{"report_id":"06f954cb-6dac-4cf2-981e-bc597e4bd5e2","version":6,"status":"done","tags":[],"date":"2026-04-20T10:11:21Z","url":{"schema":"https","addr":"redir.mailreference.fr/c/119/9109040/14264/0/887326426/9125/479632/cf87a9bb62.html","fqdn":"redir.mailreference.fr","domain":"mailreference.fr","tld":"fr"},"ip":{"addr":"37.208.111.5","port":0,"asn":58010,"as":"uvensys GmbH","country":"Germany","country_code":"DE"},"final":{"url":{"schema":"https","addr":"mailreference.fr/arrow/","fqdn":"mailreference.fr","domain":"mailreference.fr","tld":"fr"},"title":"Arrow - Landing Page","dom":{"size":16981,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (1281)","md5":"b3bbb140f5ed7ef8d21bf3097586767e","sha1":"4de9ec6fe569520f7dd5b0433f9f3caa0729b0ca","sha256":"b525d3472433ab773568e80689d7f9fc1f84bb070f8d063f3c5b22cc0b053bfb","sha512":"5f2ac5b92a00dfcb793c2193a6df9aa546ff8160a3273217ac8fc0c793ec6e10e236451033b93660e7a9e423031882f1ca897cb14168a23430f6fc036e56784c","ssdeep":"384:FjBDkjB0jjBetjBBjBcjB/Td5hNq38KG8O0eh25smVYV+Er15tWMv0TCnWmon8jn:vBI2I8KPhJkHp9n","tlshash":"887252505e991c3701478198b4a1db4af9bb8e338a2a859479ff03526fcedc0694f3e9","dom_hash":"domhash30c70e5bc6e43a3b053a9281ce8f0f0b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"redir.mailreference.fr/c/119/9109040/14264/0/887326426/9125/479632/cf87a9bb62.html","fqdn":"redir.mailreference.fr","domain":"mailreference.fr","tld":"fr"},"ip":{"addr":"37.208.111.5","port":0,"asn":58010,"as":"uvensys GmbH","country":"Germany","country_code":"DE"},"tags":["openphish"],"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-25T10:11:21Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":10}},"detection":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"mailreference.fr","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"mailreference.fr","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"mailreference.fr","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"mailreference.fr","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"mailreference.fr","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"redir.mailreference.fr","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"redir.mailreference.fr","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"redir.mailreference.fr","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"redir.mailreference.fr","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"redir.mailreference.fr","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"mailreference.fr","ip":{"addr":"217.160.0.53","port":443,"asn":8560,"as":"IONOS SE","country":"Germany","country_code":"DE"},"domain_registered":"2025-09-12","domain_rank":0,"first_seen":"2026-02-23T03:43:21.40559Z","last_seen":"2026-04-16T05:12:30.414455Z","alert_count":95,"request_count":19,"received_data":654184,"sent_data":8935,"comment":"","tags":null,"fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"Slick","description":"","website":"https://kenwheeler.github.io/slick","common_platform_enumeration":"","icon":"Slick.svg","categories":["JavaScript libraries"]},{"name":"jQuery:2.2.0","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"jQuery CDN","description":"jQuery CDN is a way to include jQuery in your website without actually downloading and keeping it your website's folder.","website":"https://code.jquery.com/","common_platform_enumeration":"","icon":"jQuery.svg","categories":["CDN"]}]},{"fqdn":"redir.mailreference.fr","ip":{"addr":"37.208.111.4","port":443,"asn":58010,"as":"uvensys GmbH","country":"Germany","country_code":"DE"},"domain_registered":"2025-09-12","domain_rank":0,"first_seen":"2026-04-16T05:12:20.694524Z","last_seen":"2026-04-16T05:12:20.694524Z","alert_count":5,"request_count":1,"received_data":15351,"sent_data":550,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"code.jquery.com","ip":{"addr":"151.101.2.137","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2005-12-10","domain_rank":4915,"first_seen":"2012-05-21T17:28:02Z","last_seen":"2026-04-19T23:11:39.14593Z","alert_count":0,"request_count":1,"received_data":86178,"sent_data":424,"comment":"","tags":null,"fingerprints":[{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"mailreference.fr/arrow/","fqdn":"mailreference.fr","domain":"mailreference.fr","tld":"fr"},"ip":{"addr":"217.160.0.53","port":443,"asn":8560,"as":"IONOS