scribble.dvrlists.com
Open in
urlscan Pro
162.241.121.114
Malicious Activity!
Public Scan
Submission: On November 10 via automatic, source openphish — Scanned from DE
Summary
TLS certificate: Issued by R3 on October 31st 2021. Valid for: 3 months.
This is the only time scribble.dvrlists.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Wells Fargo (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
17 | 162.241.121.114 162.241.121.114 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1) | |
1 1 | 159.45.2.180 159.45.2.180 | 10837 (WELLSFARG...) (WELLSFARGO-10837) | |
1 | 159.45.2.178 159.45.2.178 | 10837 (WELLSFARG...) (WELLSFARGO-10837) | |
18 | 2 |
ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: 162-241-121-114.unifiedlayer.com
scribble.dvrlists.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
17 |
dvrlists.com
scribble.dvrlists.com |
411 KB |
2 |
wellsfargo.com
1 redirects
oam.wellsfargo.com static.wellsfargo.com |
208 B |
18 | 2 |
Domain | Requested by | |
---|---|---|
17 | scribble.dvrlists.com |
scribble.dvrlists.com
|
1 | static.wellsfargo.com |
scribble.dvrlists.com
|
1 | oam.wellsfargo.com | 1 redirects |
18 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
oam.wellsfargo.com |
www.wellsfargo.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
scribble.dvrlists.com R3 |
2021-10-31 - 2022-01-29 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://scribble.dvrlists.com/wells/email.htm
Frame ID: C03F526959E2333B5EB3D77B1EB6609D
Requests: 18 HTTP requests in this frame
3 Outgoing links
These are links going to different origins than the main page.
Title: Español
Search URL Search Domain Scan URL
Title: Privacy, Security & Legal
Search URL Search Domain Scan URL
Title: Exit
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 15- https://oam.wellsfargo.com//oamo/static/images/bg-footer.png HTTP 302
- https://static.wellsfargo.com/accounts/static/webassets/unavailable/temporarily_unavailable.html
18 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
email.htm
scribble.dvrlists.com/wells/ |
10 KB 11 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mob_enroll.css
scribble.dvrlists.com/wells/email_files/ |
27 KB 28 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ionicons.css
scribble.dvrlists.com/wells/email_files/ |
33 KB 34 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
enrollment.css
scribble.dvrlists.com/wells/email_files/ |
14 KB 15 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery_002.js
scribble.dvrlists.com/wells/email_files/ |
85 KB 85 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icon_home.png
scribble.dvrlists.com/wells/email_files/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wf-logo.gif
scribble.dvrlists.com/wells/email_files/ |
4 KB 4 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
WellsFargo_xhdpi.png
scribble.dvrlists.com/wells/email_files/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
criterror_12x12.gif
scribble.dvrlists.com/wells/email_files/ |
212 B 453 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.js
scribble.dvrlists.com/wells/email_files/ |
85 KB 85 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
WF_jquery.js
scribble.dvrlists.com/wells/email_files/ |
12 KB 12 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fpa_utils.js
scribble.dvrlists.com/wells/email_files/ |
35 KB 35 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mob_enroll.js
scribble.dvrlists.com/wells/email_files/ |
58 KB 58 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
respond.js
scribble.dvrlists.com/wells/email_files/ |
4 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
browser_detect.js
scribble.dvrlists.com/wells/email_files/ |
2 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ajax_loader.gif
scribble.dvrlists.com/wells/email_files/ |
30 KB 30 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
temporarily_unavailable.html
static.wellsfargo.com/accounts/static/webassets/unavailable/ Redirect Chain
|
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headersRedirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ajax_loader.gif
scribble.dvrlists.com/oamo/images/ |
315 B 315 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Wells Fargo (Banking)20 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler function| $ function| jQuery string| contextPath object| Utils function| UAParser function| FastClick boolean| deviceIsAndroid boolean| deviceIsIOS boolean| deviceIsIOS4 boolean| deviceIsIOSWithBadTarget boolean| deviceIsBlackBerry10 function| isMobile object| usernameAlt undefined| MobileEnroll object| respond object| BrowserDetect0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
oam.wellsfargo.com
scribble.dvrlists.com
static.wellsfargo.com
159.45.2.178
159.45.2.180
162.241.121.114
0186ed0d7a00f1e88d588f1a0ba30857e566e88738ff60b5772e941b0c20cf0a
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
3e923a19ba829ca4c6c2fd5b13c460752ee3488b0ee3a797d4704c4d68f68fdf
5542852e0b171ad573f4640459e924a463d1b33bb432c5f19ea74dff8053ed60
82069c15edd6943dfaa59f5ac3f6acc86fd44a28fe925e410ccdcadec194a8ba
8a46f7e1801bbc650201f5fd410d1854ff5e62c284414de48d418bed2f33fc8a
9ba7016051c96e9157969e8eb0aff2fdef294e347e1994a10c51d006662b79d4
d37bd2b0d972b4d93225150196da6b4b0ba8d1daf224b54ccec32ad5632f5a3f
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
dd3ba9c9d1444100effa564a1eb9eb0ea1c0afb7145407bdfa659023396b7342
dd4c639d4c2d3ce8b5fe3243f02175db5b299fc122b6086b9e03466fc83b45f8
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e664ed48f9defb9d9077aecb84171dcaf41f91db459011b70e2e4bbf3a689a5d
ed4780490f5de158b0733c83ee137bc925a28a86a9e88539f0571a843811b2cb
edc5ee3b590dae17b0eb19063c34680c15ee144d13583d006e6a7976b69cd2db
efd2f4f35eba14f0804f1e02958f8dd59159e0f99f74ed732e738aa1e00c1de3
f1992022c099c3175f55eda1eff4f8b44ef56a29775a264b8b934d2e3bce48b7