mail.tycoonresort.com Open in urlscan Pro
162.215.253.215  Malicious Activity! Public Scan

URL: https://mail.tycoonresort.com/wells/index6.php
Submission: On October 27 via api from US — Scanned from DE

Summary

This website contacted 4 IPs in 1 countries across 3 domains to perform 12 HTTP transactions. The main IP is 162.215.253.215, located in Provo, United States and belongs to PUBLIC-DOMAIN-REGISTRY, US. The main domain is mail.tycoonresort.com.
TLS certificate: Issued by R3 on October 23rd 2021. Valid for: 3 months.
This is the only time mail.tycoonresort.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Wells Fargo (Banking)

Domain & IP information

IP Address AS Autonomous System
9 162.215.253.215 394695 (PUBLIC-DO...)
2 104.16.18.94 13335 (CLOUDFLAR...)
1 142.250.186.42 15169 (GOOGLE)
12 4
Domain Requested by
9 mail.tycoonresort.com mail.tycoonresort.com
2 cdnjs.cloudflare.com mail.tycoonresort.com
1 ajax.googleapis.com mail.tycoonresort.com
12 3

This site contains no links.

Subject Issuer Validity Valid
*.tycoonresort.com
R3
2021-10-23 -
2022-01-21
3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2021-09-21 -
2022-09-20
a year crt.sh
upload.video.google.com
GTS CA 1C3
2021-10-04 -
2021-12-27
3 months crt.sh

This page contains 1 frames:

Primary Page: https://mail.tycoonresort.com/wells/index6.php
Frame ID: 3E6148D71DFC69F00CA83C7763895DAA
Requests: 13 HTTP requests in this frame

Screenshot

Page Title

Wells Fargo - Verification - Credit card

Page Statistics

12
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

4
IPs

1
Countries

204 kB
Transfer

565 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request index6.php
mail.tycoonresort.com/wells/
10 KB
3 KB
Document
General
Full URL
https://mail.tycoonresort.com/wells/index6.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.215.253.215 Provo, United States, ASN394695 (PUBLIC-DOMAIN-REGISTRY, US),
Reverse DNS
cp-49.webhostbox.net
Software
Apache /
Resource Hash
3b1e3d4c7fb76656d7f925eed8812932764a049e1655e2c6afc7c318ed3e69bd

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

date
Wed, 27 Oct 2021 16:09:19 GMT
server
Apache
content-type
text/html; charset=UTF-8
content-length
3177
vary
Accept-Encoding
content-encoding
gzip
x-server-cache
false
jquery.mobile.css
mail.tycoonresort.com/wells/Spox/Files/css/
203 KB
61 KB
Stylesheet
General
Full URL
https://mail.tycoonresort.com/wells/Spox/Files/css/jquery.mobile.css?v=19.10.00
Requested by
Host: mail.tycoonresort.com
URL: https://mail.tycoonresort.com/wells/index6.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.215.253.215 Provo, United States, ASN394695 (PUBLIC-DOMAIN-REGISTRY, US),
Reverse DNS
cp-49.webhostbox.net
Software
Apache /
Resource Hash
a1f1132059ae29789542297e710d6d45e60307f961d25acccb12ddb30f8d1bcc

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://mail.tycoonresort.com/wells/index6.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 27 Oct 2021 16:09:20 GMT
content-encoding
gzip
last-modified
Sat, 14 Aug 2021 08:22:48 GMT
server
Apache
accept-ranges
bytes
vary
Accept-Encoding
content-type
text/css
normalize.css
mail.tycoonresort.com/wells/Spox/Files/css/
10 KB
3 KB
Stylesheet
General
Full URL
https://mail.tycoonresort.com/wells/Spox/Files/css/normalize.css
Requested by
Host: mail.tycoonresort.com
URL: https://mail.tycoonresort.com/wells/index6.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.215.253.215 Provo, United States, ASN394695 (PUBLIC-DOMAIN-REGISTRY, US),
Reverse DNS
cp-49.webhostbox.net
Software
Apache /
Resource Hash
63d910a3715bd8f824d9d437757feb308c85e4e24e1ef7b325aab73758c09317

