x.email.ncl.com Open in urlscan Pro
173.213.4.192 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://l.email.ncl.com/rts/go2.aspx?h=1690383&tp=i-1NGB-ED-RNt-49sLj4-1x-2rHDNn-1c-49ob5Y-l7DOGQNBb0-66ng&x=53d3820ecf8...
Effective URL:
https://x.email.ncl.com/ats/msg.aspx?sg1=53d3820ecf808ba57cec5aabd75626dfec28b5e7c8ed69a68ba103700d1cfb97&cheetahid=5000...
Submission: On March 03 via api (March 3rd 2022, 11:35:45 am UTC) from US — Scanned from DE

Summary HTTP 14 Redirects Links 11 Behaviour Indicators

Summary

This website contacted 5 IPs in 2 countries across 3 domains to perform 14 HTTP transactions. The main IP is 173.213.4.192, located in United States and belongs to ASN-CHEETA-MAIL, US. The main domain is x.email.ncl.com.
TLS certificate: Issued by Entrust Certification Authority - L1K on January 5th 2022. Valid for: a year.

This is the only time x.email.ncl.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 3	173.213.4.192 173.213.4.192	53316 (ASN-CHEET...) (ASN-CHEETA-MAIL)
3	63.148.46.58 63.148.46.58	53316 (ASN-CHEET...) (ASN-CHEETA-MAIL)
7	104.92.87.142 104.92.87.142	16625 (AKAMAI-AS) (AKAMAI-AS)
1	8.23.247.248 8.23.247.248	3356 (LEVEL3) (LEVEL3)
1 2	52.46.154.242 52.46.154.242	16509 (AMAZON-02) (AMAZON-02)
14	5

3 173.213.4.192 (United States) 1 redirects

ASN53316 (ASN-CHEETA-MAIL, US)

l.email.ncl.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
x.email.ncl.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 63.148.46.58 (United States)

ASN53316 (ASN-CHEETA-MAIL, US)

f.email.ncl.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 104.92.87.142 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-92-87-142.deploy.static.akamaitechnologies.com

i.email.ncl.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 8.23.247.248 (United States)

ASN3356 (LEVEL3, US)

f.chtah.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.46.154.242 (Ashburn, United States) 1 redirects

ASN16509 (AMAZON-02, US)

s.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
13	ncl.com 1 redirects l.email.ncl.com — Cisco Umbrella Rank: 336435 x.email.ncl.com f.email.ncl.com — Cisco Umbrella Rank: 567349 i.email.ncl.com — Cisco Umbrella Rank: 347247	600 KB
2	amazon-adsystem.com 1 redirects s.amazon-adsystem.com — Cisco Umbrella Rank: 260	1016 B
1	chtah.com f.chtah.com — Cisco Umbrella Rank: 132093	286 B
14	3

	Domain	Requested by
7	i.email.ncl.com	x.email.ncl.com
3	f.email.ncl.com	x.email.ncl.com
2	s.amazon-adsystem.com	1 redirects x.email.ncl.com
2	l.email.ncl.com	1 redirects x.email.ncl.com
1	f.chtah.com	x.email.ncl.com
1	x.email.ncl.com
14	6

This site contains links to these domains. Also see Links.

Domain
l.email.ncl.com

Subject Issuer	Validity	Valid
email.ncl.com Entrust Certification Authority - L1K	`2022-01-05` - `2023-01-05`	a year	crt.sh
*.chtah.com DigiCert SHA2 Secure Server CA	`2020-04-10` - `2022-07-14`	2 years	crt.sh
wpm.ccmp.eu R3	`2022-02-25` - `2022-05-26`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://x.email.ncl.com/ats/msg.aspx?sg1=53d3820ecf808ba57cec5aabd75626dfec28b5e7c8ed69a68ba103700d1cfb97&cheetahid=5000116591834&mi_u=5000116591834&cid=EM_MKD_NA_PRO_EML_web_EML_FDRLIVE22_FDRLIVE030222
Frame ID: 53B135ACCA7F57494DE4FC7DEC3084B6
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://l.email.ncl.com/rts/go2.aspx?h=1690383&tp=i-1NGB-ED-RNt-49sLj4-1x-2rHDNn-1c-49ob5Y-l7DOGQNBb... HTTP 302
https://x.email.ncl.com/ats/msg.aspx?sg1=53d3820ecf808ba57cec5aabd75626dfec28b5e7c8ed69a68ba103700d1... Page URL

Detected technologies

Microsoft ASP.NET (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

\.aspx?(?:$|\?)

