urlscan.io logo urlscan.io
SecurityTrails logo

mirror.newsletter.news-en-direct.fr Open in urlscan Pro
89.248.209.41  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://t.newsletter.news-en-direct.fr/c/?t=e195429-cqq-eif-cm4-9!k4a
Effective URL: http://mirror.newsletter.news-en-direct.fr/?e=suspect%40safeonweb.be&s=1433&b=1313
Submission: On January 17 via api from BE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 9 IPs in 3 countries across 5 domains to perform 17 HTTP transactions. The main IP is 89.248.209.41, located in Lambersart, France and belongs to ODISO-AS, FR. The main domain is mirror.newsletter.news-en-direct.fr.
This is the only time mirror.newsletter.news-en-direct.fr was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 2 89.248.211.29 34993 (ODISO-AS)
1 89.248.209.41 34993 (ODISO-AS)
2 3 109.232.196.59 50234 (EULERIAN-AS)
9 2606:4700:303... 13335 (CLOUDFLAR...)
1 2 2606:4700:303... 13335 (CLOUDFLAR...)
1 52.208.62.7 16509 (AMAZON-02)
1 2001:41d0:301... 16276 (OVH)
1 34.251.76.140 16509 (AMAZON-02)
1 2a02:8400:21:... 15557 (LDCOMNET)
17 9
2    89.248.211.29 (Lambersart, France)

ASN34993 (ODISO-AS, FR)
PTR: mindproxy.odiso.net
t.newsletter.news-en-direct.fr
1    89.248.209.41 (Lambersart, France)

ASN34993 (ODISO-AS, FR)
mirror.newsletter.news-en-direct.fr
3    109.232.196.59 (France)

ASN50234 (EULERIAN-AS, FR)
PTR: sfr.eulerian.net
elr.sfr.fr
netc.sfr.fr
9    2606:4700:3037::681b:9d78 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
img.awr.im
2    2606:4700:3034::681b:9c78 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
tracker.awr.im
1    52.208.62.7 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-208-62-7.eu-west-1.compute.amazonaws.com
not.news-en-direct.fr
1    2001:41d0:301:100:145:239:193:53 (France)

ASN16276 (OVH, FR)
pmd.puree57.fr
1    34.251.76.140 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-34-251-76-140.eu-west-1.compute.amazonaws.com
trcd.news-en-direct.fr
1    2a02:8400:21:1::3 (France)

ASN15557 (LDCOMNET, FR)
static.s-sfr.fr
Domain Requested by
9 img.awr.im mirror.newsletter.news-en-direct.fr
2 tracker.awr.im 1 redirects mirror.newsletter.news-en-direct.fr
2 elr.sfr.fr 2 redirects
2 t.newsletter.news-en-direct.fr 1 redirects mirror.newsletter.news-en-direct.fr
1 static.s-sfr.fr mirror.newsletter.news-en-direct.fr
1 trcd.news-en-direct.fr mirror.newsletter.news-en-direct.fr
1 pmd.puree57.fr mirror.newsletter.news-en-direct.fr
1 not.news-en-direct.fr mirror.newsletter.news-en-direct.fr
1 netc.sfr.fr mirror.newsletter.news-en-direct.fr
1 mirror.newsletter.news-en-direct.fr
17 10

This site contains links to these domains. Also see Links.

Domain
t.newsletter.news-en-direct.fr
Subject Issuer Validity Valid
netc.sfr.fr
Let's Encrypt Authority X3		 2019-12-28 -
2020-03-27		 3 months crt.sh
em.cybercartes.com
Let's Encrypt Authority X3		 2020-01-09 -
2020-04-08		 3 months crt.sh
*.s-sfr.fr
Certigna Wild CA		 2017-06-23 -
2020-06-22		 3 years crt.sh

This page contains 1 frames:

