urlscan.io logo urlscan.io
SecurityTrails logo

m.welcome-email.com Open in urlscan Pro
91.192.43.152  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://m.welcome-email.com/public/read_message.jsp?tsp=1660294726256&custid=6765&uid=7364721912&sig=IEFFNFCGDLKGEHHE&mid=65...
Effective URL: http://m.welcome-email.com/public/read_message.jsp;jsessionid=0;apw72?sigreq=-922741150
Submission: On August 12 via api from BE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 4 countries across 5 domains to perform 19 HTTP transactions. The main IP is 91.192.43.152, located in Germany and belongs to GLOBALACCESS, DE. The main domain is m.welcome-email.com.
This is the only time m.welcome-email.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 2 91.192.43.152 15960 (GLOBALACCESS)
1 2a00:1450:400... 15169 (GOOGLE)
15 195.154.170.50 12876 (Online SAS)
1 2 104.16.40.59 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
19 5
2    91.192.43.152 (Germany)

ASN15960 (GLOBALACCESS, DE)
m.welcome-email.com
1    2a00:1450:400e:80c::200a (Ireland)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
15    195.154.170.50 (France)

ASN12876 (Online SAS, FR)
PTR: 195-154-170-50.rev.poneytelecom.eu
img.remktg.com
2    104.16.40.59 (None, )

ASN13335 (CLOUDFLARENET, US)
fr.loccitane.com
1    2a00:1450:4001:811::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
Apex Domain
Subdomains		 Transfer
15 remktg.com
img.remktg.com
141 KB
2 loccitane.com
fr.loccitane.com
876 B
2 welcome-email.com
m.welcome-email.com
17 KB
1 gstatic.com
fonts.gstatic.com
21 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 67
1 KB
19 5
Domain Requested by
15 img.remktg.com m.welcome-email.com
2 fr.loccitane.com 1 redirects m.welcome-email.com
2 m.welcome-email.com 1 redirects
1 fonts.gstatic.com fonts.googleapis.com
1 fonts.googleapis.com m.welcome-email.com
19 5

This site contains no links.

Subject Issuer Validity Valid
upload.video.google.com
GTS CA 1C3		 2022-07-18 -
2022-10-10		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2022-07-18 -
2022-10-10		 3 months crt.sh

This page contains 1 frames:

Primary Page: http://m.welcome-email.com/public/read_message.jsp;jsessionid=0;apw72?sigreq=-922741150
Frame ID: B8EA73FC37AFAE9FF7CF79E5ABCDDA86
Requests: 19 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

L'Occitane.com

Page URL History Show full URLs

  1. http://m.welcome-email.com/public/read_message.jsp?tsp=1660294726256&custid=6765&uid=7364721912&sig=IEF... HTTP 302
    http://m.welcome-email.com/public/read_message.jsp;jsessionid=0;apw72?sigreq=-922741150 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns

Page Statistics

19
Requests

11 %
HTTPS

40 %
IPv6

5
Domains

5
Subdomains

5
IPs

4
Countries

181 kB
Transfer

176 kB
Size

7
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://m.welcome-email.com/public/read_message.jsp?tsp=1660294726256&custid=6765&uid=7364721912&sig=IEFFNFCGDLKGEHHE&mid=651892139 HTTP 302
    http://m.welcome-email.com/public/read_message.jsp;jsessionid=0;apw72?sigreq=-922741150 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 15
  • https://fr.loccitane.com/offre-de-bienvenue,74,1,98869,1548782.htm?utm_source=medianoe&utm_medium=PRM&utm_campaign=FRFR_alwaysOn_lead_branding_multi_acquisition&utm_term=welcomepack&utm_content=datago HTTP 301
  • https://fr.loccitane.com/offres?utm_source=medianoe&utm_medium=PRM&utm_campaign=FRFR_alwaysOn_lead_branding_multi_acquisition&utm_term=welcomepack&utm_content=datago

