dr-denmark.com Open in urlscan Pro
2606:4700:3035::6812:240b Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://fvzzy.com/link/231c9f9bee01c7b86055723bf1d8d527/47b7fba5e9a06e56a2c5bf563b2a3881
Effective URL:
http://dr-denmark.com/prelander/437/index.php?gs=tag5e8593362669a2.96291326&prehit=933c2bd4ba826e59f2666c9abf79c3fbe3c...
Submission: On April 02 via manual (April 2nd 2020, 6:48:20 am UTC) from IN

Summary HTTP 78 Redirects Behaviour Indicators

Summary

This website contacted 12 IPs in 7 countries across 11 domains to perform 78 HTTP transactions. The main IP is 2606:4700:3035::6812:240b, located in United States and belongs to CLOUDFLARENET, US. The main domain is dr-denmark.com.

This is the only time dr-denmark.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Lion's Den Scam (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 1	51.15.247.31 51.15.247.31	12876 (Online SAS) (Online SAS)
1 60	2606:4700:303... 2606:4700:3035::6812:240b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:816::200a	15169 (GOOGLE) (GOOGLE)
1	23.111.9.35 23.111.9.35	33438 (HIGHWINDS2) (HIGHWINDS2)
1	2606:4700::68... 2606:4700::6810:5914	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6811:4004	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2001:4de0:ac1... 2001:4de0:ac19::1:b:1a	20446 (HIGHWINDS3) (HIGHWINDS3)
1	2606:4700:10:... 2606:4700:10::6814:15ef	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	5.9.145.34 5.9.145.34	24940 (HETZNER-AS) (HETZNER-AS)
4	2a04:4e42:1b:... 2a04:4e42:1b::622	54113 (FASTLY) (FASTLY)
2	2606:4700::68... 2606:4700::6811:4104	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	147.75.102.203 147.75.102.203	54825 (PACKET) (PACKET)
1	52.215.241.11 52.215.241.11	16509 (AMAZON-02) (AMAZON-02)
78	12

1 51.15.247.31 (France) 1 redirects

ASN12876 (Online SAS, FR)
PTR: fvzzy.com

fvzzy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

60 2606:4700:3035::6812:240b (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

dr-denmark.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:816::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.111.9.35 (Phoenix, United States)

ASN33438 (HIGHWINDS2, US)

use.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5914 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6811:4004 (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac19::1:b:1a (Netherlands)

ASN20446 (HIGHWINDS3, US)

stackpath.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6814:15ef (United States)

ASN13335 (CLOUDFLARENET, US)

rum-static.pingdom.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 5.9.145.34 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: anothervision.com

console.re	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a04:4e42:1b::622 (Ascension Island)

ASN54113 (FASTLY, US)

fast.wistia.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6811:4104 (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 147.75.102.203 (Central, Hong Kong)

ASN54825 (PACKET, US)
PTR: pkt-ams-k2-shared-ingress3

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
vars.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.215.241.11 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-215-241-11.eu-west-1.compute.amazonaws.com

rum-collector-2.pingdom.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
60	dr-denmark.com 1 redirects dr-denmark.com	2 MB
4	hotjar.com static.hotjar.com script.hotjar.com vars.hotjar.com	73 KB
4	wistia.net fast.wistia.net	130 KB
4	cloudflare.com cdnjs.cloudflare.com	27 KB
2	pingdom.net rum-static.pingdom.net rum-collector-2.pingdom.net	3 KB
1	console.re console.re	98 KB
1	bootstrapcdn.com stackpath.bootstrapcdn.com	14 KB
1	jsdelivr.net cdn.jsdelivr.net	7 KB
1	fontawesome.com use.fontawesome.com	11 KB
1	googleapis.com fonts.googleapis.com	1 KB
1	fvzzy.com 1 redirects fvzzy.com	1 KB
78	11

