fgdentalcare.com Open in urlscan Pro
23.235.213.235 Malicious Activity! Public Scan

URL:
http://fgdentalcare.com/r/rss.php
Submission: On May 15 via manual (May 15th 2017, 1:59:43 am UTC) from US

Summary HTTP 9 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 9 HTTP transactions. The main IP is 23.235.213.235, located in Los Angeles, United States and belongs to IMH-WEST - InMotion Hosting, Inc., US. The main domain is fgdentalcare.com.

This is the only time fgdentalcare.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Dropbox (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
2	23.235.213.235 23.235.213.235	22611 (IMH-WEST) (IMH-WEST - InMotion Hosting)
6	103.9.124.11 103.9.124.11	131711 (ORANGE-IS...) (ORANGE-ISP-AS-ID PT Global Teknologi Teraindo)
9	3

2 23.235.213.235 (Los Angeles, United States)

ASN22611 (IMH-WEST - InMotion Hosting, Inc., US)

fgdentalcare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 103.9.124.11 (Jakarta, Indonesia)

ASN131711 (ORANGE-ISP-AS-ID PT Global Teknologi Teraindo, ID)
PTR: ns1.palingpertama.com

palingpertama.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	palingpertama.com palingpertama.com Failed	104 KB
2	fgdentalcare.com fgdentalcare.com	504 B
9	2

	Domain	Requested by
6	palingpertama.com	palingpertama.com
2	fgdentalcare.com
9	2

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 2 frames:

Frame: http://palingpertama.com/nz/dropbox/
Frame ID: 19928.1
Requests: 3 HTTP requests in this frame

Frame: http://palingpertama.com/nz/dropbox/
Frame ID: 19943.1
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Statistics

9
Requests

0 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

104 kB
Transfer

104 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request rss.php Show response fgdentalcare.com/r/	261 B 268 B	336ms 185ms	Document text/html	23.235.213.235 InMotion Hosting
General Check archive.org Show headers Download Go to Full URL http://fgdentalcare.com/r/rss.php Protocol HTTP/1.1 Server 23.235.213.235 Los Angeles, United States, ASN22611 (IMH-WEST - InMotion Hosting, Inc., US), Reverse DNS Software Apache / PHP/5.5.38 Resource Hash `6c9054b2cf960e60575ae9f87bb0f7f8489be03953228ee98216e58432809f8d` Request headers Pragma no-cache Accept-Encoding gzip, deflate, sdch Host fgdentalcare.com Accept-Language en-US,en;q=0.8 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8 Cache-Control no-cache Connection keep-alive Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36 Response headers Date Mon, 15 May 2017 01:59:32 GMT Server Apache Connection Keep-Alive X-Powered-By PHP/5.5.38 Transfer-Encoding chunked Keep-Alive timeout=3, max=100 Content-Type text/html; charset=utf-8
GET		/ palingpertama.com/nz/dropbox/	0 0

