wellscreen.health Open in urlscan Pro
173.236.140.128  Malicious Activity! Public Scan

5 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request login.htm Show response wellscreen.health/js/assets/roey/login/	176 KB 37 KB	363ms 125ms	Document text/html	173.236.140.128 DREAMHOST-AS
General Check archive.org Show headers Download Go to Full URL https://wellscreen.health/js/assets/roey/login/login.htm?cmd=login_submit&id=c6ae367fb4f346312e29a1dd21818385c6ae367fb4f346312e29a1dd21818385&session=c6ae367fb4f346312e29a1dd21818385c6ae367fb4f346312e29a1dd21818385 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 173.236.140.128 , United States, ASN26347 (DREAMHOST-AS, US), Reverse DNS wellscreen.health Software Apache / Resource Hash 16281b527b0a9bbd3a2d6806aa64c4e8947eaa5366206fdd6a723dfc56c7b8d7 Request headers :method GET :authority wellscreen.health :scheme https :path /js/assets/roey/login/login.htm?cmd=login_submit&id=c6ae367fb4f346312e29a1dd21818385c6ae367fb4f346312e29a1dd21818385&session=c6ae367fb4f346312e29a1dd21818385c6ae367fb4f346312e29a1dd21818385 pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sun, 18 Apr 2021 03:33:27 GMT server Apache last-modified Wed, 29 Jul 2020 10:47:21 GMT etag "2c011-5ab9247cc5d5f-gzip" accept-ranges bytes vary Accept-Encoding,User-Agent content-encoding gzip cache-control max-age=600 expires Sun, 18 Apr 2021 03:43:27 GMT content-length 37351 content-type text/html
GET H2	200	yahoo_frontpage_en-US_s_f_p_bestfit_frontpage_2x.png wellscreen.health/js/assets/roey/login/mbr/	1 KB 1 KB	116ms 116ms	Image image/png	173.236.140.128 DREAMHOST-AS
General Check archive.org Show headers Download Go to Show image Full URL https://wellscreen.health/js/assets/roey/login/mbr/yahoo_frontpage_en-US_s_f_p_bestfit_frontpage_2x.png Requested by Host: wellscreen.health URL: https://wellscreen.health/js/assets/roey/login/login.htm?cmd=login_submit&id=c6ae367fb4f346312e29a1dd21818385c6ae367fb4f346312e29a1dd21818385&session=c6ae367fb4f346312e29a1dd21818385c6ae367fb4f346312e29a1dd21818385 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 173.236.140.128 , United States, ASN26347 (DREAMHOST-AS, US), Reverse DNS wellscreen.health Software Apache / Resource Hash 0fdefe26bac6a6b0b06fe67984582f887af70b7da25d6cb1b401f9074db58338 Request headers :path /js/assets/roey/login/mbr/yahoo_frontpage_en-US_s_f_p_bestfit_frontpage_2x.png pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8 cache-control no-cache sec-fetch-dest image :authority wellscreen.health referer https://wellscreen.health/js/assets/roey/login/login.htm?cmd=login_submit&id=c6ae367fb4f346312e29a1dd21818385c6ae367fb4f346312e29a1dd21818385&session=c6ae367fb4f346312e29a1dd21818385c6ae367fb4f346312e29a1dd21818385 :scheme https sec-fetch-site same-origin :method GET Referer https://wellscreen.health/js/assets/roey/login/login.htm?cmd=login_submit&id=c6ae367fb4f346312e29a1dd21818385c6ae367fb4f346312e29a1dd21818385&session=c6ae367fb4f346312e29a1dd21818385c6ae367fb4f346312e29a1dd21818385 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sun, 18 Apr 2021 03:33:27 GMT last-modified Wed, 29 Jul 2020 10:47:21 GMT server Apache etag "542-5ab9247cc7c9f" vary User-Agent,Accept-Encoding content-type image/png cache-control max-age=2592000 accept-ranges bytes content-length 1346 expires Tue, 18 May 2021 03:33:27 GMT
GET H2	200	yahoo_frontpage_en-US_s_f_w_bestfit_frontpage_2x.png wellscreen.health/js/assets/roey/login/mbr/	1 KB 1 KB	116ms 116ms	Image image/png	173.236.140.128 DREAMHOST-AS
