haltcoronavirusnow.com
Open in
urlscan Pro
2606:4700:3032::681f:57db
Public Scan
Submitted URL: http://coronavirsunow.com/
Effective URL: https://haltcoronavirusnow.com/why-americans-are-running-to-buy-this-mask/?city=Rotterdam&cep=dRNjo5g7kiQ3k1mCO2Shlm71biCob4R8J...
Submission: On March 24 via api from DE
Effective URL: https://haltcoronavirusnow.com/why-americans-are-running-to-buy-this-mask/?city=Rotterdam&cep=dRNjo5g7kiQ3k1mCO2Shlm71biCob4R8J...
Submission: On March 24 via api from DE
Summary
This website contacted 4 IPs
in 2 countries
across 5 domains to perform 17 HTTP transactions.
The main IP is 2606:4700:3032::681f:57db, located in
United States and
belongs to CLOUDFLARENET, US.
The main domain is haltcoronavirusnow.com.
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on March 20th 2020. Valid for: 7 months.
This is the only time haltcoronavirusnow.com was scanned on urlscan.io!
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on March 20th 2020. Valid for: 7 months.
This is the only time haltcoronavirusnow.com was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 1 | 75.126.104.238 75.126.104.238 | 36351 (SOFTLAYER) (SOFTLAYER) | |
| 1 1 | 18.197.88.156 18.197.88.156 | 16509 (AMAZON-02) (AMAZON-02) | |
| 10 | 2606:4700:303... 2606:4700:3032::681f:57db | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 1 | 2a00:1450:400... 2a00:1450:4001:825::200a | 15169 (GOOGLE) (GOOGLE) | |
| 2 | 2a00:1450:400... 2a00:1450:4001:821::200a | 15169 (GOOGLE) (GOOGLE) | |
| 4 | 2a00:1450:400... 2a00:1450:4001:81c::2003 | 15169 (GOOGLE) (GOOGLE) | |
| 17 | 4 |
1
75.126.104.238
(Dallas, United States)
ASN36351 (SOFTLAYER, US)
PTR: ee.68.7e4b.ip4.static.sl-reverse.com
ASN36351 (SOFTLAYER, US)
PTR: ee.68.7e4b.ip4.static.sl-reverse.com
| coronavirsunow.com |
1
18.197.88.156
(Frankfurt am Main, Germany)
ASN16509 (AMAZON-02, US)
PTR: ec2-18-197-88-156.eu-central-1.compute.amazonaws.com
ASN16509 (AMAZON-02, US)
PTR: ec2-18-197-88-156.eu-central-1.compute.amazonaws.com
| click.tr4cknow.site |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 10 |
haltcoronavirusnow.com
haltcoronavirusnow.com |
841 KB |
| 4 |
gstatic.com
fonts.gstatic.com |
45 KB |
| 3 |
googleapis.com
ajax.googleapis.com fonts.googleapis.com |
35 KB |
| 1 |
tr4cknow.site
1 redirects
click.tr4cknow.site |
1 KB |
| 1 |
coronavirsunow.com
1 redirects
coronavirsunow.com |
318 B |
| 17 | 5 |
| Domain | Requested by | |
|---|---|---|
| 10 | haltcoronavirusnow.com |
haltcoronavirusnow.com
|
| 4 | fonts.gstatic.com |
haltcoronavirusnow.com
|
| 2 | fonts.googleapis.com |
haltcoronavirusnow.com
|
| 1 | ajax.googleapis.com |
haltcoronavirusnow.com
|
| 1 | click.tr4cknow.site | 1 redirects |
| 1 | coronavirsunow.com | 1 redirects |
| 17 | 6 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| click.tr4cknow.site |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| sni.cloudflaressl.com CloudFlare Inc ECC CA-2 |
2020-03-20 - 2020-10-09 |
7 months | crt.sh |
| *.storage.googleapis.com GTS CA 1O1 |
2020-03-03 - 2020-05-26 |
3 months | crt.sh |
| *.google.com GTS CA 1O1 |
