urlscan.io logo urlscan.io
SecurityTrails logo

fonctionea.fr Open in urlscan Pro
51.159.18.46  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://ad.atdmt.com/c/img;adv=14143134903;ec=1031312034144317;c.a=033112;s.a=;p.a=Sean.weafer;a.a=app38931;qpb=1;?h=...
Effective URL: https://fonctionea.fr/auth03/ws1.php
Submission: On December 15 via manual from IN — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 10 IPs in 5 countries across 10 domains to perform 42 HTTP transactions. The main IP is 51.159.18.46, located in Paris, France and belongs to Online SAS, FR. The main domain is fonctionea.fr.
TLS certificate: Issued by R3 on November 9th 2021. Valid for: 3 months.
This is the only time fonctionea.fr was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

IP Address AS Autonomous System
1 1 2a03:2880:f01... 32934 (FACEBOOK)
2 2620:0:890::100 54113 (FASTLY)
13 152.199.23.37 15133 (EDGECAST)
2 20.190.160.4 8075 (MICROSOFT...)
4 7 51.159.18.46 12876 (Online SAS)
16 130.211.89.115 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
42 10
1    2a03:2880:f01c:8004:face:b00c:0:8c (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
ad.atdmt.com
2    2620:0:890::100 (United States)

ASN54113 (FASTLY, US)
webdirect1.web.app
13    152.199.23.37 (United States)

ASN15133 (EDGECAST, US)
aadcdn.msftauth.net
2    20.190.160.4 (Amsterdam, Netherlands)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
login.live.com
7    51.159.18.46 (Paris, France)

ASN12876 (Online SAS, FR)
PTR: sd-147578.dedibox.fr
fonctionea.fr
www.fonctionea.fr
16    130.211.89.115 (Brussels, Belgium)

ASN15169 (GOOGLE, US)
PTR: 115.89.211.130.bc.googleusercontent.com
www.mercuryeng.com
1    2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    2a00:1450:4001:809::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ajax.googleapis.com
1    2606:4700::6811:f449 (United States)

ASN13335 (CLOUDFLARENET, US)
hello.myfonts.net
1    2a00:1450:4001:82b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
Domain Requested by
16 www.mercuryeng.com fonctionea.fr
www.mercuryeng.com
13 aadcdn.msftauth.net webdirect1.web.app
fonctionea.fr
5 fonctionea.fr 3 redirects webdirect1.web.app
fonctionea.fr
2 www.fonctionea.fr 1 redirects fonctionea.fr
2 login.live.com webdirect1.web.app
fonctionea.fr
2 webdirect1.web.app webdirect1.web.app
1 fonts.gstatic.com fonts.googleapis.com
1 hello.myfonts.net www.mercuryeng.com
1 ajax.googleapis.com www.mercuryeng.com
1 fonts.googleapis.com www.mercuryeng.com
1 ad.atdmt.com 1 redirects
0 www. Failed webdirect1.web.app
42 12

This site contains links to these domains. Also see Links.

Domain
passwordreset.mercuryeng.com
www.mercuryeng.com
privacy.mercuryeng.com
Subject Issuer Validity Valid
web.app
GTS CA 1D4		 2021-12-02 -
2022-03-02		 3 months crt.sh
aadcdn.msftauth.net
DigiCert SHA2 Secure Server CA		 2021-05-13 -
2022-05-13		 a year crt.sh
graph.windows.net
DigiCert SHA2 Secure Server CA		 2021-11-16 -
2022-11-16		 a year crt.sh
fonctionea.fr
R3		 2021-11-09 -
2022-02-07		 3 months crt.sh
*.mercuryeng.com
GlobalSign RSA OV SSL CA 2018		 2021-10-26 -
2022-11-27		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2021-11-29 -
2022-02-21		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-07-10 -
2022-07-09		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2021-11-08 -
2022-01-31		 3 months crt.sh

This page contains 3 frames:

Primary Page: https://fonctionea.fr/auth03/ws1.php
Frame ID: D189F4FE83F702FE57AA650117A22664
Requests: 21 HTTP requests in this frame

Frame: https://www.%3C/?php%20echo%20$domain;%20?%3E
Frame ID: A5C225842E6A041963DF8E86DE7071F2
Requests: 1 HTTP requests in this frame

Frame: https://www.mercuryeng.com/
Frame ID: 374A62989E60E90C7501EE1870BCA222
Requests: 20 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Sign in to your account

Page URL History Show full URLs

  1. https://ad.atdmt.com/c/img;adv=14143134903;ec=1031312034144317;c.a=033112;s.a=;p.a=Sean.weafer;a.... HTTP 302
    https://webdirect1.web.app/s9yWana7Xw9yWaf9yWrq0Hm9yWrB8xury9yWnga7XB8xr7Pm Page URL
  2. http://fonctionea.fr/id.php?url=https://webdirect1.web.app/s9yWana7Xw9yWaf9yWrq0Hm9yWrB8xury9yWng... HTTP 302
    https://fonctionea.fr/auth03/?client-request-id=c2Vhbi53ZWFmZXJAbWVyY3VyeWVuZy5jb20= HTTP 302
    https://fonctionea.fr/auth03/ws1.php Page URL

