www.theaventuradentists.com Open in urlscan Pro
162.144.127.216 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.theaventuradentists.com/wp-includes/invoice/cgi_bin1/Share/share/verificationAttempt.php?sf58gfd1s689sxd2sdf8angf264s9df...
Submission: On April 18 via automatic, source openphish (April 18th 2019, 3:16:12 pm UTC)

Summary HTTP 45 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 13 IPs in 3 countries across 12 domains to perform 45 HTTP transactions. The main IP is 162.144.127.216, located in Provo, United States and belongs to UNIFIEDLAYER-AS-1 - Unified Layer, US. The main domain is www.theaventuradentists.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on March 23rd 2019. Valid for: 3 months.

This is the only time www.theaventuradentists.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
29	162.144.127.216 162.144.127.216	46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1 - Unified Layer)
2	2a02:26f0:6c0... 2a02:26f0:6c00:283::34ef	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	209.197.3.15 209.197.3.15	20446 (HIGHWINDS3) (HIGHWINDS3 - Highwinds Network Group)
1	23.210.248.44 23.210.248.44	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
1	52.216.106.19 52.216.106.19	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	143.204.98.204 143.204.98.204	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	2a00:1450:400... 2a00:1450:4001:820::200a	15169 (GOOGLE) (GOOGLE - Google LLC)
1 2	2a00:1450:400... 2a00:1450:4001:817::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
2	2a03:2880:f01... 2a03:2880:f01c:216:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK - Facebook)
1	2a00:1450:400... 2a00:1450:4001:824::2004	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2a00:1450:400... 2a00:1450:400c:c08::9b	15169 (GOOGLE) (GOOGLE - Google LLC)
2	2a03:2880:f11... 2a03:2880:f11c:8083:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK - Facebook)
45	13

29 162.144.127.216 (Provo, United States)

ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US)
PTR: server.theaventuradentists.com

www.theaventuradentists.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:6c00:283::34ef (European Union)

ASN20940 (AKAMAI-ASN1, US)

auth.gfx.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 209.197.3.15 (Phoenix, United States)

ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US)
PTR: vip0x00f.map2.ssl.hwcdn.net

netdna.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.210.248.44 (Cambridge, United States)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a23-210-248-44.deploy.static.akamaitechnologies.com

s7.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.216.106.19 (Ashburn, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: s3-1-w.amazonaws.com

cmgmedia.s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.98.204 (Wilmington, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-143-204-98-204.fra50.r.cloudfront.net

dil34hcn6yju7.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:820::200a (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:817::200e (Ireland) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:216:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:824::2004 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c08::9b (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f11c:8083:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
29	theaventuradentists.com www.theaventuradentists.com	562 KB
2	facebook.com www.facebook.com	402 B
2	facebook.net connect.facebook.net	57 KB
2	google-analytics.com 1 redirects www.google-analytics.com	17 KB
2	bootstrapcdn.com netdna.bootstrapcdn.com maxcdn.bootstrapcdn.com	11 KB
2	gfx.ms auth.gfx.ms	293 KB
1	doubleclick.net stats.g.doubleclick.net	113 B
1	google.com www.google.com
1	googleapis.com fonts.googleapis.com Failed	612 B
1	cloudfront.net dil34hcn6yju7.cloudfront.net	3 KB
1	amazonaws.com cmgmedia.s3.amazonaws.com	21 KB
1	addthis.com s7.addthis.com	110 KB
45	12

	Domain	Requested by
29	www.theaventuradentists.com	www.theaventuradentists.com
2	www.facebook.com	www.theaventuradentists.com
2	connect.facebook.net	www.theaventuradentists.com connect.facebook.net
2	www.google-analytics.com	1 redirects www.theaventuradentists.com
2	auth.gfx.ms	www.theaventuradentists.com
1	stats.g.doubleclick.net	www.theaventuradentists.com
1	www.google.com	www.theaventuradentists.com
1	fonts.googleapis.com	www.theaventuradentists.com
1	dil34hcn6yju7.cloudfront.net	www.theaventuradentists.com
1	cmgmedia.s3.amazonaws.com	www.theaventuradentists.com
1	s7.addthis.com	www.theaventuradentists.com
1	maxcdn.bootstrapcdn.com	www.theaventuradentists.com
1	netdna.bootstrapcdn.com	www.theaventuradentists.com
45	13

This site contains links to these domains. Also see Links.