Page Statistics

14
Requests

71 %
HTTPS

0 %
IPv6

3
Domains

6
Subdomains

5
IPs

2
Countries

599 kB
Transfer

595 kB
Size

6
Cookies

11 Outgoing links

These are links going to different origins than the main page.

URL: http://l.email.ncl.com/rts/go2.aspx?h=1690385&tp=i-16IJ-ED-RNt-49sLj4-1x-2rHDNn-1c-BfhM-G-l7DVtr6L2I-1vdYJh&x=%7c5000116591834%7c5000116591834
Title: Learn More About Our Health & Safety Program

Search URL Search Domain Scan URL

URL: http://l.email.ncl.com/rts/go2.aspx?h=1690386&tp=i-16IJ-ED-RNt-49sLj4-1x-2rHDNn-1c-BfhM-G-l7DVtr6L2I-1vdYJh&x=%7c5000116591834%7c5000116591834

Search URL Search Domain Scan URL

URL: http://l.email.ncl.com/rts/go2.aspx?h=1690387&tp=i-16IJ-ED-RNt-49sLj4-1x-2rHDNn-1c-BfhM-G-l7DVtr6L2I-1vdYJh&x=%7c5000116591834%7c5000116591834

Search URL Search Domain Scan URL

URL: http://l.email.ncl.com/rts/go2.aspx?h=1690388&tp=i-16IJ-ED-RNt-49sLj4-1x-2rHDNn-1c-BfhM-G-l7DVtr6L2I-1vdYJh&x=%7c5000116591834%7c5000116591834

Search URL Search Domain Scan URL

URL: http://l.email.ncl.com/rts/go2.aspx?h=1690389&tp=i-16IJ-ED-RNt-49sLj4-1x-2rHDNn-1c-BfhM-G-l7DVtr6L2I-1vdYJh&x=%7c5000116591834%7c5000116591834

Search URL Search Domain Scan URL

URL: http://l.email.ncl.com/rts/go2.aspx?h=1690390&tp=i-16IJ-ED-RNt-49sLj4-1x-2rHDNn-1c-BfhM-G-l7DVtr6L2I-1vdYJh&x=%7c5000116591834%7c5000116591834

Search URL Search Domain Scan URL

URL: http://l.email.ncl.com/rts/go2.aspx?h=1690391&tp=i-16IJ-ED-RNt-49sLj4-1x-2rHDNn-1c-BfhM-G-l7DVtr6L2I-1vdYJh&x=%7c5000116591834%7c5000116591834

Search URL Search Domain Scan URL

URL: http://l.email.ncl.com/rts/go2.aspx?h=1690392&tp=i-16IJ-ED-RNt-49sLj4-1x-2rHDNn-1c-BfhM-G-l7DVtr6L2I-1vdYJh&x=%7c5000116591834%7c5000116591834
Title: ncl.com

Search URL Search Domain Scan URL

URL: http://l.email.ncl.com/rts/go2.aspx?h=1690393&tp=i-16IJ-ED-RNt-49sLj4-1x-2rHDNn-1c-BfhM-G-l7DVtr6L2I-1vdYJh&x=CRWESSE1@SENTARA.COM%7c%7c5000116591834%7c5000116591834
Title: Email Preference Center.

