tba877bbf.emailsys1a.net

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 5 HTTP transactions. The main IP is 185.71.125.3, located in Germany and belongs to MEGASPACE-AS, DE. The main domain is tba877bbf.emailsys1a.net.
TLS certificate: Issued by R3 on July 3rd 2022. Valid for: 3 months.

This is the only time tba877bbf.emailsys1a.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2	2001:6a8:3c80... 2001:6a8:3c80::238	2611 (BELNET) (BELNET)
2	185.71.125.3 185.71.125.3	34624 (MEGASPACE-AS) (MEGASPACE-AS)
1	37.208.111.2 37.208.111.2	58010 (UVENSYS) (UVENSYS)
5	3

2 2001:6a8:3c80::238 (Belgium)

ASN2611 (BELNET, BE)

senate.bams.belnet.be	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.71.125.3 (Germany)

ASN34624 (MEGASPACE-AS, DE)

tba877bbf.emailsys1a.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 37.208.111.2 (Frankfurt am Main, Germany)

ASN58010 (UVENSYS, DE)

c.emailsys1a.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	emailsys1a.net tba877bbf.emailsys1a.net c.emailsys1a.net — Cisco Umbrella Rank: 310141	531 KB
2	belnet.be senate.bams.belnet.be	3 KB
5	2

	Domain	Requested by
2	tba877bbf.emailsys1a.net	senate.bams.belnet.be tba877bbf.emailsys1a.net
2	senate.bams.belnet.be	senate.bams.belnet.be
1	c.emailsys1a.net	tba877bbf.emailsys1a.net
5	3

This site contains no links.

Subject Issuer	Validity	Valid
senate.bams.belnet.be GEANT OV RSA CA 4	`2022-05-18` - `2023-05-18`	a year	crt.sh
emailsys1a.net R3	`2022-07-03` - `2022-10-01`	3 months	crt.sh
c.emailsys1a.net ZeroSSL RSA Domain Secure Site CA	`2022-07-18` - `2022-10-16`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://tba877bbf.emailsys1a.net/mailing/51/5623945/15750425/3451/3a274f0c3e/index.html
Frame ID: 75CA7CF59AE59F3A8BA06A18CEE6FDE6
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://senate.bams.belnet.be/fmlurlsvc/?fewReq=:B:JVg8NzU2PCBwOzQoNiBvYjs2Nzw2NyB1b2FoZ3JzdGM7P2U/ZTc+Nj9... Page URL
https://tba877bbf.emailsys1a.net/mailing/51/5623945/15750425/3451/3a274f0c3e/index.html Page URL

Page Statistics

5
Requests

100 %
HTTPS

33 %
IPv6

2
Domains

3
Subdomains

3
IPs

2
Countries

534 kB
Transfer

550 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://senate.bams.belnet.be/fmlurlsvc/?fewReq=:B:JVg8NzU2PCBwOzQoNiBvYjs2Nzw2NyB1b2FoZ3JzdGM7P2U/ZTc+Nj9jPz4+ZGM3MDdiMGcxYzA3Zz5lZWVkZzUwYzY0Z2IxNSByOzcwMz8xND8zNTEgd29iOzQxM0xxc0xcNjc1MDYyKzQxM0xxc0xlNjc1MDYyIHRldnI7IGU7Mj8gbmJqOzY=&url=https://tba877bbf.emailsys1a.net/mailing/51/5623945/15750425/3451/3a274f0c3e/index.html Page URL
https://tba877bbf.emailsys1a.net/mailing/51/5623945/15750425/3451/3a274f0c3e/index.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK / Show response
senate.bams.belnet.be/fmlurlsvc/ 5 KB
2 KB 100ms
21ms Document
text/html 2001:6a8:3c80::238
BELNET

General

Check archive.org

Show headers Download Go to

Full URL

https://senate.bams.belnet.be/fmlurlsvc/?fewReq=:B:JVg8NzU2PCBwOzQoNiBvYjs2Nzw2NyB1b2FoZ3JzdGM7P2U/ZTc+Nj9jPz4+ZGM3MDdiMGcxYzA3Zz5lZWVkZzUwYzY0Z2IxNSByOzcwMz8xND8zNTEgd29iOzQxM0xxc0xcNjc1MDYyKzQxM0xxc0xlNjc1MDYyIHRldnI7IGU7Mj8gbmJqOzY=&url=https://tba877bbf.emailsys1a.net/mailing/51/5623945/15750425/3451/3a274f0c3e/index.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2001:6a8:3c80::238 , Belgium, ASN2611 (BELNET, BE),

