scribble.dvrlists.com Open in urlscan Pro
162.241.121.114 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://scribble.dvrlists.com/wells/email.htm
Submission: On November 10 via automatic, source openphish (November 10th 2021, 1:28:18 am UTC) — Scanned from DE

Summary HTTP 18 Redirects Links 3 Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 18 HTTP transactions. The main IP is 162.241.121.114, located in United States and belongs to UNIFIEDLAYER-AS-1, US. The main domain is scribble.dvrlists.com.
TLS certificate: Issued by R3 on October 31st 2021. Valid for: 3 months.

This is the only time scribble.dvrlists.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Wells Fargo (Banking)

Domain & IP information

	IP Address	AS Autonomous System
17	162.241.121.114 162.241.121.114	46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1)
1 1	159.45.2.180 159.45.2.180	10837 (WELLSFARG...) (WELLSFARGO-10837)
1	159.45.2.178 159.45.2.178	10837 (WELLSFARG...) (WELLSFARGO-10837)
18	2

17 162.241.121.114 (United States)

ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: 162-241-121-114.unifiedlayer.com

scribble.dvrlists.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 159.45.2.180 (United States) 1 redirects

ASN10837 (WELLSFARGO-10837, US)

oam.wellsfargo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 159.45.2.178 (United States)

ASN10837 (WELLSFARGO-10837, US)

static.wellsfargo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
17	dvrlists.com scribble.dvrlists.com	411 KB
2	wellsfargo.com 1 redirects oam.wellsfargo.com static.wellsfargo.com	208 B
18	2

	Domain	Requested by
17	scribble.dvrlists.com	scribble.dvrlists.com
1	static.wellsfargo.com	scribble.dvrlists.com
1	oam.wellsfargo.com	1 redirects
18	3

This site contains links to these domains. Also see Links.

Domain
oam.wellsfargo.com
www.wellsfargo.com

Subject Issuer	Validity	Valid
scribble.dvrlists.com R3	`2021-10-31` - `2022-01-29`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://scribble.dvrlists.com/wells/email.htm
Frame ID: C03F526959E2333B5EB3D77B1EB6609D
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Wells Fargo Online® Email Enrollment

Page Statistics

18
Requests

94 %
HTTPS

0 %
IPv6

2
Domains

3
Subdomains

2
IPs

1
Countries

411 kB
Transfer

407 kB
Size

0
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: https://oam.wellsfargo.com/oamo/identity/authentication?execution=e1s1&langPref=SPN
Title: Español

Search URL Search Domain Scan URL

URL: http://www.wellsfargo.com/privacy-security/
Title: Privacy, Security & Legal

Search URL Search Domain Scan URL

URL: https://oam.wellsfargo.com/oamo/identity/exit
Title: Exit

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 15

https://oam.wellsfargo.com//oamo/static/images/bg-footer.png HTTP 302
https://static.wellsfargo.com/accounts/static/webassets/unavailable/temporarily_unavailable.html

