id.039475896734985.healthyldietus.com Open in urlscan Pro
89.104.71.117  Malicious Activity! Public Scan

URL: https://id.039475896734985.healthyldietus.com/
Submission: On December 12 via api from US — Scanned from US

Summary

This website contacted 4 IPs in 3 countries across 3 domains to perform 25 HTTP transactions. The main IP is 89.104.71.117, located in Russian Federation and belongs to RU-CENTER-AS, RU. The main domain is id.039475896734985.healthyldietus.com.
TLS certificate: Issued by R3 on December 12th 2023. Valid for: 3 months.
This is the only time id.039475896734985.healthyldietus.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: EU Government (Government)

Domain & IP information

IP Address AS Autonomous System
20 89.104.71.117 39494 (RU-CENTER-AS)
3 35.244.130.212 396982 (GOOGLE-CL...)
2 35.205.43.99 396982 (GOOGLE-CL...)
25 4
Apex Domain
Subdomains
Transfer
20 healthyldietus.com
id.039475896734985.healthyldietus.com
1 MB
3 weblium.site
res2.weblium.site — Cisco Umbrella Rank: 540431
117 KB
2 weblium.com
api.weblium.com — Cisco Umbrella Rank: 490166
569 B
25 3
Domain Requested by
20 id.039475896734985.healthyldietus.com id.039475896734985.healthyldietus.com
3 res2.weblium.site id.039475896734985.healthyldietus.com
2 api.weblium.com id.039475896734985.healthyldietus.com
25 3

This site contains links to these domains. Also see Links.

Domain
steunactie.nl
www.linkedin.com
docs.google.com
help-to-ukraine.org
www.hln.be
Subject Issuer Validity Valid
id.039475896734985.healthyldietus.com
R3
2023-12-12 -
2024-03-11
3 months crt.sh
res2.weblium.site
GTS CA 1D4
2023-11-19 -
2024-02-17
3 months crt.sh
*.weblium.com
R3
2023-10-26 -
2024-01-24
3 months crt.sh

This page contains 1 frames:

Primary Page: https://id.039475896734985.healthyldietus.com/
Frame ID: ADA63017A50A6286B8346EF5C84FEA75
Requests: 30 HTTP requests in this frame

Screenshot

Page Title

Help Ukraine

Page Statistics

25
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

4
IPs

3
Countries

1334 kB
Transfer

5279 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

25 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
id.039475896734985.healthyldietus.com/
451 KB
62 KB
Document
General
Full URL
https://id.039475896734985.healthyldietus.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
89.104.71.117 , Russian Federation, ASN39494 (RU-CENTER-AS, RU),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash
187435d32f749a971aff67b7e004deaa4f91df2af1611da7dd3a793566e09a37

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Tue, 12 Dec 2023 21:54:48 GMT
Server
nginx/1.20.1
Transfer-Encoding
chunked
Vary
Accept-Encoding
google-fonts-5bb75d14564d36002605c7b6.css
id.039475896734985.healthyldietus.com/css/
163 KB
121 KB
Stylesheet
General
Full URL
https://id.039475896734985.healthyldietus.com/css/google-fonts-5bb75d14564d36002605c7b6.css
Requested by
Host: id.039475896734985.healthyldietus.com
URL: https://id.039475896734985.healthyldietus.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
89.104.71.117 , Russian Federation, ASN39494 (RU-CENTER-AS, RU),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash
f3e02fcbc3e663093ab86a07f6bbaed2f64b6eb62a811c32a4edc21c519044f6

Request headers

accept-language
en-US,en;q=0.9
Referer
https://id.039475896734985.healthyldietus.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date
Tue, 12 Dec 2023 21:54:48 GMT
Content-Encoding
gzip
Last-Modified
Sun, 06 Nov 2022 20:32:56 GMT
Server
nginx/1.20.1
ETag
"28dd5-5ecd336406e00-gzip"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
core-theme-5bb75d14564d36002605c7b6.css
id.039475896734985.healthyldietus.com/css/
203 KB
16 KB
Stylesheet
General
Full URL
https://id.039475896734985.healthyldietus.com/css/core-theme-5bb75d14564d36002605c7b6.css
Requested by
Host: id.039475896734985.healthyldietus.com
URL: https://id.039475896734985.healthyldietus.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
89.104.71.117 , Russian Federation, ASN39494 (RU-CENTER-AS, RU),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash
8ad39006ff4e157eb1f37acc5eca4683cd4869ec4c7ece90c5d6698709a8ce9a