19 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request read_message.jsp;jsessionid=0;apw72
m.welcome-email.com/public/
Redirect Chain
  • http://m.welcome-email.com/public/read_message.jsp?tsp=1660294726256&custid=6765&uid=7364721912&sig=IEFFNFCGDLKGEHHE&mid=651892139
  • http://m.welcome-email.com/public/read_message.jsp;jsessionid=0;apw72?sigreq=-922741150
16 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://m.welcome-email.com/public/read_message.jsp;jsessionid=0;apw72?sigreq=-922741150
Protocol
HTTP/1.1
Server
91.192.43.152 , Germany, ASN15960 (GLOBALACCESS, DE),
Reverse DNS
Software
WebServer /
Resource Hash
1c6c83f19a87957ba255c7118c558ee9b9e6d7b3db263b7db164977a64b273cc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-control
max-age=0, private, no-cache, no-store, must-revalidate, proxy-revalidate
Connection
close
Content-Type
text/html;charset=UTF-8
Date
Fri, 12 Aug 2022 13:04:41 GMT
Expires
Thu, 11 Aug 2022 13:04:41 GMT
Feature-Policy
autoplay 'self'; camera 'self'; document-domain 'self'; encrypted-media 'self'; fullscreen 'self'; geolocation 'self'; microphone 'self'; midi 'self'; payment 'self';
P3P
CP="CAO PSA OUR"
Pragma
no-cache
Referrer-Policy
no-referrer, strict-origin-when-cross-origin
Server
WebServer
Transfer-Encoding
chunked
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block

Redirect headers

Connection
Keep-Alive
Content-Length
0
Date
Fri, 12 Aug 2022 13:04:41 GMT
Feature-Policy
autoplay 'self'; camera 'self'; document-domain 'self'; encrypted-media 'self'; fullscreen 'self'; geolocation 'self'; microphone 'self'; midi 'self'; payment 'self';
Keep-Alive
timeout=2, max=1
Location
http://m.welcome-email.com/public/read_message.jsp;jsessionid=0;apw72?sigreq=-922741150
Referrer-Policy
no-referrer, strict-origin-when-cross-origin
Server
WebServer
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block
css
fonts.googleapis.com/ 		2 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Raleway
Requested by
Host: m.welcome-email.com
URL: http://m.welcome-email.com/public/read_message.jsp;jsessionid=0;apw72?sigreq=-922741150
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400e:80c::200a , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
7d3b9b124ab86b33b4c72d29ceca9c5a56e5205e546394f55e1ca7fac57d58d5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://m.welcome-email.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Fri, 12 Aug 2022 11:21:33 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Fri, 12 Aug 2022 13:04:41 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 12 Aug 2022 13:04:41 GMT
pxl.gif
img.remktg.com/loccitane/fr/template/img/ 		43 B
324 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://img.remktg.com/loccitane/fr/template/img/pxl.gif
Requested by
Host: m.welcome-email.com
URL: http://m.welcome-email.com/public/read_message.jsp;jsessionid=0;apw72?sigreq=-922741150
Protocol
HTTP/1.1
Server
195.154.170.50 , France, ASN12876 (Online SAS, FR),
Reverse DNS
195-154-170-50.rev.poneytelecom.eu
Software
nginx / PleskLin
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://m.welcome-email.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date
Fri, 12 Aug 2022 13:04:41 GMT
ETag
"2b-5c3edec2f3d10"
Last-Modified
Fri, 04 Jun 2021 10:12:00 GMT
Server
nginx
X-Powered-By
PleskLin
Content-Type
image/gif
X-Accel-Version
0.01
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
logo.gif
img.remktg.com/loccitane/fr/template/img/ 		4 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://img.remktg.com/loccitane/fr/template/img/logo.gif
Requested by
Host: m.welcome-email.com
URL: http://m.welcome-email.com/public/read_message.jsp;jsessionid=0;apw72?sigreq=-922741150
Protocol
HTTP/1.1
Server
195.154.170.50 , France, ASN12876 (Online SAS, FR),
Reverse DNS
195-154-170-50.rev.poneytelecom.eu
Software
nginx / PleskLin
Resource Hash
b09fa0834e83d8de2e1bbf5755d2233aea6589c5255f3182ca27cf06c1be8a64

