabb110f4c8e49be67489b60957badd5acc8bc3

Request headers

Referer
https://verfysdetailscashappsauthenticationsd.vantechdns.com/
Origin
https://verfysdetailscashappsauthenticationsd.vantechdns.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

x-amz-version-id
3.NwPIEqbWwxllIY4T6kBmfisrrfHtz7
content-encoding
gzip
etag
"bb0a7911452d2d17b9bcf766d63e2602"
age
678512
via
1.1 varnish
x-cache
HIT
content-length
36116
x-amz-id-2
C/DlZejmBEhgn2gF4Z0LSIThQWexMRF2dCunSSfkYy/49+kmDd/tGu1STIQv+axuc7QQJRRzCAg=
x-served-by
cache-hhn4034-HHN
last-modified
Thu, 03 Feb 2022 02:10:32 GMT
server
AmazonS3
x-timer
S1648672476.936465,VS0,VE1
date
Wed, 30 Mar 2022 20:34:35 GMT
x-amz-request-id
JS7XAH857YMA5VMQ
access-control-allow-origin
*
expires
Sat, 03 Feb 2024 02:10:30 GMT
cache-control
max-age=630720000, public
accept-ranges
bytes
content-type
application/octet-stream
x-cache-hits
1
cash-market-rounded-regular.woff2
cash-f.squarecdn.com/static/fonts/cashmarket/
33 KB
33 KB
Font
General
Full URL
https://cash-f.squarecdn.com/static/fonts/cashmarket/cash-market-rounded-regular.woff2
Requested by
Host: verfysdetailscashappsauthenticationsd.vantechdns.com
URL: https://verfysdetailscashappsauthenticationsd.vantechdns.com/cash.app/assets/cash.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
de531e5c7be5d41643ca0ca0eda3794751eb52275c95a774da8df60ef8729b3b

Request headers

Referer
https://verfysdetailscashappsauthenticationsd.vantechdns.com/
Origin
https://verfysdetailscashappsauthenticationsd.vantechdns.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

x-amz-version-id
dwxC4ZmjB_4CDnOqYYdcKqTS8B_Nigxi
content-encoding
gzip
etag
"438232647d9913a48305142c9fe7721b"
age
1194454
via
1.1 varnish
x-cache
HIT
content-length
33725
x-amz-id-2
b5USFoKNbKUxF+grX80yuEn+O5Obd0MrIzg+uRTxzUNKDLxD0cN99esCfvKRuh6GRBXMUCc1D7w=
x-served-by
cache-hhn4034-HHN
last-modified
Thu, 03 Feb 2022 02:10:32 GMT
server
AmazonS3
x-timer
S1648672476.936630,VS0,VE1
date
Wed, 30 Mar 2022 20:34:35 GMT
x-amz-request-id
F668B22NN6626QKA
access-control-allow-origin
*
expires
Sat, 03 Feb 2024 02:10:30 GMT
cache-control
max-age=630720000, public
accept-ranges
bytes
content-type
application/octet-stream
x-cache-hits
1

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Cash App (Banking)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| structuredClone object| oncontextlost object| oncontextrestored function| getScreenDetails

0 Cookies

5 Console Messages

Source Level URL
Text
security error URL: https://verfysdetailscashappsauthenticationsd.vantechdns.com/cash.app/billing.php
Message:
Failed to find a valid digest in the 'integrity' attribute for resource 'https://verfysdetailscashappsauthenticationsd.vantechdns.com/cash.app/assets/vendor.js' with computed SHA-256 integrity 'cImneLJGYPTw0YXcQs5LEwWcGA8/qtPcc+pUN3Ge54w='. The resource has been blocked.
security error URL: https://verfysdetailscashappsauthenticationsd.vantechdns.com/cash.app/billing.php
Message:
Failed to find a valid digest in the 'integrity' attribute for resource 'https://verfysdetailscashappsauthenticationsd.vantechdns.com/cash.app/assets/cash.js' with computed SHA-256 integrity 'BcLq5MWAmkz4chV0rkxnANK5SEUoxzYFyJm439QfGZ4='. The resource has been blocked.
javascript warning URL: https://verfysdetailscashappsauthenticationsd.vantechdns.com/cash.app/billing.php
Message:
The resource https://verfysdetailscashappsauthenticationsd.vantechdns.com/cash.app/assets/cash-market-rounded-light.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://verfysdetailscashappsauthenticationsd.vantechdns.com/cash.app/billing.php
Message:
The resource https://verfysdetailscashappsauthenticationsd.vantechdns.com/cash.app/assets/cash-market-rounded-regular.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://verfysdetailscashappsauthenticationsd.vantechdns.com/cash.app/billing.php
Message:
The resource https://verfysdetailscashappsauthenticationsd.vantechdns.com/cash.app/assets/cash-market-rounded-medium.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.