trk.theparcdesaffaires.fr Open in urlscan Pro
51.254.21.140 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://trk.theparcdesaffaires.fr/view/4bab9e0823a745c2de225d6d1e1f1ed9/3DBU-jvyfwQ.php
Submission: On October 13 via api (October 13th 2019, 3:14:43 am UTC) from BE

Summary HTTP 16 Redirects Behaviour Indicators

Summary

This website contacted 7 IPs in 2 countries across 8 domains to perform 16 HTTP transactions. The main IP is 51.254.21.140, located in France and belongs to OVH, FR. The main domain is trk.theparcdesaffaires.fr.
TLS certificate: Issued by Let's Encrypt Authority X3 on October 2nd 2019. Valid for: 3 months.

This is the only time trk.theparcdesaffaires.fr was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2	51.254.21.140 51.254.21.140	16276 (OVH) (OVH)
2 4	109.232.196.59 109.232.196.59	50234 (EULERIAN-AS) (EULERIAN-AS)
7	2600:9000:21f... 2600:9000:21f3:8400:15:d887:89c0:21	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2	35.190.62.241 35.190.62.241	15169 (GOOGLE) (GOOGLE - Google LLC)
1 1	2606:4700:30:... 2606:4700:30::681b:b8f0	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	2606:4700:30:... 2606:4700:30::681f:48e9	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	2606:4700:30:... 2606:4700:30::6812:3197	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	2a02:8400:21:... 2a02:8400:21:1::3	15557 (LDCOMNET) (LDCOMNET)
16	7

2 51.254.21.140 (France)

ASN16276 (OVH, FR)
PTR: trk.affihosting.net

trk.theparcdesaffaires.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 109.232.196.59 (France) 2 redirects

ASN50234 (EULERIAN-AS, FR)
PTR: sfr.eulerian.net

netc.sfr.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2600:9000:21f3:8400:15:d887:89c0:21 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)

d2ua00lbrp1mp3.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.190.62.241 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: 241.62.190.35.bc.googleusercontent.com

event.reelevant.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:30::681b:b8f0 (United States) 1 redirects

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

collecte.guiredirection.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:30::681f:48e9 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

collecte.aventurecollecte.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:30::6812:3197 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

www.gamguiwill.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:8400:21:1::3 (France)

ASN15557 (LDCOMNET, FR)

static.s-sfr.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	cloudfront.net d2ua00lbrp1mp3.cloudfront.net	182 KB
4	sfr.fr 2 redirects netc.sfr.fr	3 KB
2	reelevant.com event.reelevant.com	246 KB
2	theparcdesaffaires.fr trk.theparcdesaffaires.fr	5 KB
1	s-sfr.fr static.s-sfr.fr	35 KB
1	gamguiwill.com www.gamguiwill.com	60 KB
1	aventurecollecte.com collecte.aventurecollecte.com	563 B
1	guiredirection.com 1 redirects collecte.guiredirection.com	491 B
16	8

	Domain	Requested by
7	d2ua00lbrp1mp3.cloudfront.net	trk.theparcdesaffaires.fr
4	netc.sfr.fr	2 redirects trk.theparcdesaffaires.fr
2	event.reelevant.com	trk.theparcdesaffaires.fr
2	trk.theparcdesaffaires.fr	trk.theparcdesaffaires.fr
1	static.s-sfr.fr	trk.theparcdesaffaires.fr
1	www.gamguiwill.com	trk.theparcdesaffaires.fr
1	collecte.aventurecollecte.com	trk.theparcdesaffaires.fr
1	collecte.guiredirection.com	1 redirects
16	8

This site contains no links.

Subject Issuer	Validity	Valid
trk.theparcdesaffaires.fr Let's Encrypt Authority X3	`2019-10-02` - `2019-12-31`	3 months	crt.sh
netc.sfr.fr Let's Encrypt Authority X3	`2019-08-30` - `2019-11-28`	3 months	crt.sh
*.s-sfr.fr Certigna Wild CA	`2017-06-23` - `2020-06-22`	3 years	crt.sh

This page contains 1 frames:

Primary Page: https://trk.theparcdesaffaires.fr/view/4bab9e0823a745c2de225d6d1e1f1ed9/3DBU-jvyfwQ.php
Frame ID: FBDC8AF0957FE99BEA7C08622CEE6979
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