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://m.welcome-email.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date
Fri, 12 Aug 2022 13:04:41 GMT
Last-Modified
Wed, 28 Apr 2021 14:03:09 GMT
Server
nginx
X-Powered-By
PleskLin
ETag
"60896b1d-11fb"
Content-Type
image/gif
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
4603
image_offre.php
img.remktg.com/loccitane/fr/wp/a/img/ 		32 KB
32 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://img.remktg.com/loccitane/fr/wp/a/img/image_offre.php
Requested by
Host: m.welcome-email.com
URL: http://m.welcome-email.com/public/read_message.jsp;jsessionid=0;apw72?sigreq=-922741150
Protocol
HTTP/1.1
Server
195.154.170.50 , France, ASN12876 (Online SAS, FR),
Reverse DNS
195-154-170-50.rev.poneytelecom.eu
Software
nginx / PHP/5.5.9-1ubuntu4.29, PleskLin
Resource Hash
164bee84399fd86a75243d626d6542653ee6a7d397fdcd155be43d2400cce48d

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://m.welcome-email.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date
Fri, 12 Aug 2022 13:04:41 GMT
Server
nginx
Connection
keep-alive
X-Powered-By
PHP/5.5.9-1ubuntu4.29, PleskLin
Transfer-Encoding
chunked
Content-Type
image/jpg
image_cadeau.php
img.remktg.com/loccitane/fr/wp/a/img/ 		34 KB
35 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://img.remktg.com/loccitane/fr/wp/a/img/image_cadeau.php
Requested by
Host: m.welcome-email.com
URL: http://m.welcome-email.com/public/read_message.jsp;jsessionid=0;apw72?sigreq=-922741150
Protocol
HTTP/1.1
Server
195.154.170.50 , France, ASN12876 (Online SAS, FR),
Reverse DNS
195-154-170-50.rev.poneytelecom.eu
Software
nginx / PHP/5.5.9-1ubuntu4.29, PleskLin
Resource Hash
469b60917d580ac8fdaaa38df073c4800d1385872241085b0ccf5475bccc0ee1

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://m.welcome-email.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date
Fri, 12 Aug 2022 13:04:41 GMT
Server
nginx
Connection
keep-alive
X-Powered-By
PHP/5.5.9-1ubuntu4.29, PleskLin
Transfer-Encoding
chunked
Content-Type
image/jpg
cta.gif
img.remktg.com/loccitane/fr/wp/a/img/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://img.remktg.com/loccitane/fr/wp/a/img/cta.gif
Requested by
Host: m.welcome-email.com
URL: http://m.welcome-email.com/public/read_message.jsp;jsessionid=0;apw72?sigreq=-922741150
Protocol
HTTP/1.1
Server
195.154.170.50 , France, ASN12876 (Online SAS, FR),
Reverse DNS
195-154-170-50.rev.poneytelecom.eu
Software
nginx / PleskLin
Resource Hash
0e955db7508fe77a709cb48f82e395217a01ecfe01ac9449ea08ce85e69190e8

