riverswimmer.com Open in urlscan Pro
172.96.176.34 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://newofficeredout.com/20100
Effective URL:
https://riverswimmer.com/wp-admin/images/quickbooks.intuits.com/quickbooks/
Submission: On June 21 via manual (June 21st 2023, 11:17:13 am UTC) from ZA — Scanned from NL

Summary HTTP 13 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 13 HTTP transactions. The main IP is 172.96.176.34, located in Canada and belongs to COGECO-PEER1, CA. The main domain is riverswimmer.com.
TLS certificate: Issued by R3 on June 11th 2023. Valid for: 3 months.

This is the only time riverswimmer.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Email (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 2	2a06:98c1:312... 2a06:98c1:3121::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
12	172.96.176.34 172.96.176.34	13768 (COGECO-PEER1) (COGECO-PEER1)
13	2

2 2a06:98c1:3121::3 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

newofficeredout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 172.96.176.34 (Canada)

ASN13768 (COGECO-PEER1, CA)
PTR: v1018897.hostpapavps.net

riverswimmer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	riverswimmer.com riverswimmer.com	491 KB
2	newofficeredout.com 1 redirects newofficeredout.com	1006 B
13	2

	Domain	Requested by
12	riverswimmer.com	newofficeredout.com riverswimmer.com
2	newofficeredout.com	1 redirects
13	2

This site contains no links.

Subject Issuer	Validity	Valid
newofficeredout.com GTS CA 1P5	`2023-06-18` - `2023-09-16`	3 months	crt.sh
*.riverswimmer.com R3	`2023-06-11` - `2023-09-09`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://riverswimmer.com/wp-admin/images/quickbooks.intuits.com/quickbooks/
Frame ID: 4322C8472CBE3A0581D635E973460BF4
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://newofficeredout.com/20100 Page URL
https://newofficeredout.com/20100 HTTP 302
https://riverswimmer.com/wp-admin/images/quickbooks.intuits.com/quickbooks/ Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

