www.uhcprovider.com Open in urlscan Pro
2600:9000:211e:f200:2:16a:bc80:93a1 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://click.provideremail.uhc.com/?qs=f6337d6305ca96ea5d6df87981999df5f3fd961203839c4612b4d6246039d39745f650a7c6e523dcdb07fe406dce...
Effective URL:
https://www.uhcprovider.com/en/resource-library/news/network-news.html?cid=em-providernews-apr21nb-apr21
Submission Tags: phishing malicious Search All
Submission: On April 02 via api (April 2nd 2021, 5:13:35 am UTC) from US

Summary HTTP 50 Redirects Behaviour Indicators

Summary

This website contacted 14 IPs in 4 countries across 14 domains to perform 50 HTTP transactions. The main IP is 2600:9000:211e:f200:2:16a:bc80:93a1, located in United States and belongs to AMAZON-02, US. The main domain is www.uhcprovider.com.
TLS certificate: Issued by COMODO RSA Organization Validation Se... on June 7th 2020. Valid for: a year.

This is the only time www.uhcprovider.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	13.111.148.23 13.111.148.23	22606 (EXACT-7) (EXACT-7)
29	2600:9000:211... 2600:9000:211e:f200:2:16a:bc80:93a1	16509 (AMAZON-02) (AMAZON-02)
3	2a02:26f0:6c0... 2a02:26f0:6c00:299::1e80	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2606:4700:e6:... 2606:4700:e6::ac40:c518	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 3	54.171.219.200 54.171.219.200	16509 (AMAZON-02) (AMAZON-02)
1	2a02:26f0:6c0... 2a02:26f0:6c00:2b0::25ea	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	192.243.240.5 192.243.240.5	15224 (OMNITURE) (OMNITURE)
3	2a00:1450:400... 2a00:1450:4001:827::200a	15169 (GOOGLE) (GOOGLE)
1 2	2620:119:50e3... 2620:119:50e3:101::6cae:b45	14413 (LINKEDIN) (LINKEDIN)
1 1	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	52.215.8.219 52.215.8.219	16509 (AMAZON-02) (AMAZON-02)
2	15.237.76.117 15.237.76.117	16509 (AMAZON-02) (AMAZON-02)
1 1	34.253.145.149 34.253.145.149	16509 (AMAZON-02) (AMAZON-02)
1	52.18.150.20 52.18.150.20	16509 (AMAZON-02) (AMAZON-02)
1	18.197.0.176 18.197.0.176	16509 (AMAZON-02) (AMAZON-02)
1	104.17.209.240 104.17.209.240	13335 (CLOUDFLAR...) (CLOUDFLARENET)
50	14

1 13.111.148.23 (United States) 1 redirects

ASN22606 (EXACT-7, US)
PTR: click.provideremail.uhc.com

click.provideremail.uhc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

29 2600:9000:211e:f200:2:16a:bc80:93a1 (United States)

ASN16509 (AMAZON-02, US)

www.uhcprovider.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:26f0:6c00:299::1e80 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

assets.adobedtm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:e6::ac40:c518 (United States)

ASN13335 (CLOUDFLARENET, US)

siteimproveanalytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 54.171.219.200 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-171-219-200.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00:2b0::25ea (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.243.240.5 (United States)

ASN15224 (OMNITURE, US)
PTR: content.atomz.com

content.atomz.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:827::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:119:50e3:101::6cae:b45 (United States) 1 redirects

ASN14413 (LINKEDIN, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:21::14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.215.8.219 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-215-8-219.eu-west-1.compute.amazonaws.com

unitedhealthgroup.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 15.237.76.117 (Paris, France)

ASN16509 (AMAZON-02, US)
PTR: ec2-15-237-76-117.eu-west-3.compute.amazonaws.com

smetrics.optum.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.253.145.149 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-253-145-149.eu-west-1.compute.amazonaws.com

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.18.150.20 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-18-150-20.eu-west-1.compute.amazonaws.com

unitedhealthgroup.tt.omtrdc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.197.0.176 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-197-0-176.eu-central-1.compute.amazonaws.com

6256127.global.siteimproveanalytics.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.17.209.240 (United States)

