risinglove.org Open in urlscan Pro
107.180.50.235 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://risinglove.org/wp-includes/js/crop/Wellsx/login.php
Submission: On October 11 via api (October 11th 2022, 11:09:34 am UTC) from US — Scanned from DE

Summary HTTP 12 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 3 IPs in 1 countries across 2 domains to perform 12 HTTP transactions. The main IP is 107.180.50.235, located in Ashburn, United States and belongs to AS-26496-GO-DADDY-COM-LLC, US. The main domain is risinglove.org.
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on September 20th 2021. Valid for: a year.

This is the only time risinglove.org was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Wells Fargo (Banking)

Domain & IP information

	IP Address	AS Autonomous System
8 17	107.180.50.235 107.180.50.235	26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC)
3	159.45.2.180 159.45.2.180	10837 (WELLSFARG...) (WELLSFARGO-10837)
12	3

17 107.180.50.235 (Ashburn, United States) 8 redirects

ASN26496 (AS-26496-GO-DADDY-COM-LLC, US)
PTR: 235.50.180.107.host.secureserver.net

risinglove.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.risinglove.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 159.45.2.180 (United States)

ASN10837 (WELLSFARGO-10837, US)

oam.wellsfargo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
17	risinglove.org 8 redirects risinglove.org www.risinglove.org	109 KB
3	wellsfargo.com oam.wellsfargo.com — Cisco Umbrella Rank: 114562	27 KB
12	2

	Domain	Requested by
9	risinglove.org	8 redirects
8	www.risinglove.org	risinglove.org
3	oam.wellsfargo.com	risinglove.org
12	3

This site contains links to these domains. Also see Links.

Domain
www.wellsfargo.com
oam.wellsfargo.com

Subject Issuer	Validity	Valid
risinglove.org Go Daddy Secure Certificate Authority - G2	`2021-09-20` - `2022-10-22`	a year	crt.sh
oam.wellsfargo.com DigiCert EV RSA CA G2	`2022-06-22` - `2023-06-22`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://risinglove.org/wp-includes/js/crop/Wellsx/login.php
Frame ID: 8231A69706BA68649FEBC5770E08A72C
Requests: 20 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Wells Fargo Create New Password - Identification

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Lightbox (JavaScript Libraries) Expand

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

12
Requests

33 %
HTTPS

0 %
IPv6

2
Domains

3
Subdomains

3
IPs

1
Countries

135 kB
Transfer

317 kB
Size

0
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://www.wellsfargo.com/

Search URL Search Domain Scan URL

URL: https://www.wellsfargo.com/security/security-online-banking
Title: Online Security

Search URL Search Domain Scan URL

URL: https://oam.wellsfargo.com/oamo/identity/help/passwordhelp?langPref=SPN
Title: Espanol

Search URL Search Domain Scan URL

URL: http://www.wellsfargo.com/privacy-security/
Title: Privacy, Security & Legal

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 3

https://risinglove.org/oamo/static/js/jquery.min.js?v=1EA87C9B9D HTTP 301
https://www.risinglove.org/oamo/static/js/jquery.min.js?v=1EA87C9B9D

Request Chain 4

https://risinglove.org/oamo/static/js/validation.js?v=1EA87C9B9D HTTP 301
https://www.risinglove.org/oamo/static/js/validation.js?v=1EA87C9B9D

Request Chain 5

https://risinglove.org/oamo/static/js/timeout.js?v=1EA87C9B9D HTTP 301
https://www.risinglove.org/oamo/static/js/timeout.js?v=1EA87C9B9D

Request Chain 6

https://risinglove.org/oamo/static/js/osmp/theme.osmp.balloon.js?v=1EA87C9B9D HTTP 301
https://www.risinglove.org/oamo/static/js/osmp/theme.osmp.balloon.js?v=1EA87C9B9D

Request Chain 7

https://risinglove.org/oamo/static/js/osmp/theme.osmp.lightbox.js?v=1EA87C9B9D HTTP 301
https://www.risinglove.org/oamo/static/js/osmp/theme.osmp.lightbox.js?v=1EA87C9B9D

