link.uw.voordeelbrief.be Open in urlscan Pro
212.232.25.223 Public Scan

Go To Rescan
Add Verdict Report

URL:
http://link.uw.voordeelbrief.be/display.php?M=2055490&C=41a9d09dadde2624f68cf7bb5624249f&S=11764&L=39&N=3541
Submission: On July 27 via api (July 27th 2019, 11:41:05 am UTC) from BE

Summary HTTP 8 Redirects Links 5 Behaviour Indicators

Summary

This website contacted 3 IPs in 3 countries across 4 domains to perform 8 HTTP transactions. The main IP is 212.232.25.223, located in Austria and belongs to NESSUS, AT. The main domain is link.uw.voordeelbrief.be.

This is the only time link.uw.voordeelbrief.be was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2	212.232.25.223 212.232.25.223	47692 (NESSUS) (NESSUS)
5	5.35.226.142 5.35.226.142	20773 (GODADDY) (GODADDY)
1	108.128.70.17 108.128.70.17	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
8	3

2 212.232.25.223 (Austria)

ASN47692 (NESSUS, AT)
PTR: 11335-04.root.nessus.at

link.uw.voordeelbrief.be	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sf20.sendsfx.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 5.35.226.142 (Germany)

ASN20773 (GODADDY, DE)
PTR: wp135.webpack.hosteurope.de

img.blue-mailer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.128.70.17 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-108-128-70-17.eu-west-1.compute.amazonaws.com

ti.tradetracker.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	blue-mailer.com img.blue-mailer.com	115 KB
1	sendsfx.com sf20.sendsfx.com	232 B
1	tradetracker.net ti.tradetracker.net	626 B
1	voordeelbrief.be link.uw.voordeelbrief.be	4 KB
8	4

	Domain	Requested by
5	img.blue-mailer.com	link.uw.voordeelbrief.be
1	sf20.sendsfx.com	link.uw.voordeelbrief.be
1	ti.tradetracker.net	link.uw.voordeelbrief.be
1	link.uw.voordeelbrief.be
8	4

This site contains links to these domains. Also see Links.

Domain
sf20.sendsfx.com

Subject Issuer	Validity	Valid
	`1970-01-01` - `1970-01-01`	a few seconds	crt.sh
*.tradetracker.net Entrust Certification Authority - L1K	`2019-03-15` - `2020-04-08`	a year	crt.sh
*.sendsfx.com RapidSSL RSA CA 2018	`2019-01-03` - `2020-03-03`	a year	crt.sh

This page contains 1 frames:

Primary Page: http://link.uw.voordeelbrief.be/display.php?M=2055490&C=41a9d09dadde2624f68cf7bb5624249f&S=11764&L=39&N=3541
Frame ID: 88C59B41119A748DC57D0A377ED1FBB3
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

Debian (Operating Systems) Expand

Overall confidence: 100%
Detected patterns

headers server /Debian/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i

Page Statistics

8
Requests

25 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

3
IPs

3
Countries

120 kB
Transfer

142 kB
Size

0
Cookies

5 Outgoing links

These are links going to different origins than the main page.

URL: https://sf20.sendsfx.com/display.php?M=2055490&C=41a9d09dadde2624f68cf7bb5624249f&L=39&N=3541
Title: Klik hier voor de webversie

Search URL Search Domain Scan URL

URL: https://sf20.sendsfx.com/link.php?M=2055490&N=11764&L=8882&F=H
Title:

Search URL Search Domain Scan URL

URL: https://sf20.sendsfx.com/unsubscribe.php?&M=2055490&N=11764&L=39&C=41a9d09dadde2624f68cf7bb5624249f
Title: Afmelden

Search URL Search Domain Scan URL

URL: https://sf20.sendsfx.com/link.php?M=2055490&N=11764&L=2010&F=H
Title: Contact

Search URL Search Domain Scan URL

URL: https://sf20.sendsfx.com/link.php?M=2055490&N=11764&L=2009&F=H
Title: Afdruk

