helps.cash.app.wesleybilliondv.com Open in urlscan Pro
74.115.32.74 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://helps.cash.app.wesleybilliondv.com/confirm/bank/?account=87610984e9e95a8a2defdeb7097f259ef420b2c1
Submission: On December 17 via manual (December 17th 2022, 5:14:01 pm UTC) from NL — Scanned from NL

Summary HTTP 11 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 11 HTTP transactions. The main IP is 74.115.32.74, located in United States and belongs to AXXA-RACKCO, US. The main domain is helps.cash.app.wesleybilliondv.com.

This is the only time helps.cash.app.wesleybilliondv.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Cash App (Banking)

Domain & IP information

	IP Address		AS Autonomous System
11	74.115.32.74 74.115.32.74		36529 (AXXA-RACKCO) (AXXA-RACKCO)
11	1

11 74.115.32.74 (United States)

ASN36529 (AXXA-RACKCO, US)
PTR: wesleyv01.rackco.com

helps.cash.app.wesleybilliondv.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	wesleybilliondv.com helps.cash.app.wesleybilliondv.com	496 KB
11	1

	Domain	Requested by
11	helps.cash.app.wesleybilliondv.com	helps.cash.app.wesleybilliondv.com
11	1

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://helps.cash.app.wesleybilliondv.com/confirm/bank/?account=87610984e9e95a8a2defdeb7097f259ef420b2c1
Frame ID: 5D19B37C59355EDDB828A5CB7E21A60C
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Cash App