Reverse DNS

Software

/

Resource Hash

3bc7b893e2b895dd894b65aaf88a4b345db891ee8a9b945f107425d20f58c340

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 1662
Content-Security-Policy: frame-ancestors 'self'
Content-Type: text/html; CharSet=utf-8
Date: Sat, 13 Aug 2022 13:05:02 GMT
Keep-Alive: timeout=5, max=100
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block

POST
H/1.1 302
Found /
senate.bams.belnet.be//fmlurlsvc/ 101 B
496 B 32ms
32ms XHR
text/plain 2001:6a8:3c80::238
BELNET

General

Check archive.org

Show headers Download Go to

Full URL

https://senate.bams.belnet.be//fmlurlsvc/?fewReq=:B:JVg8NzU2PCBwOzQoNiBvYjs2Nzw2NyB1b2FoZ3JzdGM7P2U/ZTc+Nj9jPz4+ZGM3MDdiMGcxYzA3Zz5lZWVkZzUwYzY0Z2IxNSByOzcwMz8xND8zNTEgd29iOzQxM0xxc0xcNjc1MDYyKzQxM0xxc0xlNjc1MDYyIHRldnI7IGU7Mj8gbmJqOzY=&url=https://tba877bbf.emailsys1a.net/mailing/51/5623945/15750425/3451/3a274f0c3e/index.html&fmlEvlTk

Requested by

Host: senate.bams.belnet.be
URL: https://senate.bams.belnet.be/fmlurlsvc/?fewReq=:B:JVg8NzU2PCBwOzQoNiBvYjs2Nzw2NyB1b2FoZ3JzdGM7P2U/ZTc+Nj9jPz4+ZGM3MDdiMGcxYzA3Zz5lZWVkZzUwYzY0Z2IxNSByOzcwMz8xND8zNTEgd29iOzQxM0xxc0xcNjc1MDYyKzQxM0xxc0xlNjc1MDYyIHRldnI7IGU7Mj8gbmJqOzY=&url=https://tba877bbf.emailsys1a.net/mailing/51/5623945/15750425/3451/3a274f0c3e/index.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2001:6a8:3c80::238 , Belgium, ASN2611 (BELNET, BE),

Reverse DNS

Software

/

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://senate.bams.belnet.be/fmlurlsvc/?fewReq=:B:JVg8NzU2PCBwOzQoNiBvYjs2Nzw2NyB1b2FoZ3JzdGM7P2U/ZTc+Nj9jPz4+ZGM3MDdiMGcxYzA3Zz5lZWVkZzUwYzY0Z2IxNSByOzcwMz8xND8zNTEgd29iOzQxM0xxc0xcNjc1MDYyKzQxM0xxc0xlNjc1MDYyIHRldnI7IGU7Mj8gbmJqOzY=&url=https://tba877bbf.emailsys1a.net/mailing/51/5623945/15750425/3451/3a274f0c3e/index.html
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

Date: Sat, 13 Aug 2022 13:05:02 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Origin: "*"
Transfer-Encoding: chunked
Content-Security-Policy: frame-ancestors 'self'
Connection: Keep-Alive
Keep-Alive: timeout=5, max=99
X-XSS-Protection: 1; mode=block

GET
H2 200 Primary Request index.html Show response
tba877bbf.emailsys1a.net/mailing/51/5623945/15750425/3451/3a274f0c3e/ 18 KB
4 KB 69ms
42ms Document
text/html 185.71.125.3
MEGASPACE-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tba877bbf.emailsys1a.net/mailing/51/5623945/15750425/3451/3a274f0c3e/index.html
Requested by: Host: senate.bams.belnet.be
URL: https://senate.bams.belnet.be/fmlurlsvc/?fewReq=:B:JVg8NzU2PCBwOzQoNiBvYjs2Nzw2NyB1b2FoZ3JzdGM7P2U/ZTc+Nj9jPz4+ZGM3MDdiMGcxYzA3Zz5lZWVkZzUwYzY0Z2IxNSByOzcwMz8xND8zNTEgd29iOzQxM0xxc0xcNjc1MDYyKzQxM0xxc0xlNjc1MDYyIHRldnI7IGU7Mj8gbmJqOzY=&url=https://tba877bbf.emailsys1a.net/mailing/51/5623945/15750425/3451/3a274f0c3e/index.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 185.71.125.3 , Germany, ASN34624 (MEGASPACE-AS, DE),
Reverse DNS
Software: nginx /
Resource Hash: c2290fcb5d2dbc1cf91656a93cb776de3a76170a2c48f84e0b196c12b1060ca7