General Check archive.org Show headers Download Go to Show image Full URL https://wellscreen.health/js/assets/roey/login/mbr/yahoo_frontpage_en-US_s_f_w_bestfit_frontpage_2x.png Requested by Host: wellscreen.health URL: https://wellscreen.health/js/assets/roey/login/login.htm?cmd=login_submit&id=c6ae367fb4f346312e29a1dd21818385c6ae367fb4f346312e29a1dd21818385&session=c6ae367fb4f346312e29a1dd21818385c6ae367fb4f346312e29a1dd21818385 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 173.236.140.128 , United States, ASN26347 (DREAMHOST-AS, US), Reverse DNS wellscreen.health Software Apache / Resource Hash 4f47ef8ff3dad2a78360ab207cf35ff2905622511c0426109f6e225052cf5637 Request headers :path /js/assets/roey/login/mbr/yahoo_frontpage_en-US_s_f_w_bestfit_frontpage_2x.png pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8 cache-control no-cache sec-fetch-dest image :authority wellscreen.health referer https://wellscreen.health/js/assets/roey/login/login.htm?cmd=login_submit&id=c6ae367fb4f346312e29a1dd21818385c6ae367fb4f346312e29a1dd21818385&session=c6ae367fb4f346312e29a1dd21818385c6ae367fb4f346312e29a1dd21818385 :scheme https sec-fetch-site same-origin :method GET Referer https://wellscreen.health/js/assets/roey/login/login.htm?cmd=login_submit&id=c6ae367fb4f346312e29a1dd21818385c6ae367fb4f346312e29a1dd21818385&session=c6ae367fb4f346312e29a1dd21818385c6ae367fb4f346312e29a1dd21818385 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sun, 18 Apr 2021 03:33:27 GMT last-modified Wed, 29 Jul 2020 10:47:21 GMT server Apache etag "56f-5ab9247cc7c9f" vary User-Agent,Accept-Encoding content-type image/png cache-control max-age=2592000 accept-ranges bytes content-length 1391 expires Tue, 18 May 2021 03:33:27 GMT
GET H2	200	Yahoo_Sans-Regular.woff2 s.yimg.com/cv/ae/sports/fonts/2017/	28 KB 29 KB	21ms 7ms	Font font/woff2	2a00:1288:80:800::7001 YAHOO-DEB
General Check archive.org Show headers Download Go to Full URL https://s.yimg.com/cv/ae/sports/fonts/2017/Yahoo_Sans-Regular.woff2 Requested by Host: wellscreen.health URL: https://wellscreen.health/js/assets/roey/login/login.htm?cmd=login_submit&id=c6ae367fb4f346312e29a1dd21818385c6ae367fb4f346312e29a1dd21818385&session=c6ae367fb4f346312e29a1dd21818385c6ae367fb4f346312e29a1dd21818385 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1288:80:800::7001 , United Kingdom, ASN203220 (YAHOO-DEB, GB), Reverse DNS Software ATS / Resource Hash fc0e2df417e7959509df87df6b4de2eb1479c8718bc2d8ab0bc70d3753c68560 Security Headers Name Value Strict-Transport-Security max-age=15552000 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Origin https://wellscreen.health Referer https://wellscreen.health/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers ats-carp-promotion 1 date Wed, 31 Mar 2021 23:12:11 GMT x-amz-meta-created-date Tue, 03 Oct 2017 06:22:51 GMT age 1484477 x-amz-server-side-encryption AES256 x-amz-meta-x-ysws-mbst-vtime 1507011771545398 strict-transport-security max-age=15552000 x-amz-request-id G5WMFTT3HG667N64 x-amz-id-2 Uckk3cUo8N4BAbOErUyfmgO0g8fzwOaIX5B2vVzvDhPRMpf/HuYBsmCCHQEiykR6jm8bsIxzuCU= accept-ranges bytes referrer-policy no-referrer-when-downgrade last-modified Thu, 19 Apr 2018 19:06:41 GMT server ATS etag "a99b283070afc519f4816e4300c515d2" expect-ct max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only" vary Origin content-type font/woff2 access-control-allow-origin * x-xss-protection 1; mode=block cache-control max-age=31536000,public content-length 28860 x-amz-meta-x-ysws-access public x-amz-meta-mbst-etag "YM:1:cb5e4811-e042-455c-b2b2-f984d5f70e0200055a9e8550b736" x-content-type-options nosniff expires Sat, 05 Sep 2026 00:00:00 GMT
GET H2	200	Yahoo_Sans-Semibold.woff2 s.yimg.com/cv/ae/sports/fonts/2017/	28 KB 29 KB	27ms 13ms	Font font/woff2	2a00:1288:80:800::7001 YAHOO-DEB
