www.tycoonresort.com Open in urlscan Pro
162.215.253.215 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://www.tycoonresort.com/wells/index2.php
Submission: On October 26 via api (October 26th 2021, 4:05:02 pm UTC) from US — Scanned from DE

Summary HTTP 14 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 1 countries across 4 domains to perform 14 HTTP transactions. The main IP is 162.215.253.215, located in Provo, United States and belongs to PUBLIC-DOMAIN-REGISTRY, US. The main domain is www.tycoonresort.com.

This is the only time www.tycoonresort.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Wells Fargo (Banking)

Domain & IP information

	IP Address	AS Autonomous System
9	162.215.253.215 162.215.253.215	394695 (PUBLIC-DO...) (PUBLIC-DOMAIN-REGISTRY)
2	104.16.18.94 104.16.18.94	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	159.45.2.177 159.45.2.177	10837 (WELLSFARG...) (WELLSFARGO-10837)
1	142.250.184.202 142.250.184.202	15169 (GOOGLE) (GOOGLE)
14	5

9 162.215.253.215 (Provo, United States)

ASN394695 (PUBLIC-DOMAIN-REGISTRY, US)
PTR: cp-49.webhostbox.net

www.tycoonresort.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.16.18.94 (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 159.45.2.177 (Charlotte, United States)

ASN10837 (WELLSFARGO-10837, US)

apply.wellsfargo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.184.202 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f10.1e100.net

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	tycoonresort.com www.tycoonresort.com	160 KB
2	wellsfargo.com apply.wellsfargo.com	7 KB
2	cloudflare.com cdnjs.cloudflare.com	13 KB
1	googleapis.com ajax.googleapis.com	33 KB
14	4

	Domain	Requested by
9	www.tycoonresort.com	www.tycoonresort.com
2	apply.wellsfargo.com	www.tycoonresort.com
2	cdnjs.cloudflare.com	www.tycoonresort.com
1	ajax.googleapis.com	www.tycoonresort.com
14	4

This site contains no links.

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-09-21` - `2022-09-20`	a year	crt.sh
apply.wellsfargo.com Wells Fargo Public Trust Certification Authority 01 G2	`2020-05-22` - `2022-05-26`	2 years	crt.sh

This page contains 1 frames:

Primary Page: http://www.tycoonresort.com/wells/index2.php
Frame ID: 9A18E5377C5A0B9FD9072E1A251A2421
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Wells Fargo - Verification - Credit card

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
/([\d.]+)/jquery(?:\.min)?\.js

Page Statistics

14
Requests

29 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

5
IPs

1
Countries

213 kB
Transfer

573 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 10

http://cdnjs.cloudflare.com/ajax/libs/jquery-form-validator/2.3.26/jquery.form-validator.min.js HTTP 307
https://cdnjs.cloudflare.com/ajax/libs/jquery-form-validator/2.3.26/jquery.form-validator.min.js

14 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request index2.php Show response
www.tycoonresort.com/wells/ 13 KB
4 KB 597ms
469ms Document
text/html 162.215.253.215
PUBLIC-DOMAIN-REG...

General

Check archive.org

Show headers Download Go to

Full URL: http://www.tycoonresort.com/wells/index2.php
Protocol: HTTP/1.1
Server: 162.215.253.215 Provo, United States, ASN394695 (PUBLIC-DOMAIN-REGISTRY, US),
Reverse DNS: cp-49.webhostbox.net
Software: nginx/1.19.10 /
Resource Hash: 6191ba247b99268950d8d378ab134438645660bb6f3d9be9c01e3696f1ec670d

Request headers

Host: www.tycoonresort.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

Date: Tue, 26 Oct 2021 16:04:56 GMT
Server: nginx/1.19.10
Content-Type: text/html; charset=UTF-8
Content-Length: 4211
Vary: Accept-Encoding
Content-Encoding: gzip
X-Server-Cache: false

GET
H/1.1 200
OK jquery.mobile.css
www.tycoonresort.com/wells/Spox/Files/css/ 203 KB
61 KB 156ms
155ms Stylesheet
text/css 162.215.253.215
PUBLIC-DOMAIN-REG...