Search URL Search Domain Scan URL

URL: http://l.email.ncl.com/rts/go2.aspx?h=1690394&tp=i-16IJ-ED-RNt-49sLj4-1x-2rHDNn-1c-BfhM-G-l7DVtr6L2I-1vdYJh&x=%7c5000116591834%7c5000116591834
Title: here

Search URL Search Domain Scan URL

URL: http://l.email.ncl.com/rts/go2.aspx?h=1690395&tp=i-16IJ-ED-RNt-49sLj4-1x-2rHDNn-1c-BfhM-G-l7DVtr6L2I-1vdYJh&x=%7c5000116591834%7c5000116591834
Title: Privacy Policy

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://l.email.ncl.com/rts/go2.aspx?h=1690383&tp=i-1NGB-ED-RNt-49sLj4-1x-2rHDNn-1c-49ob5Y-l7DOGQNBb0-66ng&x=53d3820ecf808ba57cec5aabd75626dfec28b5e7c8ed69a68ba103700d1cfb97%7c%7c5000116591834%7c5000116591834 HTTP 302
https://x.email.ncl.com/ats/msg.aspx?sg1=53d3820ecf808ba57cec5aabd75626dfec28b5e7c8ed69a68ba103700d1cfb97&cheetahid=5000116591834&mi_u=5000116591834&cid=EM_MKD_NA_PRO_EML_web_EML_FDRLIVE22_FDRLIVE030222 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 12

https://s.amazon-adsystem.com/iu3?d=forester-did&ex-fargs=%3Fid%3D875880ad-8228-9c5c-9480-d38ba980550c%26type%3D15%26m%3D1&ex-fch=416613&ex-src=https://www.ncl.com&ex-hargs=v%3D1.0%3Bc%3D4881539110401%3Bp%3D875880AD-8228-9C5C-9480-D38BA980550C&cb=689717938911076600 HTTP 302
https://s.amazon-adsystem.com/iu3?d=forester-did&ex-fargs=%3Fid%3D875880ad-8228-9c5c-9480-d38ba980550c%26type%3D15%26m%3D1&ex-fch=416613&ex-src=https://www.ncl.com&ex-hargs=v%3D1.0%3Bc%3D4881539110401%3Bp%3D875880AD-8228-9C5C-9480-D38BA980550C&cb=689717938911076600&dcc=t

14 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request msg.aspx Show response
x.email.ncl.com/ats/
Redirect Chain

http://l.email.ncl.com/rts/go2.aspx?h=1690383&tp=i-1NGB-ED-RNt-49sLj4-1x-2rHDNn-1c-49ob5Y-l7DOGQNBb0-66ng&x=53d3820ecf808ba57cec5aabd75626dfec28b5e7c8ed69a68ba103700d1cfb97%7c%7c5000116591834%7c500...
https://x.email.ncl.com/ats/msg.aspx?sg1=53d3820ecf808ba57cec5aabd75626dfec28b5e7c8ed69a68ba103700d1cfb97&cheetahid=5000116591834&mi_u=5000116591834&cid=EM_MKD_NA_PRO_EML_web_EML_FDRLIVE22_FDRLIVE0...

14 KB
15 KB

1234ms
743ms

Document
text/html

173.213.4.192
ASN-CHEETA-MAIL

General

Check archive.org

Show headers Download Go to

Full URL

https://x.email.ncl.com/ats/msg.aspx?sg1=53d3820ecf808ba57cec5aabd75626dfec28b5e7c8ed69a68ba103700d1cfb97&cheetahid=5000116591834&mi_u=5000116591834&cid=EM_MKD_NA_PRO_EML_web_EML_FDRLIVE22_FDRLIVE030222

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

173.213.4.192 , United States, ASN53316 (ASN-CHEETA-MAIL, US),

Reverse DNS

Software

Resource Hash

9076bf856094d4a36f45424e1f10eb1a7b61c80f81ff1d48a37d04c1fd5d7143

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: 0
X-Powered-By
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
SERVER
Date: Thu, 03 Mar 2022 11:35:38 GMT
Content-Length: 14384
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
content-security-policy: upgrade-insecure-requests
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff

Redirect headers

Cache-Control: private
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
Location: https://x.email.ncl.com/ats/msg.aspx?sg1=53d3820ecf808ba57cec5aabd75626dfec28b5e7c8ed69a68ba103700d1cfb97&cheetahid=5000116591834&mi_u=5000116591834&cid=EM_MKD_NA_PRO_EML_web_EML_FDRLIVE22_FDRLIVE030222
Server
X-Powered-By
Date: Thu, 03 Mar 2022 11:35:37 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
content-security-policy: upgrade-insecure-requests
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK open.aspx
l.email.ncl.com/rts/ 43 B
591 B 496ms
106ms Image
image/gif 173.213.4.192
ASN-CHEETA-MAIL

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://l.email.ncl.com/rts/open.aspx?tp=i-16IJ-ED-RNt-49sLj4-1x-2rHDNn-1c-BfhM-G-l7DVtr6L2I-1vdYJh

Requested by

Host: x.email.ncl.com
URL: https://x.email.ncl.com/ats/msg.aspx?sg1=53d3820ecf808ba57cec5aabd75626dfec28b5e7c8ed69a68ba103700d1cfb97&cheetahid=5000116591834&mi_u=5000116591834&cid=EM_MKD_NA_PRO_EML_web_EML_FDRLIVE22_FDRLIVE030222

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

173.213.4.192 , United States, ASN53316 (ASN-CHEETA-MAIL, US),

Reverse DNS

Software

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://x.email.ncl.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 03 Mar 2022 11:35:39 GMT
X-Content-Type-Options: nosniff
Server
X-Powered-By
X-Frame-Options: SAMEORIGIN
Content-Type: image/gif
Cache-Control: no-cache, max-age=0
Transfer-Encoding: chunked
content-security-policy: upgrade-insecure-requests
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Expires: 0

GET
H/1.1 200
OK spacer.gif
f.email.ncl.com/i/52/2076736576/ 43 B
286 B 1016ms
97ms Image
image/gif 63.148.46.58
ASN-CHEETA-MAIL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://f.email.ncl.com/i/52/2076736576/spacer.gif
Requested by: Host: x.email.ncl.com
URL: https://x.email.ncl.com/ats/msg.aspx?sg1=53d3820ecf808ba57cec5aabd75626dfec28b5e7c8ed69a68ba103700d1cfb97&cheetahid=5000116591834&mi_u=5000116591834&cid=EM_MKD_NA_PRO_EML_web_EML_FDRLIVE22_FDRLIVE030222
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 63.148.46.58 , United States, ASN53316 (ASN-CHEETA-MAIL, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://x.email.ncl.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 03 Mar 2022 11:35:40 GMT
Last-Modified: Fri, 13 Nov 2020 17:53:51 GMT
Server: nginx
Age: 262
ETag: "5faec82f-2b"
Content-Type: image/gif
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 43

GET
H/1.1 200
OK NCL_ncl.gif
i.email.ncl.com/wpm/881/ContentUploads/Domestic_Acq/Template/ 4 KB
5 KB 639ms
498ms Image
image/gif 104.92.87.142
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.email.ncl.com/wpm/881/ContentUploads/Domestic_Acq/Template/NCL_ncl.gif
Requested by: Host: x.email.ncl.com
URL: https://x.email.ncl.com/ats/msg.aspx?sg1=53d3820ecf808ba57cec5aabd75626dfec28b5e7c8ed69a68ba103700d1cfb97&cheetahid=5000116591834&mi_u=5000116591834&cid=EM_MKD_NA_PRO_EML_web_EML_FDRLIVE22_FDRLIVE030222
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.92.87.142 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-92-87-142.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: ed43eca271722be4d3093309b04d7327f1ab2094f91d227a4ebae38e53060de2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://x.email.ncl.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 03 Mar 2022 11:35:39 GMT
Last-Modified: Wed, 17 Apr 2019 18:33:42 GMT
Server
X-Powered-By
ETag: "18d462154cf5d41:0"
Content-Type: image/gif
Cache-Control: no-cache
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4565