ASN13335 (CLOUDFLARENET, US)

zn5jyvrpbnscxinrr-uhcdr.siteintercept.qualtrics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
29	uhcprovider.com www.uhcprovider.com	2 MB
4	demdex.net 1 redirects dpm.demdex.net unitedhealthgroup.demdex.net	6 KB
3	linkedin.com 2 redirects px.ads.linkedin.com www.linkedin.com	3 KB
3	googleapis.com ajax.googleapis.com	52 KB
3	adobedtm.com assets.adobedtm.com	147 KB
2	atomz.com content.atomz.com	3 KB
2	optum.com healthid.optum.com Failed smetrics.optum.com	755 B
1	qualtrics.com zn5jyvrpbnscxinrr-uhcdr.siteintercept.qualtrics.com	18 KB
1	siteimproveanalytics.io 6256127.global.siteimproveanalytics.io	650 B
1	omtrdc.net unitedhealthgroup.tt.omtrdc.net	515 B
1	everesttech.net 1 redirects cm.everesttech.net	517 B
1	licdn.com snap.licdn.com	2 KB
1	siteimproveanalytics.com siteimproveanalytics.com	9 KB
1	uhc.com 1 redirects click.provideremail.uhc.com	279 B
50	14

	Domain	Requested by
29	www.uhcprovider.com	www.uhcprovider.com
3	ajax.googleapis.com	www.uhcprovider.com
3	dpm.demdex.net	1 redirects www.uhcprovider.com
3	assets.adobedtm.com	www.uhcprovider.com assets.adobedtm.com
2	smetrics.optum.com	www.uhcprovider.com
2	px.ads.linkedin.com	1 redirects www.uhcprovider.com
2	content.atomz.com	www.uhcprovider.com
1	zn5jyvrpbnscxinrr-uhcdr.siteintercept.qualtrics.com	www.uhcprovider.com
1	6256127.global.siteimproveanalytics.io	www.uhcprovider.com
1	unitedhealthgroup.tt.omtrdc.net	www.uhcprovider.com
1	cm.everesttech.net	1 redirects
1	unitedhealthgroup.demdex.net	assets.adobedtm.com
1	www.linkedin.com	1 redirects
1	snap.licdn.com	www.uhcprovider.com
1	siteimproveanalytics.com	www.uhcprovider.com
1	click.provideremail.uhc.com	1 redirects
0	healthid.optum.com Failed	www.uhcprovider.com
50	17

This site contains no links.

Subject Issuer	Validity	Valid
www.uhcprovider.com COMODO RSA Organization Validation Secure Server CA	`2020-06-07` - `2021-06-07`	a year	crt.sh
assets.adobedtm.com DigiCert TLS RSA SHA256 2020 CA1	`2021-01-08` - `2021-09-30`	9 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-08-06` - `2021-08-06`	a year	crt.sh
*.demdex.net DigiCert TLS RSA SHA256 2020 CA1	`2020-12-02` - `2022-01-02`	a year	crt.sh
*.licdn.com DigiCert SHA2 Secure Server CA	`2019-04-01` - `2021-05-07`	2 years	crt.sh
*.atomz.com DigiCert TLS RSA SHA256 2020 CA1	`2021-01-20` - `2022-02-08`	a year	crt.sh
upload.video.google.com GTS CA 1O1	`2021-03-16` - `2021-06-08`	3 months	crt.sh
px.ads.linkedin.com DigiCert SHA2 Secure Server CA	`2021-01-06` - `2021-07-05`	6 months	crt.sh
smetrics.optum.com COMODO RSA Organization Validation Secure Server CA	`2020-05-13` - `2021-05-13`	a year	crt.sh
*.tt.omtrdc.net DigiCert SHA2 Secure Server CA	`2020-11-02` - `2021-11-09`	a year	crt.sh
*.global.siteimproveanalytics.io DigiCert SHA2 Secure Server CA	`2020-03-30` - `2022-04-04`	2 years	crt.sh
*.qualtrics.com DigiCert SHA2 Secure Server CA	`2020-10-26` - `2021-11-26`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://www.uhcprovider.com/en/resource-library/news/network-news.html?cid=em-providernews-apr21nb-apr21
Frame ID: DE3E21E3C0729C819B099D71E46936E3
Requests: 48 HTTP requests in this frame

