103.183.74.233 Open in urlscan Pro
103.183.74.233 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://103.183.74.233/cash.app/login.php
Submission: On March 31 via automatic, source openphish (March 31st 2022, 1:13:00 pm UTC) — Scanned from DE

Summary HTTP 9 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 1 domains to perform 9 HTTP transactions. The main IP is 103.183.74.233, located in Indonesia and belongs to IDNIC-IDCLOUDHOST-AS-ID PT Cloud Hosting Indonesia, ID. The main domain is 103.183.74.233.
TLS certificate: Issued by cPanel, Inc. Certification Authority on March 26th 2022. Valid for: 3 months.

This is the only time 103.183.74.233 was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Cash App (Banking)

Domain & IP information

	IP Address	AS Autonomous System
7	103.183.74.233 103.183.74.233	136052 (IDNIC-IDC...) (IDNIC-IDCLOUDHOST-AS-ID PT Cloud Hosting Indonesia)
2	151.101.129.49 151.101.129.49	54113 (FASTLY) (FASTLY)
9	2

7 103.183.74.233 (Indonesia)

ASN136052 (IDNIC-IDCLOUDHOST-AS-ID PT Cloud Hosting Indonesia, ID)
PTR: ip233.74.183.103.in-addr.arpa.unknwn.cloudhost.asia

103.183.74.233	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.129.49 (United States)

ASN54113 (FASTLY, US)

cash-f.squarecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	squarecdn.com cash-f.squarecdn.com — Cisco Umbrella Rank: 17028	69 KB
9	1

	Domain	Requested by
2	cash-f.squarecdn.com	103.183.74.233
9	1

This site contains no links.

Subject Issuer	Validity	Valid
cashappsauhtneticationsdetails.vantechdns.com cPanel, Inc. Certification Authority	`2022-03-26` - `2022-06-24`	3 months	crt.sh
*.squarecdn.com Entrust Certification Authority - L1K	`2022-01-18` - `2023-02-15`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://103.183.74.233/cash.app/login.php
Frame ID: 04418334FC91883F3F97D6D8FA294133
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Cash App