Primary Page: http://mirror.newsletter.news-en-direct.fr/?e=suspect%40safeonweb.be&s=1433&b=1313
Frame ID: 01B31FAC974E4E23CA6E23BC22F76F14
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://t.newsletter.news-en-direct.fr/c/?t=e195429-cqq-eif-cm4-9!k4a HTTP 302
    http://mirror.newsletter.news-en-direct.fr/?e=suspect%40safeonweb.be&s=1433&b=1313 Page URL

Page Statistics

17
Requests

18 %
HTTPS

44 %
IPv6

5
Domains

10
Subdomains

9
IPs

3
Countries

399 kB
Transfer

405 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://t.newsletter.news-en-direct.fr/c/?t=e195429-cqq-eif-cm4-9!k4a HTTP 302
    http://mirror.newsletter.news-en-direct.fr/?e=suspect%40safeonweb.be&s=1433&b=1313 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1
  • http://elr.sfr.fr/dynview/sfr-fr/pix.gif?eml-publisher=Adventure-Conseil&eml-name=Email-Acquisition-Payant-prospect-tr-mob-tel-shopping-hiver-7012020-ac&eseg-item=26&ea-rnd=[RANDOM] HTTP 302
  • https://elr.sfr.fr/dynview/sfr-fr/pix.gif?eml-publisher=Adventure-Conseil&eml-name=Email-Acquisition-Payant-prospect-tr-mob-tel-shopping-hiver-7012020-ac&eseg-item=26&ea-rnd=[RANDOM] HTTP 302
  • https://netc.sfr.fr/dynview/sfr-fr/pix.gif?eml-publisher=Adventure-Conseil&eml-name=Email-Acquisition-Payant-prospect-tr-mob-tel-shopping-hiver-7012020-ac&eseg-item=26&ea-rnd=[RANDOM]
Request Chain 11
  • http://tracker.awr.im/open/?u=fg0bj0cg0jidh0bjbhdj HTTP 302
  • http://tracker.awr.im/image.gif

17 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Cookie set /
mirror.newsletter.news-en-direct.fr/
Redirect Chain
  • http://t.newsletter.news-en-direct.fr/c/?t=e195429-cqq-eif-cm4-9!k4a
  • http://mirror.newsletter.news-en-direct.fr/?e=suspect%40safeonweb.be&s=1433&b=1313
20 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://mirror.newsletter.news-en-direct.fr/?e=suspect%40safeonweb.be&s=1433&b=1313
Protocol
HTTP/1.1
Server
89.248.209.41 Lambersart, France, ASN34993 (ODISO-AS, FR),
Reverse DNS
Software
/
Resource Hash
41755e0aad7045be31a816ecbdf60f550aed31420f10e95ecc94d6090ce2ca3e

Request headers

Host
mirror.newsletter.news-en-direct.fr
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Cache-Control
private
Content-Type
text/html; charset=utf-8
Content-Encoding
gzip
Vary
Accept-Encoding
Set-Cookie
ASP.NET_SessionId=n2dyjz34fophznp3bqklp1af; path=/; HttpOnly SERVERID=server2; path=/
Date
Fri, 17 Jan 2020 19:08:08 GMT
Content-Length
5551
X-Robots-Tag
noindex

Redirect headers

Cache-Control
private
Content-Type
text/html; charset=utf-8
Location
http://mirror.newsletter.news-en-direct.fr/?e=suspect%40safeonweb.be&s=1433&b=1313
Set-Cookie
ASP.NET_SessionId=ipq4i0fhfzt3v2jrnjfnl25a; path=/; HttpOnly
Date
Fri, 17 Jan 2020 19:08:07 GMT
Content-Length
207
/
t.newsletter.news-en-direct.fr/o/ 		180 B
306 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://t.newsletter.news-en-direct.fr/o/?t=cqq-cm4-9!k4a
Requested by
Host: mirror.newsletter.news-en-direct.fr
URL: http://mirror.newsletter.news-en-direct.fr/?e=suspect%40safeonweb.be&s=1433&b=1313
Protocol
HTTP/1.1
Server
89.248.211.29 Lambersart, France, ASN34993 (ODISO-AS, FR),
Reverse DNS
mindproxy.odiso.net
Software
/
Resource Hash
a3d9bf654bd182096ae97d7aac32516664fdf12437820695136f55620bb105ba