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request display.php Show response link.uw.voordeelbrief.be/	28 KB 4 KB	59ms 58ms	Document text/html	212.232.25.223 NESSUS
General Check archive.org Show headers Download Go to Full URL http://link.uw.voordeelbrief.be/display.php?M=2055490&C=41a9d09dadde2624f68cf7bb5624249f&S=11764&L=39&N=3541 Protocol HTTP/1.1 Server 212.232.25.223 , Austria, ASN47692 (NESSUS, AT), Reverse DNS 11335-04.root.nessus.at Software Apache/2.4.10 (Debian) / Resource Hash `fa2510cf088efc4946da549ad5987109399e408c20048231213d105599e52a81` Request headers Host link.uw.voordeelbrief.be Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3 Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36 Response headers Date Sat, 27 Jul 2019 11:40:50 GMT Server Apache/2.4.10 (Debian) Vary Accept-Encoding Content-Encoding gzip Content-Length 3352 Keep-Alive timeout=5, max=99 Connection Keep-Alive Content-Type text/html; charset=utf8
GET H/1.1	200 OK	header-nl-title.jpg img.blue-mailer.com/2019/07/9027/	104 KB 105 KB	106ms 57ms	Image image/jpeg	5.35.226.142 GODADDY
General Check archive.org Show headers Download Go to Show image Full URL http://img.blue-mailer.com/2019/07/9027/header-nl-title.jpg Requested by Host: link.uw.voordeelbrief.be URL: http://link.uw.voordeelbrief.be/display.php?M=2055490&C=41a9d09dadde2624f68cf7bb5624249f&S=11764&L=39&N=3541 Protocol HTTP/1.1 Security , , Server 5.35.226.142 , Germany, ASN20773 (GODADDY, DE), Reverse DNS wp135.webpack.hosteurope.de Software Apache / Resource Hash `da5779e178d13063fa3ec9b42b20169027e019adc95a4105a5508470fb98c722` Request headers Referer http://link.uw.voordeelbrief.be/display.php?M=2055490&C=41a9d09dadde2624f68cf7bb5624249f&S=11764&L=39&N=3541 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36 Response headers Date Sat, 27 Jul 2019 11:40:50 GMT Last-Modified Wed, 24 Jul 2019 13:41:15 GMT Server Apache ETag "1a138-58e6d76914b20" Content-Type image/jpeg Connection keep-alive Accept-Ranges bytes Content-Length 106808
GET H/1.1	200 OK	btn-nl.jpg img.blue-mailer.com/2019/07/9027/	8 KB 8 KB	105ms 57ms	Image image/jpeg	5.35.226.142 GODADDY
General Check archive.org Show headers Download Go to Show image Full URL http://img.blue-mailer.com/2019/07/9027/btn-nl.jpg Requested by Host: link.uw.voordeelbrief.be URL: http://link.uw.voordeelbrief.be/display.php?M=2055490&C=41a9d09dadde2624f68cf7bb5624249f&S=11764&L=39&N=3541 Protocol HTTP/1.1 Security , , Server 5.35.226.142 , Germany, ASN20773 (GODADDY, DE), Reverse DNS wp135.webpack.hosteurope.de Software Apache / Resource Hash `105748d3a9f0fa6c9b3535c6b27d9ec701cf5f58a5351996478cff25ba4d37bf` Request headers Referer http://link.uw.voordeelbrief.be/display.php?M=2055490&C=41a9d09dadde2624f68cf7bb5624249f&S=11764&L=39&N=3541 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36 Response headers Date Sat, 27 Jul 2019 11:40:50 GMT Last-Modified Wed, 24 Jul 2019 13:41:16 GMT Server Apache ETag "1eab-58e6d769b8452" Content-Type image/jpeg Connection keep-alive Accept-Ranges bytes Content-Length 7851
GET H/1.1	200 OK	fb.jpg img.blue-mailer.com/2019/07/9027/	729 B 967 B	108ms 60ms	Image image/jpeg	5.35.226.142 GODADDY
General Check archive.org Show headers Download Go to Show image Full URL http://img.blue-mailer.com/2019/07/9027/fb.jpg Requested by Host: link.uw.voordeelbrief.be URL: http://link.uw.voordeelbrief.be/display.php?M=2055490&C=41a9d09dadde2624f68cf7bb5624249f&S=11764&L=39&N=3541 Protocol HTTP/1.1 Security , , Server 5.35.226.142 , Germany, ASN20773 (GODADDY, DE), Reverse DNS wp135.webpack.hosteurope.de Software Apache / Resource Hash `6a6703b4f3f1bb9492b06d4c8d4c8f36ef12521865de32c17ea2a72aa8735f42` Request headers Referer http://link.uw.voordeelbrief.be/display.php?M=2055490&C=41a9d09dadde2624f68cf7bb5624249f&S=11764&L=39&N=3541 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36 Response headers Date Sat, 27 Jul 2019 11:40:50 GMT Last-Modified Wed, 24 Jul 2019 13:41:16 GMT Server Apache ETag "2d9-58e6d76a03f43" Content-Type image/jpeg Connection keep-alive Accept-Ranges bytes Content-Length 729
GET H/1.1	200 OK	tw.jpg img.blue-mailer.com/2019/07/9027/	784 B 1022 B	106ms 57ms	Image image/jpeg	5.35.226.142 GODADDY
