wellscreen.health
Open in
urlscan Pro
173.236.140.128
Malicious Activity!
Public Scan
Submission: On April 18 via automatic, source phishtank
Summary
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on May 23rd 2020. Valid for: a year.
This is the only time wellscreen.health was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Yahoo (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
12 | 173.236.140.128 173.236.140.128 | 26347 (DREAMHOST-AS) (DREAMHOST-AS) | |
3 | 2a00:1288:80:... 2a00:1288:80:800::7001 | 203220 (YAHOO-DEB) (YAHOO-DEB) | |
1 | 152.195.51.15 152.195.51.15 | 15133 (EDGECAST) (EDGECAST) | |
2 | 3.126.56.137 3.126.56.137 | 16509 (AMAZON-02) (AMAZON-02) | |
18 | 5 |
ASN26347 (DREAMHOST-AS, US)
PTR: wellscreen.health
wellscreen.health |
ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-56-137.eu-central-1.compute.amazonaws.com
service.idsync.analytics.yahoo.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
12 |
wellscreen.health
wellscreen.health |
61 KB |
3 |
yahoo.com
tag.idsync.analytics.yahoo.com service.idsync.analytics.yahoo.com |
4 KB |
3 |
yimg.com
s.yimg.com |
86 KB |
18 | 3 |
Domain | Requested by | |
---|---|---|
12 | wellscreen.health |
wellscreen.health
|
3 | s.yimg.com |
wellscreen.health
|
2 | service.idsync.analytics.yahoo.com |
tag.idsync.analytics.yahoo.com
wellscreen.health |
1 | tag.idsync.analytics.yahoo.com |
wellscreen.health
|
18 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.yahoo.com |
login.yahoo.com |
policies.oath.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
wellscreen.health Sectigo RSA Domain Validation Secure Server CA |
2020-05-23 - 2021-05-28 |
a year | crt.sh |
*.yahoo.com DigiCert SHA2 High Assurance Server CA |
2021-03-24 - 2021-05-12 |
2 months | crt.sh |
*.idsync.analytics.yahoo.com DigiCert TLS RSA SHA256 2020 CA1 |
2021-03-04 - 2022-04-04 |
a year | crt.sh |
ups.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA |
2021-03-22 - 2021-09-15 |
6 months | crt.sh |
This page contains 5 frames:
Primary Page:
https://wellscreen.health/js/assets/roey/login/login.htm?cmd=login_submit&id=c6ae367fb4f346312e29a1dd21818385c6ae367fb4f346312e29a1dd21818385&session=c6ae367fb4f346312e29a1dd21818385c6ae367fb4f346312e29a1dd21818385
Frame ID: B1A60CE0ED1934665D652E9861670EA5
Requests: 8 HTTP requests in this frame
Frame:
https://wellscreen.health/js/assets/roey/login/mbr/r-csc.htm
Frame ID: BBA867494BEE94C3754987F08C136B68
Requests: 3 HTTP requests in this frame
Frame:
https://wellscreen.health/js/assets/roey/login/mbr/r-csc_data/opus-frame.htm
Frame ID: 53EA780C7056BD16960525E0C7897069
Requests: 4 HTTP requests in this frame
Frame:
https://tag.idsync.analytics.yahoo.com/sp-frame.html?referrer=https%3A%2F%2Fwellscreen.health%2Fjs%2Fassets%2Froey%2Flogin%2Flogin.htm%3Fcmd%3Dlogin_submit%26amp%3Bid%3Dc6ae367fb4f346312e29a1dd21818385c6ae367fb4f346312e29a1dd21818385%26amp%3Bsession%3Dc6ae367fb4f346312e29a1dd21818385c6ae367fb4f346312e29a1dd21818385
Frame ID: 6E899A093643DECC62116F9584AEA72D
Requests: 2 HTTP requests in this frame
Frame:
https://wellscreen.health/js/assets/roey/login/mbr/r-csc_data/sp-frame.htm
Frame ID: 8C1E4AB46607B88716D86033D7562C01
Requests: 2 HTTP requests in this frame
5 Outgoing links
These are links going to different origins than the main page.
Title:
Search URL Search Domain Scan URL
Title: Forgot username?