Request headers

Referer
http://mirror.newsletter.news-en-direct.fr/?e=suspect%40safeonweb.be&s=1433&b=1313
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Fri, 17 Jan 2020 19:08:07 GMT
Cache-Control
private
Content-Length
180
Content-Type
image/png
pix.gif
netc.sfr.fr/dynview/sfr-fr/
Redirect Chain
  • http://elr.sfr.fr/dynview/sfr-fr/pix.gif?eml-publisher=Adventure-Conseil&eml-name=Email-Acquisition-Payant-prospect-tr-mob-tel-shopping-hiver-7012020-ac&eseg-item=26&ea-rnd=[RANDOM]
  • https://elr.sfr.fr/dynview/sfr-fr/pix.gif?eml-publisher=Adventure-Conseil&eml-name=Email-Acquisition-Payant-prospect-tr-mob-tel-shopping-hiver-7012020-ac&eseg-item=26&ea-rnd=[RANDOM]
  • https://netc.sfr.fr/dynview/sfr-fr/pix.gif?eml-publisher=Adventure-Conseil&eml-name=Email-Acquisition-Payant-prospect-tr-mob-tel-shopping-hiver-7012020-ac&eseg-item=26&ea-rnd=[RANDOM]
163 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://netc.sfr.fr/dynview/sfr-fr/pix.gif?eml-publisher=Adventure-Conseil&eml-name=Email-Acquisition-Payant-prospect-tr-mob-tel-shopping-hiver-7012020-ac&eseg-item=26&ea-rnd=[RANDOM]
Requested by
Host: mirror.newsletter.news-en-direct.fr
URL: http://mirror.newsletter.news-en-direct.fr/?e=suspect%40safeonweb.be&s=1433&b=1313
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
109.232.196.59 , France, ASN50234 (EULERIAN-AS, FR),
Reverse DNS
sfr.eulerian.net
Software
EWS /
Resource Hash
6c46829208b5004ded357c146a2dd4c56641ca4a8f93c782081dee56c9a332f1
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://mirror.newsletter.news-en-direct.fr/?e=suspect%40safeonweb.be&s=1433&b=1313
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Pragma
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Date
Fri, 17 Jan 2020 19:08:08 GMT
X-Content-Type-Options
nosniff
Server
EWS
Strict-Transport-Security
max-age=604800
P3P
policyref="http://netc.sfr.fr/w3c/p3p.xml",CP="NOI DSP COR NID ADMa DEVa OUR IND UNI"
Cache-Control
max-age=0, private
Connection
Close
Accept-Ranges
none
Content-Type
image/png
Content-Length
163
X-XSS-Protection
0

Redirect headers

Pragma
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Date
Fri, 17 Jan 2020 19:08:08 GMT
X-Content-Type-Options
nosniff
Server
EWS
Strict-Transport-Security
max-age=604800
Location
https://netc.sfr.fr/dynview/sfr-fr/pix.gif?eml-publisher=Adventure-Conseil&eml-name=Email-Acquisition-Payant-prospect-tr-mob-tel-shopping-hiver-7012020-ac&eseg-item=26&ea-rnd=[RANDOM]
Cache-Control
max-age=0, private
Connection
Close
Accept-Ranges
none
Content-Length
0
X-XSS-Protection
0
logo.png
img.awr.im/content/20190528161231_1543_19/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://img.awr.im/content/20190528161231_1543_19/logo.png
Requested by
Host: mirror.newsletter.news-en-direct.fr
URL: http://mirror.newsletter.news-en-direct.fr/?e=suspect%40safeonweb.be&s=1433&b=1313
Protocol
HTTP/1.1
Server
2606:4700:3037::681b:9d78 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
7b3b13b0d79e9b80b06c415144d972e47ce1dc22d0742439d2e39f1bc6513d73