Request headers

Referer: https://senate.bams.belnet.be/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Sat, 13 Aug 2022 13:05:02 GMT
server: nginx
vary: Accept-Encoding
x-rm-bal: bal1
x-rm-node: w1

GET
H/1.1 200
OK 93fe26164a2bec66c614e0656500d490744dba44.png
c.emailsys1a.net/mailingassets/ 526 KB
527 KB 57ms
14ms Image
image/png 37.208.111.2
UVENSYS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.emailsys1a.net/mailingassets/93fe26164a2bec66c614e0656500d490744dba44.png
Requested by: Host: tba877bbf.emailsys1a.net
URL: https://tba877bbf.emailsys1a.net/mailing/51/5623945/15750425/3451/3a274f0c3e/index.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 37.208.111.2 Frankfurt am Main, Germany, ASN58010 (UVENSYS, DE),
Reverse DNS
Software: nginx /
Resource Hash: 1a47219aa86915f5c93d33414109eedf944e5079416d7e8e2149934780c2b20c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tba877bbf.emailsys1a.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Sat, 13 Aug 2022 13:05:02 GMT
Last-Modified: Mon, 01 Aug 2022 19:07:46 GMT
Server: nginx
ETag: "47cdb004ed469bd33fadcf7ea89270e3"
X-Cache-Status: HIT
x-amz-version-id: LAH4G8xF.sps.x.l.mPShuXROwTVESWS
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000
x-amz-replication-status: COMPLETED
Content-Disposition: inline; filename="tmpimageup_5pu7Uc.png"
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: image/png
Content-Length: 539027

GET
H2 200 862f14143e.gif
tba877bbf.emailsys1a.net/o/51/5623945/2689/0/15750425/3451/ 43 B
169 B 16ms
16ms Image
image/gif 185.71.125.3
MEGASPACE-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tba877bbf.emailsys1a.net/o/51/5623945/2689/0/15750425/3451/862f14143e.gif
Requested by: Host: tba877bbf.emailsys1a.net
URL: https://tba877bbf.emailsys1a.net/mailing/51/5623945/15750425/3451/3a274f0c3e/index.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 185.71.125.3 , Germany, ASN34624 (MEGASPACE-AS, DE),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tba877bbf.emailsys1a.net/mailing/51/5623945/15750425/3451/3a274f0c3e/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-rm-bal: bal1
date: Sat, 13 Aug 2022 13:05:02 GMT
content-encoding: gzip
x-rm-node: w1
vary: Accept-Encoding
server: nginx
content-type: image/gif

Verdicts & Comments Add Verdict or Comment

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

c.emailsys1a.net
senate.bams.belnet.be
tba877bbf.emailsys1a.net
185.71.125.3
2001:6a8:3c80::238
37.208.111.2
1a47219aa86915f5c93d33414109eedf944e5079416d7e8e2149934780c2b20c
3bc7b893e2b895dd894b65aaf88a4b345db891ee8a9b945f107425d20f58c340
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
c2290fcb5d2dbc1cf91656a93cb776de3a76170a2c48f84e0b196c12b1060ca7

tba877bbf.emailsys1a.net Open in urlscan Pro 185.71.125.3 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

5 Requests

100 %HTTPS

33 %IPv6

2 Domains

3 Subdomains

3 IPs

2 Countries

534 kBTransfer

550 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

5 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

8 JavaScript Global Variables

0 Cookies

Security Headers

Indicators

tba877bbf.emailsys1a.net Open in urlscan Pro
185.71.125.3 Public Scan

Screenshot
Live screenshot

Full Image

5
Requests

100 %
HTTPS

33 %
IPv6

2
Domains

3
Subdomains

3
IPs

2
Countries

534 kB
Transfer

550 kB
Size

0
Cookies

5 HTTP transactions
0 data transactions