Domain
account.live.com
login.live.com

Subject Issuer	Validity	Valid
theaventuradentists.com Let's Encrypt Authority X3	`2019-03-23` - `2019-06-21`	3 months	crt.sh
msagfx.live.com Microsoft IT TLS CA 4	`2017-07-27` - `2019-07-17`	2 years	crt.sh
*.bootstrapcdn.com COMODO RSA Domain Validation Secure Server CA	`2018-10-03` - `2019-10-12`	a year	crt.sh
odc-prod-01.oracle.com DigiCert SHA2 Secure Server CA	`2019-04-01` - `2019-08-05`	4 months	crt.sh
*.cloudfront.net DigiCert Global CA G2	`2018-10-08` - `2019-10-09`	a year	crt.sh
*.googleapis.com Google Internet Authority G3	`2019-03-26` - `2019-06-18`	3 months	crt.sh
*.google-analytics.com Google Internet Authority G3	`2019-03-26` - `2019-06-18`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2019-03-08` - `2019-06-06`	3 months	crt.sh
www.google.com Google Internet Authority G3	`2019-03-26` - `2019-06-18`	3 months	crt.sh
*.g.doubleclick.net Google Internet Authority G3	`2019-03-26` - `2019-06-18`	3 months	crt.sh

This page contains 3 frames:

Primary Page: https://www.theaventuradentists.com/wp-includes/invoice/cgi_bin1/Share/share/verificationAttempt.php?sf58gfd1s689sxd2sdf8angf264s9df23sd2f1n495K3L2C151645172991f1477dbd26917ef3822423f62e984a91f1477dbd26917ef3822423f62e984a91f1477dbd
Frame ID: 145988FB7F968ADCF075C6694B86B20B
Requests: 6 HTTP requests in this frame

Frame: https://www.theaventuradentists.com/wp-includes/invoice/cgi_bin1/Share/share/files/prefetch.html
Frame ID: A7565B463778405771E2B2557D9E0B9A
Requests: 38 HTTP requests in this frame

Frame: https://www.google.com/maps/embed?pb=!1m14!1m8!1m3!1d14347.960721770447!2d-80.1440028!3d25.9683624!3m2!1i1024!2i768!4f13.1!3m3!1m2!1s0x0%3A0x9171e31456c428a5!2sThe+Aventura+Dentists!5e0!3m2!1sen!2sus!4v1470940002876
Frame ID: F2242579EBA2BE8961EE5074F1BD1788
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

45
Requests

96 %
HTTPS

58 %
IPv6

12
Domains

13
Subdomains

13
IPs

3
Countries

1076 kB
Transfer

1813 kB
Size

8
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://account.live.com/ResetPassword.aspx?wreply=https://login.live.com/login.srf%3fwa%3dwsignin1.0%26rpsnv%3d13%26ct%3d1493260925%26rver%3d6.7.6640.0%26wp%3dMBI_SSL%26wreply%3dhttps%253a%252f%252foutlook.live.com%252fowa%252f%253fnlp%253d1%26id%3d292841%26CBCXT%3dout%26fl%3dwld%26cobrandid%3d90015%26uaid%3da8d60e23f71e4b599fedbd2dd6b98946%26pid%3d0%26contextid%3d0EE9DFF844DE79AF%26bk%3d1500403644&id=292841&uiflavor=web&cobrandid=90015&uaid=a8d60e23f71e4b599fedbd2dd6b98946&mkt=EN-US&lc=1033&bk=1500403644
Title: Forgot my password

Search URL Search Domain Scan URL

URL: https://login.live.com/logout.srf?wa=wsignin1.0&rpsnv=13&ct=1493260925&rver=6.7.6640.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1&id=292841&CBCXT=out&fl=wld&cobrandid=90015&uaid=a8d60e23f71e4b599fedbd2dd6b98946&pid=0&contextid=0EE9DFF844DE79AF&ru=https://outlook.live.com/owa/%3fnlp%3d1&bk=1500403644&lm=I
Title: Sign in with a different Microsoft account