Request headers

accept-language
en-US,en;q=0.9
Referer
https://id.039475896734985.healthyldietus.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date
Tue, 12 Dec 2023 21:54:49 GMT
Content-Encoding
gzip
Last-Modified
Sun, 06 Nov 2022 20:32:56 GMT
Server
nginx/1.20.1
ETag
"32da3-5ecd336406e00-gzip"
Vary
Accept-Encoding
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
16291
style.css
id.039475896734985.healthyldietus.com/css/
177 KB
22 KB
Stylesheet
General
Full URL
https://id.039475896734985.healthyldietus.com/css/style.css
Requested by
Host: id.039475896734985.healthyldietus.com
URL: https://id.039475896734985.healthyldietus.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
89.104.71.117 , Russian Federation, ASN39494 (RU-CENTER-AS, RU),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash
dfcb7c0600cf0414955d8738ea6d01c84c8a8d0c73c005369ce0231b33c85119

Request headers

accept-language
en-US,en;q=0.9
Referer
https://id.039475896734985.healthyldietus.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date
Tue, 12 Dec 2023 21:54:49 GMT
Content-Encoding
gzip
Last-Modified
Sun, 06 Nov 2022 20:32:56 GMT
Server
nginx/1.20.1
ETag
"2c28f-5ecd336406e00-gzip"
Vary
Accept-Encoding
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
22625
ssr.css
id.039475896734985.healthyldietus.com/css/
28 KB
4 KB
Stylesheet
General
Full URL
https://id.039475896734985.healthyldietus.com/css/ssr.css
Requested by
Host: id.039475896734985.healthyldietus.com
URL: https://id.039475896734985.healthyldietus.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
89.104.71.117 , Russian Federation, ASN39494 (RU-CENTER-AS, RU),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash
0313b568e3ebde272bddfafec1a0984b8c99723798d5100a056ea8c5476644d8

Request headers

accept-language
en-US,en;q=0.9
Referer
https://id.039475896734985.healthyldietus.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date
Tue, 12 Dec 2023 21:54:49 GMT
Content-Encoding
gzip
Last-Modified
Sun, 06 Nov 2022 20:32:56 GMT
Server
nginx/1.20.1
ETag
"6e3c-5ecd336406e00-gzip"
Vary
Accept-Encoding
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
3999
view-5bb75d14564d36002605c7b6.js
id.039475896734985.healthyldietus.com/css/
19 B
273 B
Script
General
Full URL
https://id.039475896734985.healthyldietus.com/css/view-5bb75d14564d36002605c7b6.js
Requested by
Host: id.039475896734985.healthyldietus.com
URL: https://id.039475896734985.healthyldietus.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
89.104.71.117 , Russian Federation, ASN39494 (RU-CENTER-AS, RU),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash
a2df170bd0114059539550e5e3b9ba6113a376e6acfb35b82259b119cb14f91c

Request headers

accept-language
en-US,en;q=0.9
Referer
https://id.039475896734985.healthyldietus.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date
Tue, 12 Dec 2023 21:54:49 GMT
Last-Modified
Sun, 06 Nov 2022 20:32:56 GMT
Server
nginx/1.20.1
ETag
"13-5ecd336406e00"
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
19
main.js
id.039475896734985.healthyldietus.com/css/
399 KB
100 KB
Script
General
Full URL
https://id.039475896734985.healthyldietus.com/css/main.js
Requested by
Host: id.039475896734985.healthyldietus.com
URL: https://id.039475896734985.healthyldietus.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
89.104.71.117 , Russian Federation, ASN39494 (RU-CENTER-AS, RU),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash
251ca9e28f5bd226a5fe83b7b17f2ca3c0d43c68c75db78c1d2899daa5d10356