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://m.welcome-email.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date
Fri, 12 Aug 2022 13:04:41 GMT
Last-Modified
Tue, 02 Aug 2022 14:14:53 GMT
Server
nginx
X-Powered-By
PleskLin
ETag
"62e9315d-430"
Content-Type
image/gif
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1072
btn.gif
img.remktg.com/loccitane/fr/wp/a/img/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://img.remktg.com/loccitane/fr/wp/a/img/btn.gif
Requested by
Host: m.welcome-email.com
URL: http://m.welcome-email.com/public/read_message.jsp;jsessionid=0;apw72?sigreq=-922741150
Protocol
HTTP/1.1
Server
195.154.170.50 , France, ASN12876 (Online SAS, FR),
Reverse DNS
195-154-170-50.rev.poneytelecom.eu
Software
nginx / PleskLin
Resource Hash
3ad611c8adb80f17c73e1aa72f5f44231e69a393369f3e3ba0b380cded00f85e

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://m.welcome-email.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date
Fri, 12 Aug 2022 13:04:41 GMT
Last-Modified
Tue, 02 Aug 2022 14:14:53 GMT
Server
nginx
X-Powered-By
PleskLin
ETag
"62e9315d-424"
Content-Type
image/gif
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1060
nouveaute.jpg
img.remktg.com/loccitane/fr/wp/a/img/ 		10 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://img.remktg.com/loccitane/fr/wp/a/img/nouveaute.jpg
Requested by
Host: m.welcome-email.com
URL: http://m.welcome-email.com/public/read_message.jsp;jsessionid=0;apw72?sigreq=-922741150
Protocol
HTTP/1.1
Server
195.154.170.50 , France, ASN12876 (Online SAS, FR),
Reverse DNS
195-154-170-50.rev.poneytelecom.eu
Software
nginx / PleskLin
Resource Hash
0199ebda7d4d41aeb8bc95edea4fd3f417c4fa7b8a187cd2366f86f3e0945e12

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://m.welcome-email.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date
Fri, 12 Aug 2022 13:04:41 GMT
Last-Modified
Tue, 02 Aug 2022 14:14:53 GMT
Server
nginx
X-Powered-By
PleskLin
ETag
"62e9315d-2936"
Content-Type
image/jpeg
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
10550
bestsellers.jpg
img.remktg.com/loccitane/fr/wp/a/img/ 		14 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://img.remktg.com/loccitane/fr/wp/a/img/bestsellers.jpg
Requested by
Host: m.welcome-email.com
URL: http://m.welcome-email.com/public/read_message.jsp;jsessionid=0;apw72?sigreq=-922741150
Protocol
HTTP/1.1
Server
195.154.170.50 , France, ASN12876 (Online SAS, FR),
Reverse DNS
195-154-170-50.rev.poneytelecom.eu
Software
nginx / PleskLin
Resource Hash
4e1d2838b99479ef498187518318aa7ccd8f35ab0d7b4e0b8bb004d0b2d403fc

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://m.welcome-email.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date
Fri, 12 Aug 2022 13:04:41 GMT
Last-Modified
Tue, 02 Aug 2022 14:14:53 GMT
Server
nginx
X-Powered-By
PleskLin
ETag
"62e9315d-3636"
Content-Type
image/jpeg
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
13878
offres.jpg
img.remktg.com/loccitane/fr/wp/a/img/ 		15 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://img.remktg.com/loccitane/fr/wp/a/img/offres.jpg
Requested by
Host: m.welcome-email.com
URL: http://m.welcome-email.com/public/read_message.jsp;jsessionid=0;apw72?sigreq=-922741150
Protocol
HTTP/1.1
Server
195.154.170.50 , France, ASN12876 (Online SAS, FR),
Reverse DNS
195-154-170-50.rev.poneytelecom.eu
Software
nginx / PleskLin
Resource Hash
90f8f395ae927bbad2cd1874f6e4a84f50a575535346409613501210e694384e

