pp-clinic.com Open in urlscan Pro
103.30.127.67 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://pp-clinic.com/wp-content/themes/blockio/languages/colors/bin/css/index.html
Submission Tags: 7765712
Submission: On September 14 via api (September 14th 2022, 5:00:44 pm UTC) from NL — Scanned from NL

Summary HTTP 56 Redirects Links 27 Behaviour Indicators

Summary

This website contacted 8 IPs in 5 countries across 7 domains to perform 56 HTTP transactions. The main IP is 103.30.127.67, located in Thailand and belongs to METRABYTE-TH 453 Ladplacout Jorakhaebua, TH. The main domain is pp-clinic.com.
TLS certificate: Issued by R3 on July 17th 2022. Valid for: 3 months.

This is the only time pp-clinic.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Tracking (Transportation)

Domain & IP information

	IP Address	AS Autonomous System
41	103.30.127.67 103.30.127.67	56067 (METRABYTE...) (METRABYTE-TH 453 Ladplacout Jorakhaebua)
1	2a00:1450:400... 2a00:1450:4001:82a::200a	15169 (GOOGLE) (GOOGLE)
6	54.216.252.255 54.216.252.255	16509 (AMAZON-02) (AMAZON-02)
2	2a03:2880:f00... 2a03:2880:f007:8:face:b00c:0:1	32934 (FACEBOOK) (FACEBOOK)
1	18.66.147.113 18.66.147.113	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:831::2003	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f10... 2a03:2880:f107:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
56	8

41 103.30.127.67 (Thailand)

ASN56067 (METRABYTE-TH 453 Ladplacout Jorakhaebua, TH)
PTR: bandroza.co.uk

pp-clinic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 54.216.252.255 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-216-252-255.eu-west-1.compute.amazonaws.com

in.taskanalytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f007:8:face:b00c:0:1 (Vienna, Austria)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.147.113 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-147-113.fra60.r.cloudfront.net

vars.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f107:83:face:b00c:0:25de (Vienna, Austria)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
41	pp-clinic.com pp-clinic.com	304 KB
6	taskanalytics.com in.taskanalytics.com
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 111	388 B
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 208	112 KB
1	gstatic.com www.gstatic.com	2 KB
1	hotjar.com vars.hotjar.com — Cisco Umbrella Rank: 1247
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 120	1011 B
56	7

	Domain	Requested by
41	pp-clinic.com	pp-clinic.com
6	in.taskanalytics.com	pp-clinic.com
2	www.facebook.com	pp-clinic.com
2	connect.facebook.net	pp-clinic.com connect.facebook.net
1	www.gstatic.com	pp-clinic.com
1	vars.hotjar.com	pp-clinic.com
1	fonts.googleapis.com	pp-clinic.com
56	7

This site contains links to these domains. Also see Links.

Domain
maicico.com
id.posten.no
adressesok.posten.no
online.citypaq.es

Subject Issuer	Validity	Valid
pp-clinic.com R3	`2022-07-17` - `2022-10-15`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-08-22` - `2022-11-14`	3 months	crt.sh
in.taskanalytics.com R3	`2022-09-05` - `2022-12-04`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-06-24` - `2022-09-22`	3 months	crt.sh
*.hotjar.com Amazon	`2021-11-25` - `2022-12-23`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2022-08-29` - `2022-11-21`	3 months	crt.sh

This page contains 23 frames:

Primary Page: https://pp-clinic.com/wp-content/themes/blockio/languages/colors/bin/css/index.html
Frame ID: DF2733F64381875278836DC6F992C1A2
Requests: 34 HTTP requests in this frame

Frame: https://pp-clinic.com/wp-content/themes/blockio/languages/colors/bin/css/cc_fichiers/activityi.htm
Frame ID: 96C811BDBA6F19BC468136AB9946C149
Requests: 1 HTTP requests in this frame

Frame: https://pp-clinic.com/wp-content/themes/blockio/languages/colors/bin/css/cc_fichiers/activityi_data/src8260928.htm
Frame ID: 294D48B4184A8057F3E0B558314E7049
Requests: 1 HTTP requests in this frame

Frame: https://pp-clinic.com/wp-content/themes/blockio/languages/colors/bin/css/cc_fichiers/activityi_003.htm
Frame ID: 9B006A861900EE08F3BF8F03377E414D
Requests: 1 HTTP requests in this frame