GET H/1.1	404 Not Found	favicon.ico fgdentalcare.com/	236 B 236 B	152ms 151ms	Other text/html	23.235.213.235 InMotion Hosting
General Check archive.org Show headers Download Go to Full URL http://fgdentalcare.com/favicon.ico Protocol HTTP/1.1 Server 23.235.213.235 Los Angeles, United States, ASN22611 (IMH-WEST - InMotion Hosting, Inc., US), Reverse DNS Software Apache / Resource Hash `6c09a3f77e8a1ce36ffdf1bf0cff8aa9bb5c17616ba8f31db31d8b5946245362` Request headers Pragma no-cache Accept-Encoding gzip, deflate, sdch Host fgdentalcare.com Accept-Language en-US,en;q=0.8 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36 Accept image/webp,image/,/;q=0.8 Referer* http://fgdentalcare.com/r/rss.php Connection keep-alive Cache-Control no-cache Referer http://fgdentalcare.com/r/rss.php User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36 Response headers Date Mon, 15 May 2017 01:59:33 GMT Server Apache Connection Keep-Alive Keep-Alive timeout=3, max=99 Content-Length 236 Content-Type text/html; charset=iso-8859-1
GET H/1.1	200 OK	/ Show response palingpertama.com/nz/dropbox/ Frame 1994	12 KB 12 KB	662ms 221ms	Document text/html	103.9.124.11 ORANGE-ISP-AS-ID ...
General Check archive.org Show headers Download Go to Full URL http://palingpertama.com/nz/dropbox/ Protocol HTTP/1.1 Server 103.9.124.11 Jakarta, Indonesia, ASN131711 (ORANGE-ISP-AS-ID PT Global Teknologi Teraindo, ID), Reverse DNS ns1.palingpertama.com Software Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/1.0.1e-fips / PHP/5.5.30 Resource Hash `34b9fe92229eac946d103606d66ace416e995adc358267afbb413fc5aed28878` Request headers Pragma no-cache Accept-Encoding gzip, deflate, sdch Host palingpertama.com Accept-Language en-US,en;q=0.8 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8 Referer http://fgdentalcare.com/r/rss.php Connection keep-alive Cache-Control no-cache Upgrade-Insecure-Requests 1 Referer http://fgdentalcare.com/r/rss.php User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36 Response headers Date Mon, 15 May 2017 02:07:25 GMT Server Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/1.0.1e-fips X-Powered-By PHP/5.5.30 Transfer-Encoding chunked Access-Control-Allow-Methods PUT, GET, POST, DELETE, OPTIONS Content-Type text/html Access-Control-Allow-Origin * Connection Keep-Alive Access-Control-Allow-Headers origin, SOAPAction, X-Requested-With, Content-Type Keep-Alive timeout=5, max=100
GET H/1.1	200 OK	logsogo.png palingpertama.com/nz/dropbox/images/ Frame 1994	33 KB 33 KB	208ms 208ms	Image application/octet-stream	103.9.124.11 ORANGE-ISP-AS-ID ...
General Check archive.org Show headers Download Go to Show image Full URL http://palingpertama.com/nz/dropbox/images/logsogo.png Requested by Host: palingpertama.com URL: http://palingpertama.com/nz/dropbox/ Protocol HTTP/1.1 Server 103.9.124.11 Jakarta, Indonesia, ASN131711 (ORANGE-ISP-AS-ID PT Global Teknologi Teraindo, ID), Reverse DNS ns1.palingpertama.com Software Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/1.0.1e-fips / Resource Hash `162a3e951cb2895caeeb5699ed8bf31aac92a46765466cbdf1502e4b95726a2b` Request headers Pragma no-cache Accept-Encoding gzip, deflate, sdch Host palingpertama.com Accept-Language en-US,en;q=0.8 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36 Accept image/webp,image/,/;q=0.8 Referer* http://palingpertama.com/nz/dropbox/ Connection keep-alive Cache-Control no-cache Referer http://palingpertama.com/nz/dropbox/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36 Response headers Date Mon, 15 May 2017 02:07:26 GMT Last-Modified Thu, 11 May 2017 19:49:54 GMT Server Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/1.0.1e-fips ETag "24224bf-8336-54f44e48cfed5" Access-Control-Allow-Methods PUT, GET, POST, DELETE, OPTIONS Content-Type application/octet-stream Access-Control-Allow-Origin * Content-Disposition attachment Connection Keep-Alive Accept-Ranges bytes Access-Control-Allow-Headers origin, SOAPAction, X-Requested-With, Content-Type Content-Length 33590 Keep-Alive timeout=5, max=99
GET H/1.1	200 OK	foota.png palingpertama.com/nz/dropbox/images/ Frame 1994	1 KB 1 KB	220ms 219ms	Image application/octet-stream	103.9.124.11 ORANGE-ISP-AS-ID ...
General Check archive.org Show headers Download Go to Show image Full URL http://palingpertama.com/nz/dropbox/images/foota.png Requested by Host: palingpertama.com URL: http://palingpertama.com/nz/dropbox/ Protocol HTTP/1.1 Server 103.9.124.11 Jakarta, Indonesia, ASN131711 (ORANGE-ISP-AS-ID PT Global Teknologi Teraindo, ID), Reverse DNS ns1.palingpertama.com Software Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/1.0.1e-fips / Resource Hash `2b8d28b8166cd5ef3aa3e5e45f6b1a1fac95ac8c71a9a4b01f4d0eff9da2a082` Request headers Pragma no-cache Accept-Encoding gzip, deflate, sdch Host palingpertama.com Accept-Language en-US,en;q=0.8 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36 Accept image/webp,image/,/;q=0.8 Referer* http://palingpertama.com/nz/dropbox/ Connection keep-alive Cache-Control no-cache Referer http://palingpertama.com/nz/dropbox/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36 Response headers Date Mon, 15 May 2017 02:07:26 GMT Last-Modified Thu, 11 May 2017 19:49:54 GMT Server Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/1.0.1e-fips ETag "24224b7-5b2-54f44e48cfaed" Access-Control-Allow-Methods PUT, GET, POST, DELETE, OPTIONS Content-Type application/octet-stream Access-Control-Allow-Origin * Content-Disposition attachment Connection Keep-Alive Accept-Ranges bytes Access-Control-Allow-Headers origin, SOAPAction, X-Requested-With, Content-Type Content-Length 1458 Keep-Alive timeout=5, max=100