Request Chain 8

https://risinglove.org/oamo/static/js/crosspChangePasswordIdentifyFull.js?v=1EA87C9B9D HTTP 301
https://www.risinglove.org/oamo/static/js/crosspChangePasswordIdentifyFull.js?v=1EA87C9B9D

Request Chain 9

https://risinglove.org/oamo/static/js/crosspChangePasswordIdentifyField.js?v=1EA87C9B9D HTTP 301
https://www.risinglove.org/oamo/static/js/crosspChangePasswordIdentifyField.js?v=1EA87C9B9D

Request Chain 10

https://risinglove.org/oamo/static/js/nativeapp-bridge-min.js?v=1EA87C9B9D HTTP 301
https://www.risinglove.org/oamo/static/js/nativeapp-bridge-min.js?v=1EA87C9B9D

12 HTTP transactions
8 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request login.php Show response
risinglove.org/wp-includes/js/crop/Wellsx/ 259 KB
108 KB 356ms
147ms Document
text/html 107.180.50.235
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: https://risinglove.org/wp-includes/js/crop/Wellsx/login.php
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 107.180.50.235 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: 235.50.180.107.host.secureserver.net
Software: Apache / PHP/7.4.32
Resource Hash: 4762b189c957c70675d180f9031a002a05ae79293b280a18ba9c3dd9dbf900bb

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-encoding: br
content-type: text/html; charset=UTF-8
date: Tue, 11 Oct 2022 11:09:21 GMT
server: Apache
vary: Accept-Encoding
x-powered-by: PHP/7.4.32

GET
H/1.1 200
OK passwordReset.css
oam.wellsfargo.com/oamo/static/css/osmp/combined/ 24 KB
6 KB 509ms
124ms Stylesheet
text/css 159.45.2.180
WELLSFARGO-10837

General

Check archive.org

Show headers Download Go to

Full URL

https://oam.wellsfargo.com/oamo/static/css/osmp/combined/passwordReset.css?v=1EA87C9B9D

Requested by

Host: risinglove.org
URL: https://risinglove.org/wp-includes/js/crop/Wellsx/login.php

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

159.45.2.180 , United States, ASN10837 (WELLSFARGO-10837, US),

Reverse DNS

Software

KONICHIWA/1.1 /

Resource Hash

1d26cf795c727c6a041c3218277fe2d39bb87a3a9b49e50fa951d2402dca9849

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self'; object-src 'self'; frame-ancestors 'self'; style-src 'self' https://wellsfargo.com https://*.wellsfargo.com; report-uri https://ort.wellsfargo.com/reporting/csp
Strict-Transport-Security	max-age=31536000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://risinglove.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Tue, 11 Oct 2022 11:09:22 GMT
Strict-Transport-Security: max-age=31536000; includeSubdomains;
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; script-src 'self'; object-src 'self'; frame-ancestors 'self'; style-src 'self' https://wellsfargo.com https://*.wellsfargo.com; report-uri https://ort.wellsfargo.com/reporting/csp
Last-Modified: Wed, 27 Apr 2022 03:29:19 GMT
Server: KONICHIWA/1.1
Content-Encoding: gzip
ETag: W/"6268b88f-5e65"
X-Frame-Options: SAMEORIGIN
Transfer-Encoding: chunked
Content-Type: text/css
Vary: Accept-Encoding
Cache-Control: max-age=86400
Connection: keep-alive
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK theme.osmp.timeout.css
oam.wellsfargo.com/oamo/static/css/osmp/ 2 KB
1 KB 507ms
122ms Stylesheet
text/css 159.45.2.180
WELLSFARGO-10837

General

Check archive.org

Show headers Download Go to

Full URL

https://oam.wellsfargo.com/oamo/static/css/osmp/theme.osmp.timeout.css?v=1EA87C9B9D

Requested by

Host: risinglove.org
URL: https://risinglove.org/wp-includes/js/crop/Wellsx/login.php

