www.villanives.com Open in urlscan Pro
173.199.184.24 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://www.villanives.com/wp/wellsfargo/update.html?request_type=LogLogonHandler&location=us_logon1
Submission: On May 22 via automatic, source openphish (May 22nd 2019, 7:02:33 am UTC)

Summary HTTP 10 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 10 HTTP transactions. The main IP is 173.199.184.24, located in Lansing, United States and belongs to ,. The main domain is www.villanives.com.

This is the only time www.villanives.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Wells Fargo (Banking)

Domain & IP information

	IP Address		AS Autonomous System
1 11	173.199.184.24 173.199.184.24		32244 () ()
10	2

11 173.199.184.24 (Lansing, United States) 1 redirects

ASN32244 (,)
PTR: host.pressmax.net

www.villanives.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
villanives.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	villanives.com 1 redirects www.villanives.com villanives.com	190 KB
10	1

	Domain	Requested by
10	www.villanives.com	1 redirects www.villanives.com
1	villanives.com	www.villanives.com
10	2

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://www.villanives.com/wp/wellsfargo/update.html?request_type=LogLogonHandler&location=us_logon1
Frame ID: 5C299068D96C2B8569C8919AD10E9401
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

LiteSpeed (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /^LiteSpeed$/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

env /^jQuery$/i

Page Statistics

10
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

2
Subdomains

2
IPs

1
Countries

190 kB
Transfer

606 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 12

http://www.villanives.com/assets/images/osmp/loader-sm.gif HTTP 301
http://villanives.com/assets/images/osmp/loader-sm.gif