Request headers

accept-language
en-US,en;q=0.9
Referer
https://id.039475896734985.healthyldietus.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date
Tue, 12 Dec 2023 21:54:49 GMT
Content-Encoding
gzip
Last-Modified
Sun, 06 Nov 2022 20:32:56 GMT
Server
nginx/1.20.1
ETag
"63aa4-5ecd336406e00-gzip"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
view.js
id.039475896734985.healthyldietus.com/css/
6 KB
3 KB
Script
General
Full URL
https://id.039475896734985.healthyldietus.com/css/view.js
Requested by
Host: id.039475896734985.healthyldietus.com
URL: https://id.039475896734985.healthyldietus.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
89.104.71.117 , Russian Federation, ASN39494 (RU-CENTER-AS, RU),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash
1829c7305de4ec8288ff85299fb73185704776d79ea8e1b3772c592b45e0a5cc

Request headers

accept-language
en-US,en;q=0.9
Referer
https://id.039475896734985.healthyldietus.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date
Tue, 12 Dec 2023 21:54:49 GMT
Content-Encoding
gzip
Last-Modified
Sun, 06 Nov 2022 20:32:56 GMT
Server
nginx/1.20.1
ETag
"167e-5ecd336406e00-gzip"
Vary
Accept-Encoding
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
2433
slider.js
id.039475896734985.healthyldietus.com/css/
183 KB
52 KB
Script
General
Full URL
https://id.039475896734985.healthyldietus.com/css/slider.js
Requested by
Host: id.039475896734985.healthyldietus.com
URL: https://id.039475896734985.healthyldietus.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
89.104.71.117 , Russian Federation, ASN39494 (RU-CENTER-AS, RU),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash
fe1f61cd20c3f3246babd891612591164f8c06763356534aa4c8cc2e4010ff3e

Request headers

accept-language
en-US,en;q=0.9
Referer
https://id.039475896734985.healthyldietus.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date
Tue, 12 Dec 2023 21:54:49 GMT
Content-Encoding
gzip
Last-Modified
Sun, 06 Nov 2022 20:32:56 GMT
Server
nginx/1.20.1
ETag
"2dafb-5ecd336406e00-gzip"
Vary
Accept-Encoding
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
53323
react-dom.js
id.039475896734985.healthyldietus.com/css/
120 KB
38 KB
Script
General
Full URL
https://id.039475896734985.healthyldietus.com/css/react-dom.js
Requested by
Host: id.039475896734985.healthyldietus.com
URL: https://id.039475896734985.healthyldietus.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
89.104.71.117 , Russian Federation, ASN39494 (RU-CENTER-AS, RU),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash
da01206f08c529026039fec5e08532d903b3412ae65299989eb618e0ff9315b5

Request headers

accept-language
en-US,en;q=0.9
Referer
https://id.039475896734985.healthyldietus.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date
Tue, 12 Dec 2023 21:54:49 GMT
Content-Encoding
gzip
Last-Modified
Sun, 06 Nov 2022 20:32:56 GMT
Server
nginx/1.20.1
ETag
"1dfdb-5ecd336406e00-gzip"
Vary
Accept-Encoding
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
38577
legacy.js
id.039475896734985.healthyldietus.com/css/
2 MB
515 KB
Script
General
Full URL
https://id.039475896734985.healthyldietus.com/css/legacy.js
Requested by
Host: id.039475896734985.healthyldietus.com
URL: https://id.039475896734985.healthyldietus.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
89.104.71.117 , Russian Federation, ASN39494 (RU-CENTER-AS, RU),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash
7a11f63d869633a397a614242ea79ae1ceb2554dfac838aeb7a8efe65eef1f92