16
Requests

31 %
HTTPS

63 %
IPv6

8
Domains

8
Subdomains

7
IPs

2
Countries

530 kB
Transfer

541 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://netc.sfr.fr/dynview/sfr-fr/pix.gif?eml-publisher=Adventure-Conseil&eml-name=Email-Acquisition-Payant-prospect-tr-fibre-box8-20082019-ac&eseg-name=idrouteur&eseg-item=1347&ea-rnd=%5BRANDOM%5D HTTP 302
https://netc.sfr.fr/dynview/sfr-fr/pix.gif?eml-publisher=Adventure-Conseil&eml-name=Email-Acquisition-Payant-prospect-tr-fibre-box8-20082019-ac&eseg-name=idrouteur&eseg-item=1347&ea-rnd=%5BRANDOM%5D

Request Chain 1

http://netc.sfr.fr/dynview/sfr-fr/pix.gif?eml-publisher=Adventure-Conseil&eml-name=Email-Acquisition-Payant-prospect-tr-fibre-box8-20082019-ac&ea-rnd=%5BRANDOM%5D HTTP 302
https://netc.sfr.fr/dynview/sfr-fr/pix.gif?eml-publisher=Adventure-Conseil&eml-name=Email-Acquisition-Payant-prospect-tr-fibre-box8-20082019-ac&ea-rnd=%5BRANDOM%5D

Request Chain 11

http://collecte.guiredirection.com/tracking/?type=displayemail&i=fg0bb0bdeh0ijed0bhjcci HTTP 301
http://collecte.aventurecollecte.com/tracking/?type=displayemail&iid=fg0bb0bdeh0ijed0bhjcci

16 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request 3DBU-jvyfwQ.php Show response
trk.theparcdesaffaires.fr/view/4bab9e0823a745c2de225d6d1e1f1ed9/ 24 KB
5 KB 139ms
139ms Document
text/html 51.254.21.140
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://trk.theparcdesaffaires.fr/view/4bab9e0823a745c2de225d6d1e1f1ed9/3DBU-jvyfwQ.php
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 51.254.21.140 , France, ASN16276 (OVH, FR),
Reverse DNS: trk.affihosting.net
Software: nginx /
Resource Hash: 7f9692b93ca3824372e5f3ae7aed74e56bc008e6adee28d7492c9b3f84e0328e

Request headers

:method: GET
:authority: trk.theparcdesaffaires.fr
:scheme: https
:path: /view/4bab9e0823a745c2de225d6d1e1f1ed9/3DBU-jvyfwQ.php
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-mode: navigate
sec-fetch-user: ?1
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: none
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1

Response headers

status: 200
server: nginx
date: Sun, 13 Oct 2019 03:14:27 GMT
content-type: text/html;charset=UTF-8
set-cookie: PHPSESSID=ce8psd9r6sb4396e4v0qihgat5; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
x-robots-tag: noindex, noarchive, nosnippet, nofollow
content-encoding: gzip

GET
H/1.1

200
OK

pix.gif
netc.sfr.fr/dynview/sfr-fr/
Redirect Chain

http://netc.sfr.fr/dynview/sfr-fr/pix.gif?eml-publisher=Adventure-Conseil&eml-name=Email-Acquisition-Payant-prospect-tr-fibre-box8-20082019-ac&eseg-name=idrouteur&eseg-item=1347&ea-rnd=%5BRANDOM%5D
https://netc.sfr.fr/dynview/sfr-fr/pix.gif?eml-publisher=Adventure-Conseil&eml-name=Email-Acquisition-Payant-prospect-tr-fibre-box8-20082019-ac&eseg-name=idrouteur&eseg-item=1347&ea-rnd=%5BRANDOM%5D

163 B
764 B

72ms
23ms

Image
image/png

109.232.196.59
EULERIAN-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://netc.sfr.fr/dynview/sfr-fr/pix.gif?eml-publisher=Adventure-Conseil&eml-name=Email-Acquisition-Payant-prospect-tr-fibre-box8-20082019-ac&eseg-name=idrouteur&eseg-item=1347&ea-rnd=%5BRANDOM%5D

Requested by

Host: trk.theparcdesaffaires.fr
URL: https://trk.theparcdesaffaires.fr/view/4bab9e0823a745c2de225d6d1e1f1ed9/3DBU-jvyfwQ.php

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

109.232.196.59 , France, ASN50234 (EULERIAN-AS, FR),

Reverse DNS

sfr.eulerian.net

Software

EWS /

Resource Hash

6c46829208b5004ded357c146a2dd4c56641ca4a8f93c782081dee56c9a332f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Date: Sun, 13 Oct 2019 03:14:28 GMT
X-Content-Type-Options: nosniff
Server: EWS
Strict-Transport-Security: max-age=604800
P3P: policyref="http://netc.sfr.fr/w3c/p3p.xml",CP="NOI DSP COR NID ADMa DEVa OUR IND UNI"
Cache-Control: max-age=0, private
Connection: Close
Accept-Ranges: none
Content-Type: image/png
Content-Length: 163
X-XSS-Protection: 0