10 HTTP transactions
4 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request update.html Show response www.villanives.com/wp/wellsfargo/	24 KB 6 KB	264ms 125ms	Document text/html	173.199.184.24
General Check archive.org Show headers Download Go to Full URL http://www.villanives.com/wp/wellsfargo/update.html?request_type=LogLogonHandler&location=us_logon1 Protocol HTTP/1.1 Server 173.199.184.24 Lansing, United States, ASN32244 (,), Reverse DNS host.pressmax.net Software LiteSpeed / Resource Hash `ba4129aadbb88a55d41b8a518a59a2fdaaa77f1051ba02762f63c91cbb64464f` Request headers Host www.villanives.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3 Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Last-Modified Tue, 15 Aug 2017 10:40:11 GMT Content-Type text/html Content-Length 5574 Content-Encoding gzip Vary Accept-Encoding Date Wed, 22 May 2019 07:02:16 GMT Accept-Ranges bytes Server LiteSpeed Connection Keep-Alive
GET H/1.1	200 OK	jquery.mobileec92.css www.villanives.com/wp/wellsfargo/css/	78 KB 16 KB	126ms 125ms	Stylesheet text/css	173.199.184.24
General Check archive.org Show headers Download Go to Full URL http://www.villanives.com/wp/wellsfargo/css/jquery.mobileec92.css?v= Requested by Host: www.villanives.com URL: http://www.villanives.com/wp/wellsfargo/update.html?request_type=LogLogonHandler&location=us_logon1 Protocol HTTP/1.1 Server 173.199.184.24 Lansing, United States, ASN32244 (,), Reverse DNS host.pressmax.net Software LiteSpeed / Resource Hash `41f65e2f54a0cdf9aae7a8504590ef6acb2c16ad62f441355d44be2f5ae2f803` Request headers Referer http://www.villanives.com/wp/wellsfargo/update.html?request_type=LogLogonHandler&location=us_logon1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 22 May 2019 07:02:16 GMT Content-Encoding gzip Last-Modified Mon, 31 Aug 2015 20:34:02 GMT Server LiteSpeed Vary Accept-Encoding Content-Type text/css Cache-Control public, max-age=604800 Connection Keep-Alive Accept-Ranges bytes Content-Length 16227 Expires Wed, 29 May 2019 07:02:16 GMT
GET H/1.1	200 OK	desktop-tablet.combinedec92.css www.villanives.com/wp/wellsfargo/css/	129 KB 30 KB	256ms 120ms	Stylesheet text/css	173.199.184.24
General Check archive.org Show headers Download Go to Full URL http://www.villanives.com/wp/wellsfargo/css/desktop-tablet.combinedec92.css?v= Requested by Host: www.villanives.com URL: http://www.villanives.com/wp/wellsfargo/update.html?request_type=LogLogonHandler&location=us_logon1 Protocol HTTP/1.1 Server 173.199.184.24 Lansing, United States, ASN32244 (,), Reverse DNS host.pressmax.net Software LiteSpeed / Resource Hash `e5e35268c6ace67d34dcb88594fa3fc43ed095b9f1a7560de8967a2039f39fc4` Request headers Referer http://www.villanives.com/wp/wellsfargo/update.html?request_type=LogLogonHandler&location=us_logon1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 22 May 2019 07:02:16 GMT Content-Encoding gzip Last-Modified Mon, 31 Aug 2015 20:40:28 GMT Server LiteSpeed Vary Accept-Encoding Content-Type text/css Cache-Control public, max-age=604800 Connection Keep-Alive Accept-Ranges bytes Content-Length 30633 Expires Wed, 29 May 2019 07:02:16 GMT
GET H/1.1	200 OK	wf-logo.gif www.villanives.com/wp/wellsfargo/assets/images/global/	4 KB 4 KB	277ms 131ms	Image image/gif	173.199.184.24
General Check archive.org Show headers Download Go to Show image Full URL http://www.villanives.com/wp/wellsfargo/assets/images/global/wf-logo.gif Requested by Host: www.villanives.com URL: http://www.villanives.com/wp/wellsfargo/update.html?request_type=LogLogonHandler&location=us_logon1 Protocol HTTP/1.1 Server 173.199.184.24 Lansing, United States, ASN32244 (,), Reverse DNS host.pressmax.net Software LiteSpeed / Resource Hash `edc5ee3b590dae17b0eb19063c34680c15ee144d13583d006e6a7976b69cd2db` Request headers Referer http://www.villanives.com/wp/wellsfargo/update.html?request_type=LogLogonHandler&location=us_logon1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 22 May 2019 07:02:16 GMT Last-Modified Sat, 15 Nov 2014 17:20:02 GMT Server LiteSpeed Content-Type image/gif Cache-Control public, max-age=604800 Connection Keep-Alive Accept-Ranges bytes Content-Length 3718 Expires Wed, 29 May 2019 07:02:16 GMT
GET H/1.1	200 OK	jquery.combinedec92.js Show response www.villanives.com/wp/wellsfargo/javascript/	309 KB 111 KB	256ms 120ms	Script application/javascript	173.199.184.24
General Check archive.org Show headers Download Go to Full URL http://www.villanives.com/wp/wellsfargo/javascript/jquery.combinedec92.js?v= Requested by Host: www.villanives.com URL: http://www.villanives.com/wp/wellsfargo/update.html?request_type=LogLogonHandler&location=us_logon1 Protocol HTTP/1.1 Server 173.199.184.24 Lansing, United States, ASN32244 (,), Reverse DNS host.pressmax.net Software LiteSpeed / Resource Hash `755a4380b386badbf92bb5fb674942733e09b9df0fea44f39191b0b87ade1b1e` Request headers Referer http://www.villanives.com/wp/wellsfargo/update.html?request_type=LogLogonHandler&location=us_logon1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 22 May 2019 07:02:16 GMT Content-Encoding gzip Last-Modified Mon, 31 Aug 2015 20:40:28 GMT Server LiteSpeed Vary Accept-Encoding Content-Type application/javascript Cache-Control public, max-age=604800 Connection Keep-Alive Accept-Ranges bytes Content-Length 113820 Expires Wed, 29 May 2019 07:02:16 GMT
GET H/1.1	200 OK	desktop-tablet.combinedec92.js Show response www.villanives.com/wp/wellsfargo/javascript/	58 KB 18 KB	266ms 125ms	Script application/javascript	173.199.184.24
General Check archive.org Show headers Download Go to Full URL http://www.villanives.com/wp/wellsfargo/javascript/desktop-tablet.combinedec92.js?v= Requested by Host: www.villanives.com URL: http://www.villanives.com/wp/wellsfargo/update.html?request_type=LogLogonHandler&location=us_logon1 Protocol HTTP/1.1 Server 173.199.184.24 Lansing, United States, ASN32244 (,), Reverse DNS host.pressmax.net Software LiteSpeed / Resource Hash `bf09007ac554fd6a0e119113238ff10e8c560842c5f53ad031fa6a4859e11542` Request headers Referer http://www.villanives.com/wp/wellsfargo/update.html?request_type=LogLogonHandler&location=us_logon1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 22 May 2019 07:02:16 GMT Content-Encoding gzip Last-Modified Mon, 31 Aug 2015 20:40:28 GMT Server LiteSpeed Vary Accept-Encoding Content-Type application/javascript Cache-Control public, max-age=604800 Connection Keep-Alive Accept-Ranges bytes Content-Length 18245 Expires Wed, 29 May 2019 07:02:16 GMT