GET
H/1.1 200
OK ncl_line.gif
f.email.ncl.com/i/52/2076736576/ 1 KB
2 KB 1015ms
97ms Image
image/gif 63.148.46.58
ASN-CHEETA-MAIL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://f.email.ncl.com/i/52/2076736576/ncl_line.gif
Requested by: Host: x.email.ncl.com
URL: https://x.email.ncl.com/ats/msg.aspx?sg1=53d3820ecf808ba57cec5aabd75626dfec28b5e7c8ed69a68ba103700d1cfb97&cheetahid=5000116591834&mi_u=5000116591834&cid=EM_MKD_NA_PRO_EML_web_EML_FDRLIVE22_FDRLIVE030222
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 63.148.46.58 , United States, ASN53316 (ASN-CHEETA-MAIL, US),
Reverse DNS
Software: nginx /
Resource Hash: b60d161762aaa381a024845cf801a1d73a6aa1b717fc6da70ba2d446ff8bc56c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://x.email.ncl.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 03 Mar 2022 11:35:40 GMT
Last-Modified: Fri, 13 Nov 2020 17:53:50 GMT
Server: nginx
Age: 157
ETag: "5faec82e-50d"
Content-Type: image/gif
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 1293

GET
H/1.1 200
OK spacer.gif
f.chtah.com/i/52/2076736576/ 43 B
286 B 589ms
86ms Image
image/gif 8.23.247.248
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://f.chtah.com/i/52/2076736576/spacer.gif
Requested by: Host: x.email.ncl.com
URL: https://x.email.ncl.com/ats/msg.aspx?sg1=53d3820ecf808ba57cec5aabd75626dfec28b5e7c8ed69a68ba103700d1cfb97&cheetahid=5000116591834&mi_u=5000116591834&cid=EM_MKD_NA_PRO_EML_web_EML_FDRLIVE22_FDRLIVE030222
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 8.23.247.248 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://x.email.ncl.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 03 Mar 2022 11:35:52 GMT
Last-Modified: Fri, 13 Nov 2020 17:53:51 GMT
Server: nginx
Age: 29
ETag: "5faec82f-2b"
Content-Type: image/gif
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 43

GET
H/1.1 200
OK FDRLIVE030222_hero.jpg
i.email.ncl.com/wpm/881/ContentUploads/Domestic_Acq/ 163 KB
164 KB 148ms
7ms Image
image/jpeg 104.92.87.142
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.email.ncl.com/wpm/881/ContentUploads/Domestic_Acq/FDRLIVE030222_hero.jpg
Requested by: Host: x.email.ncl.com
URL: https://x.email.ncl.com/ats/msg.aspx?sg1=53d3820ecf808ba57cec5aabd75626dfec28b5e7c8ed69a68ba103700d1cfb97&cheetahid=5000116591834&mi_u=5000116591834&cid=EM_MKD_NA_PRO_EML_web_EML_FDRLIVE22_FDRLIVE030222
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.92.87.142 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-92-87-142.deploy.static.akamaitechnologies.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: ef8bdd91682514f89566213eb66eefadf67e92d9a10775f281117ef57f21c4b1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://x.email.ncl.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 03 Mar 2022 11:35:39 GMT
Last-Modified: Thu, 24 Feb 2022 22:14:18 GMT
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
ETag: "1839cdddcb29d81:0"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 167171

GET
H/1.1 200
OK FDRLIVE030222_copy.jpg
i.email.ncl.com/wpm/881/ContentUploads/Domestic_Acq/ 360 KB
361 KB 148ms
8ms Image
image/jpeg 104.92.87.142
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.email.ncl.com/wpm/881/ContentUploads/Domestic_Acq/FDRLIVE030222_copy.jpg
Requested by: Host: x.email.ncl.com
URL: https://x.email.ncl.com/ats/msg.aspx?sg1=53d3820ecf808ba57cec5aabd75626dfec28b5e7c8ed69a68ba103700d1cfb97&cheetahid=5000116591834&mi_u=5000116591834&cid=EM_MKD_NA_PRO_EML_web_EML_FDRLIVE22_FDRLIVE030222
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.92.87.142 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-92-87-142.deploy.static.akamaitechnologies.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: c0308da4f5771362ba2a29707007de8533d7c5733c3990fc99b21fc24ea99cf2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://x.email.ncl.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 03 Mar 2022 11:35:39 GMT
Last-Modified: Thu, 24 Feb 2022 22:14:17 GMT
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
ETag: "3c812fddcb29d81:0"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 369050

