urlscan.io logo urlscan.io
SecurityTrails logo

mirror.newsletter.information-en-direct.fr Open in urlscan Pro
89.248.209.41  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://t.newsletter.information-en-direct.fr/c/?t=01ae7da-cl5-flc-cm1-98zee
Effective URL: http://mirror.newsletter.information-en-direct.fr/?e=suspect%40safeonweb.be&s=1431&b=1427
Submission: On February 23 via api from BE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 11 IPs in 4 countries across 6 domains to perform 18 HTTP transactions. The main IP is 89.248.209.41, located in Lambersart, France and belongs to ODISO-AS, FR. The main domain is mirror.newsletter.information-en-direct.fr.
This is the only time mirror.newsletter.information-en-direct.fr was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 2 89.248.211.29 34993 (ODISO-AS)
1 89.248.209.41 34993 (ODISO-AS)
1 2 62.210.221.54 12876 (Online SAS)
8 104.20.68.184 13335 (CLOUDFLAR...)
1 2 35.244.174.68 15169 (GOOGLE)
1 31.193.138.50 29550 (SIMPLYTRA...)
1 1 51.38.250.93 16276 (OVH)
1 2 54.38.25.75 16276 (OVH)
1 2 212.129.3.112 12876 (Online SAS)
1 52.208.62.7 16509 (AMAZON-02)
1 2001:41d0:301... 16276 (OVH)
1 18.202.127.238 16509 (AMAZON-02)
18 11
2    89.248.211.29 (Lambersart, France)

ASN34993 (ODISO-AS, FR)
PTR: mindproxy.odiso.net
t.newsletter.information-en-direct.fr
1    89.248.209.41 (Lambersart, France)

ASN34993 (ODISO-AS, FR)
mirror.newsletter.information-en-direct.fr
2    62.210.221.54 (France)

ASN12876 (Online SAS, FR)
ipe.medisite.fr
opn.ivitrack.com
8    104.20.68.184 (United States)

ASN13335 (CLOUDFLARENET, US)
www.medisite.fr
2    35.244.174.68 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com
ejp.medisite.fr
1    31.193.138.50 (United Kingdom)

ASN29550 (SIMPLYTRANSIT, GB)
PTR: e1.instant-mail.com
red.medisite.fr
1    51.38.250.93 (France)

ASN16276 (OVH, FR)
PTR: ip93.ip-51-38-250.eu
crm4d.medisite.fr
2    54.38.25.75 (France)

ASN16276 (OVH, FR)
PTR: ip75.ip-54-38-25.eu
p.crm4d.com
2    212.129.3.112 (Borest, France)

ASN12876 (Online SAS, FR)
PTR: 212-129-3-112.rev.poneytelecom.eu
mel.medisite.fr
js.sddan.com
1    52.208.62.7 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-208-62-7.eu-west-1.compute.amazonaws.com
not.information-en-direct.fr
1    2001:41d0:301:100:145:239:193:53 (France)

ASN16276 (OVH, FR)
pmd.car817.fr
1    18.202.127.238 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-202-127-238.eu-west-1.compute.amazonaws.com
trcd.information-en-direct.fr
Domain Requested by
8 www.medisite.fr mirror.newsletter.information-en-direct.fr
2 p.crm4d.com 1 redirects mirror.newsletter.information-en-direct.fr
2 ejp.medisite.fr 1 redirects mirror.newsletter.information-en-direct.fr
2 t.newsletter.information-en-direct.fr 1 redirects mirror.newsletter.information-en-direct.fr
1 trcd.information-en-direct.fr mirror.newsletter.information-en-direct.fr
1 pmd.car817.fr mirror.newsletter.information-en-direct.fr
1 not.information-en-direct.fr mirror.newsletter.information-en-direct.fr
1 js.sddan.com mirror.newsletter.information-en-direct.fr
1 mel.medisite.fr 1 redirects
1 crm4d.medisite.fr 1 redirects
1 red.medisite.fr mirror.newsletter.information-en-direct.fr
1 opn.ivitrack.com mirror.newsletter.information-en-direct.fr
1 ipe.medisite.fr 1 redirects
1 mirror.newsletter.information-en-direct.fr
18 14

This site contains links to these domains. Also see Links.

