amvsro.ro
Open in
urlscan Pro
195.242.88.149
Malicious Activity!
Public Scan
Submitted URL: https://amvsro.ro/wellsps/
Effective URL: https://amvsro.ro/wellsps/73d23aa8acdef781cc48526081936f71/
Submission: On October 11 via manual from RO — Scanned from DE
Effective URL: https://amvsro.ro/wellsps/73d23aa8acdef781cc48526081936f71/
Submission: On October 11 via manual from RO — Scanned from DE
Summary
This website contacted 2 IPs
in 2 countries
across 2 domains to perform 27 HTTP transactions.
The main IP is 195.242.88.149, located in
Romania and
belongs to KFNET, RO.
The main domain is amvsro.ro.
TLS certificate: Issued by cPanel, Inc. Certification Authority on August 26th 2022. Valid for: 3 months.
This is the only time amvsro.ro was scanned on urlscan.io!
TLS certificate: Issued by cPanel, Inc. Certification Authority on August 26th 2022. Valid for: 3 months.
This is the only time amvsro.ro was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Wells Fargo (Banking)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 2 21 | 195.242.88.149 195.242.88.149 | 34301 (KFNET) (KFNET) | |
| 8 | 23.205.244.224 23.205.244.224 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
| 27 | 2 |
8
23.205.244.224
(Frankfurt am Main, Germany)
ASN16625 (AKAMAI-AS, US)
PTR: a23-205-244-224.deploy.static.akamaitechnologies.com
ASN16625 (AKAMAI-AS, US)
PTR: a23-205-244-224.deploy.static.akamaitechnologies.com
| www17.wellsfargomedia.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 21 |
amvsro.ro
2 redirects
amvsro.ro |
497 KB |
| 8 |
wellsfargomedia.com
www17.wellsfargomedia.com — Cisco Umbrella Rank: 33777 |
195 KB |
| 27 | 2 |
| Domain | Requested by | |
|---|---|---|
| 21 | amvsro.ro |
2 redirects
amvsro.ro
|
| 8 | www17.wellsfargomedia.com |
amvsro.ro
|
| 27 | 2 |
This site contains links to these domains. Also see Links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| amvsro.ro cPanel, Inc. Certification Authority |
2022-08-26 - 2022-11-24 |
3 months | crt.sh |
| www17.wellsfargomedia.com DigiCert TLS RSA SHA256 2020 CA1 |
2022-06-09 - 2023-06-11 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://amvsro.ro/wellsps/73d23aa8acdef781cc48526081936f71/
Frame ID: 0D2673E114D48662D7429FA22A6C31E5
Requests: 27 HTTP requests in this frame
Screenshot
Page Title
Wells Fargo Bank | Financial Services & Online BankingPage URL History Show full URLs
-
https://amvsro.ro/wellsps/
HTTP 302
https://amvsro.ro/wellsps/73d23aa8acdef781cc48526081936f71 HTTP 301
https://amvsro.ro/wellsps/73d23aa8acdef781cc48526081936f71/ Page URL
Page Statistics
26 Outgoing links
These are links going to different origins than the main page.