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://m.welcome-email.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date
Fri, 12 Aug 2022 13:04:41 GMT
Last-Modified
Tue, 02 Aug 2022 14:14:53 GMT
Server
nginx
X-Powered-By
PleskLin
ETag
"62e9315d-3bab"
Content-Type
image/jpeg
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
15275
coffrets.jpg
img.remktg.com/loccitane/fr/wp/a/img/ 		13 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://img.remktg.com/loccitane/fr/wp/a/img/coffrets.jpg
Requested by
Host: m.welcome-email.com
URL: http://m.welcome-email.com/public/read_message.jsp;jsessionid=0;apw72?sigreq=-922741150
Protocol
HTTP/1.1
Server
195.154.170.50 , France, ASN12876 (Online SAS, FR),
Reverse DNS
195-154-170-50.rev.poneytelecom.eu
Software
nginx / PleskLin
Resource Hash
6f83af0fcedda005a616fd9a0cb1c59964167507b59fec23d440286787deb57b

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://m.welcome-email.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date
Fri, 12 Aug 2022 13:04:41 GMT
Last-Modified
Tue, 02 Aug 2022 14:14:53 GMT
Server
nginx
X-Powered-By
PleskLin
ETag
"62e9315d-3542"
Content-Type
image/jpeg
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
13634
av1.gif
img.remktg.com/loccitane/fr/template/img/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://img.remktg.com/loccitane/fr/template/img/av1.gif
Requested by
Host: m.welcome-email.com
URL: http://m.welcome-email.com/public/read_message.jsp;jsessionid=0;apw72?sigreq=-922741150
Protocol
HTTP/1.1
Server
195.154.170.50 , France, ASN12876 (Online SAS, FR),
Reverse DNS
195-154-170-50.rev.poneytelecom.eu
Software
nginx / PleskLin
Resource Hash
8854310607cb82b5d7c196e6f24523066eaef3969416d0b07e171a36a994b578

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://m.welcome-email.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date
Fri, 12 Aug 2022 13:04:41 GMT
Last-Modified
Wed, 28 Apr 2021 14:03:09 GMT
Server
nginx
X-Powered-By
PleskLin
ETag
"60896b1d-67e"
Content-Type
image/gif
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1662
av2.gif
img.remktg.com/loccitane/fr/template/img/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://img.remktg.com/loccitane/fr/template/img/av2.gif
Requested by
Host: m.welcome-email.com
URL: http://m.welcome-email.com/public/read_message.jsp;jsessionid=0;apw72?sigreq=-922741150
Protocol
HTTP/1.1
Server
195.154.170.50 , France, ASN12876 (Online SAS, FR),
Reverse DNS
195-154-170-50.rev.poneytelecom.eu
Software
nginx / PleskLin
Resource Hash
00469f4fb020294fac469d49df6aa34a99c31a42984b45fa1e408add717ecc5e

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://m.welcome-email.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date
Fri, 12 Aug 2022 13:04:41 GMT
Last-Modified
Wed, 28 Apr 2021 14:03:09 GMT
Server
nginx
X-Powered-By
PleskLin
ETag
"60896b1d-66d"
Content-Type
image/gif
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1645
av3.gif
img.remktg.com/loccitane/fr/template/img/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://img.remktg.com/loccitane/fr/template/img/av3.gif
Requested by
Host: m.welcome-email.com
URL: http://m.welcome-email.com/public/read_message.jsp;jsessionid=0;apw72?sigreq=-922741150
Protocol
HTTP/1.1
Server
195.154.170.50 , France, ASN12876 (Online SAS, FR),
Reverse DNS
195-154-170-50.rev.poneytelecom.eu
Software
nginx / PleskLin
Resource Hash
0aa75afc7ace967f94fad94ce01cdedf10ae5bcdf7aa9e72eaaab62911ba8434

