urlscan.io logo urlscan.io
SecurityTrails logo

baysidemedicalgroup.net Open in urlscan Pro
173.246.36.221  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://baysidemedicalgroup.net/roller/ent.server/signn?sslchannel=true&sessionid=uSmAFPSeZ6RAWAEBbv9Kp59v3iyUwjqmTG9rj9EiqoAcf5...
Submission: On March 10 via automatic, source openphish — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 2 countries across 4 domains to perform 14 HTTP transactions. The main IP is 173.246.36.221, located in Fort Lauderdale, United States and belongs to BIZNESSHOSTING-DBA-VOLICO, US. The main domain is baysidemedicalgroup.net.
TLS certificate: Issued by R3 on January 14th 2023. Valid for: 3 months.
This is the only time baysidemedicalgroup.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Ent Credit Union (Financial)

Domain & IP information

IP Address AS Autonomous System
6 173.246.36.221 33724 (BIZNESSHO...)
4 2a02:26f0:480... 20940 (AKAMAI-ASN1)
2 2606:4700::68... 13335 (CLOUDFLAR...)
1 2600:9000:223... 16509 (AMAZON-02)
1 2a02:26f0:780... 20940 (AKAMAI-ASN1)
14 6
6    173.246.36.221 (Fort Lauderdale, United States)

ASN33724 (BIZNESSHOSTING-DBA-VOLICO, US)
baysidemedicalgroup.net
4    2a02:26f0:480:e::210:f10f (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
use.typekit.net
2    2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
1    2600:9000:223f:1400:0:99b9:cd80:93a1 (United States)

ASN16509 (AMAZON-02, US)
libs.salemove.com
1    2a02:26f0:780::5f65:3681 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
p.typekit.net
Apex Domain
Subdomains		 Transfer
6 baysidemedicalgroup.net
baysidemedicalgroup.net
71 KB
5 typekit.net
use.typekit.net — Cisco Umbrella Rank: 416
p.typekit.net — Cisco Umbrella Rank: 551
194 KB
2 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 196
82 KB
1 salemove.com
libs.salemove.com — Cisco Umbrella Rank: 20903
114 KB
14 4
Domain Requested by
6 baysidemedicalgroup.net baysidemedicalgroup.net
4 use.typekit.net baysidemedicalgroup.net
use.typekit.net
2 cdnjs.cloudflare.com baysidemedicalgroup.net
cdnjs.cloudflare.com
1 p.typekit.net use.typekit.net
1 libs.salemove.com baysidemedicalgroup.net
14 5

This site contains links to these domains. Also see Links.

Domain
www.ent.com
Subject Issuer Validity Valid
baysidemedicalgroup.net
R3		 2023-01-14 -
2023-04-14		 3 months crt.sh
use.typekit.net
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-09-14 -
2023-10-15		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-08-03 -
2023-08-02		 a year crt.sh
*.glia.com
Amazon RSA 2048 M02		 2023-02-24 -
2023-08-16		 6 months crt.sh

This page contains 1 frames:

Primary Page: https://baysidemedicalgroup.net/roller/ent.server/signn?sslchannel=true&sessionid=uSmAFPSeZ6RAWAEBbv9Kp59v3iyUwjqmTG9rj9EiqoAcf5y4B4ooN1M6vIqTYK1y5YtMM9kLchQyExTStvYZ9NiID0m4v9lnzH5B7XW9mpnl7677b8A9j4prIJQ7ZRO3ClfruMW9WhRiTZ4PPcV4KT
Frame ID: 9636BE421C85CF70F3957D8663738518
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Log In | Ent Online Banking

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • <link [^>]*href="[^"]+use\.typekit\.(?:net|com)