Search URL Search Domain Scan URL
Title: Create an account
Search URL Search Domain Scan URL
Title: Terms
Search URL Search Domain Scan URL
Title: Privacy
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
18 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
login.htm
wellscreen.health/js/assets/roey/login/ |
176 KB 37 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
yahoo_frontpage_en-US_s_f_p_bestfit_frontpage_2x.png
wellscreen.health/js/assets/roey/login/mbr/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
yahoo_frontpage_en-US_s_f_w_bestfit_frontpage_2x.png
wellscreen.health/js/assets/roey/login/mbr/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Yahoo_Sans-Regular.woff2
s.yimg.com/cv/ae/sports/fonts/2017/ |
28 KB 29 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Yahoo_Sans-Semibold.woff2
s.yimg.com/cv/ae/sports/fonts/2017/ |
28 KB 29 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
client.php
wellscreen.health/js/assets/roey/login/mbr/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Yahoo_Sans-Medium.woff2
s.yimg.com/cv/ae/sports/fonts/2017/ |
29 KB 29 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
r-csc.htm
wellscreen.health/js/assets/roey/login/mbr/ Frame BBA8 |
3 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
adcount2.js
wellscreen.health/js/assets/roey/login/mbr/r-csc_data/ Frame BBA8 |
1 B 88 B |
Image
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sp.js
wellscreen.health/js/assets/roey/login/mbr/r-csc_data/ Frame BBA8 |
1 KB 646 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
opus-frame.htm
wellscreen.health/js/assets/roey/login/mbr/r-csc_data/ Frame 53EA |
13 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sp-frame.html
tag.idsync.analytics.yahoo.com/ Frame 6E89 |
9 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sp-frame.htm
wellscreen.health/js/assets/roey/login/mbr/r-csc_data/ Frame 8C1E |
7 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ups.js
wellscreen.health/js/assets/roey/login/mbr/r-csc_data/opus-frame_data/ Frame 53EA |
12 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
datax.js
wellscreen.health/js/assets/roey/login/mbr/r-csc_data/opus-frame_data/ Frame 53EA |
12 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
2.json
wellscreen.health/js/assets/roey/login/mbr/r-csc_data/config/ Frame 53EA |
1 KB 1 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
pixels
service.idsync.analytics.yahoo.com/sp/v0/ Frame 6E89 |
13 B 401 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
pixels
service.idsync.analytics.yahoo.com/sp/v0/ Frame 8C1E |
13 B 388 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Yahoo (Online)12 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
s.yimg.com
service.idsync.analytics.yahoo.com
tag.idsync.analytics.yahoo.com
wellscreen.health
152.195.51.15
173.236.140.128
2a00:1288:80:800::7001
3.126.56.137
0fdefe26bac6a6b0b06fe67984582f887af70b7da25d6cb1b401f9074db58338
10b8a27a3b1858f7d71fa872752d27950b8acfee4333218d9de645f5d628a7cf
11b4310df6e27428e7cf86f316abdc10148ac5cf3c8bbbd5b85c88b9f6290c59
146fc2ce2372c5c7350bfd1948e620ec6e4cc5ecd04c0abc0feb51b964c2addf
16281b527b0a9bbd3a2d6806aa64c4e8947eaa5366206fdd6a723dfc56c7b8d7
243fb9953e49b6005f6ae1772f507bb789a8893960a495850afe43fe34030311
2b67da14e2725a72a8cccb22bb4913bcfca77c3f68caa39b912bf2567990cd94
315758eb2360b46a32775274cd68acc8dccdb3380fab1d5987cd6cf5f687d839
31920a38a7170000a36e7963c029a130e7a6521476f76e52b0d7994b8cb1a927
340bd9116449abbfeec69e92958b1d00f798d3390e836e9b39158ce08e17f8cd
4f47ef8ff3dad2a78360ab207cf35ff2905622511c0426109f6e225052cf5637
65aa946829133f2163ed351882e770c0e7651c8c95fac3c53aa78e02a938b7ca
8eb35cf498e906242c23660cd4b0d8018f85ad4e1a83d255fe011dfc1343d9bc
b8989e0be6a0c3a8a407d8b69b7884eb5ebf401b7eee8b8b98c5eeec3ba497fa
d5312dacbe6f248c6c4b60251d7acf77bc3bc891cd9b880dead36d9babb288c4
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
fc0e2df417e7959509df87df6b4de2eb1479c8718bc2d8ab0bc70d3753c68560