![](/screenshots/d77d1498-d418-4102-a2e6-0cd879efbbaa.png)
twin-vev.com
Open in
urlscan Pro
98.142.221.58
Malicious Activity!
Public Scan
Submission: On March 09 via api from CA
Summary
This is the only time twin-vev.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Wells Fargo (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
9 | 98.142.221.58 98.142.221.58 | 46562 (TOTAL-SER...) (TOTAL-SERVER-SOLUTIONS - Total Server Solutions L.L.C.) | |
5 | 159.45.66.156 159.45.66.156 | 4196 (WELLSFARG...) (WELLSFARGO-4196 - Wells Fargo & Company) | |
3 | 159.45.66.177 159.45.66.177 | 4196 (WELLSFARG...) (WELLSFARGO-4196 - Wells Fargo & Company) | |
5 | 104.19.196.102 104.19.196.102 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
2 | 159.45.170.178 159.45.170.178 | 10837 (WELLSFARG...) (WELLSFARGO-10837 - Wells Fargo & Company) | |
24 | 6 |
ASN46562 (TOTAL-SERVER-SOLUTIONS - Total Server Solutions L.L.C., US)
PTR: monarch.unlimihost.net
twin-vev.com |
ASN4196 (WELLSFARGO-4196 - Wells Fargo & Company, US)
connect.secure.wellsfargo.com |
ASN4196 (WELLSFARGO-4196 - Wells Fargo & Company, US)
apply.wellsfargo.com |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
cdnjs.cloudflare.com |
ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US)
static.wellsfargo.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
wellsfargo.com
connect.secure.wellsfargo.com apply.wellsfargo.com static.wellsfargo.com |
319 KB |
9 |
twin-vev.com
twin-vev.com |
15 KB |
5 |
cloudflare.com
cdnjs.cloudflare.com |
108 KB |
24 | 3 |
Domain | Requested by | |
---|---|---|
9 | twin-vev.com |
twin-vev.com
|
5 | cdnjs.cloudflare.com |
twin-vev.com
|
5 | connect.secure.wellsfargo.com |
twin-vev.com
connect.secure.wellsfargo.com |
3 | apply.wellsfargo.com |
twin-vev.com
|
2 | static.wellsfargo.com |
twin-vev.com
|
24 | 5 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.wellsfargo.com |
Subject Issuer | Validity | Valid |
---|
This page contains 1 frames:
Primary Page:
http://twin-vev.com/.com/connect/secure/log/details.html
Frame ID: (76BAF75D714AE4465C21F03489312ED6)
Requests: 26 HTTP requests in this frame
Screenshot
![](/screenshots/d77d1498-d418-4102-a2e6-0cd879efbbaa.png)
Detected technologies
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
![](/vendor/wappa/icons/Typekit.png)
Detected patterns
- env /^Typekit$/i
Detected patterns
- script /jquery.*\.js/i
- env /^jQuery$/i
Page Statistics
3 Outgoing links
These are links going to different origins than the main page.
Title:
Search URL Search Domain Scan URL
Title: Privacy, Cookies, Security & Legal
Search URL Search Domain Scan URL
Title: Ad Choices
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
24 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
details.html
twin-vev.com/.com/connect/secure/log/ |
14 KB 15 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login-userprefs.min.js
connect.secure.wellsfargo.com/auth/static/prefs/ |
144 KB 32 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
desktop-tablet.combined.css
apply.wellsfargo.com/css/ |
176 KB 176 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
jquery.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.0.0-beta1/ |
256 KB 78 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
jquery.validate.js
cdnjs.cloudflare.com/ajax/libs/jquery-validate/1.15.0/ |
45 KB 13 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
additional-methods.js
cdnjs.cloudflare.com/ajax/libs/jquery-validate/1.15.0/ |
38 KB 11 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
jquery.maskedinput.js
cdnjs.cloudflare.com/ajax/libs/jquery.maskedinput/1.4.1/ |
10 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
jquery.payment.js
cdnjs.cloudflare.com/ajax/libs/jquery.payment/1.3.2/ |
17 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
myriad-font.js
apply.wellsfargo.com/javascript/ |
17 KB 17 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
utag.sync.js
static.wellsfargo.com/tracking/main/ |
15 KB 6 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.combined.js
twin-vev.com/javascript/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
desktop-tablet.combined.js
twin-vev.com/javascript/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login.js
twin-vev.com/javascript/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
conutils-6.2.2.js
connect.secure.wellsfargo.com/auth/static/scripts/ |
10 KB 5 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
atadun.js
connect.secure.wellsfargo.com/auth/static/prefs/ |
1 KB 1 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.combined.js
twin-vev.com/javascript/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
desktop-tablet.combined.js
twin-vev.com/javascript/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login.js