General Check archive.org Show headers Download Go to Show image Full URL http://img.blue-mailer.com/2019/07/9027/tw.jpg Requested by Host: link.uw.voordeelbrief.be URL: http://link.uw.voordeelbrief.be/display.php?M=2055490&C=41a9d09dadde2624f68cf7bb5624249f&S=11764&L=39&N=3541 Protocol HTTP/1.1 Security , , Server 5.35.226.142 , Germany, ASN20773 (GODADDY, DE), Reverse DNS wp135.webpack.hosteurope.de Software Apache / Resource Hash `215b395ffb3906cd51cd0f4e3ed4d127837b96dc3b9f9d99c0176a467802ae5b` Request headers Referer http://link.uw.voordeelbrief.be/display.php?M=2055490&C=41a9d09dadde2624f68cf7bb5624249f&S=11764&L=39&N=3541 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36 Response headers Date Sat, 27 Jul 2019 11:40:50 GMT Last-Modified Wed, 24 Jul 2019 13:41:16 GMT Server Apache ETag "310-58e6d76a60ba4" Content-Type image/jpeg Connection keep-alive Accept-Ranges bytes Content-Length 784
GET H/1.1	200 OK	mail.jpg img.blue-mailer.com/2019/07/9027/	847 B 1 KB	108ms 59ms	Image image/jpeg	5.35.226.142 GODADDY
General Check archive.org Show headers Download Go to Show image Full URL http://img.blue-mailer.com/2019/07/9027/mail.jpg Requested by Host: link.uw.voordeelbrief.be URL: http://link.uw.voordeelbrief.be/display.php?M=2055490&C=41a9d09dadde2624f68cf7bb5624249f&S=11764&L=39&N=3541 Protocol HTTP/1.1 Security , , Server 5.35.226.142 , Germany, ASN20773 (GODADDY, DE), Reverse DNS wp135.webpack.hosteurope.de Software Apache / Resource Hash `4bb60c4a67a03f1165eb678c1f3f433099f24a98cfe2751ae33cd49c7e6aa5c5` Request headers Referer http://link.uw.voordeelbrief.be/display.php?M=2055490&C=41a9d09dadde2624f68cf7bb5624249f&S=11764&L=39&N=3541 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36 Response headers Date Sat, 27 Jul 2019 11:40:50 GMT Last-Modified Wed, 24 Jul 2019 13:41:17 GMT Server Apache ETag "34f-58e6d76aa9f85" Content-Type image/jpeg Connection keep-alive Accept-Ranges bytes Content-Length 847
GET H/1.1	200 OK	/ ti.tradetracker.net/	43 B 626 B	203ms 89ms	Image image/gif	108.128.70.17 Amazon.com
General Check archive.org Show headers Download Go to Show image Full URL https://ti.tradetracker.net/?c=30845&m=1583356&a=271347&t=track Requested by Host: link.uw.voordeelbrief.be URL: http://link.uw.voordeelbrief.be/display.php?M=2055490&C=41a9d09dadde2624f68cf7bb5624249f&S=11764&L=39&N=3541 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 108.128.70.17 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS ec2-108-128-70-17.eu-west-1.compute.amazonaws.com Software nginx / PHP/7.1.30-1+ubuntu18.04.1+deb.sury.org+1 Resource Hash `98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a` Request headers Referer http://link.uw.voordeelbrief.be/display.php?M=2055490&C=41a9d09dadde2624f68cf7bb5624249f&S=11764&L=39&N=3541 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36 Response headers Date Sat, 27 Jul 2019 11:40:50 GMT Server nginx X-Powered-By PHP/7.1.30-1+ubuntu18.04.1+deb.sury.org+1 P3P CP="ALL PUR DSP CUR ADMi DEVi CONi OUR COR IND", policyref="https://ti.tradetracker.net/public/w3c/p3p.xml" Cache-Control no-cache, must-revalidate Connection keep-alive Content-Type image/gif Content-Length 43 Expires Mon, 26 Jul 1997 05:00:00 GMT
GET H/1.1	200 OK	open.php sf20.sendsfx.com/	43 B 232 B	152ms 48ms	Image image/gif	212.232.25.223 NESSUS
General Check archive.org Show headers Download Go to Show image Full URL https://sf20.sendsfx.com/open.php?M=2055490&L=39&N=11764&F=H Requested by Host: link.uw.voordeelbrief.be URL: http://link.uw.voordeelbrief.be/display.php?M=2055490&C=41a9d09dadde2624f68cf7bb5624249f&S=11764&L=39&N=3541 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 212.232.25.223 , Austria, ASN47692 (NESSUS, AT), Reverse DNS 11335-04.root.nessus.at Software Apache/2.4.10 (Debian) / Resource Hash `dd5bdccb831d1b19c505bd3e67553f6049cea2e20dba7eb231a02ed0103e521f` Request headers Referer http://link.uw.voordeelbrief.be/display.php?M=2055490&C=41a9d09dadde2624f68cf7bb5624249f&S=11764&L=39&N=3541 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36 Response headers Date Sat, 27 Jul 2019 11:40:50 GMT Server Apache/2.4.10 (Debian) Connection Keep-Alive Keep-Alive timeout=5, max=100 Content-Length 43 Content-Type image/gif

