URL: http://covid19statsph.foxpush.net/
Submission Tags: phishing malicious Search All
Submission: On May 01 via api from US

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 3 HTTP transactions. The main IP is 192.124.249.118, located in United States and belongs to SUCURI-SEC, US. The main domain is covid19statsph.foxpush.net.
This is the only time covid19statsph.foxpush.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 192.124.249.118 30148 (SUCURI-SEC)
2 2606:4700:303... 13335 (CLOUDFLAR...)
3 2
Apex Domain
Subdomains
Transfer
3 foxpush.net
covid19statsph.foxpush.net
cdn.foxpush.net
27 KB
3 1
Domain Requested by
2 cdn.foxpush.net covid19statsph.foxpush.net
1 covid19statsph.foxpush.net
3 2

This site contains no links.

Subject Issuer Validity Valid
foxpush.net
CloudFlare Inc ECC CA-2
2019-12-04 -
2020-10-09
10 months crt.sh

This page contains 1 frames:

Primary Page: http://covid19statsph.foxpush.net/
Frame ID: F745BBF9742576B747FAF788ADA140DB
Requests: 3 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • html /<[^>]*type=[^>]text\/x-handlebars-template/i
  • script /handlebars(?:\.runtime)?(?:-v([\d.]+?))?(?:\.min)?\.js/i

Page Statistics

3
Requests

67 %
HTTPS

50 %
IPv6

1
Domains

2
Subdomains

2
IPs

1
Countries

27 kB
Transfer

97 kB
Size

2
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

3 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
covid19statsph.foxpush.net/
9 KB
3 KB
Document
General
Full URL
http://covid19statsph.foxpush.net/
Protocol
HTTP/1.1
Server
192.124.249.118 , United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10118.sucuri.net
Software
Sucuri/Cloudproxy /
Resource Hash
bb7a0b5dac3f912b95946c21bafff4df5c7655ce8c8c8e8f831e0e02efd6347d

Request headers

Host
covid19statsph.foxpush.net
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Server
Sucuri/Cloudproxy
Date
Fri, 01 May 2020 15:58:54 GMT
Content-Type
text/html;charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
X-Sucuri-ID
19018
Host-Header
e172abecbd394f56a1a2479517f27fbfe05ff815
Access-Control-Allow-Origin
*
Content-Encoding
gzip
Vary
Accept-Encoding
X-Sucuri-Cache
HIT
handlebars.min.js
cdn.foxpush.net/publishers/assets/
69 KB
20 KB
Script
General
Full URL
https://cdn.foxpush.net/publishers/assets/handlebars.min.js
Requested by
Host: covid19statsph.foxpush.net
URL: http://covid19statsph.foxpush.net/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::681b:919b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b4d53c37653257c3811b65b0d9f37f39bd4e9f8069a24d83527599ca67953ea7

Request headers

Referer
http://covid19statsph.foxpush.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 01 May 2020 15:58:54 GMT
content-encoding
br
cf-cache-status
HIT
age
30375470
x-guploader-uploadid
AEnB2UqiukPCplyFoimMrUnrCXY9uGfc195IpWsHc1Z7Vg7AO0EqB8XKbWaO6gtdYUzzYyX1NjZZviJmOUpCI7gnCjdEkavCcw
x-goog-storage-class
MULTI_REGIONAL
status
200
x-goog-metageneration
3
x-goog-stored-content-encoding
identity
content-type
text/javascript
cf-request-id
02728f6360000005e48f1be200000001
last-modified
Tue, 31 Jan 2017 14:28:27 GMT
server
cloudflare
etag
W/"33c1cc032d68b2bfb2aa6ff049516a77"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=yEAnXw==, md5=M8HMAy1osr+yqm/wSVFqdw==
x-goog-generation
1485872907556000
access-control-allow-origin
*
access-control-expose-headers
Content-Type
cache-control
public, max-age=31536000
x-goog-stored-content-length
70287
cf-ray
58cab4e569ce05e4-FRA
expires
Fri, 15 May 2020 02:21:04 GMT
foxpush.js
cdn.foxpush.net/publishers/assets/
20 KB
4 KB
Script
General
Full URL
https://cdn.foxpush.net/publishers/assets/foxpush.js?v=FCM_Mar6_3
Requested by
Host: covid19statsph.foxpush.net
URL: http://covid19statsph.foxpush.net/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::681b:919b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
17bed451a4636cdc610fe4a174c82d4be52a2c4af8149594211d05da4b89f650

Request headers

Referer
http://covid19statsph.foxpush.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 01 May 2020 15:58:54 GMT
content-encoding
br
cf-cache-status
EXPIRED
last-modified
Sun, 04 Aug 2019 11:41:26 GMT
server
cloudflare
status
200
etag
W/"4e38-16c5c6f2e70"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=86400
cf-ray
58cab4e569d005e4-FRA
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
cf-request-id
02728f6360000005e48f1bf200000001

Verdicts & Comments Add Verdict or Comment

27 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate object| Handlebars object| bowser object| foxpush_localstorage_config object| foxpush_config object| welcome_object object| Cookie function| foxpush_guid string| foxpush_uuid string| browser_id function| urlBase64ToUint8Array undefined| permission undefined| user_location undefined| worker_url undefined| foxtemplate undefined| template undefined| html function| removeElementsByClass function| remove_renderd_html function| getTimezoneName function| getSubscriptionId function| getParameterByName function| user_subscribe function| user_updatesubscribe function| update_opener boolean| foxpush_popup_allowed

2 Cookies

Domain/Path Name / Value
.foxpush.net/ Name: foxpush_browserid
Value: 8ad143b7-4853-ab1d-a45c-04e6a2110523
.foxpush.net/ Name: __cfduid
Value: d54c1cb04c6a0f5fe92a7b84787b1ac091588348734

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.foxpush.net
covid19statsph.foxpush.net
192.124.249.118
2606:4700:3037::681b:919b
17bed451a4636cdc610fe4a174c82d4be52a2c4af8149594211d05da4b89f650
b4d53c37653257c3811b65b0d9f37f39bd4e9f8069a24d83527599ca67953ea7
bb7a0b5dac3f912b95946c21bafff4df5c7655ce8c8c8e8f831e0e02efd6347d