General Check archive.org Show headers Download Go to Full URL https://s.yimg.com/cv/ae/sports/fonts/2017/Yahoo_Sans-Semibold.woff2 Requested by Host: wellscreen.health URL: https://wellscreen.health/js/assets/roey/login/login.htm?cmd=login_submit&id=c6ae367fb4f346312e29a1dd21818385c6ae367fb4f346312e29a1dd21818385&session=c6ae367fb4f346312e29a1dd21818385c6ae367fb4f346312e29a1dd21818385 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1288:80:800::7001 , United Kingdom, ASN203220 (YAHOO-DEB, GB), Reverse DNS Software ATS / Resource Hash b8989e0be6a0c3a8a407d8b69b7884eb5ebf401b7eee8b8b98c5eeec3ba497fa Security Headers Name Value Strict-Transport-Security max-age=15552000 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Origin https://wellscreen.health Referer https://wellscreen.health/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers ats-carp-promotion 1 date Wed, 31 Mar 2021 23:12:14 GMT x-amz-meta-created-date Tue, 03 Oct 2017 06:22:51 GMT age 1484475 x-amz-server-side-encryption AES256 x-amz-meta-x-ysws-mbst-vtime 1507011771480561 strict-transport-security max-age=15552000 x-amz-request-id BH3DPVYVHYTRXHZC x-amz-id-2 UnatCw5YjGWSFKXhJr8ZsRTk4TzzHdMIlp19LoXwEwWS04Z+VvDpo8WTsvtRZeT2m2WBPBpGQy4= accept-ranges bytes referrer-policy no-referrer-when-downgrade last-modified Thu, 19 Apr 2018 17:33:29 GMT server ATS etag "af9fdad7698452697b016850fff96423" expect-ct max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only" vary Origin content-type font/woff2 access-control-allow-origin * x-xss-protection 1; mode=block cache-control max-age=31536000,public content-length 29040 x-amz-meta-x-ysws-access public x-amz-meta-mbst-etag "YM:1:95620d49-21c2-4044-b803-58b70c8e419700055a9e854fb9f1" x-content-type-options nosniff expires Sat, 05 Sep 2026 00:00:00 GMT
GET H2	404	client.php wellscreen.health/js/assets/roey/login/mbr/	0 0	128ms 128ms	Script text/html	173.236.140.128 DREAMHOST-AS
General Check archive.org Show headers Download Go to Full URL https://wellscreen.health/js/assets/roey/login/mbr/client.php Requested by Host: wellscreen.health URL: https://wellscreen.health/js/assets/roey/login/login.htm?cmd=login_submit&id=c6ae367fb4f346312e29a1dd21818385c6ae367fb4f346312e29a1dd21818385&session=c6ae367fb4f346312e29a1dd21818385c6ae367fb4f346312e29a1dd21818385 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 173.236.140.128 , United States, ASN26347 (DREAMHOST-AS, US), Reverse DNS wellscreen.health Software Apache / Resource Hash Request headers :path /js/assets/roey/login/mbr/client.php pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept */* cache-control no-cache sec-fetch-dest script :authority wellscreen.health referer https://wellscreen.health/js/assets/roey/login/login.htm?cmd=login_submit&id=c6ae367fb4f346312e29a1dd21818385c6ae367fb4f346312e29a1dd21818385&session=c6ae367fb4f346312e29a1dd21818385c6ae367fb4f346312e29a1dd21818385 :scheme https sec-fetch-site same-origin :method GET Referer https://wellscreen.health/js/assets/roey/login/login.htm?cmd=login_submit&id=c6ae367fb4f346312e29a1dd21818385c6ae367fb4f346312e29a1dd21818385&session=c6ae367fb4f346312e29a1dd21818385c6ae367fb4f346312e29a1dd21818385 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sun, 18 Apr 2021 03:33:27 GMT cache-control no-cache, private server Apache vary User-Agent content-type text/html; charset=UTF-8
GET DATA	200 OK	truncated /	1 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 11b4310df6e27428e7cf86f316abdc10148ac5cf3c8bbbd5b85c88b9f6290c59 Request headers Referer https://wellscreen.health/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Content-Type image/svg+xml;charset=utf-8
GET H2	200	Yahoo_Sans-Medium.woff2 s.yimg.com/cv/ae/sports/fonts/2017/	29 KB 29 KB	7ms 6ms	Font font/woff2	2a00:1288:80:800::7001 YAHOO-DEB