Request headers

accept-language
en-US,en;q=0.9
Referer
https://id.039475896734985.healthyldietus.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date
Tue, 12 Dec 2023 21:54:49 GMT
Content-Encoding
gzip
Last-Modified
Sun, 06 Nov 2022 20:32:56 GMT
Server
nginx/1.20.1
ETag
"25e025-5ecd336406e00-gzip"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
vendorscontact-form-chunk.js
id.039475896734985.healthyldietus.com/css/
265 KB
62 KB
Script
General
Full URL
https://id.039475896734985.healthyldietus.com/css/vendorscontact-form-chunk.js
Requested by
Host: id.039475896734985.healthyldietus.com
URL: https://id.039475896734985.healthyldietus.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
89.104.71.117 , Russian Federation, ASN39494 (RU-CENTER-AS, RU),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash
73008aa40e5903cd5025f8c6cfda7b8e50f19cd6484c09e7f86769994624a8b0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://id.039475896734985.healthyldietus.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date
Tue, 12 Dec 2023 21:54:49 GMT
Content-Encoding
gzip
Last-Modified
Sun, 06 Nov 2022 20:32:56 GMT
Server
nginx/1.20.1
ETag
"4259f-5ecd336406e00-gzip"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
contact-form-chunk.css
id.039475896734985.healthyldietus.com/css/
27 KB
5 KB
Stylesheet
General
Full URL
https://id.039475896734985.healthyldietus.com/css/contact-form-chunk.css
Requested by
Host: id.039475896734985.healthyldietus.com
URL: https://id.039475896734985.healthyldietus.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
89.104.71.117 , Russian Federation, ASN39494 (RU-CENTER-AS, RU),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash
5ac589704dd368b0f850c85d2d5520c98a789805ece7fe30d0959b82da3a4d0a

Request headers

accept-language
en-US,en;q=0.9
Referer
https://id.039475896734985.healthyldietus.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date
Tue, 12 Dec 2023 21:54:49 GMT
Content-Encoding
gzip
Last-Modified
Sun, 06 Nov 2022 20:32:56 GMT
Server
nginx/1.20.1
ETag
"6a55-5ecd336406e00-gzip"
Vary
Accept-Encoding
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
4528
contact-form-chunk.js
id.039475896734985.healthyldietus.com/css/
60 KB
15 KB
Script
General
Full URL
https://id.039475896734985.healthyldietus.com/css/contact-form-chunk.js
Requested by
Host: id.039475896734985.healthyldietus.com
URL: https://id.039475896734985.healthyldietus.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
89.104.71.117 , Russian Federation, ASN39494 (RU-CENTER-AS, RU),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash
f40329563564231f617f2b50b9eef50bdffde2f8ee3715d5951581d66b18ce66

Request headers

accept-language
en-US,en;q=0.9
Referer
https://id.039475896734985.healthyldietus.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date
Tue, 12 Dec 2023 21:54:49 GMT
Content-Encoding
gzip
Last-Modified
Sun, 06 Nov 2022 20:32:56 GMT
Server
nginx/1.20.1
ETag
"f0ab-5ecd336406e00-gzip"
Vary
Accept-Encoding
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
14548
initial.js
id.039475896734985.healthyldietus.com/css/
95 KB
15 KB
Script
General
Full URL
https://id.039475896734985.healthyldietus.com/css/initial.js
Requested by
Host: id.039475896734985.healthyldietus.com
URL: https://id.039475896734985.healthyldietus.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
89.104.71.117 , Russian Federation, ASN39494 (RU-CENTER-AS, RU),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash
31079a702f9a0fd6f91a9b8257c3a4f5b414f75344493aebad298518f7ab8ebc

Request headers

accept-language
en-US,en;q=0.9
Referer
https://id.039475896734985.healthyldietus.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date
Tue, 12 Dec 2023 21:54:49 GMT
Content-Encoding
gzip
Last-Modified
Sun, 06 Nov 2022 20:32:56 GMT
Server
nginx/1.20.1
ETag
"17c62-5ecd336406e00-gzip"
Vary
Accept-Encoding
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
15522
page-5bb75d14564d36002605c7b6.js
id.039475896734985.healthyldietus.com/css/
155 KB
36 KB
Script
General
Full URL
https://id.039475896734985.healthyldietus.com/css/page-5bb75d14564d36002605c7b6.js
Requested by
Host: id.039475896734985.healthyldietus.com
URL: https://id.039475896734985.healthyldietus.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
89.104.71.117 , Russian Federation, ASN39494 (RU-CENTER-AS, RU),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash
23afebe5c23ab17dbd56f899fe47052705ef73889551c8f64c355ee94e94a0a7