Page Statistics

14
Requests

100 %
HTTPS

80 %
IPv6

4
Domains

5
Subdomains

6
IPs

2
Countries

461 kB
Transfer

1134 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request signn
baysidemedicalgroup.net/roller/ent.server/ 		22 KB
11 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://baysidemedicalgroup.net/roller/ent.server/signn?sslchannel=true&sessionid=uSmAFPSeZ6RAWAEBbv9Kp59v3iyUwjqmTG9rj9EiqoAcf5y4B4ooN1M6vIqTYK1y5YtMM9kLchQyExTStvYZ9NiID0m4v9lnzH5B7XW9mpnl7677b8A9j4prIJQ7ZRO3ClfruMW9WhRiTZ4PPcV4KT
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
173.246.36.221 Fort Lauderdale, United States, ASN33724 (BIZNESSHOSTING-DBA-VOLICO, US),
Reverse DNS
Software
Apache/2.4.46 (Ubuntu) /
Resource Hash
82d4f89fd20948bdbc3ae9cb44053f82598a3e5da670b9e0efb8d54429bd0bb0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-store, no-cache, must-revalidate
Connection
Keep-Alive
Content-Encoding
gzip
Content-Length
10558
Content-Type
text/html; charset=UTF-8
Date
Fri, 10 Mar 2023 05:09:16 GMT
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive
timeout=5, max=100
Pragma
no-cache
Server
Apache/2.4.46 (Ubuntu)
Vary
Accept-Encoding
bjh0ewy.css
use.typekit.net/ 		13 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/bjh0ewy.css
Requested by
Host: baysidemedicalgroup.net
URL: https://baysidemedicalgroup.net/roller/ent.server/signn?sslchannel=true&sessionid=uSmAFPSeZ6RAWAEBbv9Kp59v3iyUwjqmTG9rj9EiqoAcf5y4B4ooN1M6vIqTYK1y5YtMM9kLchQyExTStvYZ9NiID0m4v9lnzH5B7XW9mpnl7677b8A9j4prIJQ7ZRO3ClfruMW9WhRiTZ4PPcV4KT
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:e::210:f10f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
113f3ca91167899853f4fdbfeeed9be755c0857dd0dfad477e3f91c035baea49
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://baysidemedicalgroup.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains;
content-encoding
gzip
date
Fri, 10 Mar 2023 05:09:17 GMT
server
nginx
vary
Accept-Encoding
content-type
text/css;charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=600, stale-while-revalidate=604800
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
1322
vendor.36ec3a08.css
baysidemedicalgroup.net/roller/ent.server/assets/csps/ 		216 KB
33 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://baysidemedicalgroup.net/roller/ent.server/assets/csps/vendor.36ec3a08.css
Requested by
Host: baysidemedicalgroup.net
URL: https://baysidemedicalgroup.net/roller/ent.server/signn?sslchannel=true&sessionid=uSmAFPSeZ6RAWAEBbv9Kp59v3iyUwjqmTG9rj9EiqoAcf5y4B4ooN1M6vIqTYK1y5YtMM9kLchQyExTStvYZ9NiID0m4v9lnzH5B7XW9mpnl7677b8A9j4prIJQ7ZRO3ClfruMW9WhRiTZ4PPcV4KT
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
173.246.36.221 Fort Lauderdale, United States, ASN33724 (BIZNESSHOSTING-DBA-VOLICO, US),
Reverse DNS
Software
Apache/2.4.46 (Ubuntu) /
Resource Hash
8cde9f9f2f7ffc277e35dd423f57e8f10a2deba6b5ab2039e3bf4ae8654cb682

