baysidemedicalgroup.net
Open in
urlscan Pro
173.246.36.221
Malicious Activity!
Public Scan
Submitted URL: http://longridge.org.au/well-known/
Effective URL: https://baysidemedicalgroup.net//roller/ent.server/signn?sslchannel=true&sessionid=uSmAFPSeZ6RAWAEBbv9Kp59v3iyUwjqmTG9rj9EiqoAcf...
Submission: On March 09 via api from JP — Scanned from AU
Effective URL: https://baysidemedicalgroup.net//roller/ent.server/signn?sslchannel=true&sessionid=uSmAFPSeZ6RAWAEBbv9Kp59v3iyUwjqmTG9rj9EiqoAcf...
Submission: On March 09 via api from JP — Scanned from AU
Summary
This website contacted 7 IPs
in 3 countries
across 5 domains to perform 15 HTTP transactions.
The main IP is 173.246.36.221, located in
Fort Lauderdale, United States and
belongs to BIZNESSHOSTING-DBA-VOLICO, US.
The main domain is baysidemedicalgroup.net.
TLS certificate: Issued by R3 on January 14th 2023. Valid for: 3 months.
This is the only time baysidemedicalgroup.net was scanned on urlscan.io!
TLS certificate: Issued by R3 on January 14th 2023. Valid for: 3 months.
This is the only time baysidemedicalgroup.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Ent Credit Union (Financial)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 | 223.27.24.1 223.27.24.1 | 55803 (HOSTOPIA-...) (HOSTOPIA-AU Hostopia Australia Web Pty Ltd) | |
| 1 7 | 173.246.36.221 173.246.36.221 | 33724 (BIZNESSHO...) (BIZNESSHOSTING-DBA-VOLICO) | |
| 1 | 42.99.140.146 42.99.140.146 | () () | |
| 2 | 104.17.24.14 104.17.24.14 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 1 | 18.154.206.57 18.154.206.57 | () () | |
| 1 | 42.99.140.161 42.99.140.161 | () () | |
| 15 | 7 |
1
223.27.24.1
(Australia)
ASN55803 (HOSTOPIA-AU Hostopia Australia Web Pty Ltd, AU)
PTR: s1.idealpracticehosting.com
ASN55803 (HOSTOPIA-AU Hostopia Australia Web Pty Ltd, AU)
PTR: s1.idealpracticehosting.com
| longridge.org.au |
7
173.246.36.221
(Fort Lauderdale, United States)
ASN33724 (BIZNESSHOSTING-DBA-VOLICO, US)
ASN33724 (BIZNESSHOSTING-DBA-VOLICO, US)
| baysidemedicalgroup.net |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 7 |
baysidemedicalgroup.net
1 redirects
baysidemedicalgroup.net |
72 KB |
| 2 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 196 |
82 KB |
| 2 |
typekit.net
use.typekit.net p.typekit.net |
2 KB |
| 1 |
salemove.com
libs.salemove.com |
114 KB |
| 1 |
longridge.org.au
longridge.org.au |
1 KB |
| 15 | 5 |
| Domain | Requested by | |
|---|---|---|
| 7 | baysidemedicalgroup.net |
1 redirects
longridge.org.au
baysidemedicalgroup.net |
| 2 | cdnjs.cloudflare.com |
baysidemedicalgroup.net
cdnjs.cloudflare.com |
| 1 | p.typekit.net |
use.typekit.net
|
| 1 | libs.salemove.com |
baysidemedicalgroup.net
|
| 1 | use.typekit.net |
baysidemedicalgroup.net
use.typekit.net |
| 1 | longridge.org.au | |
| 15 | 6 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| www.ent.com |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| baysidemedicalgroup.net R3 |
2023-01-14 - 2023-04-14 |
3 months | crt.sh |
| use.typekit.net DigiCert TLS Hybrid ECC SHA384 2020 CA1 |
2022-09-14 - 2023-10-15 |
a year | crt.sh |
| sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-08-03 - 2023-08-02 |
a year | crt.sh |
| *.glia.com Amazon RSA 2048 M02 |
2023-02-24 - 2023-08-16 |
6 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://baysidemedicalgroup.net//roller/ent.server/signn?sslchannel=true&sessionid=uSmAFPSeZ6RAWAEBbv9Kp59v3iyUwjqmTG9rj9EiqoAcf5y4B4ooN1M6vIqTYK1y5YtMM9kLchQyExTStvYZ9NiID0m4v9lnzH5B7XW9mpnl7677b8A9j4prIJQ7ZRO3ClfruMW9WhRiTZ4PPcV4KT
Frame ID: CD880547FF12AC063815818590E12E35
Requests: 18 HTTP requests in this frame
Screenshot
Page Title
Log In | Ent Online BankingPage URL History Show full URLs
- http://longridge.org.au/well-known/ Page URL
-
https://baysidemedicalgroup.net//roller/ent.server/index.php
HTTP 302
https://baysidemedicalgroup.net//roller/ent.server/signn?sslchannel=true&sessionid=uSmAFPSeZ6RAWAEBbv9Kp59v3... Page URL
Detected technologies
Font Awesome
(Font Scripts)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Typekit
(Font Scripts)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- <link [^>]*href="[^"]+use\.typekit\.(?:net|com)
Page Statistics
2 Outgoing links
These are links going to different origins than the main page.
