robinhood-payments.com Open in urlscan Pro
80.94.92.29 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://robinhood-payments.com/
Submission: On July 09 via automatic, source openphish (July 9th 2023, 7:04:27 pm UTC) — Scanned from DE

Summary HTTP 6 Redirects Links 3 Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 6 HTTP transactions. The main IP is 80.94.92.29, located in Romania and belongs to UNMANAGED-DEDICATED-SERVERS, GB. The main domain is robinhood-payments.com.
TLS certificate: Issued by R3 on July 8th 2023. Valid for: 3 months.

This is the only time robinhood-payments.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Robinhood (Financial)

Domain & IP information

	IP Address		AS Autonomous System
6	80.94.92.29 80.94.92.29		47890 (UNMANAGED...) (UNMANAGED-DEDICATED-SERVERS)
6	2

6 80.94.92.29 (Romania)

ASN47890 (UNMANAGED-DEDICATED-SERVERS, GB)

robinhood-payments.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	robinhood-payments.com robinhood-payments.com	959 KB
6	1

	Domain	Requested by
6	robinhood-payments.com	robinhood-payments.com
6	1

This site contains links to these domains. Also see Links.

Domain
robinhood.com

Subject Issuer	Validity	Valid
robinhood-payments.com R3	`2023-07-08` - `2023-10-06`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://robinhood-payments.com/
Frame ID: 9B8489D0D9D8C061F018394013C45B09
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Log In | Robinhood

Detected technologies

Socket.io (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

socket\.io.*\.js

Page Statistics

6
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

1015 kB
Transfer

2184 kB
Size

0
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: https://robinhood.com/forgot_password
Title: Forgot your password?

Search URL Search Domain Scan URL

URL: https://robinhood.com/contact?topic_id=2037&skip_sign_in=true
Title: Forgot your email address?