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

11
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

496 kB
Transfer

493 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response helps.cash.app.wesleybilliondv.com/confirm/bank/	4 KB 4 KB	684ms 563ms	Document text/html	74.115.32.74 AXXA-RACKCO
General Check archive.org Show headers Download Go to Full URL http://helps.cash.app.wesleybilliondv.com/confirm/bank/?account=87610984e9e95a8a2defdeb7097f259ef420b2c1 Protocol HTTP/1.1 Server 74.115.32.74 , United States, ASN36529 (AXXA-RACKCO, US), Reverse DNS wesleyv01.rackco.com Software Apache / Resource Hash `917c5711d05b97aeac9d950b80211b3c3e73ea9e640c6e91fbb39a7f30d46a65` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 accept-language nl-NL,nl;q=0.9 Response headers Connection Keep-Alive Content-Type text/html; charset=UTF-8 Date Sat, 17 Dec 2022 17:13:55 GMT Keep-Alive timeout=5, max=100 Server Apache Transfer-Encoding chunked
GET H/1.1	200 OK	cash.css helps.cash.app.wesleybilliondv.com/static/css/	238 KB 239 KB	127ms 122ms	Stylesheet text/css	74.115.32.74 AXXA-RACKCO
General Check archive.org Show headers Download Go to Full URL http://helps.cash.app.wesleybilliondv.com/static/css/cash.css Requested by Host: helps.cash.app.wesleybilliondv.com URL: http://helps.cash.app.wesleybilliondv.com/confirm/bank/?account=87610984e9e95a8a2defdeb7097f259ef420b2c1 Protocol HTTP/1.1 Server 74.115.32.74 , United States, ASN36529 (AXXA-RACKCO, US), Reverse DNS wesleyv01.rackco.com Software Apache / Resource Hash `e83f48c001b68ad2019dd5b4420d4d22a73f1a00c4b18c227c928ee7761f68f8` Request headers accept-language nl-NL,nl;q=0.9 Referer http://helps.cash.app.wesleybilliondv.com/confirm/bank/?account=87610984e9e95a8a2defdeb7097f259ef420b2c1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Date Sat, 17 Dec 2022 17:13:56 GMT Last-Modified Thu, 10 Nov 2022 18:48:26 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 244141
GET H/1.1	200 OK	cok.css helps.cash.app.wesleybilliondv.com/static/css/	279 B 520 B	223ms 112ms	Stylesheet text/css	74.115.32.74 AXXA-RACKCO
General Check archive.org Show headers Download Go to Full URL http://helps.cash.app.wesleybilliondv.com/static/css/cok.css Requested by Host: helps.cash.app.wesleybilliondv.com URL: http://helps.cash.app.wesleybilliondv.com/confirm/bank/?account=87610984e9e95a8a2defdeb7097f259ef420b2c1 Protocol HTTP/1.1 Server 74.115.32.74 , United States, ASN36529 (AXXA-RACKCO, US), Reverse DNS wesleyv01.rackco.com Software Apache / Resource Hash `da9bf28e7bb2be836c20685794b65b09fdbb35c8a22c3d88e8297782646c4424` Request headers accept-language nl-NL,nl;q=0.9 Referer http://helps.cash.app.wesleybilliondv.com/confirm/bank/?account=87610984e9e95a8a2defdeb7097f259ef420b2c1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Date Sat, 17 Dec 2022 17:13:56 GMT Last-Modified Thu, 10 Nov 2022 18:48:26 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 279
GET H/1.1	200 OK	script.js Show response helps.cash.app.wesleybilliondv.com/static/js/	2 KB 2 KB	222ms 111ms	Script application/javascript	74.115.32.74 AXXA-RACKCO
General Check archive.org Show headers Download Go to Full URL http://helps.cash.app.wesleybilliondv.com/static/js/script.js Requested by Host: helps.cash.app.wesleybilliondv.com URL: http://helps.cash.app.wesleybilliondv.com/confirm/bank/?account=87610984e9e95a8a2defdeb7097f259ef420b2c1 Protocol HTTP/1.1 Server 74.115.32.74 , United States, ASN36529 (AXXA-RACKCO, US), Reverse DNS wesleyv01.rackco.com Software Apache / Resource Hash `8deb2dd1e79eddc3303148f25b7df19a71fdbf39b837ade7dd2e849a9e159fb7` Request headers accept-language nl-NL,nl;q=0.9 Referer http://helps.cash.app.wesleybilliondv.com/confirm/bank/?account=87610984e9e95a8a2defdeb7097f259ef420b2c1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Date Sat, 17 Dec 2022 17:13:56 GMT Last-Modified Thu, 10 Nov 2022 18:48:26 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 1992
GET H/1.1	200 OK	jquery-2.0.3.min.js Show response helps.cash.app.wesleybilliondv.com/static/js/	82 KB 82 KB	227ms 115ms	Script application/javascript	74.115.32.74 AXXA-RACKCO
General Check archive.org Show headers Download Go to Full URL http://helps.cash.app.wesleybilliondv.com/static/js/jquery-2.0.3.min.js Requested by Host: helps.cash.app.wesleybilliondv.com URL: http://helps.cash.app.wesleybilliondv.com/confirm/bank/?account=87610984e9e95a8a2defdeb7097f259ef420b2c1 Protocol HTTP/1.1 Server 74.115.32.74 , United States, ASN36529 (AXXA-RACKCO, US), Reverse DNS wesleyv01.rackco.com Software Apache / Resource Hash `b13cb5989e08fcb02314209d101e1102f3d299109bdc253b62aa1da21c9e38ba` Request headers accept-language nl-NL,nl;q=0.9 Referer http://helps.cash.app.wesleybilliondv.com/confirm/bank/?account=87610984e9e95a8a2defdeb7097f259ef420b2c1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Date Sat, 17 Dec 2022 17:13:56 GMT Last-Modified Thu, 10 Nov 2022 18:48:26 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 83612
GET H/1.1	200 OK	success_v2.png helps.cash.app.wesleybilliondv.com/static/img/	2 KB 2 KB	111ms 111ms	Image image/png	74.115.32.74 AXXA-RACKCO