Frame: https://pp-clinic.com/wp-content/themes/blockio/languages/colors/bin/css/cc_fichiers/activityi_004.htm
Frame ID: EDA81D1E1C5AD4B8AED7C5CFBBCAC0FC
Requests: 1 HTTP requests in this frame

Frame: https://pp-clinic.com/wp-content/themes/blockio/languages/colors/bin/css/cc_fichiers/activityi_005.htm
Frame ID: A55F9E484E345BC6AAF6332D413A49FF
Requests: 1 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-XMRheight:%201px%20!important;%20opacity:%200%20!important;%20pointer-events:%20none%20!important;
Frame ID: E6F39030A45BC13AFC982C41435B8A31
Requests: 1 HTTP requests in this frame

Frame: https://pp-clinic.com/wp-content/themes/blockio/languages/colors/bin/css/cc_fichiers/activityi_006.htm
Frame ID: E5CC7DA000B1ED8532C962C4AD912322
Requests: 1 HTTP requests in this frame

Frame: https://pp-clinic.com/wp-content/themes/blockio/languages/colors/bin/css/cc_fichiers/activityi_007.htm
Frame ID: 3B2EF6244BBAFA61DBFE73BB869264EA
Requests: 1 HTTP requests in this frame

Frame: https://pp-clinic.com/wp-content/themes/blockio/languages/colors/bin/css/cc_fichiers/activityi_008.htm
Frame ID: 71CFAEE68E607467491D8BCDE48C8F4B
Requests: 1 HTTP requests in this frame

Frame: https://pp-clinic.com/wp-content/themes/blockio/languages/colors/bin/css/cc_fichiers/activityi_data/src8260928_data/src8260928.htm
Frame ID: 9E83A18A796866DF7990AD95F0356193
Requests: 1 HTTP requests in this frame

Frame: https://pp-clinic.com/wp-content/themes/blockio/languages/colors/bin/css/cc_fichiers/activityi_data_003/src8260928.htm
Frame ID: F7914AA972F1A900D1C340BD9D2B7049
Requests: 1 HTTP requests in this frame

Frame: https://pp-clinic.com/wp-content/themes/blockio/languages/colors/bin/css/cc_fichiers/activityi_data_006/src8260928.htm
Frame ID: 9A04BAADCD5B113DE71AFA6876857837
Requests: 1 HTTP requests in this frame

Frame: https://pp-clinic.com/wp-content/themes/blockio/languages/colors/bin/css/cc_fichiers/activityi_data_004/src8260928.htm
Frame ID: 12AEFB92573F7378912F9BCAD65ECB51
Requests: 1 HTTP requests in this frame

Frame: https://pp-clinic.com/wp-content/themes/blockio/languages/colors/bin/css/cc_fichiers/activityi_data_005/src8260928.htm
Frame ID: C0703C41181D495C15598F986DAE5525
Requests: 1 HTTP requests in this frame

Frame: https://pp-clinic.com/wp-content/themes/blockio/languages/colors/bin/css/cc_fichiers/activityi_data_007/src8260928.htm
Frame ID: B85C85DD85CA30963E0C4C7F20184D45
Requests: 1 HTTP requests in this frame

Frame: https://pp-clinic.com/wp-content/themes/blockio/languages/colors/bin/css/cc_fichiers/activityi_data_008/src8260928.htm
Frame ID: 346D4B30C245A425E72655D271E1C629
Requests: 1 HTTP requests in this frame

Frame: https://pp-clinic.com/wp-content/themes/blockio/languages/colors/bin/css/cc_fichiers/activityi_data_005/src8260928_data/src8260928.htm
Frame ID: F35AE82B819DBADD6B77A403CC4880FD
Requests: 1 HTTP requests in this frame

Frame: https://pp-clinic.com/wp-content/themes/blockio/languages/colors/bin/css/cc_fichiers/activityi_data_003/src8260928_data/src8260928.htm
Frame ID: 82DCC813AEEC1282F01681EF3825CDB1
Requests: 1 HTTP requests in this frame

Frame: https://pp-clinic.com/wp-content/themes/blockio/languages/colors/bin/css/cc_fichiers/activityi_data_004/src8260928_data/src8260928.htm
Frame ID: 80730C858E3984A0B00798604E3A9A6C
Requests: 1 HTTP requests in this frame

