ilcavo.ro - urlscan.io

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 1 HTTP transactions. The main IP is 86.35.1.13, located in Romania and belongs to RTD Bucharest, Romania, RO. The main domain is ilcavo.ro.
TLS certificate: Issued by cPanel, Inc. Certification Authority on August 30th 2021. Valid for: 3 months.

This is the only time ilcavo.ro was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Posten Norge (Transportation)

Domain & IP information

	IP Address		AS Autonomous System
1	86.35.1.13 86.35.1.13		9050 (RTD Bucha...) (RTD Bucharest)
1	2

1 86.35.1.13 (Romania)

ASN9050 (RTD Bucharest, Romania, RO)
PTR: cpanel3.romtelecom.net

ilcavo.ro	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
1	ilcavo.ro ilcavo.ro	387 KB
1	1

	Domain	Requested by
1	ilcavo.ro
1	1

This site contains links to these domains. Also see Links.

Domain
epayment.nets.eu

Subject Issuer	Validity	Valid
ilcavo.ro cPanel, Inc. Certification Authority	`2021-08-30` - `2021-11-28`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://ilcavo.ro/posten/visa.html
Frame ID: FABC5724C9A288DA636EBE880E79702E
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Accept payment - Nets Netaxept

Page Statistics

1
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

404 kB
Transfer

415 kB
Size

0
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://epayment.nets.eu/Terminal/CardVerificationDetails.aspx?language=nb-NO
Title: Hva er CVV2 ?

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

1 HTTP transactions
6 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request visa.html Show response ilcavo.ro/posten/	386 KB 387 KB	4992ms 4916ms	Document text/html	86.35.1.13 RTD Bucharest
General Check archive.org Show headers Download Go to Full URL https://ilcavo.ro/posten/visa.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 86.35.1.13 , Romania, ASN9050 (RTD Bucharest, Romania, RO), Reverse DNS cpanel3.romtelecom.net Software Apache / Resource Hash `9265272c019f65ad802885044f338caf0f03bf32967e30a8d5486411f3cd8343` Request headers Host ilcavo.ro Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept-Language de-DE,de;q=0.9 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site none Sec-Fetch-Mode navigate Sec-Fetch-User ?1 Sec-Fetch-Dest document Accept-Encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept-Language de-DE,de;q=0.9 Response headers Date Wed, 13 Oct 2021 08:48:45 GMT Server Apache Last-Modified Fri, 11 Jun 2021 20:48:36 GMT Accept-Ranges bytes Content-Length 395606 Keep-Alive timeout=5, max=100 Connection Keep-Alive Content-Type text/html
GET DATA	200 OK	truncated /	3 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `28f4a9b06ba3b680c761332f0cfb724f9b90a6d66b8091611363e1299b6f4923` Request headers Accept-Language de-DE,de;q=0.9 Referer https://ilcavo.ro/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	3 KB 0		Image image/gif
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `1dbe374ba9a0a6f17de1f72df450eed002f549d0d87046e6366196b596a377fc` Request headers Accept-Language de-DE,de;q=0.9 Referer https://ilcavo.ro/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Content-Type image/gif
GET DATA	200 OK	truncated /	5 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `113f9187add10b933203873cfa37fde31f849f56bc5c5d40c5e8175d4a6f6950` Request headers Accept-Language de-DE,de;q=0.9 Referer https://ilcavo.ro/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	421 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `da9a61f55fc78ff7e04887d4fabb803bc9ad65838a9ec018d5562b5bdb52789c` Request headers Accept-Language de-DE,de;q=0.9 Referer https://ilcavo.ro/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	723 B 0		Image image/gif
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `5a8f886ffb6afed6497f36d8940ab950086a2eb72fe82266f8ac96acc43a8de2` Request headers Accept-Language de-DE,de;q=0.9 Referer https://ilcavo.ro/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Content-Type image/gif
GET DATA	200 OK	truncated /	18 KB 18 KB		Font application/font-woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c` Request headers Referer Origin https://ilcavo.ro Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Content-Type application/font-woff2

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Posten Norge (Transportation)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect boolean| originAgentCluster function| savepage_ShadowLoader

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ilcavo.ro
86.35.1.13
113f9187add10b933203873cfa37fde31f849f56bc5c5d40c5e8175d4a6f6950
1dbe374ba9a0a6f17de1f72df450eed002f549d0d87046e6366196b596a377fc
28f4a9b06ba3b680c761332f0cfb724f9b90a6d66b8091611363e1299b6f4923
5a8f886ffb6afed6497f36d8940ab950086a2eb72fe82266f8ac96acc43a8de2
9265272c019f65ad802885044f338caf0f03bf32967e30a8d5486411f3cd8343
da9a61f55fc78ff7e04887d4fabb803bc9ad65838a9ec018d5562b5bdb52789c
fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c

ilcavo.ro Open in urlscan Pro 86.35.1.13 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

1 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

2 IPs

1 Countries

404 kBTransfer

415 kBSize

0 Cookies

1 Outgoing links

Redirected requests

1 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 6 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

0 Cookies

Indicators

ilcavo.ro Open in urlscan Pro
86.35.1.13 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

1
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

404 kB
Transfer

415 kB
Size

0
Cookies

1 HTTP transactions
6 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!