securehealthsnews.com
Open in
urlscan Pro
2606:4700:3031::681b:8512
Malicious Activity!
Public Scan
Submitted URL: http://mengig.com/VeGiX6Y
Effective URL: https://securehealthsnews.com/Pain123/Harvest.html?cep=h7u_QVNCgbt8WDe5uebB9RoH2AjTJhfsF-WBFYbzvmdXsT0Ko5LwqyF8BsUZ2MHNthyauDW...
Submission: On May 18 via manual from US
Effective URL: https://securehealthsnews.com/Pain123/Harvest.html?cep=h7u_QVNCgbt8WDe5uebB9RoH2AjTJhfsF-WBFYbzvmdXsT0Ko5LwqyF8BsUZ2MHNthyauDW...
Submission: On May 18 via manual from US
Summary
This website contacted 5 IPs
in 3 countries
across 9 domains to perform 27 HTTP transactions.
The main IP is 2606:4700:3031::681b:8512, located in
United States and
belongs to CLOUDFLARENET, US.
The main domain is securehealthsnews.com.
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on December 4th 2019. Valid for: 10 months.
This is the only time securehealthsnews.com was scanned on urlscan.io!
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on December 4th 2019. Valid for: 10 months.
This is the only time securehealthsnews.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Weightloss Scam (Online)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 1 | 104.244.75.32 104.244.75.32 | 53667 (PONYNET) (PONYNET) | |
| 1 1 | 52.59.185.192 52.59.185.192 | 16509 (AMAZON-02) (AMAZON-02) | |
| 1 1 | 18.202.12.61 18.202.12.61 | 16509 (AMAZON-02) (AMAZON-02) | |
| 1 1 | 52.29.223.183 52.29.223.183 | 16509 (AMAZON-02) (AMAZON-02) | |
| 19 | 2606:4700:303... 2606:4700:3031::681b:8512 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 3 | 2606:4700::68... 2606:4700::6810:85e5 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 3 | 2606:4700:303... 2606:4700:3036::681f:43df | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 1 | 212.1.210.90 212.1.210.90 | 47583 (AS-HOSTINGER) (AS-HOSTINGER) | |
| 1 | 104.27.191.126 104.27.191.126 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 27 | 5 |
1
52.59.185.192
(Frankfurt am Main, Germany)
ASN16509 (AMAZON-02, US)
PTR: ec2-52-59-185-192.eu-central-1.compute.amazonaws.com
ASN16509 (AMAZON-02, US)
PTR: ec2-52-59-185-192.eu-central-1.compute.amazonaws.com
| hendoween-novirus.icu |
1
18.202.12.61
(Dublin, Ireland)
ASN16509 (AMAZON-02, US)
PTR: ec2-18-202-12-61.eu-west-1.compute.amazonaws.com
ASN16509 (AMAZON-02, US)
PTR: ec2-18-202-12-61.eu-west-1.compute.amazonaws.com
| saucecash.go2cloud.org |
1
52.29.223.183
(Frankfurt am Main, Germany)
ASN16509 (AMAZON-02, US)
PTR: ec2-52-29-223-183.eu-central-1.compute.amazonaws.com
ASN16509 (AMAZON-02, US)
PTR: ec2-52-29-223-183.eu-central-1.compute.amazonaws.com
| bottage-vegicate.icu |
1
212.1.210.90
(United States)
ASN47583 (AS-HOSTINGER, LT)
PTR: cpl81.hosting24.com
ASN47583 (AS-HOSTINGER, LT)
PTR: cpl81.hosting24.com
| onedaytorunlive.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 19 |
securehealthsnews.com
securehealthsnews.com |
1 MB |
| 3 |
fcdn.info
cdn-dt.fcdn.info |
16 KB |
| 3 |
cloudflare.com
cdnjs.cloudflare.com |
36 KB |
| 1 |
swpush.com
app.swpush.com |
780 B |
| 1 |
onedaytorunlive.com
onedaytorunlive.com |
|
| 1 |