Domain
t.newsletter.information-en-direct.fr
Subject Issuer Validity Valid
ipe.ivitrack.com
Let's Encrypt Authority X3		 2020-01-21 -
2020-04-20		 3 months crt.sh
ssl508936.cloudflaressl.com
COMODO ECC Domain Validation Secure Server CA 2		 2019-09-27 -
2020-04-04		 6 months crt.sh
p-eu.acxiom-online.com
Let's Encrypt Authority X3		 2019-12-30 -
2020-03-29		 3 months crt.sh
e1.instant-mail.com
Let's Encrypt Authority X3		 2019-12-01 -
2020-02-29		 3 months crt.sh
crm4d.com
Let's Encrypt Authority X3		 2020-01-03 -
2020-04-02		 3 months crt.sh
*.sddan.com
RapidSSL RSA CA 2018		 2018-01-09 -
2020-04-13		 2 years crt.sh
em.cybercartes.com
Let's Encrypt Authority X3		 2020-02-12 -
2020-05-12		 3 months crt.sh

This page contains 1 frames:

Primary Page: http://mirror.newsletter.information-en-direct.fr/?e=suspect%40safeonweb.be&s=1431&b=1427
Frame ID: 104961A7901BBD7FFBB07F1F6DC6827C
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://t.newsletter.information-en-direct.fr/c/?t=01ae7da-cl5-flc-cm1-98zee HTTP 302
    http://mirror.newsletter.information-en-direct.fr/?e=suspect%40safeonweb.be&s=1431&b=1427 Page URL

Page Statistics

18
Requests

72 %
HTTPS

8 %
IPv6

6
Domains

14
Subdomains

11
IPs

4
Countries

83 kB
Transfer

99 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://t.newsletter.information-en-direct.fr/c/?t=01ae7da-cl5-flc-cm1-98zee HTTP 302
    http://mirror.newsletter.information-en-direct.fr/?e=suspect%40safeonweb.be&s=1431&b=1427 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1
  • http://ipe.medisite.fr/nlo?n=570225f3928b220e59066fec&h=[gc_complexnews-subscriber:md5-mail] HTTP 302
  • https://opn.ivitrack.com/nlo?n=570225f3928b220e59066fec&h=[gc_complexnews-subscriber:md5-mail]
Request Chain 10
  • http://ejp.medisite.fr/475909.gif?m={{user.md5Email}}&n=1 HTTP 301
  • https://ejp.medisite.fr/475909.gif?m={{user.md5Email}}&n=1
Request Chain 12
  • https://crm4d.medisite.fr/emt/planet?eh={{user.md5Email}}%2C{{user.getShaMail()}}&nzbh={{userTokenMd5}}%2C{{userTokenSha256}} HTTP 303
  • https://p.crm4d.com/emt/sync/planet?eh=%7B%7Buser.md5Email%7D%7D%2C%7B%7Buser.getShaMail%28%29%7D%7D&nzbh=%7B%7BuserTokenMd5%7D%7D%2C%7B%7BuserTokenSha256%7D%7D HTTP 303
  • https://p.crm4d.com/sync/planet/match?eh=%7B%7Buser.md5Email%7D%7D%2C%7B%7Buser.getShaMail%28%29%7D%7D&nzbh=%7B%7BuserTokenMd5%7D%7D%2C%7B%7BuserTokenSha256%7D%7D
Request Chain 13
  • https://mel.medisite.fr/HDM.d?pa=22586&si=2&hd_m={{user.md5Email}}&hd_s256={{user.getShaMail()}}&uf_gender={{%20user.gender==0%20?%201%20:%20user.gender==1%20?%202%20:%20-1%20}}&uf_bday={{%20user.birthDate%20|%20date(%27yyyy-MM-dd%27)}}&uf_postal_code={{user.zipcode}} HTTP 301
  • https://js.sddan.com/HDM.d?pa=22586&si=2&hd_m={{user.md5Email}}&hd_s256={{user.getShaMail()}}&uf_gender={{%20user.gender==0%20?%201%20:%20user.gender==1%20?%202%20:%20-1%20}}&uf_bday={{%20user.birthDate%20|%20date(%27yyyy-MM-dd%27)}}&uf_postal_code={{user.zipcode}}

