URL: http://201.131.38.208/wfidrecov/Pers02.html
Submission Tags: @ipnigh
Submission: On April 22 via api from GB

Summary

This website contacted 3 IPs in 2 countries across 1 domains to perform 9 HTTP transactions. The main IP is 201.131.38.208, located in Chile and belongs to INTESIS CHILE S.A, CL. The main domain is 201.131.38.208.
This is the only time 201.131.38.208 was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Wells Fargo (Banking)

Domain & IP information

IP Address AS Autonomous System
7 201.131.38.208 263688 (INTESIS C...)
2 2.17.180.241 16625 (AKAMAI-AS)
9 3
Apex Domain
Subdomains
Transfer
2 wellsfargomedia.com
www15.wellsfargomedia.com
45 KB
9 1
Domain Requested by
2 www15.wellsfargomedia.com 201.131.38.208
9 1

This site contains no links.

Subject Issuer Validity Valid
www15.wellsfargomedia.com
DigiCert SHA2 Secure Server CA
2019-12-31 -
2021-03-31
a year crt.sh

This page contains 1 frames:

Primary Page: http://201.131.38.208/wfidrecov/Pers02.html
Frame ID: E19F744765D45007833E883ED84051B7
Requests: 15 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /php\/?([\d.]+)?/i

Overall confidence: 100%
Detected patterns
  • headers server /CentOS/i

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

9
Requests

22 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

3
IPs

2
Countries

405 kB
Transfer

414 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request Pers02.html
201.131.38.208/wfidrecov/
100 KB
100 KB
Document
General
Full URL
http://201.131.38.208/wfidrecov/Pers02.html
Protocol
HTTP/1.1
Server
201.131.38.208 , Chile, ASN263688 (INTESIS CHILE S.A, CL),
Reverse DNS
Software
Apache/2.4.6 (CentOS) PHP/7.2.19 /
Resource Hash
7f5cb6d1e2c619a5e493326f8a9f4a3bddf86236f521af7ccf147f6de974b8f1

Request headers

Host
201.131.38.208
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 22 Apr 2020 13:01:31 GMT
Server
Apache/2.4.6 (CentOS) PHP/7.2.19
Last-Modified
Fri, 15 Nov 2019 08:18:56 GMT
ETag
"19021-5975e3fc918b7"
Accept-Ranges
bytes
Content-Length
102433
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8
global.css
201.131.38.208/wfidrecov/Pers02_files/
20 KB
20 KB
Stylesheet
General
Full URL
http://201.131.38.208/wfidrecov/Pers02_files/global.css
Requested by
Host: 201.131.38.208
URL: http://201.131.38.208/wfidrecov/Pers02.html
Protocol
HTTP/1.1
Server
201.131.38.208 , Chile, ASN263688 (INTESIS CHILE S.A, CL),
Reverse DNS
Software
Apache/2.4.6 (CentOS) PHP/7.2.19 /
Resource Hash
ab78c44d5e86c6f0937d203066ebcadbf50c8d63407564a151bdd03701f40a70

Request headers

Referer
http://201.131.38.208/wfidrecov/Pers02.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 22 Apr 2020 13:01:32 GMT
Last-Modified
Wed, 02 Oct 2019 10:16:14 GMT
Server
Apache/2.4.6 (CentOS) PHP/7.2.19
ETag
"4f7f-593eac23d9780"
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
20351
enhanced-header.css
201.131.38.208/wfidrecov/Pers02_files/
4 KB
4 KB
Stylesheet
General
Full URL
http://201.131.38.208/wfidrecov/Pers02_files/enhanced-header.css
Requested by
Host: 201.131.38.208
URL: http://201.131.38.208/wfidrecov/Pers02.html
Protocol
HTTP/1.1
Server
201.131.38.208 , Chile, ASN263688 (INTESIS CHILE S.A, CL),
Reverse DNS
Software
Apache/2.4.6 (CentOS) PHP/7.2.19 /
Resource Hash
270c3bd11f410f97885f7ebb20082b425d3698fde13e658597edf701ab08d19a