Frame: https://pp-clinic.com/wp-content/themes/blockio/languages/colors/bin/css/cc_fichiers/activityi_data_006/src8260928_data/src8260928.htm
Frame ID: 135195552AFBD9189B0B0A14915C3189
Requests: 1 HTTP requests in this frame

Frame: https://pp-clinic.com/wp-content/themes/blockio/languages/colors/bin/css/cc_fichiers/activityi_data_008/src8260928_data/src8260928.htm
Frame ID: A47893E4786289E99B53C5FA2832E335
Requests: 1 HTTP requests in this frame

Frame: https://pp-clinic.com/wp-content/themes/blockio/languages/colors/bin/css/cc_fichiers/activityi_data_007/src8260928_data/src8260928.htm
Frame ID: 00361B4CDD16C58557B5BDE19751C0B3
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Gebühren bezahlen - Schweizer PostSucheMeine Seite

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Page Statistics

56
Requests

96 %
HTTPS

57 %
IPv6

7
Domains

7
Subdomains

8
IPs

5
Countries

420 kB
Transfer

1242 kB
Size

1
Cookies

27 Outgoing links

These are links going to different origins than the main page.

URL: https://maicico.com/

Search URL Search Domain Scan URL

URL: https://id.posten.no/minside

Search URL Search Domain Scan URL

URL: https://adressesok.posten.no/
Title: Search for addresses, zip codes and people

Search URL Search Domain Scan URL

URL: https://maicico.com/kart
Title: Opening hours and red mailboxes

Search URL Search Domain Scan URL

URL: https://maicico.com/frimerker-til-samling
Title: Stamps for collection

Search URL Search Domain Scan URL

URL: https://maicico.com/nettbutikker
Title: Buy signs and mailboxes in the online store

Search URL Search Domain Scan URL

URL: https://maicico.com/sende
Title: Send letters and packages in Norway

Search URL Search Domain Scan URL

URL: https://maicico.com/sende/pakke/utland
Title: Send letters and packages abroad

Search URL Search Domain Scan URL

URL: https://maicico.com/sende/retur
Title: Return

Search URL Search Domain Scan URL

URL: https://maicico.com/sende/klargjoring
Title: Addressing and packaging

Search URL Search Domain Scan URL

URL: https://maicico.com/fortolling/sende-til-utlandet
Title: Customs clearance when sending

Search URL Search Domain Scan URL

URL: https://maicico.com/sende/brev/frimerker-og-porto
Title: Stamps and postage

Search URL Search Domain Scan URL

URL: https://maicico.com/motta/hente-selv
Title: Pick up yourself

Search URL Search Domain Scan URL

URL: https://maicico.com/motta/hjemlevering
Title: Home delivery

Search URL Search Domain Scan URL

URL: https://maicico.com/fortolling/motta-fra-utlandet
Title: Customs clearance when you receive

Search URL Search Domain Scan URL

URL: https://maicico.com/motta/hjemlevering/postkasse
Title: All about mailboxes

Search URL Search Domain Scan URL

URL: https://maicico.com/motta/hente-selv/postboks
Title: Rent mailbox

Search URL Search Domain Scan URL

URL: https://maicico.com/adressetjenester/adresseendring
Title: Move and change address

Search URL Search Domain Scan URL

URL: https://maicico.com/adressetjenester/midlertidig-ettersending
Title: Forward mail temporarily

Search URL Search Domain Scan URL

URL: https://maicico.com/adressetjenester/oppbevaring-av-post
Title: Storage of mail

Search URL Search Domain Scan URL

URL: https://maicico.com/kundeservice
Title: Customer service

Search URL Search Domain Scan URL

URL: https://maicico.com/kundeservice/klager-og-reklamasjon
Title: Complaints and complaints

Search URL Search Domain Scan URL

URL: https://maicico.com/kundeservice/postens-chatbot
Title: Chat with us

Search URL Search Domain Scan URL

URL: https://maicico.com/sporing-kundeservice
Title: Tracking assistance

Search URL Search Domain Scan URL

URL: https://maicico.com/fortolling
Title: Toll

Search URL Search Domain Scan URL

URL: https://online.citypaq.es/pages/registro.xhtml
Title: Ir a CityPaq

Search URL Search Domain Scan URL

URL: https://maicico.com/page/condiciones-generales
Title: Condiciones de Venta

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

56 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request index.html Show response
pp-clinic.com/wp-content/themes/blockio/languages/colors/bin/css/ 208 KB
55 KB 804ms
395ms Document
text/html 103.30.127.67
METRABYTE-TH 453 ...