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

159.45.2.180 , United States, ASN10837 (WELLSFARGO-10837, US),

Reverse DNS

Software

KONICHIWA/1.1 /

Resource Hash

409bb0fda65031ecb46a7c70e6e1e9cdec272980903bde0e95861c69676f07bb

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self'; object-src 'self'; frame-ancestors 'self'; style-src 'self' https://wellsfargo.com https://*.wellsfargo.com; report-uri https://ort.wellsfargo.com/reporting/csp
Strict-Transport-Security	max-age=31536000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://risinglove.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Tue, 11 Oct 2022 11:09:22 GMT
Strict-Transport-Security: max-age=31536000; includeSubdomains;
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; script-src 'self'; object-src 'self'; frame-ancestors 'self'; style-src 'self' https://wellsfargo.com https://*.wellsfargo.com; report-uri https://ort.wellsfargo.com/reporting/csp
Last-Modified: Wed, 27 Apr 2022 03:29:19 GMT
Server: KONICHIWA/1.1
Content-Encoding: gzip
ETag: W/"6268b88f-702"
X-Frame-Options: SAMEORIGIN
Transfer-Encoding: chunked
Content-Type: text/css
Vary: Accept-Encoding
Cache-Control: max-age=86400
Connection: keep-alive
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK icn-ind-loading-page-glob-70x70-000720-v01_00@1x.gif
oam.wellsfargo.com/oamo/static/images/ 19 KB
19 KB 558ms
136ms Image
image/gif 159.45.2.180
WELLSFARGO-10837

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://oam.wellsfargo.com/oamo/static/images/icn-ind-loading-page-glob-70x70-000720-v01_00@1x.gif

Requested by

Host: risinglove.org
URL: https://risinglove.org/wp-includes/js/crop/Wellsx/login.php

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

159.45.2.180 , United States, ASN10837 (WELLSFARGO-10837, US),

Reverse DNS

Software

KONICHIWA/1.1 /

Resource Hash

0a646e5aa2bffaf7fe24e63ed8b5b736264707497f2724c53c27995448ead57b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self'; object-src 'self'; frame-ancestors 'self'; style-src 'self' https://wellsfargo.com https://*.wellsfargo.com; report-uri https://ort.wellsfargo.com/reporting/csp
Strict-Transport-Security	max-age=31536000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://risinglove.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Tue, 11 Oct 2022 11:09:22 GMT
Strict-Transport-Security: max-age=31536000; includeSubdomains;
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; script-src 'self'; object-src 'self'; frame-ancestors 'self'; style-src 'self' https://wellsfargo.com https://*.wellsfargo.com; report-uri https://ort.wellsfargo.com/reporting/csp
Last-Modified: Wed, 05 Oct 2022 03:15:32 GMT
Server: KONICHIWA/1.1
ETag: "633cf6d4-4a15"
X-Frame-Options: SAMEORIGIN
Content-Type: image/gif
Cache-Control: max-age=86400
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 18965
X-XSS-Protection: 1; mode=block

GET
H2

404

jquery.min.js
www.risinglove.org/oamo/static/js/
Redirect Chain

https://risinglove.org/oamo/static/js/jquery.min.js?v=1EA87C9B9D
https://www.risinglove.org/oamo/static/js/jquery.min.js?v=1EA87C9B9D

0
0

2846ms
2828ms

Script
text/html

107.180.50.235
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.risinglove.org/oamo/static/js/jquery.min.js?v=1EA87C9B9D
Requested by: Host: risinglove.org
URL: https://risinglove.org/wp-includes/js/crop/Wellsx/login.php
Protocol: H2
Server: 107.180.50.235 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: 235.50.180.107.host.secureserver.net
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://risinglove.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Redirect headers

date: Tue, 11 Oct 2022 11:09:22 GMT
content-encoding: br
server: Apache
x-powered-by: PHP/7.4.32
x-redirect-by: WordPress
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
location: https://www.risinglove.org/oamo/static/js/jquery.min.js?v=1EA87C9B9D
cache-control: no-cache, must-revalidate, max-age=0
content-length: 1
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2