18 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request email.htm Show response scribble.dvrlists.com/wells/	10 KB 11 KB	711ms 127ms	Document text/html	162.241.121.114 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://scribble.dvrlists.com/wells/email.htm Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 162.241.121.114 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 162-241-121-114.unifiedlayer.com Software Apache / Resource Hash `3e923a19ba829ca4c6c2fd5b13c460752ee3488b0ee3a797d4704c4d68f68fdf` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Accept-Language de-DE,de;q=0.9 Response headers Date Wed, 10 Nov 2021 01:28:11 GMT Server Apache Last-Modified Fri, 12 Oct 2018 12:50:08 GMT Accept-Ranges bytes Content-Length 10655 Keep-Alive timeout=5, max=100 Connection Keep-Alive Content-Type text/html
GET H/1.1	200 OK	mob_enroll.css scribble.dvrlists.com/wells/email_files/	27 KB 28 KB	128ms 127ms	Stylesheet text/css	162.241.121.114 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://scribble.dvrlists.com/wells/email_files/mob_enroll.css Requested by Host: scribble.dvrlists.com URL: https://scribble.dvrlists.com/wells/email.htm Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 162.241.121.114 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 162-241-121-114.unifiedlayer.com Software Apache / Resource Hash `dd3ba9c9d1444100effa564a1eb9eb0ea1c0afb7145407bdfa659023396b7342` Request headers Accept-Language de-DE,de;q=0.9 Referer https://scribble.dvrlists.com/wells/email.htm User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers Date Wed, 10 Nov 2021 01:28:12 GMT Last-Modified Thu, 11 Oct 2018 15:59:36 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 28078
GET H/1.1	200 OK	ionicons.css scribble.dvrlists.com/wells/email_files/	33 KB 34 KB	382ms 128ms	Stylesheet text/css	162.241.121.114 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://scribble.dvrlists.com/wells/email_files/ionicons.css Requested by Host: scribble.dvrlists.com URL: https://scribble.dvrlists.com/wells/email.htm Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 162.241.121.114 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 162-241-121-114.unifiedlayer.com Software Apache / Resource Hash `efd2f4f35eba14f0804f1e02958f8dd59159e0f99f74ed732e738aa1e00c1de3` Request headers Accept-Language de-DE,de;q=0.9 Referer https://scribble.dvrlists.com/wells/email.htm User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers Date Wed, 10 Nov 2021 01:28:12 GMT Last-Modified Thu, 11 Oct 2018 15:59:36 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 34085
GET H/1.1	200 OK	enrollment.css scribble.dvrlists.com/wells/email_files/	14 KB 15 KB	380ms 126ms	Stylesheet text/css	162.241.121.114 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://scribble.dvrlists.com/wells/email_files/enrollment.css Requested by Host: scribble.dvrlists.com URL: https://scribble.dvrlists.com/wells/email.htm Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 162.241.121.114 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 162-241-121-114.unifiedlayer.com Software Apache / Resource Hash `9ba7016051c96e9157969e8eb0aff2fdef294e347e1994a10c51d006662b79d4` Request headers Accept-Language de-DE,de;q=0.9 Referer https://scribble.dvrlists.com/wells/email.htm User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers Date Wed, 10 Nov 2021 01:28:12 GMT Last-Modified Thu, 11 Oct 2018 15:59:36 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 14726
GET H/1.1	200 OK	jquery_002.js Show response scribble.dvrlists.com/wells/email_files/	85 KB 85 KB	380ms 127ms	Script application/javascript	162.241.121.114 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://scribble.dvrlists.com/wells/email_files/jquery_002.js Requested by Host: scribble.dvrlists.com URL: https://scribble.dvrlists.com/wells/email.htm Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 162.241.121.114 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 162-241-121-114.unifiedlayer.com Software Apache / Resource Hash `160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef` Request headers Accept-Language de-DE,de;q=0.9 Referer https://scribble.dvrlists.com/wells/email.htm User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers Date Wed, 10 Nov 2021 01:28:12 GMT Last-Modified Thu, 11 Oct 2018 15:59:36 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 86927
GET H/1.1	200 OK	icon_home.png scribble.dvrlists.com/wells/email_files/	1 KB 2 KB	144ms 127ms	Image image/png	162.241.121.114 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://scribble.dvrlists.com/wells/email_files/icon_home.png Requested by Host: scribble.dvrlists.com URL: https://scribble.dvrlists.com/wells/email.htm Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 162.241.121.114 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 162-241-121-114.unifiedlayer.com Software Apache / Resource Hash `0186ed0d7a00f1e88d588f1a0ba30857e566e88738ff60b5772e941b0c20cf0a` Request headers Accept-Language de-DE,de;q=0.9 Referer https://scribble.dvrlists.com/wells/email.htm User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers Date Wed, 10 Nov 2021 01:28:12 GMT Last-Modified Thu, 11 Oct 2018 15:59:36 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 1475