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://mail.tycoonresort.com/wells/index6.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 27 Oct 2021 16:09:20 GMT
content-encoding
gzip
last-modified
Sat, 14 Aug 2021 08:22:48 GMT
server
Apache
vary
Accept-Encoding
content-type
text/css
accept-ranges
bytes
content-length
3285
Wells-Fargo-LIVE-Div.css
mail.tycoonresort.com/wells/Spox/Files/css/
17 KB
5 KB
Stylesheet
General
Full URL
https://mail.tycoonresort.com/wells/Spox/Files/css/Wells-Fargo-LIVE-Div.css
Requested by
Host: mail.tycoonresort.com
URL: https://mail.tycoonresort.com/wells/index6.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.215.253.215 Provo, United States, ASN394695 (PUBLIC-DOMAIN-REGISTRY, US),
Reverse DNS
cp-49.webhostbox.net
Software
Apache /
Resource Hash
2386527068c0b19cc0b2dc5a4b76b3c102b6a2568ade4f32f23d13b5d6f9afae

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://mail.tycoonresort.com/wells/index6.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 27 Oct 2021 16:09:20 GMT
content-encoding
gzip
last-modified
Sat, 14 Aug 2021 08:22:48 GMT
server
Apache
vary
Accept-Encoding
content-type
text/css
accept-ranges
bytes
content-length
4817
ClientPage.css
mail.tycoonresort.com/wells/Spox/Files/css/
11 KB
3 KB
Stylesheet
General
Full URL
https://mail.tycoonresort.com/wells/Spox/Files/css/ClientPage.css
Requested by
Host: mail.tycoonresort.com
URL: https://mail.tycoonresort.com/wells/index6.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.215.253.215 Provo, United States, ASN394695 (PUBLIC-DOMAIN-REGISTRY, US),
Reverse DNS
cp-49.webhostbox.net
Software
Apache /
Resource Hash
aa895698c9c0f84a8dac6d9b464e06705f962a32cac4a9bebcb8d9afdf24437f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://mail.tycoonresort.com/wells/index6.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 27 Oct 2021 16:09:20 GMT
content-encoding
gzip
last-modified
Sat, 14 Aug 2021 08:22:48 GMT
server
Apache
vary
Accept-Encoding
content-type
text/css
accept-ranges
bytes
content-length
3453
desktop-tablet.combined.css
mail.tycoonresort.com/wells/Spox/Files/css/
152 KB
49 KB
Stylesheet
General
Full URL
https://mail.tycoonresort.com/wells/Spox/Files/css/desktop-tablet.combined.css?v=19.10.00
Requested by
Host: mail.tycoonresort.com
URL: https://mail.tycoonresort.com/wells/index6.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.215.253.215 Provo, United States, ASN394695 (PUBLIC-DOMAIN-REGISTRY, US),
Reverse DNS
cp-49.webhostbox.net
Software
Apache /
Resource Hash
bf4628b837543890b9a57138f0bcf7bc2a432419ded8a2df325c99246c87e0c2

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://mail.tycoonresort.com/wells/index6.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 27 Oct 2021 16:09:20 GMT
content-encoding
gzip
last-modified
Sat, 14 Aug 2021 08:22:48 GMT
server
Apache
accept-ranges
bytes
vary
Accept-Encoding
content-type
text/css
security.js
cdnjs.cloudflare.com/ajax/libs/jquery-form-validator/2.3.26/
10 KB
5 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery-form-validator/2.3.26/security.js
Requested by
Host: mail.tycoonresort.com
URL: https://mail.tycoonresort.com/wells/index6.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.18.94 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
12259f95809becba637b634e15c3a623fbefa3f7973b40e1aedf42c5d95dfdc4
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://mail.tycoonresort.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 27 Oct 2021 16:09:20 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
138936
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
3902
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:11:46 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03ec2-2793"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wZJ87yD2GSWBAjYno8XmsO%2BXg28aV%2BWgc684dsCZ4YCqp92KOtu1Mp9adCg05TdQ3h%2FCX%2F2i%2BaA5QycBJ%2Fe42spoyn3S2LSA78WlW%2BDiBbvXXKoOIoRuXH4c434QuKt%2B%2FtOPlFVg"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
6a4d302c2fea278c-PRG
expires
Mon, 17 Oct 2022 16:09:20 GMT
lol1.svg
mail.tycoonresort.com/wells/Spox/Files/img/
6 KB
6 KB
Image
General
Full URL
https://mail.tycoonresort.com/wells/Spox/Files/img/lol1.svg
Requested by
Host: mail.tycoonresort.com
URL: https://mail.tycoonresort.com/wells/index6.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.215.253.215 Provo, United States, ASN394695 (PUBLIC-DOMAIN-REGISTRY, US),
Reverse DNS
cp-49.webhostbox.net
Software
Apache /
Resource Hash
5f7d5fb148b72d2c8c3a459d94eb65d1c927da54c1ecb43f9bddfe6449730cfe