Request headers

accept-language
en-US,en;q=0.9
Referer
https://id.039475896734985.healthyldietus.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date
Tue, 12 Dec 2023 21:54:49 GMT
Content-Encoding
gzip
Last-Modified
Sun, 06 Nov 2022 20:32:56 GMT
Server
nginx/1.20.1
ETag
"26a0c-5ecd336406e00-gzip"
Vary
Accept-Encoding
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
37062
6223349bb7b937002202cf4c_optimized.png
id.039475896734985.healthyldietus.com/css/
13 KB
13 KB
Image
General
Full URL
https://id.039475896734985.healthyldietus.com/css/6223349bb7b937002202cf4c_optimized.png
Requested by
Host: id.039475896734985.healthyldietus.com
URL: https://id.039475896734985.healthyldietus.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
89.104.71.117 , Russian Federation, ASN39494 (RU-CENTER-AS, RU),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash
b19e26e8b34ed311747e843b9472ddbddf11ebd1eeb738eb0748ae875ad6f1f5

Request headers

accept-language
en-US,en;q=0.9
Referer
https://id.039475896734985.healthyldietus.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date
Tue, 12 Dec 2023 21:54:49 GMT
Last-Modified
Sun, 06 Nov 2022 20:32:56 GMT
Server
nginx/1.20.1
ETag
"347c-5ecd336406e00"
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
13436
62583ac760259e0022b7d288_optimized_1286_c1286x779-0x0.jpg
id.039475896734985.healthyldietus.com/css/
49 KB
49 KB
Image
General
Full URL
https://id.039475896734985.healthyldietus.com/css/62583ac760259e0022b7d288_optimized_1286_c1286x779-0x0.jpg
Requested by
Host: id.039475896734985.healthyldietus.com
URL: https://id.039475896734985.healthyldietus.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
89.104.71.117 , Russian Federation, ASN39494 (RU-CENTER-AS, RU),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash
67b03b4f1434f091bb27e04bd0a36c15bd3b13360a8da64a8cd1454066342d26

Request headers

accept-language
en-US,en;q=0.9
Referer
https://id.039475896734985.healthyldietus.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date
Tue, 12 Dec 2023 21:54:49 GMT
Last-Modified
Sun, 06 Nov 2022 20:32:56 GMT
Server
nginx/1.20.1
ETag
"c2c9-5ecd336406e00"
Content-Type
image/jpeg
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
49865
core.js
id.039475896734985.healthyldietus.com/css/
90 KB
31 KB
Script
General
Full URL
https://id.039475896734985.healthyldietus.com/css/core.js
Requested by
Host: id.039475896734985.healthyldietus.com
URL: https://id.039475896734985.healthyldietus.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
89.104.71.117 , Russian Federation, ASN39494 (RU-CENTER-AS, RU),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash
f9350b1319b20ff358c9b8aad6347aa88c620901ea9a36f7c86559c8ac8882ca

Request headers

accept-language
en-US,en;q=0.9
Referer
https://id.039475896734985.healthyldietus.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date
Tue, 12 Dec 2023 21:54:49 GMT
Content-Encoding
gzip
Last-Modified
Sun, 06 Nov 2022 20:32:56 GMT
Server
nginx/1.20.1
ETag
"16793-5ecd336406e00-gzip"
Vary
Accept-Encoding
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
31024
site-stat.js
id.039475896734985.healthyldietus.com/css/
4 KB
2 KB
Script
General
Full URL
https://id.039475896734985.healthyldietus.com/css/site-stat.js
Requested by
Host: id.039475896734985.healthyldietus.com
URL: https://id.039475896734985.healthyldietus.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
89.104.71.117 , Russian Federation, ASN39494 (RU-CENTER-AS, RU),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash
1af81fbc3e62ebe83bc0ccc55a533a26562853bf1470a52e89982283964033e5