Request headers

Referer
http://mirror.newsletter.news-en-direct.fr/?e=suspect%40safeonweb.be&s=1433&b=1313
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Fri, 17 Jan 2020 19:08:08 GMT
CF-Cache-Status
HIT
Last-Modified
Tue, 28 May 2019 14:12:31 GMT
Server
cloudflare
Age
175
ETag
"1aa3-589f3416e0032"
Vary
Accept-Encoding
Content-Type
image/png
Cache-Control
max-age=14400
Connection
keep-alive
Accept-Ranges
bytes
CF-RAY
556a9db998e5dfcb-FRA
Content-Length
6819
header.png
img.awr.im/content/20200108133723_1641_19/ 		147 KB
147 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://img.awr.im/content/20200108133723_1641_19/header.png
Requested by
Host: mirror.newsletter.news-en-direct.fr
URL: http://mirror.newsletter.news-en-direct.fr/?e=suspect%40safeonweb.be&s=1433&b=1313
Protocol
HTTP/1.1
Server
2606:4700:3037::681b:9d78 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
4d945b91f7823d167f0dcfc2649be655609afaeaee0a571a365ac1e4afaf9a1e

Request headers

Referer
http://mirror.newsletter.news-en-direct.fr/?e=suspect%40safeonweb.be&s=1433&b=1313
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Fri, 17 Jan 2020 19:08:08 GMT
CF-Cache-Status
HIT
Last-Modified
Wed, 08 Jan 2020 12:37:23 GMT
Server
cloudflare
Age
5219
ETag
"24a24-59ba027808f1b"
Vary
Accept-Encoding
Content-Type
image/png
Cache-Control
max-age=14400
Connection
keep-alive
Accept-Ranges
bytes
CF-RAY
556a9db999c8bec4-FRA
Content-Length
150052
sony.png
img.awr.im/content/20200108133723_1641_19/ 		52 KB
53 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://img.awr.im/content/20200108133723_1641_19/sony.png
Requested by
Host: mirror.newsletter.news-en-direct.fr
URL: http://mirror.newsletter.news-en-direct.fr/?e=suspect%40safeonweb.be&s=1433&b=1313
Protocol
HTTP/1.1
Server
2606:4700:3037::681b:9d78 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
ae14ada1c100606ad160bb9a5fd229fae67b4c58217b34e0ba371114d34545bf

Request headers

Referer
http://mirror.newsletter.news-en-direct.fr/?e=suspect%40safeonweb.be&s=1433&b=1313
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Fri, 17 Jan 2020 19:08:08 GMT
CF-Cache-Status
HIT
Last-Modified
Wed, 08 Jan 2020 12:37:23 GMT
Server
cloudflare
Age
5219
ETag
"d006-59ba027808f1b"
Vary
Accept-Encoding
Content-Type
image/png
Cache-Control
max-age=14400
Connection
keep-alive
Accept-Ranges
bytes
CF-RAY
556a9db99ad2bebf-FRA
Content-Length
53254
huawei.png
img.awr.im/content/20200108133723_1641_19/ 		64 KB
65 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://img.awr.im/content/20200108133723_1641_19/huawei.png
Requested by
Host: mirror.newsletter.news-en-direct.fr
URL: http://mirror.newsletter.news-en-direct.fr/?e=suspect%40safeonweb.be&s=1433&b=1313
Protocol
HTTP/1.1
Server
2606:4700:3037::681b:9d78 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
fe03740d6f6146de264c21dba34836200df513b8e6c0f09600204cc034418ef8