Redirect headers

Pragma: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Date: Sun, 13 Oct 2019 03:14:28 GMT
X-Content-Type-Options: nosniff
Server: EWS
Location: https://netc.sfr.fr/dynview/sfr-fr/pix.gif?eml-publisher=Adventure-Conseil&eml-name=Email-Acquisition-Payant-prospect-tr-fibre-box8-20082019-ac&eseg-name=idrouteur&eseg-item=1347&ea-rnd=%5BRANDOM%5D
Cache-Control: max-age=0, private
Connection: Close
Accept-Ranges: none
Content-Length: 0
X-XSS-Protection: 0

GET
H/1.1

200
OK

pix.gif
netc.sfr.fr/dynview/sfr-fr/
Redirect Chain

http://netc.sfr.fr/dynview/sfr-fr/pix.gif?eml-publisher=Adventure-Conseil&eml-name=Email-Acquisition-Payant-prospect-tr-fibre-box8-20082019-ac&ea-rnd=%5BRANDOM%5D
https://netc.sfr.fr/dynview/sfr-fr/pix.gif?eml-publisher=Adventure-Conseil&eml-name=Email-Acquisition-Payant-prospect-tr-fibre-box8-20082019-ac&ea-rnd=%5BRANDOM%5D

163 B
1 KB

74ms
25ms

Image
image/png

109.232.196.59
EULERIAN-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://netc.sfr.fr/dynview/sfr-fr/pix.gif?eml-publisher=Adventure-Conseil&eml-name=Email-Acquisition-Payant-prospect-tr-fibre-box8-20082019-ac&ea-rnd=%5BRANDOM%5D

Requested by

Host: trk.theparcdesaffaires.fr
URL: https://trk.theparcdesaffaires.fr/view/4bab9e0823a745c2de225d6d1e1f1ed9/3DBU-jvyfwQ.php

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

109.232.196.59 , France, ASN50234 (EULERIAN-AS, FR),

Reverse DNS

sfr.eulerian.net

Software

EWS /

Resource Hash

6c46829208b5004ded357c146a2dd4c56641ca4a8f93c782081dee56c9a332f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Date: Sun, 13 Oct 2019 03:14:28 GMT
X-Content-Type-Options: nosniff
Server: EWS
Strict-Transport-Security: max-age=604800
P3P: policyref="http://netc.sfr.fr/w3c/p3p.xml",CP="NOI DSP COR NID ADMa DEVa OUR IND UNI"
Cache-Control: max-age=0, private
Connection: Close
Accept-Ranges: none
Content-Type: image/png
Content-Length: 163
X-XSS-Protection: 0

Redirect headers

Pragma: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Date: Sun, 13 Oct 2019 03:14:28 GMT
X-Content-Type-Options: nosniff
Server: EWS
Location: https://netc.sfr.fr/dynview/sfr-fr/pix.gif?eml-publisher=Adventure-Conseil&eml-name=Email-Acquisition-Payant-prospect-tr-fibre-box8-20082019-ac&ea-rnd=%5BRANDOM%5D
Cache-Control: max-age=0, private
Connection: Close
Accept-Ranges: none
Content-Length: 0
X-XSS-Protection: 0

GET
H/1.1 200
OK 1dc4d02678ceaa93713662fbd086cb93.png
d2ua00lbrp1mp3.cloudfront.net/SFR_CR_04102019/ 5 KB
6 KB 58ms
31ms Image
image/png 2600:9000:21f3:8400:15:d887:89c0:21
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://d2ua00lbrp1mp3.cloudfront.net/SFR_CR_04102019/1dc4d02678ceaa93713662fbd086cb93.png

Requested by

Host: trk.theparcdesaffaires.fr
URL: https://trk.theparcdesaffaires.fr/view/4bab9e0823a745c2de225d6d1e1f1ed9/3DBU-jvyfwQ.php

Protocol

HTTP/1.1

Server

2600:9000:21f3:8400:15:d887:89c0:21 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