18 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Cookie set /
mirror.newsletter.information-en-direct.fr/
Redirect Chain
  • http://t.newsletter.information-en-direct.fr/c/?t=01ae7da-cl5-flc-cm1-98zee
  • http://mirror.newsletter.information-en-direct.fr/?e=suspect%40safeonweb.be&s=1431&b=1427
27 KB
7 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://mirror.newsletter.information-en-direct.fr/?e=suspect%40safeonweb.be&s=1431&b=1427
Protocol
HTTP/1.1
Server
89.248.209.41 Lambersart, France, ASN34993 (ODISO-AS, FR),
Reverse DNS
Software
/
Resource Hash
34be6cf5de9bea165213b64958562e5e25d7f72c1498529d6a7417c5a92e1c99

Request headers

Host
mirror.newsletter.information-en-direct.fr
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Cache-Control
private
Content-Type
text/html; charset=utf-8
Content-Encoding
gzip
Vary
Accept-Encoding
Set-Cookie
ASP.NET_SessionId=xzlkui4mgfgc00m41ghkuuia; path=/; HttpOnly SERVERID=server1; path=/
Date
Sun, 23 Feb 2020 12:37:02 GMT
Content-Length
7053
X-Robots-Tag
noindex

Redirect headers

Cache-Control
private
Content-Type
text/html; charset=utf-8
Location
http://mirror.newsletter.information-en-direct.fr/?e=suspect%40safeonweb.be&s=1431&b=1427
Set-Cookie
ASP.NET_SessionId=glubc223deuqw4l1ifhy02k1; path=/; HttpOnly
Date
Sun, 23 Feb 2020 12:37:02 GMT
Content-Length
214
/
t.newsletter.information-en-direct.fr/o/ 		180 B
306 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://t.newsletter.information-en-direct.fr/o/?t=cl5-cm1-98zee
Requested by
Host: mirror.newsletter.information-en-direct.fr
URL: http://mirror.newsletter.information-en-direct.fr/?e=suspect%40safeonweb.be&s=1431&b=1427
Protocol
HTTP/1.1
Server
89.248.211.29 Lambersart, France, ASN34993 (ODISO-AS, FR),
Reverse DNS
mindproxy.odiso.net
Software
/
Resource Hash
a3d9bf654bd182096ae97d7aac32516664fdf12437820695136f55620bb105ba

Request headers

Referer
http://mirror.newsletter.information-en-direct.fr/?e=suspect%40safeonweb.be&s=1431&b=1427
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sun, 23 Feb 2020 12:37:02 GMT
Cache-Control
private
Content-Length
180
Content-Type
image/png
nlo
opn.ivitrack.com/
Redirect Chain
  • http://ipe.medisite.fr/nlo?n=570225f3928b220e59066fec&h=[gc_complexnews-subscriber:md5-mail]
  • https://opn.ivitrack.com/nlo?n=570225f3928b220e59066fec&h=[gc_complexnews-subscriber:md5-mail]
42 B
267 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://opn.ivitrack.com/nlo?n=570225f3928b220e59066fec&h=[gc_complexnews-subscriber:md5-mail]
Requested by
Host: mirror.newsletter.information-en-direct.fr
URL: http://mirror.newsletter.information-en-direct.fr/?e=suspect%40safeonweb.be&s=1431&b=1427
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
62.210.221.54 , France, ASN12876 (Online SAS, FR),
Reverse DNS
Software
nginx/1.15.6 /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
http://mirror.newsletter.information-en-direct.fr/?e=suspect%40safeonweb.be&s=1431&b=1427
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
nocache
date
Sun, 23 Feb 2020 12:37:07 GMT
server
nginx/1.15.6
content-type
image/gif
status
200
cache-control
no-store, no-cache, max-age=0, max-stale=0, must-revalidate, proxy-revalidate
x-ivi-hostname
programmatic-api-68bd9d4d45-b9jr6
content-length
42
expires
Fri, 24 Oct 1980 17:30:00 GMT