Request headers

Referer
http://mirror.newsletter.news-en-direct.fr/?e=suspect%40safeonweb.be&s=1433&b=1313
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Fri, 17 Jan 2020 19:08:08 GMT
CF-Cache-Status
HIT
Last-Modified
Wed, 08 Jan 2020 12:37:23 GMT
Server
cloudflare
Age
5219
ETag
"101b6-59ba027808f1b"
Vary
Accept-Encoding
Content-Type
image/png
Cache-Control
max-age=14400
Connection
keep-alive
Accept-Ranges
bytes
CF-RAY
556a9db998e6dfcb-FRA
Content-Length
65974
cta.png
img.awr.im/content/20200108133723_1641_19/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://img.awr.im/content/20200108133723_1641_19/cta.png
Requested by
Host: mirror.newsletter.news-en-direct.fr
URL: http://mirror.newsletter.news-en-direct.fr/?e=suspect%40safeonweb.be&s=1433&b=1313
Protocol
HTTP/1.1
Server
2606:4700:3037::681b:9d78 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
bb541261d13e27142cecb491a80140f6d37714eb01e452a02e71148de730aecc

Request headers

Referer
http://mirror.newsletter.news-en-direct.fr/?e=suspect%40safeonweb.be&s=1433&b=1313
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Fri, 17 Jan 2020 19:08:08 GMT
CF-Cache-Status
HIT
Last-Modified
Wed, 08 Jan 2020 12:37:23 GMT
Server
cloudflare
Age
5219
ETag
"506-59ba027808f1b"
Vary
Accept-Encoding
Content-Type
image/png
Cache-Control
max-age=14400
Connection
keep-alive
Accept-Ranges
bytes
CF-RAY
556a9db99c6fdfc3-FRA
Content-Length
1286
footer.png
img.awr.im/content/20200108133723_1641_19/ 		74 KB
74 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://img.awr.im/content/20200108133723_1641_19/footer.png
Requested by
Host: mirror.newsletter.news-en-direct.fr
URL: http://mirror.newsletter.news-en-direct.fr/?e=suspect%40safeonweb.be&s=1433&b=1313
Protocol
HTTP/1.1
Server
2606:4700:3037::681b:9d78 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
82fd12fbbfbb835979cfed26047ceb4ee48680b606a753d080bc16c86abb312e

Request headers

Referer
http://mirror.newsletter.news-en-direct.fr/?e=suspect%40safeonweb.be&s=1433&b=1313
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Fri, 17 Jan 2020 19:08:08 GMT
CF-Cache-Status
HIT
Last-Modified
Wed, 08 Jan 2020 12:37:23 GMT
Server
cloudflare
Age
4129
ETag
"1276d-59ba027808f1b"
Vary
Accept-Encoding
Content-Type
image/png
Cache-Control
max-age=14400
Connection
keep-alive
Accept-Ranges
bytes
CF-RAY
556a9db99ad3bebf-FRA
Content-Length
75629
facebook.png
img.awr.im/content/20191014112712_1788/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://img.awr.im/content/20191014112712_1788/facebook.png
Requested by
Host: mirror.newsletter.news-en-direct.fr
URL: http://mirror.newsletter.news-en-direct.fr/?e=suspect%40safeonweb.be&s=1433&b=1313
Protocol
HTTP/1.1
Server
2606:4700:3037::681b:9d78 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
ea4c4a4151b699b4f987fed77b6e94cdd81130e1b27f56fdf4840403db4ba5d1

Request headers

Referer
http://mirror.newsletter.news-en-direct.fr/?e=suspect%40safeonweb.be&s=1433&b=1313
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Fri, 17 Jan 2020 19:08:08 GMT
CF-Cache-Status
HIT
Last-Modified
Mon, 14 Oct 2019 09:27:12 GMT
Server
cloudflare
Age
6978
ETag
"694-594db78fe6727"
Vary
Accept-Encoding
Content-Type
image/png
Cache-Control
max-age=14400
Connection
keep-alive
Accept-Ranges
bytes
CF-RAY
556a9db9acb4dfc3-FRA
Content-Length
1684
twitter.png
img.awr.im/content/20191014112712_1087/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://img.awr.im/content/20191014112712_1087/twitter.png
Requested by
Host: mirror.newsletter.news-en-direct.fr
URL: http://mirror.newsletter.news-en-direct.fr/?e=suspect%40safeonweb.be&s=1433&b=1313
Protocol
HTTP/1.1
Server
2606:4700:3037::681b:9d78 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
c2cf6463e25d74d71f463cc5b3e438096caa372279f58450e3a50b2f1103a5b5