Software

nginx/1.11.5 /

Resource Hash

9639e3d2a5c4ac6d862a0e0ffacf3c95938e2f4bd537300aa3d5389cff3fc022

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sun, 13 Oct 2019 03:14:28 GMT
Via: 1.1 d6b9c7bad28b271f1e800a50d49ab8a4.cloudfront.net (CloudFront)
X-Content-Type-Options: nosniff
Last-Modified: Fri, 04 Oct 2019 07:51:00 GMT
Server: nginx/1.11.5
X-Amz-Cf-Pop: FRA2-C2
ETag: "5d96f9e4-13f8"
X-Frame-Options: SAMEORIGIN
X-Cache: Miss from cloudfront
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 5112
X-XSS-Protection: 1; mode=block
X-Amz-Cf-Id: 73CdyDHeWe2WvxP_cK3iMCK2ABXULJWoa9t_b1daOd5wPMFz436EZQ==

GET
H/1.1 200
OK 5d542ba41e0d1a001ac9b730
event.reelevant.com/i/ 115 KB
116 KB 72ms
57ms Image
image/gif 35.190.62.241
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://event.reelevant.com/i/5d542ba41e0d1a001ac9b730
Requested by: Host: trk.theparcdesaffaires.fr
URL: https://trk.theparcdesaffaires.fr/view/4bab9e0823a745c2de225d6d1e1f1ed9/3DBU-jvyfwQ.php
Protocol: HTTP/1.1
Server: 35.190.62.241 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 241.62.190.35.bc.googleusercontent.com
Software: / Express
Resource Hash: a3fc2fa6c98d783f5ef51366f7f5f1608129e0b57794f711601997792e9ab26a

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 13 Oct 2019 03:14:28 GMT
Via: 1.1 google
X-Powered-By: Express
x-guploader-uploadid: AEnB2Upa362ve9pcFpoPkuIFio_jg-4YOkle40c8Ksx2a-lAl6LBTXf3mrD1wUs-Bwo9vAa24fUxsdMcEVlTpBob_gimSunnDA
x-goog-storage-class: REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 117659
pragma: no-cache
last-modified: Tue, 20 Aug 2019 09:16:43 GMT
x-goog-hash: crc32c=gSkrFQ==, md5=39cNKqkHoHyZ+OiY4tj77w==
x-goog-generation: 1566292603312534
x-cloud-trace-context: b52482cf63f80a540681727e45c6ffe6/16936028571780194078;o=0
cache-control: no-cache, max-age=0, no-store
x-goog-stored-content-length: 117659
accept-ranges: bytes
content-type: image/gif
expires: -1

GET
H/1.1 200
OK 5d822b87150476001dd22d7f
event.reelevant.com/i/ 130 KB
130 KB 73ms
58ms Image
image/png 35.190.62.241
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://event.reelevant.com/i/5d822b87150476001dd22d7f
Requested by: Host: trk.theparcdesaffaires.fr
URL: https://trk.theparcdesaffaires.fr/view/4bab9e0823a745c2de225d6d1e1f1ed9/3DBU-jvyfwQ.php
Protocol: HTTP/1.1
Server: 35.190.62.241 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 241.62.190.35.bc.googleusercontent.com
Software: / Express
Resource Hash: 0d75f6f7730466a50273f232f5f1834054295dca69c1b7ad1a502b64de8f4797

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 13 Oct 2019 03:14:28 GMT
Via: 1.1 google
X-Powered-By: Express
x-guploader-uploadid: AEnB2UpvSY2bdlJ3t3997zZxIocl7F-PjFXcKE2UTe1zWPz8WbI7ygZTVBi7i7z3T3jIFZz0MEpiKzoeBAjCv3xDnTM9xaWxOg
x-goog-storage-class: REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 132887
pragma: no-cache
last-modified: Wed, 18 Sep 2019 13:06:55 GMT
x-goog-hash: crc32c=JFZMrw==, md5=H23WgSdPXUcuxIWioGvapw==
x-goog-generation: 1568812015112595
x-cloud-trace-context: fcbdc99413d64da3b1471ac9551f4d05/15932709693384063826;o=0
cache-control: no-cache, max-age=0, no-store
x-goog-stored-content-length: 132887
accept-ranges: bytes
content-type: image/png
expires: -1

GET
H/1.1 200
OK 1e3289cf5d41d0215e8172dd73bfa806.png
d2ua00lbrp1mp3.cloudfront.net/SFR_CR_04102019/ 60 KB
60 KB 36ms
10ms Image
image/png 2600:9000:21f3:8400:15:d887:89c0:21
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://d2ua00lbrp1mp3.cloudfront.net/SFR_CR_04102019/1e3289cf5d41d0215e8172dd73bfa806.png