Redirect headers

Location
https://opn.ivitrack.com/nlo?n=570225f3928b220e59066fec&h=[gc_complexnews-subscriber:md5-mail]
Date
Sun, 23 Feb 2020 12:35:22 GMT
Server
nginx/1.15.6
Connection
keep-alive
X-Ivi-Hostname
programmatic-api-68bd9d4d45-b9jr6
Content-Length
121
Content-Type
text/html; charset=utf-8
mds_nl_logo.png
www.medisite.fr//sites/all/modules/custom/gc/gc_complexnews/theme/templates/images/md/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.medisite.fr//sites/all/modules/custom/gc/gc_complexnews/theme/templates/images/md/mds_nl_logo.png
Requested by
Host: mirror.newsletter.information-en-direct.fr
URL: http://mirror.newsletter.information-en-direct.fr/?e=suspect%40safeonweb.be&s=1431&b=1427
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.20.68.184 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6ebf6a5388278694d79a81a38a62b997515790c689b2f0abd42a2c6e8e2755d9

Request headers

Referer
http://mirror.newsletter.information-en-direct.fr/?e=suspect%40safeonweb.be&s=1431&b=1427
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Sun, 23 Feb 2020 12:37:03 GMT
cf-cache-status
HIT
age
5651
cf-polished
origFmt=png, origSize=5101
x-cache
HIT, medisite.fr@snpcache1
status
200
content-disposition
inline; filename="mds_nl_logo.webp"
content-length
2670
pragma
public
last-modified
Wed, 19 Feb 2020 16:10:56 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
56993fb869d09c45-AMS
cf-bgj
imgq:100
vignette-focus.jpg
www.medisite.fr/files/styles/pano_m/public/images/diaporama/5/2/1/5556125/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.medisite.fr/files/styles/pano_m/public/images/diaporama/5/2/1/5556125/vignette-focus.jpg?itok=axMcelpK
Requested by
Host: mirror.newsletter.information-en-direct.fr
URL: http://mirror.newsletter.information-en-direct.fr/?e=suspect%40safeonweb.be&s=1431&b=1427
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.20.68.184 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a93e2cf4196031f4845e55169ccbbabba85d6687a9d93faef4d2e1167dee2fe9

Request headers

Referer
http://mirror.newsletter.information-en-direct.fr/?e=suspect%40safeonweb.be&s=1431&b=1427
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Sun, 23 Feb 2020 12:37:03 GMT
cf-cache-status
HIT
age
940
cf-polished
origSize=4935, status=webp_bigger
x-cache
HIT, medisite.fr@snpcache4
status
200
content-length
4132
pragma
public
last-modified
Thu, 30 Jan 2020 11:40:00 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
56993fb869d19c45-AMS
cf-bgj
imgq:100
1579885614.jpg
www.medisite.fr/files/styles/pano_m/public/ 		13 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.medisite.fr/files/styles/pano_m/public/1579885614.jpg?itok=X_VHRuNL
Requested by
Host: mirror.newsletter.information-en-direct.fr
URL: http://mirror.newsletter.information-en-direct.fr/?e=suspect%40safeonweb.be&s=1431&b=1427
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.20.68.184 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
88137c24a7e8599bf13c5a61349819d1e71bf943a5f6d12c3de788ef177da6b7

Request headers

Referer
http://mirror.newsletter.information-en-direct.fr/?e=suspect%40safeonweb.be&s=1431&b=1427
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Sun, 23 Feb 2020 12:37:03 GMT
cf-cache-status
HIT
age
940
cf-polished
origSize=15282, status=webp_bigger
x-cache
HIT, medisite.fr@snpcache1
status
200
content-length
13783
pragma
public
last-modified
Fri, 24 Jan 2020 17:08:06 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
56993fb869d69c45-AMS
cf-bgj
imgq:100
vignette-focus_0.jpg
www.medisite.fr/files/styles/pano_m/public/images/diaporama/5/9/0/1087095/ 		10 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.medisite.fr/files/styles/pano_m/public/images/diaporama/5/9/0/1087095/vignette-focus_0.jpg?itok=6c89--v5
Requested by
Host: mirror.newsletter.information-en-direct.fr
URL: http://mirror.newsletter.information-en-direct.fr/?e=suspect%40safeonweb.be&s=1431&b=1427
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.20.68.184 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a1e8bcf243d2d5cad6d5d86b854fd058d6bbba86c1227e5b968d4e14a3626349