GET H/1.1	200 OK	wf-logo.gif scribble.dvrlists.com/wells/email_files/	4 KB 4 KB	237ms 127ms	Image image/gif	162.241.121.114 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://scribble.dvrlists.com/wells/email_files/wf-logo.gif Requested by Host: scribble.dvrlists.com URL: https://scribble.dvrlists.com/wells/email.htm Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 162.241.121.114 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 162-241-121-114.unifiedlayer.com Software Apache / Resource Hash `edc5ee3b590dae17b0eb19063c34680c15ee144d13583d006e6a7976b69cd2db` Request headers Accept-Language de-DE,de;q=0.9 Referer https://scribble.dvrlists.com/wells/email.htm User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers Date Wed, 10 Nov 2021 01:28:12 GMT Last-Modified Thu, 11 Oct 2018 15:59:36 GMT Server Apache Content-Type image/gif Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 3718
GET H/1.1	200 OK	WellsFargo_xhdpi.png scribble.dvrlists.com/wells/email_files/	6 KB 6 KB	138ms 127ms	Image image/png	162.241.121.114 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://scribble.dvrlists.com/wells/email_files/WellsFargo_xhdpi.png Requested by Host: scribble.dvrlists.com URL: https://scribble.dvrlists.com/wells/email.htm Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 162.241.121.114 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 162-241-121-114.unifiedlayer.com Software Apache / Resource Hash `d37bd2b0d972b4d93225150196da6b4b0ba8d1daf224b54ccec32ad5632f5a3f` Request headers Accept-Language de-DE,de;q=0.9 Referer https://scribble.dvrlists.com/wells/email.htm User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers Date Wed, 10 Nov 2021 01:28:12 GMT Last-Modified Thu, 11 Oct 2018 15:59:36 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 5798
GET H/1.1	200 OK	criterror_12x12.gif scribble.dvrlists.com/wells/email_files/	212 B 453 B	128ms 128ms	Image image/gif	162.241.121.114 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://scribble.dvrlists.com/wells/email_files/criterror_12x12.gif Requested by Host: scribble.dvrlists.com URL: https://scribble.dvrlists.com/wells/email.htm Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 162.241.121.114 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 162-241-121-114.unifiedlayer.com Software Apache / Resource Hash `8a46f7e1801bbc650201f5fd410d1854ff5e62c284414de48d418bed2f33fc8a` Request headers Accept-Language de-DE,de;q=0.9 Referer https://scribble.dvrlists.com/wells/email.htm User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers Date Wed, 10 Nov 2021 01:28:12 GMT Last-Modified Thu, 11 Oct 2018 15:59:36 GMT Server Apache Content-Type image/gif Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=96 Content-Length 212
GET H/1.1	200 OK	jquery.js Show response scribble.dvrlists.com/wells/email_files/	85 KB 85 KB	127ms 127ms	Script application/javascript	162.241.121.114 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://scribble.dvrlists.com/wells/email_files/jquery.js Requested by Host: scribble.dvrlists.com URL: https://scribble.dvrlists.com/wells/email.htm Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 162.241.121.114 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 162-241-121-114.unifiedlayer.com Software Apache / Resource Hash `160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef` Request headers Accept-Language de-DE,de;q=0.9 Referer https://scribble.dvrlists.com/wells/email.htm User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers Date Wed, 10 Nov 2021 01:28:12 GMT Last-Modified Thu, 11 Oct 2018 15:59:36 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 86927
GET H/1.1	200 OK	WF_jquery.js Show response scribble.dvrlists.com/wells/email_files/	12 KB 12 KB	127ms 127ms	Script application/javascript	162.241.121.114 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://scribble.dvrlists.com/wells/email_files/WF_jquery.js Requested by Host: scribble.dvrlists.com URL: https://scribble.dvrlists.com/wells/email.htm Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 162.241.121.114 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 162-241-121-114.unifiedlayer.com Software Apache / Resource Hash `5542852e0b171ad573f4640459e924a463d1b33bb432c5f19ea74dff8053ed60` Request headers Accept-Language de-DE,de;q=0.9 Referer https://scribble.dvrlists.com/wells/email.htm User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers Date Wed, 10 Nov 2021 01:28:12 GMT Last-Modified Thu, 11 Oct 2018 15:59:36 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 12420
GET H/1.1	200 OK	fpa_utils.js Show response scribble.dvrlists.com/wells/email_files/	35 KB 35 KB	128ms 128ms	Script application/javascript	162.241.121.114 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://scribble.dvrlists.com/wells/email_files/fpa_utils.js Requested by Host: scribble.dvrlists.com URL: https://scribble.dvrlists.com/wells/email.htm Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 162.241.121.114 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 162-241-121-114.unifiedlayer.com Software Apache / Resource Hash `ed4780490f5de158b0733c83ee137bc925a28a86a9e88539f0571a843811b2cb` Request headers Accept-Language de-DE,de;q=0.9 Referer https://scribble.dvrlists.com/wells/email.htm User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers Date Wed, 10 Nov 2021 01:28:12 GMT Last-Modified Thu, 11 Oct 2018 15:59:36 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=97 Content-Length 35396