Requested by

Host: trk.theparcdesaffaires.fr
URL: https://trk.theparcdesaffaires.fr/view/4bab9e0823a745c2de225d6d1e1f1ed9/3DBU-jvyfwQ.php

Protocol

HTTP/1.1

Server

2600:9000:21f3:8400:15:d887:89c0:21 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

Software

nginx/1.11.5 /

Resource Hash

fe1155a59cec31dca2f34ce8977c4d1c5b3b0be553b75d4fc7919557cab17c15

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sat, 12 Oct 2019 14:27:35 GMT
Via: 1.1 286eb4b50e0acf373dd03645aee00b7f.cloudfront.net (CloudFront)
X-Content-Type-Options: nosniff
Age: 18025
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 61379
X-XSS-Protection: 1; mode=block
Last-Modified: Fri, 04 Oct 2019 07:51:00 GMT
Server: nginx/1.11.5
ETag: "5d96f9e4-efc3"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
X-Amz-Cf-Pop: FRA2-C2
Accept-Ranges: bytes
X-Amz-Cf-Id: szaEv0Wlrk69klJmBkjLSXyVavn8Z418J-nA68be40WMFvvr6GJ1uw==

GET
H/1.1 200
OK 560f0a1bfb67ed3513ea75074612aa78.png
d2ua00lbrp1mp3.cloudfront.net/SFR_CR_04102019/ 108 KB
108 KB 35ms
8ms Image
image/png 2600:9000:21f3:8400:15:d887:89c0:21
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://d2ua00lbrp1mp3.cloudfront.net/SFR_CR_04102019/560f0a1bfb67ed3513ea75074612aa78.png

Requested by

Host: trk.theparcdesaffaires.fr
URL: https://trk.theparcdesaffaires.fr/view/4bab9e0823a745c2de225d6d1e1f1ed9/3DBU-jvyfwQ.php

Protocol

HTTP/1.1

Server

2600:9000:21f3:8400:15:d887:89c0:21 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

Software

nginx/1.11.5 /

Resource Hash

3b97be64a610b9e4e3d0b17f5d686b38185beb6bc4cbb002905e10c58dde6470

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Fri, 04 Oct 2019 10:37:15 GMT
Via: 1.1 590590f04f79f692591f9db0e720a31d.cloudfront.net (CloudFront)
X-Content-Type-Options: nosniff
Age: 18025
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 110334
X-XSS-Protection: 1; mode=block
Last-Modified: Fri, 04 Oct 2019 07:51:00 GMT
Server: nginx/1.11.5
ETag: "5d96f9e4-1aefe"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
X-Amz-Cf-Pop: FRA2-C2
Accept-Ranges: bytes
X-Amz-Cf-Id: PprNKzmv3hOQOCEu0xZ0lz8_1C7eeO5lq6kUjId4FzjEJfi1bdLTPQ==

GET
H/1.1 200
OK 5e6018d37ff22b490a4f777e26379ed5.png
d2ua00lbrp1mp3.cloudfront.net/SFR_CR_04102019/ 1 KB
2 KB 39ms
12ms Image
image/png 2600:9000:21f3:8400:15:d887:89c0:21
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://d2ua00lbrp1mp3.cloudfront.net/SFR_CR_04102019/5e6018d37ff22b490a4f777e26379ed5.png

Requested by

Host: trk.theparcdesaffaires.fr
URL: https://trk.theparcdesaffaires.fr/view/4bab9e0823a745c2de225d6d1e1f1ed9/3DBU-jvyfwQ.php

Protocol

HTTP/1.1

Server

2600:9000:21f3:8400:15:d887:89c0:21 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

Software

nginx/1.11.5 /

Resource Hash

9325fbfb9ca0cc0e68106bd17cd16ebb788678ea3ed772c6b12fb66a543bdb7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Fri, 04 Oct 2019 10:37:15 GMT
Via: 1.1 1e498d046330e15095a1a2a958463bf5.cloudfront.net (CloudFront)
X-Content-Type-Options: nosniff
Last-Modified: Fri, 04 Oct 2019 07:51:00 GMT
Server: nginx/1.11.5
X-Amz-Cf-Pop: FRA2-C2
ETag: "5d96f9e4-537"
X-Frame-Options: SAMEORIGIN
X-Cache: Hit from cloudfront
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1335
X-XSS-Protection: 1; mode=block
X-Amz-Cf-Id: RQRFjhZdzYL_84mX2Qr1GX8110_-d2YKR8vsISxQYAsGzvOxgNMNjg==