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://m.welcome-email.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date
Fri, 12 Aug 2022 13:04:41 GMT
Last-Modified
Wed, 28 Apr 2021 14:03:09 GMT
Server
nginx
X-Powered-By
PleskLin
ETag
"60896b1d-6c1"
Content-Type
image/gif
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1729
av4.gif
img.remktg.com/loccitane/fr/template/img/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://img.remktg.com/loccitane/fr/template/img/av4.gif
Requested by
Host: m.welcome-email.com
URL: http://m.welcome-email.com/public/read_message.jsp;jsessionid=0;apw72?sigreq=-922741150
Protocol
HTTP/1.1
Server
195.154.170.50 , France, ASN12876 (Online SAS, FR),
Reverse DNS
195-154-170-50.rev.poneytelecom.eu
Software
nginx / PleskLin
Resource Hash
9da29a5690a6685d84184de0d1bc7a53088ec38aa35a971b7bdd79435d5fa24c

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://m.welcome-email.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date
Fri, 12 Aug 2022 13:04:41 GMT
Last-Modified
Wed, 28 Apr 2021 14:03:09 GMT
Server
nginx
X-Powered-By
PleskLin
ETag
"60896b1d-699"
Content-Type
image/gif
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1689
offres
fr.loccitane.com/
Redirect Chain
  • https://fr.loccitane.com/offre-de-bienvenue,74,1,98869,1548782.htm?utm_source=medianoe&utm_medium=PRM&utm_campaign=FRFR_alwaysOn_lead_branding_multi_acquisition&utm_term=welcomepack&utm_content=datago
  • https://fr.loccitane.com/offres?utm_source=medianoe&utm_medium=PRM&utm_campaign=FRFR_alwaysOn_lead_branding_multi_acquisition&utm_term=welcomepack&utm_content=datago
0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://fr.loccitane.com/offres?utm_source=medianoe&utm_medium=PRM&utm_campaign=FRFR_alwaysOn_lead_branding_multi_acquisition&utm_term=welcomepack&utm_content=datago
Requested by
Host: m.welcome-email.com
URL: http://m.welcome-email.com/public/read_message.jsp;jsessionid=0;apw72?sigreq=-922741150
Protocol
H2
Server
104.16.40.59 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://m.welcome-email.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Redirect headers

pragma
no-cache
date
Fri, 12 Aug 2022 13:04:41 GMT
cf-cache-status
DYNAMIC
server
cloudflare
x-frame-options
SAMEORIGIN
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
accept-encoding
content-type
text/html;charset=UTF-8
location
https://fr.loccitane.com/offres?utm_source=medianoe&utm_medium=PRM&utm_campaign=FRFR_alwaysOn_lead_branding_multi_acquisition&utm_term=welcomepack&utm_content=datago
cache-control
no-cache, no-store, must-revalidate
strict-transport-security
max-age=31536000; includeSubDomains; preload
cf-ray
73996b144af29070-FRA
x-dw-request-base-id
n8r1selP9mIBAAB_
expires
Thu, 01 Dec 1994 16:00:00 GMT
image_mentions.php
img.remktg.com/loccitane/fr/wp/a/img/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://img.remktg.com/loccitane/fr/wp/a/img/image_mentions.php
Requested by
Host: m.welcome-email.com
URL: http://m.welcome-email.com/public/read_message.jsp;jsessionid=0;apw72?sigreq=-922741150
Protocol
HTTP/1.1
Server
195.154.170.50 , France, ASN12876 (Online SAS, FR),
Reverse DNS
195-154-170-50.rev.poneytelecom.eu
Software
nginx / PHP/5.5.9-1ubuntu4.29, PleskLin
Resource Hash
b215dd5f11f2435e62100564d5b45c0e6759c6eecc49bf756aa6e5f9cc87ca88

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://m.welcome-email.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date
Fri, 12 Aug 2022 13:04:41 GMT
Server
nginx
Connection
keep-alive
X-Powered-By
PHP/5.5.9-1ubuntu4.29, PleskLin
Transfer-Encoding
chunked
Content-Type
image/jpg
1Ptxg8zYS_SKggPN4iEgvnHyvveLxVvaorCIPrE.woff2
fonts.gstatic.com/s/raleway/v28/ 		21 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/raleway/v28/1Ptxg8zYS_SKggPN4iEgvnHyvveLxVvaorCIPrE.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Raleway
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c78a1da5fd0868a547cf285748c7fb73006571190385eb71c0d601b6b240ffaf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
http://m.welcome-email.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Mon, 08 Aug 2022 21:05:49 GMT
x-content-type-options
nosniff
age
316732
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
21280
x-xss-protection
0
last-modified
Mon, 18 Jul 2022 19:57:59 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 08 Aug 2023 21:05:49 GMT