Request headers

Referer
http://201.131.38.208/wfidrecov/Pers02.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 22 Apr 2020 13:01:32 GMT
Last-Modified
Wed, 02 Oct 2019 10:16:10 GMT
Server
Apache/2.4.6 (CentOS) PHP/7.2.19
ETag
"e7a-593eac2008e80"
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
3706
content.css
201.131.38.208/wfidrecov/Pers02_files/
1 KB
2 KB
Stylesheet
General
Full URL
http://201.131.38.208/wfidrecov/Pers02_files/content.css
Requested by
Host: 201.131.38.208
URL: http://201.131.38.208/wfidrecov/Pers02.html
Protocol
HTTP/1.1
Server
201.131.38.208 , Chile, ASN263688 (INTESIS CHILE S.A, CL),
Reverse DNS
Software
Apache/2.4.6 (CentOS) PHP/7.2.19 /
Resource Hash
dd23185a1a026fbd41ab27bf91feb741ed0494a0b56e18a9773d988ec34c6436

Request headers

Referer
http://201.131.38.208/wfidrecov/Pers02.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 22 Apr 2020 13:01:33 GMT
Last-Modified
Wed, 02 Oct 2019 10:15:56 GMT
Server
Apache/2.4.6 (CentOS) PHP/7.2.19
ETag
"597-593eac12aef00"
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
1431
wf-fonts.css
201.131.38.208/wfidrecov/Pers02_files/
4 KB
4 KB
Stylesheet
General
Full URL
http://201.131.38.208/wfidrecov/Pers02_files/wf-fonts.css
Requested by
Host: 201.131.38.208
URL: http://201.131.38.208/wfidrecov/Pers02.html
Protocol
HTTP/1.1
Server
201.131.38.208 , Chile, ASN263688 (INTESIS CHILE S.A, CL),
Reverse DNS
Software
Apache/2.4.6 (CentOS) PHP/7.2.19 /
Resource Hash
0bcc884da9ce927882f81a43c48840ab2a22a63e5c6600033cf2b20aa9b93c4c

Request headers

Referer
http://201.131.38.208/wfidrecov/Pers02.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 22 Apr 2020 13:01:32 GMT
Last-Modified
Wed, 02 Oct 2019 10:16:24 GMT
Server
Apache/2.4.6 (CentOS) PHP/7.2.19
ETag
"ede-593eac2d62e00"
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
3806
enhanced-footer.css
201.131.38.208/wfidrecov/Pers02_files/
3 KB
3 KB
Stylesheet
General
Full URL
http://201.131.38.208/wfidrecov/Pers02_files/enhanced-footer.css
Requested by
Host: 201.131.38.208
URL: http://201.131.38.208/wfidrecov/Pers02.html
Protocol
HTTP/1.1
Server
201.131.38.208 , Chile, ASN263688 (INTESIS CHILE S.A, CL),
Reverse DNS
Software
Apache/2.4.6 (CentOS) PHP/7.2.19 /
Resource Hash
e4080ef4fd7a537d29e70470e58b4ee2456f7a62636a9253997a01fce3f65ee1

Request headers

Referer
http://201.131.38.208/wfidrecov/Pers02.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 22 Apr 2020 13:01:32 GMT
Last-Modified
Wed, 02 Oct 2019 10:16:04 GMT
Server
Apache/2.4.6 (CentOS) PHP/7.2.19
ETag
"be1-593eac1a50100"
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
3041
truncated
/
6 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f8cb039a63b11f207edf324bbfdabbbfaa2d421729785dca77020490c293185e

Request headers

Referer
http://201.131.38.208/wfidrecov/Pers02.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
2 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d8401dffb0fbd458ce8332222f9a1d3431bcba86f9401debf60e7783242d4150

Request headers

Referer
http://201.131.38.208/wfidrecov/Pers02.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/svg+xml
WF_stagecoach_rgb_ylw_F1.svg
201.131.38.208/wfidrecov/Pers02_files/
226 KB
227 KB
Image
General
Full URL
http://201.131.38.208/wfidrecov/Pers02_files/WF_stagecoach_rgb_ylw_F1.svg
Requested by
Host: 201.131.38.208
URL: http://201.131.38.208/wfidrecov/Pers02.html
Protocol
HTTP/1.1
Server
201.131.38.208 , Chile, ASN263688 (INTESIS CHILE S.A, CL),
Reverse DNS
Software
Apache/2.4.6 (CentOS) PHP/7.2.19 /
Resource Hash
9843ab395fb4cf414353b03927156a9d38c3cc3157469afd9ee97f2058445e39