Request headers

Referer
http://mirror.newsletter.news-en-direct.fr/?e=suspect%40safeonweb.be&s=1433&b=1313
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Fri, 17 Jan 2020 19:08:08 GMT
CF-Cache-Status
HIT
Last-Modified
Mon, 14 Oct 2019 09:27:12 GMT
Server
cloudflare
Age
6978
ETag
"7a3-594db78fe3846"
Vary
Accept-Encoding
Content-Type
image/png
Cache-Control
max-age=14400
Connection
keep-alive
Accept-Ranges
bytes
CF-RAY
556a9db9a924dfcb-FRA
Content-Length
1955
youtube.png
img.awr.im/content/20191014112712_1377/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://img.awr.im/content/20191014112712_1377/youtube.png
Requested by
Host: mirror.newsletter.news-en-direct.fr
URL: http://mirror.newsletter.news-en-direct.fr/?e=suspect%40safeonweb.be&s=1433&b=1313
Protocol
HTTP/1.1
Server
2606:4700:3037::681b:9d78 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
dccd7899fe86bb238b41a1599f3ef8bcc0ad132615f75b9b98a924f24afea1ac

Request headers

Referer
http://mirror.newsletter.news-en-direct.fr/?e=suspect%40safeonweb.be&s=1433&b=1313
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Fri, 17 Jan 2020 19:08:08 GMT
CF-Cache-Status
HIT
Last-Modified
Mon, 14 Oct 2019 09:27:12 GMT
Server
cloudflare
Age
175
ETag
"7f8-594db78fe5787"
Vary
Accept-Encoding
Content-Type
image/png
Cache-Control
max-age=14400
Connection
keep-alive
Accept-Ranges
bytes
CF-RAY
556a9db9b93fdfcb-FRA
Content-Length
2040
image.gif
tracker.awr.im/
Redirect Chain
  • http://tracker.awr.im/open/?u=fg0bj0cg0jidh0bjbhdj
  • http://tracker.awr.im/image.gif
91 B
597 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://tracker.awr.im/image.gif
Requested by
Host: mirror.newsletter.news-en-direct.fr
URL: http://mirror.newsletter.news-en-direct.fr/?e=suspect%40safeonweb.be&s=1433&b=1313
Protocol
HTTP/1.1
Server
2606:4700:3034::681b:9c78 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
1a406159e97baef6ad1404718815565712f7545c2b77e7c1fd4da3afdbee9e6b

Request headers

Referer
http://mirror.newsletter.news-en-direct.fr/?e=suspect%40safeonweb.be&s=1433&b=1313
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Fri, 17 Jan 2020 19:08:08 GMT
CF-Cache-Status
HIT
Last-Modified
Tue, 12 Jan 2016 13:06:46 GMT
Server
cloudflare
Age
6168
ETag
"5b-52922b9c6e580"
Vary
Accept-Encoding
Content-Type
image/gif
Cache-Control
max-age=14400
Connection
keep-alive
Accept-Ranges
bytes
CF-RAY
556a9db9fb56d6e9-FRA
Content-Length
91