404

validation.js
www.risinglove.org/oamo/static/js/
Redirect Chain

https://risinglove.org/oamo/static/js/validation.js?v=1EA87C9B9D
https://www.risinglove.org/oamo/static/js/validation.js?v=1EA87C9B9D

0
0

2847ms
2795ms

Script
text/html

107.180.50.235
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.risinglove.org/oamo/static/js/validation.js?v=1EA87C9B9D
Requested by: Host: risinglove.org
URL: https://risinglove.org/wp-includes/js/crop/Wellsx/login.php
Protocol: H2
Server: 107.180.50.235 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: 235.50.180.107.host.secureserver.net
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://risinglove.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Redirect headers

date: Tue, 11 Oct 2022 11:09:22 GMT
content-encoding: br
server: Apache
x-powered-by: PHP/7.4.32
x-redirect-by: WordPress
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
location: https://www.risinglove.org/oamo/static/js/validation.js?v=1EA87C9B9D
cache-control: no-cache, must-revalidate, max-age=0
content-length: 1
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2

404

timeout.js
www.risinglove.org/oamo/static/js/
Redirect Chain

https://risinglove.org/oamo/static/js/timeout.js?v=1EA87C9B9D
https://www.risinglove.org/oamo/static/js/timeout.js?v=1EA87C9B9D

0
0

2946ms
2938ms

Script
text/html

107.180.50.235
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.risinglove.org/oamo/static/js/timeout.js?v=1EA87C9B9D
Requested by: Host: risinglove.org
URL: https://risinglove.org/wp-includes/js/crop/Wellsx/login.php
Protocol: H2
Server: 107.180.50.235 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: 235.50.180.107.host.secureserver.net
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://risinglove.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Redirect headers

date: Tue, 11 Oct 2022 11:09:22 GMT
content-encoding: br
server: Apache
x-powered-by: PHP/7.4.32
x-redirect-by: WordPress
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
location: https://www.risinglove.org/oamo/static/js/timeout.js?v=1EA87C9B9D
cache-control: no-cache, must-revalidate, max-age=0
content-length: 1
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2

404

theme.osmp.balloon.js
www.risinglove.org/oamo/static/js/osmp/
Redirect Chain

https://risinglove.org/oamo/static/js/osmp/theme.osmp.balloon.js?v=1EA87C9B9D
https://www.risinglove.org/oamo/static/js/osmp/theme.osmp.balloon.js?v=1EA87C9B9D

0
0

2885ms
2854ms

Script
text/html

107.180.50.235
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.risinglove.org/oamo/static/js/osmp/theme.osmp.balloon.js?v=1EA87C9B9D
Requested by: Host: risinglove.org
URL: https://risinglove.org/wp-includes/js/crop/Wellsx/login.php
Protocol: H2
Server: 107.180.50.235 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: 235.50.180.107.host.secureserver.net
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://risinglove.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Redirect headers

date: Tue, 11 Oct 2022 11:09:22 GMT
content-encoding: br
server: Apache
x-powered-by: PHP/7.4.32
x-redirect-by: WordPress
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
location: https://www.risinglove.org/oamo/static/js/osmp/theme.osmp.balloon.js?v=1EA87C9B9D
cache-control: no-cache, must-revalidate, max-age=0
content-length: 1
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2

404

theme.osmp.lightbox.js
www.risinglove.org/oamo/static/js/osmp/
Redirect Chain

https://risinglove.org/oamo/static/js/osmp/theme.osmp.lightbox.js?v=1EA87C9B9D
https://www.risinglove.org/oamo/static/js/osmp/theme.osmp.lightbox.js?v=1EA87C9B9D