bottage-vegicate.icu
1 redirects
bottage-vegicate.icu |
2 KB |
| 1 |
go2cloud.org
1 redirects
saucecash.go2cloud.org |
2 KB |
| 1 |
hendoween-novirus.icu
1 redirects
hendoween-novirus.icu |
924 B |
| 1 |
mengig.com
1 redirects
mengig.com |
333 B |
| 27 | 9 |
| Domain | Requested by | |
|---|---|---|
| 19 | securehealthsnews.com |
securehealthsnews.com
|
| 3 | cdn-dt.fcdn.info |
securehealthsnews.com
cdn-dt.fcdn.info |
| 3 | cdnjs.cloudflare.com |
securehealthsnews.com
|
| 1 | app.swpush.com |
cdn-dt.fcdn.info
|
| 1 | onedaytorunlive.com |
securehealthsnews.com
|
| 1 | bottage-vegicate.icu | 1 redirects |
| 1 | saucecash.go2cloud.org | 1 redirects |
| 1 | hendoween-novirus.icu | 1 redirects |
| 1 | mengig.com | 1 redirects |
| 27 | 9 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| bottage-vegicate.icu |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| sni.cloudflaressl.com CloudFlare Inc ECC CA-2 |
2019-12-04 - 2020-10-09 |
10 months | crt.sh |
| cloudflare.com CloudFlare Inc ECC CA-2 |
2020-01-07 - 2020-10-09 |
9 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://securehealthsnews.com/Pain123/Harvest.html?cep=h7u_QVNCgbt8WDe5uebB9RoH2AjTJhfsF-WBFYbzvmdXsT0Ko5LwqyF8BsUZ2MHNthyauDWgzr3BuYUwa023YHTQGCgnDx3dr5rd-6MVYzcSzKuw2TxzsV8nY6Qgc0K5uqdyJTFQNpwb6AYkQm5Wc1k67mEk0lAHchw6csO1idBGHszvppyt8LD8DEniFL8LNIAf3ZaJHAtTTTAdaCq-5VXvVmaYLzscb32NWqfB7xB0SkpqtJQPSftbxMpL7ku2W0ladBq3FZa5oUtsAQ6WioX_IOPWV8q9rCAyTdk4yGuWQfuyNp2tsF5kZxwuwXFfijENDAcMF_Jbm1UKuizqF9sXXalqezKM-nzBwE4P_uKp9XTin76LcYGzZx8IWqzO6eYRnYvn-b4b3CF6rQ1VHAHCuYvfUNCSkaw4BtXIUoU&lptoken=150189a7843a28bb3056&affiliate_id=1019&transaction_id=1021abe450f72e8cb5c61d9ffd5f19&amount=
Frame ID: 60AA5E86EFEAF2642A251D1685B66554
Requests: 27 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://mengig.com/VeGiX6Y
HTTP 302
https://hendoween-novirus.icu/e7bb4e00-e7aa-4e5c-a2c4-b562ba8e11c3?affiliate_id=1019&aff_sub1=20200518&aff... HTTP 302
http://saucecash.go2cloud.org/aff_c?offer_id=63&aff_id=1019&aff_click_id=w1hkkvo33m81e65vh8rp6od8&aff_sub=... HTTP 302
http://bottage-vegicate.icu/ff4a0922-b1fc-4f79-be5a-daa3feeaf2e0?affiliate_id=1019&transaction_id=1021ab... HTTP 302
https://securehealthsnews.com/Pain123/Harvest.html?cep=h7u_QVNCgbt8WDe5uebB9RoH2AjTJhfsF-WBFYbzvmdXsT0Ko5L... Page URL
Detected technologies
CloudFlare
(CDN)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- headers server /^cloudflare$/i
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
URL: http://bottage-vegicate.icu/click
Title:
Title:
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://mengig.com/VeGiX6Y
HTTP 302
https://hendoween-novirus.icu/e7bb4e00-e7aa-4e5c-a2c4-b562ba8e11c3?affiliate_id=1019&aff_sub1=20200518&aff_sub3=&aff_sub4=782& HTTP 302
http://saucecash.go2cloud.org/aff_c?offer_id=63&aff_id=1019&aff_click_id=w1hkkvo33m81e65vh8rp6od8&aff_sub=20200518&aff_sub2=&aff_sub3=&aff_sub4=782&aff_sub5= HTTP 302
http://bottage-vegicate.icu/ff4a0922-b1fc-4f79-be5a-daa3feeaf2e0?affiliate_id=1019&transaction_id=1021abe450f72e8cb5c61d9ffd5f19&amount= HTTP 302