GET
H/1.1 200
OK 9fe0068d874514dcdba0c574ddedd5e9.png
d2ua00lbrp1mp3.cloudfront.net/SFR_CR_04102019/ 1 KB
2 KB 33ms
7ms Image
image/png 2600:9000:21f3:8400:15:d887:89c0:21
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://d2ua00lbrp1mp3.cloudfront.net/SFR_CR_04102019/9fe0068d874514dcdba0c574ddedd5e9.png

Requested by

Host: trk.theparcdesaffaires.fr
URL: https://trk.theparcdesaffaires.fr/view/4bab9e0823a745c2de225d6d1e1f1ed9/3DBU-jvyfwQ.php

Protocol

HTTP/1.1

Server

2600:9000:21f3:8400:15:d887:89c0:21 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

Software

nginx/1.11.5 /

Resource Hash

31cbed243e2bf64c70057229d36534447cf12a939e241f152fabaf00c43fbeed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sat, 12 Oct 2019 14:27:36 GMT
Via: 1.1 58b222ebbb6cc6c8c8c9a46127ae3a3e.cloudfront.net (CloudFront)
X-Content-Type-Options: nosniff
Age: 18025
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 1089
X-XSS-Protection: 1; mode=block
Last-Modified: Fri, 04 Oct 2019 07:51:00 GMT
Server: nginx/1.11.5
ETag: "5d96f9e4-441"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
X-Amz-Cf-Pop: FRA2-C2
Accept-Ranges: bytes
X-Amz-Cf-Id: LiqsZqcKXUzunzGAc5DXmPgkqsqRsNEWOcrVbp17BXlV4uh9-PtMkA==

GET
H/1.1 200
OK da93a2538e65c4af00301e7017c1c085.png
d2ua00lbrp1mp3.cloudfront.net/SFR_CR_04102019/ 2 KB
2 KB 64ms
30ms Image
image/png 2600:9000:21f3:8400:15:d887:89c0:21
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://d2ua00lbrp1mp3.cloudfront.net/SFR_CR_04102019/da93a2538e65c4af00301e7017c1c085.png

Requested by

Host: trk.theparcdesaffaires.fr
URL: https://trk.theparcdesaffaires.fr/view/4bab9e0823a745c2de225d6d1e1f1ed9/3DBU-jvyfwQ.php

Protocol

HTTP/1.1

Server

2600:9000:21f3:8400:15:d887:89c0:21 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

Software

nginx/1.11.5 /

Resource Hash

0fabf54815af730cbf3490819b5ea8008e635903b3ec908893613c8d5353a420

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Fri, 04 Oct 2019 10:37:15 GMT
Via: 1.1 58b222ebbb6cc6c8c8c9a46127ae3a3e.cloudfront.net (CloudFront)
X-Content-Type-Options: nosniff
Last-Modified: Fri, 04 Oct 2019 07:51:00 GMT
Server: nginx/1.11.5
X-Amz-Cf-Pop: FRA2-C2
ETag: "5d96f9e4-71e"
X-Frame-Options: SAMEORIGIN
X-Cache: Hit from cloudfront
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1822
X-XSS-Protection: 1; mode=block
X-Amz-Cf-Id: ezlKSeGchxA1dLqw6BnGn6zF0Z85wWa7DgSAk75R_qVpQk3u3Jgp3w==

GET
H/1.1 200
OK 9e382d350a251800eddeddca312a476f.png
d2ua00lbrp1mp3.cloudfront.net/SFR_CR_04102019/ 1 KB
2 KB 21ms
12ms Image
image/png 2600:9000:21f3:8400:15:d887:89c0:21
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://d2ua00lbrp1mp3.cloudfront.net/SFR_CR_04102019/9e382d350a251800eddeddca312a476f.png

Requested by

Host: trk.theparcdesaffaires.fr
URL: https://trk.theparcdesaffaires.fr/view/4bab9e0823a745c2de225d6d1e1f1ed9/3DBU-jvyfwQ.php

Protocol

HTTP/1.1

Server

2600:9000:21f3:8400:15:d887:89c0:21 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

