www.salememail.net - urlscan.io

Summary

This website contacted 4 IPs in 2 countries across 4 domains to perform 5 HTTP transactions. The main IP is 208.123.68.12, located in Austin, United States and belongs to PCUC-AS - PCUC Acquisition LLC, US. The main domain is www.salememail.net.

This is the only time www.salememail.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	208.123.68.12 208.123.68.12	30145 (PCUC-AS) (PCUC-AS - PCUC Acquisition LLC)
2	2a03:2880:f02... 2a03:2880:f02d:12:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK - Facebook)
1	96.46.128.252 96.46.128.252	18499 (CYBER-GEN...) (CYBER-GENERATION - Cyber Generation Inc)
1	205.185.216.42 205.185.216.42	20446 (HIGHWINDS3) (HIGHWINDS3 - Highwinds Network Group)
5	4

1 208.123.68.12 (Austin, United States)

ASN30145 (PCUC-AS - PCUC Acquisition LLC, US)
PTR: mail1.salememail.net

www.salememail.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f02d:12:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 96.46.128.252 (Austin, United States)

ASN18499 (CYBER-GENERATION - Cyber Generation Inc, CA)
PTR: www.efeedbacktrk.com

4a3179.efeedbacktrk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 205.185.216.42 (Phoenix, United States)

ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US)
PTR: map2.hwcdn.net

media.salemwebnetwork.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	facebook.net connect.facebook.net	176 KB
1	salemwebnetwork.com media.salemwebnetwork.com	224 KB
1	efeedbacktrk.com 4a3179.efeedbacktrk.com	417 B
1	salememail.net www.salememail.net	7 KB
5	4

	Domain	Requested by
2	connect.facebook.net	www.salememail.net
1	media.salemwebnetwork.com	www.salememail.net
1	4a3179.efeedbacktrk.com	www.salememail.net
1	www.salememail.net
5	4

This site contains no links.

Subject Issuer	Validity	Valid
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2017-12-15` - `2019-03-22`	a year	crt.sh
*.efeedbacktrk.com COMODO RSA Domain Validation Secure Server CA	`2016-05-06` - `2019-05-06`	3 years	crt.sh

This page contains 2 frames:

Primary Page: http://www.salememail.net/ViewMessage.do?m=grlytgrmty&r=pffmyfdhhjfy&s=hbnhqmvwhnhvfwgsrpljlvmfbrrfncvlqqg&q=1542896370&a=view
Frame ID: 9284E8C838CF98C726230E736124D079
Requests: 4 HTTP requests in this frame

Frame: https://connect.facebook.net/en_US/all.js?hash=20d19bfdc10d349d887c29e3000b7621&ua=modern_es6
Frame ID: C230F56FF381D44F455D4EE522CC788B
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^\/]*\/[a-z]*\.js/i

Page Statistics

5
Requests

60 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

407 kB
Transfer

404 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://connect.facebook.net/en_US/all.js HTTP 307
https://connect.facebook.net/en_US/all.js

5 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request Cookie set ViewMessage.do Show response
www.salememail.net/ 6 KB
7 KB 979ms
700ms Document
text/html 208.123.68.12
PCUC Acquisition LLC

General

Check archive.org

Show headers Download Go to

Full URL: http://www.salememail.net/ViewMessage.do?m=grlytgrmty&r=pffmyfdhhjfy&s=hbnhqmvwhnhvfwgsrpljlvmfbrrfncvlqqg&q=1542896370&a=view
Protocol: HTTP/1.1
Server: 208.123.68.12 Austin, United States, ASN30145 (PCUC-AS - PCUC Acquisition LLC, US),
Reverse DNS: mail1.salememail.net
Software: /
Resource Hash: 57712db8056de52c2b3dfb9d359eb76fd17b16bae0f14500ac7a994fb66a0c9c

Request headers

Host: www.salememail.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Set-Cookie: JSESSIONID=B85BC63FFC072C764B19309965A8166F; Path=/; HttpOnly
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Date: Tue, 27 Nov 2018 11:07:39 GMT
Server