Redirect headers

Pragma
no-cache
Date
Fri, 17 Jan 2020 19:08:08 GMT
CF-Cache-Status
DYNAMIC
Server
cloudflare
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
Location
/image.gif
Cache-Control
no-store, no-cache, must-revalidate
Connection
keep-alive
CF-RAY
556a9db989c4d6e9-FRA
Expires
Thu, 19 Nov 1981 08:52:00 GMT
adtckrtg.php
not.news-en-direct.fr/ 		43 B
580 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://not.news-en-direct.fr/adtckrtg.php?ids=1240&hash=d89a49469cc482a0e1ea42bdabfae7dd&hash256=
Requested by
Host: mirror.newsletter.news-en-direct.fr
URL: http://mirror.newsletter.news-en-direct.fr/?e=suspect%40safeonweb.be&s=1433&b=1313
Protocol
HTTP/1.1
Server
52.208.62.7 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-208-62-7.eu-west-1.compute.amazonaws.com
Software
nginx/1.10.3 / Express
Resource Hash
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Referer
http://mirror.newsletter.news-en-direct.fr/?e=suspect%40safeonweb.be&s=1433&b=1313
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Fri, 17 Jan 2020 19:08:08 GMT
ETag
W/"2b-2eaaa083"
Server
nginx/1.10.3
X-Powered-By
Express
Content-Type
image/gif
Cache-Control
no-cache, must-revalidate
Connection
keep-alive
Content-Length
43
Expires
Sat, 26 Jul 1997 05:00:00 GMT
collect_v2.img.php
pmd.puree57.fr/ 		43 B
645 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pmd.puree57.fr/collect_v2.img.php?dmp=emdmpeasy&p=1449&s=1449&m=d89a49469cc482a0e1ea42bdabfae7dd&email_sha256=
Requested by
Host: mirror.newsletter.news-en-direct.fr
URL: http://mirror.newsletter.news-en-direct.fr/?e=suspect%40safeonweb.be&s=1433&b=1313
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:41d0:301:100:145:239:193:53 , France, ASN16276 (OVH, FR),
Reverse DNS
Software
/
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
http://mirror.newsletter.news-en-direct.fr/?e=suspect%40safeonweb.be&s=1433&b=1313
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Fri, 17 Jan 2020 19:08:08 GMT
Cache-Control
no-store, no-cache
Strict-Transport-Security
max-age=31536000
P3P
CP="ALL DSP COR CURa ADMa PSAa PSDa OUR NOR UNI"
X-IPLB-Instance
25144
Transfer-Encoding
chunked
Content-Type
image/gif
trcdo.php
trcd.news-en-direct.fr/trcd/ 		42 B
477 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://trcd.news-en-direct.fr/trcd/trcdo.php?cid=252361&em=suspect@safeonweb.be&emcdrmd5=d89a49469cc482a0e1ea42bdabfae7dd&emcdrsha256=&do=news-en-direct.fr&rout=mbz&ts=1579248203
Requested by
Host: mirror.newsletter.news-en-direct.fr
URL: http://mirror.newsletter.news-en-direct.fr/?e=suspect%40safeonweb.be&s=1433&b=1313
Protocol
HTTP/1.1
Server
34.251.76.140 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-34-251-76-140.eu-west-1.compute.amazonaws.com
Software
Apache/2.4.7 (Ubuntu) / PHP/5.5.9-1ubuntu4.16
Resource Hash
b2c78c910f5ea29e3a9d223dabc203c055c8708b1fe7d83788b490638126db4d

Request headers

Referer
http://mirror.newsletter.news-en-direct.fr/?e=suspect%40safeonweb.be&s=1433&b=1313
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 17 Jan 2020 19:08:09 GMT
Last-Modified
Fri, 17 Jan 2020 19:08:09 GMT
Server
Apache/2.4.7 (Ubuntu)
X-Powered-By
PHP/5.5.9-1ubuntu4.16
P3P
CP="NOI NID ADMa OUR IND UNI COM NAV"
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection
keep-alive
Content-Type
image/gif
Content-Length
42
Expires
Sat, 22 Apr 1978 02:19:00 GMT
sfr-1.0-regular-webfont.woff
static.s-sfr.fr/resources/font/ 		34 KB
35 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://static.s-sfr.fr/resources/font/sfr-1.0-regular-webfont.woff
Requested by
Host: mirror.newsletter.news-en-direct.fr
URL: http://mirror.newsletter.news-en-direct.fr/?e=suspect%40safeonweb.be&s=1433&b=1313
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:8400:21:1::3 , France, ASN15557 (LDCOMNET, FR),
Reverse DNS
Software
nginx/1.10.3 /
Resource Hash
5f618841c21775f839c5d4fdf8263c31100724110a105a9ab356b5e00f084ddd

