covid.tips - urlscan.io

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 4 HTTP transactions. The main IP is 52.219.101.36, located in Columbus, United States and belongs to AMAZON-02, US. The main domain is covid.tips.

This is the only time covid.tips was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	52.219.101.36 52.219.101.36	16509 (AMAZON-02) (AMAZON-02)
3	2606:4700:10:... 2606:4700:10::6816:375	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2

1 52.219.101.36 (Columbus, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-website.us-east-2.amazonaws.com

covid.tips	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:10::6816:375 (United States)

ASN13335 (CLOUDFLARENET, US)

fonts.loli.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
gstatic.loli.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	loli.net fonts.loli.net gstatic.loli.net	20 KB
1	covid.tips covid.tips	29 KB
4	2

	Domain	Requested by
2	gstatic.loli.net	covid.tips
1	fonts.loli.net	covid.tips
1	covid.tips
4	3

This site contains links to these domains. Also see Links.

Domain
www.theguardian.com
www.youtube.com
i.imgur.com
www.google.com
www.cdc.gov
www.healthline.com
www.npr.org
jamanetwork.com

Subject Issuer	Validity	Valid
loli.net CloudFlare Inc ECC CA-2	`2020-01-11` - `2020-10-09`	9 months	crt.sh

This page contains 1 frames:

Primary Page: http://covid.tips/
Frame ID: 7ABF9E1E570FDF490D8914B6D5CF3229
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Amazon Web Services (PaaS) Expand

Overall confidence: 100%
Detected patterns

headers server /^AmazonS3$/i

Amazon S3 (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

headers server /^AmazonS3$/i

Page Statistics

4
Requests

75 %
HTTPS

50 %
IPv6

2
Domains

3
Subdomains

2
IPs

1
Countries

49 kB
Transfer

56 kB
Size

0
Cookies

9 Outgoing links

These are links going to different origins than the main page.

URL: https://www.theguardian.com/world/2020/feb/29/to-hell-and-back-my-three-weeks-suffering-from-coronavirus
Title: This account of a young individual in China

Search URL Search Domain Scan URL

URL: https://www.youtube.com/watch?v=xTYioOo__6U
Title: Youtube video

Search URL Search Domain Scan URL

URL: https://i.imgur.com/vkkAnxi.jpg
Title: checklist

Search URL Search Domain Scan URL

URL: https://www.google.com/search?q=immunity+boosting+foods
Title: Google

Search URL Search Domain Scan URL

URL: https://www.cdc.gov/coronavirus/2019-nCoV/summary.html
Title: CDC's Summary Page - constantly updated

Search URL Search Domain Scan URL

URL: https://www.cdc.gov/flu/prevent/actions-prevent-flu.htm
Title: CDC's tips for Flu

Search URL Search Domain Scan URL

URL: https://www.healthline.com/health-news/heres-what-happens-to-the-body-after-contracting-the-coronavirus
Title: Here’s What Happens to the Body After Contracting the Coronavirus

Search URL Search Domain Scan URL

URL: https://www.npr.org/2020/02/27/810016611/coronavirus-101-what-you-need-to-know-to-prepare-and-prevent
Title: Source

Search URL Search Domain Scan URL

URL: https://jamanetwork.com/journals/jama/fullarticle/2762130
Title: at 2%

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

4 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
covid.tips/ 29 KB
29 KB 353ms
305ms Document
text/html 52.219.101.36
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://covid.tips/
Protocol: HTTP/1.1
Server: 52.219.101.36 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-website.us-east-2.amazonaws.com
Software: AmazonS3 /
Resource Hash: 93637292a67eeec685f7518d664fa653ac750c2744c4902fe1c6b44c1bd000a9

Request headers

Host: covid.tips
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-id-2: /sijv2SjgE8XLIDCmlC/xJxyMTXv0pzrBYqV5NfhuXRoKzYQCWEEQ4VyO/4cxJtOPSPaZjWOJZ4=
x-amz-request-id: 442EACCE41834144
Date: Fri, 05 Jun 2020 22:36:09 GMT
Last-Modified: Mon, 02 Mar 2020 20:13:17 GMT
ETag: "0053988ba3405e38276c314ea2beb104-1"
Content-Type: text/html
Content-Length: 29316
Server: AmazonS3

GET
H2 200 css
fonts.loli.net/ 10 KB
1 KB 105ms
57ms Stylesheet
text/css 2606:4700:10::6816:375
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.loli.net/css?family=Open+Sans:400italic,700italic,700,400&subset=latin,latin-ext