GET
H/1.1 200
OK FDRLIVE030222_ncl.jpg
i.email.ncl.com/wpm/881/ContentUploads/Domestic_Acq/ 15 KB
15 KB 148ms
8ms Image
image/jpeg 104.92.87.142
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.email.ncl.com/wpm/881/ContentUploads/Domestic_Acq/FDRLIVE030222_ncl.jpg
Requested by: Host: x.email.ncl.com
URL: https://x.email.ncl.com/ats/msg.aspx?sg1=53d3820ecf808ba57cec5aabd75626dfec28b5e7c8ed69a68ba103700d1cfb97&cheetahid=5000116591834&mi_u=5000116591834&cid=EM_MKD_NA_PRO_EML_web_EML_FDRLIVE22_FDRLIVE030222
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.92.87.142 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-92-87-142.deploy.static.akamaitechnologies.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 4d8d8032202f73d26f4a03f12963a7e42fa6eae9a050899aed169090ff0bc010

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://x.email.ncl.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 03 Mar 2022 11:35:39 GMT
Last-Modified: Thu, 24 Feb 2022 22:14:16 GMT
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
ETag: "972aeadccb29d81:0"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 15181

GET
H/1.1 200
OK FDRLIVE030222_oci.jpg
i.email.ncl.com/wpm/881/ContentUploads/Domestic_Acq/ 19 KB
19 KB 148ms
8ms Image
image/jpeg 104.92.87.142
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.email.ncl.com/wpm/881/ContentUploads/Domestic_Acq/FDRLIVE030222_oci.jpg
Requested by: Host: x.email.ncl.com
URL: https://x.email.ncl.com/ats/msg.aspx?sg1=53d3820ecf808ba57cec5aabd75626dfec28b5e7c8ed69a68ba103700d1cfb97&cheetahid=5000116591834&mi_u=5000116591834&cid=EM_MKD_NA_PRO_EML_web_EML_FDRLIVE22_FDRLIVE030222
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.92.87.142 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-92-87-142.deploy.static.akamaitechnologies.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 4b34a37f169255ffe0db5e2d8c1dbaa4f27916546a407dc9614621c94389b1e1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://x.email.ncl.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 03 Mar 2022 11:35:39 GMT
Last-Modified: Thu, 24 Feb 2022 22:14:18 GMT
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
ETag: "41281edecb29d81:0"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 19010

GET
H/1.1 200
OK FDRLIVE030222_regent.jpg
i.email.ncl.com/wpm/881/ContentUploads/Domestic_Acq/ 18 KB
18 KB 156ms
7ms Image
image/jpeg 104.92.87.142
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.email.ncl.com/wpm/881/ContentUploads/Domestic_Acq/FDRLIVE030222_regent.jpg
Requested by: Host: x.email.ncl.com
URL: https://x.email.ncl.com/ats/msg.aspx?sg1=53d3820ecf808ba57cec5aabd75626dfec28b5e7c8ed69a68ba103700d1cfb97&cheetahid=5000116591834&mi_u=5000116591834&cid=EM_MKD_NA_PRO_EML_web_EML_FDRLIVE22_FDRLIVE030222
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.92.87.142 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-92-87-142.deploy.static.akamaitechnologies.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 49146ebf9da5699de997f4e3831e98466b8749464607afde7b6aa01a06978d5d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://x.email.ncl.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 03 Mar 2022 11:35:39 GMT
Last-Modified: Thu, 24 Feb 2022 22:14:17 GMT
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
ETag: "f35c7eddcb29d81:0"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 18257

