t.jblavoro.com - urlscan.io

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 3 HTTP transactions. The main IP is 2606:4700:3037::ac43:bbe0, located in United States and belongs to CLOUDFLARENET, US. The main domain is t.jblavoro.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on March 11th 2023. Valid for: a year.

This is the only time t.jblavoro.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	2606:4700:303... 2606:4700:3037::ac43:bbe0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a03:b0c0:2:d... 2a03:b0c0:2:d0::1329:a001	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
3	2

1 2606:4700:3037::ac43:bbe0 (United States)

ASN13335 (CLOUDFLARENET, US)

t.jblavoro.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:b0c0:2:d0::1329:a001 (Amsterdam, Netherlands)

ASN14061 (DIGITALOCEAN-ASN, US)

aissatou.nl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	aissatou.nl aissatou.nl	958 KB
1	jblavoro.com t.jblavoro.com	3 KB
3	2

	Domain	Requested by
2	aissatou.nl	t.jblavoro.com
1	t.jblavoro.com
3	2

This site contains links to these domains. Also see Links.

Domain
aissatou.nl
beleveny.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-03-11` - `2024-03-09`	a year	crt.sh
aissatou.nl R3	`2023-08-28` - `2023-11-26`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://t.jblavoro.com/campaigns/do666wxljycad
Frame ID: 16CADC180FFAECDADD7D850C5ECAAA07
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Statistics

3
Requests

100 %
HTTPS

100 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

961 kB
Transfer

970 kB
Size

0
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: http://aissatou.nl/YOpKf33JHlL3HGtMaVn
Title: Bestel snel, op = op!

Search URL Search Domain Scan URL

URL: https://beleveny.com/lists/ss118x2l6n0f2/unsubscribe
Title: Afmelden

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

3 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request do666wxljycad Show response
t.jblavoro.com/campaigns/ 13 KB
3 KB 551ms
301ms Document
text/html 2606:4700:3037::ac43:bbe0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://t.jblavoro.com/campaigns/do666wxljycad

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::ac43:bbe0 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PHP/8.1.0RC5

Resource Hash

c9cd96b59e12b3d9674b699210b8875bd2145d875e6f151fc79db274e7a62600

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8099e59f3af21909-FRA
content-encoding: br
content-security-policy: frame-ancestors 'self';
content-type: text/html; charset=UTF-8
date: Wed, 20 Sep 2023 11:58:30 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bxfHmhHi3xyHQvWPwCwYjAQQRjSnjUPd1pnf1sOKZXP%2B13BDfirIIJmXnBnleUCR3JhUX%2FHTZf5FjbyktLhY9nl7GWZFaQIW5cOJv2MYh7ouo4GDtMEUCwLOWqexDT0qzP9hKpQF74wXBhrMrw%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-powered-by: PHP/8.1.0RC5

GET
H2 200 nieuwsbriefafbeelding.png
aissatou.nl/i/6OhQQqcvaDF13/ 956 KB
957 KB 253ms
37ms Image
image/png 2a03:b0c0:2:d0::1329:a001
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aissatou.nl/i/6OhQQqcvaDF13/nieuwsbriefafbeelding.png
Requested by: Host: t.jblavoro.com
URL: https://t.jblavoro.com/campaigns/do666wxljycad
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:b0c0:2:d0::1329:a001 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: Apache/2.4.37 (rocky) /
Resource Hash: ebdd777f5ce7ef0ef4c411d8c79a31d546e4a4a184280ef395ac8fd90141cf4e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://t.jblavoro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 17:11:45 GMT
via: 1.1 varnish (Varnish/7.1)
server: Apache/2.4.37 (rocky)
age: 1882004
x-varnish: 107138727 83071610
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
x-backend-server: RP2
content-length: 978722

GET
H2 200 KqenwHB0SKMj.gif
aissatou.nl/d/ 924 B
1 KB 231ms
16ms Image
image/png 2a03:b0c0:2:d0::1329:a001
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aissatou.nl/d/KqenwHB0SKMj.gif
Requested by: Host: t.jblavoro.com
URL: https://t.jblavoro.com/campaigns/do666wxljycad
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:b0c0:2:d0::1329:a001 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: Apache/2.4.37 (rocky) /
Resource Hash: e99d16f19bdd2f106381e32d2d149cedc9cbe9ccfe9731ee1988548b45159247

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://t.jblavoro.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

expires: Thu, 21 Sep 2023 11:58:30 GMT
pragma: cache
date: Wed, 20 Sep 2023 11:58:30 GMT
cache-control: max-age=86400
server: Apache/2.4.37 (rocky)
x-backend-server: RP2
content-type: image/png

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	URL: https://t.jblavoro.com/campaigns/do666wxljycad Message: Mixed Content: The page at 'https://t.jblavoro.com/campaigns/do666wxljycad' was loaded over HTTPS, but requested an insecure element 'http://aissatou.nl/i/6OhQQqcvaDF13/nieuwsbriefafbeelding.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://t.jblavoro.com/campaigns/do666wxljycad Message: Mixed Content: The page at 'https://t.jblavoro.com/campaigns/do666wxljycad' was loaded over HTTPS, but requested an insecure element 'http://aissatou.nl/d/KqenwHB0SKMj.gif'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://t.jblavoro.com/campaigns/do666wxljycad(Line 136) Message: Mixed Content: The page at 'https://t.jblavoro.com/campaigns/do666wxljycad' was loaded over HTTPS, but requested an insecure element 'http://aissatou.nl/i/6OhQQqcvaDF13/nieuwsbriefafbeelding.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://t.jblavoro.com/campaigns/do666wxljycad(Line 136) Message: Mixed Content: The page at 'https://t.jblavoro.com/campaigns/do666wxljycad' was loaded over HTTPS, but requested an insecure element 'http://aissatou.nl/d/KqenwHB0SKMj.gif'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'self';

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aissatou.nl
t.jblavoro.com
2606:4700:3037::ac43:bbe0
2a03:b0c0:2:d0::1329:a001
c9cd96b59e12b3d9674b699210b8875bd2145d875e6f151fc79db274e7a62600
e99d16f19bdd2f106381e32d2d149cedc9cbe9ccfe9731ee1988548b45159247
ebdd777f5ce7ef0ef4c411d8c79a31d546e4a4a184280ef395ac8fd90141cf4e

t.jblavoro.com Open in urlscan Pro 2606:4700:3037::ac43:bbe0 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Statistics

3 Requests

100 %HTTPS

100 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

961 kBTransfer

970 kBSize

0 Cookies

2 Outgoing links

Redirected requests

3 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

0 Cookies

4 Console Messages

Security Headers

Indicators

t.jblavoro.com Open in urlscan Pro
2606:4700:3037::ac43:bbe0 Public Scan

Screenshot
Live screenshot

Full Image

3
Requests

100 %
HTTPS

100 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

961 kB
Transfer

970 kB
Size

0
Cookies

3 HTTP transactions
0 data transactions