Software

nginx/1.11.5 /

Resource Hash

d380b9486916dab6be7ef98b22bad8f6088538f16174b89960dac5611012ceca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sat, 12 Oct 2019 14:27:36 GMT
Via: 1.1 aab8eb1f7b95159cdf1cf139d0bbc33c.cloudfront.net (CloudFront)
X-Content-Type-Options: nosniff
Last-Modified: Fri, 04 Oct 2019 07:51:00 GMT
Server: nginx/1.11.5
X-Amz-Cf-Pop: FRA2-C2
ETag: "5d96f9e4-57b"
X-Frame-Options: SAMEORIGIN
X-Cache: Hit from cloudfront
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1403
X-XSS-Protection: 1; mode=block
X-Amz-Cf-Id: yhQmDes-9_Y98sIl1QWEptoo80ip_9V40USj1HkPhulx-ccHE-5PuA==

GET
H/1.1

200
OK

/
collecte.aventurecollecte.com/tracking/
Redirect Chain

http://collecte.guiredirection.com/tracking/?type=displayemail&i=fg0bb0bdeh0ijed0bhjcci
http://collecte.aventurecollecte.com/tracking/?type=displayemail&iid=fg0bb0bdeh0ijed0bhjcci

42 B
563 B

86ms
74ms

Image
image/gif

2606:4700:30::681f:48e9
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://collecte.aventurecollecte.com/tracking/?type=displayemail&iid=fg0bb0bdeh0ijed0bhjcci
Requested by: Host: trk.theparcdesaffaires.fr
URL: https://trk.theparcdesaffaires.fr/view/4bab9e0823a745c2de225d6d1e1f1ed9/3DBU-jvyfwQ.php
Protocol: HTTP/1.1
Server: 2606:4700:30::681f:48e9 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: b2c78c910f5ea29e3a9d223dabc203c055c8708b1fe7d83788b490638126db4d

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 13 Oct 2019 03:14:28 GMT
CF-Cache-Status: DYNAMIC
Server: cloudflare
Content-Type: image/gif
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
CF-RAY: 524e24bddb33cbc0-VIE
Content-Length: 42
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date: Sun, 13 Oct 2019 03:14:28 GMT
CF-Cache-Status: DYNAMIC
Server: cloudflare
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
Location: http://collecte.aventurecollecte.com/tracking/?type=displayemail&iid=fg0bb0bdeh0ijed0bhjcci
Connection: keep-alive
CF-RAY: 524e24bd3e568ca4-VIE

GET
H2 200 3DBU-jvyfwQ.php
trk.theparcdesaffaires.fr/pg/4bab9e0823a745c2de225d6d1e1f1ed9/ 43 B
223 B 76ms
75ms Image
image/gif 51.254.21.140
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trk.theparcdesaffaires.fr/pg/4bab9e0823a745c2de225d6d1e1f1ed9/3DBU-jvyfwQ.php
Requested by: Host: trk.theparcdesaffaires.fr
URL: https://trk.theparcdesaffaires.fr/view/4bab9e0823a745c2de225d6d1e1f1ed9/3DBU-jvyfwQ.php
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 51.254.21.140 , France, ASN16276 (OVH, FR),
Reverse DNS: trk.affihosting.net
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://trk.theparcdesaffaires.fr/view/4bab9e0823a745c2de225d6d1e1f1ed9/3DBU-jvyfwQ.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 13 Oct 2019 03:14:27 GMT
server: nginx
p3p: CP="OTI DSP COR CUR IVD CONi OTPi OUR IND UNI STA PRE"
status: 200
cache-control: no-cache, max-age=0
content-type: image/gif
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H/1.1 200
OK bgviolet.png
www.gamguiwill.com/content/20190819143233_1131_6/ 59 KB
60 KB 157ms
118ms Image
image/png 2606:4700:30::6812:3197
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.gamguiwill.com/content/20190819143233_1131_6/bgviolet.png
Requested by: Host: trk.theparcdesaffaires.fr
URL: https://trk.theparcdesaffaires.fr/view/4bab9e0823a745c2de225d6d1e1f1ed9/3DBU-jvyfwQ.php
Protocol: HTTP/1.1
Server: 2606:4700:30::6812:3197 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: fbc76a52a0627b8f65dc16c303cc7ff14ace1785d055ec5be8d06700f7a792ba

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sun, 13 Oct 2019 03:14:28 GMT
CF-Cache-Status: MISS
Last-Modified: Mon, 19 Aug 2019 12:32:33 GMT
Server: cloudflare
ETag: "edac-5907788be7263"
Vary: Accept-Encoding
Content-Type: image/png
Cache-Control: public, max-age=14400
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 524e24bd59edcbb8-VIE
Content-Length: 60844
Expires: Sun, 13 Oct 2019 07:14:28 GMT