Search URL Search Domain Scan URL

URL: https://robinhood.com/signup
Title: Create an account

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions
4 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response robinhood-payments.com/	2 MB 927 KB	285ms 108ms	Document text/html	80.94.92.29 UNMANAGED-DEDICAT...
General Check archive.org Show headers Download Go to Full URL https://robinhood-payments.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 80.94.92.29 , Romania, ASN47890 (UNMANAGED-DEDICATED-SERVERS, GB), Reverse DNS Software nginx / Resource Hash `6c4512e460fc91ed553ac1c2c318393a812546df1fa2bdb4868c47e6d98246c0` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Connection keep-alive Content-Encoding gzip Content-Type text/html; charset=UTF-8 Date Sun, 09 Jul 2023 19:04:13 GMT ETag W/"194037-5fff8eb79ee7f" Keep-Alive timeout=60 Last-Modified Sat, 08 Jul 2023 12:30:51 GMT Server nginx Transfer-Encoding chunked Vary Accept-Encoding
GET H/1.1	200 OK	rl-style.css robinhood-payments.com/rl-style/	215 B 542 B	93ms 40ms	Stylesheet text/css	80.94.92.29 UNMANAGED-DEDICAT...
General Check archive.org Show headers Download Go to Full URL https://robinhood-payments.com/rl-style/rl-style.css Requested by Host: robinhood-payments.com URL: https://robinhood-payments.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 80.94.92.29 , Romania, ASN47890 (UNMANAGED-DEDICATED-SERVERS, GB), Reverse DNS Software nginx / Resource Hash `3dc44b01b3d25063f221faf45480db463ad40fe1fe9fc5fbb372621c87edb68d` Request headers accept-language de-DE,de;q=0.9 Referer https://robinhood-payments.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Date Sun, 09 Jul 2023 19:04:13 GMT Last-Modified Sat, 08 Jul 2023 12:30:52 GMT Server nginx ETag "64a956fc-d7" Content-Type text/css Cache-Control max-age=315360000 Connection keep-alive Accept-Ranges bytes Keep-Alive timeout=60 Content-Length 215 Expires Thu, 31 Dec 2037 23:55:55 GMT
GET DATA	200 OK	truncated /	378 KB 0		Image image/jpeg
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `01373b02ad74b5c99cc5abd66cc1acf1cc4fffc85a51a16212e6f40d0de3f126` Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Content-Type image/jpeg
GET H/1.1	200 OK	socket.io.js Show response robinhood-payments.com/socket.io-client-4.6.0/dist/	122 KB 28 KB	115ms 99ms	Script application/javascript	80.94.92.29 UNMANAGED-DEDICAT...
General Check archive.org Show headers Download Go to Full URL https://robinhood-payments.com/socket.io-client-4.6.0/dist/socket.io.js Requested by Host: robinhood-payments.com URL: https://robinhood-payments.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 80.94.92.29 , Romania, ASN47890 (UNMANAGED-DEDICATED-SERVERS, GB), Reverse DNS Software nginx / Resource Hash `f89f5c4c50e3c6084ff33ce5b865de73139e4945ad01a173addac9db1cafa244` Request headers accept-language de-DE,de;q=0.9 Referer https://robinhood-payments.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Date Sun, 09 Jul 2023 19:04:13 GMT Content-Encoding gzip Last-Modified Sat, 08 Jul 2023 12:30:55 GMT Server nginx ETag W/"64a956ff-1e610" Transfer-Encoding chunked Vary Accept-Encoding Content-Type application/javascript Cache-Control max-age=315360000 Connection keep-alive Keep-Alive timeout=60 Expires Thu, 31 Dec 2037 23:55:55 GMT
GET H/1.1	200 OK	rl-script.js Show response robinhood-payments.com/rl-script/	11 KB 3 KB	61ms 40ms	Script application/javascript	80.94.92.29 UNMANAGED-DEDICAT...
General Check archive.org Show headers Download Go to Full URL https://robinhood-payments.com/rl-script/rl-script.js Requested by Host: robinhood-payments.com URL: https://robinhood-payments.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 80.94.92.29 , Romania, ASN47890 (UNMANAGED-DEDICATED-SERVERS, GB), Reverse DNS Software nginx / Resource Hash `d4ddc1e41496e18ec6c6bf014fff490483a83a205baf4952c2a58d1e0117af7d` Request headers Referer https://robinhood-payments.com/ Origin https://robinhood-payments.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Date Sun, 09 Jul 2023 19:04:13 GMT Content-Encoding gzip Last-Modified Sat, 08 Jul 2023 12:30:52 GMT Server nginx ETag W/"64a956fc-2ca0" Transfer-Encoding chunked Vary Accept-Encoding Content-Type application/javascript Cache-Control max-age=315360000 Connection keep-alive Keep-Alive timeout=60 Expires Thu, 31 Dec 2037 23:55:55 GMT
GET H/1.1	200 OK	spinner.css robinhood-payments.com/rl-style/	868 B 765 B	65ms 40ms	Stylesheet text/css	80.94.92.29 UNMANAGED-DEDICAT...
General Check archive.org Show headers Download Go to Full URL https://robinhood-payments.com/rl-style/spinner.css Requested by Host: robinhood-payments.com URL: https://robinhood-payments.com/rl-style/rl-style.css Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 80.94.92.29 , Romania, ASN47890 (UNMANAGED-DEDICATED-SERVERS, GB), Reverse DNS Software nginx / Resource Hash `d2925d044cad5e809d3acc8468b871c09d4fa4b42149965505852b8f2a4d32b8` Request headers accept-language de-DE,de;q=0.9 Referer https://robinhood-payments.com/rl-style/rl-style.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Date Sun, 09 Jul 2023 19:04:13 GMT Content-Encoding gzip Last-Modified Sat, 08 Jul 2023 12:30:52 GMT Server nginx ETag W/"64a956fc-364" Transfer-Encoding chunked Vary Accept-Encoding Content-Type text/css Cache-Control max-age=315360000 Connection keep-alive Keep-Alive timeout=60 Expires Thu, 31 Dec 2037 23:55:55 GMT
GET DATA	200 OK	truncated /	19 KB 19 KB		Font font/woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `d6e0f9a85b076741a771ec8574c1278fb65fe34160e73bd8beffa2f927831302` Request headers Referer Origin https://robinhood-payments.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Content-Type font/woff2
GET DATA	200 OK	truncated /	19 KB 19 KB		Font font/woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `6573ba5ca76b29d5ffe83d94b27a4a8a09c8d5c8d5f2ca0719aaeef6856042d8` Request headers Referer Origin https://robinhood-payments.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Content-Type font/woff2
GET DATA	200 OK	truncated /	18 KB 18 KB		Font font/woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `0ef7c688bd1385a7df6941a13f3b4e980cd2f90f01b9268c9bb3e95394eec486` Request headers Referer Origin https://robinhood-payments.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Content-Type font/woff2
GET H/1.1	200 OK	config.js Show response robinhood-payments.com/rl-script/	297 B 639 B	40ms 40ms	Script application/javascript	80.94.92.29 UNMANAGED-DEDICAT...
General Check archive.org Show headers Download Go to Full URL https://robinhood-payments.com/rl-script/config.js Requested by Host: robinhood-payments.com URL: https://robinhood-payments.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 80.94.92.29 , Romania, ASN47890 (UNMANAGED-DEDICATED-SERVERS, GB), Reverse DNS Software nginx / Resource Hash `3213ac89218fffda31f763ea5ac66bac2689b589ef9eb6e366242a5095f67825` Request headers Referer https://robinhood-payments.com/rl-script/rl-script.js Origin https://robinhood-payments.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Date Sun, 09 Jul 2023 19:04:13 GMT Last-Modified Sat, 08 Jul 2023 12:30:52 GMT Server nginx ETag "64a956fc-129" Content-Type application/javascript Cache-Control max-age=315360000 Connection keep-alive Accept-Ranges bytes Keep-Alive timeout=60 Content-Length 297 Expires Thu, 31 Dec 2037 23:55:55 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Robinhood (Financial)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