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

9
Requests

22 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

2
Countries

2513 kB
Transfer

2510 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request login.php Show response 103.183.74.233/cash.app/	3 KB 3 KB	853ms 304ms	Document text/html	103.183.74.233 IDNIC-IDCLOUDHOST...
General Check archive.org Show headers Download Go to Full URL https://103.183.74.233/cash.app/login.php Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 103.183.74.233 , Indonesia, ASN136052 (IDNIC-IDCLOUDHOST-AS-ID PT Cloud Hosting Indonesia, ID), Reverse DNS ip233.74.183.103.in-addr.arpa.unknwn.cloudhost.asia Software Apache / Resource Hash `027325a2f4815056652819932e56bb69515e53c8876075c5e54f178584ae82c0` Request headers Accept-Language de-DE,de;q=0.9 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36 Response headers Connection Keep-Alive Content-Type text/html; charset=UTF-8 Date Thu, 31 Mar 2022 13:12:45 GMT Keep-Alive timeout=5, max=100 Server Apache Transfer-Encoding chunked
GET H/1.1	200 OK	vendor.js Show response 103.183.74.233/cash.app/assets/	1 MB 1 MB	1046ms 1045ms	Script application/javascript	103.183.74.233 IDNIC-IDCLOUDHOST...
General Check archive.org Show headers Download Go to Full URL https://103.183.74.233/cash.app/assets/vendor.js Requested by Host: 103.183.74.233 URL: https://103.183.74.233/cash.app/login.php Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 103.183.74.233 , Indonesia, ASN136052 (IDNIC-IDCLOUDHOST-AS-ID PT Cloud Hosting Indonesia, ID), Reverse DNS ip233.74.183.103.in-addr.arpa.unknwn.cloudhost.asia Software Apache / Resource Hash `7089a778b24660f4f0d185dc42ce4b13059c180f3faad3dc73ea5437719ee78c` Request headers Referer https://103.183.74.233/cash.app/login.php Origin https://103.183.74.233 Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36 Response headers Date Thu, 31 Mar 2022 13:12:47 GMT Last-Modified Sat, 12 Sep 2020 04:40:36 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 1154469
GET H/1.1	200 OK	cash.js Show response 103.183.74.233/cash.app/assets/	982 KB 982 KB	280ms 279ms	Script application/javascript	103.183.74.233 IDNIC-IDCLOUDHOST...
General Check archive.org Show headers Download Go to Full URL https://103.183.74.233/cash.app/assets/cash.js Requested by Host: 103.183.74.233 URL: https://103.183.74.233/cash.app/login.php Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 103.183.74.233 , Indonesia, ASN136052 (IDNIC-IDCLOUDHOST-AS-ID PT Cloud Hosting Indonesia, ID), Reverse DNS ip233.74.183.103.in-addr.arpa.unknwn.cloudhost.asia Software Apache / Resource Hash `05c2eae4c5809a4cf8721574ae4c6700d2b9484528c73605c899b8dfd41f199e` Request headers Referer https://103.183.74.233/cash.app/login.php Origin https://103.183.74.233 Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36 Response headers Date Thu, 31 Mar 2022 13:12:46 GMT Last-Modified Sat, 12 Sep 2020 04:40:36 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 1005423
GET H/1.1	200 OK	cash.css 103.183.74.233/cash.app/assets/	239 KB 239 KB	771ms 259ms	Stylesheet text/css	103.183.74.233 IDNIC-IDCLOUDHOST...
General Check archive.org Show headers Download Go to Full URL https://103.183.74.233/cash.app/assets/cash.css Requested by Host: 103.183.74.233 URL: https://103.183.74.233/cash.app/login.php Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 103.183.74.233 , Indonesia, ASN136052 (IDNIC-IDCLOUDHOST-AS-ID PT Cloud Hosting Indonesia, ID), Reverse DNS ip233.74.183.103.in-addr.arpa.unknwn.cloudhost.asia Software Apache / Resource Hash `0cab6ae142696ceae7265aa7f93941de14df3d4e06ac2487808d4bbf1d8fea0f` Request headers Referer https://103.183.74.233/cash.app/login.php Origin https://103.183.74.233 Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36 Response headers Date Thu, 31 Mar 2022 13:12:46 GMT Last-Modified Sat, 12 Sep 2020 04:40:32 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 244264
GET H/1.1	200 OK	cash-market-rounded-light.woff2 103.183.74.233/cash.app/assets/	23 KB 23 KB	792ms 256ms	Font font/woff2	103.183.74.233 IDNIC-IDCLOUDHOST...
General Check archive.org Show headers Download Go to Full URL https://103.183.74.233/cash.app/assets/cash-market-rounded-light.woff2 Requested by Host: 103.183.74.233 URL: https://103.183.74.233/cash.app/login.php Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 103.183.74.233 , Indonesia, ASN136052 (IDNIC-IDCLOUDHOST-AS-ID PT Cloud Hosting Indonesia, ID), Reverse DNS ip233.74.183.103.in-addr.arpa.unknwn.cloudhost.asia Software Apache / Resource Hash `a1abd94048e822be4d2b551ce86d9250314fb453a2b87092a6bb1138ae167c14` Request headers Referer https://103.183.74.233/cash.app/login.php Origin https://103.183.74.233 Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36 Response headers Date Thu, 31 Mar 2022 13:12:46 GMT Last-Modified Sat, 12 Sep 2020 04:40:32 GMT Server Apache Content-Type font/woff2 Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 23296