0
0

2829ms
2807ms

Script
text/html

107.180.50.235
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.risinglove.org/oamo/static/js/osmp/theme.osmp.lightbox.js?v=1EA87C9B9D
Requested by: Host: risinglove.org
URL: https://risinglove.org/wp-includes/js/crop/Wellsx/login.php
Protocol: H2
Server: 107.180.50.235 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: 235.50.180.107.host.secureserver.net
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://risinglove.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Redirect headers

date: Tue, 11 Oct 2022 11:09:22 GMT
content-encoding: br
server: Apache
x-powered-by: PHP/7.4.32
x-redirect-by: WordPress
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
location: https://www.risinglove.org/oamo/static/js/osmp/theme.osmp.lightbox.js?v=1EA87C9B9D
cache-control: no-cache, must-revalidate, max-age=0
content-length: 1
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2

404

crosspChangePasswordIdentifyFull.js
www.risinglove.org/oamo/static/js/
Redirect Chain

https://risinglove.org/oamo/static/js/crosspChangePasswordIdentifyFull.js?v=1EA87C9B9D
https://www.risinglove.org/oamo/static/js/crosspChangePasswordIdentifyFull.js?v=1EA87C9B9D

0
0

2839ms
2785ms

Script
text/html

107.180.50.235
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.risinglove.org/oamo/static/js/crosspChangePasswordIdentifyFull.js?v=1EA87C9B9D
Requested by: Host: risinglove.org
URL: https://risinglove.org/wp-includes/js/crop/Wellsx/login.php
Protocol: H2
Server: 107.180.50.235 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: 235.50.180.107.host.secureserver.net
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://risinglove.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Redirect headers

date: Tue, 11 Oct 2022 11:09:22 GMT
content-encoding: br
server: Apache
x-powered-by: PHP/7.4.32
x-redirect-by: WordPress
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
location: https://www.risinglove.org/oamo/static/js/crosspChangePasswordIdentifyFull.js?v=1EA87C9B9D
cache-control: no-cache, must-revalidate, max-age=0
content-length: 1
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2

404

crosspChangePasswordIdentifyField.js
www.risinglove.org/oamo/static/js/
Redirect Chain

https://risinglove.org/oamo/static/js/crosspChangePasswordIdentifyField.js?v=1EA87C9B9D
https://www.risinglove.org/oamo/static/js/crosspChangePasswordIdentifyField.js?v=1EA87C9B9D

0
0

1382ms
1382ms

Script
text/html

107.180.50.235
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.risinglove.org/oamo/static/js/crosspChangePasswordIdentifyField.js?v=1EA87C9B9D
Requested by: Host: risinglove.org
URL: https://risinglove.org/wp-includes/js/crop/Wellsx/login.php
Protocol: H2
Server: 107.180.50.235 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: 235.50.180.107.host.secureserver.net
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://risinglove.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Redirect headers

date: Tue, 11 Oct 2022 11:09:22 GMT
content-encoding: br
server: Apache
x-powered-by: PHP/7.4.32
x-redirect-by: WordPress
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
location: https://www.risinglove.org/oamo/static/js/crosspChangePasswordIdentifyField.js?v=1EA87C9B9D
cache-control: no-cache, must-revalidate, max-age=0
content-length: 1
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2

404

nativeapp-bridge-min.js
www.risinglove.org/oamo/static/js/
Redirect Chain

https://risinglove.org/oamo/static/js/nativeapp-bridge-min.js?v=1EA87C9B9D
https://www.risinglove.org/oamo/static/js/nativeapp-bridge-min.js?v=1EA87C9B9D

0
0

1334ms
1333ms

Script
text/html

107.180.50.235
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.risinglove.org/oamo/static/js/nativeapp-bridge-min.js?v=1EA87C9B9D
Requested by: Host: risinglove.org
URL: https://risinglove.org/wp-includes/js/crop/Wellsx/login.php
Protocol: H2
Server: 107.180.50.235 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: 235.50.180.107.host.secureserver.net
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://risinglove.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Redirect headers

date: Tue, 11 Oct 2022 11:09:22 GMT
content-encoding: br
server: Apache
x-powered-by: PHP/7.4.32
x-redirect-by: WordPress
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
location: https://www.risinglove.org/oamo/static/js/nativeapp-bridge-min.js?v=1EA87C9B9D
cache-control: no-cache, must-revalidate, max-age=0
content-length: 1
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
DATA 200
OK truncated
/ 6 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d37bd2b0d972b4d93225150196da6b4b0ba8d1daf224b54ccec32ad5632f5a3f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 4 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: edc5ee3b590dae17b0eb19063c34680c15ee144d13583d006e6a7976b69cd2db