	Domain	Requested by
60	dr-denmark.com	1 redirects dr-denmark.com
4	fast.wistia.net	dr-denmark.com fast.wistia.net
4	cdnjs.cloudflare.com	dr-denmark.com
2	static.hotjar.com	dr-denmark.com
1	rum-collector-2.pingdom.net	rum-static.pingdom.net
1	vars.hotjar.com	static.hotjar.com
1	script.hotjar.com	static.hotjar.com
1	console.re	dr-denmark.com
1	rum-static.pingdom.net	dr-denmark.com
1	stackpath.bootstrapcdn.com	dr-denmark.com
1	cdn.jsdelivr.net	dr-denmark.com
1	use.fontawesome.com	dr-denmark.com
1	fonts.googleapis.com	dr-denmark.com
1	fvzzy.com	1 redirects
78	14

This site contains no links.

Subject Issuer	Validity	Valid
*.storage.googleapis.com GTS CA 1O1	`2020-03-03` - `2020-05-26`	3 months	crt.sh
*.fontawesome.com DigiCert SHA2 Secure Server CA	`2019-10-28` - `2020-12-23`	a year	crt.sh
ssl363648.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2020-02-22` - `2020-08-30`	6 months	crt.sh
cloudflare.com CloudFlare Inc ECC CA-2	`2020-01-07` - `2020-10-09`	9 months	crt.sh
*.bootstrapcdn.com Sectigo RSA Domain Validation Secure Server CA	`2019-09-14` - `2020-10-13`	a year	crt.sh
f4.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2020-03-26` - `2021-03-18`	a year	crt.sh
static.hotjar.com Let's Encrypt Authority X3	`2020-02-03` - `2020-05-03`	3 months	crt.sh
script.hotjar.com Let's Encrypt Authority X3	`2020-02-03` - `2020-05-03`	3 months	crt.sh
vars.hotjar.com Let's Encrypt Authority X3	`2020-02-03` - `2020-05-03`	3 months	crt.sh

This page contains 4 frames:

Primary Page: http://dr-denmark.com/prelander/437/index.php?gs=tag5e8593362669a2.96291326&prehit=933c2bd4ba826e59f2666c9abf79c3fbe3ca753d&s2=47b7fba5e9a06e56a2c5bf563b2a3881&oq=1585812278
Frame ID: 073B213BA09D23419A7C18836FAB0FEA
Requests: 36 HTTP requests in this frame

Frame: http://dr-denmark.com/prelander/437/images/
Frame ID: 5EE96DF1F0AF18924DBFDF1EF4B33699
Requests: 40 HTTP requests in this frame

Frame: https://fast.wistia.net/embed/iframe/ahwa5z79s0?seo=false&videoFoam=true
Frame ID: 5B3F41B1E1AD0CBC9B5F77BA81698D59
Requests: 1 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-469cf41adb11dc78be68c1ae7f9457a4.html
Frame ID: 03A4FB8EA47511AA902DE901935CB405
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://fvzzy.com/link/231c9f9bee01c7b86055723bf1d8d527/47b7fba5e9a06e56a2c5bf563b2a3881 HTTP 302
http://dr-denmark.com/gopre/12ed51686a83dff335014f5960cf94a4/PRLND5e7c7ec8233f86.12416030/s1=28b66... HTTP 302
http://dr-denmark.com/prelander/437/index.php?gs=tag5e8593362669a2.96291326&prehit=933c2bd4ba826e5... Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i

Varnish (Cache Tools) Expand

Overall confidence: 100%
Detected patterns

headers via /varnish(?: $Varnish\/([\d.]+)$)?/i

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Page Statistics

78
Requests

21 %
HTTPS

62 %
IPv6

11
Domains

14
Subdomains

12
IPs

7
Countries

2370 kB
Transfer

3635 kB
Size

7
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://fvzzy.com/link/231c9f9bee01c7b86055723bf1d8d527/47b7fba5e9a06e56a2c5bf563b2a3881 HTTP 302
http://dr-denmark.com/gopre/12ed51686a83dff335014f5960cf94a4/PRLND5e7c7ec8233f86.12416030/s1=28b660ab25c437528279dd8f19263ca4&s2=47b7fba5e9a06e56a2c5bf563b2a3881&s3=58_3027859 HTTP 302
http://dr-denmark.com/prelander/437/index.php?gs=tag5e8593362669a2.96291326&prehit=933c2bd4ba826e59f2666c9abf79c3fbe3ca753d&s2=47b7fba5e9a06e56a2c5bf563b2a3881&oq=1585812278 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