GET H/1.1	200 OK	ori.png palingpertama.com/nz/dropbox/images/ Frame 1994	10 KB 10 KB	423ms 206ms	Image application/octet-stream	103.9.124.11 ORANGE-ISP-AS-ID ...
General Check archive.org Show headers Download Go to Show image Full URL http://palingpertama.com/nz/dropbox/images/ori.png Requested by Host: palingpertama.com URL: http://palingpertama.com/nz/dropbox/ Protocol HTTP/1.1 Server 103.9.124.11 Jakarta, Indonesia, ASN131711 (ORANGE-ISP-AS-ID PT Global Teknologi Teraindo, ID), Reverse DNS ns1.palingpertama.com Software Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/1.0.1e-fips / Resource Hash `269e8e8e3043bc6904f3575dd2678a0498ca096ddbd68786c7b10723752bbee7` Request headers Pragma no-cache Accept-Encoding gzip, deflate, sdch Host palingpertama.com Accept-Language en-US,en;q=0.8 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36 Accept image/webp,image/,/;q=0.8 Referer* http://palingpertama.com/nz/dropbox/ Connection keep-alive Cache-Control no-cache Referer http://palingpertama.com/nz/dropbox/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36 Response headers Date Mon, 15 May 2017 02:07:26 GMT Last-Modified Thu, 11 May 2017 19:49:54 GMT Server Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/1.0.1e-fips ETag "24224c1-26a2-54f44e48cfed5" Access-Control-Allow-Methods PUT, GET, POST, DELETE, OPTIONS Content-Type application/octet-stream Access-Control-Allow-Origin * Content-Disposition attachment Connection Keep-Alive Accept-Ranges bytes Access-Control-Allow-Headers origin, SOAPAction, X-Requested-With, Content-Type Content-Length 9890 Keep-Alive timeout=5, max=100
GET H/1.1	200 OK	bode.png palingpertama.com/nz/dropbox/images/ Frame 1994	48 KB 48 KB	443ms 223ms	Image application/octet-stream	103.9.124.11 ORANGE-ISP-AS-ID ...
General Check archive.org Show headers Download Go to Show image Full URL http://palingpertama.com/nz/dropbox/images/bode.png Requested by Host: palingpertama.com URL: http://palingpertama.com/nz/dropbox/ Protocol HTTP/1.1 Server 103.9.124.11 Jakarta, Indonesia, ASN131711 (ORANGE-ISP-AS-ID PT Global Teknologi Teraindo, ID), Reverse DNS ns1.palingpertama.com Software Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/1.0.1e-fips / Resource Hash `9435814471bf03c933b54190eb789c09f9b06ba1cc267bcf18627b3a7c543a52` Request headers Pragma no-cache Accept-Encoding gzip, deflate, sdch Host palingpertama.com Accept-Language en-US,en;q=0.8 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36 Accept image/webp,image/,/;q=0.8 Referer* http://palingpertama.com/nz/dropbox/ Connection keep-alive Cache-Control no-cache Referer http://palingpertama.com/nz/dropbox/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36 Response headers Date Mon, 15 May 2017 02:07:26 GMT Last-Modified Thu, 11 May 2017 19:49:54 GMT Server Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/1.0.1e-fips ETag "24224b4-c002-54f44e48cfaed" Access-Control-Allow-Methods PUT, GET, POST, DELETE, OPTIONS Content-Type application/octet-stream Access-Control-Allow-Origin * Content-Disposition attachment Connection Keep-Alive Accept-Ranges bytes Access-Control-Allow-Headers origin, SOAPAction, X-Requested-With, Content-Type Content-Length 49154 Keep-Alive timeout=5, max=100
GET H/1.1	200 OK	klik.png palingpertama.com/nz/dropbox/images/ Frame 1994	134 B 134 B	1080ms 861ms	Image application/octet-stream	103.9.124.11 ORANGE-ISP-AS-ID ...
General Check archive.org Show headers Download Go to Show image Full URL http://palingpertama.com/nz/dropbox/images/klik.png Requested by Host: palingpertama.com URL: http://palingpertama.com/nz/dropbox/ Protocol HTTP/1.1 Server 103.9.124.11 Jakarta, Indonesia, ASN131711 (ORANGE-ISP-AS-ID PT Global Teknologi Teraindo, ID), Reverse DNS ns1.palingpertama.com Software Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/1.0.1e-fips / Resource Hash `9f9b5d296a92a66473a553b967c2a3d4888346fb2c256eb8f11b237e450ae226` Request headers Pragma no-cache Accept-Encoding gzip, deflate, sdch Host palingpertama.com Accept-Language en-US,en;q=0.8 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36 Accept image/webp,image/,/;q=0.8 Referer* http://palingpertama.com/nz/dropbox/ Connection keep-alive Cache-Control no-cache Referer http://palingpertama.com/nz/dropbox/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36 Response headers Date Mon, 15 May 2017 02:07:26 GMT Last-Modified Thu, 11 May 2017 19:49:54 GMT Server Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/1.0.1e-fips ETag "24224ba-86-54f44e48cfaed" Access-Control-Allow-Methods PUT, GET, POST, DELETE, OPTIONS Content-Type application/octet-stream Access-Control-Allow-Origin * Content-Disposition attachment Connection Keep-Alive Accept-Ranges bytes Access-Control-Allow-Headers origin, SOAPAction, X-Requested-With, Content-Type Content-Length 134 Keep-Alive timeout=5, max=100