General Check archive.org Show headers Download Go to Show image Full URL http://helps.cash.app.wesleybilliondv.com/static/img/success_v2.png Requested by Host: helps.cash.app.wesleybilliondv.com URL: http://helps.cash.app.wesleybilliondv.com/confirm/bank/?account=87610984e9e95a8a2defdeb7097f259ef420b2c1 Protocol HTTP/1.1 Server 74.115.32.74 , United States, ASN36529 (AXXA-RACKCO, US), Reverse DNS wesleyv01.rackco.com Software Apache / Resource Hash `b721eeb3d47619c130e5f5a7ad941b6c860690ec1cd36105647fd95c0b772e9a` Request headers accept-language nl-NL,nl;q=0.9 Referer http://helps.cash.app.wesleybilliondv.com/confirm/bank/?account=87610984e9e95a8a2defdeb7097f259ef420b2c1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Date Sat, 17 Dec 2022 17:13:56 GMT Last-Modified Thu, 10 Nov 2022 18:48:26 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 1760
GET H/1.1	200 OK	jquery.min.js Show response helps.cash.app.wesleybilliondv.com/static/js/	87 KB 88 KB	114ms 114ms	Script application/javascript	74.115.32.74 AXXA-RACKCO
General Check archive.org Show headers Download Go to Full URL http://helps.cash.app.wesleybilliondv.com/static/js/jquery.min.js Requested by Host: helps.cash.app.wesleybilliondv.com URL: http://helps.cash.app.wesleybilliondv.com/confirm/bank/?account=87610984e9e95a8a2defdeb7097f259ef420b2c1 Protocol HTTP/1.1 Server 74.115.32.74 , United States, ASN36529 (AXXA-RACKCO, US), Reverse DNS wesleyv01.rackco.com Software Apache / Resource Hash `f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d` Request headers accept-language nl-NL,nl;q=0.9 Referer http://helps.cash.app.wesleybilliondv.com/confirm/bank/?account=87610984e9e95a8a2defdeb7097f259ef420b2c1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Date Sat, 17 Dec 2022 17:13:56 GMT Last-Modified Thu, 10 Nov 2022 18:48:26 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 89476
GET H/1.1	200 OK	mask.js Show response helps.cash.app.wesleybilliondv.com/static/js/	8 KB 8 KB	114ms 114ms	Script application/javascript	74.115.32.74 AXXA-RACKCO
General Check archive.org Show headers Download Go to Full URL http://helps.cash.app.wesleybilliondv.com/static/js/mask.js Requested by Host: helps.cash.app.wesleybilliondv.com URL: http://helps.cash.app.wesleybilliondv.com/confirm/bank/?account=87610984e9e95a8a2defdeb7097f259ef420b2c1 Protocol HTTP/1.1 Server 74.115.32.74 , United States, ASN36529 (AXXA-RACKCO, US), Reverse DNS wesleyv01.rackco.com Software Apache / Resource Hash `2a0db34dc14ef4b5ce73b230701c7561e5012667a4c9cb274ecab646e1474995` Request headers accept-language nl-NL,nl;q=0.9 Referer http://helps.cash.app.wesleybilliondv.com/confirm/bank/?account=87610984e9e95a8a2defdeb7097f259ef420b2c1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Date Sat, 17 Dec 2022 17:13:56 GMT Last-Modified Thu, 10 Nov 2022 18:48:26 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 8327
GET H/1.1	200 OK	bank.js Show response helps.cash.app.wesleybilliondv.com/static/js/	1 KB 2 KB	122ms 122ms	Script application/javascript	74.115.32.74 AXXA-RACKCO
General Check archive.org Show headers Download Go to Full URL http://helps.cash.app.wesleybilliondv.com/static/js/bank.js Requested by Host: helps.cash.app.wesleybilliondv.com URL: http://helps.cash.app.wesleybilliondv.com/confirm/bank/?account=87610984e9e95a8a2defdeb7097f259ef420b2c1 Protocol HTTP/1.1 Server 74.115.32.74 , United States, ASN36529 (AXXA-RACKCO, US), Reverse DNS wesleyv01.rackco.com Software Apache / Resource Hash `a53260dc5c7b1edc60a5e7e118f8b64c83c16c6a1967deb73cadc3fc7f10fe56` Request headers accept-language nl-NL,nl;q=0.9 Referer http://helps.cash.app.wesleybilliondv.com/confirm/bank/?account=87610984e9e95a8a2defdeb7097f259ef420b2c1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Date Sat, 17 Dec 2022 17:13:56 GMT Last-Modified Thu, 10 Nov 2022 18:48:26 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 1351
GET H/1.1	200 OK	cash-market-rounded-medium.woff2 helps.cash.app.wesleybilliondv.com/static/fonts/	35 KB 36 KB	112ms 111ms	Font font/woff2	74.115.32.74 AXXA-RACKCO
General Check archive.org Show headers Download Go to Full URL http://helps.cash.app.wesleybilliondv.com/static/fonts/cash-market-rounded-medium.woff2 Requested by Host: helps.cash.app.wesleybilliondv.com URL: http://helps.cash.app.wesleybilliondv.com/static/css/cash.css Protocol HTTP/1.1 Server 74.115.32.74 , United States, ASN36529 (AXXA-RACKCO, US), Reverse DNS wesleyv01.rackco.com Software Apache / Resource Hash `32ce0116ec544d7c3a3f10163fabb110f4c8e49be67489b60957badd5acc8bc3` Request headers Referer http://helps.cash.app.wesleybilliondv.com/static/css/cash.css Origin http://helps.cash.app.wesleybilliondv.com accept-language nl-NL,nl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Date Sat, 17 Dec 2022 17:13:56 GMT Last-Modified Thu, 10 Nov 2022 18:48:26 GMT Server Apache Content-Type font/woff2 Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 36144
GET H/1.1	200 OK	cash-market-rounded-regular.woff2 helps.cash.app.wesleybilliondv.com/static/fonts/	33 KB 33 KB	122ms 122ms	Font font/woff2	74.115.32.74 AXXA-RACKCO
General Check archive.org Show headers Download Go to Full URL http://helps.cash.app.wesleybilliondv.com/static/fonts/cash-market-rounded-regular.woff2 Requested by Host: helps.cash.app.wesleybilliondv.com URL: http://helps.cash.app.wesleybilliondv.com/static/css/cash.css Protocol HTTP/1.1 Server 74.115.32.74 , United States, ASN36529 (AXXA-RACKCO, US), Reverse DNS wesleyv01.rackco.com Software Apache / Resource Hash `de531e5c7be5d41643ca0ca0eda3794751eb52275c95a774da8df60ef8729b3b` Request headers Referer http://helps.cash.app.wesleybilliondv.com/static/css/cash.css Origin http://helps.cash.app.wesleybilliondv.com accept-language nl-NL,nl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Date Sat, 17 Dec 2022 17:13:56 GMT Last-Modified Thu, 10 Nov 2022 18:48:26 GMT Server Apache Content-Type font/woff2 Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 33692

