Submitted URL: https://protect-us.mimecast.com/s/iHtvCL9RP9I8oBL3cBqqWZ?domain=click.phealthinsurance.com
Effective URL: https://click.phealthinsurance.com/?t=u&schedule_campaign_id=MzY2Nw%3D%3D&subscriber_id=NDMzMDE0MA%3D%3D&ids=ODI%3D__MTUzMzU5OTI3__...
Submission: On October 18 via manual from IN — Scanned from US

Summary

This website contacted 2 IPs in 2 countries across 3 domains to perform 2 HTTP transactions. The main IP is 62.138.7.222, located in Strasbourg, France and belongs to GD-EMEA-DC-SXB1, DE. The main domain is click.phealthinsurance.com.
TLS certificate: Issued by R3 on October 9th 2022. Valid for: 3 months.
This is the only time click.phealthinsurance.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 2 205.139.111.117 30031 (MIMECAST-)
1 62.138.7.222 8972 (GD-EMEA-D...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 2
Apex Domain
Subdomains
Transfer
2 mimecast.com
protect-us.mimecast.com — Cisco Umbrella Rank: 8270
3 KB
1 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 216
33 KB
1 phealthinsurance.com
click.phealthinsurance.com
14 KB
2 3
Domain Requested by
2 protect-us.mimecast.com 2 redirects
1 cdnjs.cloudflare.com click.phealthinsurance.com
1 click.phealthinsurance.com
2 3

This site contains no links.

Subject Issuer Validity Valid
click.phealthinsurance.com
R3
2022-10-09 -
2023-01-07
3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2022-08-03 -
2023-08-02
a year crt.sh

This page contains 1 frames:

Primary Page: https://click.phealthinsurance.com/?t=u&schedule_campaign_id=MzY2Nw%3D%3D&subscriber_id=NDMzMDE0MA%3D%3D&ids=ODI%3D__MTUzMzU5OTI3__MzI5
Frame ID: 89D254E612DB24CEB09D99CEEEFA50A5
Requests: 2 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. https://protect-us.mimecast.com/s/iHtvCL9RP9I8oBL3cBqqWZ?domain=click.phealthinsurance.com HTTP 307
    https://protect-us.mimecast.com/r/rpL3kV26rRYz4iNz58ltvMGJOltBI2FwaiyVk4Mo_bIq0QfTjA8ooFFoZ1u2cEa8rn9BbnyXUp... HTTP 307
    https://click.phealthinsurance.com/?t=u&schedule_campaign_id=MzY2Nw%3D%3D&subscriber_id=NDMzMDE0MA%3D%3D&ids=OD... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • TweenMax(?:\.min)?\.js