78 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request index.php Show response
dr-denmark.com/prelander/437/
Redirect Chain

http://fvzzy.com/link/231c9f9bee01c7b86055723bf1d8d527/47b7fba5e9a06e56a2c5bf563b2a3881
http://dr-denmark.com/gopre/12ed51686a83dff335014f5960cf94a4/PRLND5e7c7ec8233f86.12416030/s1=28b660ab25c437528279dd8f19263ca4&s2=47b7fba5e9a06e56a2c5bf563b2a3881&s3=58_3027859
http://dr-denmark.com/prelander/437/index.php?gs=tag5e8593362669a2.96291326&prehit=933c2bd4ba826e59f2666c9abf79c3fbe3ca753d&s2=47b7fba5e9a06e56a2c5bf563b2a3881&oq=1585812278

34 KB
10 KB

74ms
73ms

Document
text/html

2606:4700:3035::6812:240b
CLOUDFLARENET

General

Domain/Path	Expires	Name / Value
dr-denmark.com/prelander/437/images	1970-01-19 08:30:19	Name: pa Value: pa=sid%3Dv9kgzf0d%26sst%3D1585810084%26sis%3D1%26rv%3D0
.dr-denmark.com/	1970-01-19 17:02:48	Name: _hjid Value: 9c9cb1e0-1176-4f55-9750-9f03d0ef15b9
dr-denmark.com/	1970-01-19 08:30:17	Name: XSRF-TOKEN Value: eyJpdiI6IkZuZUR3azdPSkozYk1MWThNcTdDK3c9PSIsInZhbHVlIjoiMjJhQTF2OWRrekFBMFYzbmg3MnpyYmdTMmRFWldJQzE2YUQ3MzBQYTlkMDlcL2x5ZUVvZzJhUUlsN0xsZmY0SzEiLCJtYWMiOiIxZDZhMWViMTMyNzAyZjQzYzEzYTkyZTlkY2ZkNDk3Njg4NmRmM2I1YWFmNjRkNWZmNmRmMjYxMGEzZTJkMGUxIn0%3D
dr-denmark.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: s4mopn6klc41b3jnm0gsvk7gd5
dr-denmark.com/	1970-01-19 08:30:17	Name: laravel_session Value: eyJpdiI6IkxlU216Qjk5MHlidVlKdVNhSDZyZVE9PSIsInZhbHVlIjoiUVVGOGh4a0ZcLzNaZkI0OVh6Z0I3MHlRYkZwXC9wRGRTWG9STzBzcGdwaGZSVUVNQ3dZSUJ5N2FWRHliUW9jaTlXIiwibWFjIjoiOGM1ZTJlOGIzZjlhNTVhZmYxZDY1ZmNkNzdlNWM4YTkyNDgyYTM3ZWJkOTFkMDJhZTM0ZWY3MGEwMDU2YTY2YSJ9
fast.wistia.net/embed/iframe	1969-12-31 23:59:59	Name: loglevel Value: WARN
.dr-denmark.com/	1970-01-19 09:13:22	Name: __cfduid Value: d031c3566b4e6a422dc81a29b594205af1585810081

dr-denmark.com Open in urlscan Pro 2606:4700:3035::6812:240b Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

78 Requests

21 %HTTPS

62 %IPv6

11 Domains

14 Subdomains

12 IPs

7 Countries

2370 kBTransfer

3635 kBSize

7 Cookies

0 Outgoing links

Page URL History

Redirected requests

78 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

dr-denmark.com Open in urlscan Pro
2606:4700:3035::6812:240b Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

78
Requests

21 %
HTTPS

62 %
IPv6

11
Domains

14
Subdomains

12
IPs

7
Countries

2370 kB
Transfer

3635 kB
Size

7
Cookies

78 HTTP transactions
0 data transactions