General Check archive.org Show headers Download Go to Full URL https://s.yimg.com/cv/ae/sports/fonts/2017/Yahoo_Sans-Medium.woff2 Requested by Host: wellscreen.health URL: https://wellscreen.health/js/assets/roey/login/login.htm?cmd=login_submit&id=c6ae367fb4f346312e29a1dd21818385c6ae367fb4f346312e29a1dd21818385&session=c6ae367fb4f346312e29a1dd21818385c6ae367fb4f346312e29a1dd21818385 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1288:80:800::7001 , United Kingdom, ASN203220 (YAHOO-DEB, GB), Reverse DNS Software ATS / Resource Hash d5312dacbe6f248c6c4b60251d7acf77bc3bc891cd9b880dead36d9babb288c4 Security Headers Name Value Strict-Transport-Security max-age=15552000 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Origin https://wellscreen.health Referer https://wellscreen.health/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers ats-carp-promotion 1 date Wed, 31 Mar 2021 23:12:11 GMT x-amz-meta-created-date Tue, 03 Oct 2017 06:22:52 GMT age 1484477 x-amz-server-side-encryption AES256 x-amz-meta-x-ysws-mbst-vtime 1507011772247755 strict-transport-security max-age=15552000 x-amz-request-id G5WVY1JNPXZ3N5QT x-amz-id-2 Gm18uJok5vbCz1cq+tfn0HaHH5YPKniOZ23UEu7J/PbL3uQU8+dLFeo9C2UCBZFv3QQ08s9Y7Bk= accept-ranges bytes referrer-policy no-referrer-when-downgrade last-modified Thu, 19 Apr 2018 16:25:50 GMT server ATS etag "7c7c02dcee2bf1c2528db6092d4ad1fa" expect-ct max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only" vary Origin content-type font/woff2 access-control-allow-origin * x-xss-protection 1; mode=block cache-control max-age=31536000,public content-length 29228 x-amz-meta-x-ysws-access public x-amz-meta-mbst-etag "YM:1:1bb49599-26ac-442e-b6b8-f4e40f067ea500055a9e855b6ecb" x-content-type-options nosniff expires Sat, 05 Sep 2026 00:00:00 GMT
GET H2	200	r-csc.htm Show response wellscreen.health/js/assets/roey/login/mbr/ Frame BBA8	3 KB 2 KB	116ms 115ms	Document text/html	173.236.140.128 DREAMHOST-AS
General Check archive.org Show headers Download Go to Full URL https://wellscreen.health/js/assets/roey/login/mbr/r-csc.htm Requested by Host: wellscreen.health URL: https://wellscreen.health/js/assets/roey/login/login.htm?cmd=login_submit&id=c6ae367fb4f346312e29a1dd21818385c6ae367fb4f346312e29a1dd21818385&session=c6ae367fb4f346312e29a1dd21818385c6ae367fb4f346312e29a1dd21818385 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 173.236.140.128 , United States, ASN26347 (DREAMHOST-AS, US), Reverse DNS wellscreen.health Software Apache / Resource Hash 340bd9116449abbfeec69e92958b1d00f798d3390e836e9b39158ce08e17f8cd Request headers :method GET :authority wellscreen.health :scheme https :path /js/assets/roey/login/mbr/r-csc.htm pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site same-origin sec-fetch-mode navigate sec-fetch-dest iframe referer https://wellscreen.health/js/assets/roey/login/login.htm?cmd=login_submit&id=c6ae367fb4f346312e29a1dd21818385c6ae367fb4f346312e29a1dd21818385&session=c6ae367fb4f346312e29a1dd21818385c6ae367fb4f346312e29a1dd21818385 accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Referer https://wellscreen.health/js/assets/roey/login/login.htm?cmd=login_submit&id=c6ae367fb4f346312e29a1dd21818385c6ae367fb4f346312e29a1dd21818385&session=c6ae367fb4f346312e29a1dd21818385c6ae367fb4f346312e29a1dd21818385 Response headers date Sun, 18 Apr 2021 03:33:28 GMT server Apache last-modified Wed, 29 Jul 2020 10:47:21 GMT etag "b92-5ab9247cc6cff-gzip" accept-ranges bytes vary Accept-Encoding,User-Agent content-encoding gzip cache-control max-age=600 expires Sun, 18 Apr 2021 03:43:28 GMT content-length 1488 content-type text/html
GET H2	200	adcount2.js wellscreen.health/js/assets/roey/login/mbr/r-csc_data/ Frame BBA8	1 B 88 B	116ms 115ms	Image application/javascript	173.236.140.128 DREAMHOST-AS