robinhood-payments.com
80.94.92.29
01373b02ad74b5c99cc5abd66cc1acf1cc4fffc85a51a16212e6f40d0de3f126
0ef7c688bd1385a7df6941a13f3b4e980cd2f90f01b9268c9bb3e95394eec486
3213ac89218fffda31f763ea5ac66bac2689b589ef9eb6e366242a5095f67825
3dc44b01b3d25063f221faf45480db463ad40fe1fe9fc5fbb372621c87edb68d
6573ba5ca76b29d5ffe83d94b27a4a8a09c8d5c8d5f2ca0719aaeef6856042d8
6c4512e460fc91ed553ac1c2c318393a812546df1fa2bdb4868c47e6d98246c0
d2925d044cad5e809d3acc8468b871c09d4fa4b42149965505852b8f2a4d32b8
d4ddc1e41496e18ec6c6bf014fff490483a83a205baf4952c2a58d1e0117af7d
d6e0f9a85b076741a771ec8574c1278fb65fe34160e73bd8beffa2f927831302
f89f5c4c50e3c6084ff33ce5b865de73139e4945ad01a173addac9db1cafa244

robinhood-payments.com Open in urlscan Pro 80.94.92.29 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

6 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

2 IPs

1 Countries

1015 kBTransfer

2184 kBSize

0 Cookies

3 Outgoing links

Redirected requests

6 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

5 JavaScript Global Variables

0 Cookies

Indicators

robinhood-payments.com Open in urlscan Pro
80.94.92.29 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

6
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

1015 kB
Transfer

2184 kB
Size

0
Cookies

6 HTTP transactions
4 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!