General

Check archive.org

Show headers Download Go to

Full URL: http://www.tycoonresort.com/wells/Spox/Files/css/jquery.mobile.css?v=19.10.00
Requested by: Host: www.tycoonresort.com
URL: http://www.tycoonresort.com/wells/index2.php
Protocol: HTTP/1.1
Server: 162.215.253.215 Provo, United States, ASN394695 (PUBLIC-DOMAIN-REGISTRY, US),
Reverse DNS: cp-49.webhostbox.net
Software: Apache /
Resource Hash: a1f1132059ae29789542297e710d6d45e60307f961d25acccb12ddb30f8d1bcc

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.tycoonresort.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://www.tycoonresort.com/wells/index2.php
Connection: keep-alive
Cache-Control: no-cache
Accept-Language: de-DE,de;q=0.9
Referer: http://www.tycoonresort.com/wells/index2.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Tue, 26 Oct 2021 16:04:56 GMT
Content-Encoding: gzip
Last-Modified: Sat, 14 Aug 2021 08:22:48 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/css
Transfer-Encoding: chunked
Accept-Ranges: bytes

GET
H/1.1 200
OK normalize.css
www.tycoonresort.com/wells/Spox/Files/css/ 10 KB
3 KB 305ms
162ms Stylesheet
text/css 162.215.253.215
PUBLIC-DOMAIN-REG...

General

Check archive.org

Show headers Download Go to

Full URL: http://www.tycoonresort.com/wells/Spox/Files/css/normalize.css
Requested by: Host: www.tycoonresort.com
URL: http://www.tycoonresort.com/wells/index2.php
Protocol: HTTP/1.1
Server: 162.215.253.215 Provo, United States, ASN394695 (PUBLIC-DOMAIN-REGISTRY, US),
Reverse DNS: cp-49.webhostbox.net
Software: Apache /
Resource Hash: 63d910a3715bd8f824d9d437757feb308c85e4e24e1ef7b325aab73758c09317

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.tycoonresort.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://www.tycoonresort.com/wells/index2.php
Connection: keep-alive
Cache-Control: no-cache
Accept-Language: de-DE,de;q=0.9
Referer: http://www.tycoonresort.com/wells/index2.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Tue, 26 Oct 2021 16:04:57 GMT
Content-Encoding: gzip
Last-Modified: Sat, 14 Aug 2021 08:22:48 GMT
Server: Apache
Vary: Accept-Encoding
Upgrade: h2,h2c
Connection: Upgrade
Accept-Ranges: bytes
Content-Type: text/css
Content-Length: 3285

GET
H/1.1 200
OK Wells-Fargo-LIVE-Div.css
www.tycoonresort.com/wells/Spox/Files/css/ 17 KB
5 KB 294ms
151ms Stylesheet
text/css 162.215.253.215
PUBLIC-DOMAIN-REG...

General

Check archive.org

Show headers Download Go to

Full URL: http://www.tycoonresort.com/wells/Spox/Files/css/Wells-Fargo-LIVE-Div.css
Requested by: Host: www.tycoonresort.com
URL: http://www.tycoonresort.com/wells/index2.php
Protocol: HTTP/1.1
Server: 162.215.253.215 Provo, United States, ASN394695 (PUBLIC-DOMAIN-REGISTRY, US),
Reverse DNS: cp-49.webhostbox.net
Software: Apache /
Resource Hash: 2386527068c0b19cc0b2dc5a4b76b3c102b6a2568ade4f32f23d13b5d6f9afae

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.tycoonresort.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://www.tycoonresort.com/wells/index2.php
Connection: keep-alive
Cache-Control: no-cache
Accept-Language: de-DE,de;q=0.9
Referer: http://www.tycoonresort.com/wells/index2.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Tue, 26 Oct 2021 16:04:57 GMT
Content-Encoding: gzip
Last-Modified: Sat, 14 Aug 2021 08:22:48 GMT
Server: Apache
Vary: Accept-Encoding
Upgrade: h2,h2c
Connection: Upgrade
Accept-Ranges: bytes
Content-Type: text/css
Content-Length: 4817

GET
H/1.1 200
OK ClientPage.css
www.tycoonresort.com/wells/Spox/Files/css/ 11 KB
4 KB 293ms
150ms Stylesheet
text/css 162.215.253.215
PUBLIC-DOMAIN-REG...