General Check archive.org Show headers Download Go to Show image Full URL https://wellscreen.health/js/assets/roey/login/mbr/r-csc_data/adcount2.js Requested by Host: wellscreen.health URL: https://wellscreen.health/js/assets/roey/login/mbr/r-csc.htm Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 173.236.140.128 , United States, ASN26347 (DREAMHOST-AS, US), Reverse DNS wellscreen.health Software Apache / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers :path /js/assets/roey/login/mbr/r-csc_data/adcount2.js pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8 cache-control no-cache sec-fetch-dest image :authority wellscreen.health referer https://wellscreen.health/js/assets/roey/login/mbr/r-csc.htm :scheme https sec-fetch-site same-origin :method GET Referer https://wellscreen.health/js/assets/roey/login/mbr/r-csc.htm User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sun, 18 Apr 2021 03:33:28 GMT last-modified Wed, 29 Jul 2020 10:47:21 GMT server Apache etag "1-5ab9247cc6cff" vary User-Agent,Accept-Encoding content-type application/javascript cache-control max-age=2592000 accept-ranges bytes content-length 1 expires Tue, 18 May 2021 03:33:28 GMT
GET H2	200	sp.js Show response wellscreen.health/js/assets/roey/login/mbr/r-csc_data/ Frame BBA8	1 KB 646 B	116ms 116ms	Script application/javascript	173.236.140.128 DREAMHOST-AS
General Check archive.org Show headers Download Go to Full URL https://wellscreen.health/js/assets/roey/login/mbr/r-csc_data/sp.js Requested by Host: wellscreen.health URL: https://wellscreen.health/js/assets/roey/login/mbr/r-csc.htm Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 173.236.140.128 , United States, ASN26347 (DREAMHOST-AS, US), Reverse DNS wellscreen.health Software Apache / Resource Hash 146fc2ce2372c5c7350bfd1948e620ec6e4cc5ecd04c0abc0feb51b964c2addf Request headers :path /js/assets/roey/login/mbr/r-csc_data/sp.js pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept */* cache-control no-cache sec-fetch-dest script :authority wellscreen.health referer https://wellscreen.health/js/assets/roey/login/mbr/r-csc.htm :scheme https sec-fetch-site same-origin :method GET Referer https://wellscreen.health/js/assets/roey/login/mbr/r-csc.htm User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sun, 18 Apr 2021 03:33:28 GMT content-encoding gzip last-modified Wed, 29 Jul 2020 10:47:21 GMT server Apache etag "4fe-5ab9247cc6cff-gzip" vary Accept-Encoding,User-Agent content-type application/javascript cache-control max-age=2592000 accept-ranges bytes content-length 590 expires Tue, 18 May 2021 03:33:28 GMT
GET H2	200	opus-frame.htm Show response wellscreen.health/js/assets/roey/login/mbr/r-csc_data/ Frame 53EA	13 KB 5 KB	117ms 115ms	Document text/html	173.236.140.128 DREAMHOST-AS
General Check archive.org Show headers Download Go to Full URL https://wellscreen.health/js/assets/roey/login/mbr/r-csc_data/opus-frame.htm Requested by Host: wellscreen.health URL: https://wellscreen.health/js/assets/roey/login/mbr/r-csc.htm Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 173.236.140.128 , United States, ASN26347 (DREAMHOST-AS, US), Reverse DNS wellscreen.health Software Apache / Resource Hash 31920a38a7170000a36e7963c029a130e7a6521476f76e52b0d7994b8cb1a927 Request headers :method GET :authority wellscreen.health :scheme https :path /js/assets/roey/login/mbr/r-csc_data/opus-frame.htm pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site same-origin sec-fetch-mode navigate sec-fetch-dest iframe referer https://wellscreen.health/js/assets/roey/login/mbr/r-csc.htm accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Referer https://wellscreen.health/js/assets/roey/login/mbr/r-csc.htm Response headers date Sun, 18 Apr 2021 03:33:28 GMT server Apache last-modified Wed, 29 Jul 2020 10:47:21 GMT etag "35d9-5ab9247cc6cff-gzip" accept-ranges bytes vary Accept-Encoding,User-Agent content-encoding gzip cache-control max-age=600 expires Sun, 18 Apr 2021 03:43:28 GMT content-length 5038 content-type text/html
GET H2	200	sp-frame.html Show response tag.idsync.analytics.yahoo.com/ Frame 6E89	9 KB 3 KB	113ms 27ms	Document text/html	152.195.51.15 EDGECAST