General

Source	Level	URL Text
rendering	error	URL: https://pp-clinic.com/wp-content/themes/blockio/languages/colors/bin/css/index.html?(Line 460) Message: Error: <path> attribute d: Expected number, "….5 12.9-8.8 12.9zM172.2 49.2c-4.…".
rendering	error	URL: https://pp-clinic.com/wp-content/themes/blockio/languages/colors/bin/css/index.html?(Line 4009) Message: Error: <path> attribute d: Expected number, "…13.6 304c-28.7 0-XMR.5 0 XMR14.6…".
rendering	error	URL: https://pp-clinic.com/wp-content/themes/blockio/languages/colors/bin/css/index.html?(Line 4446) Message: Error: <path> attribute d: Expected number, "…3.8 0zm162-22.9l-XMR8 13.8 0l35.…".
rendering	error	URL: https://pp-clinic.com/wp-content/themes/blockio/languages/colors/bin/css/index.html?(Line 4833) Message: Error: <path> attribute d: Expected number, "M156.5,XMR.6,272H8.5 c1…".
rendering	error	URL: https://pp-clinic.com/wp-content/themes/blockio/languages/colors/bin/css/index.html?(Line 4833) Message: Error: <path> attribute d: Expected number, "…-107.8c0-20-17.8-XMR.6-17.2c21.2…".
rendering	error	URL: https://pp-clinic.com/wp-content/themes/blockio/languages/colors/bin/css/index.html?(Line 4890) Message: Error: <path> attribute d: Expected number, "…64h-64v64c0 52.9-XMR 64-28.7 64-…".
network	error	URL: https://in.taskanalytics.com/00012/tm.js?r=&1663174824796 Message: Failed to load resource: the server responded with a status of 403 (Forbidden)
network	error	URL: https://in.taskanalytics.com/00012/tm.js?r=&1663174824798 Message: Failed to load resource: the server responded with a status of 403 (Forbidden)
network	error	URL: https://in.taskanalytics.com/00012/tm.js?r=&1663174824804 Message: Failed to load resource: the server responded with a status of 403 (Forbidden)
network	error	URL: https://in.taskanalytics.com/00012/tm.js?r=&1663174824801 Message: Failed to load resource: the server responded with a status of 403 (Forbidden)
network	error	URL: https://in.taskanalytics.com/00012/tm.js?r=&1663174824803 Message: Failed to load resource: the server responded with a status of 403 (Forbidden)
network	error	URL: https://in.taskanalytics.com/00012/tm.js?r=&1663174824805 Message: Failed to load resource: the server responded with a status of 403 (Forbidden)
network	error	URL: https://vars.hotjar.com/box-XMRheight:%201px%20!important;%20opacity:%200%20!important;%20pointer-events:%20none%20!important; Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://vars.hotjar.com/box-XMRheight:%201px%20!important;%20opacity:%200%20!important;%20pointer-events:%20none%20!important; Message: Failed to load resource: net::ERR_CONTENT_DECODING_FAILED
network	error	URL: https://pp-clinic.com/wp-content/themes/blockio/languages/colors/bin/css/cc_fichiers/modules.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://pp-clinic.com/wp-content/themes/blockio/languages/colors/bin/css/cc_fichiers/fonts/PostenSans-Regular.woff2 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://pp-clinic.com/wp-content/themes/blockio/languages/colors/bin/css/cc_fichiers/fonts/PostenSans-Medium.woff2 Message: Failed to load resource: the server responded with a status of 404 ()

pp-clinic.com Open in urlscan Pro 103.30.127.67 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

56 Requests

96 %HTTPS

57 %IPv6

7 Domains

7 Subdomains

8 IPs

5 Countries

420 kBTransfer

1242 kBSize

1 Cookies

27 Outgoing links

Redirected requests

56 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

pp-clinic.com Open in urlscan Pro
103.30.127.67 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

56
Requests

96 %
HTTPS

57 %
IPv6

7
Domains

7
Subdomains

8
IPs

5
Countries

420 kB
Transfer

1242 kB
Size

1
Cookies

56 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!