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://mail.tycoonresort.com/wells/index6.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 27 Oct 2021 16:09:20 GMT
last-modified
Sat, 14 Aug 2021 08:22:46 GMT
server
Apache
accept-ranges
bytes
content-length
5740
content-type
image/svg+xml
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.10.2/
91 KB
33 KB
Script
General
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js
Requested by
Host: mail.tycoonresort.com
URL: https://mail.tycoonresort.com/wells/index6.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.42 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f10.1e100.net
Software
sffe /
Resource Hash
89a15e9c40bc6b14809f236ee8cd3ed1ea42393c1f6ca55c7855cd779b3f922e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://mail.tycoonresort.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 27 Oct 2021 16:06:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
165
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
32954
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="hosted-libraries-pushers"
expires
Thu, 27 Oct 2022 16:06:35 GMT
jquery.form-validator.min.js
cdnjs.cloudflare.com/ajax/libs/jquery-form-validator/2.3.26/
29 KB
8 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery-form-validator/2.3.26/jquery.form-validator.min.js
Requested by
Host: mail.tycoonresort.com
URL: https://mail.tycoonresort.com/wells/index6.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.18.94 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f1264020dbe3f8813dceb1e15a7d5f4a48f2142e413cb310e7a256f4999d949a
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://mail.tycoonresort.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 27 Oct 2021 16:09:20 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
3974817
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
8247
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:11:46 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03ec2-72c7"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ofpGhPHR0huxvUNsQwnOj%2BakvGUri6gAJSXX5G4D9K1bJnv7XDLMdjEG6tlWQiEm7o%2BwVXfO71l8aOv%2FzJcdVpXvHczMRBQXB%2F6aKya721X%2BKcpcB7RDQd21mzIDkqR8oqbati3z"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
6a4d302f9da2278c-PRG
expires
Mon, 17 Oct 2022 16:09:20 GMT
truncated
/
428 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
03de4b9cf46dd5570223a4f4b3f57a02b609fc53430d95c2f265e8b6368713a3

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type
image/svg+xml
b87d1abf881446b2bae0d8204029d20a9b85e656-l.woff2
mail.tycoonresort.com/wells/Spox/Files/css/
3 KB
3 KB
Font
General
Full URL
https://mail.tycoonresort.com/wells/Spox/Files/css/b87d1abf881446b2bae0d8204029d20a9b85e656-l.woff2
Requested by
Host: mail.tycoonresort.com
URL: https://mail.tycoonresort.com/wells/index6.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.215.253.215 Provo, United States, ASN394695 (PUBLIC-DOMAIN-REGISTRY, US),
Reverse DNS
cp-49.webhostbox.net
Software
Apache /
Resource Hash
f8c2d30ba6ef255b8b4a6b6402acb19c796137cebcf58866d391799b1f52ecbd

Request headers

Referer
https://mail.tycoonresort.com/wells/index6.php
Origin
https://mail.tycoonresort.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 27 Oct 2021 16:09:20 GMT
last-modified
Sat, 14 Aug 2021 08:22:48 GMT
server
Apache
accept-ranges
bytes
content-length
3208
content-type
font/woff2
b87d1abf881446b2bae0d8204029d20a9b85e656-d.woff
mail.tycoonresort.com/wells/Spox/Files/css/
25 KB
25 KB
Font
General
Full URL
https://mail.tycoonresort.com/wells/Spox/Files/css/b87d1abf881446b2bae0d8204029d20a9b85e656-d.woff
Requested by
Host: mail.tycoonresort.com
URL: https://mail.tycoonresort.com/wells/index6.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.215.253.215 Provo, United States, ASN394695 (PUBLIC-DOMAIN-REGISTRY, US),
Reverse DNS
cp-49.webhostbox.net
Software
Apache /
Resource Hash
8bb7974183ff975132235b0da28f9eb00d607ce863ed24ae71219ec96a38b5ef

Request headers

Referer
https://mail.tycoonresort.com/wells/index6.php
Origin
https://mail.tycoonresort.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 27 Oct 2021 16:09:20 GMT
last-modified
Sat, 14 Aug 2021 08:22:48 GMT
server
Apache
accept-ranges
bytes
content-length
25244
content-type
font/woff

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Wells Fargo (Banking)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler function| $ function| jQuery object| jQuery11020097579499260398 function| reCaptchaLoaded

0 Cookies

2 Console Messages

Source Level URL
Text
other warning URL: https://mail.tycoonresort.com/wells/index6.php
Message:
Failed to decode downloaded font: https://mail.tycoonresort.com/wells/Spox/Files/css/b87d1abf881446b2bae0d8204029d20a9b85e656-l.woff2
other warning URL: https://mail.tycoonresort.com/wells/index6.php
Message:
OTS parsing error: Failed to convert WOFF 2.0 font to SFNT