Request headers

Referer
http://201.131.38.208/wfidrecov/Pers02.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 22 Apr 2020 13:01:32 GMT
Last-Modified
Wed, 02 Oct 2019 10:15:50 GMT
Server
Apache/2.4.6 (CentOS) PHP/7.2.19
ETag
"389b9-593eac0cf6180"
Content-Type
image/svg+xml
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
231865
truncated
/
467 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5145f5faf6c1269bdd974357ed344b9cd5f4e4cea424c14dd302a9c11a206741

Request headers

Referer
http://201.131.38.208/wfidrecov/Pers02.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
2 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b319b049366dde73690990738ac5af4fb9937d18abac85b01aaff185b5262868

Request headers

Referer
http://201.131.38.208/wfidrecov/Pers02.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
1 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
df500743bbedcef7623fdf2ef0c05ca411437c6216674271f4cc8b32f910f96d

Request headers

Referer
http://201.131.38.208/wfidrecov/Pers02.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
wellsfargosans-rg.woff2
www15.wellsfargomedia.com/wfui/css/fonts/
22 KB
22 KB
Font
General
Full URL
https://www15.wellsfargomedia.com/wfui/css/fonts/wellsfargosans-rg.woff2
Requested by
Host: 201.131.38.208
URL: http://201.131.38.208/wfidrecov/Pers02.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.17.180.241 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-17-180-241.deploy.static.akamaitechnologies.com
Software
KONICHIWA/2.0 /
Resource Hash
631f3b6267a831a8d67c45e480b5d5a2601f10ff8708bcf3a45a41b377a129cc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
http://201.131.38.208/wfidrecov/Pers02_files/wf-fonts.css
Origin
http://201.131.38.208

Response headers

Strict-Transport-Security
max-age=31536000; includeSubdomains;
X-Content-Type-Options
nosniff
Last-Modified
Tue, 26 Feb 2019 19:38:34 GMT
Server
KONICHIWA/2.0
ETag
"5798-582d133e56280"
X-Frame-Options
SAMEORIGIN
Content-Type
font/woff2
Access-Control-Allow-Origin
*
Cache-Control
max-age=31536000
Date
Wed, 22 Apr 2020 13:01:34 GMT
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
22424
X-XSS-Protection
1; mode=block
Expires
Thu, 22 Apr 2021 13:01:34 GMT
truncated
/
839 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b99dead0deb91299630edd2fdc72855aac3836ea262473d47348e218a7744264

Request headers

Referer
http://201.131.38.208/wfidrecov/Pers02_files/global.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
wellsfargosans-sbd.woff2
www15.wellsfargomedia.com/wfui/css/fonts/
22 KB
23 KB
Font
General
Full URL
https://www15.wellsfargomedia.com/wfui/css/fonts/wellsfargosans-sbd.woff2
Requested by
Host: 201.131.38.208
URL: http://201.131.38.208/wfidrecov/Pers02.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.17.180.241 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-17-180-241.deploy.static.akamaitechnologies.com
Software
KONICHIWA/2.0 /
Resource Hash
ab9d8c97b35ed86b6224aca911aa304a0d7dbcbd28e00a4c6585b96e28ed30ba
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
http://201.131.38.208/wfidrecov/Pers02_files/wf-fonts.css
Origin
http://201.131.38.208

Response headers

Strict-Transport-Security
max-age=31536000; includeSubdomains;
X-Content-Type-Options
nosniff
Last-Modified
Tue, 26 Feb 2019 19:38:34 GMT
Server
KONICHIWA/2.0
ETag
"5848-582d133e56280"
X-Frame-Options
SAMEORIGIN
Content-Type
font/woff2
Access-Control-Allow-Origin
*
Cache-Control
max-age=31536000
Date
Wed, 22 Apr 2020 13:01:34 GMT
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
22600
X-XSS-Protection
1; mode=block
Expires
Thu, 22 Apr 2021 13:01:34 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Wells Fargo (Banking)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate

0 Cookies