![](/screenshots/701a81cb-bf8e-4e85-b7dc-4a7102ca832b.png)
anvicenter.ro
Open in
urlscan Pro
109.99.162.15
Malicious Activity!
Public Scan
Effective URL: https://anvicenter.ro/book/wells/login?wells_id=ffdbd37efc4c4bcaf447f4ca3&country=Germany&iso=DE
Submission: On September 16 via manual from RO — Scanned from DE
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on September 8th 2021. Valid for: 3 months.
This is the only time anvicenter.ro was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Wells Fargo (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 18 | 109.99.162.15 109.99.162.15 | 9050 (RTD Bucha...) (RTD Bucharest) | |
1 | 2a00:1450:400... 2a00:1450:4001:827::200a | 15169 (GOOGLE) (GOOGLE) | |
2 | 2606:4700::68... 2606:4700::6810:135e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
19 | 3 |
ASN9050 (RTD Bucharest, Romania, RO)
PTR: cpanel5.romtelecom.net
anvicenter.ro |
Apex Domain Subdomains |
Transfer | |
---|---|---|
18 |
anvicenter.ro
2 redirects
anvicenter.ro |
211 KB |
2 |
cloudflare.com
cdnjs.cloudflare.com |
10 KB |
1 |
googleapis.com
ajax.googleapis.com |
31 KB |
19 | 3 |
Domain | Requested by | |
---|---|---|
18 | anvicenter.ro |
2 redirects
anvicenter.ro
|
2 | cdnjs.cloudflare.com |
anvicenter.ro
cdnjs.cloudflare.com |
1 | ajax.googleapis.com |
anvicenter.ro
|
19 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
anvicenter.ro cPanel, Inc. Certification Authority |
2021-09-08 - 2021-12-07 |
3 months | crt.sh |
upload.video.google.com GTS CA 1O1 |
2021-08-30 - 2021-11-22 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2020-10-21 - 2021-10-20 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://anvicenter.ro/book/wells/login?wells_id=ffdbd37efc4c4bcaf447f4ca3&country=Germany&iso=DE
Frame ID: 0AC6EF1CD826016F12DDA709A7791197
Requests: 19 HTTP requests in this frame
Screenshot
![](/screenshots/701a81cb-bf8e-4e85-b7dc-4a7102ca832b.png)
Page Title
Sign On to View Your Personal Accounts | Wells FargoPage URL History Show full URLs
-
https://anvicenter.ro/book/wells/loginmobile?country=United+States&iso=US&wells_id=956225db5b50bc3...
HTTP 302
https://anvicenter.ro/book/wells/index HTTP 302
https://anvicenter.ro/book/wells/login?wells_id=ffdbd37efc4c4bcaf447f4ca3&country=Germany&iso=DE Page URL
Detected technologies
Detected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://anvicenter.ro/book/wells/loginmobile?country=United+States&iso=US&wells_id=956225db5b50bc3305f407b29
HTTP 302
https://anvicenter.ro/book/wells/index HTTP 302
https://anvicenter.ro/book/wells/login?wells_id=ffdbd37efc4c4bcaf447f4ca3&country=Germany&iso=DE Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
19 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
login
anvicenter.ro/book/wells/ Redirect Chain
|
9 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
global.css
anvicenter.ro/book/wells/Spox/Files/css/ |
16 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
enhanced-header.css
anvicenter.ro/book/wells/Spox/Files/css/ |
4 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
content.css
anvicenter.ro/book/wells/Spox/Files/css/ |
1 KB 1011 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wf.css
anvicenter.ro/book/wells/Spox/Files/css/ |
199 B 580 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
enhanced-footer.css
anvicenter.ro/book/wells/Spox/Files/css/ |
3 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
tccc.svg
anvicenter.ro/book/wells/Spox/Files/img/ |
6 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ba7t.svg
anvicenter.ro/book/wells/Spox/Files/img/ |
2 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
WF_stagecoach_rgb_ylw_F1.svg
anvicenter.ro/book/wells/Spox/Files/img/ |
226 KB 165 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
alert_login.png
anvicenter.ro/book/wells/Spox/Files/img/ |
330 B 728 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
down.png
anvicenter.ro/book/wells/Spox/Files/img/ |
467 B 865 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
closex.png
anvicenter.ro/book/wells/Spox/Files/img/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
save.png
anvicenter.ro/book/wells/Spox/Files/img/ |
889 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
go.png
anvicenter.ro/book/wells/Spox/Files/img/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.4.1/ |
86 KB 31 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.form-validator.min.js
cdnjs.cloudflare.com/ajax/libs/jquery-form-validator/2.3.26/ |
29 KB 9 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
toggleDisabled.js
cdnjs.cloudflare.com/ajax/libs/jquery-form-validator/2.3.26/ |
1 KB 949 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
WellsFargoSans_W_Rg.woff2
anvicenter.ro/book/wells/Spox/Files/css/ |
22 KB 22 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
er1.png
anvicenter.ro/book/wells/Spox/Files/img/ |
839 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Wells Fargo (Banking)4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect boolean| originAgentCluster function| $ function| jQuery1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
anvicenter.ro/ | Name: PHPSESSID Value: 0f85306f09a919ff9b96dce4ab3da346 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
anvicenter.ro
cdnjs.cloudflare.com
109.99.162.15
2606:4700::6810:135e
2a00:1450:4001:827::200a
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
256a06c938ecc394af763d147219fa14033d3528b1ed9da5f1e2f2ddbc8d2b08
4cc21ce71aaefb6a012cb4647e61c86298d8a0d60f62818ab14d7bdad24aa0df
5145f5faf6c1269bdd974357ed344b9cd5f4e4cea424c14dd302a9c11a206741
51adbf5bc6f1f859b465cdba71920ad306f53c1898dcf4a5c53e174942cac4c0
5b38f2f8c09ad0b050e4ec97524f3eb95b8c1fa2cf1b5a922eb4172608e4afc1
96205749f37d9000d1d06e229392940562cde4f22f3af95400df7ccdf383c819
9843ab395fb4cf414353b03927156a9d38c3cc3157469afd9ee97f2058445e39
9cab43a77ff1f4e55574c4718e3c186d9254bb26d48f49d88d19b4bd7882caf3
b319b049366dde73690990738ac5af4fb9937d18abac85b01aaff185b5262868
b99dead0deb91299630edd2fdc72855aac3836ea262473d47348e218a7744264
d38a22066082294d424f40db61eb42114dcf8d84b7ecd87ed460c3b8cf8c8a7f
d8401dffb0fbd458ce8332222f9a1d3431bcba86f9401debf60e7783242d4150
deb53a41129bb6d1f55e7c0fa8f624d7fef0837822b0c0e3ead659100ae7fee2
df500743bbedcef7623fdf2ef0c05ca411437c6216674271f4cc8b32f910f96d
ecf9cc76cd1cf5e206fd8407e7db65807bb6ddeec390d0bb9f2f8277cda91f61
f1264020dbe3f8813dceb1e15a7d5f4a48f2142e413cb310e7a256f4999d949a
f7899cfdbc342decc4aeb0bae9ada39bfaa8ae3c687fc72119fca2efdf77dff2
f8cb039a63b11f207edf324bbfdabbbfaa2d421729785dca77020490c293185e