Request headers

accept-language
en-US,en;q=0.9
Referer
https://id.039475896734985.healthyldietus.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date
Tue, 12 Dec 2023 21:54:50 GMT
Content-Encoding
gzip
Last-Modified
Sun, 06 Nov 2022 20:32:56 GMT
Server
nginx/1.20.1
ETag
"fd6-5ecd336406e00-gzip"
Vary
Accept-Encoding
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1674
622338740f85370023ee35c6_optimized_1920.webp
res2.weblium.site/res/5d70ac45c917a00023aad765/
65 KB
65 KB
Image
General
Full URL
https://res2.weblium.site/res/5d70ac45c917a00023aad765/622338740f85370023ee35c6_optimized_1920.webp
Requested by
Host: id.039475896734985.healthyldietus.com
URL: https://id.039475896734985.healthyldietus.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.130.212 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
212.130.244.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
dd1dba2a7b39d04d4044db119ab83c0d7f3ad1fa77e22a8dbe083e8d07a8977b

Request headers

accept-language
en-US,en;q=0.9
Referer
https://id.039475896734985.healthyldietus.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 07:22:43 GMT
age
743528
x-guploader-uploadid
ABPtcPqM_on13v_k5f-xPJJ8iNXs_7j0Wb4tgZpcZZ57kqXs2UEdW77Bwl6UfzmX7jZrP1mf9rq9NrG-y7SJtBCjIGe4Hl6dv13L
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
66300
last-modified
Sat, 05 Mar 2022 10:25:24 GMT
server
UploadServer
etag
"f813df3f6250de0feb99e0696e433be3"
x-goog-generation
1646475924337439
x-goog-hash
crc32c=ZKGZLw==, md5=+BPfP2JQ3g/rmeBpbkM74w==
access-control-allow-origin
*
access-control-expose-headers
Content-Type
cache-control
public, max-age=31536000
x-goog-stored-content-length
66300
accept-ranges
bytes
content-type
image/webp
expires
Tue, 03 Dec 2024 07:22:43 GMT
truncated
/
13 KB
13 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
01ca87d2ea75e83973a7817fb02822e52d80ccf44c47e08d4486bd75d5533108

Request headers

Referer
Origin
https://id.039475896734985.healthyldietus.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Content-Type
application/font-woff2;charset=utf-8
truncated
/
8 KB
8 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ae9b4d4306c4c08255f63dd3a078f57fcc99c838b89ff2b1ea3e86805d6199d7

Request headers

Referer
Origin
https://id.039475896734985.healthyldietus.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Content-Type
application/font-woff2;charset=utf-8
truncated
/
13 KB
13 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9d95898f93b41bac4ffbb0b7ba76bc00f498f7a2c2989ebadaaf447caff18034

Request headers

Referer
Origin
https://id.039475896734985.healthyldietus.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Content-Type
application/font-woff2;charset=utf-8
truncated
/
12 KB
12 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
67b4e0ddc7e67e8ec48682a72ac8cf8b9e03c51528964a1b5177ebcad059a7d3

Request headers

Referer
Origin
https://id.039475896734985.healthyldietus.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Content-Type
application/font-woff2;charset=utf-8
truncated
/
9 KB
9 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d0dcfa6e8d02e226f1239628352beb016bc7ec62d7d031dd9205a3fa98d15b08

Request headers

Referer
Origin
https://id.039475896734985.healthyldietus.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Content-Type
application/font-woff2;charset=utf-8
truncated
/
44 B
44 B
Other
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
52734ffc9ed5c328ac20a2b1bd1177ade6dd2a4279d2445547fffdd5d1f5e2c4

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Content-Type
image/webp
save
api.weblium.com/api/website/session/
68 B
569 B
XHR
General
Full URL
https://api.weblium.com/api/website/session/save
Requested by
Host: id.039475896734985.healthyldietus.com
URL: https://id.039475896734985.healthyldietus.com/css/site-stat.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.205.43.99 Brussels, Belgium, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
99.43.205.35.bc.googleusercontent.com
Software
openresty /
Resource Hash
2f6c746a1d669fcd26bbfabd83b5eb64a9f5c98272526b866346131c8f962a31
Security Headers
Name Value
Strict-Transport-Security max-age=2592000

Request headers

Referer
https://id.039475896734985.healthyldietus.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Content-Type
application/json;charset=UTF-8

Response headers

Date
Tue, 12 Dec 2023 21:54:52 GMT
strict-transport-security
max-age=2592000
Server
openresty
Access-Control-Allow-Methods
GET,HEAD,PUT,POST,PATCH,DELETE
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
https://id.039475896734985.healthyldietus.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
68
save
api.weblium.com/api/website/session/
0
0
Preflight
General
Full URL
https://api.weblium.com/api/website/session/save
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.205.43.99 Brussels, Belgium, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
99.43.205.35.bc.googleusercontent.com
Software
openresty /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=2592000