Page Statistics

2
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

2
IPs

2
Countries

48 kB
Transfer

169 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://protect-us.mimecast.com/s/iHtvCL9RP9I8oBL3cBqqWZ?domain=click.phealthinsurance.com HTTP 307
    https://protect-us.mimecast.com/r/rpL3kV26rRYz4iNz58ltvMGJOltBI2FwaiyVk4Mo_bIq0QfTjA8ooFFoZ1u2cEa8rn9BbnyXUpV3-3uiGH6a-7kfAA-rmZB_mFW53-lXu-AyLVNui1h04RM9zQT-0WJa3ldlla7Bfoxak6PFD6hwl-JcdjYSjhWT_O72KifkGico3N-AuWiefkwgpnVTbImqXxjTzMLi3qb7-O6iDN-wxDbRTaOJI1zRDa7v2WXajnJR7CK3_qhsVWqkE3hfO8NXuzdZLN08j5pE1sanIwwNUsjfUDWf3vXvepNKJQy1QyJ3RnfQzLEx4xwjiEOhJ04Qx4lOvdYhzj019f0P9gHUeKlHGP8z2z1AsiDsBM7rlh_Mp0vvpOXc3nzpVFK6x-FtQ72BDkzD2RfveQB6ptvcF4jFDilOj_EzdKRV8Dv8eRMWzJlZf2CQrL3LY1BRDkydXSqowo7gfqy9u72WRAiWw2COCwKiHPgII8LdNwJtdGgq0eqNHBiD9jEta5dU8wcAENCjumRok3wfTi_aYLalDGNIYrKzhtP-z5asKiIASfWHBzFgK8aSCyQcTT9Ag2PiDHQGJfe3Cj7yOduKa4jHyP-iprbEo8BiA2l_lL8lP4MNBUGzuNaeV_Ff8RaF-SdNT66fL2ZRbgxgVEYJ0SMESbPJ2bIJ4hJWblBRhycNyqXQn9pzTsh3j_oXdjgPR5XlZj59WUdJ6ERumOHGUVqSKxmlJ2mwdMbKjKoZsABZrtmOWrbpvNZV1ybkTQuVoZyMzseS6hB6U4KE1wYve6jon6L-gjFVIewg35Kr5Qq5aATTswVCo4PoUVQHjvP2Htc2epAjU6pFLCgb6Bpu5oXrQ3amxwtm8DXs1uF1DQOxpHEfb8z-bV1WPQD0LaL9WLNE9xUXoB9x3zBg18cRV9q-FoSEvk1NauZiHChZ1HHZizwvwEoO9dLOnwJZFjmyKGQn9bg2uWzZOVBgrS1IffPgE9Gj8-eMYoqegNk-THh6Ek4sZPKyc7wxudW74JOVkfWMSm6iotlVTeIU4vBAxDBTV_PjD3KrlX1BEpZEg6-bJRcHb8eVrvJTLmBqTbm0BNgow8XWele_oKHWa1BgEqIasdZV5AbeZGG9Aw2y0BL-04EP60LqICEmmof_XGQXy2VzU9_xo1weOF5roi2eCznAHn2MaJF2ZRKWb2codjU1DYSPKIN1hAvJSCgNJ7pTlrbxNf7lzQuA2AzIqRO-yfO101rDeEqE6o1Ueyj20P__i6-UPJ2jeS1ovlMubz9qE93_Hjzlbt3meYY6grpM3AkPO_Mid2k422zSJ8V_7rAlY2C8EttaOL_f34Oijf6j6U6FYsgqEHGQaT07oG1OyvCbqffaJIMOp1vdbaMe6mqXPwGCKvE6Uw26kC16AOHjMpPA55dOIts3nFWYB9CwJIeTPXkhduIaPOUzSo3Rjku1H4Ve2ZEMWKIafs98-F4cAfO3DTObm4qsDbZTGuWutPeRddiIbjE3T37GkL4y7WmLBvv1ZGr69fEnmWgkOBVWpD7AzfY3qqgYGaY_wlQd9du8xnWDVfk4dm__3ZFtea6ePHEkLrnA5piu0-GrtmnT5hOOxeNj1h1WsyPT7-Fc6Ey6czIfMPAmxqdhxGmWDrKBYQi2I4Yq85v4bhuHXpARFAPvKpaoPYyCjpRpRYe_ZakQBRrL5UgsE4v4a5wdWz21210iEv8vZNQfnzG7sBcjAQ1HMpbG-xnsDtFLvu5YKbw1w0hYj40yiX8TDP8PojFdP2s1I5RxARRHgVr4Jx6g8qi1TvTku-oSNIYgvIKrOYocODBqpPBqRPcqRB3BdRu1V5-7nMwCEF6_vYT-ObSHD_OzeXiDQuiTnocOrR5xTVfnxIYbHYwrVIyyjBXAcS4Owm184eeYKYXgcePANsd7vyHqz5JImCSrsmZmuaSRo_7ziQkQAt_LgE8kUWJ_xpdICQM HTTP 307
    https://click.phealthinsurance.com/?t=u&schedule_campaign_id=MzY2Nw%3D%3D&subscriber_id=NDMzMDE0MA%3D%3D&ids=ODI%3D__MTUzMzU5OTI3__MzI5 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