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

img.blue-mailer.com
link.uw.voordeelbrief.be
sf20.sendsfx.com
ti.tradetracker.net
108.128.70.17
212.232.25.223
5.35.226.142
105748d3a9f0fa6c9b3535c6b27d9ec701cf5f58a5351996478cff25ba4d37bf
215b395ffb3906cd51cd0f4e3ed4d127837b96dc3b9f9d99c0176a467802ae5b
4bb60c4a67a03f1165eb678c1f3f433099f24a98cfe2751ae33cd49c7e6aa5c5
6a6703b4f3f1bb9492b06d4c8d4c8f36ef12521865de32c17ea2a72aa8735f42
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
da5779e178d13063fa3ec9b42b20169027e019adc95a4105a5508470fb98c722
dd5bdccb831d1b19c505bd3e67553f6049cea2e20dba7eb231a02ed0103e521f
fa2510cf088efc4946da549ad5987109399e408c20048231213d105599e52a81

link.uw.voordeelbrief.be Open in urlscan Pro 212.232.25.223 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

8 Requests

25 %HTTPS

0 %IPv6

4 Domains

4 Subdomains

3 IPs

3 Countries

120 kBTransfer

142 kBSize

0 Cookies

5 Outgoing links

Redirected requests

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

0 Cookies

Indicators

link.uw.voordeelbrief.be Open in urlscan Pro
212.232.25.223 Public Scan

Screenshot
Live screenshot

Full Image

8
Requests

25 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

3
IPs

3
Countries

120 kB
Transfer

142 kB
Size

0
Cookies

8 HTTP transactions
0 data transactions