Request headers

Referer
http://mirror.newsletter.information-en-direct.fr/?e=suspect%40safeonweb.be&s=1431&b=1427
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Sun, 23 Feb 2020 12:37:03 GMT
cf-cache-status
HIT
age
4518
cf-polished
origSize=10856, status=webp_bigger
x-cache
HIT, medisite.fr@snpcache1
status
200
content-length
10358
pragma
public
last-modified
Thu, 09 Jan 2020 09:08:30 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
56993fb869d59c45-AMS
cf-bgj
imgq:100
6783360-inline.jpg
www.medisite.fr/files/styles/pano_m/public/images/article/9/8/0/5552089/ 		14 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.medisite.fr/files/styles/pano_m/public/images/article/9/8/0/5552089/6783360-inline.jpg?itok=S37cl5oB
Requested by
Host: mirror.newsletter.information-en-direct.fr
URL: http://mirror.newsletter.information-en-direct.fr/?e=suspect%40safeonweb.be&s=1431&b=1427
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.20.68.184 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
da0924df9511a19724b8854df7174a1b82fe2024bbb03d73b41514bb9f63f597

Request headers

Referer
http://mirror.newsletter.information-en-direct.fr/?e=suspect%40safeonweb.be&s=1431&b=1427
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Sun, 23 Feb 2020 12:37:03 GMT
cf-cache-status
HIT
age
940
cf-polished
origSize=15452, status=webp_bigger
x-cache
HIT, medisite.fr@snpcache4
status
200
content-length
14038
pragma
public
last-modified
Mon, 06 Jan 2020 11:17:44 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
56993fb869d49c45-AMS
cf-bgj
imgq:100
vignette-focus.jpg
www.medisite.fr/files/styles/pano_m/public/images/article/3/2/2/5556223/ 		12 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.medisite.fr/files/styles/pano_m/public/images/article/3/2/2/5556223/vignette-focus.jpg?itok=okHPEA8v
Requested by
Host: mirror.newsletter.information-en-direct.fr
URL: http://mirror.newsletter.information-en-direct.fr/?e=suspect%40safeonweb.be&s=1431&b=1427
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.20.68.184 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d99ad3606616dd1f0a1e5b5511ee5c5d1dbb12b59986e7fbc6f719f8005ff7a0

Request headers

Referer
http://mirror.newsletter.information-en-direct.fr/?e=suspect%40safeonweb.be&s=1431&b=1427
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Sun, 23 Feb 2020 12:37:03 GMT
cf-cache-status
HIT
age
940
cf-polished
origSize=13651, status=webp_bigger
x-cache
HIT, medisite.fr@snpcache4
status
200
content-length
12509
pragma
public
last-modified
Fri, 31 Jan 2020 14:27:22 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
56993fb869d39c45-AMS
cf-bgj
imgq:100
vignette-focus.jpg
www.medisite.fr/files/styles/pano_m/public/images/article/8/4/9/5553948/ 		6 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.medisite.fr/files/styles/pano_m/public/images/article/8/4/9/5553948/vignette-focus.jpg?itok=yfUI_HpU
Requested by
Host: mirror.newsletter.information-en-direct.fr
URL: http://mirror.newsletter.information-en-direct.fr/?e=suspect%40safeonweb.be&s=1431&b=1427
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.20.68.184 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
035f7269e3a4637c4542f429566d53e9fe382a10b526d6b4461a14a237daa950

Request headers

Referer
http://mirror.newsletter.information-en-direct.fr/?e=suspect%40safeonweb.be&s=1431&b=1427
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Sun, 23 Feb 2020 12:37:03 GMT
cf-cache-status
HIT
age
940
cf-polished
origSize=7007, status=webp_bigger
x-cache
HIT, medisite.fr@snpcache1
status
200
content-length
6613
pragma
public
last-modified
Fri, 17 Jan 2020 16:04:36 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
56993fb869ce9c45-AMS
cf-bgj
imgq:100
6783916-inline.jpg
www.medisite.fr/files/styles/pano_m/public/images/article/0/5/8/5552850/ 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.medisite.fr/files/styles/pano_m/public/images/article/0/5/8/5552850/6783916-inline.jpg?itok=6EZ5tMKH
Requested by
Host: mirror.newsletter.information-en-direct.fr
URL: http://mirror.newsletter.information-en-direct.fr/?e=suspect%40safeonweb.be&s=1431&b=1427
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.20.68.184 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d0d6907ea15ac91124c8bbf243c3cced17cf5a4ebcf48dd74ea5ea24a519563b