GET H/1.1	200 OK	cash-market-rounded-regular.woff2 103.183.74.233/cash.app/assets/	33 KB 33 KB	2105ms 1026ms	Font font/woff2	103.183.74.233 IDNIC-IDCLOUDHOST...
General Check archive.org Show headers Download Go to Full URL https://103.183.74.233/cash.app/assets/cash-market-rounded-regular.woff2 Requested by Host: 103.183.74.233 URL: https://103.183.74.233/cash.app/login.php Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 103.183.74.233 , Indonesia, ASN136052 (IDNIC-IDCLOUDHOST-AS-ID PT Cloud Hosting Indonesia, ID), Reverse DNS ip233.74.183.103.in-addr.arpa.unknwn.cloudhost.asia Software Apache / Resource Hash `de531e5c7be5d41643ca0ca0eda3794751eb52275c95a774da8df60ef8729b3b` Request headers Referer https://103.183.74.233/cash.app/login.php Origin https://103.183.74.233 Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36 Response headers Date Thu, 31 Mar 2022 13:12:48 GMT Last-Modified Sat, 12 Sep 2020 04:40:32 GMT Server Apache Content-Type font/woff2 Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 33692
GET H/1.1	200 OK	cash-market-rounded-medium.woff2 103.183.74.233/cash.app/assets/	35 KB 36 KB	1882ms 611ms	Font font/woff2	103.183.74.233 IDNIC-IDCLOUDHOST...
General Check archive.org Show headers Download Go to Full URL https://103.183.74.233/cash.app/assets/cash-market-rounded-medium.woff2 Requested by Host: 103.183.74.233 URL: https://103.183.74.233/cash.app/login.php Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 103.183.74.233 , Indonesia, ASN136052 (IDNIC-IDCLOUDHOST-AS-ID PT Cloud Hosting Indonesia, ID), Reverse DNS ip233.74.183.103.in-addr.arpa.unknwn.cloudhost.asia Software Apache / Resource Hash `32ce0116ec544d7c3a3f10163fabb110f4c8e49be67489b60957badd5acc8bc3` Request headers Referer https://103.183.74.233/cash.app/login.php Origin https://103.183.74.233 Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36 Response headers Date Thu, 31 Mar 2022 13:12:47 GMT Last-Modified Sat, 12 Sep 2020 04:40:32 GMT Server Apache Content-Type font/woff2 Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 36144
GET H2	200	cash-market-rounded-regular.woff2 cash-f.squarecdn.com/static/fonts/cashmarket/	33 KB 33 KB	61ms 15ms	Font application/octet-stream	151.101.129.49 FASTLY
General Check archive.org Show headers Download Go to Full URL https://cash-f.squarecdn.com/static/fonts/cashmarket/cash-market-rounded-regular.woff2 Requested by Host: 103.183.74.233 URL: https://103.183.74.233/cash.app/assets/cash.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.129.49 , United States, ASN54113 (FASTLY, US), Reverse DNS Software AmazonS3 / Resource Hash `de531e5c7be5d41643ca0ca0eda3794751eb52275c95a774da8df60ef8729b3b` Request headers Referer https://103.183.74.233/ Origin https://103.183.74.233 Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36 Response headers x-amz-version-id dwxC4ZmjB_4CDnOqYYdcKqTS8B_Nigxi content-encoding gzip etag "438232647d9913a48305142c9fe7721b" age 1254353 via 1.1 varnish x-cache HIT content-length 33725 x-amz-id-2 b5USFoKNbKUxF+grX80yuEn+O5Obd0MrIzg+uRTxzUNKDLxD0cN99esCfvKRuh6GRBXMUCc1D7w= x-served-by cache-hhn4057-HHN last-modified Thu, 03 Feb 2022 02:10:32 GMT server AmazonS3 x-timer S1648732375.644402,VS0,VE1 date Thu, 31 Mar 2022 13:12:54 GMT x-amz-request-id F668B22NN6626QKA access-control-allow-origin * expires Sat, 03 Feb 2024 02:10:30 GMT cache-control max-age=630720000, public accept-ranges bytes content-type application/octet-stream x-cache-hits 1
GET H2	200	cash-market-rounded-medium.woff2 cash-f.squarecdn.com/static/fonts/cashmarket/	35 KB 36 KB	55ms 14ms	Font application/octet-stream	151.101.129.49 FASTLY
General Check archive.org Show headers Download Go to Full URL https://cash-f.squarecdn.com/static/fonts/cashmarket/cash-market-rounded-medium.woff2 Requested by Host: 103.183.74.233 URL: https://103.183.74.233/cash.app/assets/cash.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.129.49 , United States, ASN54113 (FASTLY, US), Reverse DNS Software AmazonS3 / Resource Hash `32ce0116ec544d7c3a3f10163fabb110f4c8e49be67489b60957badd5acc8bc3` Request headers Referer https://103.183.74.233/ Origin https://103.183.74.233 Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36 Response headers x-amz-version-id 3.NwPIEqbWwxllIY4T6kBmfisrrfHtz7 content-encoding gzip etag "bb0a7911452d2d17b9bcf766d63e2602" fastly-original-body-size 36116 age 738411 via 1.1 varnish x-cache HIT content-length 36116 x-amz-id-2 C/DlZejmBEhgn2gF4Z0LSIThQWexMRF2dCunSSfkYy/49+kmDd/tGu1STIQv+axuc7QQJRRzCAg= x-served-by cache-hhn4057-HHN last-modified Thu, 03 Feb 2022 02:10:32 GMT server AmazonS3 x-timer S1648732375.644459,VS0,VE1 date Thu, 31 Mar 2022 13:12:54 GMT x-amz-request-id JS7XAH857YMA5VMQ access-control-allow-origin * expires Sat, 03 Feb 2024 02:10:30 GMT cache-control max-age=630720000, public accept-ranges bytes content-type application/octet-stream x-cache-hits 1