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer
http://mirror.newsletter.news-en-direct.fr/?e=suspect%40safeonweb.be&s=1433&b=1313
Origin
http://mirror.newsletter.news-en-direct.fr

Response headers

date
Fri, 17 Jan 2020 19:08:08 GMT
via
1.1 static.s-sfr.fr, 1.1 bdx1-ncdn-middle-http00, 1.1 bdx1-ncdn-edge-http01
last-modified
Thu, 05 Jul 2012 08:40:20 GMT
server
nginx/1.10.3
age
24365
etag
W/"34968-1341477620000"
content-type
font/woff
status
200
cache-control
max-age=28800, public
x-varnish
156141217 156010823, 11775823 1047738651
accept-ranges
bytes
access-control-allow-origin
*
content-length
34968
expires
Fri, 17 Jan 2020 20:22:02 GMT

Verdicts & Comments Add Verdict or Comment

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate

2 Cookies

Domain/Path Name / Value
mirror.newsletter.news-en-direct.fr/ Name: SERVERID
Value: server2
mirror.newsletter.news-en-direct.fr/ Name: ASP.NET_SessionId
Value: n2dyjz34fophznp3bqklp1af

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

elr.sfr.fr
img.awr.im
mirror.newsletter.news-en-direct.fr
netc.sfr.fr
not.news-en-direct.fr
pmd.puree57.fr
static.s-sfr.fr
t.newsletter.news-en-direct.fr
tracker.awr.im
trcd.news-en-direct.fr
109.232.196.59
2001:41d0:301:100:145:239:193:53
2606:4700:3034::681b:9c78
2606:4700:3037::681b:9d78
2a02:8400:21:1::3
34.251.76.140
52.208.62.7
89.248.209.41
89.248.211.29
1a406159e97baef6ad1404718815565712f7545c2b77e7c1fd4da3afdbee9e6b
41755e0aad7045be31a816ecbdf60f550aed31420f10e95ecc94d6090ce2ca3e
4d945b91f7823d167f0dcfc2649be655609afaeaee0a571a365ac1e4afaf9a1e
5f618841c21775f839c5d4fdf8263c31100724110a105a9ab356b5e00f084ddd
6c46829208b5004ded357c146a2dd4c56641ca4a8f93c782081dee56c9a332f1
7b3b13b0d79e9b80b06c415144d972e47ce1dc22d0742439d2e39f1bc6513d73
82fd12fbbfbb835979cfed26047ceb4ee48680b606a753d080bc16c86abb312e
a3d9bf654bd182096ae97d7aac32516664fdf12437820695136f55620bb105ba
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22
ae14ada1c100606ad160bb9a5fd229fae67b4c58217b34e0ba371114d34545bf
b2c78c910f5ea29e3a9d223dabc203c055c8708b1fe7d83788b490638126db4d
bb541261d13e27142cecb491a80140f6d37714eb01e452a02e71148de730aecc
c2cf6463e25d74d71f463cc5b3e438096caa372279f58450e3a50b2f1103a5b5
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
dccd7899fe86bb238b41a1599f3ef8bcc0ad132615f75b9b98a924f24afea1ac
ea4c4a4151b699b4f987fed77b6e94cdd81130e1b27f56fdf4840403db4ba5d1
fe03740d6f6146de264c21dba34836200df513b8e6c0f09600204cc034418ef8