2020-03-03 - 2020-05-26 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://haltcoronavirusnow.com/why-americans-are-running-to-buy-this-mask/?city=Rotterdam&cep=dRNjo5g7kiQ3k1mCO2Shlm71biCob4R8JkBUDrBSl9NlAlrFLJbbSdJtMFM6Y3q7dwVrWEMp6xC8IatC4IewDLTDzmL4DelF61_f2TI6tWGPmiYqyz5nPeDPC9lnKmwm7ReOpDkV6wAyC1_mB18xKGG13rf8kIbV-TKCoL1THli4aSUkmMtqPGmjxX3e1x11dXCCQ6TbRYDe6J0uSP-AwWJiZgrXzloJqyaRvqT7lqTm7ExO-T3ADUIvckpMHygCpZ5tJ7EVwpshKq5PZedOfZY4_gW67bZnDteAj69upvpiGRMDQ3Q6TRu9rxBsKRD8RHdAX9U9qH_o_X6TiefN_OtTj35NT5qUOpGs7itzWzD4Be7c_8KrfWL42ifm0fdyvJehJsLAEAIWb6aKdKeu4g&domain=coronavirsunow.com
Frame ID: 9FC41EC4EA9E7FE6A18630E3173AD040
Requests: 17 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://coronavirsunow.com/
HTTP 301
http://click.tr4cknow.site/8ec57898-97cd-4524-9d72-6685a69e1bef?domain=coronavirsunow.com HTTP 302
https://haltcoronavirusnow.com/why-americans-are-running-to-buy-this-mask/?city=Rotterdam&cep=dRNjo5g7kiQ3k... Page URL
Detected technologies
WordPress
(CMS)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- script /\/wp-(?:content|includes)\//i
- headers link /rel="https:\/\/api\.w\.org\/"/i
PHP
(Programming Languages)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- script /\/wp-(?:content|includes)\//i
- headers link /rel="https:\/\/api\.w\.org\/"/i
MySQL
(Databases)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- script /\/wp-(?:content|includes)\//i
- headers link /rel="https:\/\/api\.w\.org\/"/i
CloudFlare
(CDN)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- headers server /^cloudflare$/i
Google Font API
(Font Scripts)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
URL: http://click.tr4cknow.site/click
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://coronavirsunow.com/
HTTP 301
http://click.tr4cknow.site/8ec57898-97cd-4524-9d72-6685a69e1bef?domain=coronavirsunow.com HTTP 302
https://haltcoronavirusnow.com/why-americans-are-running-to-buy-this-mask/?city=Rotterdam&cep=dRNjo5g7kiQ3k1mCO2Shlm71biCob4R8JkBUDrBSl9NlAlrFLJbbSdJtMFM6Y3q7dwVrWEMp6xC8IatC4IewDLTDzmL4DelF61_f2TI6tWGPmiYqyz5nPeDPC9lnKmwm7ReOpDkV6wAyC1_mB18xKGG13rf8kIbV-TKCoL1THli4aSUkmMtqPGmjxX3e1x11dXCCQ6TbRYDe6J0uSP-AwWJiZgrXzloJqyaRvqT7lqTm7ExO-T3ADUIvckpMHygCpZ5tJ7EVwpshKq5PZedOfZY4_gW67bZnDteAj69upvpiGRMDQ3Q6TRu9rxBsKRD8RHdAX9U9qH_o_X6TiefN_OtTj35NT5qUOpGs7itzWzD4Be7c_8KrfWL42ifm0fdyvJehJsLAEAIWb6aKdKeu4g&domain=coronavirsunow.com Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
17 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
Primary Request
/
haltcoronavirusnow.com/why-americans-are-running-to-buy-this-mask/ Redirect Chain
|
68 KB 22 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.12.4/ |
95 KB 33 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
css
fonts.googleapis.com/ |
8 KB 873 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
css
fonts.googleapis.com/ |
2 KB 543 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
haltcoronavirusnow.jpg
haltcoronavirusnow.com/wp-content/uploads/2020/03/ |
19 KB 19 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
author1.jpg
haltcoronavirusnow.com/wp-content/uploads/2020/03/ |