Request headers

Referer
http://mirror.newsletter.information-en-direct.fr/?e=suspect%40safeonweb.be&s=1431&b=1427
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Sun, 23 Feb 2020 12:37:03 GMT
cf-cache-status
HIT
age
940
cf-polished
origSize=9726, status=webp_bigger
x-cache
HIT, medisite.fr@snpcache1
status
200
content-length
9325
pragma
public
last-modified
Mon, 13 Jan 2020 11:25:17 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
56993fb869cf9c45-AMS
cf-bgj
imgq:100
475909.gif
ejp.medisite.fr/
Redirect Chain
  • http://ejp.medisite.fr/475909.gif?m={{user.md5Email}}&n=1
  • https://ejp.medisite.fr/475909.gif?m={{user.md5Email}}&n=1
0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ejp.medisite.fr/475909.gif?m={{user.md5Email}}&n=1
Requested by
Host: mirror.newsletter.information-en-direct.fr
URL: http://mirror.newsletter.information-en-direct.fr/?e=suspect%40safeonweb.be&s=1431&b=1427
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.244.174.68 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
68.174.244.35.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
http://mirror.newsletter.information-en-direct.fr/?e=suspect%40safeonweb.be&s=1431&b=1427
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Redirect headers

Location
https://ejp.medisite.fr/475909.gif?m={{user.md5Email}}&n=1
Date
Sun, 23 Feb 2020 12:37:03 GMT
Via
1.1 google
Content-length
0
medisite
red.medisite.fr/%7B%7Buser.getShaMail()%7D%7D/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://red.medisite.fr/%7B%7Buser.getShaMail()%7D%7D/medisite
Requested by
Host: mirror.newsletter.information-en-direct.fr
URL: http://mirror.newsletter.information-en-direct.fr/?e=suspect%40safeonweb.be&s=1431&b=1427
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
31.193.138.50 , United Kingdom, ASN29550 (SIMPLYTRANSIT, GB),
Reverse DNS
e1.instant-mail.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
http://mirror.newsletter.information-en-direct.fr/?e=suspect%40safeonweb.be&s=1431&b=1427
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers
match
p.crm4d.com/sync/planet/
Redirect Chain
  • https://crm4d.medisite.fr/emt/planet?eh={{user.md5Email}}%2C{{user.getShaMail()}}&nzbh={{userTokenMd5}}%2C{{userTokenSha256}}
  • https://p.crm4d.com/emt/sync/planet?eh=%7B%7Buser.md5Email%7D%7D%2C%7B%7Buser.getShaMail%28%29%7D%7D&nzbh=%7B%7BuserTokenMd5%7D%7D%2C%7B%7BuserTokenSha256%7D%7D
  • https://p.crm4d.com/sync/planet/match?eh=%7B%7Buser.md5Email%7D%7D%2C%7B%7Buser.getShaMail%28%29%7D%7D&nzbh=%7B%7BuserTokenMd5%7D%7D%2C%7B%7BuserTokenSha256%7D%7D
42 B
414 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://p.crm4d.com/sync/planet/match?eh=%7B%7Buser.md5Email%7D%7D%2C%7B%7Buser.getShaMail%28%29%7D%7D&nzbh=%7B%7BuserTokenMd5%7D%7D%2C%7B%7BuserTokenSha256%7D%7D
Requested by
Host: mirror.newsletter.information-en-direct.fr
URL: http://mirror.newsletter.information-en-direct.fr/?e=suspect%40safeonweb.be&s=1431&b=1427
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.38.25.75 , France, ASN16276 (OVH, FR),
Reverse DNS
ip75.ip-54-38-25.eu
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
http://mirror.newsletter.information-en-direct.fr/?e=suspect%40safeonweb.be&s=1431&b=1427
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sun, 23 Feb 2020 12:37:03 GMT
Connection
keep-alive
P3P
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
Content-Length
42
Content-Type
image/gif