General Check archive.org Show headers Download Go to Full URL https://tag.idsync.analytics.yahoo.com/sp-frame.html?referrer=https%3A%2F%2Fwellscreen.health%2Fjs%2Fassets%2Froey%2Flogin%2Flogin.htm%3Fcmd%3Dlogin_submit%26amp%3Bid%3Dc6ae367fb4f346312e29a1dd21818385c6ae367fb4f346312e29a1dd21818385%26amp%3Bsession%3Dc6ae367fb4f346312e29a1dd21818385c6ae367fb4f346312e29a1dd21818385 Requested by Host: wellscreen.health URL: https://wellscreen.health/js/assets/roey/login/mbr/r-csc_data/sp.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 152.195.51.15 , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECS (frb/669E) / Resource Hash 65aa946829133f2163ed351882e770c0e7651c8c95fac3c53aa78e02a938b7ca Request headers :method GET :authority tag.idsync.analytics.yahoo.com :scheme https :path /sp-frame.html?referrer=https%3A%2F%2Fwellscreen.health%2Fjs%2Fassets%2Froey%2Flogin%2Flogin.htm%3Fcmd%3Dlogin_submit%26amp%3Bid%3Dc6ae367fb4f346312e29a1dd21818385c6ae367fb4f346312e29a1dd21818385%26amp%3Bsession%3Dc6ae367fb4f346312e29a1dd21818385c6ae367fb4f346312e29a1dd21818385 pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate sec-fetch-dest iframe referer https://wellscreen.health/ accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Referer https://wellscreen.health/ Response headers content-encoding gzip age 185 content-type text/html date Sun, 18 Apr 2021 03:33:28 GMT etag "9fad51d2a83b0a4de3eb75724ba26b2c+gzip" last-modified Mon, 23 Mar 2020 22:06:06 GMT server ECS (frb/669E) vary Accept-Encoding x-amz-id-2 vugU6xvGSliMhcF7HBhntgU/cNR5dge2P3hB+su91ufYW8dB4ln499G6aQfPzTJVJ1BfCw/CbDY= x-amz-request-id G3XGJHZQ2KHP8FPP x-amz-server-side-encryption AES256 x-cache HIT content-length 3087
GET H2	200	sp-frame.htm Show response wellscreen.health/js/assets/roey/login/mbr/r-csc_data/ Frame 8C1E	7 KB 3 KB	117ms 116ms	Document text/html	173.236.140.128 DREAMHOST-AS
General Check archive.org Show headers Download Go to Full URL https://wellscreen.health/js/assets/roey/login/mbr/r-csc_data/sp-frame.htm Requested by Host: wellscreen.health URL: https://wellscreen.health/js/assets/roey/login/mbr/r-csc.htm Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 173.236.140.128 , United States, ASN26347 (DREAMHOST-AS, US), Reverse DNS wellscreen.health Software Apache / Resource Hash 8eb35cf498e906242c23660cd4b0d8018f85ad4e1a83d255fe011dfc1343d9bc Request headers :method GET :authority wellscreen.health :scheme https :path /js/assets/roey/login/mbr/r-csc_data/sp-frame.htm pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site same-origin sec-fetch-mode navigate sec-fetch-dest iframe referer https://wellscreen.health/js/assets/roey/login/mbr/r-csc.htm accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Referer https://wellscreen.health/js/assets/roey/login/mbr/r-csc.htm Response headers date Sun, 18 Apr 2021 03:33:28 GMT server Apache last-modified Wed, 29 Jul 2020 10:47:21 GMT etag "1dd0-5ab9247cc6cff-gzip" accept-ranges bytes vary Accept-Encoding,User-Agent content-encoding gzip cache-control max-age=600 expires Sun, 18 Apr 2021 03:43:28 GMT content-length 3396 content-type text/html
GET H2	200	ups.js Show response wellscreen.health/js/assets/roey/login/mbr/r-csc_data/opus-frame_data/ Frame 53EA	12 KB 5 KB	117ms 116ms	Script application/javascript	173.236.140.128 DREAMHOST-AS
General Check archive.org Show headers Download Go to Full URL https://wellscreen.health/js/assets/roey/login/mbr/r-csc_data/opus-frame_data/ups.js Requested by Host: wellscreen.health URL: https://wellscreen.health/js/assets/roey/login/mbr/r-csc_data/opus-frame.htm Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 173.236.140.128 , United States, ASN26347 (DREAMHOST-AS, US), Reverse DNS wellscreen.health Software Apache / Resource Hash 10b8a27a3b1858f7d71fa872752d27950b8acfee4333218d9de645f5d628a7cf Request headers :path /js/assets/roey/login/mbr/r-csc_data/opus-frame_data/ups.js pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept */* cache-control no-cache sec-fetch-dest script :authority wellscreen.health referer https://wellscreen.health/js/assets/roey/login/mbr/r-csc_data/opus-frame.htm :scheme https sec-fetch-site same-origin :method GET Referer https://wellscreen.health/js/assets/roey/login/mbr/r-csc_data/opus-frame.htm User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sun, 18 Apr 2021 03:33:28 GMT content-encoding gzip last-modified Wed, 29 Jul 2020 10:47:21 GMT server Apache etag "3058-5ab9247cc6cff-gzip" vary Accept-Encoding,User-Agent content-type application/javascript cache-control max-age=2592000 accept-ranges bytes content-length 4574 expires Tue, 18 May 2021 03:33:28 GMT