GET
H/1.1 200
OK spacer.gif
i.email.ncl.com/wpm/881/ContentUploads/Domestic_Acq/ 43 B
338 B 129ms
8ms Image
image/gif 104.92.87.142
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.email.ncl.com/wpm/881/ContentUploads/Domestic_Acq/spacer.gif
Requested by: Host: x.email.ncl.com
URL: https://x.email.ncl.com/ats/msg.aspx?sg1=53d3820ecf808ba57cec5aabd75626dfec28b5e7c8ed69a68ba103700d1cfb97&cheetahid=5000116591834&mi_u=5000116591834&cid=EM_MKD_NA_PRO_EML_web_EML_FDRLIVE22_FDRLIVE030222
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.92.87.142 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-92-87-142.deploy.static.akamaitechnologies.com
Software: Microsoft-IIS/8.0 / ASP.NET
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://x.email.ncl.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 03 Mar 2022 11:35:39 GMT
Last-Modified: Tue, 14 Jul 2020 14:38:53 GMT
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
ETag: "477c587fec59d61:0"
Content-Type: image/gif
Cache-Control: no-cache
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 43

GET
H/1.1 200
OK spacer_002.gif
f.email.ncl.com/i/52/2076736576/ 43 B
286 B 994ms
97ms Image
image/gif 63.148.46.58
ASN-CHEETA-MAIL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://f.email.ncl.com/i/52/2076736576/spacer_002.gif
Requested by: Host: x.email.ncl.com
URL: https://x.email.ncl.com/ats/msg.aspx?sg1=53d3820ecf808ba57cec5aabd75626dfec28b5e7c8ed69a68ba103700d1cfb97&cheetahid=5000116591834&mi_u=5000116591834&cid=EM_MKD_NA_PRO_EML_web_EML_FDRLIVE22_FDRLIVE030222
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 63.148.46.58 , United States, ASN53316 (ASN-CHEETA-MAIL, US),
Reverse DNS
Software: nginx /
Resource Hash: 4c791f4ef7b857ef4db4a3e21bbcb91cefb5447bbef49db65879876a5d0894e8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://x.email.ncl.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 03 Mar 2022 11:35:40 GMT
Last-Modified: Fri, 13 Nov 2020 17:53:52 GMT
Server: nginx
Age: 120
ETag: "5faec830-2b"
Content-Type: image/gif
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 43

GET
H/1.1

200
OK

iu3
s.amazon-adsystem.com/
Redirect Chain

https://s.amazon-adsystem.com/iu3?d=forester-did&ex-fargs=%3Fid%3D875880ad-8228-9c5c-9480-d38ba980550c%26type%3D15%26m%3D1&ex-fch=416613&ex-src=https://www.ncl.com&ex-hargs=v%3D1.0%3Bc%3D4881539110...
https://s.amazon-adsystem.com/iu3?d=forester-did&ex-fargs=%3Fid%3D875880ad-8228-9c5c-9480-d38ba980550c%26type%3D15%26m%3D1&ex-fch=416613&ex-src=https://www.ncl.com&ex-hargs=v%3D1.0%3Bc%3D4881539110...

0
0

120ms
119ms

Image
text/html

52.46.154.242
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.amazon-adsystem.com/iu3?d=forester-did&ex-fargs=%3Fid%3D875880ad-8228-9c5c-9480-d38ba980550c%26type%3D15%26m%3D1&ex-fch=416613&ex-src=https://www.ncl.com&ex-hargs=v%3D1.0%3Bc%3D4881539110401%3Bp%3D875880AD-8228-9C5C-9480-D38BA980550C&cb=689717938911076600&dcc=t
Requested by: Host: x.email.ncl.com
URL: https://x.email.ncl.com/ats/msg.aspx?sg1=53d3820ecf808ba57cec5aabd75626dfec28b5e7c8ed69a68ba103700d1cfb97&cheetahid=5000116591834&mi_u=5000116591834&cid=EM_MKD_NA_PRO_EML_web_EML_FDRLIVE22_FDRLIVE030222
Protocol: HTTP/1.1
Server: 52.46.154.242 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://x.email.ncl.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Redirect headers