General

Check archive.org

Show headers Download Go to

Full URL: http://www.tycoonresort.com/wells/Spox/Files/css/ClientPage.css
Requested by: Host: www.tycoonresort.com
URL: http://www.tycoonresort.com/wells/index2.php
Protocol: HTTP/1.1
Server: 162.215.253.215 Provo, United States, ASN394695 (PUBLIC-DOMAIN-REGISTRY, US),
Reverse DNS: cp-49.webhostbox.net
Software: Apache /
Resource Hash: aa895698c9c0f84a8dac6d9b464e06705f962a32cac4a9bebcb8d9afdf24437f

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.tycoonresort.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://www.tycoonresort.com/wells/index2.php
Connection: keep-alive
Cache-Control: no-cache
Accept-Language: de-DE,de;q=0.9
Referer: http://www.tycoonresort.com/wells/index2.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Tue, 26 Oct 2021 16:04:57 GMT
Content-Encoding: gzip
Last-Modified: Sat, 14 Aug 2021 08:22:48 GMT
Server: Apache
Vary: Accept-Encoding
Upgrade: h2,h2c
Connection: Upgrade
Accept-Ranges: bytes
Content-Type: text/css
Content-Length: 3453

GET
H/1.1 200
OK desktop-tablet.combined.css
www.tycoonresort.com/wells/Spox/Files/css/ 152 KB
49 KB 313ms
170ms Stylesheet
text/css 162.215.253.215
PUBLIC-DOMAIN-REG...

General

Check archive.org

Show headers Download Go to

Full URL: http://www.tycoonresort.com/wells/Spox/Files/css/desktop-tablet.combined.css?v=19.10.00
Requested by: Host: www.tycoonresort.com
URL: http://www.tycoonresort.com/wells/index2.php
Protocol: HTTP/1.1
Server: 162.215.253.215 Provo, United States, ASN394695 (PUBLIC-DOMAIN-REGISTRY, US),
Reverse DNS: cp-49.webhostbox.net
Software: Apache /
Resource Hash: bf4628b837543890b9a57138f0bcf7bc2a432419ded8a2df325c99246c87e0c2

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.tycoonresort.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://www.tycoonresort.com/wells/index2.php
Connection: keep-alive
Cache-Control: no-cache
Accept-Language: de-DE,de;q=0.9
Referer: http://www.tycoonresort.com/wells/index2.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Tue, 26 Oct 2021 16:04:57 GMT
Content-Encoding: gzip
Last-Modified: Sat, 14 Aug 2021 08:22:48 GMT
Server: Apache
Vary: Accept-Encoding
Upgrade: h2,h2c
Transfer-Encoding: chunked
Connection: Upgrade
Accept-Ranges: bytes
Content-Type: text/css

GET
H2 200 security.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery-form-validator/2.3.26/ 10 KB
5 KB 39ms
16ms Script
application/javascript 104.16.18.94
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery-form-validator/2.3.26/security.js

Requested by

Host: www.tycoonresort.com
URL: http://www.tycoonresort.com/wells/index2.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.18.94 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

12259f95809becba637b634e15c3a623fbefa3f7973b40e1aedf42c5d95dfdc4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tycoonresort.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 26 Oct 2021 16:04:56 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 470384
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 3902
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:11:46 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ec2-2793"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wi3FzCHgrW6wFah%2BMvQUmiS%2BRrN719nzLquau6Qbkrb7ag2pnmwe5ahDsBfPlj3uwu%2ByGNirIuGMAxEHnMlsXo9BEE2Q0Wo9MLCztc1wVjNJLMHLKYW786qaZhqr8SNhAc9mBgfj"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6a44ec5f8b64faf6-DUS
expires: Sun, 16 Oct 2022 16:04:56 GMT