GET H/1.1	200 OK	mob_enroll.js Show response scribble.dvrlists.com/wells/email_files/	58 KB 58 KB	127ms 126ms	Script application/javascript	162.241.121.114 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://scribble.dvrlists.com/wells/email_files/mob_enroll.js Requested by Host: scribble.dvrlists.com URL: https://scribble.dvrlists.com/wells/email.htm Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 162.241.121.114 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 162-241-121-114.unifiedlayer.com Software Apache / Resource Hash `f1992022c099c3175f55eda1eff4f8b44ef56a29775a264b8b934d2e3bce48b7` Request headers Accept-Language de-DE,de;q=0.9 Referer https://scribble.dvrlists.com/wells/email.htm User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers Date Wed, 10 Nov 2021 01:28:12 GMT Last-Modified Thu, 11 Oct 2018 15:59:36 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 59590
GET H/1.1	200 OK	respond.js Show response scribble.dvrlists.com/wells/email_files/	4 KB 5 KB	363ms 126ms	Script application/javascript	162.241.121.114 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://scribble.dvrlists.com/wells/email_files/respond.js Requested by Host: scribble.dvrlists.com URL: https://scribble.dvrlists.com/wells/email.htm Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 162.241.121.114 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 162-241-121-114.unifiedlayer.com Software Apache / Resource Hash `82069c15edd6943dfaa59f5ac3f6acc86fd44a28fe925e410ccdcadec194a8ba` Request headers Accept-Language de-DE,de;q=0.9 Referer https://scribble.dvrlists.com/wells/email.htm User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers Date Wed, 10 Nov 2021 01:28:12 GMT Last-Modified Thu, 11 Oct 2018 15:59:36 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 4591
GET H/1.1	200 OK	browser_detect.js Show response scribble.dvrlists.com/wells/email_files/	2 KB 2 KB	371ms 127ms	Script application/javascript	162.241.121.114 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://scribble.dvrlists.com/wells/email_files/browser_detect.js Requested by Host: scribble.dvrlists.com URL: https://scribble.dvrlists.com/wells/email.htm Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 162.241.121.114 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 162-241-121-114.unifiedlayer.com Software Apache / Resource Hash `e664ed48f9defb9d9077aecb84171dcaf41f91db459011b70e2e4bbf3a689a5d` Request headers Accept-Language de-DE,de;q=0.9 Referer https://scribble.dvrlists.com/wells/email.htm User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers Date Wed, 10 Nov 2021 01:28:12 GMT Last-Modified Thu, 11 Oct 2018 15:59:36 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=97 Content-Length 1726
GET H/1.1	200 OK	ajax_loader.gif scribble.dvrlists.com/wells/email_files/	30 KB 30 KB	127ms 126ms	Image image/gif	162.241.121.114 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://scribble.dvrlists.com/wells/email_files/ajax_loader.gif Requested by Host: scribble.dvrlists.com URL: https://scribble.dvrlists.com/wells/email.htm Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 162.241.121.114 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 162-241-121-114.unifiedlayer.com Software Apache / Resource Hash `dd4c639d4c2d3ce8b5fe3243f02175db5b299fc122b6086b9e03466fc83b45f8` Request headers Accept-Language de-DE,de;q=0.9 Referer https://scribble.dvrlists.com/wells/email.htm User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers Date Wed, 10 Nov 2021 01:28:13 GMT Last-Modified Thu, 11 Oct 2018 15:59:36 GMT Server Apache Content-Type image/gif Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=97 Content-Length 30217
GET H/1.1	200 OK	temporarily_unavailable.html static.wellsfargo.com/accounts/static/webassets/unavailable/ Redirect Chain https://oam.wellsfargo.com//oamo/static/images/bg-footer.png https://static.wellsfargo.com/accounts/static/webassets/unavailable/temporarily_unavailable.html	0 0	479ms 115ms	Image text/html	159.45.2.178 WELLSFARGO-10837
General Check archive.org Show headers Download Go to Show image Full URL https://static.wellsfargo.com/accounts/static/webassets/unavailable/temporarily_unavailable.html Requested by Host: scribble.dvrlists.com URL: https://scribble.dvrlists.com/wells/email.htm Protocol HTTP/1.1 Server 159.45.2.178 , United States, ASN10837 (WELLSFARGO-10837, US), Reverse DNS Software / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Accept-Language de-DE,de;q=0.9 Referer https://scribble.dvrlists.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers Redirect headers Location https://static.wellsfargo.com/accounts/static/webassets/unavailable/temporarily_unavailable.html Server KONICHIWA/1.1 Connection Keep-Alive Content-Length 0
GET H/1.1	404 Not Found	ajax_loader.gif scribble.dvrlists.com/oamo/images/	315 B 315 B	127ms 127ms	Image text/html	162.241.121.114 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://scribble.dvrlists.com/oamo/images/ajax_loader.gif Requested by Host: scribble.dvrlists.com URL: https://scribble.dvrlists.com/wells/email.htm Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 162.241.121.114 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 162-241-121-114.unifiedlayer.com Software Apache / Resource Hash `d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3` Request headers Accept-Language de-DE,de;q=0.9 Referer https://scribble.dvrlists.com/wells/email.htm User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers Date Wed, 10 Nov 2021 01:28:13 GMT Server Apache Connection Keep-Alive Keep-Alive timeout=5, max=99 Content-Length 315 Content-Type text/html; charset=iso-8859-1