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://baysidemedicalgroup.net/roller/ent.server/signn?sslchannel=true&sessionid=uSmAFPSeZ6RAWAEBbv9Kp59v3iyUwjqmTG9rj9EiqoAcf5y4B4ooN1M6vIqTYK1y5YtMM9kLchQyExTStvYZ9NiID0m4v9lnzH5B7XW9mpnl7677b8A9j4prIJQ7ZRO3ClfruMW9WhRiTZ4PPcV4KT
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Date
Fri, 10 Mar 2023 05:09:16 GMT
Content-Encoding
gzip
Last-Modified
Tue, 07 Mar 2023 10:39:16 GMT
Server
Apache/2.4.46 (Ubuntu)
ETag
"36088-5f64d05eebd00-gzip"
Vary
Accept-Encoding
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
33842
main.1e398acc.css
baysidemedicalgroup.net/roller/ent.server/assets/csps/ 		222 KB
10 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://baysidemedicalgroup.net/roller/ent.server/assets/csps/main.1e398acc.css
Requested by
Host: baysidemedicalgroup.net
URL: https://baysidemedicalgroup.net/roller/ent.server/signn?sslchannel=true&sessionid=uSmAFPSeZ6RAWAEBbv9Kp59v3iyUwjqmTG9rj9EiqoAcf5y4B4ooN1M6vIqTYK1y5YtMM9kLchQyExTStvYZ9NiID0m4v9lnzH5B7XW9mpnl7677b8A9j4prIJQ7ZRO3ClfruMW9WhRiTZ4PPcV4KT
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
173.246.36.221 Fort Lauderdale, United States, ASN33724 (BIZNESSHOSTING-DBA-VOLICO, US),
Reverse DNS
Software
Apache/2.4.46 (Ubuntu) /
Resource Hash
bb86f86818edf9a28a68b1bb9e948fbab277079dc54728b6ead04f1aa2f790f8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://baysidemedicalgroup.net/roller/ent.server/signn?sslchannel=true&sessionid=uSmAFPSeZ6RAWAEBbv9Kp59v3iyUwjqmTG9rj9EiqoAcf5y4B4ooN1M6vIqTYK1y5YtMM9kLchQyExTStvYZ9NiID0m4v9lnzH5B7XW9mpnl7677b8A9j4prIJQ7ZRO3ClfruMW9WhRiTZ4PPcV4KT
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Date
Fri, 10 Mar 2023 05:09:16 GMT
Content-Encoding
gzip
Last-Modified
Tue, 07 Mar 2023 10:39:58 GMT
Server
Apache/2.4.46 (Ubuntu)
ETag
"37944-5f64d086f9b80-gzip"
Vary
Accept-Encoding
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
9412
styles.css
baysidemedicalgroup.net/roller/ent.server/assets/csps/ 		22 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://baysidemedicalgroup.net/roller/ent.server/assets/csps/styles.css
Requested by
Host: baysidemedicalgroup.net
URL: https://baysidemedicalgroup.net/roller/ent.server/signn?sslchannel=true&sessionid=uSmAFPSeZ6RAWAEBbv9Kp59v3iyUwjqmTG9rj9EiqoAcf5y4B4ooN1M6vIqTYK1y5YtMM9kLchQyExTStvYZ9NiID0m4v9lnzH5B7XW9mpnl7677b8A9j4prIJQ7ZRO3ClfruMW9WhRiTZ4PPcV4KT
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
173.246.36.221 Fort Lauderdale, United States, ASN33724 (BIZNESSHOSTING-DBA-VOLICO, US),
Reverse DNS
Software
Apache/2.4.46 (Ubuntu) /
Resource Hash
49e4c2df0872212afbc62f24a369e2941204653e0cf6a7f9068fce3aa10e29c9

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://baysidemedicalgroup.net/roller/ent.server/signn?sslchannel=true&sessionid=uSmAFPSeZ6RAWAEBbv9Kp59v3iyUwjqmTG9rj9EiqoAcf5y4B4ooN1M6vIqTYK1y5YtMM9kLchQyExTStvYZ9NiID0m4v9lnzH5B7XW9mpnl7677b8A9j4prIJQ7ZRO3ClfruMW9WhRiTZ4PPcV4KT
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Date
Fri, 10 Mar 2023 05:09:17 GMT
Content-Encoding
gzip
Last-Modified
Tue, 07 Mar 2023 12:16:02 GMT
Server
Apache/2.4.46 (Ubuntu)
ETag
"56f0-5f64e5fff4480-gzip"
Vary
Accept-Encoding
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
3346
font-awesome.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/ 		37 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css