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: palingpertama.com
URL: http://palingpertama.com/nz/dropbox/

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Dropbox (Consumer)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fgdentalcare.com
palingpertama.com
palingpertama.com
103.9.124.11
23.235.213.235
162a3e951cb2895caeeb5699ed8bf31aac92a46765466cbdf1502e4b95726a2b
269e8e8e3043bc6904f3575dd2678a0498ca096ddbd68786c7b10723752bbee7
2b8d28b8166cd5ef3aa3e5e45f6b1a1fac95ac8c71a9a4b01f4d0eff9da2a082
34b9fe92229eac946d103606d66ace416e995adc358267afbb413fc5aed28878
6c09a3f77e8a1ce36ffdf1bf0cff8aa9bb5c17616ba8f31db31d8b5946245362
6c9054b2cf960e60575ae9f87bb0f7f8489be03953228ee98216e58432809f8d
9435814471bf03c933b54190eb789c09f9b06ba1cc267bcf18627b3a7c543a52
9f9b5d296a92a66473a553b967c2a3d4888346fb2c256eb8f11b237e450ae226

fgdentalcare.com Open in urlscan Pro 23.235.213.235 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Statistics

9 Requests

0 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

3 IPs

2 Countries

104 kBTransfer

104 kBSize

0 Cookies

0 Outgoing links

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

0 Cookies

Indicators

fgdentalcare.com Open in urlscan Pro
23.235.213.235 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

0 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

104 kB
Transfer

104 kB
Size

0
Cookies

9 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!