Page Statistics

42
Requests

93 %
HTTPS

60 %
IPv6

10
Domains

12
Subdomains

10
IPs

5
Countries

8780 kB
Transfer

9307 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://ad.atdmt.com/c/img;adv=14143134903;ec=1031312034144317;c.a=033112;s.a=;p.a=Sean.weafer;a.a=app38931;qpb=1;?h=webdirect1.web.app/s9yWana7Xw9yWaf9yWrq0Hm9yWrB8xury9yWnga7XB8xr7Pm HTTP 302
    https://webdirect1.web.app/s9yWana7Xw9yWaf9yWrq0Hm9yWrB8xury9yWnga7XB8xr7Pm Page URL
  2. http://fonctionea.fr/id.php?url=https://webdirect1.web.app/s9yWana7Xw9yWaf9yWrq0Hm9yWrB8xury9yWnga7XB8xr7Pm HTTP 302
    https://fonctionea.fr/auth03/?client-request-id=c2Vhbi53ZWFmZXJAbWVyY3VyeWVuZy5jb20= HTTP 302
    https://fonctionea.fr/auth03/ws1.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://ad.atdmt.com/c/img;adv=14143134903;ec=1031312034144317;c.a=033112;s.a=;p.a=Sean.weafer;a.a=app38931;qpb=1;?h=webdirect1.web.app/s9yWana7Xw9yWaf9yWrq0Hm9yWrB8xury9yWnga7XB8xr7Pm HTTP 302
  • https://webdirect1.web.app/s9yWana7Xw9yWaf9yWrq0Hm9yWrB8xury9yWnga7XB8xr7Pm
Request Chain 21
  • https://fonctionea.fr/auth03/); HTTP 301
  • https://www.fonctionea.fr/auth03/ HTTP 302
  • https://www.fonctionea.fr/auth03/ws1.php

42 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
s9yWana7Xw9yWaf9yWrq0Hm9yWrB8xury9yWnga7XB8xr7Pm
webdirect1.web.app/
Redirect Chain
  • https://ad.atdmt.com/c/img;adv=14143134903;ec=1031312034144317;c.a=033112;s.a=;p.a=Sean.weafer;a.a=app38931;qpb=1;?h=webdirect1.web.app/s9yWana7Xw9yWaf9yWrq0Hm9yWrB8xury9yWnga7XB8xr7Pm
  • https://webdirect1.web.app/s9yWana7Xw9yWaf9yWrq0Hm9yWrB8xury9yWnga7XB8xr7Pm
28 KB
9 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://webdirect1.web.app/s9yWana7Xw9yWaf9yWrq0Hm9yWrB8xury9yWnga7XB8xr7Pm
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:0:890::100 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
2e993fad99e3a1b9a4bec67e44e02e28f10c67936a66a5358513b9c78d784812
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

cache-control
max-age=3600
content-encoding
gzip
content-type
text/html; charset=utf-8
etag
"846c330a4f5817eead15882d30f00dbc737ba53bafcbfe3ba8af503168b1f120"
last-modified
Wed, 15 Dec 2021 12:58:37 GMT
strict-transport-security
max-age=31556926; includeSubDomains; preload
accept-ranges
bytes
date
Wed, 15 Dec 2021 17:47:07 GMT
x-served-by
cache-mxp6943-MXP
x-cache
MISS
x-cache-hits
0
x-timer
S1639590427.112337,VS0,VE149
vary
x-fh-requested-host, accept-encoding
content-length
9091

Redirect headers

location
https://webdirect1.web.app/s9yWana7Xw9yWaf9yWrq0Hm9yWrB8xury9yWnga7XB8xr7Pm
x-fb-rlafr
0
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
document-policy
force-load-at-top
cross-origin-resource-policy
same-origin
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
unsafe-none
pragma
no-cache
cache-control
private, no-cache, no-store, must-revalidate
expires
Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options
nosniff
x-xss-protection
0
content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
x-frame-options
DENY
content-type
text/html; charset="utf-8"
x-fb-debug
JOeZL1/AP0enctP/hPFFAGA7FbDDQ0NTfu7Mk804szfVRg5Uq7qeo2nUIpl2Yv/gXl/F/FqaMpo/uHur4vinog==
content-length
0
date
Wed, 15 Dec 2021 17:47:07 GMT
converged.v2.login.min_kfhrfyfy-sm2tmkm5ficcw2.css
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ 		108 KB
20 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_kfhrfyfy-sm2tmkm5ficcw2.css
Requested by
Host: webdirect1.web.app
URL: https://webdirect1.web.app/s9yWana7Xw9yWaf9yWrq0Hm9yWrB8xury9yWnga7XB8xr7Pm
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.23.37 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8FCC) /
Resource Hash
8b6a3b17737161e5fe8c29e401372a94b8e650226cf0cd17b4c3c4de5b380b11

Request headers

Referer
https://webdirect1.web.app/
Origin
https://webdirect1.web.app
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 15 Dec 2021 17:47:07 GMT
content-encoding
gzip
content-md5
0O2H9juGYL0zkzcYWr0NIg==
age
6312601
x-cache
HIT
content-length
19877
x-ms-lease-status
unlocked
last-modified
Tue, 28 Sep 2021 21:42:58 GMT
server
ECAcc (frc/8FCC)
etag
0x8D982C8F03AF4D4
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
x-ms-request-id
4cd84846-501e-0061-5f72-b8a27b000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
convergedlogin_pfetchsessionsprogress_3cdbaab1cf6d9b038234.js
aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/ 		15 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_3cdbaab1cf6d9b038234.js
Requested by
Host: webdirect1.web.app
URL: https://webdirect1.web.app/s9yWana7Xw9yWaf9yWrq0Hm9yWrB8xury9yWnga7XB8xr7Pm
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.23.37 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8FC1) /
Resource Hash
0140da8c4170309baa728814f96185de2c71bb6a9101d51cb040ece949aa3128

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://webdirect1.web.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 15 Dec 2021 17:47:07 GMT
content-encoding
gzip
content-md5
iY5CLUIh9JBLJeGkywpVeQ==
age
4179319
x-cache
HIT
content-length
5420
x-ms-lease-status
unlocked
last-modified
Mon, 25 Oct 2021 18:32:55 GMT
server
ECAcc (frc/8FC1)
etag
0x8D997E5DC79B53A
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
fc77aabe-d01e-0043-3cd9-cbd147000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
convergedlogin_pidpdisambiguation_76e0875415977704da38.js
aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pidpdisambiguation_76e0875415977704da38.js
Requested by
Host: webdirect1.web.app
URL: https://webdirect1.web.app/s9yWana7Xw9yWaf9yWrq0Hm9yWrB8xury9yWnga7XB8xr7Pm
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.23.37 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8F96) /
Resource Hash
e9b270d2a6af5d01dd798963a97d66ce020da7501b55c0239c0b5d7c1d5d2375