Requested by
Host: baysidemedicalgroup.net
URL: https://baysidemedicalgroup.net/roller/ent.server/signn?sslchannel=true&sessionid=uSmAFPSeZ6RAWAEBbv9Kp59v3iyUwjqmTG9rj9EiqoAcf5y4B4ooN1M6vIqTYK1y5YtMM9kLchQyExTStvYZ9NiID0m4v9lnzH5B7XW9mpnl7677b8A9j4prIJQ7ZRO3ClfruMW9WhRiTZ4PPcV4KT
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
36e0a7e08bee65774168528938072c536437669c1b7458ac77976ec788e4439c
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
Origin
https://baysidemedicalgroup.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Fri, 10 Mar 2023 05:09:16 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
7290175
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
5884
last-modified
Mon, 04 May 2020 16:10:07 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03e5f-9226"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ykWPFmmWcCQuga0UJOc7VtI74LAKKBbFV0ZQ5P6mhwCylcVmTQTPcHMXDaicv4K46ZBoU6BfCqwaWBaUSrfTUIM4Z0jVhpSM0FPJI8KY6m8ub3EbpLqm%2F7CmM0L09WbB2EBmdS7%2FBgmMiYjWgSnsYpAx"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
7a590b6b88f68fe9-FRA
expires
Wed, 28 Feb 2024 05:09:16 GMT
visitor-app.80743354.default.css
libs.salemove.com/ 		315 KB
114 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://libs.salemove.com/visitor-app.80743354.default.css
Requested by
Host: baysidemedicalgroup.net
URL: https://baysidemedicalgroup.net/roller/ent.server/signn?sslchannel=true&sessionid=uSmAFPSeZ6RAWAEBbv9Kp59v3iyUwjqmTG9rj9EiqoAcf5y4B4ooN1M6vIqTYK1y5YtMM9kLchQyExTStvYZ9NiID0m4v9lnzH5B7XW9mpnl7677b8A9j4prIJQ7ZRO3ClfruMW9WhRiTZ4PPcV4KT
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223f:1400:0:99b9:cd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
3f353e7e704bf80cb6885128c1f4759e45f632a9decfc06601aa3f1c67c8a5b3
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://baysidemedicalgroup.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Mon, 06 Mar 2023 10:20:53 GMT
strict-transport-security
max-age=63072000; includeSubdomains; preload
content-encoding
gzip
via
1.1 b6be6ee8d445cfa291adcacd75a3fb12.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P5
age
326904
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Mon, 06 Mar 2023 09:16:57 GMT
server
AmazonS3
x-amz-meta-s3cmd-attrs
md5:8711648991f4ee2d4d4a480abb49bbbf
etag
W/"8711648991f4ee2d4d4a480abb49bbbf"
vary
Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method,Origin
content-type
text/css
cache-control
max-age=31536000
x-amz-cf-id
VB1ghj2j8axL-eyBwaSswKT-VR_kzZb2Mda1d5cLDX3wQ6upM208cw==
ncua.c8630dbf.png
baysidemedicalgroup.net/roller/ent.server/assets/csps/ 		12 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://baysidemedicalgroup.net/roller/ent.server/assets/csps/ncua.c8630dbf.png
Requested by
Host: baysidemedicalgroup.net
URL: https://baysidemedicalgroup.net/roller/ent.server/signn?sslchannel=true&sessionid=uSmAFPSeZ6RAWAEBbv9Kp59v3iyUwjqmTG9rj9EiqoAcf5y4B4ooN1M6vIqTYK1y5YtMM9kLchQyExTStvYZ9NiID0m4v9lnzH5B7XW9mpnl7677b8A9j4prIJQ7ZRO3ClfruMW9WhRiTZ4PPcV4KT
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
173.246.36.221 Fort Lauderdale, United States, ASN33724 (BIZNESSHOSTING-DBA-VOLICO, US),
Reverse DNS
Software
Apache/2.4.46 (Ubuntu) /
Resource Hash
560fd3e537cc4bb9f6ba03c8ae68778d6217b037db1be9b82a50440a602b7725