GET H/1.1	200 OK	loader-sm.gif www.villanives.com/wp/wellsfargo/assets/images/osmp/	1 KB 2 KB	121ms 121ms	Image image/gif	173.199.184.24
General Check archive.org Show headers Download Go to Show image Full URL http://www.villanives.com/wp/wellsfargo/assets/images/osmp/loader-sm.gif Requested by Host: www.villanives.com URL: http://www.villanives.com/wp/wellsfargo/javascript/jquery.combinedec92.js?v= Protocol HTTP/1.1 Server 173.199.184.24 Lansing, United States, ASN32244 (,), Reverse DNS host.pressmax.net Software LiteSpeed / Resource Hash `03d86f34db46f2d600926047d935ece5636899bd46cb9ad04d526d11ebd28308` Request headers Referer http://www.villanives.com/wp/wellsfargo/css/desktop-tablet.combinedec92.css?v= User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 22 May 2019 07:02:17 GMT Last-Modified Sun, 14 Sep 2014 04:05:08 GMT Server LiteSpeed Content-Type image/gif Cache-Control public, max-age=604800 Connection Keep-Alive Accept-Ranges bytes Content-Length 1519 Expires Wed, 29 May 2019 07:02:17 GMT
GET DATA	200 OK	truncated /	926 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `00ad27c585cb12f51f9087349e4dab2088f70343cfbad5309e204f176969040f` Request headers Referer http://www.villanives.com/wp/wellsfargo/css/desktop-tablet.combinedec92.css?v= User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Content-Type image/svg+xml;charset=US-ASCII
GET H/1.1	200 OK	btn-icon-search.png www.villanives.com/wp/wellsfargo/assets/images/osmp/	1 KB 2 KB	122ms 121ms	Image image/png	173.199.184.24
General Check archive.org Show headers Download Go to Show image Full URL http://www.villanives.com/wp/wellsfargo/assets/images/osmp/btn-icon-search.png Requested by Host: www.villanives.com URL: http://www.villanives.com/wp/wellsfargo/javascript/jquery.combinedec92.js?v= Protocol HTTP/1.1 Server 173.199.184.24 Lansing, United States, ASN32244 (,), Reverse DNS host.pressmax.net Software LiteSpeed / Resource Hash `81aac32d4a7ff60babc93d38baaab739c55773843757258afbae01e23288c6cc` Request headers Referer http://www.villanives.com/wp/wellsfargo/css/desktop-tablet.combinedec92.css?v= User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 22 May 2019 07:02:17 GMT Last-Modified Sun, 14 Sep 2014 04:05:08 GMT Server LiteSpeed Content-Type image/png Cache-Control public, max-age=604800 Connection Keep-Alive Accept-Ranges bytes Content-Length 1369 Expires Wed, 29 May 2019 07:02:17 GMT
GET DATA	200 OK	truncated /	428 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `0d4c1faf314c56aa4dcbacb09ef48ca4a69c18501c14092e6e9dddd7382da1cf` Request headers Referer http://www.villanives.com/wp/wellsfargo/css/desktop-tablet.combinedec92.css?v= User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Content-Type image/svg+xml;charset=US-ASCII
GET H/1.1	200 OK	bg-footer.png www.villanives.com/wp/wellsfargo/assets/images/osmp/	563 B 855 B	126ms 126ms	Image image/png	173.199.184.24
General Check archive.org Show headers Download Go to Show image Full URL http://www.villanives.com/wp/wellsfargo/assets/images/osmp/bg-footer.png Requested by Host: www.villanives.com URL: http://www.villanives.com/wp/wellsfargo/javascript/jquery.combinedec92.js?v= Protocol HTTP/1.1 Server 173.199.184.24 Lansing, United States, ASN32244 (,), Reverse DNS host.pressmax.net Software LiteSpeed / Resource Hash `5bfcab24a46256e24aa81c6b2eae41344010d13d3445ba2997b8674888d6019c` Request headers Referer http://www.villanives.com/wp/wellsfargo/css/desktop-tablet.combinedec92.css?v= User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 22 May 2019 07:02:17 GMT Last-Modified Sun, 14 Sep 2014 04:05:08 GMT Server LiteSpeed Content-Type image/png Cache-Control public, max-age=604800 Connection Keep-Alive Accept-Ranges bytes Content-Length 563 Expires Wed, 29 May 2019 07:02:17 GMT
GET DATA	200 OK	truncated /	43 B 0		Image image/gif
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363` Request headers Referer http://www.villanives.com/wp/wellsfargo/css/jquery.mobileec92.css?v= User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Content-Type image/gif
GET DATA	200 OK	truncated /	34 B 0		Image image/gif
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `1e85ec81b9800b4c443d39caca0d0926089a3ac201120db1ceb45b93789480b8` Request headers Referer http://www.villanives.com/wp/wellsfargo/update.html?request_type=LogLogonHandler&location=us_logon1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Content-Type image/gif
GET H/1.1	404 Not Found	loader-sm.gif villanives.com/assets/images/osmp/ Redirect Chain http://www.villanives.com/assets/images/osmp/loader-sm.gif http://villanives.com/assets/images/osmp/loader-sm.gif	0 0	591ms 335ms	Image text/html	173.199.184.24
General Check archive.org Show headers Download Go to Show image Full URL http://villanives.com/assets/images/osmp/loader-sm.gif Requested by Host: www.villanives.com URL: http://www.villanives.com/wp/wellsfargo/update.html?request_type=LogLogonHandler&location=us_logon1 Protocol HTTP/1.1 Server 173.199.184.24 Lansing, United States, ASN32244 (,), Reverse DNS host.pressmax.net Software / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer http://www.villanives.com/wp/wellsfargo/update.html?request_type=LogLogonHandler&location=us_logon1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Redirect headers Pragma no-cache Date Wed, 22 May 2019 07:02:17 GMT Server LiteSpeed X-Powered-By PHP/5.6.40 Content-Type text/html; charset=UTF-8 Location http://villanives.com/assets/images/osmp/loader-sm.gif Cache-Control no-cache, must-revalidate, max-age=0 Connection Keep-Alive Accept-Ranges bytes Content-Length 0 Expires Wed, 11 Jan 1984 05:00:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Wells Fargo (Banking)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