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://webdirect1.web.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 15 Dec 2021 17:47:07 GMT
content-encoding
gzip
content-md5
1A1WnDfolxSryQ87DZzNXQ==
age
4180464
x-cache
HIT
content-length
2359
x-ms-lease-status
unlocked
last-modified
Mon, 25 Oct 2021 18:32:55 GMT
server
ECAcc (frc/8F96)
etag
0x8D997E5DC900061
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
ec7e0d1c-c01e-000a-3fd6-cbf4c7000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
convergedlogin_ppassword_6f5648a25cfbe86f348c.js
aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/ 		20 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_ppassword_6f5648a25cfbe86f348c.js
Requested by
Host: webdirect1.web.app
URL: https://webdirect1.web.app/s9yWana7Xw9yWaf9yWrq0Hm9yWrB8xury9yWnga7XB8xr7Pm
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.23.37 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8F8B) /
Resource Hash
7cb7621f3eb49c78b89d119106cf42981a3075da154dc96af6ca24f8f68c6f53

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://webdirect1.web.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 15 Dec 2021 17:47:07 GMT
content-encoding
gzip
content-md5
JELxaubb1KDAtUnzSblILg==
age
4202575
x-cache
HIT
content-length
5736
x-ms-lease-status
unlocked
last-modified
Mon, 25 Oct 2021 18:32:56 GMT
server
ECAcc (frc/8F8B)
etag
0x8D997E5DD3425FC
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
82e0f209-401e-006b-7aa2-cb8839000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
Me.htm
login.live.com/ 		0
0 		Other
General
Check archive.org
Download Go to
Full URL
https://login.live.com/Me.htm?v=3
Requested by
Host: webdirect1.web.app
URL: https://webdirect1.web.app/s9yWana7Xw9yWaf9yWrq0Hm9yWrB8xury9yWnga7XB8xr7Pm
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.190.160.4 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://webdirect1.web.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers
converged.v2.login.min_kfhrfyfy-sm2tmkm5ficcw2.css
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ 		0
20 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_kfhrfyfy-sm2tmkm5ficcw2.css
Requested by
Host: webdirect1.web.app
URL: https://webdirect1.web.app/s9yWana7Xw9yWaf9yWrq0Hm9yWrB8xury9yWnga7XB8xr7Pm
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.23.37 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8FCC) /
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://webdirect1.web.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 15 Dec 2021 17:47:07 GMT
content-encoding
gzip
content-md5
0O2H9juGYL0zkzcYWr0NIg==
age
6312601
x-cache
HIT
content-length
19877
x-ms-lease-status
unlocked
last-modified
Tue, 28 Sep 2021 21:42:58 GMT
server
ECAcc (frc/8FCC)
etag
0x8D982C8F03AF4D4
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
x-ms-request-id
4cd84846-501e-0061-5f72-b8a27b000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
ux.converged.login.strings-en-gb.min_-hjcgqxfzfu0cwzblacdqq2.js
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ 		0
12 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ux.converged.login.strings-en-gb.min_-hjcgqxfzfu0cwzblacdqq2.js
Requested by
Host: webdirect1.web.app
URL: https://webdirect1.web.app/s9yWana7Xw9yWaf9yWrq0Hm9yWrB8xury9yWnga7XB8xr7Pm
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.23.37 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8F6C) /
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://webdirect1.web.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 15 Dec 2021 17:47:07 GMT
content-encoding
gzip
content-md5
GYbSFdLE8Xb9pCzSg7cJ6A==
age
4499610
x-cache
HIT
content-length
12608
x-ms-lease-status
unlocked
last-modified
Tue, 19 Oct 2021 04:06:56 GMT
server
ECAcc (frc/8F6C)
etag
0x8D992B5E417004E
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
6044ad75-801e-004b-7fef-c8f668000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
https://www.%3C/?php%20echo%20$domain;%20?%3E
https://www.%3C/?php%20echo%20$domain;%20?%3E Frame A5C2 		0
0
truncated
/ 		4 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type
image/svg+xml
);
webdirect1.web.app/ 		28 KB
28 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://webdirect1.web.app/);
Requested by
Host: webdirect1.web.app
URL: https://webdirect1.web.app/s9yWana7Xw9yWaf9yWrq0Hm9yWrB8xury9yWnga7XB8xr7Pm
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:0:890::100 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://webdirect1.web.app/s9yWana7Xw9yWaf9yWrq0Hm9yWrB8xury9yWnga7XB8xr7Pm
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
gzip
last-modified
Wed, 15 Dec 2021 12:58:37 GMT
x-timer
S1639590427.353326,VS0,VE1
etag
"846c330a4f5817eead15882d30f00dbc737ba53bafcbfe3ba8af503168b1f120"
x-served-by
cache-mxp6943-MXP
vary
x-fh-requested-host, accept-encoding
x-cache
HIT
content-type
text/html; charset=utf-8
cache-control
max-age=3600
date
Wed, 15 Dec 2021 17:47:07 GMT
accept-ranges
bytes
content-length
9091
x-cache-hits
1
Primary Request ws1.php
fonctionea.fr/auth03/
Redirect Chain
  • http://fonctionea.fr/id.php?url=https://webdirect1.web.app/s9yWana7Xw9yWaf9yWrq0Hm9yWrB8xury9yWnga7XB8xr7Pm
  • https://fonctionea.fr/auth03/?client-request-id=c2Vhbi53ZWFmZXJAbWVyY3VyeWVuZy5jb20=
  • https://fonctionea.fr/auth03/ws1.php
33 KB
10 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://fonctionea.fr/auth03/ws1.php
Requested by
Host: webdirect1.web.app
URL: https://webdirect1.web.app/s9yWana7Xw9yWaf9yWrq0Hm9yWrB8xury9yWnga7XB8xr7Pm
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
51.159.18.46 Paris, France, ASN12876 (Online SAS, FR),
Reverse DNS
sd-147578.dedibox.fr
Software
nginx /
Resource Hash
f099d8b21efecc134b2187d812a66b32084be84574d1445ac2ff2e5fcc467466
Security Headers
Name Value
Strict-Transport-Security max-age=63072000 max-age=63072000