GET
S

200

all.js Show response
connect.facebook.net/en_US/
Redirect Chain

http://connect.facebook.net/en_US/all.js
https://connect.facebook.net/en_US/all.js

3 KB
4 KB

17ms
6ms

Script
application/x-javascript

2a03:2880:f02d:12:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/all.js

Requested by

Host: www.salememail.net
URL: http://www.salememail.net/ViewMessage.do?m=grlytgrmty&r=pffmyfdhhjfy&s=hbnhqmvwhnhvfwgsrpljlvmfbrrfncvlqqg&q=1542896370&a=view

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

/

Resource Hash

c035035de654e86ac317d667160ef3753b1670f4f5443d6032e9174f19fe6ce2

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' .atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com:* wss://.facebook.com: https://fb.scanandcleanlocal.com:* .atlassolutions.com attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: http://www.salememail.net/ViewMessage.do?m=grlytgrmty&r=pffmyfdhhjfy&s=hbnhqmvwhnhvfwgsrpljlvmfbrrfncvlqqg&q=1542896370&a=view
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
x-content-type-options: nosniff
content-md5: 8lCwlQOxg1aH1G+sclvaSA==
status: 200
content-length: 3480
x-xss-protection: 0
x-fb-debug: DWfmu079shbNGnAh3phWQWMyTXf0TsRet/gGAlVA7H/oC/SU4QW+x/4VcJezfZR0GpBsO8OxvT2y96lZfGQMmg==
x-fb-content-md5: f250b09503b1835687d46fac725bda48
date: Tue, 27 Nov 2018 11:08:00 GMT
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
etag: "61770eff002b17bfe01de18f0e03ba03"
timing-allow-origin: *
expires: Tue, 27 Nov 2018 11:24:01 GMT

Redirect headers

Location: https://connect.facebook.net/en_US/all.js
Non-Authoritative-Reason: HSTS

GET
H/1.1 200
OK sscsrlbksjstbpkdtcfhztwzbltpvffpjmbzrrdsvpjcjvl_phfmyfdhhjfybhmyqdvljcf.gif
4a3179.efeedbacktrk.com/ 68 B
417 B 604ms
145ms Image
image/png 96.46.128.252
Cyber Generation Inc

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://4a3179.efeedbacktrk.com/sscsrlbksjstbpkdtcfhztwzbltpvffpjmbzrrdsvpjcjvl_phfmyfdhhjfybhmyqdvljcf.gif
Requested by: Host: www.salememail.net
URL: http://www.salememail.net/ViewMessage.do?m=grlytgrmty&r=pffmyfdhhjfy&s=hbnhqmvwhnhvfwgsrpljlvmfbrrfncvlqqg&q=1542896370&a=view
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 96.46.128.252 Austin, United States, ASN18499 (CYBER-GENERATION - Cyber Generation Inc, CA),
Reverse DNS: www.efeedbacktrk.com
Software: /
Resource Hash: 2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

Referer: http://www.salememail.net/ViewMessage.do?m=grlytgrmty&r=pffmyfdhhjfy&s=hbnhqmvwhnhvfwgsrpljlvmfbrrfncvlqqg&q=1542896370&a=view
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 27 Nov 2018 11:07:44 GMT
Server
Content-Type: image/png;charset=utf-8
Cache-Control: private, max-age=0, no-cache, no-store, must-revalidate
imagetoolbar: no
Content-Length: 68
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK Thanksgiving-2016-A.jpg
media.salemwebnetwork.com/htmlemails/housesends/thanksgiving2016/ 224 KB
224 KB 102ms
29ms Image
image/jpeg 205.185.216.42
Highwinds Network...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://media.salemwebnetwork.com/htmlemails/housesends/thanksgiving2016/Thanksgiving-2016-A.jpg
Requested by: Host: www.salememail.net
URL: http://www.salememail.net/ViewMessage.do?m=grlytgrmty&r=pffmyfdhhjfy&s=hbnhqmvwhnhvfwgsrpljlvmfbrrfncvlqqg&q=1542896370&a=view
Protocol: HTTP/1.1
Server: 205.185.216.42 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS: map2.hwcdn.net
Software: nginx / ASP.NET
Resource Hash: e4876c8c749c8c163fc44b7a8f1b06c6cce7ffc9802a8212e3dfdc13bb604311