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Cash App (Banking)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| structuredClone object| oncontextlost object| oncontextrestored function| getScreenDetails

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://103.183.74.233/cash.app/login.php Message: Failed to find a valid digest in the 'integrity' attribute for resource 'https://103.183.74.233/cash.app/assets/vendor.js' with computed SHA-256 integrity 'cImneLJGYPTw0YXcQs5LEwWcGA8/qtPcc+pUN3Ge54w='. The resource has been blocked.
security	error	URL: https://103.183.74.233/cash.app/login.php Message: Failed to find a valid digest in the 'integrity' attribute for resource 'https://103.183.74.233/cash.app/assets/cash.js' with computed SHA-256 integrity 'BcLq5MWAmkz4chV0rkxnANK5SEUoxzYFyJm439QfGZ4='. The resource has been blocked.
javascript	warning	URL: https://103.183.74.233/cash.app/login.php Message: The resource https://103.183.74.233/cash.app/assets/cash-market-rounded-medium.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://103.183.74.233/cash.app/login.php Message: The resource https://103.183.74.233/cash.app/assets/cash-market-rounded-light.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://103.183.74.233/cash.app/login.php Message: The resource https://103.183.74.233/cash.app/assets/cash-market-rounded-regular.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cash-f.squarecdn.com
103.183.74.233
151.101.129.49
027325a2f4815056652819932e56bb69515e53c8876075c5e54f178584ae82c0
05c2eae4c5809a4cf8721574ae4c6700d2b9484528c73605c899b8dfd41f199e
0cab6ae142696ceae7265aa7f93941de14df3d4e06ac2487808d4bbf1d8fea0f
32ce0116ec544d7c3a3f10163fabb110f4c8e49be67489b60957badd5acc8bc3
7089a778b24660f4f0d185dc42ce4b13059c180f3faad3dc73ea5437719ee78c
a1abd94048e822be4d2b551ce86d9250314fb453a2b87092a6bb1138ae167c14
de531e5c7be5d41643ca0ca0eda3794751eb52275c95a774da8df60ef8729b3b

103.183.74.233 Open in urlscan Pro 103.183.74.233 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

9 Requests

22 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

2 IPs

2 Countries

2513 kBTransfer

2510 kBSize

0 Cookies

0 Outgoing links

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

0 Cookies

5 Console Messages

Indicators

103.183.74.233 Open in urlscan Pro
103.183.74.233 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

22 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

2
Countries

2513 kB
Transfer

2510 kB
Size

0
Cookies

9 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!