URL: https://appointments.wellsfargo.com/maa/appointment/topic/
Title: Make an appointment
Title: Make an appointment
Search URL Search Domain Scan URL
URL: https://creditcards.wellsfargo.com/?sub_channel=WEB&vendor_code=WF&linkloc=fn/
Title: View all credit cards
Title: View all credit cards
Search URL Search Domain Scan URL
URL: https://creditcards.wellsfargo.com/active-cash-credit-card/
Title: Wells Fargo Active CashSM Card Unlimited 2% cash rewards on purchases
Title: Wells Fargo Active CashSM Card Unlimited 2% cash rewards on purchases
Search URL Search Domain Scan URL
URL: https://creditcards.wellsfargo.com/reflect-visa-credit-card/
Title: Wells Fargo ReflectSM Card Enjoy our lowest intro APR
Title: Wells Fargo ReflectSM Card Enjoy our lowest intro APR
Search URL Search Domain Scan URL
URL: https://creditcards.wellsfargo.com/hotels-com-card/
Title: Hotels.com® Rewards Visa® Credit Card Get closer to unlocking your next escape
Title: Hotels.com® Rewards Visa® Credit Card Get closer to unlocking your next escape
Search URL Search Domain Scan URL
URL: https://confirmcard.wellsfargo.com/
Title: Confirm credit card
Title: Confirm credit card
Search URL Search Domain Scan URL
URL: https://icomplete.wellsfargo.com/oas/status/personal-loans-rate-checker/getting-started/
Title: See your loan options
Title: See your loan options
Search URL Search Domain Scan URL
URL: https://connect.secure.wellsfargo.com/auth/login/present?origin=cob&LOB=CONS
Title: Current Auto Loan Customers Sign in to make payments, view statements, set up alerts, and more
Title: Current Auto Loan Customers Sign in to make payments, view statements, set up alerts, and more
Search URL Search Domain Scan URL
URL: https://learnmore.wf.com/EV/
Title: Learn about electric vehicles
Title: Learn about electric vehicles
Search URL Search Domain Scan URL
URL: https://lifescapes.wellsfargoadvisors.com/podcast-seasons/
Title: About Money podcast
Title: About Money podcast
Search URL Search Domain Scan URL
URL: https://www.wellsfargoadvisors.com/intuitive-investor/sign-on.htm?cid=WF1800032820&excid=WF1800032820
Title: Open an automated investing account
Title: Open an automated investing account
Search URL Search Domain Scan URL
URL: https://lifescapes.wellsfargoadvisors.com/
Title: Lifescapes magazine
Title: Lifescapes magazine
Search URL Search Domain Scan URL
URL: https://creditcards.wellsfargo.com/
Title: Credit Cards
Title: Credit Cards
Search URL Search Domain Scan URL
URL: https://creditcards.wellsfargo.com/?sub_channel=WEB&vendor_code=IA&lang=en&product_code=CC&SubProduct_Code=MC&placement_id=C_CCD_WWW_MC_NA_ACQ_HPP_STATIC_EN_HTT_DT_BANNER_TK1&offerid=C_ccd_findcreditcardrspv_smlprimary%20&slotid=WF_CON_HP_SML_PRIMARY&linkloc=HP&OfferType=TK1
Title: Find a credit card Learn more
Title: Find a credit card Learn more
Search URL Search Domain Scan URL
URL: https://creditcards.wellsfargo.com/?sub_channel=WEB&vendor_code=IA&lang=en&product_code=CC&SubProduct_Code=MC&placement_id=C_CCD_WWW_MC_NA_ACQ_HPP_STATIC_EN_HTT_DT_BANNER_TK1&offerid=C_ccd_findcreditcardrspvdefault_smlprimary%20&slotid=WF_CON_HP_SML_PRIMARY&linkloc=HP&OfferType=TK1
Title: Find a credit card Learn more
Title: Find a credit card Learn more
Search URL Search Domain Scan URL
URL: https://welcome.wf.com/keepmoving/?focus=down&target=onus&refloc=wellsfargo.com-HPM-buying_house&dm=DMIWE7AWHM
Title: Get started
Title: Get started
Search URL Search Domain Scan URL
URL: https://apps.apple.com/us/app/wells-fargo-mobile/id311548709
Title: Continue
Title: Continue
Search URL Search Domain Scan URL
URL: https://play.google.com/store/apps/details?id=com.wf.wellsfargomobile