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://webdirect1.web.app/s9yWana7Xw9yWaf9yWrq0Hm9yWrB8xury9yWnga7XB8xr7Pm#/user/settings/vm_notification/4e90860db9ec/oauth2

Response headers

Date
Wed, 15 Dec 2021 17:47:07 GMT
Server
nginx
Strict-Transport-Security
max-age=63072000 max-age=63072000
Content-Type
text/html
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate
Pragma
no-cache
Content-Encoding
gzip
Keep-Alive
timeout=5, max=99
Connection
Keep-Alive
Transfer-Encoding
chunked

Redirect headers

Date
Wed, 15 Dec 2021 17:47:07 GMT
Server
nginx
Strict-Transport-Security
max-age=63072000 max-age=63072000
Content-Type
text/html
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate
Pragma
no-cache
Location
ws1.php
Content-Length
0
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
converged.v2.login.min_kfhrfyfy-sm2tmkm5ficcw2.css
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ 		108 KB
19 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_kfhrfyfy-sm2tmkm5ficcw2.css
Requested by
Host: fonctionea.fr
URL: https://fonctionea.fr/auth03/ws1.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.23.37 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8FCC) /
Resource Hash
8b6a3b17737161e5fe8c29e401372a94b8e650226cf0cd17b4c3c4de5b380b11

Request headers

Referer
https://fonctionea.fr/
Origin
https://fonctionea.fr
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 15 Dec 2021 17:47:07 GMT
content-encoding
gzip
content-md5
0O2H9juGYL0zkzcYWr0NIg==
age
6312601
x-cache
HIT
content-length
19877
x-ms-lease-status
unlocked
last-modified
Tue, 28 Sep 2021 21:42:58 GMT
server
ECAcc (frc/8FCC)
etag
0x8D982C8F03AF4D4
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
x-ms-request-id
4cd84846-501e-0061-5f72-b8a27b000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
convergedlogin_pfetchsessionsprogress_3cdbaab1cf6d9b038234.js
aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/ 		15 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_3cdbaab1cf6d9b038234.js
Requested by
Host: fonctionea.fr
URL: https://fonctionea.fr/auth03/ws1.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.23.37 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8FC1) /
Resource Hash
0140da8c4170309baa728814f96185de2c71bb6a9101d51cb040ece949aa3128

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://fonctionea.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 15 Dec 2021 17:47:07 GMT
content-encoding
gzip
content-md5
iY5CLUIh9JBLJeGkywpVeQ==
age
4179319
x-cache
HIT
content-length
5420
x-ms-lease-status
unlocked
last-modified
Mon, 25 Oct 2021 18:32:55 GMT
server
ECAcc (frc/8FC1)
etag
0x8D997E5DC79B53A
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
fc77aabe-d01e-0043-3cd9-cbd147000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
convergedlogin_pidpdisambiguation_76e0875415977704da38.js
aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/ 		7 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pidpdisambiguation_76e0875415977704da38.js
Requested by
Host: fonctionea.fr
URL: https://fonctionea.fr/auth03/ws1.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.23.37 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8F96) /
Resource Hash
e9b270d2a6af5d01dd798963a97d66ce020da7501b55c0239c0b5d7c1d5d2375

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://fonctionea.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 15 Dec 2021 17:47:07 GMT
content-encoding
gzip
content-md5
1A1WnDfolxSryQ87DZzNXQ==
age
4180464
x-cache
HIT
content-length
2359
x-ms-lease-status
unlocked
last-modified
Mon, 25 Oct 2021 18:32:55 GMT
server
ECAcc (frc/8F96)
etag
0x8D997E5DC900061
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
ec7e0d1c-c01e-000a-3fd6-cbf4c7000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
convergedlogin_ppassword_6f5648a25cfbe86f348c.js
aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/ 		20 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_ppassword_6f5648a25cfbe86f348c.js
Requested by
Host: fonctionea.fr
URL: https://fonctionea.fr/auth03/ws1.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.23.37 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8F8B) /
Resource Hash
7cb7621f3eb49c78b89d119106cf42981a3075da154dc96af6ca24f8f68c6f53

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://fonctionea.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 15 Dec 2021 17:47:07 GMT
content-encoding
gzip
content-md5
JELxaubb1KDAtUnzSblILg==
age
4202575
x-cache
HIT
content-length
5736
x-ms-lease-status
unlocked
last-modified
Mon, 25 Oct 2021 18:32:56 GMT
server
ECAcc (frc/8F8B)
etag
0x8D997E5DD3425FC
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
82e0f209-401e-006b-7aa2-cb8839000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
logo.svg
fonctionea.fr/auth03/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://fonctionea.fr/auth03/logo.svg
Requested by
Host: fonctionea.fr
URL: https://fonctionea.fr/auth03/ws1.php
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
51.159.18.46 Paris, France, ASN12876 (Online SAS, FR),
Reverse DNS
sd-147578.dedibox.fr
Software
nginx /
Resource Hash
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
Security Headers
Name Value
Strict-Transport-Security max-age=63072000, max-age=63072000

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://fonctionea.fr/auth03/ws1.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Wed, 15 Dec 2021 17:47:07 GMT
Last-Modified
Wed, 15 Dec 2021 14:03:14 GMT
Server
nginx
ETag
"61b9f5a2-e43"
Strict-Transport-Security
max-age=63072000, max-age=63072000
Content-Type
image/svg+xml
Cache-Control
max-age=2592000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
3651
Expires
Fri, 14 Jan 2022 17:47:07 GMT
arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg
aadcdn.msftauth.net/shared/1.0/content/images/ 		513 B
426 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aadcdn.msftauth.net/shared/1.0/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg
Requested by
Host: fonctionea.fr
URL: https://fonctionea.fr/auth03/ws1.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.23.37 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8F6C) /
Resource Hash
34f9db946e89f031a80dfca7b16b2b686469c9886441261ae70a44da1dfa2d58