GET
H2 200 sfr-1.0-regular-webfont.woff
static.s-sfr.fr/resources/font/ 34 KB
35 KB 29ms
28ms Font
font/woff 2a02:8400:21:1::3
LDCOMNET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.s-sfr.fr/resources/font/sfr-1.0-regular-webfont.woff
Requested by: Host: trk.theparcdesaffaires.fr
URL: https://trk.theparcdesaffaires.fr/view/4bab9e0823a745c2de225d6d1e1f1ed9/3DBU-jvyfwQ.php
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a02:8400:21:1::3 , France, ASN15557 (LDCOMNET, FR),
Reverse DNS
Software: nginx/1.10.3 /
Resource Hash: 5f618841c21775f839c5d4fdf8263c31100724110a105a9ab356b5e00f084ddd

Request headers

Sec-Fetch-Mode: cors
Referer: https://trk.theparcdesaffaires.fr/view/4bab9e0823a745c2de225d6d1e1f1ed9/3DBU-jvyfwQ.php
Origin: https://trk.theparcdesaffaires.fr
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 13 Oct 2019 03:14:28 GMT
via: 1.1 static.s-sfr.fr, 1.1 bdx1-ncdn-middle-http00, 1.1 ren1-ncdn-edge-http01
last-modified: Thu, 05 Jul 2012 08:40:20 GMT
server: nginx/1.10.3
age: 15016
etag: W/"34968-1341477620000"
status: 200
content-type: font/woff
access-control-allow-origin: *
cache-control: max-age=28800, public
x-varnish: 14869757, 316185828 290329536
accept-ranges: bytes
content-length: 34968
expires: Sun, 13 Oct 2019 07:04:11 GMT

Verdicts & Comments Add Verdict or Comment

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			trk.theparcdesaffaires.fr/	1969-12-31 23:59:59	Name: PHPSESSID Value: ce8psd9r6sb4396e4v0qihgat5

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

collecte.aventurecollecte.com
collecte.guiredirection.com
d2ua00lbrp1mp3.cloudfront.net
event.reelevant.com
netc.sfr.fr
static.s-sfr.fr
trk.theparcdesaffaires.fr
www.gamguiwill.com
109.232.196.59
2600:9000:21f3:8400:15:d887:89c0:21
2606:4700:30::6812:3197
2606:4700:30::681b:b8f0
2606:4700:30::681f:48e9
2a02:8400:21:1::3
35.190.62.241
51.254.21.140
0d75f6f7730466a50273f232f5f1834054295dca69c1b7ad1a502b64de8f4797
0fabf54815af730cbf3490819b5ea8008e635903b3ec908893613c8d5353a420
31cbed243e2bf64c70057229d36534447cf12a939e241f152fabaf00c43fbeed
3b97be64a610b9e4e3d0b17f5d686b38185beb6bc4cbb002905e10c58dde6470
5f618841c21775f839c5d4fdf8263c31100724110a105a9ab356b5e00f084ddd
6c46829208b5004ded357c146a2dd4c56641ca4a8f93c782081dee56c9a332f1
7f9692b93ca3824372e5f3ae7aed74e56bc008e6adee28d7492c9b3f84e0328e
9325fbfb9ca0cc0e68106bd17cd16ebb788678ea3ed772c6b12fb66a543bdb7b
9639e3d2a5c4ac6d862a0e0ffacf3c95938e2f4bd537300aa3d5389cff3fc022
a3fc2fa6c98d783f5ef51366f7f5f1608129e0b57794f711601997792e9ab26a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b2c78c910f5ea29e3a9d223dabc203c055c8708b1fe7d83788b490638126db4d
d380b9486916dab6be7ef98b22bad8f6088538f16174b89960dac5611012ceca
fbc76a52a0627b8f65dc16c303cc7ff14ace1785d055ec5be8d06700f7a792ba
fe1155a59cec31dca2f34ce8977c4d1c5b3b0be553b75d4fc7919557cab17c15

trk.theparcdesaffaires.fr Open in urlscan Pro 51.254.21.140 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

16 Requests

31 %HTTPS

63 %IPv6

8 Domains

8 Subdomains

7 IPs

2 Countries

530 kBTransfer

541 kBSize

1 Cookies

0 Outgoing links

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

2 JavaScript Global Variables

1 Cookies

Indicators

trk.theparcdesaffaires.fr Open in urlscan Pro
51.254.21.140 Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

31 %
HTTPS

63 %
IPv6

8
Domains

8
Subdomains

7
IPs

2
Countries

530 kB
Transfer

541 kB
Size

1
Cookies

16 HTTP transactions
0 data transactions