villanives.com
www.villanives.com
173.199.184.24
00ad27c585cb12f51f9087349e4dab2088f70343cfbad5309e204f176969040f
03d86f34db46f2d600926047d935ece5636899bd46cb9ad04d526d11ebd28308
0d4c1faf314c56aa4dcbacb09ef48ca4a69c18501c14092e6e9dddd7382da1cf
1e85ec81b9800b4c443d39caca0d0926089a3ac201120db1ceb45b93789480b8
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
41f65e2f54a0cdf9aae7a8504590ef6acb2c16ad62f441355d44be2f5ae2f803
5bfcab24a46256e24aa81c6b2eae41344010d13d3445ba2997b8674888d6019c
755a4380b386badbf92bb5fb674942733e09b9df0fea44f39191b0b87ade1b1e
81aac32d4a7ff60babc93d38baaab739c55773843757258afbae01e23288c6cc
ba4129aadbb88a55d41b8a518a59a2fdaaa77f1051ba02762f63c91cbb64464f
bf09007ac554fd6a0e119113238ff10e8c560842c5f53ad031fa6a4859e11542
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5e35268c6ace67d34dcb88594fa3fc43ed095b9f1a7560de8967a2039f39fc4
edc5ee3b590dae17b0eb19063c34680c15ee144d13583d006e6a7976b69cd2db

www.villanives.com Open in urlscan Pro 173.199.184.24 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

10 Requests

0 %HTTPS

0 %IPv6

1 Domains

2 Subdomains

2 IPs

1 Countries

190 kBTransfer

606 kBSize

0 Cookies

0 Outgoing links

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

8 JavaScript Global Variables

0 Cookies

Indicators

www.villanives.com Open in urlscan Pro
173.199.184.24 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

2
Subdomains

2
IPs

1
Countries

190 kB
Transfer

606 kB
Size

0
Cookies

10 HTTP transactions
4 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!