twin-vev.com/javascript/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
nd
connect.secure.wellsfargo.com/jenny/ |
39 KB 39 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
archer.css
apply.wellsfargo.com/css/ |
22 KB 22 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
5 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headersResponse headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headersResponse headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
connect.secure.wellsfargo.com/ATADUN/2.2/w/w-642409/init/js/ |
471 B 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
utag.js
static.wellsfargo.com/tracking/main/ |
136 KB 19 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
proactive-chat.js
twin-vev.com/javascript/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login.js
twin-vev.com/javascript/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Wells Fargo (Banking)126 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| bundle function| disableSubmitsCollectUserPrefs function| addLoginFormFieldsAndSubmit function| jsEnabled function| addEvent object| UserPrefsHelper object| collector function| loadUserPrefs function| submitUserPrefs function| getUserPrefsOnPageLoad function| undoSaveUsername function| maskedUsernameChanged boolean| m object| q object| options object| lun3 string| ndURI boolean| isNative object| ndsapi object| nds object| js object| fjs function| $ function| jQuery object| Typekit undefined| TNL function| testandlearn undefined| CryptoJS function| ndoGetObjectKeys string| ndjsStaticVersion object| nspodbjpkg object| nslfgjc boolean| nsdme number| nsqxyr number| nsizoprzyl object| nsqxyrln object| nslfgjchwr object| nsqxy object| nsnltrrpsb object| nsbypuy object| nsizop boolean| nsizo string| nswexasxvb string| nsqxyrlnze number| numQueries object| returned string| version string| nsbypu string| nspodbjpk string| nsqxyrl string| nsbyp string| nsbypuyhon string| nsizoprz string| nsqxyrlnz object| nswexasxv object| nsdmeism function| nsdmeisms function| nsnltrrp function| nsnltrr boolean| nswexa object| nspodbjp function| nslfgjchw function| HashUtil function| nsdmei function| nspod function| nsizoprzy function| ndwti function| nspodbj function| nsbypuyh function| nslfgj function| nsnlt function| nsizopr function| nswexas function| nsdmeismsn function| nsnltr function| nswexasx function| nswex function| nsnltrrps function| nslfgjch function| nsbypuyho function| ndwts function| nslfg function| nsdmeis function| nspodb function| nstqii function| nszcnn function| nshujhlp function| nsxckx function| nsjcdfa function| nsxckxbyib function| nspfferez function| nszfxkzamr function| nszcnnarft function| nsjcdfagwo function| nsikjsew function| nshujh function| nszcnnarf function| nshujhlpy function| nsxckxbyi boolean| egainAuth string| proactiveChatWebServer string| clickChat string| fieldname_2 string| fieldname_3 string| fieldname_4 string| fieldname_6 string| fieldname_7 string| fieldname_8 string| fieldname_9 string| fieldname_10 string| fieldname_11 string| fieldname_12 string| fieldname_13 string| fieldname_14 string| fieldname_15 string| fieldname_19 boolean| authenticationRequired string| flowExeUrl boolean| authenticated boolean| utag_condload undefined| new_path undefined| utag_cfg_ovrd object| utag_data object| utag function| utag_pad function| utag_visitor_id0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
apply.wellsfargo.com
cdnjs.cloudflare.com
connect.secure.wellsfargo.com
static.wellsfargo.com
twin-vev.com
104.19.196.102
159.45.170.178
159.45.66.156
159.45.66.177
98.142.221.58
0eb9e17f9bad17046fb56c3738b130aee0a447e31756ee3d733a650fd041c1e2
13615953c07c0c2b1a39739e7751678e1bb7c43a979b2a711243f35c3f6d20cc
1d95e0e21c160558eb3d2bacd76779048cb600cc04e15264e0835f4f86b4b375
266a8a7b5c0ebad26e3ba4e21d78b1999b1f7ea893b41a8d6346d48606321ccf
2aecc3e7494318d2398eafe2a6de21c03a52264ddf86c7934758ddbda06864bb
2bc06c9a6e73540eeea744621c94d7dc1b87a987f410875021839fa09cf613ae
2d82fa16bfc0096df3f95715c53d2525ccde3a033e66076094b051e3b315c7db
3313ac9f2c148df9dc8581ae4d7bb9023c3ef933d1152db47de29e32ec5f67b0
5fb7b85658a6e615400e0f1f3e16fc869bbd099b3c3c181c294c05d1d7d1cfe5
60499c4335239d51fa6ef40bd909ba8e62a2a468b16b74f0fd9fadac1eee4bbf
6845cee6f8d5c4cab07df6d78d942f54c76abbf9b6e5c941154688a7450d4c8c
78f27c3d7cb5d766466703adc7f7ad7706b7fb05514eec39be0aa253449bd0f8
7ef14a1e070a6a2ec9ff44ccf5e923cb2a460c5861a3db8a9ae1e21557d27020
9d6d810b425482c52769515f91250eb85bf4da9fc4294c8ab5a8845c78330127
cc22d1d319cf477b81dc001c78032084ea9a1d83bfd36acca98cde0b69824023
d4012775565c150cfab926c5f997022358ed1a1d168e14a474b7e97432387c7f
d617332408652c764ece833cae43811f40fd5229743f1991813f0fdb7e1184db
e3d0ea8b13d4c29c15bc54e820bf859b19332bc486800b2952683b2e6bc2ea5b