GET
H/1.1 200
OK lol1.svg
www.tycoonresort.com/wells/Spox/Files/img/ 6 KB
6 KB 154ms
154ms Image
image/svg+xml 162.215.253.215
PUBLIC-DOMAIN-REG...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.tycoonresort.com/wells/Spox/Files/img/lol1.svg
Requested by: Host: www.tycoonresort.com
URL: http://www.tycoonresort.com/wells/index2.php
Protocol: HTTP/1.1
Server: 162.215.253.215 Provo, United States, ASN394695 (PUBLIC-DOMAIN-REGISTRY, US),
Reverse DNS: cp-49.webhostbox.net
Software: Apache /
Resource Hash: 5f7d5fb148b72d2c8c3a459d94eb65d1c927da54c1ecb43f9bddfe6449730cfe

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.tycoonresort.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://www.tycoonresort.com/wells/index2.php
Connection: keep-alive
Cache-Control: no-cache
Accept-Language: de-DE,de;q=0.9
Referer: http://www.tycoonresort.com/wells/index2.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Tue, 26 Oct 2021 16:04:57 GMT
Last-Modified: Sat, 14 Aug 2021 08:22:46 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 5740
Content-Type: image/svg+xml

GET
H/1.1 200 visa.svg
apply.wellsfargo.com/assets/images/osmp/ 1 KB
2 KB 497ms
127ms Image
image/svg+xml 159.45.2.177
WELLSFARGO-10837

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://apply.wellsfargo.com/assets/images/osmp/visa.svg

Requested by

Host: www.tycoonresort.com
URL: http://www.tycoonresort.com/wells/index2.php

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

159.45.2.177 Charlotte, United States, ASN10837 (WELLSFARGO-10837, US),

Reverse DNS

Software

KONICHIWA/1.1 /

Resource Hash

44539b5f80bc87b91fba5dab40e5b8105c99d3ba5e07375d41c49679c9206564

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tycoonresort.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000;includeSubDomains
X-Content-Type-Options: nosniff
Last-Modified: Sat, 12 Nov 2016 13:01:24 GMT
Server: KONICHIWA/1.1
ETag: W/"1351-1478955684000"
X-Frame-Options: DENY
Content-Type: image/svg+xml
Date: Tue, 26 Oct 2021 16:04:57 GMT
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=600
Content-Length: 1351
X-XSS-Protection: 1; mode=block

GET
H/1.1 200 mastercard.svg
apply.wellsfargo.com/assets/images/osmp/ 4 KB
5 KB 507ms
126ms Image
image/svg+xml 159.45.2.177
WELLSFARGO-10837

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://apply.wellsfargo.com/assets/images/osmp/mastercard.svg

Requested by

Host: www.tycoonresort.com
URL: http://www.tycoonresort.com/wells/index2.php

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

159.45.2.177 Charlotte, United States, ASN10837 (WELLSFARGO-10837, US),

Reverse DNS

Software

KONICHIWA/1.1 /

Resource Hash

550971f29c4ea9d9c88c9408fb3c5f4f8348b7ce234905e76a9bd06201f2dc24

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tycoonresort.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000;includeSubDomains
X-Content-Type-Options: nosniff
Last-Modified: Sat, 12 Nov 2016 13:01:24 GMT
Server: KONICHIWA/1.1
ETag: W/"4488-1478955684000"
X-Frame-Options: DENY
Content-Type: image/svg+xml
Date: Tue, 26 Oct 2021 16:04:57 GMT
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=600
Content-Length: 4488
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.10.2/ 91 KB
33 KB 47ms
24ms Script
text/javascript 142.250.184.202
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js

Requested by

Host: www.tycoonresort.com
URL: http://www.tycoonresort.com/wells/index2.php

Protocol

HTTP/1.1

Server

142.250.184.202 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f10.1e100.net

Software

sffe /

Resource Hash

89a15e9c40bc6b14809f236ee8cd3ed1ea42393c1f6ca55c7855cd779b3f922e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tycoonresort.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Tue, 26 Oct 2021 09:39:58 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Age: 23099
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
Cross-Origin-Resource-Policy: cross-origin
Content-Length: 32954
X-XSS-Protection: 0
Last-Modified: Tue, 03 Mar 2020 19:15:00 GMT
Server: sffe
Vary: Accept-Encoding
Report-To: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
Content-Type: text/javascript; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000
Accept-Ranges: bytes
Timing-Allow-Origin: *
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="hosted-libraries-pushers"
Expires: Wed, 26 Oct 2022 09:39:58 GMT