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Wells Fargo (Banking)

20 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://scribble.dvrlists.com/oamo/images/ajax_loader.gif Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

oam.wellsfargo.com
scribble.dvrlists.com
static.wellsfargo.com
159.45.2.178
159.45.2.180
162.241.121.114
0186ed0d7a00f1e88d588f1a0ba30857e566e88738ff60b5772e941b0c20cf0a
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
3e923a19ba829ca4c6c2fd5b13c460752ee3488b0ee3a797d4704c4d68f68fdf
5542852e0b171ad573f4640459e924a463d1b33bb432c5f19ea74dff8053ed60
82069c15edd6943dfaa59f5ac3f6acc86fd44a28fe925e410ccdcadec194a8ba
8a46f7e1801bbc650201f5fd410d1854ff5e62c284414de48d418bed2f33fc8a
9ba7016051c96e9157969e8eb0aff2fdef294e347e1994a10c51d006662b79d4
d37bd2b0d972b4d93225150196da6b4b0ba8d1daf224b54ccec32ad5632f5a3f
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
dd3ba9c9d1444100effa564a1eb9eb0ea1c0afb7145407bdfa659023396b7342
dd4c639d4c2d3ce8b5fe3243f02175db5b299fc122b6086b9e03466fc83b45f8
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e664ed48f9defb9d9077aecb84171dcaf41f91db459011b70e2e4bbf3a689a5d
ed4780490f5de158b0733c83ee137bc925a28a86a9e88539f0571a843811b2cb
edc5ee3b590dae17b0eb19063c34680c15ee144d13583d006e6a7976b69cd2db
efd2f4f35eba14f0804f1e02958f8dd59159e0f99f74ed732e738aa1e00c1de3
f1992022c099c3175f55eda1eff4f8b44ef56a29775a264b8b934d2e3bce48b7

scribble.dvrlists.com Open in urlscan Pro 162.241.121.114 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

18 Requests

94 %HTTPS

0 %IPv6

2 Domains

3 Subdomains

2 IPs

1 Countries

411 kBTransfer

407 kBSize

0 Cookies

3 Outgoing links

Redirected requests

18 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

20 JavaScript Global Variables

0 Cookies

1 Console Messages

Indicators

scribble.dvrlists.com Open in urlscan Pro
162.241.121.114 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

18
Requests

94 %
HTTPS

0 %
IPv6

2
Domains

3
Subdomains

2
IPs

1
Countries

411 kB
Transfer

407 kB
Size

0
Cookies

18 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!