13
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

491 kB
Transfer

488 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://newofficeredout.com/20100 Page URL
https://newofficeredout.com/20100 HTTP 302
https://riverswimmer.com/wp-admin/images/quickbooks.intuits.com/quickbooks/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	20100 Show response newofficeredout.com/	263 B 612 B	2112ms 1999ms	Document text/html	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://newofficeredout.com/20100 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `f076f7d051a7f045cf77aee2982e6f8a1cc8fa89b3ea0098b62aac458b970387` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 accept-language nl-NL,nl;q=0.9 Response headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 7dabd7db08ca0b44-AMS content-encoding br content-type text/html; charset=UTF-8 date Wed, 21 Jun 2023 11:17:08 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=85ohMWg9vsD34zB%2FrfOFb4e6UvIycdTp1N80aW83AggUpYrnaOKCBJvc25E86kA8elSTc4fvEtrOFFTcUuTzzzTERgUQG4qTX0hbFZcYHoNFYju9LG%2BgaBJUF2aESWfE6%2Bvl4QMsi0zG%2B4H%2FneZwj9S%2B"}],"group":"cf-nel","max_age":604800} server cloudflare
GET H/1.1	200 OK	Primary Request / Show response riverswimmer.com/wp-admin/images/quickbooks.intuits.com/quickbooks/ Redirect Chain https://newofficeredout.com/20100 https://riverswimmer.com/wp-admin/images/quickbooks.intuits.com/quickbooks/	9 KB 9 KB	936ms 205ms	Document text/html	172.96.176.34 COGECO-PEER1
General Check archive.org Show headers Download Go to Full URL https://riverswimmer.com/wp-admin/images/quickbooks.intuits.com/quickbooks/ Requested by Host: newofficeredout.com URL: https://newofficeredout.com/20100 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 172.96.176.34 , Canada, ASN13768 (COGECO-PEER1, CA), Reverse DNS v1018897.hostpapavps.net Software Apache / Resource Hash `775ec32e444051e6df26290847b3c3550b46817b57e3c0b44c9b2aac3575813b` Request headers Referer https://newofficeredout.com/20100 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 accept-language nl-NL,nl;q=0.9 Response headers Connection Keep-Alive Content-Type text/html; charset=UTF-8 Date Wed, 21 Jun 2023 11:17:11 GMT Keep-Alive timeout=5, max=100 Server Apache Transfer-Encoding chunked Redirect headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 7dabd7edee580b44-AMS content-type text/html; charset=UTF-8 date Wed, 21 Jun 2023 11:17:10 GMT location https://riverswimmer.com/wp-admin/images/quickbooks.intuits.com/quickbooks/ nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=77dUeOYYAKMlN25w5BKCjRJ0SmnC9yPsh17oXbL7YIGpErYpko3wFFdN9i0xXXgfN5ysB37q3VQj8UQpC%2F6BcNy8bT1PA6hGKQpFz3ByBFyKVxZeM3DMbfNsvfMa2c%2BvFWiu5ApYRsFO5YNVQ3q0yc6Q"}],"group":"cf-nel","max_age":604800} server cloudflare
GET H/1.1	200 OK	app.css riverswimmer.com/wp-admin/images/quickbooks.intuits.com/quickbooks/css/	12 KB 12 KB	116ms 115ms	Stylesheet text/css	172.96.176.34 COGECO-PEER1
General Check archive.org Show headers Download Go to Full URL https://riverswimmer.com/wp-admin/images/quickbooks.intuits.com/quickbooks/css/app.css Requested by Host: riverswimmer.com URL: https://riverswimmer.com/wp-admin/images/quickbooks.intuits.com/quickbooks/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 172.96.176.34 , Canada, ASN13768 (COGECO-PEER1, CA), Reverse DNS v1018897.hostpapavps.net Software Apache / Resource Hash `6bd212ad1085623e850c58f89993fd769058c524f11118d5afea77e4c839e6ea` Request headers accept-language nl-NL,nl;q=0.9 Referer https://riverswimmer.com/wp-admin/images/quickbooks.intuits.com/quickbooks/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers Date Wed, 21 Jun 2023 11:17:11 GMT Last-Modified Tue, 20 Jun 2023 17:48:24 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 11947
GET H/1.1	200 OK	jquery.min.js Show response riverswimmer.com/wp-admin/images/quickbooks.intuits.com/quickbooks/js/	84 KB 84 KB	133ms 116ms	Script application/javascript	172.96.176.34 COGECO-PEER1
General Check archive.org Show headers Download Go to Full URL https://riverswimmer.com/wp-admin/images/quickbooks.intuits.com/quickbooks/js/jquery.min.js Requested by Host: riverswimmer.com URL: https://riverswimmer.com/wp-admin/images/quickbooks.intuits.com/quickbooks/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 172.96.176.34 , Canada, ASN13768 (COGECO-PEER1, CA), Reverse DNS v1018897.hostpapavps.net Software Apache / Resource Hash `05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e` Request headers accept-language nl-NL,nl;q=0.9 Referer https://riverswimmer.com/wp-admin/images/quickbooks.intuits.com/quickbooks/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers Date Wed, 21 Jun 2023 11:17:11 GMT Last-Modified Tue, 20 Jun 2023 17:48:24 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 85578
GET H/1.1	200 OK	jquery-3.1.1.min.js Show response riverswimmer.com/wp-admin/images/quickbooks.intuits.com/quickbooks/js/	85 KB 85 KB	343ms 115ms	Script application/javascript	172.96.176.34 COGECO-PEER1
General Check archive.org Show headers Download Go to Full URL https://riverswimmer.com/wp-admin/images/quickbooks.intuits.com/quickbooks/js/jquery-3.1.1.min.js Requested by Host: riverswimmer.com URL: https://riverswimmer.com/wp-admin/images/quickbooks.intuits.com/quickbooks/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 172.96.176.34 , Canada, ASN13768 (COGECO-PEER1, CA), Reverse DNS v1018897.hostpapavps.net Software Apache / Resource Hash `85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf` Request headers accept-language nl-NL,nl;q=0.9 Referer https://riverswimmer.com/wp-admin/images/quickbooks.intuits.com/quickbooks/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers Date Wed, 21 Jun 2023 11:17:12 GMT Last-Modified Tue, 20 Jun 2023 17:48:24 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 86709
GET H/1.1	200 OK	jquery-3.3.1.js Show response riverswimmer.com/wp-admin/images/quickbooks.intuits.com/quickbooks/js/	265 KB 266 KB	346ms 116ms	Script application/javascript	172.96.176.34 COGECO-PEER1
General Check archive.org Show headers Download Go to Full URL https://riverswimmer.com/wp-admin/images/quickbooks.intuits.com/quickbooks/js/jquery-3.3.1.js Requested by Host: riverswimmer.com URL: https://riverswimmer.com/wp-admin/images/quickbooks.intuits.com/quickbooks/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 172.96.176.34 , Canada, ASN13768 (COGECO-PEER1, CA), Reverse DNS v1018897.hostpapavps.net Software Apache / Resource Hash `d8aa24ecc6cecb1a60515bc093f1c9da38a0392612d9ab8ae0f7f36e6eee1fad` Request headers Referer https://riverswimmer.com/wp-admin/images/quickbooks.intuits.com/quickbooks/ Origin https://riverswimmer.com accept-language nl-NL,nl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers Date Wed, 21 Jun 2023 11:17:12 GMT Last-Modified Tue, 20 Jun 2023 17:48:24 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 271751
GET H/1.1	200 OK	popper.min.js Show response riverswimmer.com/wp-admin/images/quickbooks.intuits.com/quickbooks/js/	19 KB 19 KB	344ms 114ms	Script application/javascript	172.96.176.34 COGECO-PEER1