GET
H2

200

jquery.form-validator.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery-form-validator/2.3.26/
Redirect Chain

http://cdnjs.cloudflare.com/ajax/libs/jquery-form-validator/2.3.26/jquery.form-validator.min.js
https://cdnjs.cloudflare.com/ajax/libs/jquery-form-validator/2.3.26/jquery.form-validator.min.js

29 KB
8 KB

25ms
24ms

Script
application/javascript

104.16.18.94
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery-form-validator/2.3.26/jquery.form-validator.min.js

Requested by

Host: www.tycoonresort.com
URL: http://www.tycoonresort.com/wells/index2.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.18.94 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f1264020dbe3f8813dceb1e15a7d5f4a48f2142e413cb310e7a256f4999d949a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tycoonresort.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 26 Oct 2021 16:04:57 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 2420682
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 8247
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:11:46 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ec2-72c7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cTf38HryBOctHSAtI4S3%2FYSUCCLVKjsVvdZF7zyu9aSBSosK1NiYZ%2FuCEL%2BYxi%2BA5g5fyM5UhcZ17DDLlSy3JLGHW0M7dt6DIlQd5MJ%2FkU6xIIH6hPk4e1rV1udv0B4%2FLq9Jy9K7"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6a44ec629e8ffaf6-DUS
expires: Sun, 16 Oct 2022 16:04:57 GMT

Redirect headers

Location: https://cdnjs.cloudflare.com/ajax/libs/jquery-form-validator/2.3.26/jquery.form-validator.min.js
Non-Authoritative-Reason: HSTS

GET
DATA 200
OK truncated
/ 428 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 03de4b9cf46dd5570223a4f4b3f57a02b609fc53430d95c2f265e8b6368713a3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tycoonresort.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H/1.1 200
OK b87d1abf881446b2bae0d8204029d20a9b85e656-l.woff2
www.tycoonresort.com/wells/Spox/Files/css/ 3 KB
3 KB 152ms
152ms Font
font/woff2 162.215.253.215
PUBLIC-DOMAIN-REG...

General

Check archive.org

Show headers Download Go to

Full URL: http://www.tycoonresort.com/wells/Spox/Files/css/b87d1abf881446b2bae0d8204029d20a9b85e656-l.woff2
Requested by: Host: www.tycoonresort.com
URL: http://www.tycoonresort.com/wells/index2.php
Protocol: HTTP/1.1
Server: 162.215.253.215 Provo, United States, ASN394695 (PUBLIC-DOMAIN-REGISTRY, US),
Reverse DNS: cp-49.webhostbox.net
Software: Apache /
Resource Hash: f8c2d30ba6ef255b8b4a6b6402acb19c796137cebcf58866d391799b1f52ecbd

Request headers

Pragma: no-cache
Origin: http://www.tycoonresort.com
Accept-Encoding: gzip, deflate
Host: www.tycoonresort.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept: */*
Cache-Control: no-cache
Referer: http://www.tycoonresort.com/wells/index2.php
Connection: keep-alive
Referer: http://www.tycoonresort.com/wells/index2.php
Origin: http://www.tycoonresort.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Tue, 26 Oct 2021 16:04:57 GMT
Last-Modified: Sat, 14 Aug 2021 08:22:48 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 3208
Content-Type: font/woff2

GET
H/1.1 200
OK b87d1abf881446b2bae0d8204029d20a9b85e656-d.woff
www.tycoonresort.com/wells/Spox/Files/css/ 25 KB
25 KB 169ms
169ms Font
font/woff 162.215.253.215
PUBLIC-DOMAIN-REG...