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://fonctionea.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 15 Dec 2021 17:47:07 GMT
content-encoding
gzip
content-md5
TjUQkZ0p0Y7rbj6LJofS9Q==
age
17326982
x-cache
HIT
content-length
276
x-ms-lease-status
unlocked
last-modified
Thu, 16 Jan 2020 00:32:45 GMT
server
ECAcc (frc/8F6C)
etag
0x8D79A1B9B05915D
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
c711e8bd-e01e-0094-3b45-547244000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
Me.htm
login.live.com/ 		0
0 		Other
General
Check archive.org
Download Go to
Full URL
https://login.live.com/Me.htm?v=3
Requested by
Host: fonctionea.fr
URL: https://fonctionea.fr/auth03/ws1.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.190.160.4 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://fonctionea.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers
converged.v2.login.min_kfhrfyfy-sm2tmkm5ficcw2.css
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ 		0
19 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_kfhrfyfy-sm2tmkm5ficcw2.css
Requested by
Host: fonctionea.fr
URL: https://fonctionea.fr/auth03/ws1.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.23.37 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8FCC) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://fonctionea.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 15 Dec 2021 17:47:07 GMT
content-encoding
gzip
content-md5
0O2H9juGYL0zkzcYWr0NIg==
age
6312601
x-cache
HIT
content-length
19877
x-ms-lease-status
unlocked
last-modified
Tue, 28 Sep 2021 21:42:58 GMT
server
ECAcc (frc/8FCC)
etag
0x8D982C8F03AF4D4
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
x-ms-request-id
4cd84846-501e-0061-5f72-b8a27b000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
ux.converged.login.strings-en-gb.min_-hjcgqxfzfu0cwzblacdqq2.js
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ 		0
12 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ux.converged.login.strings-en-gb.min_-hjcgqxfzfu0cwzblacdqq2.js
Requested by
Host: fonctionea.fr
URL: https://fonctionea.fr/auth03/ws1.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.23.37 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8F6C) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://fonctionea.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 15 Dec 2021 17:47:07 GMT
content-encoding
gzip
content-md5
GYbSFdLE8Xb9pCzSg7cJ6A==
age
4499610
x-cache
HIT
content-length
12608
x-ms-lease-status
unlocked
last-modified
Tue, 19 Oct 2021 04:06:56 GMT
server
ECAcc (frc/8F6C)
etag
0x8D992B5E417004E
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
6044ad75-801e-004b-7fef-c8f668000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
/
www.mercuryeng.com/ Frame 374A 		38 KB
10 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.mercuryeng.com/
Requested by
Host: fonctionea.fr
URL: https://fonctionea.fr/auth03/ws1.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
130.211.89.115 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
115.89.211.130.bc.googleusercontent.com
Software
nginx / WP Engine
Resource Hash
69dc9414202bf46e05da0d17471c3461f5d66a48a0ab0fc173d177876b02b4a5

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://fonctionea.fr/

Response headers

server
nginx
date
Wed, 15 Dec 2021 17:47:07 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding Accept-Encoding Accept-Encoding,User-Agent
link
<https://www.mercuryeng.com/wp-json/>; rel="https://api.w.org/" <https://www.mercuryeng.com/wp-json/wp/v2/pages/30>; rel="alternate"; type="application/json" <https://www.mercuryeng.com/>; rel=shortlink
cache-control
private, must-revalidate
expires
Wed, 15 Dec 2021 17:57:07 GMT
x-powered-by
WP Engine
x-cacheable
NO:Private
x-cache
MISS
x-cache-group
normal
content-encoding
br
ws1.php
www.fonctionea.fr/auth03/
Redirect Chain
  • https://fonctionea.fr/auth03/);
  • https://www.fonctionea.fr/auth03/
  • https://www.fonctionea.fr/auth03/ws1.php
0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.fonctionea.fr/auth03/ws1.php
Requested by
Host: fonctionea.fr
URL: https://fonctionea.fr/auth03/ws1.php
Protocol
HTTP/1.1
Server
51.159.18.46 Paris, France, ASN12876 (Online SAS, FR),
Reverse DNS
sd-147578.dedibox.fr
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://fonctionea.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Redirect headers

Pragma
no-cache
Date
Wed, 15 Dec 2021 17:47:07 GMT
Server
nginx
Strict-Transport-Security
max-age=63072000, max-age=63072000
Content-Type
text/html
Location
ws1.php
Cache-Control
no-store, no-cache, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=5, max=100
Content-Length
0
Expires
Thu, 19 Nov 1981 08:52:00 GMT
css
fonts.googleapis.com/ Frame 374A 		5 KB
998 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Work+Sans:300,400,500,600,800
Requested by
Host: www.mercuryeng.com
URL: https://www.mercuryeng.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
f9ebaef388344a60ade594f4594cfca0801538890a44e27f50b3624da11a9e50
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.mercuryeng.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 15 Dec 2021 17:47:07 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Wed, 15 Dec 2021 17:47:07 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 15 Dec 2021 17:47:07 GMT
style.min.css
www.mercuryeng.com/wp-includes/css/dist/block-library/ Frame 374A 		79 KB
11 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.mercuryeng.com/wp-includes/css/dist/block-library/style.min.css?ver=5.8.2
Requested by
Host: www.mercuryeng.com
URL: https://www.mercuryeng.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
130.211.89.115 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
115.89.211.130.bc.googleusercontent.com
Software
nginx /
Resource Hash
9110fc122dda3067c424d9b8ff7747e2030b0bd9298f69a3683d399ad3373a6a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.mercuryeng.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 17:47:07 GMT
content-encoding
br
last-modified
Wed, 01 Sep 2021 04:05:58 GMT
server
nginx
etag
W/"612efc26-13abe"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
styles.css
www.mercuryeng.com/wp-content/plugins/contact-form-7/includes/css/ Frame 374A 		3 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.mercuryeng.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.5.3
Requested by
Host: www.mercuryeng.com
URL: https://www.mercuryeng.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
130.211.89.115 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
115.89.211.130.bc.googleusercontent.com
Software
nginx /
Resource Hash
e50f9ccd2d6582a58ba1879fa578e60d25fea4c5eedc07deafd14482b2403181

