auth.safesystems.app
Open in
urlscan Pro
2606:4700::6810:b9f8
Public Scan
Effective URL: https://auth.safesystems.app/u/login?state=hKFo2SBzUEw2UzM2Si0tS3A3NWFEZU53RjVSczBLTDdHMkdwTKFur3VuaXZlcnNhbC1sb2dpbqN0aWTZIH...
Submission: On March 25 via automatic, source certstream-suspicious — Scanned from DE
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on November 8th 2021. Valid for: a year.
This is the only time auth.safesystems.app was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
4 | 2600:9000:225... 2600:9000:2250:fa00:12:b6f1:2840:93a1 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 54.186.116.47 54.186.116.47 | 16509 (AMAZON-02) (AMAZON-02) | |
1 2 | 2606:4700::68... 2606:4700::6810:b9f8 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 18.66.245.48 18.66.245.48 | 16509 (AMAZON-02) (AMAZON-02) | |
1 2 | 52.10.136.75 52.10.136.75 | 16509 (AMAZON-02) (AMAZON-02) | |
10 | 6 |
ASN16509 (AMAZON-02, US)
PTR: ec2-54-186-116-47.us-west-2.compute.amazonaws.com
api.getchecked.health |
ASN16509 (AMAZON-02, US)
PTR: server-18-66-245-48.dus51.r.cloudfront.net
cdn.auth0.com |
ASN16509 (AMAZON-02, US)
PTR: ec2-52-10-136-75.us-west-2.compute.amazonaws.com
safehealth.me |
Apex Domain Subdomains |
Transfer | |
---|---|---|
4 |
safe.health
vaxi.safe.health |
2 MB |
2 |
safehealth.me
1 redirects
safehealth.me |
648 B |
2 |
safesystems.app
auth.safesystems.app Failed |
15 KB |
1 |
auth0.com
cdn.auth0.com — Cisco Umbrella Rank: 9372 |
52 KB |
1 |
getchecked.health
api.getchecked.health |
605 B |
10 | 5 |
Domain | Requested by | |
---|---|---|
4 | vaxi.safe.health |
vaxi.safe.health
|
2 | safehealth.me |
1 redirects
auth.safesystems.app
|
2 | auth.safesystems.app |
vaxi.safe.health
|
1 | cdn.auth0.com |
auth.safesystems.app
|
1 | api.getchecked.health |
vaxi.safe.health
|
10 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.vaxi.me Amazon |
2021-04-24 - 2022-05-23 |
a year | crt.sh |
*.getchecked.health Amazon |
2022-01-28 - 2023-02-26 |
a year | crt.sh |
auth.safesystems.app Cloudflare Inc ECC CA-3 |
2021-11-08 - 2022-11-07 |
a year | crt.sh |
*.auth0.com Amazon |
2021-04-25 - 2022-05-24 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://auth.safesystems.app/u/login?state=hKFo2SBzUEw2UzM2Si0tS3A3NWFEZU53RjVSczBLTDdHMkdwTKFur3VuaXZlcnNhbC1sb2dpbqN0aWTZIHJrb0lMaW5NVi1FdGJHTzhUYmcxYVVyQjFNOHFlMEpIo2NpZNkgdnlMTHVWbzFZYTB6a2lMMGVSOGNnRzYzTGVWUWFqYzk
Frame ID: D9BF8D184D80542DC2A88F73C0BE0A3B
Requests: 10 HTTP requests in this frame
Screenshot
Page Title
Log in | Vaxi Administration ConsolePage URL History Show full URLs
- https://vaxi.safe.health/ Page URL
-
https://auth.safesystems.app/authorize?client_id=vyLLuVo1Ya0zkiL0eR8cgG63LeVQajc9&audience=https%3A%2F%2F...
HTTP 302
https://auth.safesystems.app/u/login?state=hKFo2SBzUEw2UzM2Si0tS3A3NWFEZU53RjVSczBLTDdHMkdwTKFur3VuaXZlcn... Page URL
Detected technologies
WordPress (CMS) ExpandDetected patterns
- /wp-(?:content|includes)/
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://vaxi.safe.health/ Page URL
-
https://auth.safesystems.app/authorize?client_id=vyLLuVo1Ya0zkiL0eR8cgG63LeVQajc9&audience=https%3A%2F%2Fapi.getchecked.health&redirect_uri=https%3A%2F%2Fvaxi.safe.health&response_type=code&scope=openid%20profile%20email&response_mode=query&state=akpOYnkubjR6cDM1NGVpNlNZN0dGTlF3allqcHVRVjg5bWxTYzRISm5PQg%3D%3D&nonce=6aP0iR75t6Ywo6R6hLeO0IoCCJG.zeUmh8zjEe6ADHD&code_challenge=BlLeUWWsJRrhBg7YqX57QFURpHU6yyIpAc9SML5o1lk&code_challenge_method=S256&auth0Client=eyJuYW1lIjoiYXV0aDAtc3BhLWpzIiwidmVyc2lvbiI6IjEuNi41In0%3D
HTTP 302
https://auth.safesystems.app/u/login?state=hKFo2SBzUEw2UzM2Si0tS3A3NWFEZU53RjVSczBLTDdHMkdwTKFur3VuaXZlcnNhbC1sb2dpbqN0aWTZIHJrb0lMaW5NVi1FdGJHTzhUYmcxYVVyQjFNOHFlMEpIo2NpZNkgdnlMTHVWbzFZYTB6a2lMMGVSOGNnRzYzTGVWUWFqYzk Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 8- https://safehealth.me/shs-emblem/ HTTP 301
- https://safehealth.me/wp-content/uploads/sites/2/2020/09/shs-emblem.png