General

Check archive.org

Show headers Download Go to

Full URL: http://www.tycoonresort.com/wells/Spox/Files/css/b87d1abf881446b2bae0d8204029d20a9b85e656-d.woff
Requested by: Host: www.tycoonresort.com
URL: http://www.tycoonresort.com/wells/index2.php
Protocol: HTTP/1.1
Server: 162.215.253.215 Provo, United States, ASN394695 (PUBLIC-DOMAIN-REGISTRY, US),
Reverse DNS: cp-49.webhostbox.net
Software: Apache /
Resource Hash: 8bb7974183ff975132235b0da28f9eb00d607ce863ed24ae71219ec96a38b5ef

Request headers

Pragma: no-cache
Origin: http://www.tycoonresort.com
Accept-Encoding: gzip, deflate
Host: www.tycoonresort.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept: */*
Cache-Control: no-cache
Referer: http://www.tycoonresort.com/wells/index2.php
Connection: keep-alive
Referer: http://www.tycoonresort.com/wells/index2.php
Origin: http://www.tycoonresort.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Tue, 26 Oct 2021 16:04:57 GMT
Last-Modified: Sat, 14 Aug 2021 08:22:48 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 25244
Content-Type: font/woff

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Wells Fargo (Banking)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			apply.wellsfargo.com/	1969-12-31 23:59:59	Name: ISD_OSM_COOKIE Value: dNxDGyEQb+tcy7vOM8djC+/N/LsGCGdKk1S0exm/HciByufNINZ02DIdP8RGhBDg9uU27rseTbEzTSYAAAAB

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: http://www.tycoonresort.com/wells/index2.php Message: Failed to decode downloaded font: http://www.tycoonresort.com/wells/Spox/Files/css/b87d1abf881446b2bae0d8204029d20a9b85e656-l.woff2
other	warning	URL: http://www.tycoonresort.com/wells/index2.php Message: OTS parsing error: Failed to convert WOFF 2.0 font to SFNT

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
apply.wellsfargo.com
cdnjs.cloudflare.com
www.tycoonresort.com
104.16.18.94
142.250.184.202
159.45.2.177
162.215.253.215
03de4b9cf46dd5570223a4f4b3f57a02b609fc53430d95c2f265e8b6368713a3
12259f95809becba637b634e15c3a623fbefa3f7973b40e1aedf42c5d95dfdc4
2386527068c0b19cc0b2dc5a4b76b3c102b6a2568ade4f32f23d13b5d6f9afae
44539b5f80bc87b91fba5dab40e5b8105c99d3ba5e07375d41c49679c9206564
550971f29c4ea9d9c88c9408fb3c5f4f8348b7ce234905e76a9bd06201f2dc24
5f7d5fb148b72d2c8c3a459d94eb65d1c927da54c1ecb43f9bddfe6449730cfe
6191ba247b99268950d8d378ab134438645660bb6f3d9be9c01e3696f1ec670d
63d910a3715bd8f824d9d437757feb308c85e4e24e1ef7b325aab73758c09317
89a15e9c40bc6b14809f236ee8cd3ed1ea42393c1f6ca55c7855cd779b3f922e
8bb7974183ff975132235b0da28f9eb00d607ce863ed24ae71219ec96a38b5ef
a1f1132059ae29789542297e710d6d45e60307f961d25acccb12ddb30f8d1bcc
aa895698c9c0f84a8dac6d9b464e06705f962a32cac4a9bebcb8d9afdf24437f
bf4628b837543890b9a57138f0bcf7bc2a432419ded8a2df325c99246c87e0c2
f1264020dbe3f8813dceb1e15a7d5f4a48f2142e413cb310e7a256f4999d949a
f8c2d30ba6ef255b8b4a6b6402acb19c796137cebcf58866d391799b1f52ecbd

www.tycoonresort.com Open in urlscan Pro 162.215.253.215 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

14 Requests

29 %HTTPS

0 %IPv6

4 Domains

4 Subdomains

5 IPs

1 Countries

213 kBTransfer

573 kBSize

1 Cookies

0 Outgoing links

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

6 JavaScript Global Variables

1 Cookies

2 Console Messages

Indicators

www.tycoonresort.com Open in urlscan Pro
162.215.253.215 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

29 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

5
IPs

1
Countries

213 kB
Transfer

573 kB
Size

1
Cookies

14 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!