Search URL Search Domain Scan URL

URL: https://login.live.com/gls.srf?urlID=WinLiveTermsOfUse&mkt=EN-US&vv=1600
Title: Terms of Use

Search URL Search Domain Scan URL

URL: https://login.live.com/gls.srf?urlID=MSNPrivacyStatement&mkt=EN-US&vv=1600
Title: Privacy & Cookies

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 40

https://www.google-analytics.com/r/collect?v=1&_v=j73&a=393933551&t=pageview&_s=1&dl=https%3A%2F%2Fwww.theaventuradentists.com%2Fwp-includes%2Finvoice%2Fcgi_bin1%2FShare%2Fshare%2Ffiles%2Fprefetch.html&ul=en-us&de=UTF-8&dt=Page%20not%20found%20-%20The%20Aventura%20Dentists&sd=24-bit&sr=1600x1200&vp=&je=0&_u=IEBAAEAB~&jid=629969046&gjid=690949943&cid=423977671.1555600556&tid=UA-78228105-1&_gid=2034861908.1555600556&_r=1&z=641693370 HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-78228105-1&cid=423977671.1555600556&jid=629969046&_gid=2034861908.1555600556&gjid=690949943&_v=j73&z=641693370

45 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request Cookie set verificationAttempt.php Show response
www.theaventuradentists.com/wp-includes/invoice/cgi_bin1/Share/share/ 19 KB
6 KB 9494ms
8787ms Document
text/html 162.144.127.216
Unified Layer

General

Domain/Path	Expires	Name / Value
.google.com/	1970-01-19 04:30:11	Name: NID Value: 181=G_FhIKCqKS3_pxD-vO9A36lR6eU5CwRajQ-3VDCd05ISuALZ_jrofSkUn46Pr9TYewvLG5YccPkLfLTCfTN0i6eHkTj-4bn7uKUuZ_wh3mVNtlxzscajIOexKeZuDGrAcr-hgm6zyKtaXW9Z25qBWtjG4TB_QjVQZ4lulnIBtm4
.theaventuradentists.com/	1970-01-19 02:16:16	Name: _fbp Value: fb.1.1555600555649.1953302924
.theaventuradentists.com/	1970-01-19 00:06:40	Name: _gat Value: 1
.theaventuradentists.com/	1970-01-19 00:08:06	Name: _gid Value: GA1.2.2034861908.1555600556
www.theaventuradentists.com/	1970-01-19 00:06:42	Name: __atuvs Value: 5cb894abc5d8e635000
.theaventuradentists.com/	1970-01-19 17:37:52	Name: _ga Value: GA1.2.423977671.1555600556
www.theaventuradentists.com/	1970-01-19 09:36:54	Name: __atuvc Value: 1%7C16
www.theaventuradentists.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: e5ca987bca042b346c57e78f9afcfe0b

Source	Level	URL Text
console-api	log	URL: https://www.theaventuradentists.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1(Line 2) Message: JQMIGRATE: Migrate is installed, version 1.4.1
console-api	log	URL: https://dil34hcn6yju7.cloudfront.net/assets/cmgform_html_5.js(Line 1) Message: Google Analytics detected
console-api	log	URL: https://dil34hcn6yju7.cloudfront.net/assets/cmgform_html_5.js(Line 1) Message: CMGForm detected:

www.theaventuradentists.com Open in urlscan Pro 162.144.127.216 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

45 Requests

96 %HTTPS

58 %IPv6

12 Domains

13 Subdomains

13 IPs

3 Countries

1076 kBTransfer

1813 kBSize

8 Cookies

4 Outgoing links

Redirected requests

45 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.theaventuradentists.com Open in urlscan Pro
162.144.127.216 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

45
Requests

96 %
HTTPS

58 %
IPv6

12
Domains

13
Subdomains

13
IPs

3
Countries

1076 kB
Transfer

1813 kB
Size

8
Cookies

45 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!