https://securehealthsnews.com/Pain123/Harvest.html?cep=h7u_QVNCgbt8WDe5uebB9RoH2AjTJhfsF-WBFYbzvmdXsT0Ko5LwqyF8BsUZ2MHNthyauDWgzr3BuYUwa023YHTQGCgnDx3dr5rd-6MVYzcSzKuw2TxzsV8nY6Qgc0K5uqdyJTFQNpwb6AYkQm5Wc1k67mEk0lAHchw6csO1idBGHszvppyt8LD8DEniFL8LNIAf3ZaJHAtTTTAdaCq-5VXvVmaYLzscb32NWqfB7xB0SkpqtJQPSftbxMpL7ku2W0ladBq3FZa5oUtsAQ6WioX_IOPWV8q9rCAyTdk4yGuWQfuyNp2tsF5kZxwuwXFfijENDAcMF_Jbm1UKuizqF9sXXalqezKM-nzBwE4P_uKp9XTin76LcYGzZx8IWqzO6eYRnYvn-b4b3CF6rQ1VHAHCuYvfUNCSkaw4BtXIUoU&lptoken=150189a7843a28bb3056&affiliate_id=1019&transaction_id=1021abe450f72e8cb5c61d9ffd5f19&amount= Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
27 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
Primary Request
Harvest.html
securehealthsnews.com/Pain123/ Redirect Chain
|
26 KB 8 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
styles.css
securehealthsnews.com/Pain123/css/ |
19 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/1.11.1/ |
94 KB 32 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery.knob.min.js
cdnjs.cloudflare.com/ajax/libs/jQuery-Knob/1.2.11/ |
11 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery.ba-throttle-debounce.min.js
cdnjs.cloudflare.com/ajax/libs/jquery-throttle-debounce/1.1/ |
731 B 541 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
swpush.min.js
cdn-dt.fcdn.info/ |
13 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery.classycountdown.js
securehealthsnews.com/Pain123/js/ |
33 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
philoz.jpg
securehealthsnews.com/Pain123/images/ |
354 KB 354 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
1311c4b250ddf499f21d1f912991c2f3.jpg
securehealthsnews.com/Pain123/images/ |
101 KB 101 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
CBD-Oil-Testimonial-for-My-Panic-Attack-and-Social-Anxiety-2.jpg
securehealthsnews.com/Pain123/images/ |
12 KB 13 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
HappyHACCMan.jpg
securehealthsnews.com/Pain123/images/ |
11 KB 11 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
sam-elliott-e1557189275471.jpg
securehealthsnews.com/Pain123/images/ |
24 KB 24 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
694940094001_5850457368001_5850420935001-vs.jpg
securehealthsnews.com/Pain123/images/ |
64 KB 64 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
image-resizer.jpg
securehealthsnews.com/Pain123/images/ |
368 KB 369 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
harv1.png
securehealthsnews.com/Pain123/ |
107 KB 108 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
prof10.jpg
securehealthsnews.com/Pain123/images/ |
2 KB 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
prof2.jpg
securehealthsnews.com/Pain123/images/ |
2 KB 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
pp2.jpg
securehealthsnews.com/Pain123/images/ |
13 KB 13 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
prof5.jpg
securehealthsnews.com/Pain123/images/ |
2 KB 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
prof6.jpg
securehealthsnews.com/Pain123/images/ |
2 KB 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
pp5.jpg
securehealthsnews.com/Pain123/images/ |