10 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
vaxi.safe.health/ |
5 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.974f73de.chunk.css
vaxi.safe.health/static/css/ |
731 KB 733 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
8.b3b9d24e.chunk.js
vaxi.safe.health/static/js/ |
600 KB 601 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.d75467f8.chunk.js
vaxi.safe.health/static/js/ |
353 KB 354 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
public
api.getchecked.health/v1/admin/account/ |
44 B 605 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
service-worker.js
vaxi.safe.health/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
logout
auth.safesystems.app/v2/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
login
auth.safesystems.app/u/ Redirect Chain
|
14 KB 14 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.cdn.min.css
cdn.auth0.com/ulp/react-components/1.58.13/css/ |
224 KB 52 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
shs-emblem.png
safehealth.me/wp-content/uploads/sites/2/2020/09/ Redirect Chain
|
334 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
650 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- vaxi.safe.health
- URL
- https://vaxi.safe.health/service-worker.js
- Domain
- auth.safesystems.app
- URL
- https://auth.safesystems.app/v2/logout?client_id=vyLLuVo1Ya0zkiL0eR8cgG63LeVQajc9&auth0Client=eyJuYW1lIjoiYXV0aDAtc3BhLWpzIiwidmVyc2lvbiI6IjEuNi41In0%3D
Verdicts & Comments Add Verdict or Comment
3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| structuredClone object| oncontextlost object| oncontextrestored6 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
vaxi.safe.health/ | Name: a0.spajs.txs.akpOYnkubjR6cDM1NGVpNlNZN0dGTlF3allqcHVRVjg5bWxTYzRISm5PQg%3D%3D Value: {%22nonce%22:%226aP0iR75t6Ywo6R6hLeO0IoCCJG.zeUmh8zjEe6ADHD%22%2C%22code_verifier%22:%22ltfRuP9j4eWmx5Wc7_EiTv5Jy8Ik4Fx_FSlQkjD3znP%22%2C%22appState%22:{%22targetUrl%22:%22/%22}%2C%22scope%22:%22openid%20profile%20email%22%2C%22audience%22:%22https://api.getchecked.health%22%2C%22redirect_uri%22:%22https://vaxi.safe.health%22} |
|
auth.safesystems.app/ | Name: did Value: s%3Av0%3Acaee4ce0-abe8-11ec-9eea-7fb8dc9de5cf.fWdgYBceblkvbtmH4ikZ3nx9iwsiOlAZN44ErI3KeEI |
|
auth.safesystems.app/ | Name: auth0 Value: s%3Av1.gadzZXNzaW9ugqZoYW5kbGXEQBAbaGF0mGgIU8FL4OUzs0IZ64rDYsH0Vh68eoapOhRADe9w6h9KUIu3U3RN6uPBmnQHvg3faiG_EUYRSzHCiR2mY29va2llg6dleHBpcmVz1_-30hsAYkEmlq5vcmlnaW5hbE1heEFnZc4PcxQAqHNhbWVTaXRlpG5vbmU.1T53CDCuEzX%2FMNwWHsnTy5Bt5HffK35ugQFsge6hOzY |
|
auth.safesystems.app/ | Name: did_compat Value: s%3Av0%3Acaee4ce0-abe8-11ec-9eea-7fb8dc9de5cf.fWdgYBceblkvbtmH4ikZ3nx9iwsiOlAZN44ErI3KeEI |
|
auth.safesystems.app/ | Name: auth0_compat Value: s%3Av1.gadzZXNzaW9ugqZoYW5kbGXEQBAbaGF0mGgIU8FL4OUzs0IZ64rDYsH0Vh68eoapOhRADe9w6h9KUIu3U3RN6uPBmnQHvg3faiG_EUYRSzHCiR2mY29va2llg6dleHBpcmVz1_-30hsAYkEmlq5vcmlnaW5hbE1heEFnZc4PcxQAqHNhbWVTaXRlpG5vbmU.1T53CDCuEzX%2FMNwWHsnTy5Bt5HffK35ugQFsge6hOzY |
|
safehealth.me/ | Name: AWSALBCORS Value: /PNmpRYKi6+EkR7IhvUEoMdw3gfSCtLVkHtqgEtWFwtkGV8p33kEbdqt4b2qebPuWGguHusUEKTROKobL6rQMhEL03hmiPYVPs6ZmGRJFSCePBERIPI+wlWoXZPB |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
api.getchecked.health
auth.safesystems.app
cdn.auth0.com
safehealth.me
vaxi.safe.health
auth.safesystems.app
vaxi.safe.health
18.66.245.48
2600:9000:2250:fa00:12:b6f1:2840:93a1
2606:4700::6810:b9f8
52.10.136.75
54.186.116.47
37d2c9b49a0a2cca73c7b358833ff8aed5a7105dd9389a6eebb7b20872815d75
3e4a1a5a31b33b55878efa693ae07f81232e8997ef8937ecf60a103b34c813d6
6b5ae395943fa19714183cec7479693dae548807d05cd30090a6cfe7c7f0bed0
7b249ed1557e81a7c3fd3d796531b5205214bfcd0c1ccbc7b55d866fa9909f2e
a68fdf4dacefe6fede1b58d63e225aba671b45394002be01d34580f240dd38cd
a6a347b9a380d57e1ae5b3f13c6dda63d703ed8e11381492643ed9b45d480661
aaf1eac584819e98c7f78a20216bd2fb10ee29e10b290983bc0fa82d0f293bce
c9c06006551ad40d741d0f39a25f55e930c237a885ad77efe8666d4c672c7751