![](/screenshots/83f0e19e-a017-4595-9740-c04c6cb347a6.png)
rivercoveresidences.review
Open in
urlscan Pro
98.142.221.58
Malicious Activity!
Public Scan
Submission: On March 10 via automatic, source openphish
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on February 9th 2018. Valid for: 3 months.
This is the only time rivercoveresidences.review was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Wells Fargo (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
8 | 98.142.221.58 98.142.221.58 | 46562 (TOTAL-SER...) (TOTAL-SERVER-SOLUTIONS - Total Server Solutions L.L.C.) | |
4 | 159.45.170.156 159.45.170.156 | 10837 (WELLSFARG...) (WELLSFARGO-10837 - Wells Fargo & Company) | |
2 | 159.45.66.177 159.45.66.177 | 4196 (WELLSFARG...) (WELLSFARGO-4196 - Wells Fargo & Company) | |
5 | 104.19.192.102 104.19.192.102 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
1 | 159.45.2.177 159.45.2.177 | 10837 (WELLSFARG...) (WELLSFARGO-10837 - Wells Fargo & Company) | |
2 | 159.45.2.178 159.45.2.178 | 10837 (WELLSFARG...) (WELLSFARGO-10837 - Wells Fargo & Company) | |
1 | 159.45.2.156 159.45.2.156 | 10837 (WELLSFARG...) (WELLSFARGO-10837 - Wells Fargo & Company) | |
23 | 8 |
ASN46562 (TOTAL-SERVER-SOLUTIONS - Total Server Solutions L.L.C., US)
PTR: monarch.unlimihost.net
rivercoveresidences.review |
ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US)
connect.secure.wellsfargo.com |
ASN4196 (WELLSFARGO-4196 - Wells Fargo & Company, US)
apply.wellsfargo.com |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
cdnjs.cloudflare.com |
ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US)
apply.wellsfargo.com |
ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US)
static.wellsfargo.com |
ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US)
connect.secure.wellsfargo.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
wellsfargo.com
connect.secure.wellsfargo.com apply.wellsfargo.com static.wellsfargo.com |
322 KB |
8 |
rivercoveresidences.review
rivercoveresidences.review |
15 KB |
5 |
cloudflare.com
cdnjs.cloudflare.com |
108 KB |
23 | 3 |
Domain | Requested by | |
---|---|---|
8 | rivercoveresidences.review |
rivercoveresidences.review
|
5 | cdnjs.cloudflare.com |
rivercoveresidences.review
|
5 | connect.secure.wellsfargo.com |
rivercoveresidences.review
connect.secure.wellsfargo.com |
3 | apply.wellsfargo.com |
rivercoveresidences.review
|
2 | static.wellsfargo.com |
rivercoveresidences.review
|
23 | 5 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.wellsfargo.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
rivercoveresidences.review Let's Encrypt Authority X3 |
2018-02-09 - 2018-05-10 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://rivercoveresidences.review/.com/connect/secure/log/details.html
Frame ID: (CC5EA27803331C1EFD72EB01FC92D497)
Requests: 25 HTTP requests in this frame
Screenshot
![](/screenshots/83f0e19e-a017-4595-9740-c04c6cb347a6.png)
Detected technologies
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
![](/vendor/wappa/icons/Typekit.png)
Detected patterns
- env /^Typekit$/i
Detected patterns
- script /jquery.*\.js/i
- env /^jQuery$/i
Page Statistics
3 Outgoing links
These are links going to different origins than the main page.
Title:
Search URL Search Domain Scan URL
Title: Privacy, Cookies, Security & Legal
Search URL Search Domain Scan URL
Title: Ad Choices
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
23 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
details.html
rivercoveresidences.review/.com/connect/secure/log/ |
14 KB 15 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login-userprefs.min.js
connect.secure.wellsfargo.com/auth/static/prefs/ |
144 KB 32 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
desktop-tablet.combined.css
apply.wellsfargo.com/css/ |
176 KB 176 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
jquery.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.0.0-beta1/ |
256 KB 78 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
jquery.validate.js
cdnjs.cloudflare.com/ajax/libs/jquery-validate/1.15.0/ |
45 KB 13 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
additional-methods.js
cdnjs.cloudflare.com/ajax/libs/jquery-validate/1.15.0/ |
38 KB 11 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
jquery.maskedinput.js
cdnjs.cloudflare.com/ajax/libs/jquery.maskedinput/1.4.1/ |
10 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
jquery.payment.js
cdnjs.cloudflare.com/ajax/libs/jquery.payment/1.3.2/ |
17 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
myriad-font.js
apply.wellsfargo.com/javascript/ |
17 KB 17 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
utag.sync.js
static.wellsfargo.com/tracking/main/ |
15 KB 6 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.combined.js
rivercoveresidences.review/javascript/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
desktop-tablet.combined.js
rivercoveresidences.review/javascript/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login.js
rivercoveresidences.review/javascript/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
conutils-6.2.2.js
connect.secure.wellsfargo.com/auth/static/scripts/ |
10 KB 5 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
atadun.js
connect.secure.wellsfargo.com/auth/static/prefs/ |