Request headers

Referer: http://www.salememail.net/ViewMessage.do?m=grlytgrmty&r=pffmyfdhhjfy&s=hbnhqmvwhnhvfwgsrpljlvmfbrrfncvlqqg&q=1542896370&a=view
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 27 Nov 2018 11:08:00 GMT
ETag: "c5a5f6c12b40d21:0"
Last-Modified: Wed, 16 Nov 2016 17:06:22 GMT
Server: nginx
X-Powered-By: ASP.NET
X-HW: 1543316880.dop001.fr8.t,1543316880.cds103.fr8.c
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=2592000
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 229362
X-Proxy-Cache: MISS

GET
S 200 all.js Show response
connect.facebook.net/en_US/ Frame C230 171 KB
172 KB 8ms
7ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/all.js?hash=20d19bfdc10d349d887c29e3000b7621&ua=modern_es6

Requested by

Host: www.salememail.net
URL: http://www.salememail.net/ViewMessage.do?m=grlytgrmty&r=pffmyfdhhjfy&s=hbnhqmvwhnhvfwgsrpljlvmfbrrfncvlqqg&q=1542896370&a=view

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

/

Resource Hash

cf8232e3d5f3364d879581d1a0cf5ada6fcf1abced999d922f939fcc8143173e

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' .atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com:* wss://.facebook.com: https://fb.scanandcleanlocal.com:* .atlassolutions.com attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: http://www.salememail.net/ViewMessage.do?m=grlytgrmty&r=pffmyfdhhjfy&s=hbnhqmvwhnhvfwgsrpljlvmfbrrfncvlqqg&q=1542896370&a=view
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
x-content-type-options: nosniff
content-md5: 5r0/3S0AcmmU8cbepN5H6w==
status: 200
content-length: 174878
x-xss-protection: 0
x-fb-debug: 0ZsqBkMo9j9m77lTKqnlFhbDPZpeVpoD3r7+M4wRXGWHP6T3sZitXWyUDodqxTPUqP5psls1vMsf979a6JOQ/g==
x-fb-content-md5: e6bd3fdd2d00726994f1c6dea4de47eb
date: Tue, 27 Nov 2018 11:08:00 GMT
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
etag: "6c16c5e6ac3dcad4fa1fdcea666bc794"
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
timing-allow-origin: *
expires: Wed, 27 Nov 2019 10:43:56 GMT

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| FB number| __DEV__ function| emptyFunction

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			www.salememail.net/	1969-12-31 23:59:59	Name: JSESSIONID Value: B85BC63FFC072C764B19309965A8166F

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

4a3179.efeedbacktrk.com
connect.facebook.net
media.salemwebnetwork.com
www.salememail.net
205.185.216.42
208.123.68.12
2a03:2880:f02d:12:face:b00c:0:3
96.46.128.252
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11
57712db8056de52c2b3dfb9d359eb76fd17b16bae0f14500ac7a994fb66a0c9c
c035035de654e86ac317d667160ef3753b1670f4f5443d6032e9174f19fe6ce2
cf8232e3d5f3364d879581d1a0cf5ada6fcf1abced999d922f939fcc8143173e
e4876c8c749c8c163fc44b7a8f1b06c6cce7ffc9802a8212e3dfdc13bb604311

www.salememail.net Open in urlscan Pro 208.123.68.12 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

5 Requests

60 %HTTPS

25 %IPv6

4 Domains

4 Subdomains

4 IPs

2 Countries

407 kBTransfer

404 kBSize

1 Cookies

0 Outgoing links

Redirected requests

5 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

1 Cookies

Indicators

www.salememail.net Open in urlscan Pro
208.123.68.12 Public Scan

Screenshot
Live screenshot

Full Image

5
Requests

60 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

407 kB
Transfer

404 kB
Size

1
Cookies

5 HTTP transactions
0 data transactions