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://id.039475896734985.healthyldietus.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
content-type
Access-Control-Allow-Methods
GET,HEAD,PUT,POST,PATCH,DELETE
Access-Control-Allow-Origin
https://id.039475896734985.healthyldietus.com
Connection
keep-alive
Date
Tue, 12 Dec 2023 21:54:51 GMT
Server
openresty
strict-transport-security
max-age=2592000
initial.js
res2.weblium.site/site/62583d47874bf900236db362/
95 KB
15 KB
Script
General
Full URL
https://res2.weblium.site/site/62583d47874bf900236db362/initial.js
Requested by
Host: id.039475896734985.healthyldietus.com
URL: https://id.039475896734985.healthyldietus.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.130.212 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
212.130.244.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
31079a702f9a0fd6f91a9b8257c3a4f5b414f75344493aebad298518f7ab8ebc

Request headers

accept-language
en-US,en;q=0.9
Referer
https://id.039475896734985.healthyldietus.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 19:45:12 GMT
content-encoding
gzip
age
698980
x-guploader-uploadid
ABPtcPpXKmk38agTPq2vy740f-Oy0JbxqcVVtWPajtA7Est_7yUBU7pI_7NcJQKZtM1-Jx4LfOWjpFao2HftNkFkZwMXtesfKqsz
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15521
last-modified
Thu, 14 Apr 2022 15:27:11 GMT
server
UploadServer
etag
"6842c00b1d3f1f2f8c92dc293a99503a"
vary
Accept-Encoding
x-goog-generation
1649950031712550
x-goog-hash
crc32c=t/iJBw==, md5=aELACx0/Hy+MktwpOplQOg==
access-control-allow-origin
*
access-control-expose-headers
Content-Type
cache-control
public, max-age=31536000
x-goog-stored-content-length
15521
accept-ranges
bytes
content-type
application/javascript
expires
Tue, 03 Dec 2024 19:45:12 GMT
page-5bb75d14564d36002605c7b6.js
res2.weblium.site/site/62583d47874bf900236db362/
155 KB
36 KB
Script
General
Full URL
https://res2.weblium.site/site/62583d47874bf900236db362/page-5bb75d14564d36002605c7b6.js
Requested by
Host: id.039475896734985.healthyldietus.com
URL: https://id.039475896734985.healthyldietus.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.130.212 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
212.130.244.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
23afebe5c23ab17dbd56f899fe47052705ef73889551c8f64c355ee94e94a0a7

Request headers

accept-language
en-US,en;q=0.9
Referer
https://id.039475896734985.healthyldietus.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 07:22:44 GMT
content-encoding
gzip
age
743528
x-guploader-uploadid
ABPtcPrrLnDIQowDG6EX9OFQ_fPG6SifmJhHgE3JOrG2RKSC42RdWw1Aw6BLCtvpLVB6z9pEjMpO5VHWlo3HUmM39WrS6jri8qE5
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
37017
last-modified
Thu, 14 Apr 2022 15:27:15 GMT
server
UploadServer
etag
"d31f95631135d2304c9555aaf2247d08"
vary
Accept-Encoding
x-goog-generation
1649950035107748
x-goog-hash
crc32c=xVfChg==, md5=0x+VYxE10jBMlVWq8iR9CA==
access-control-allow-origin
*
access-control-expose-headers
Content-Type
cache-control
public, max-age=31536000
x-goog-stored-content-length
37017
accept-ranges
bytes
content-type
application/javascript
expires
Tue, 03 Dec 2024 07:22:44 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: EU Government (Government)