Frame: https://unitedhealthgroup.demdex.net/dest5.html?d_nsid=0
Frame ID: 40AB19B249C75B421FDFE5B93301839D
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://click.provideremail.uhc.com/?qs=f6337d6305ca96ea5d6df87981999df5f3fd961203839c4612b4d6246039d39745f650a7... HTTP 302
https://www.uhcprovider.com/en/resource-library/news/network-news.html?cid=em-providernews-apr21nb-apr21 Page URL

Detected technologies

Amazon Web Services (PaaS) Expand

Overall confidence: 100%
Detected patterns

headers via /$CloudFront$$/i

Amazon Cloudfront (CDN) Expand

Overall confidence: 100%
Detected patterns

headers via /$CloudFront$$/i

Page Statistics

50
Requests

96 %
HTTPS

44 %
IPv6

14
Domains

17
Subdomains

14
IPs

4
Countries

2003 kB
Transfer

3274 kB
Size

18
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://click.provideremail.uhc.com/?qs=f6337d6305ca96ea5d6df87981999df5f3fd961203839c4612b4d6246039d39745f650a7c6e523dcdb07fe406dcecdc393d7516519c3e1a2 HTTP 302
https://www.uhcprovider.com/en/resource-library/news/network-news.html?cid=em-providernews-apr21nb-apr21 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 12

https://www.uhcprovider.com/bin/secure/optum/auth-servlet HTTP 302
https://healthid.optum.com/siteminderagent/SmMakeCookie.ccc?SMSESSION=QUERY&PERSIST=0&TARGET=$SM$https%3a%2f%2fwww%2euhcprovider%2ecom%2fbin%2fsecure%2foptum%2fauth-servlet

Request Chain 14

https://dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=8E391C8B533058250A490D4D%40AdobeOrg&d_nsid=0&ts=1617340399451 HTTP 302
https://dpm.demdex.net/id/rd?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=8E391C8B533058250A490D4D%40AdobeOrg&d_nsid=0&ts=1617340399451

Request Chain 37

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1898745&time=1617340399613&url=https%3A%2F%2Fwww.uhcprovider.com%2Fen%2Fresource-library%2Fnews%2Fnetwork-news.html%3Fcid%3Dem-providernews-apr21nb-apr21 HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D1898745%26time%3D1617340399613%26url%3Dhttps%253A%252F%252Fwww.uhcprovider.com%252Fen%252Fresource-library%252Fnews%252Fnetwork-news.html%253Fcid%253Dem-providernews-apr21nb-apr21%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1898745&time=1617340399613&url=https%3A%2F%2Fwww.uhcprovider.com%2Fen%2Fresource-library%2Fnews%2Fnetwork-news.html%3Fcid%3Dem-providernews-apr21nb-apr21&liSync=true

Request Chain 41

https://cm.everesttech.net/cm/dd?d_uuid=44762432262430573951538392319529184788 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=YGan7wAAAGU-9wHZ

50 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request network-news.html Show response
www.uhcprovider.com/en/resource-library/news/
Redirect Chain

https://click.provideremail.uhc.com/?qs=f6337d6305ca96ea5d6df87981999df5f3fd961203839c4612b4d6246039d39745f650a7c6e523dcdb07fe406dcecdc393d7516519c3e1a2
https://www.uhcprovider.com/en/resource-library/news/network-news.html?cid=em-providernews-apr21nb-apr21