2 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
click.phealthinsurance.com/
Redirect Chain
  • https://protect-us.mimecast.com/s/iHtvCL9RP9I8oBL3cBqqWZ?domain=click.phealthinsurance.com
  • https://protect-us.mimecast.com/r/rpL3kV26rRYz4iNz58ltvMGJOltBI2FwaiyVk4Mo_bIq0QfTjA8ooFFoZ1u2cEa8rn9BbnyXUpV3-3uiGH6a-7kfAA-rmZB_mFW53-lXu-AyLVNui1h04RM9zQT-0WJa3ldlla7Bfoxak6PFD6hwl-JcdjYSjhWT_O7...
  • https://click.phealthinsurance.com/?t=u&schedule_campaign_id=MzY2Nw%3D%3D&subscriber_id=NDMzMDE0MA%3D%3D&ids=ODI%3D__MTUzMzU5OTI3__MzI5
58 KB
14 KB
Document
General
Full URL
https://click.phealthinsurance.com/?t=u&schedule_campaign_id=MzY2Nw%3D%3D&subscriber_id=NDMzMDE0MA%3D%3D&ids=ODI%3D__MTUzMzU5OTI3__MzI5
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
62.138.7.222 Strasbourg, France, ASN8972 (GD-EMEA-DC-SXB1, DE),
Reverse DNS
serv31731.hh-networks.com
Software
Apache /
Resource Hash
baad490eecba1218aebad284efdcb175b6fbedc2a427d2c6de409f6306708de0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

content-encoding
br
content-length
14545
content-type
text/html; charset=UTF-8
date
Tue, 18 Oct 2022 01:47:05 GMT
server
Apache
vary
Accept-Encoding

Redirect headers

Cache-control
no-store
Connection
keep-alive
Content-Length
0
Date
Tue, 18 Oct 2022 01:47:06 GMT
Location
https://click.phealthinsurance.com/?t=u&schedule_campaign_id=MzY2Nw%3D%3D&subscriber_id=NDMzMDE0MA%3D%3D&ids=ODI%3D__MTUzMzU5OTI3__MzI5
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Robots-Tag
noindex, nofollow
TweenMax.min.js
cdnjs.cloudflare.com/ajax/libs/gsap/1.20.2/
112 KB
33 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/gsap/1.20.2/TweenMax.min.js
Requested by
Host: click.phealthinsurance.com
URL: https://click.phealthinsurance.com/?t=u&schedule_campaign_id=MzY2Nw%3D%3D&subscriber_id=NDMzMDE0MA%3D%3D&ids=ODI%3D__MTUzMzU5OTI3__MzI5
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c5a1af3f56b4294252d7c75144ae9d0ac198e9229952b7e11cbb31f17f138123
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://click.phealthinsurance.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Tue, 18 Oct 2022 01:47:06 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
1173176
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
33291
last-modified
Mon, 04 May 2020 16:10:25 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03e71-1be2c"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qiwQS9ryf%2FyTBRD0P7cTJV258aUFJoVGkakp2f0NpDhZB5hNT%2F9VaTWbl30k01D4ea91M48lPizP%2FzdslWz4eORBUuBIts38dtKBQ%2FLkumpyFCWTFqASJtwILBXfmcWo8J3C%2Bp4ccmJVfQadY7%2BK4KVv"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
75bd9aa88d1cb3c2-MIA
expires
Sun, 08 Oct 2023 01:47:06 GMT

Verdicts & Comments Add Verdict or Comment

74 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation object| _gsScope object| _gsQueue object| GreenSockGlobals object| com function| _gsDefine function| Ease function| Power4 function| Strong function| Quint function| Power3 function| Quart function| Power2 function| Cubic function| Power1 function| Quad function| Power0 function| Linear function| TweenLite function| TweenPlugin function| TweenMax function| TimelineLite function| TimelineMax function| BezierPlugin function| CSSPlugin function| BackOut function| BackIn function| BackInOut object| Back function| SlowMo function| SteppedEase function| RoughEase function| BounceOut function| BounceIn function| BounceInOut object| Bounce function| CircOut function| CircIn function| CircInOut object| Circ function| ElasticOut function| ElasticIn function| ElasticInOut object| Elastic function| ExpoOut function| ExpoIn function| ExpoInOut object| Expo function| SineOut function| SineIn function| SineInOut object| Sine object| EaseLookup function| MorphSVGPlugin number| windowWidth number| windowHeight function| setWindowSize object| eyes object| cursorPos function| mousemove function| touchmove object| eyeFollow boolean| clicked undefined| cancelled object| animate function| random

0 Cookies

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdnjs.cloudflare.com
click.phealthinsurance.com
protect-us.mimecast.com
205.139.111.117
2606:4700::6811:190e
62.138.7.222
baad490eecba1218aebad284efdcb175b6fbedc2a427d2c6de409f6306708de0
c5a1af3f56b4294252d7c75144ae9d0ac198e9229952b7e11cbb31f17f138123