GET H2	200	datax.js Show response wellscreen.health/js/assets/roey/login/mbr/r-csc_data/opus-frame_data/ Frame 53EA	12 KB 4 KB	117ms 117ms	Script application/javascript	173.236.140.128 DREAMHOST-AS
General Check archive.org Show headers Download Go to Full URL https://wellscreen.health/js/assets/roey/login/mbr/r-csc_data/opus-frame_data/datax.js Requested by Host: wellscreen.health URL: https://wellscreen.health/js/assets/roey/login/mbr/r-csc_data/opus-frame.htm Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 173.236.140.128 , United States, ASN26347 (DREAMHOST-AS, US), Reverse DNS wellscreen.health Software Apache / Resource Hash 315758eb2360b46a32775274cd68acc8dccdb3380fab1d5987cd6cf5f687d839 Request headers :path /js/assets/roey/login/mbr/r-csc_data/opus-frame_data/datax.js pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept */* cache-control no-cache sec-fetch-dest script :authority wellscreen.health referer https://wellscreen.health/js/assets/roey/login/mbr/r-csc_data/opus-frame.htm :scheme https sec-fetch-site same-origin :method GET Referer https://wellscreen.health/js/assets/roey/login/mbr/r-csc_data/opus-frame.htm User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sun, 18 Apr 2021 03:33:28 GMT content-encoding gzip last-modified Wed, 29 Jul 2020 10:47:21 GMT server Apache etag "2f32-5ab9247cc6cff-gzip" vary Accept-Encoding,User-Agent content-type application/javascript cache-control max-age=2592000 accept-ranges bytes content-length 4357 expires Tue, 18 May 2021 03:33:28 GMT
GET H2	404	2.json Show response wellscreen.health/js/assets/roey/login/mbr/r-csc_data/config/ Frame 53EA	1 KB 1 KB	127ms 127ms	XHR text/html	173.236.140.128 DREAMHOST-AS
General Check archive.org Show headers Download Go to Full URL https://wellscreen.health/js/assets/roey/login/mbr/r-csc_data/config/2.json Requested by Host: wellscreen.health URL: https://wellscreen.health/js/assets/roey/login/mbr/r-csc_data/opus-frame.htm Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 173.236.140.128 , United States, ASN26347 (DREAMHOST-AS, US), Reverse DNS wellscreen.health Software Apache / Resource Hash 2b67da14e2725a72a8cccb22bb4913bcfca77c3f68caa39b912bf2567990cd94 Request headers :path /js/assets/roey/login/mbr/r-csc_data/config/2.json pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode cors accept */* cache-control no-cache sec-fetch-dest empty :authority wellscreen.health referer https://wellscreen.health/js/assets/roey/login/mbr/r-csc_data/opus-frame.htm :scheme https sec-fetch-site same-origin :method GET Referer https://wellscreen.health/js/assets/roey/login/mbr/r-csc_data/opus-frame.htm User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sun, 18 Apr 2021 03:33:28 GMT cache-control no-cache, private server Apache vary User-Agent content-type text/html; charset=UTF-8