General Check archive.org Show headers Download Go to Full URL https://riverswimmer.com/wp-admin/images/quickbooks.intuits.com/quickbooks/js/popper.min.js Requested by Host: riverswimmer.com URL: https://riverswimmer.com/wp-admin/images/quickbooks.intuits.com/quickbooks/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 172.96.176.34 , Canada, ASN13768 (COGECO-PEER1, CA), Reverse DNS v1018897.hostpapavps.net Software Apache / Resource Hash `a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66` Request headers Referer https://riverswimmer.com/wp-admin/images/quickbooks.intuits.com/quickbooks/ Origin https://riverswimmer.com accept-language nl-NL,nl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers Date Wed, 21 Jun 2023 11:17:12 GMT Last-Modified Tue, 20 Jun 2023 17:48:24 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 19188
GET H/1.1	200 OK	log.svg riverswimmer.com/wp-admin/images/quickbooks.intuits.com/quickbooks/img/	1 KB 1 KB	115ms 115ms	Image image/svg+xml	172.96.176.34 COGECO-PEER1
General Check archive.org Show headers Download Go to Show image Full URL https://riverswimmer.com/wp-admin/images/quickbooks.intuits.com/quickbooks/img/log.svg Requested by Host: riverswimmer.com URL: https://riverswimmer.com/wp-admin/images/quickbooks.intuits.com/quickbooks/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 172.96.176.34 , Canada, ASN13768 (COGECO-PEER1, CA), Reverse DNS v1018897.hostpapavps.net Software Apache / Resource Hash `82ca8cd60e5ecda336a08c16ac17d81962736bb628814f35c10cb8c15aaab448` Request headers accept-language nl-NL,nl;q=0.9 Referer https://riverswimmer.com/wp-admin/images/quickbooks.intuits.com/quickbooks/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers Date Wed, 21 Jun 2023 11:17:12 GMT Last-Modified Tue, 20 Jun 2023 17:48:24 GMT Server Apache Content-Type image/svg+xml Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 1223
GET H/1.1	200 OK	dat.png riverswimmer.com/wp-admin/images/quickbooks.intuits.com/quickbooks/img/	3 KB 3 KB	114ms 114ms	Image image/png	172.96.176.34 COGECO-PEER1
General Check archive.org Show headers Download Go to Show image Full URL https://riverswimmer.com/wp-admin/images/quickbooks.intuits.com/quickbooks/img/dat.png Requested by Host: riverswimmer.com URL: https://riverswimmer.com/wp-admin/images/quickbooks.intuits.com/quickbooks/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 172.96.176.34 , Canada, ASN13768 (COGECO-PEER1, CA), Reverse DNS v1018897.hostpapavps.net Software Apache / Resource Hash `67a79dee69a43deaa6f81822ce1673aac756362dd381a91070714c2541e6a338` Request headers accept-language nl-NL,nl;q=0.9 Referer https://riverswimmer.com/wp-admin/images/quickbooks.intuits.com/quickbooks/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers Date Wed, 21 Jun 2023 11:17:12 GMT Last-Modified Tue, 20 Jun 2023 17:48:24 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 3116
GET H/1.1	200 OK	error.svg riverswimmer.com/wp-admin/images/quickbooks.intuits.com/quickbooks/img/	587 B 832 B	117ms 116ms	Image image/svg+xml	172.96.176.34 COGECO-PEER1
General Check archive.org Show headers Download Go to Show image Full URL https://riverswimmer.com/wp-admin/images/quickbooks.intuits.com/quickbooks/img/error.svg Requested by Host: riverswimmer.com URL: https://riverswimmer.com/wp-admin/images/quickbooks.intuits.com/quickbooks/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 172.96.176.34 , Canada, ASN13768 (COGECO-PEER1, CA), Reverse DNS v1018897.hostpapavps.net Software Apache / Resource Hash `59ef0c64ae4925d20f75dd8823817465812d605b4f1ae05f9516bb7abad4bf46` Request headers accept-language nl-NL,nl;q=0.9 Referer https://riverswimmer.com/wp-admin/images/quickbooks.intuits.com/quickbooks/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers Date Wed, 21 Jun 2023 11:17:12 GMT Last-Modified Tue, 20 Jun 2023 17:48:24 GMT Server Apache Content-Type image/svg+xml Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 587
GET H/1.1	200 OK	check.png riverswimmer.com/wp-admin/images/quickbooks.intuits.com/quickbooks/img/	343 B 584 B	117ms 117ms	Image image/png	172.96.176.34 COGECO-PEER1
General Check archive.org Show headers Download Go to Show image Full URL https://riverswimmer.com/wp-admin/images/quickbooks.intuits.com/quickbooks/img/check.png Requested by Host: riverswimmer.com URL: https://riverswimmer.com/wp-admin/images/quickbooks.intuits.com/quickbooks/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 172.96.176.34 , Canada, ASN13768 (COGECO-PEER1, CA), Reverse DNS v1018897.hostpapavps.net Software Apache / Resource Hash `93c4cd34acc7e28e43d6b7c12dfaa645fd277ec7122d46fc2beae0fdee702894` Request headers accept-language nl-NL,nl;q=0.9 Referer https://riverswimmer.com/wp-admin/images/quickbooks.intuits.com/quickbooks/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers Date Wed, 21 Jun 2023 11:17:12 GMT Last-Modified Tue, 20 Jun 2023 17:48:24 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 343
GET H/1.1	200 OK	lock.svg riverswimmer.com/wp-admin/images/quickbooks.intuits.com/quickbooks/img/	475 B 721 B	115ms 115ms	Image image/svg+xml	172.96.176.34 COGECO-PEER1
General Check archive.org Show headers Download Go to Show image Full URL https://riverswimmer.com/wp-admin/images/quickbooks.intuits.com/quickbooks/img/lock.svg Requested by Host: riverswimmer.com URL: https://riverswimmer.com/wp-admin/images/quickbooks.intuits.com/quickbooks/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 172.96.176.34 , Canada, ASN13768 (COGECO-PEER1, CA), Reverse DNS v1018897.hostpapavps.net Software Apache / Resource Hash `935426141d6ee9be09a4e2e7e2d76dbdd763b9826ebd0c50e3c9496831f4cbe2` Request headers accept-language nl-NL,nl;q=0.9 Referer https://riverswimmer.com/wp-admin/images/quickbooks.intuits.com/quickbooks/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers Date Wed, 21 Jun 2023 11:17:12 GMT Last-Modified Tue, 20 Jun 2023 17:48:24 GMT Server Apache Content-Type image/svg+xml Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 475
GET H/1.1	200 OK	main.js Show response riverswimmer.com/wp-admin/images/quickbooks.intuits.com/quickbooks/js/	9 KB 10 KB	115ms 115ms	Script application/javascript	172.96.176.34 COGECO-PEER1
General Check archive.org Show headers Download Go to Full URL https://riverswimmer.com/wp-admin/images/quickbooks.intuits.com/quickbooks/js/main.js Requested by Host: riverswimmer.com URL: https://riverswimmer.com/wp-admin/images/quickbooks.intuits.com/quickbooks/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 172.96.176.34 , Canada, ASN13768 (COGECO-PEER1, CA), Reverse DNS v1018897.hostpapavps.net Software Apache / Resource Hash `9906974456533f13e02d12567dbd19c03c961664ba8e6c070ca4f85875ff3839` Request headers accept-language nl-NL,nl;q=0.9 Referer https://riverswimmer.com/wp-admin/images/quickbooks.intuits.com/quickbooks/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers Date Wed, 21 Jun 2023 11:17:12 GMT Last-Modified Tue, 20 Jun 2023 17:48:24 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 9524