68 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture string| pathname undefined| preload_polyfill function| preload_polyfill_invoke object| swPromise function| registerAdata function| getAdata function| __set_style__ function| __require_style__ function| blockJsonp function| __require_block__ function| viewJsonp function| __require_view__ object| invokePreload object| __views object| webpackJsonp object| __INITIAL_STATE__ boolean| isRelative string| WEBLIUM_DOMAIN string| STRUCTURE_DOMAIN string| siteUrl string| mode string| pageId object| loadedPages object| scripts object| __core-js_shared__ object| core object| global object| System function| asap function| Observable function| setImmediate function| clearImmediate function| Dict function| delay function| _ function| __script object| webpackManifest string| slugId string| bucketUrl string| safeStaticDomain string| websiteId string| renderId function| initialLoading object| pageApps object| appsComponents object| apps object| popupsInfo string| API_URL object| appsContent object| regeneratorRuntime object| React function| __webpack_require__ function| MediaPlaceholder function| objectFitImages object| rollbar function| initLegacy object| browserHistory function| loadReactDOM object| memoStorage function| registerAppComponentInitializer function| preloadPopup function| showPopup function| closePopup object| wlStat object| popupsMap boolean| legacyIniting function| hydrateBlock

0 Cookies

1 Console Messages

Source Level URL
Text
network error
Message:
A bad HTTP response code (404) was received when fetching the script.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.weblium.com
id.039475896734985.healthyldietus.com
res2.weblium.site
35.205.43.99
35.244.130.212
89.104.71.117
01ca87d2ea75e83973a7817fb02822e52d80ccf44c47e08d4486bd75d5533108
0313b568e3ebde272bddfafec1a0984b8c99723798d5100a056ea8c5476644d8
1829c7305de4ec8288ff85299fb73185704776d79ea8e1b3772c592b45e0a5cc
187435d32f749a971aff67b7e004deaa4f91df2af1611da7dd3a793566e09a37
1af81fbc3e62ebe83bc0ccc55a533a26562853bf1470a52e89982283964033e5
23afebe5c23ab17dbd56f899fe47052705ef73889551c8f64c355ee94e94a0a7
251ca9e28f5bd226a5fe83b7b17f2ca3c0d43c68c75db78c1d2899daa5d10356
2f6c746a1d669fcd26bbfabd83b5eb64a9f5c98272526b866346131c8f962a31
31079a702f9a0fd6f91a9b8257c3a4f5b414f75344493aebad298518f7ab8ebc
52734ffc9ed5c328ac20a2b1bd1177ade6dd2a4279d2445547fffdd5d1f5e2c4
5ac589704dd368b0f850c85d2d5520c98a789805ece7fe30d0959b82da3a4d0a
67b03b4f1434f091bb27e04bd0a36c15bd3b13360a8da64a8cd1454066342d26
67b4e0ddc7e67e8ec48682a72ac8cf8b9e03c51528964a1b5177ebcad059a7d3
73008aa40e5903cd5025f8c6cfda7b8e50f19cd6484c09e7f86769994624a8b0
7a11f63d869633a397a614242ea79ae1ceb2554dfac838aeb7a8efe65eef1f92
8ad39006ff4e157eb1f37acc5eca4683cd4869ec4c7ece90c5d6698709a8ce9a
9d95898f93b41bac4ffbb0b7ba76bc00f498f7a2c2989ebadaaf447caff18034
a2df170bd0114059539550e5e3b9ba6113a376e6acfb35b82259b119cb14f91c
ae9b4d4306c4c08255f63dd3a078f57fcc99c838b89ff2b1ea3e86805d6199d7
b19e26e8b34ed311747e843b9472ddbddf11ebd1eeb738eb0748ae875ad6f1f5
d0dcfa6e8d02e226f1239628352beb016bc7ec62d7d031dd9205a3fa98d15b08
da01206f08c529026039fec5e08532d903b3412ae65299989eb618e0ff9315b5
dd1dba2a7b39d04d4044db119ab83c0d7f3ad1fa77e22a8dbe083e8d07a8977b
dfcb7c0600cf0414955d8738ea6d01c84c8a8d0c73c005369ce0231b33c85119
f3e02fcbc3e663093ab86a07f6bbaed2f64b6eb62a811c32a4edc21c519044f6
f40329563564231f617f2b50b9eef50bdffde2f8ee3715d5951581d66b18ce66
f9350b1319b20ff358c9b8aad6347aa88c620901ea9a36f7c86559c8ac8882ca
fe1f61cd20c3f3246babd891612591164f8c06763356534aa4c8cc2e4010ff3e