Redirect headers

Location
/sync/planet/match?eh=%7B%7Buser.md5Email%7D%7D%2C%7B%7Buser.getShaMail%28%29%7D%7D&nzbh=%7B%7BuserTokenMd5%7D%7D%2C%7B%7BuserTokenSha256%7D%7D
Date
Sun, 23 Feb 2020 12:37:03 GMT
Connection
keep-alive
Content-Length
0
P3P
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
HDM.d
js.sddan.com/
Redirect Chain
  • https://mel.medisite.fr/HDM.d?pa=22586&si=2&hd_m={{user.md5Email}}&hd_s256={{user.getShaMail()}}&uf_gender={{%20user.gender==0%20?%201%20:%20user.gender==1%20?%202%20:%20-1%20}}&uf_bday={{%20user.b...
  • https://js.sddan.com/HDM.d?pa=22586&si=2&hd_m={{user.md5Email}}&hd_s256={{user.getShaMail()}}&uf_gender={{%20user.gender==0%20?%201%20:%20user.gender==1%20?%202%20:%20-1%20}}&uf_bday={{%20user.birt...
42 B
396 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://js.sddan.com/HDM.d?pa=22586&si=2&hd_m={{user.md5Email}}&hd_s256={{user.getShaMail()}}&uf_gender={{%20user.gender==0%20?%201%20:%20user.gender==1%20?%202%20:%20-1%20}}&uf_bday={{%20user.birthDate%20|%20date(%27yyyy-MM-dd%27)}}&uf_postal_code={{user.zipcode}}
Requested by
Host: mirror.newsletter.information-en-direct.fr
URL: http://mirror.newsletter.information-en-direct.fr/?e=suspect%40safeonweb.be&s=1431&b=1427
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
212.129.3.112 Borest, France, ASN12876 (Online SAS, FR),
Reverse DNS
212-129-3-112.rev.poneytelecom.eu
Software
nginx/1.11.3 /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains; preload
X-Xss-Protection 0

Request headers

Referer
http://mirror.newsletter.information-en-direct.fr/?e=suspect%40safeonweb.be&s=1431&b=1427
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 23 Feb 2020 12:37:03 GMT
server
nginx/1.11.3
access-control-allow-origin
*
strict-transport-security
max-age=15724800; includeSubDomains; preload
p3p
CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
status
200
cache-control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
content-type
image/gif
content-length
42
x-xss-protection
0
expires
Tue, 01 Jan 2000 00:00:00 GMT

Redirect headers

status
301
date
Sun, 23 Feb 2020 12:37:03 GMT
server
nginx/1.11.3
strict-transport-security
max-age=15724800; includeSubDomains; preload
content-length
178
location
https://js.sddan.com/HDM.d?pa=22586&si=2&hd_m={{user.md5Email}}&hd_s256={{user.getShaMail()}}&uf_gender={{%20user.gender==0%20?%201%20:%20user.gender==1%20?%202%20:%20-1%20}}&uf_bday={{%20user.birthDate%20|%20date(%27yyyy-MM-dd%27)}}&uf_postal_code={{user.zipcode}}
content-type
text/html
adtckrtg.php
not.information-en-direct.fr/ 		43 B
580 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://not.information-en-direct.fr/adtckrtg.php?ids=1240&hash=d89a49469cc482a0e1ea42bdabfae7dd&hash256=
Requested by
Host: mirror.newsletter.information-en-direct.fr
URL: http://mirror.newsletter.information-en-direct.fr/?e=suspect%40safeonweb.be&s=1431&b=1427
Protocol
HTTP/1.1
Server
52.208.62.7 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-208-62-7.eu-west-1.compute.amazonaws.com
Software
nginx/1.10.3 / Express
Resource Hash
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Referer
http://mirror.newsletter.information-en-direct.fr/?e=suspect%40safeonweb.be&s=1431&b=1427
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sun, 23 Feb 2020 12:37:03 GMT
ETag
W/"2b-2eaaa083"
Server
nginx/1.10.3
X-Powered-By
Express
Content-Type
image/gif
Cache-Control
no-cache, must-revalidate
Connection
keep-alive
Content-Length
43
Expires
Sat, 26 Jul 1997 05:00:00 GMT
collect_v2.img.php
pmd.car817.fr/ 		43 B
646 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pmd.car817.fr/collect_v2.img.php?dmp=emdmpeasy&p=1449&s=1449&m=d89a49469cc482a0e1ea42bdabfae7dd&email_sha256=
Requested by
Host: mirror.newsletter.information-en-direct.fr
URL: http://mirror.newsletter.information-en-direct.fr/?e=suspect%40safeonweb.be&s=1431&b=1427
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:41d0:301:100:145:239:193:53 , France, ASN16276 (OVH, FR),
Reverse DNS
Software
/
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
http://mirror.newsletter.information-en-direct.fr/?e=suspect%40safeonweb.be&s=1431&b=1427
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Date
Sun, 23 Feb 2020 12:37:03 GMT
Cache-Control
no-store, no-cache
Strict-Transport-Security
max-age=31536000
P3P
CP="ALL DSP COR CURa ADMa PSAa PSDa OUR NOR UNI"
X-IPLB-Instance
25256
Transfer-Encoding
chunked
Content-Type
image/gif
trcdo.php
trcd.information-en-direct.fr/trcd/ 		42 B
477 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://trcd.information-en-direct.fr/trcd/trcdo.php?cid=257728&em=suspect@safeonweb.be&emcdrmd5=d89a49469cc482a0e1ea42bdabfae7dd&emcdrsha256=&do=information-en-direct.fr&rout=mbz&ts=1582283817
Requested by
Host: mirror.newsletter.information-en-direct.fr
URL: http://mirror.newsletter.information-en-direct.fr/?e=suspect%40safeonweb.be&s=1431&b=1427
Protocol
HTTP/1.1
Server
18.202.127.238 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-202-127-238.eu-west-1.compute.amazonaws.com
Software
Apache/2.4.7 (Ubuntu) / PHP/5.5.9-1ubuntu4.16
Resource Hash
b2c78c910f5ea29e3a9d223dabc203c055c8708b1fe7d83788b490638126db4d