13 KB 13 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
prof8.jpg
securehealthsnews.com/Pain123/images/ |
3 KB 3 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
pp6.jpg
securehealthsnews.com/Pain123/images/ |
11 KB 11 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
video-bg-normal.jpg
onedaytorunlive.com/img/ |
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H2 |
get-keys
app.swpush.com/ |
551 B 780 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
fgpt.min.js
cdn-dt.fcdn.info/ |
29 KB 11 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
ads-banner.js
cdn-dt.fcdn.info/ |
0 145 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Weightloss Scam (Online)7 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| $ function| jQuery object| WPush object| jQuery1111023927136935151516 function| FGPT1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| .securehealthsnews.com/ | Name: __cfduid Value: d15d1ed8b0cb07255885da6dcb4ad31eb1589841031 |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
| Source | Level | URL Text |
|---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
app.swpush.com
bottage-vegicate.icu
cdn-dt.fcdn.info
cdnjs.cloudflare.com
hendoween-novirus.icu
mengig.com
onedaytorunlive.com
saucecash.go2cloud.org
securehealthsnews.com
104.244.75.32
104.27.191.126
18.202.12.61
212.1.210.90
2606:4700:3031::681b:8512
2606:4700:3036::681f:43df
2606:4700::6810:85e5
52.29.223.183
52.59.185.192
074c3fee1b061ff55a401621ad8c073e912425b70bf05ba2f1c57622d8f00668
0e48a851744148120e20c50902cdea6f268c013eda78f87100d6cfa926ecce5c
0f361f8be2a2f0f833d221562a2be2002fda398d9f104097b803c88f04985964
1cb5d9ce505a301b6312b9e73e8f4562f6f11f9f309f3258007ae8007abcd4ad
3fa95bd37a4896f076d974fcc1336cbe96257584985bdb09fea0ce3532fbddf7
52d605051384c175504536706bbdfef8f15417ab9d8fb4a08a2083a42bc9f6de
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
596492fc8fdb5fc82f4a85b54b4a52ed6596f4f8d75d5e04808dfa4cb1688d7e
59edb893416c6deac40d2b733caf988f4e8aee1e996d718436fcdddb55262fad
5aca5379addbb8eb3404d58c8d659806b3b74c01fad1a44a1af0f0deb80ab26f
62081a46cf154cc82e382d35ba1b2419c23dc70cfb36d1f4fb0e792981a2d869
65c50446ae3ec1cf77b8e71d703ac383f6babed6d1facf62f2ec228c30550d8f
79a3b0af421c0e4d2f02dc0e777b823100527ea9e28ae1345d3a19a35ede2105
7c599a1f1acf20c1a93d38bc62e21b06b73728c5f664597fec4b4a4cd777a698
7ebf0402ee62bae00a6ded482e97c47ed1cf74b9fa6a602fd4d57b376ddd539a
888dccfa93119ce00f9cc4764d37af91a95a3e55fbe1a4da510d4bcc579ddaba
912a9915fedc0c1b4e4e78b512e79971b003bbdbce42cf4a581760f4bef748a7
9a772aed82ecee4241da3ffc799e231dde7db0693859d068a1857c83c968312d
ab0d6ca856c3af2377dc800b8e4866d86749ce277a87073df6c49eb1d02be767
d4e730980b14b141944005536f28f5092e367cef7bc1d78b409f43cec090f0e0
db5e38abe34e33f5d4e99c52a914c9f0fd16fc2918eb35dcea65d8b78fa617db
e0b4e806d14a848b60771ce921ae209b40037f6f003fd7533c122aaa4d4d7fa2
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e8783a6e94254f7c6f710d69442152f7a3fdd5791fdd4e94bea126ad32e5c681
ed9e4c60df028e820ff6358d434c30d6d0cf2010981137b381ac986c4cb96419
fa7b84bb6e37fba06f79793937e55baf6ebc1bee051e350e11c7ca681a9f3db7