URL: https://www.ent.com/Privacy
Title: Privacy Policy
Title: Privacy Policy
Search URL Search Domain Scan URL
URL: https://www.ent.com/Legal
Title: Important Account Information
Title: Important Account Information
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://longridge.org.au/well-known/ Page URL
-
https://baysidemedicalgroup.net//roller/ent.server/index.php
HTTP 302
https://baysidemedicalgroup.net//roller/ent.server/signn?sslchannel=true&sessionid=uSmAFPSeZ6RAWAEBbv9Kp59v3iyUwjqmTG9rj9EiqoAcf5y4B4ooN1M6vIqTYK1y5YtMM9kLchQyExTStvYZ9NiID0m4v9lnzH5B7XW9mpnl7677b8A9j4prIJQ7ZRO3ClfruMW9WhRiTZ4PPcV4KT Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
15 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
/
longridge.org.au/well-known/ |
966 B 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Primary Request
signn
baysidemedicalgroup.net//roller/ent.server/ Redirect Chain
|
22 KB 11 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
bjh0ewy.css
use.typekit.net/ |
13 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
vendor.36ec3a08.css
baysidemedicalgroup.net//roller/ent.server/assets/csps/ |
216 KB 33 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
main.1e398acc.css
baysidemedicalgroup.net//roller/ent.server/assets/csps/ |
222 KB 10 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
styles.css
baysidemedicalgroup.net//roller/ent.server/assets/csps/ |
22 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
font-awesome.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/ |
37 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
visitor-app.80743354.default.css
libs.salemove.com/ |
315 KB 114 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
ncua.c8630dbf.png
baysidemedicalgroup.net//roller/ent.server/assets/csps/ |
12 KB 12 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
929 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
5 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
d8f10800a50e29d08462edd9163a6d18.svg
baysidemedicalgroup.net//roller/ent.server/assets/csps/ |
1 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
fontawesome-webfont.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/ |
75 KB 76 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
p.css
p.typekit.net/ |
5 B 195 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
l
use.typekit.net/af/bcdde2/00000000000000003b9af1d8/27/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
l
use.typekit.net/af/ab749c/00000000000000003b9af1da/27/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
l
use.typekit.net/af/8db0ad/00000000000000003b9af1df/27/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- use.typekit.net
- URL
- https://use.typekit.net/af/bcdde2/00000000000000003b9af1d8/27/l?primer=f592e0a4b9356877842506ce344308576437e4f677d7c9b78ca2162e6cad991a&fvd=n4&v=3
- Domain
- use.typekit.net
- URL
- https://use.typekit.net/af/ab749c/00000000000000003b9af1da/27/l?primer=f592e0a4b9356877842506ce344308576437e4f677d7c9b78ca2162e6cad991a&fvd=n5&v=3
- Domain
- use.typekit.net
- URL
- https://use.typekit.net/af/8db0ad/00000000000000003b9af1df/27/l?primer=f592e0a4b9356877842506ce344308576437e4f677d7c9b78ca2162e6cad991a&fvd=n7&v=3
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Ent Credit Union (Financial)1 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| baysidemedicalgroup.net/ | Name: PHPSESSID Value: 57coiksdidllvmpqahffsa6ajc |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
baysidemedicalgroup.net
cdnjs.cloudflare.com
libs.salemove.com
longridge.org.au
p.typekit.net
use.typekit.net
use.typekit.net
104.17.24.14
173.246.36.221
18.154.206.57
223.27.24.1
42.99.140.146
42.99.140.161
113f3ca91167899853f4fdbfeeed9be755c0857dd0dfad477e3f91c035baea49
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb
36e0a7e08bee65774168528938072c536437669c1b7458ac77976ec788e4439c
3f353e7e704bf80cb6885128c1f4759e45f632a9decfc06601aa3f1c67c8a5b3
49e4c2df0872212afbc62f24a369e2941204653e0cf6a7f9068fce3aa10e29c9
560fd3e537cc4bb9f6ba03c8ae68778d6217b037db1be9b82a50440a602b7725
5c822ac42a3c4b5e4480190640a6cb38a3de93da836ceb9a5f7ab5d3ac02de51
82d4f89fd20948bdbc3ae9cb44053f82598a3e5da670b9e0efb8d54429bd0bb0
8cde9f9f2f7ffc277e35dd423f57e8f10a2deba6b5ab2039e3bf4ae8654cb682
9c65597dd6ac95c51d315bb74f54942f1039812505b8adf0e3ef263f9d839275
b7dae6bd9ece0e8a99328534cb45e49db075d93c65d49dec10ecd8d3f397aa5c
bb86f86818edf9a28a68b1bb9e948fbab277079dc54728b6ead04f1aa2f790f8
d792afdac7f7ae5de7c6964950c6c61dc6e3f3813180a59e141c7cb4ac4364dc
dfe5ad62a6a746e2d8693eb319717057d5ad1db070940bde96c8530161487492
ffa3d117eb98457a5f7a7c07bf5397ef2d42d95ae0f82b01fa08f3b99814bda6