Title: Continue
Title: Continue
Search URL Search Domain Scan URL
URL: https://stories.wf.com/?cid=vty
Title: Wells Fargo Stories
Title: Wells Fargo Stories
Search URL Search Domain Scan URL
URL: https://www.facebook.com/wellsfargo/
Title: Continue
Title: Continue
Search URL Search Domain Scan URL
URL: https://www.linkedin.com/company/wellsfargo/
Title: Continue
Title: Continue
Search URL Search Domain Scan URL
URL: https://www.instagram.com/wellsfargo/
Title: Continue
Title: Continue
Search URL Search Domain Scan URL
URL: https://www.pinterest.com/wellsfargo/
Title: Continue
Title: Continue
Search URL Search Domain Scan URL
URL: https://www.youtube.com/user/wellsfargo/
Title: Continue
Title: Continue
Search URL Search Domain Scan URL
URL: https://www.twitter.com/wellsfargo/
Title: Continue
Title: Continue
Search URL Search Domain Scan URL
URL: https://www.sipc.org/
Title: Continue
Title: Continue
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://amvsro.ro/wellsps/
HTTP 302
https://amvsro.ro/wellsps/73d23aa8acdef781cc48526081936f71 HTTP 301
https://amvsro.ro/wellsps/73d23aa8acdef781cc48526081936f71/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
27 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
Primary Request
/
amvsro.ro/wellsps/73d23aa8acdef781cc48526081936f71/ Redirect Chain
|
96 KB 96 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
ps-homepage.css
amvsro.ro/wellsps/73d23aa8acdef781cc48526081936f71/docs/ |
124 KB 124 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
wf_logo_220x23.png
amvsro.ro/wellsps/73d23aa8acdef781cc48526081936f71/docs/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
WF_ActiveCash_Collateral_Front_RGB_Flag_080521.png
amvsro.ro/wellsps/73d23aa8acdef781cc48526081936f71/docs/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
WF_Reflect_Collateral_Front_RGB_Flag_080221.png
amvsro.ro/wellsps/73d23aa8acdef781cc48526081936f71/docs/ |
946 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Hotesl_com_Rewards_Collateral_Front_RGB.png
amvsro.ro/wellsps/73d23aa8acdef781cc48526081936f71/docs/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
loading.gif
amvsro.ro/wellsps/73d23aa8acdef781cc48526081936f71/docs/ |
11 KB 11 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
wfi_ph_b_mv_0723_3954_b_1700x700.jpg
amvsro.ro/wellsps/73d23aa8acdef781cc48526081936f71/docs/ |
43 KB 43 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
wfi000_ic_b-wf_icon_ui_card_gradient_64x64.png
amvsro.ro/wellsps/73d23aa8acdef781cc48526081936f71/docs/ |
562 B 790 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
wfi000_ic_b-wf_icon_house_gradient_64x64.png
amvsro.ro/wellsps/73d23aa8acdef781cc48526081936f71/docs/ |
1004 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
first_time_experience-account_summary.png
amvsro.ro/wellsps/73d23aa8acdef781cc48526081936f71/docs/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
wfi_ph_g_1199830824_1600x700.jpg
amvsro.ro/wellsps/73d23aa8acdef781cc48526081936f71/docs/ |
50 KB 51 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
man_on_phone_working_616x353.jpg
amvsro.ro/wellsps/73d23aa8acdef781cc48526081936f71/docs/ |
27 KB 27 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
couple_consulting_616x353.jpg
amvsro.ro/wellsps/73d23aa8acdef781cc48526081936f71/docs/ |
15 KB 15 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
woman_phone_street_616x353.jpg
amvsro.ro/wellsps/73d23aa8acdef781cc48526081936f71/docs/ |
37 KB 37 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
personal_small_biz_native_app_balloons.jpg
amvsro.ro/wellsps/73d23aa8acdef781cc48526081936f71/docs/ |