Request headers

Referer
http://mirror.newsletter.information-en-direct.fr/?e=suspect%40safeonweb.be&s=1431&b=1427
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Sun, 23 Feb 2020 12:37:03 GMT
Last-Modified
Sun, 23 Feb 2020 12:37:03 GMT
Server
Apache/2.4.7 (Ubuntu)
X-Powered-By
PHP/5.5.9-1ubuntu4.16
P3P
CP="NOI NID ADMa OUR IND UNI COM NAV"
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection
keep-alive
Content-Type
image/gif
Content-Length
42
Expires
Sat, 22 Apr 1978 02:19:00 GMT

Verdicts & Comments Add Verdict or Comment

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate

2 Cookies

Domain/Path Name / Value
mirror.newsletter.information-en-direct.fr/ Name: SERVERID
Value: server1
mirror.newsletter.information-en-direct.fr/ Name: ASP.NET_SessionId
Value: xzlkui4mgfgc00m41ghkuuia

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

crm4d.medisite.fr
ejp.medisite.fr
ipe.medisite.fr
js.sddan.com
mel.medisite.fr
mirror.newsletter.information-en-direct.fr
not.information-en-direct.fr
opn.ivitrack.com
p.crm4d.com
pmd.car817.fr
red.medisite.fr
t.newsletter.information-en-direct.fr
trcd.information-en-direct.fr
www.medisite.fr
104.20.68.184
18.202.127.238
2001:41d0:301:100:145:239:193:53
212.129.3.112
31.193.138.50
35.244.174.68
51.38.250.93
52.208.62.7
54.38.25.75
62.210.221.54
89.248.209.41
89.248.211.29
035f7269e3a4637c4542f429566d53e9fe382a10b526d6b4461a14a237daa950
34be6cf5de9bea165213b64958562e5e25d7f72c1498529d6a7417c5a92e1c99
6ebf6a5388278694d79a81a38a62b997515790c689b2f0abd42a2c6e8e2755d9
88137c24a7e8599bf13c5a61349819d1e71bf943a5f6d12c3de788ef177da6b7
a1e8bcf243d2d5cad6d5d86b854fd058d6bbba86c1227e5b968d4e14a3626349
a3d9bf654bd182096ae97d7aac32516664fdf12437820695136f55620bb105ba
a93e2cf4196031f4845e55169ccbbabba85d6687a9d93faef4d2e1167dee2fe9
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22
b2c78c910f5ea29e3a9d223dabc203c055c8708b1fe7d83788b490638126db4d
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d0d6907ea15ac91124c8bbf243c3cced17cf5a4ebcf48dd74ea5ea24a519563b
d99ad3606616dd1f0a1e5b5511ee5c5d1dbb12b59986e7fbc6f719f8005ff7a0
da0924df9511a19724b8854df7174a1b82fe2024bbb03d73b41514bb9f63f597
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629