authorize-cvv.su

https://authorize-cvv.su/

172.67.173.167 · Cloudflare, Inc.

Location

Toronto, Canada

Domain Age

—

HTTP

200 · 24.1s

SSL

Valid· E8, Let's Encrypt, US

Status

COMPLETED

Visual Evidence

Zoom

Title: "Cvv Authorize Shop | Fullz High Credit Score"

Save

Linked Phishing Report

This scan is attached to a vendor submission report

Brand

Apple

Vendors

29/29

Status

completed

✓ openphish✓ eset✓ polyswarm✓ microsoft✓ yandex✓ sophos✓ avg✓ bitdefender✓ brightcloud✓ google✓ avast✓ norton✓ apple✓ emsisoft✓ cisa✓ phishtank✓ urlquery✓ urlscan✓ apwg✓ spamhaus✓ netcraft✓ phishreport✓ virustotal✓ threatyeti✓ drweb✓ urlabuse✓ mcafee✓ kaspersky✓ fortiguard

KB/IOK Matches (0)—

No KB/IOK detections were recorded for this scan.

Apple

Unknown

finance | technology | ecommerce · 4/5/2026

Summary

The page authorize-cvv.su presents a credential collection surface under the branding text Cvv Authorize Shop and visual UI resembling financial protection themes. The domain does not belong to a known, legitimate brand and uses SPA-style rendering with dynamic forms likely harvesting credentials. External assets and a Cloudflare/Let's Encrypt setup are present, but the page title and UI attempt to impersonate a financial/credit protection service, indicating brand impersonation and potential credential harvesting.

Attack Techniques (3)

Typosquat/brand impersonation with a non-official domain authorize-cvv.suSingle-Page Application (SPA) rendering dynamic credential capture forms via JavaScriptPOST request to CDN/CFL rum endpoint suggesting data exfiltration or user activity tracking

Indicators of Compromise (3)

▸DOMAIN: authorize-cvv.su (unfamiliar domain impersonating a financial/security brand)

▸NETWORK: POST to https://authorize-cvv.su/cdn-cgi/rum? (likely data collection/exfiltration)

▸SSL: Let’s Encrypt cert issued Feb 19 2026, valid until May 20 2026 (new certs common in phishing but still a risk signal)

Risk AssessmentUsed in abuse reports

This site is a high-risk credential harvesting landing page. The domain authorize-cvv.su does not correspond to any known legitimate brand and is actively spoofing financial protection visuals, with SPA behavior implying dynamic collection of user credentials via client-side rendering. The page title and UI strongly indicate impersonation of a credit protection/service brand. The presence of a POST endpoint at /cdn-cgi/rum and an active Cloudflare beacon suggests data exfiltration and extensive visitor tracking. Given the new SSL cert and lack of legitimate WHOIS data, this domain should be treated as malicious and blocked. Recommend immediate takedown actions and monitoring for similar clones targeting financial/security-conscious users.

Recommended Action

Monitor

Cross-Reference9

URL Intelligence