3 KB 3 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
hero__img-01.jpg
haltcoronavirusnow.com/wp-content/uploads/2020/03/ |
110 KB 110 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
afraid_woman_child.jpg
haltcoronavirusnow.com/wp-content/uploads/2020/03/ |
131 KB 131 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
masks_out_of_stock.jpg
haltcoronavirusnow.com/wp-content/uploads/2020/03/ |
77 KB 77 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
FaceMask.jpg
haltcoronavirusnow.com/wp-content/uploads/2020/03/ |
142 KB 142 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
ezgif.com-optimize_2_480x480-1.gif
haltcoronavirusnow.com/wp-content/uploads/2020/03/ |
262 KB 262 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
peopleSml.jpg
haltcoronavirusnow.com/wp-content/uploads/2020/03/ |
63 KB 63 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
breathmask3.jpg
haltcoronavirusnow.com/wp-content/uploads/2020/03/ |
11 KB 11 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2
fonts.gstatic.com/s/opensans/v17/ |
9 KB 9 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
S6u9w4BMUTPHh50XSwiPGQ3q5d0.woff2
fonts.gstatic.com/s/lato/v16/ |
13 KB 13 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
S6uyw4BMUTPHjx4wXiWtFCc.woff2
fonts.gstatic.com/s/lato/v16/ |
14 KB 14 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
mem5YaGs126MiZpBA-UN8rsOUuhpKKSTjw.woff2
fonts.gstatic.com/s/opensans/v17/ |
9 KB 9 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
5 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| $ function| jQuery object| jQuery112409265406067372671 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| .haltcoronavirusnow.com/ | Name: __cfduid Value: d75e14946713fc56eee1ff87a8057c78b1585022407 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
click.tr4cknow.site
coronavirsunow.com
fonts.googleapis.com
fonts.gstatic.com
haltcoronavirusnow.com
18.197.88.156
2606:4700:3032::681f:57db
2a00:1450:4001:81c::2003
2a00:1450:4001:821::200a
2a00:1450:4001:825::200a
75.126.104.238
036d841b132c14046e26d8f2da1bc634c6ad34885ed1295660694a91c98933a6
05ea1469ae14e2c9dd7efea77900803b1f27e9d8ddfff61b88acba35f8d9648e
1ecd81afe37f0197fc5fc7fb5befc912c84717717e972edfe77a556fada5b770
437756c3d42987130817a6fc2ca0709139f7726c09439758369478c3930bb225
54c64f3c66372027154f01fc9f24b4e25fdfe405b70d1994c79abbc2576ff775
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
6cdb84758c76da62690ebd72fad255e600499bc6d345c5e63da83f88a4b0c253
70de072bc346b4ff8ac2c09b35a911608bc17cd83a3c017c84b87d15ccfdbbe9
750c0faee5517e39608a319f8e4dfe5adcc20303fef96095dbb15242c7a51414
785322c24e3b957d793af7799741adcccda69f108a8ca2d4c6f06b0f0ff2aac4
816826d9ebfec55a2b67bb02d828aa24137d3fe729e02bfd920c301ea817d5a4
973ebbead06df6ace22a88d2856663d37845792bdf1b40ff69df2e20912fedef
a34e1c4b929a2da6f056f4b6025705522a0b87b0699f5eedadcbac064080b397
b13c57e2ba65fb4c40d1b2ae3700c4fcfc276adde9d85e752d8ef4ee357f4115
cdb739f9a3a59221602411291ee3ee26d557e0cd10b9bf38f9563b8f1e4dbd38
d8ccc36d648469ae72535a1ec5e23def10a53deff594eabfe2a6fa5d4ee4ce2e
de92487ba811fe115a274ddbbf0763c8322d2075fcc192af1d39d660c4eefdce