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.mercuryeng.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 17:47:07 GMT
content-encoding
br
last-modified
Tue, 14 Dec 2021 12:21:23 GMT
server
nginx
etag
W/"61b88c43-aab"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
style.min.css
www.mercuryeng.com/wp-content/themes/mercury-2019/assets/css/ Frame 374A 		95 KB
16 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.mercuryeng.com/wp-content/themes/mercury-2019/assets/css/style.min.css?ver=1.40
Requested by
Host: www.mercuryeng.com
URL: https://www.mercuryeng.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
130.211.89.115 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
115.89.211.130.bc.googleusercontent.com
Software
nginx /
Resource Hash
46bc1c3b0ae420080b19a671953fd163f05febe6a9b665635975891568496194

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.mercuryeng.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 17:47:07 GMT
content-encoding
br
last-modified
Wed, 05 May 2021 07:52:19 GMT
server
nginx
etag
W/"60924eb3-17ae2"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
cookieconsent.min.css
www.mercuryeng.com/wp-content/plugins/complianz-gdpr/assets/css/ Frame 374A 		20 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.mercuryeng.com/wp-content/plugins/complianz-gdpr/assets/css/cookieconsent.min.css?ver=5.5.2
Requested by
Host: www.mercuryeng.com
URL: https://www.mercuryeng.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
130.211.89.115 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
115.89.211.130.bc.googleusercontent.com
Software
nginx /
Resource Hash
c21f3f80c9adfdf9070c994d881f2069818a2d409b62834c805a7f17f08c91ef

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.mercuryeng.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 17:47:07 GMT
content-encoding
br
last-modified
Fri, 12 Nov 2021 09:17:03 GMT
server
nginx
etag
W/"618e310f-519d"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
mercury-web-banner-video-static-start-image.jpg
www.mercuryeng.com/wp-content/uploads/2019/06/ Frame 374A 		169 KB
169 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.mercuryeng.com/wp-content/uploads/2019/06/mercury-web-banner-video-static-start-image.jpg
Requested by
Host: www.mercuryeng.com
URL: https://www.mercuryeng.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
130.211.89.115 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
115.89.211.130.bc.googleusercontent.com
Software
nginx /
Resource Hash
59bc441a3d09c37e59168a50a2ba67d7b8076cf72e801bf796e0907ae68308ff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.mercuryeng.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 17:47:07 GMT
last-modified
Fri, 15 May 2020 10:30:00 GMT
server
nginx
etag
"5ebe6f28-2a465"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
content-length
173157
home-video-link-3.jpg
www.mercuryeng.com/wp-content/uploads/2020/12/ Frame 374A 		95 KB
95 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.mercuryeng.com/wp-content/uploads/2020/12/home-video-link-3.jpg
Requested by
Host: www.mercuryeng.com
URL: https://www.mercuryeng.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
130.211.89.115 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
115.89.211.130.bc.googleusercontent.com
Software
nginx /
Resource Hash
426eca1128f03ac573bd74e5925fa8b73c1ac4cc62efe56dd447d4f2c848ad39

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.mercuryeng.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 17:47:07 GMT
last-modified
Thu, 03 Dec 2020 15:40:33 GMT
server
nginx
etag
"5fc906f1-17c3a"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
content-length
97338
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.0.0/ Frame 374A 		84 KB
85 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/3.0.0/jquery.min.js?ver=5.8.2
Requested by
Host: www.mercuryeng.com
URL: https://www.mercuryeng.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
266bcea0bb58b26aa5b16c5aee60d22ccc1ae9d67daeb21db6bad56119c3447d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.mercuryeng.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 01:28:42 GMT
x-content-type-options
nosniff
age
58705
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
86341
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 15 Dec 2022 01:28:42 GMT
script.min.js
www.mercuryeng.com/wp-content/themes/mercury-2019/assets/js/ Frame 374A 		119 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.mercuryeng.com/wp-content/themes/mercury-2019/assets/js/script.min.js?ver=1.14
Requested by
Host: www.mercuryeng.com
URL: https://www.mercuryeng.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
130.211.89.115 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
115.89.211.130.bc.googleusercontent.com
Software
nginx /
Resource Hash
17fc0f8349147a7407173309bb927ef60279099d39d602cee159d589bcc106c2

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.mercuryeng.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 17:47:07 GMT
content-encoding
br
last-modified
Fri, 04 Jun 2021 12:08:30 GMT
server
nginx
etag
W/"60ba17be-1db45"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
cookieconsent.min.js
www.mercuryeng.com/wp-content/plugins/complianz-gdpr/assets/js/ Frame 374A 		25 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.mercuryeng.com/wp-content/plugins/complianz-gdpr/assets/js/cookieconsent.min.js?ver=5.5.2
Requested by
Host: www.mercuryeng.com
URL: https://www.mercuryeng.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
130.211.89.115 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
115.89.211.130.bc.googleusercontent.com
Software
nginx /
Resource Hash
6bc98edf0cba61a3de272e98d378f19f0b1ac2eb64936e55a84eb4178e611142

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.mercuryeng.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 17:47:07 GMT
content-encoding
br
last-modified
Fri, 12 Nov 2021 09:17:03 GMT
server
nginx
etag
W/"618e310f-63f5"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
complianz.min.js
www.mercuryeng.com/wp-content/plugins/complianz-gdpr/assets/js/ Frame 374A 		40 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.mercuryeng.com/wp-content/plugins/complianz-gdpr/assets/js/complianz.min.js?ver=5.5.2
Requested by
Host: www.mercuryeng.com
URL: https://www.mercuryeng.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
130.211.89.115 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
115.89.211.130.bc.googleusercontent.com
Software
nginx /
Resource Hash
0113a3b39333d30c6d03b569cac068f0b36d1976a8d39468e2b876c6a0912ac6