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://baysidemedicalgroup.net/roller/ent.server/signn?sslchannel=true&sessionid=uSmAFPSeZ6RAWAEBbv9Kp59v3iyUwjqmTG9rj9EiqoAcf5y4B4ooN1M6vIqTYK1y5YtMM9kLchQyExTStvYZ9NiID0m4v9lnzH5B7XW9mpnl7677b8A9j4prIJQ7ZRO3ClfruMW9WhRiTZ4PPcV4KT
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Date
Fri, 10 Mar 2023 05:09:17 GMT
Last-Modified
Tue, 07 Mar 2023 10:48:02 GMT
Server
Apache/2.4.46 (Ubuntu)
ETag
"3049-5f64d2548dc80"
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
12361
truncated
/ 		929 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5c822ac42a3c4b5e4480190640a6cb38a3de93da836ceb9a5f7ab5d3ac02de51

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
dfe5ad62a6a746e2d8693eb319717057d5ad1db070940bde96c8530161487492

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		5 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9c65597dd6ac95c51d315bb74f54942f1039812505b8adf0e3ef263f9d839275

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type
image/png
p.css
p.typekit.net/ 		5 B
181 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://p.typekit.net/p.css?s=1&k=bjh0ewy&ht=tk&f=18456.18457.18458.18460.18461.22705.37555.32854.32855.32861.32862.32863.32864.32867.32868.32869.32870.32872&a=10162005&app=typekit&e=css
Requested by
Host: use.typekit.net
URL: https://use.typekit.net/bjh0ewy.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:780::5f65:3681 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://use.typekit.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Fri, 10 Mar 2023 05:09:17 GMT
last-modified
Sat, 16 Oct 2021 08:18:43 GMT
server
nginx
etag
"616a8ae3-5"
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=604800
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
5
d8f10800a50e29d08462edd9163a6d18.svg
baysidemedicalgroup.net/roller/ent.server/assets/csps/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://baysidemedicalgroup.net/roller/ent.server/assets/csps/d8f10800a50e29d08462edd9163a6d18.svg
Requested by
Host: baysidemedicalgroup.net
URL: https://baysidemedicalgroup.net/roller/ent.server/assets/csps/styles.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
173.246.36.221 Fort Lauderdale, United States, ASN33724 (BIZNESSHOSTING-DBA-VOLICO, US),
Reverse DNS
Software
Apache/2.4.46 (Ubuntu) /
Resource Hash
b7dae6bd9ece0e8a99328534cb45e49db075d93c65d49dec10ecd8d3f397aa5c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://baysidemedicalgroup.net/roller/ent.server/assets/csps/styles.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Date
Fri, 10 Mar 2023 05:09:17 GMT
Last-Modified
Tue, 07 Mar 2023 10:48:54 GMT
Server
Apache/2.4.46 (Ubuntu)
ETag
"4a7-5f64d28625180"
Content-Type
image/svg+xml
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
1191
l
use.typekit.net/af/bcdde2/00000000000000003b9af1d8/27/ 		64 KB
64 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/bcdde2/00000000000000003b9af1d8/27/l?primer=f592e0a4b9356877842506ce344308576437e4f677d7c9b78ca2162e6cad991a&fvd=n4&v=3
Requested by
Host: use.typekit.net
URL: https://use.typekit.net/bjh0ewy.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:e::210:f10f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
eec2cb838f76cfdf9254021a3247670aba0afb0dfdaa26f901114a3eaaed4c29

Request headers

Referer
https://use.typekit.net/bjh0ewy.css
Origin
https://baysidemedicalgroup.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Fri, 10 Mar 2023 05:09:17 GMT
server
nginx
etag
"39fcbcccdc182545b47e239448f1c81501bae443"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
65044
l
use.typekit.net/af/ab749c/00000000000000003b9af1da/27/ 		64 KB
64 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/ab749c/00000000000000003b9af1da/27/l?primer=f592e0a4b9356877842506ce344308576437e4f677d7c9b78ca2162e6cad991a&fvd=n5&v=3
Requested by
Host: use.typekit.net
URL: https://use.typekit.net/bjh0ewy.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:e::210:f10f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
4e6b3ef425ab736614f94fbe9328cfd0b90f3479bca1071aaa4400847ed21405

Request headers

Referer
https://use.typekit.net/bjh0ewy.css
Origin
https://baysidemedicalgroup.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Fri, 10 Mar 2023 05:09:17 GMT
server
nginx
etag
"4549db46ac4ae6393a61e42460bb5406bfabeffe"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
65044
l
use.typekit.net/af/8db0ad/00000000000000003b9af1df/27/ 		64 KB
65 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/8db0ad/00000000000000003b9af1df/27/l?primer=f592e0a4b9356877842506ce344308576437e4f677d7c9b78ca2162e6cad991a&fvd=n7&v=3
Requested by
Host: use.typekit.net
URL: https://use.typekit.net/bjh0ewy.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:e::210:f10f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
681b0c00d0eb207178a979ce2dce8afdce278bdb1c419eb31f18d0ab59a55af5

Request headers

Referer
https://use.typekit.net/bjh0ewy.css
Origin
https://baysidemedicalgroup.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Fri, 10 Mar 2023 05:09:17 GMT
server
nginx
etag
"070d3fad7fa4a2f1a4648b83e9ad3b82d8f8b2d8"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
65776
fontawesome-webfont.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/ 		75 KB
76 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d792afdac7f7ae5de7c6964950c6c61dc6e3f3813180a59e141c7cb4ac4364dc
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css
Origin
https://baysidemedicalgroup.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Fri, 10 Mar 2023 05:09:17 GMT
strict-transport-security
max-age=15780000
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
1215243
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
77160
last-modified
Mon, 04 May 2020 16:10:07 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03e5f-12d68"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b9fXGOqwRQ8wO7LOzpbbtBlDUqhSwzHMpEP4wServ1hVhxy1Ni5PKSuB8pRBp4aWmZH7OnwuAnvopnql89UeyMzHmpmpU4psmI%2Ff0cI41oUx8ITxjgV0cooKOk5liKBtf8VkRVvtZix4GYIXcXvjFWFO"}],"group":"cf-nel","max_age":604800}
content-type
application/octet-stream; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
7a590b720cd98fe9-FRA
expires
Wed, 28 Feb 2024 05:09:17 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Ent Credit Union (Financial)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless

1 Cookies

Domain/Path Name / Value
baysidemedicalgroup.net/ Name: PHPSESSID
Value: d5emsqll35d6ib27c7b043ok9c