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Cash App (Banking)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

helps.cash.app.wesleybilliondv.com
74.115.32.74
2a0db34dc14ef4b5ce73b230701c7561e5012667a4c9cb274ecab646e1474995
32ce0116ec544d7c3a3f10163fabb110f4c8e49be67489b60957badd5acc8bc3
8deb2dd1e79eddc3303148f25b7df19a71fdbf39b837ade7dd2e849a9e159fb7
917c5711d05b97aeac9d950b80211b3c3e73ea9e640c6e91fbb39a7f30d46a65
a53260dc5c7b1edc60a5e7e118f8b64c83c16c6a1967deb73cadc3fc7f10fe56
b13cb5989e08fcb02314209d101e1102f3d299109bdc253b62aa1da21c9e38ba
b721eeb3d47619c130e5f5a7ad941b6c860690ec1cd36105647fd95c0b772e9a
da9bf28e7bb2be836c20685794b65b09fdbb35c8a22c3d88e8297782646c4424
de531e5c7be5d41643ca0ca0eda3794751eb52275c95a774da8df60ef8729b3b
e83f48c001b68ad2019dd5b4420d4d22a73f1a00c4b18c227c928ee7761f68f8
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

helps.cash.app.wesleybilliondv.com Open in urlscan Pro 74.115.32.74 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

11 Requests

0 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

496 kBTransfer

493 kBSize

0 Cookies

0 Outgoing links

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

6 JavaScript Global Variables

0 Cookies

Indicators

helps.cash.app.wesleybilliondv.com Open in urlscan Pro
74.115.32.74 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

496 kB
Transfer

493 kB
Size

0
Cookies

11 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!