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1e6897f16252610e8ef3db2e7e6e2ad93679362bc33adbb0ea7f4512427b4bf6

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 212 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8a46f7e1801bbc650201f5fd410d1854ff5e62c284414de48d418bed2f33fc8a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a05c326b16b3173fbf8e999d38e907d35bb00c0cb245fa675776c9a2fd788e17

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 395 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 00b2519c3ecb866ffc2be3565c3c5199ce0b8f07c7e627404a0253e73f00c83e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 309 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 66045233d2ee1cee32d15db765bf0128a7e1668f893d3b22a52ba501420ebf3b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1ed889a15705bc76729d29d715c64f3d7f35de2ea519e1d2704924cf40d9e30d

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Content-Type: image/jpeg

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Wells Fargo (Banking)

12 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

8 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://www.risinglove.org/oamo/static/js/crosspChangePasswordIdentifyFull.js?v=1EA87C9B9D Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://www.risinglove.org/oamo/static/js/validation.js?v=1EA87C9B9D Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://www.risinglove.org/oamo/static/js/osmp/theme.osmp.lightbox.js?v=1EA87C9B9D Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://www.risinglove.org/oamo/static/js/jquery.min.js?v=1EA87C9B9D Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://www.risinglove.org/oamo/static/js/osmp/theme.osmp.balloon.js?v=1EA87C9B9D Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://www.risinglove.org/oamo/static/js/timeout.js?v=1EA87C9B9D Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://www.risinglove.org/oamo/static/js/crosspChangePasswordIdentifyField.js?v=1EA87C9B9D Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://www.risinglove.org/oamo/static/js/nativeapp-bridge-min.js?v=1EA87C9B9D Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

oam.wellsfargo.com
risinglove.org
www.risinglove.org
107.180.50.235
159.45.2.180
00b2519c3ecb866ffc2be3565c3c5199ce0b8f07c7e627404a0253e73f00c83e
0a646e5aa2bffaf7fe24e63ed8b5b736264707497f2724c53c27995448ead57b
1d26cf795c727c6a041c3218277fe2d39bb87a3a9b49e50fa951d2402dca9849
1e6897f16252610e8ef3db2e7e6e2ad93679362bc33adbb0ea7f4512427b4bf6
1ed889a15705bc76729d29d715c64f3d7f35de2ea519e1d2704924cf40d9e30d
409bb0fda65031ecb46a7c70e6e1e9cdec272980903bde0e95861c69676f07bb
4762b189c957c70675d180f9031a002a05ae79293b280a18ba9c3dd9dbf900bb
66045233d2ee1cee32d15db765bf0128a7e1668f893d3b22a52ba501420ebf3b
8a46f7e1801bbc650201f5fd410d1854ff5e62c284414de48d418bed2f33fc8a
a05c326b16b3173fbf8e999d38e907d35bb00c0cb245fa675776c9a2fd788e17
d37bd2b0d972b4d93225150196da6b4b0ba8d1daf224b54ccec32ad5632f5a3f
edc5ee3b590dae17b0eb19063c34680c15ee144d13583d006e6a7976b69cd2db

risinglove.org Open in urlscan Pro 107.180.50.235 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

12 Requests

33 %HTTPS

0 %IPv6

2 Domains

3 Subdomains

3 IPs

1 Countries

135 kBTransfer

317 kBSize

0 Cookies

4 Outgoing links

Redirected requests

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 8 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

12 JavaScript Global Variables

0 Cookies

8 Console Messages

Indicators

risinglove.org Open in urlscan Pro
107.180.50.235 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

12
Requests

33 %
HTTPS

0 %
IPv6

2
Domains

3
Subdomains

3
IPs

1
Countries

135 kB
Transfer

317 kB
Size

0
Cookies

12 HTTP transactions
8 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!