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.mercuryeng.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 17:47:07 GMT
content-encoding
br
last-modified
Fri, 12 Nov 2021 09:17:03 GMT
server
nginx
etag
W/"618e310f-9f1b"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
mercury-home-top-banner-video-live-st3.mp4
www.mercuryeng.com/wp-content/uploads/2019/09/ Frame 374A 		8 MB
8 MB 		Media
General
Check archive.org
Download Go to
Full URL
https://www.mercuryeng.com/wp-content/uploads/2019/09/mercury-home-top-banner-video-live-st3.mp4
Requested by
Host: www.mercuryeng.com
URL: https://www.mercuryeng.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
130.211.89.115 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
115.89.211.130.bc.googleusercontent.com
Software
nginx /
Resource Hash

Request headers

Referer
https://www.mercuryeng.com/
Accept-Encoding
identity;q=1, *;q=0
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Range
bytes=0-

Response headers

date
Wed, 15 Dec 2021 17:47:07 GMT
last-modified
Fri, 15 May 2020 10:30:04 GMT
server
nginx
access-control-allow-origin
*
etag
"5ebe6f2c-7dc7f4"
vary
Accept-Encoding
content-type
video/mp4
Content-Range
bytes 0-8243187/8243188
cache-control
public, max-age=31536000
Content-Length
8243188
391b62
hello.myfonts.net/count/ Frame 374A 		0
354 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://hello.myfonts.net/count/391b62
Requested by
Host: www.mercuryeng.com
URL: https://www.mercuryeng.com/wp-content/themes/mercury-2019/assets/css/style.min.css?ver=1.40
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6811:f449 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.mercuryeng.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 17:47:07 GMT
server
cloudflare
age
1
expect-ct
null
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=604800
accept-ranges
bytes
cf-ray
6be17ecea9984de2-FRA
content-length
0
expires
Thu, 15 Dec 2022 17:47:07 GMT
logo.png
www.mercuryeng.com/wp-content/themes/mercury-2019/assets/images/ Frame 374A 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.mercuryeng.com/wp-content/themes/mercury-2019/assets/images/logo.png
Requested by
Host: www.mercuryeng.com
URL: https://www.mercuryeng.com/wp-content/themes/mercury-2019/assets/css/style.min.css?ver=1.40
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
130.211.89.115 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
115.89.211.130.bc.googleusercontent.com
Software
nginx /
Resource Hash
542ce4801fe7e976e1e02437219fa06b477321d35589fb3b5341fce3ab5ce87e

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.mercuryeng.com/wp-content/themes/mercury-2019/assets/css/style.min.css?ver=1.40
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 17:47:08 GMT
last-modified
Tue, 04 May 2021 13:26:04 GMT
server
nginx
etag
"60914b6c-f75"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
content-length
3957
feature-border-vertical.png
www.mercuryeng.com/wp-content/themes/mercury-2019/assets/images/ Frame 374A 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.mercuryeng.com/wp-content/themes/mercury-2019/assets/images/feature-border-vertical.png
Requested by
Host: www.mercuryeng.com
URL: https://www.mercuryeng.com/wp-content/themes/mercury-2019/assets/css/style.min.css?ver=1.40
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
130.211.89.115 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
115.89.211.130.bc.googleusercontent.com
Software
nginx /
Resource Hash
35c721b14eed8dfe6ad5a95198c86f1f01c69ee8402ba190534b845cfc1c4740

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.mercuryeng.com/wp-content/themes/mercury-2019/assets/css/style.min.css?ver=1.40
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 17:47:08 GMT
last-modified
Tue, 04 May 2021 13:26:04 GMT
server
nginx
etag
"60914b6c-162a"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
content-length
5674
391B62_0_0.woff2
www.mercuryeng.com/wp-content/themes/mercury-2019/assets/fonts/metral/ Frame 374A 		26 KB
27 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.mercuryeng.com/wp-content/themes/mercury-2019/assets/fonts/metral/391B62_0_0.woff2
Requested by
Host: www.mercuryeng.com
URL: https://www.mercuryeng.com/wp-content/themes/mercury-2019/assets/css/style.min.css?ver=1.40
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
130.211.89.115 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
115.89.211.130.bc.googleusercontent.com
Software
nginx /
Resource Hash
ad147523d259b061699abca8760791ce06a8a1f9c5c58d0b16e2dceaeadd338d

Request headers

Referer
https://www.mercuryeng.com/wp-content/themes/mercury-2019/assets/css/style.min.css?ver=1.40
Origin
https://www.mercuryeng.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 17:47:08 GMT
last-modified
Tue, 04 May 2021 13:26:07 GMT
server
nginx
etag
"60914b6f-695f"
vary
Accept-Encoding
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
content-length
26975
QGYsz_wNahGAdqQ43Rh_fKDp.woff2
fonts.gstatic.com/s/worksans/v13/ Frame 374A 		47 KB
48 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/worksans/v13/QGYsz_wNahGAdqQ43Rh_fKDp.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Work+Sans:300,400,500,600,800
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
481b2fb6ea4f714f9b58e143ddb63f973e0fc1b14a4d8213517b4451644c9fae
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.mercuryeng.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Fri, 10 Dec 2021 13:26:13 GMT
x-content-type-options
nosniff
age
447655
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
48480
x-xss-protection
0
last-modified
Wed, 10 Nov 2021 18:05:58 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Sat, 10 Dec 2022 13:26:13 GMT
feature-border.png
www.mercuryeng.com/wp-content/themes/mercury-2019/assets/images/ Frame 374A 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.mercuryeng.com/wp-content/themes/mercury-2019/assets/images/feature-border.png
Requested by
Host: www.mercuryeng.com
URL: https://www.mercuryeng.com/wp-content/themes/mercury-2019/assets/css/style.min.css?ver=1.40
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
130.211.89.115 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
115.89.211.130.bc.googleusercontent.com
Software
nginx /
Resource Hash
e70548070a3dddf0957274f99fc505e9a442cce1f24a8c4d31fb630a697a79dc