Requested by

Host: covid.tips
URL: http://covid.tips/

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:375 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7def14256173ccb73db88c8b170f9434607a7dfaf8a06b1177e0f61fe48eecc0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://covid.tips/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 05 Jun 2020 22:36:08 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-xss-protection: 1; mode=block
status: 200
x-custom-job: Please email sales@sa.net if you need outsourcing support service.
alt-svc: h3-27=":443"; ma=86400
cf-request-id: 032839a46e00001f45e1006200000001
timing-allow-origin: *
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: max-age=315360000
cf-ray: 59ed5ee7199a1f45-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 mem5YaGs126MiZpBA-UN7rgOUuhpKKSTjw.woff2
gstatic.loli.net/s/opensans/v17/ 9 KB
9 KB 115ms
58ms Font
font/woff2 2606:4700:10::6816:375
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://gstatic.loli.net/s/opensans/v17/mem5YaGs126MiZpBA-UN7rgOUuhpKKSTjw.woff2

Requested by

Host: covid.tips
URL: http://covid.tips/

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:375 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a48a6e4b14fe55f750c0a3dfb5a6f4941bdc06af0aa542b90de25c30c2b4625c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://fonts.loli.net/css?family=Open+Sans:400italic,700italic,700,400&subset=latin,latin-ext
Origin: http://covid.tips

Response headers

date: Fri, 05 Jun 2020 22:36:08 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
status: 200
x-custom-job: Please email sales@sa.net if you need outsourcing support service.
alt-svc: h3-27=":443"; ma=86400
content-length: 9080
x-xss-protection: 1; mode=block
timing-allow-origin: *
last-modified: Tue, 23 Jul 2019 19:31:11 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: font/woff2
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: max-age=315360000
cf-request-id: 032839a4ee0000c2dbbc86d200000001
accept-ranges: bytes
cf-ray: 59ed5ee7eb00c2db-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2
gstatic.loli.net/s/opensans/v17/ 9 KB
10 KB 94ms
37ms Font
font/woff2 2606:4700:10::6816:375
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://gstatic.loli.net/s/opensans/v17/mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2

Requested by

Host: covid.tips
URL: http://covid.tips/

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:375 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

54c64f3c66372027154f01fc9f24b4e25fdfe405b70d1994c79abbc2576ff775

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://fonts.loli.net/css?family=Open+Sans:400italic,700italic,700,400&subset=latin,latin-ext
Origin: http://covid.tips

Response headers

date: Fri, 05 Jun 2020 22:36:08 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
status: 200
x-custom-job: Please email sales@sa.net if you need outsourcing support service.
alt-svc: h3-27=":443"; ma=86400
content-length: 9132
x-xss-protection: 1; mode=block
timing-allow-origin: *
last-modified: Tue, 23 Jul 2019 19:30:49 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: font/woff2
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: max-age=315360000
cf-request-id: 032839a4ee0000c2dbbc86e200000001
accept-ranges: bytes
cf-ray: 59ed5ee7eb01c2db-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

Verdicts & Comments Add Verdict or Comment

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

covid.tips
fonts.loli.net
gstatic.loli.net
2606:4700:10::6816:375
52.219.101.36
54c64f3c66372027154f01fc9f24b4e25fdfe405b70d1994c79abbc2576ff775
7def14256173ccb73db88c8b170f9434607a7dfaf8a06b1177e0f61fe48eecc0
93637292a67eeec685f7518d664fa653ac750c2744c4902fe1c6b44c1bd000a9
a48a6e4b14fe55f750c0a3dfb5a6f4941bdc06af0aa542b90de25c30c2b4625c

covid.tips Open in urlscan Pro 52.219.101.36 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

4 Requests

75 %HTTPS

50 %IPv6

2 Domains

3 Subdomains

2 IPs

1 Countries

49 kBTransfer

56 kBSize

0 Cookies

9 Outgoing links

Redirected requests

4 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

2 JavaScript Global Variables

0 Cookies

Indicators

covid.tips Open in urlscan Pro
52.219.101.36 Public Scan

Screenshot
Live screenshot

Full Image

4
Requests

75 %
HTTPS

50 %
IPv6

2
Domains

3
Subdomains

2
IPs

1
Countries

49 kB
Transfer

56 kB
Size

0
Cookies

4 HTTP transactions
0 data transactions