Phishings targeting Cash App

Suspicious and active websites

Phishings targeting Cashapp

Suspicious and active websites

Website: cash.app
About: AIP2P payments target (US). Lures usually impersonate a 'fraud alert' or 'pending payment' notification to harvest the linked bank-card balance, often SMS-launched.

Suspicious sites — confidence is not always 100%. Use for Threat Hunting or watchlists.

Last check (UTC)	First seen (UTC) ▾	URL	Screenshot	Flags	Details

Suspicious sites — confidence is not always 100%. Use for Threat Hunting or watchlists.

URL	Screenshot	Details

Legitimate Cash App URLs always end in cash.app (e.g. www.cash.app, account.cash.app). Anything else — including look-alike typosquats, hyphenated variations, or unfamiliar TLDs like .xyz / .top / .vip — is not Cash App.
The padlock icon proves TLS is active, not that the site is safe. Free DV certificates are issued to attackers in minutes; every active site listed above has a valid TLS certificate.
If you got the link from email, SMS, or social media, do not click it. Open cash.app from your browser bookmark or type the domain manually.
Real Cash App pages almost never ask for credentials immediately after clicking from a message — treat any such redirect as a phishing attempt until the domain is verified.