1 KB 1 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
nd
connect.secure.wellsfargo.com/jenny/ |
39 KB 39 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
archer.css
apply.wellsfargo.com/css/ |
22 KB 22 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
5 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headersResponse headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headersResponse headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.combined.js
rivercoveresidences.review/javascript/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
connect.secure.wellsfargo.com/ATADUN/2.2/w/w-642409/init/js/ |
471 B 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
desktop-tablet.combined.js
rivercoveresidences.review/javascript/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
utag.js
static.wellsfargo.com/tracking/main/ |
154 KB 22 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
proactive-chat.js
rivercoveresidences.review/javascript/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login.js
rivercoveresidences.review/javascript/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Wells Fargo (Banking)126 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| bundle function| disableSubmitsCollectUserPrefs function| addLoginFormFieldsAndSubmit function| jsEnabled function| addEvent object| UserPrefsHelper object| collector function| loadUserPrefs function| submitUserPrefs function| getUserPrefsOnPageLoad function| undoSaveUsername function| maskedUsernameChanged boolean| m object| q object| options object| lun3 string| ndURI boolean| isNative object| ndsapi object| nds object| js object| fjs function| $ function| jQuery object| Typekit undefined| TNL function| testandlearn undefined| CryptoJS function| ndoGetObjectKeys string| ndjsStaticVersion object| nspzru object| nsqnkkmiif boolean| nszfwwkum number| nsgzehbw number| nscrigfx object| nsqnkkmi object| nsvvzlesi object| nswsgdi object| nscrigfxf object| nsvvzl object| nsvvzle boolean| nsvvzlesit string| nszfwwkumz string| nswsgdido number| numQueries object| returned string| version string| nsvhfgglbt string| nsgzehbwk string| nsqnkkmii string| nswsgdidon string| nswsgdid string| nszfw string| nspzruzph object| nscrigf object| nszfwwku function| nspzruzp function| nsqnkk function| nsvhfggl boolean| nsvhfg object| nsvhf function| nswsgd function| nsgzeh function| nsgzehb function| nscrigfxfy function| nspzruz function| nspzr function| nsvvzles function| nszfwwk function| nsqnkkm function| nsvvz function| nszfww function| nspzruzphg function| nsqnk function| ndwts function| ndwti function| nsvhfgg function| nscrig function| nsgzehbwkc function| nsvhfgglb function| nsgze function| nswsg function| nscri function| nsberzj function| nsath function| nsvfapw function| nsathrpat function| nsknp function| nswte function| nsvgd function| nswvjrvyf function| HashUtil function| nswtea function| nsathr function| nsathrpato function| nsvfapwjnu function| nswvjr function| nswvj function| nsvgdfmnmi boolean| egainAuth string| proactiveChatWebServer string| clickChat string| fieldname_2 string| fieldname_3 string| fieldname_4 string| fieldname_6 string| fieldname_7 string| fieldname_8 string| fieldname_9 string| fieldname_10 string| fieldname_11 string| fieldname_12 string| fieldname_13 string| fieldname_14 string| fieldname_15 string| fieldname_19 boolean| authenticationRequired string| flowExeUrl boolean| authenticated boolean| utag_condload undefined| new_path undefined| utag_cfg_ovrd object| utag_data object| utag function| utag_pad function| utag_visitor_id1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.rivercoveresidences.review/ | Name: utag_main Value: v_id:01620defdac8002297e76cd182e000078004707000b08$_sn:1$_ss:1$_st:1520654045704$ses_id:1520652245704%3Bexp-session$_pn:1%3Bexp-session |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
apply.wellsfargo.com
cdnjs.cloudflare.com
connect.secure.wellsfargo.com
rivercoveresidences.review
static.wellsfargo.com
104.19.192.102
159.45.170.156
159.45.2.156
159.45.2.177
159.45.2.178
159.45.66.177
98.142.221.58
13615953c07c0c2b1a39739e7751678e1bb7c43a979b2a711243f35c3f6d20cc
1d95e0e21c160558eb3d2bacd76779048cb600cc04e15264e0835f4f86b4b375
266a8a7b5c0ebad26e3ba4e21d78b1999b1f7ea893b41a8d6346d48606321ccf
2aecc3e7494318d2398eafe2a6de21c03a52264ddf86c7934758ddbda06864bb
2bc06c9a6e73540eeea744621c94d7dc1b87a987f410875021839fa09cf613ae
2d82fa16bfc0096df3f95715c53d2525ccde3a033e66076094b051e3b315c7db
2efdea8b0dd2e3c3fa2eccbd90a8c9490ea0eba0d0b17bf28b1bb5352d4aee8c
3313ac9f2c148df9dc8581ae4d7bb9023c3ef933d1152db47de29e32ec5f67b0
5fb7b85658a6e615400e0f1f3e16fc869bbd099b3c3c181c294c05d1d7d1cfe5
60499c4335239d51fa6ef40bd909ba8e62a2a468b16b74f0fd9fadac1eee4bbf
78f27c3d7cb5d766466703adc7f7ad7706b7fb05514eec39be0aa253449bd0f8
7ef14a1e070a6a2ec9ff44ccf5e923cb2a460c5861a3db8a9ae1e21557d27020
82f10669b34cbe4bc1ea2dcb6ddac949450c03f0f5c4d83ed57201d55ca90925
9d6d810b425482c52769515f91250eb85bf4da9fc4294c8ab5a8845c78330127
a28025eb2ef3d90db390dc2bf16fa9809f2257bae292411d43eae0221f395f80
d4012775565c150cfab926c5f997022358ed1a1d168e14a474b7e97432387c7f
d617332408652c764ece833cae43811f40fd5229743f1991813f0fdb7e1184db
f7c20a7d66b01791f04a5f6cc985c6c22482887f274737156bb270313cac159e