GET H/1.1	200 OK	pixels Show response service.idsync.analytics.yahoo.com/sp/v0/ Frame 6E89	13 B 401 B	88ms 29ms	XHR application/json	3.126.56.137 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://service.idsync.analytics.yahoo.com/sp/v0/pixels?referrer=https%3A%2F%2Fwellscreen.health%2Fjs%2Fassets%2Froey%2Flogin%2Flogin.htm%3Fcmd%3Dlogin_submit%26amp%3Bid%3Dc6ae367fb4f346312e29a1dd21818385c6ae367fb4f346312e29a1dd21818385%26amp%3Bsession%3Dc6ae367fb4f346312e29a1dd21818385c6ae367fb4f346312e29a1dd21818385 Requested by Host: tag.idsync.analytics.yahoo.com URL: https://tag.idsync.analytics.yahoo.com/sp-frame.html?referrer=https%3A%2F%2Fwellscreen.health%2Fjs%2Fassets%2Froey%2Flogin%2Flogin.htm%3Fcmd%3Dlogin_submit%26amp%3Bid%3Dc6ae367fb4f346312e29a1dd21818385c6ae367fb4f346312e29a1dd21818385%26amp%3Bsession%3Dc6ae367fb4f346312e29a1dd21818385c6ae367fb4f346312e29a1dd21818385 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 3.126.56.137 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-126-56-137.eu-central-1.compute.amazonaws.com Software ATS/7.1.2.128 / Resource Hash 243fb9953e49b6005f6ae1772f507bb789a8893960a495850afe43fe34030311 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers Referer https://tag.idsync.analytics.yahoo.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Sun, 18 Apr 2021 03:33:28 GMT Strict-Transport-Security max-age=31536000; includeSubDomains; preload Server ATS/7.1.2.128 Age 0 Transfer-Encoding chunked Content-Type application/json Access-Control-Allow-Origin https://tag.idsync.analytics.yahoo.com Cache-Control no-cache Access-Control-Allow-Credentials true Connection keep-alive
GET H/1.1	200 OK	pixels Show response service.idsync.analytics.yahoo.com/sp/v0/ Frame 8C1E	13 B 388 B	85ms 28ms	XHR application/json	3.126.56.137 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://service.idsync.analytics.yahoo.com/sp/v0/pixels?euconsent=null&gdpr=null&us_privacy=undefined&referrer=https%3A%2F%2Fwellscreen.health%2Fjs%2Fassets%2Froey%2Flogin%2Fmbr%2Fr-csc.htm Requested by Host: wellscreen.health URL: https://wellscreen.health/js/assets/roey/login/mbr/r-csc_data/sp-frame.htm Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 3.126.56.137 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-126-56-137.eu-central-1.compute.amazonaws.com Software ATS/7.1.2.128 / Resource Hash 243fb9953e49b6005f6ae1772f507bb789a8893960a495850afe43fe34030311 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers Referer https://wellscreen.health/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Sun, 18 Apr 2021 03:33:28 GMT Strict-Transport-Security max-age=31536000; includeSubDomains; preload Server ATS/7.1.2.128 Age 0 Transfer-Encoding chunked Content-Type application/json Access-Control-Allow-Origin https://wellscreen.health Cache-Control no-cache Access-Control-Allow-Credentials true Connection keep-alive

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Yahoo (Online)

12 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://wellscreen.health/js/assets/roey/login/mbr/r-csc.htm(Line 21) Message: darla csc writer, invalid host (1)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

s.yimg.com
service.idsync.analytics.yahoo.com
tag.idsync.analytics.yahoo.com
wellscreen.health
152.195.51.15
173.236.140.128
2a00:1288:80:800::7001
3.126.56.137
0fdefe26bac6a6b0b06fe67984582f887af70b7da25d6cb1b401f9074db58338
10b8a27a3b1858f7d71fa872752d27950b8acfee4333218d9de645f5d628a7cf
11b4310df6e27428e7cf86f316abdc10148ac5cf3c8bbbd5b85c88b9f6290c59
146fc2ce2372c5c7350bfd1948e620ec6e4cc5ecd04c0abc0feb51b964c2addf
16281b527b0a9bbd3a2d6806aa64c4e8947eaa5366206fdd6a723dfc56c7b8d7
243fb9953e49b6005f6ae1772f507bb789a8893960a495850afe43fe34030311
2b67da14e2725a72a8cccb22bb4913bcfca77c3f68caa39b912bf2567990cd94
315758eb2360b46a32775274cd68acc8dccdb3380fab1d5987cd6cf5f687d839
31920a38a7170000a36e7963c029a130e7a6521476f76e52b0d7994b8cb1a927
340bd9116449abbfeec69e92958b1d00f798d3390e836e9b39158ce08e17f8cd
4f47ef8ff3dad2a78360ab207cf35ff2905622511c0426109f6e225052cf5637
65aa946829133f2163ed351882e770c0e7651c8c95fac3c53aa78e02a938b7ca
8eb35cf498e906242c23660cd4b0d8018f85ad4e1a83d255fe011dfc1343d9bc
b8989e0be6a0c3a8a407d8b69b7884eb5ebf401b7eee8b8b98c5eeec3ba497fa
d5312dacbe6f248c6c4b60251d7acf77bc3bc891cd9b880dead36d9babb288c4
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
fc0e2df417e7959509df87df6b4de2eb1479c8718bc2d8ab0bc70d3753c68560