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.mercuryeng.com/wp-content/themes/mercury-2019/assets/css/style.min.css?ver=1.40
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 17:47:08 GMT
last-modified
Tue, 04 May 2021 13:26:04 GMT
server
nginx
etag
"60914b6c-130e"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
content-length
4878
footer-logo.png
www.mercuryeng.com/wp-content/themes/mercury-2019/assets/images/ Frame 374A 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.mercuryeng.com/wp-content/themes/mercury-2019/assets/images/footer-logo.png
Requested by
Host: www.mercuryeng.com
URL: https://www.mercuryeng.com/wp-content/themes/mercury-2019/assets/css/style.min.css?ver=1.40
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
130.211.89.115 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
115.89.211.130.bc.googleusercontent.com
Software
nginx /
Resource Hash
9f1d8346a5d267af74ce35d3c41abffed6832916ea965776b8e5e96b7bc4f0d6

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.mercuryeng.com/wp-content/themes/mercury-2019/assets/css/style.min.css?ver=1.40
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 15 Dec 2021 17:47:08 GMT
last-modified
Tue, 04 May 2021 13:26:04 GMT
server
nginx
etag
"60914b6c-a7c"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
content-length
2684

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.
URL
https://www.%3C/?php%20echo%20$domain;%20?%3E

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler object| webpackJsonp boolean| __convergedlogin_pfetchsessionsprogress_3cdbaab1cf6d9b038234 boolean| __convergedlogin_pidpdisambiguation_76e0875415977704da38 boolean| __convergedlogin_ppassword_6f5648a25cfbe86f348c

5 Cookies

Domain/Path Name / Value
fonctionea.fr/ Name: PHPSESSID
Value: uufooqn9nq82e62fisb15fvpdj
.login.live.com/ Name: uaid
Value: c3ec3f0cc4f1428b924b7824414cb2bd
.login.live.com/ Name: MSPRequ
Value: id=N&lt=1639590427&co=2
www.fonctionea.fr/ Name: PHPSESSID
Value: 9r32hg95evgsgqcui6d7757jhd
.myfonts.net/ Name: __cf_bm
Value: 3U2bZ3K0X3OkF8nZUFwPQjxjPMyDtaAbWK_vV2uT.po-1639590427-0-AezE8u7m4SoEjIfATkCSnx6XlydA7MMrUlXInf1g93OE6ObalZpyIQCXZVbUetJLLBYmxJPXyNSStM8E9ZYMxwE=

2 Console Messages

Source Level URL
Text
network error URL: https://webdirect1.web.app/s9yWana7Xw9yWaf9yWrq0Hm9yWrB8xury9yWnga7XB8xr7Pm
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://webdirect1.web.app/);
Message:
Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aadcdn.msftauth.net
ad.atdmt.com
ajax.googleapis.com
fonctionea.fr
fonts.googleapis.com
fonts.gstatic.com
hello.myfonts.net
login.live.com
webdirect1.web.app
www.
www.fonctionea.fr
www.mercuryeng.com
www.
130.211.89.115
152.199.23.37
20.190.160.4
2606:4700::6811:f449
2620:0:890::100
2a00:1450:4001:809::200a
2a00:1450:4001:82b::2003
2a00:1450:4001:831::200a
2a03:2880:f01c:8004:face:b00c:0:8c
51.159.18.46
0113a3b39333d30c6d03b569cac068f0b36d1976a8d39468e2b876c6a0912ac6
0140da8c4170309baa728814f96185de2c71bb6a9101d51cb040ece949aa3128
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
17fc0f8349147a7407173309bb927ef60279099d39d602cee159d589bcc106c2
266bcea0bb58b26aa5b16c5aee60d22ccc1ae9d67daeb21db6bad56119c3447d
2e993fad99e3a1b9a4bec67e44e02e28f10c67936a66a5358513b9c78d784812
34f9db946e89f031a80dfca7b16b2b686469c9886441261ae70a44da1dfa2d58
35c721b14eed8dfe6ad5a95198c86f1f01c69ee8402ba190534b845cfc1c4740
426eca1128f03ac573bd74e5925fa8b73c1ac4cc62efe56dd447d4f2c848ad39
46bc1c3b0ae420080b19a671953fd163f05febe6a9b665635975891568496194
481b2fb6ea4f714f9b58e143ddb63f973e0fc1b14a4d8213517b4451644c9fae
542ce4801fe7e976e1e02437219fa06b477321d35589fb3b5341fce3ab5ce87e
59bc441a3d09c37e59168a50a2ba67d7b8076cf72e801bf796e0907ae68308ff
69dc9414202bf46e05da0d17471c3461f5d66a48a0ab0fc173d177876b02b4a5
6bc98edf0cba61a3de272e98d378f19f0b1ac2eb64936e55a84eb4178e611142
7cb7621f3eb49c78b89d119106cf42981a3075da154dc96af6ca24f8f68c6f53
8b6a3b17737161e5fe8c29e401372a94b8e650226cf0cd17b4c3c4de5b380b11
9110fc122dda3067c424d9b8ff7747e2030b0bd9298f69a3683d399ad3373a6a
9f1d8346a5d267af74ce35d3c41abffed6832916ea965776b8e5e96b7bc4f0d6
ad147523d259b061699abca8760791ce06a8a1f9c5c58d0b16e2dceaeadd338d
c21f3f80c9adfdf9070c994d881f2069818a2d409b62834c805a7f17f08c91ef
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e50f9ccd2d6582a58ba1879fa578e60d25fea4c5eedc07deafd14482b2403181
e70548070a3dddf0957274f99fc505e9a442cce1f24a8c4d31fb630a697a79dc
e9b270d2a6af5d01dd798963a97d66ce020da7501b55c0239c0b5d7c1d5d2375
f099d8b21efecc134b2187d812a66b32084be84574d1445ac2ff2e5fcc467466
f9ebaef388344a60ade594f4594cfca0801538890a44e27f50b3624da11a9e50