712 KB
714 KB

1280ms
1233ms

Document
text/html

2600:9000:211e:f200:2:16a:bc80:93a1
AMAZON-02

General

Domain/Path	Expires	Name / Value
.demdex.net/	1970-01-19 21:34:52	Name: demdex Value: 44762432262430573951538392319529184788
.uhcprovider.com/	1969-12-31 23:59:59	Name: rxvt Value: 1617342200738\|1617340399309
.uhcprovider.com/	1969-12-31 23:59:59	Name: TS01d270d7 Value: 016f206c385b493d0a1398495bf935f91127c1e80441c96144e6ad07b4070c51a979b7a1c8c26e6cb1c8e44e37fc3f94d1702badc9
www.uhcprovider.com/	1969-12-31 23:59:59	Name: TS0171fd1f Value: 016f206c385b493d0a1398495bf935f91127c1e80441c96144e6ad07b4070c51a979b7a1c8c26e6cb1c8e44e37fc3f94d1702badc9
.uhcprovider.com/	1969-12-31 23:59:59	Name: dtCookie Value: v_4_srv_21_sn_19DE81184E738A8AA91C97D5FB2E2BD9_perc_100000_ol_0_mul_1
www.uhcprovider.com/	1970-01-19 17:15:40	Name: user.status Value: NOTLOGGEDIN
.uhcprovider.com/	1969-12-31 23:59:59	Name: dtPC Value: 37$340399304_758h17vUOCVDGNQFTKTVEGABSTLEADFABWSUCST-0e1
.uhcprovider.com/	1969-12-31 23:59:59	Name: dtSa Value: -
.uhcprovider.com/	1969-12-31 23:59:59	Name: s_cc Value: true
.uhcprovider.com/	1970-01-19 17:15:42	Name: s_gpv Value: no%20previous%20value
.uhcprovider.com/	1970-01-20 17:15:40	Name: nmstat Value: 37c4f804-015e-d7ef-a3d3-4b07cb81aa97
.uhcprovider.com/	1969-12-31 23:59:59	Name: at_check Value: true
.uhcprovider.com/	1970-01-20 10:49:45	Name: mbox Value: session#7af5ccec207849038adb143fbccb379f#1617342261\|PC#7af5ccec207849038adb143fbccb379f.37_0#1680585201
.uhcprovider.com/	1970-01-20 10:46:52	Name: AMCV_8E391C8B533058250A490D4D%40AdobeOrg Value: -1124106680%7CMCIDTS%7C18720%7CMCMID%7C36004012670861867781923187906366108157%7CMCAAMLH-1617945199%7C6%7CMCAAMB-1617945199%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1617347599s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-18727%7CvVersion%7C5.2.0
www.uhcprovider.com/	1969-12-31 23:59:59	Name: SessionPersistence Value: PROFILEDATA%3A%3DauthorizableId%253Danonymous
.uhcprovider.com/	1969-12-31 23:59:59	Name: dtLatC Value: 350
.uhcprovider.com/	1969-12-31 23:59:59	Name: AMCVS_8E391C8B533058250A490D4D%40AdobeOrg Value: 1
.uhcprovider.com/	1970-01-20 10:46:52	Name: rxVisitor Value: 1617340399307DVDNLL9PVV2VDA9VE60TILMI67SB622V

Source	Level	URL Text
console-api	log	URL: https://www.uhcprovider.com/en/resource-library/news/network-news.html?cid=em-providernews-apr21nb-apr21(Line 43) Message: network-news
console-api	log	URL: https://assets.adobedtm.com/launch-ENc6e1900426c840fd81d27085571d578d.min.js(Line 7) Message: Encryption Library Load Start------------
console-api	log	URL: https://assets.adobedtm.com/launch-ENc6e1900426c840fd81d27085571d578d.min.js(Line 10) Message: Encryption Library Load Ends------------
console-api	log	(Line 7) Message: Request succeeded [object Object]

Header	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

www.uhcprovider.com Open in urlscan Pro 2600:9000:211e:f200:2:16a:bc80:93a1 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

50 Requests

96 %HTTPS

44 %IPv6

14 Domains

17 Subdomains

14 IPs

4 Countries

2003 kBTransfer

3274 kBSize

18 Cookies

0 Outgoing links

Page URL History

Redirected requests

50 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.uhcprovider.com Open in urlscan Pro
2600:9000:211e:f200:2:16a:bc80:93a1 Public Scan

Screenshot
Live screenshot

Full Image

50
Requests

96 %
HTTPS

44 %
IPv6

14
Domains

17
Subdomains

14
IPs

4
Countries

2003 kB
Transfer

3274 kB
Size

18
Cookies

50 HTTP transactions
0 data transactions