6 KB 7 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Navtive_App_Phone_Personal.png
amvsro.ro/wellsps/73d23aa8acdef781cc48526081936f71/docs/ |
15 KB 15 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
volunteers_cars_616x353.jpg
amvsro.ro/wellsps/73d23aa8acdef781cc48526081936f71/docs/ |
29 KB 29 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
woman_in_office_616x353.jpg
amvsro.ro/wellsps/73d23aa8acdef781cc48526081936f71/docs/ |
31 KB 31 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
responsive-sprite-v1.png
www17.wellsfargomedia.com/assets/images/sprite/ |
99 KB 100 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
wellsfargosans-rg.woff2
www17.wellsfargomedia.com/assets/fonts/ |
22 KB 22 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
wellsfargosans-sbd.woff2
www17.wellsfargomedia.com/assets/fonts/ |
22 KB 22 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
wellsfargosans-bd.woff2
www17.wellsfargomedia.com/assets/fonts/ |
22 KB 22 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
wellsfargosans-lt.woff2
www17.wellsfargomedia.com/assets/fonts/ |
21 KB 21 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
position-1-bg-gradient.png
www17.wellsfargomedia.com/assets/images/homepage/ |
2 KB 2 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
position-2-bg-gradient.png
www17.wellsfargomedia.com/assets/images/homepage/ |
2 KB 2 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
position-3-bg-gradient.png
www17.wellsfargomedia.com/assets/images/homepage/ |
2 KB 2 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Wells Fargo (Banking)9 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| amvsro.ro/ | Name: PHPSESSID Value: r9vfhsrhio1iaf3e3cklatmj21 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
amvsro.ro
www17.wellsfargomedia.com
195.242.88.149
23.205.244.224
0d7727e08780a04f9c86fca16ed264664eea2b161744cfb70836880bf04fc1ac
10c22e3b130204065c1a61e7995a9defe21f0408801e8b442035a03f8d16ad64
200ddc6302725381b0c7fbbbdb64433e6791dc8202e7d193d63c4324bf1f6873
353a26fcba41b08c62531bc66778f21c2e4960b5c5bc579704a1852c14698505
43c8519af2d895bb25d7f0aad6b5cd1f48576c8950111f34d4270ee79599188f
50ce7b0d954443e5fd62e3cd003bc7124bda0b30dd58d6a66485c72be96959c0
53762f78b3d8d7dffc2e4387a438f7f8f00a32dfcf3625e7b1ae27e450c83cb2
54264d71e311145234fec5c3cb4c16c1a6175468e47b736faf907c45196ad83e
56b3e240b40cfcdf91da5d87f90aa4741f6f70e720a6763bc001d793fcb3d122
631f3b6267a831a8d67c45e480b5d5a2601f10ff8708bcf3a45a41b377a129cc
63673faef8532b2789dee1ac7534f87b1a6a249590acc7da8644beda141794fc
659ec8c02bafa9c286c39731fb1d2d382a7a8dd2ee8cc4132146558dbe27b6a8
6bc7e16d4b6822a6867d7dd9f9d29f5fd77cd803750b0fe38a92309d9eb00704
6d1706754008c9678989c935b512d5a8493c60e434b7a4cbbfee13b266951348
7636534f520bd4e393d4f0f4779d7bb78f10d4bb340a35be5434198a1ad94985
847d9fd6711c60d9fd581952c210c608b072dd6ee265a09ff6e2c811a2f5bc1a
8e16030cdf2d91809d0540f79aa3a3be4b83e4a9bf13bd91def3962f1484406f
922f8bac0ca83a00db37ecd136c4c24aca250b6a0451cab38854aa94475d6ae6
9bd4d77dfdadd6574d42e469c1968fffce0422134f4487f1d785367752743f96
a1be687fbf85cbaa58022c6c60d666602ab0234da2679da270d0b43bdc67fbb8
a5bcbe6002a1fbae84d43160b1f45c3686d5c35e7fda458e9f4b3fd2dacfe3e5
ab9d8c97b35ed86b6224aca911aa304a0d7dbcbd28e00a4c6585b96e28ed30ba
d605af4f7b02c347ef005d929e84903ea94596d6d0d4575e050216e870000e4e
d7651b47c8d449b7311d15e9625df3514e7c0278ff059392189e608b5a9113a1
ea103ea932d2ebdd8e57887e4beabb394c21b6f260f49adfa8be4772cb61faec
ecfea4fcc40f95576acdf90df879a5bed9a1c481a69c127d940c616e5332cc98
fbd50ac361a86001070beba410fb9b7bdbcbea3a159061eb69308cb6e430ed0d