Verdicts & Comments Add Verdict or Comment

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch object| navigation

7 Cookies

Domain/Path Name / Value
m.welcome-email.com/ Name: ECM
Value: 1CEB30AF4AD6A0E857351AEB284DE83C
fr.loccitane.com/ Name: dwanonymous_abe6983e7bce55610765f7dc1378d4f2
Value: ac6hO1JaFFw3laHcVkSCLpH4x9
fr.loccitane.com/ Name: sid
Value: MjoxyBlz5_j3LKeiy7RsBju_DwgrQWljarc
fr.loccitane.com/ Name: __cq_dnt
Value: 1
fr.loccitane.com/ Name: dw_dnt
Value: 1
fr.loccitane.com/ Name: dwsid
Value: Upb4na0cBxvRQtI-mSMS2VsTxl2fLomATNmbu4WKH7K_rqY_bv_rjiHvhnLJNxXNDzTxLynUkstmr4Q2OeWJtA==
.loccitane.com/ Name: datadome
Value: .3vEEAvgP.alPRMWJqaLc4gRhEw0yJXy5dVJnU5bsu_HTKKa8_799Zavdc2.L7UAY4YP00taxEpMdCOI7M-7bGiV~65Bb0PS76i0wNIdl4iBiF052q1PE0z1y3T-VijZ

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.googleapis.com
fonts.gstatic.com
fr.loccitane.com
img.remktg.com
m.welcome-email.com
104.16.40.59
195.154.170.50
2a00:1450:4001:811::2003
2a00:1450:400e:80c::200a
91.192.43.152
00469f4fb020294fac469d49df6aa34a99c31a42984b45fa1e408add717ecc5e
0199ebda7d4d41aeb8bc95edea4fd3f417c4fa7b8a187cd2366f86f3e0945e12
0aa75afc7ace967f94fad94ce01cdedf10ae5bcdf7aa9e72eaaab62911ba8434
0e955db7508fe77a709cb48f82e395217a01ecfe01ac9449ea08ce85e69190e8
164bee84399fd86a75243d626d6542653ee6a7d397fdcd155be43d2400cce48d
1c6c83f19a87957ba255c7118c558ee9b9e6d7b3db263b7db164977a64b273cc
3ad611c8adb80f17c73e1aa72f5f44231e69a393369f3e3ba0b380cded00f85e
469b60917d580ac8fdaaa38df073c4800d1385872241085b0ccf5475bccc0ee1
4e1d2838b99479ef498187518318aa7ccd8f35ab0d7b4e0b8bb004d0b2d403fc
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
6f83af0fcedda005a616fd9a0cb1c59964167507b59fec23d440286787deb57b
7d3b9b124ab86b33b4c72d29ceca9c5a56e5205e546394f55e1ca7fac57d58d5
8854310607cb82b5d7c196e6f24523066eaef3969416d0b07e171a36a994b578
90f8f395ae927bbad2cd1874f6e4a84f50a575535346409613501210e694384e
9da29a5690a6685d84184de0d1bc7a53088ec38aa35a971b7bdd79435d5fa24c
b09fa0834e83d8de2e1bbf5755d2233aea6589c5255f3182ca27cf06c1be8a64
b215dd5f11f2435e62100564d5b45c0e6759c6eecc49bf756aa6e5f9cc87ca88
c78a1da5fd0868a547cf285748c7fb73006571190385eb71c0d601b6b240ffaf
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855