Pragma: no-cache
Date: Thu, 03 Mar 2022 11:35:39 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: YAH3ZGWZZDR5ZA54JS4D
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/iu3?d=forester-did&ex-fargs=%3Fid%3D875880ad-8228-9c5c-9480-d38ba980550c%26type%3D15%26m%3D1&ex-fch=416613&ex-src=https://www.ncl.com&ex-hargs=v%3D1.0%3Bc%3D4881539110401%3Bp%3D875880AD-8228-9C5C-9480-D38BA980550C&cb=689717938911076600&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

6 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
l.email.ncl.com/	1969-12-31 23:59:59	Name: ASP.NET_SessionId Value: hmnbhe3gnivxw1m5dd1yk4da
l.email.ncl.com/	1969-12-31 23:59:59	Name: BIGipServercnv_ats_pool Value: !eBw0is6nAfaKon6oFVQbWBKi/4Lz4r9un++KmZtmL8NCBKXYbd3XigOW0LTQF6FXz7UuoYwh5pNDhus=
x.email.ncl.com/	1969-12-31 23:59:59	Name: BIGipServercnv_ats_ssl_pool Value: !A0fMJkL0r1EJG8yoFVQbWBKi/4Lz4vHcpf41fVPDsw3I802tys4Z3OgesbqfoBttsnXJPemQzf3CNwE=
.amazon-adsystem.com/	1970-01-20 06:23:44	Name: ad-id Value: A9Z33Xv9GUd1tZ2kha3csr0
.amazon-adsystem.com/	1970-01-21 21:49:39	Name: ad-privacy Value: 0
l.email.ncl.com/	1969-12-31 23:59:59	Name: BIGipServercnv_ats_ssl_pool Value: !1sC6N27ozH8FBd+oFVQbWBKi/4Lz4jmId/14i0LYgx0RjNJTc32CUkbO1XIgkeDwNXk7T61hFESFa4E=

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

f.chtah.com
f.email.ncl.com
i.email.ncl.com
l.email.ncl.com
s.amazon-adsystem.com
x.email.ncl.com
104.92.87.142
173.213.4.192
52.46.154.242
63.148.46.58
8.23.247.248
49146ebf9da5699de997f4e3831e98466b8749464607afde7b6aa01a06978d5d
4b34a37f169255ffe0db5e2d8c1dbaa4f27916546a407dc9614621c94389b1e1
4c791f4ef7b857ef4db4a3e21bbcb91cefb5447bbef49db65879876a5d0894e8
4d8d8032202f73d26f4a03f12963a7e42fa6eae9a050899aed169090ff0bc010
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
9076bf856094d4a36f45424e1f10eb1a7b61c80f81ff1d48a37d04c1fd5d7143
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b60d161762aaa381a024845cf801a1d73a6aa1b717fc6da70ba2d446ff8bc56c
c0308da4f5771362ba2a29707007de8533d7c5733c3990fc99b21fc24ea99cf2
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ed43eca271722be4d3093309b04d7327f1ab2094f91d227a4ebae38e53060de2
ef8bdd91682514f89566213eb66eefadf67e92d9a10775f281117ef57f21c4b1

x.email.ncl.com Open in urlscan Pro 173.213.4.192 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

14 Requests

71 %HTTPS

0 %IPv6

3 Domains

6 Subdomains

5 IPs

2 Countries

599 kBTransfer

595 kBSize

6 Cookies

11 Outgoing links

Page URL History

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Verdicts & Comments Add Verdict or Comment

6 JavaScript Global Variables

6 Cookies

Security Headers

Indicators

x.email.ncl.com Open in urlscan Pro
173.213.4.192 Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

71 %
HTTPS

0 %
IPv6

3
Domains

6
Subdomains

5
IPs

2
Countries

599 kB
Transfer

595 kB
Size

6
Cookies

14 HTTP transactions
0 data transactions