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Email (Online)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			newofficeredout.com/	1970-01-20 12:42:29	Name: chk Value: test

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

newofficeredout.com
riverswimmer.com
172.96.176.34
2a06:98c1:3121::3
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
59ef0c64ae4925d20f75dd8823817465812d605b4f1ae05f9516bb7abad4bf46
67a79dee69a43deaa6f81822ce1673aac756362dd381a91070714c2541e6a338
6bd212ad1085623e850c58f89993fd769058c524f11118d5afea77e4c839e6ea
775ec32e444051e6df26290847b3c3550b46817b57e3c0b44c9b2aac3575813b
82ca8cd60e5ecda336a08c16ac17d81962736bb628814f35c10cb8c15aaab448
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf
935426141d6ee9be09a4e2e7e2d76dbdd763b9826ebd0c50e3c9496831f4cbe2
93c4cd34acc7e28e43d6b7c12dfaa645fd277ec7122d46fc2beae0fdee702894
9906974456533f13e02d12567dbd19c03c961664ba8e6c070ca4f85875ff3839
a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66
d8aa24ecc6cecb1a60515bc093f1c9da38a0392612d9ab8ae0f7f36e6eee1fad
f076f7d051a7f045cf77aee2982e6f8a1cc8fa89b3ea0098b62aac458b970387

riverswimmer.com Open in urlscan Pro 172.96.176.34 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

13 Requests

100 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

491 kBTransfer

488 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

5 JavaScript Global Variables

1 Cookies

Indicators

riverswimmer.com Open in urlscan Pro
172.96.176.34 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

491 kB
Transfer

488 kB
Size

1
Cookies

13 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!