SE","country":"Germany","country_code":"DE"},"introduction_type":"eventHandler","is_inline":false,"md5":"907ff32016c8e95da3b470712b3407e2","sha1":"58d5164eb8654c00bccd982ddf22734ff34a2fcb","sha256":"1849cce6ad67618fe20029f2313768bfeb4da7d3857019e70e03575176953577","sha512":"192a5382acbae5f01ccd242927e6f990c5be5d780d815661f2cf32f400d5a90987d293d2488a072834a595919a68921eb5579e78618d8b6c423befff84483ea3","ssdeep":"","tlshash":"9b400000000300300000000c030000003000000003300000000000c00000000333000c","size":7,"data":"","first_seen":"2023-03-10T12:50:22Z","last_seen":"2026-04-20T10:11:22.744118Z","times_seen":3515,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"code.jquery.com/jquery-2.2.0.min.js","fqdn":"code.jquery.com","domain":"jquery.com","tld":"com"},"ip":{"addr":"151.101.2.137","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"6fc159d00dc3cea4153c038739683f93","sha1":"5d7e5bbfa540f0e53bd599e4305e1a4e815b5dd1","sha256":"8a102873a33f24f7eb22221e6b23c4f718e29f85168ecc769a35bfaed9b12cce","sha512":"a574742476d89bdf841a26fac51ff0fae62cfeed95f38a1f3eb0699202d8c8abe165826d514bca4b2d69822f2d25901a72c3f081fd646e1238cf082ef0e28ea8","ssdeep":"1536:kYE1JVoiB9JqZdXXe2pD3PgoIK6alrUnzZ6a4msO7R6xfWBP4TCddWHs3ghna98o:P4KZ+sOsOV6x6pwhna98HrU","tlshash":"1683d6d9b2d6705297b734b850bf410bb17a98dab44c8c60f098d4e47eb4a8e507bf2d","size":85589,"data":"","first_seen":"2023-03-07T01:03:01Z","last_seen":"2026-04-20T11:36:59.79576Z","times_seen":8104,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mailreference.fr/arrow/slick/slick.js","fqdn":"mailreference.fr","domain":"mailreference.fr","tld":"fr"},"ip":{"addr":"217.160.0.53","port":443,"asn":8560,"as":"IONOS SE","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":false,"md5":"5f8f4aed010e1afe499184d8197309f9","sha1":"097f6a1b4f115e9b6ebefa70d76d830733bcc9ba","sha256":"0aaa4cf927b0e3631cffbe62f6786810aa65348483cd950e49f634a0881b16b4","sha512":"01c7606b23491608bdff75c6e6ef468155d948ba492acbf74c1f8af91614832ee0655dd96ae7c2cb70b14fd608bc5987862f57e22c71d471454577ceebc0a87e","ssdeep":"1536:lXWVBuGGI2R7R+FXDyMibroAPoJATv2UsWNuJ:lXWVLGI2R7R+FTyMibroAwJATAJ","tlshash":"ff93ed0b55e6131294a731bd6bdfc028b3ba91275504ed9cbccc4385afd45288feabe4","size":88955,"data":"","first_seen":"2023-03-07T01:06:40Z","last_seen":"2026-04-20T10:11:22.735477Z","times_seen":16702,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mailreference.fr/arrow/","fqdn":"mailreference.fr","domain":"mailreference.fr","tld":"fr"},"ip":{"addr":"217.160.0.53","port":443,"asn":8560,"as":"IONOS SE","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":true,"md5":"5eb1d9cffca5fe4adca6b8981b383535","sha1":"660d820059e877221087635336835d7ef873f192","sha256":"55649771d361ed36eed2df40c03b5d79f751582cce7f44801f4b66302614ca83","sha512":"9f23c9734319bd0f89564fcc86591c4ea56c85b2a2b3cc5a2b366516ebcb0865afb62dc80779d537f4bae00a3364c996ad540f023cdbb9f2902fb44fda43484c","ssdeep":"","tlshash":"1621af7a7bba25f40be6a06637cd471560f5c9112c82d251762c04055fd0ec46af27fd","size":1175,"data":"","first_seen":"2026-02-11T10:33:15.300391Z","last_seen":"2026-04-20T10:11:22.744692Z","times_seen":39,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mailreference.fr/arrow/","fqdn":"mailreference.fr","domain":"mailreference.fr","tld":"fr"},"ip":{"addr":"217.160.0.53","port":443,"asn":8560,"as":"IONOS SE","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":true,"md5":"5e82e584dc95729cba82cfa1187ea3be","sha1":"d8ce1b052932cd3d05b2372f95301d2abde695d4","sha256":"e9041849d814598999bf3565dfd0dd6917e32b9aab4aa817881eb8b1f6fa1160","sha512":"439863bd20aac7f1e990590c9446d91be41b8c9b26c168ea40531e46c55b557f90d07b1c714ef744c712b929d8101298efec6fcdfc7a2ec5db697a7a8817d01b","ssdeep":"","tlshash":"b9c02b04d548e23c0931326084feb0040f233d30100f307cd0ce0154288923b14ce005","size":146,"data":"","first_seen":"2026-04-16T05:12:24.617064Z","last_seen":"2026-04-20T10:11:22.745293Z","times_seen":36,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"mailreference.fr/arrow/fonts/arrow-display/ArrowDisplay-Medium.woff2","fqdn":"mailreference.fr","domain":"mailreference.fr","tld":"fr"},"ip":{"addr":"217.160.0.53","port":443,"asn":8560,"as":"IONOS SE","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://mailreference.fr/arrow/","date":"2026-04-20T10:10:59.538Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.mailreference.fr","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 14 Oct 2025 00:00:00 GMT","end":"Wed, 14 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"78:F6:F6:0F:83:44:C8:A9:3E:A5:D9:E0:DF:0D:4D:64:73:A8:66:D9","sha256":"79:E2:F3:2C:91:3D:E6:B5:21:FA:A7:8C:B5:0D:8B:45:9F:AA:F1:D0:50:68:68:83:C7:91:F0:A0:D9:EF:8D:10"}}},"request":{"raw":"GET /arrow/fonts/arrow-display/ArrowDisplay-Medium.woff2 HTTP/1.1\r\nHost: mailreference.fr\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mailreference.fr/arrow/fonts/arrow-display/stylesheet.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: font/woff2\r\ncontent-length: 25200\r\nx-ws-origin: available\r\nx-ws-ratelimit-limit: 1000\r\nx-ws-ratelimit-remaining: 986\r\ndate: Mon, 20 Apr 2026 10:10:59 GMT\r\nserver: Apache\r\nlast-modified: Fri, 12 Dec 2025 07:57:29 GMT\r\netag: \"6270-645bc9ce9cc40\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":25200,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 25200, version 1.0","md5":"289c2d77029015103e2a75fdb61d6bcf","sha1":"a2984e57efb30d13f86010a1db0e1d81cf934ea9","sha256":"1e448613b96a58fe1d849841753a3b8cc6061ec07ced831f422cfbcd27ecbf95","sha512":"8a3fc4fcd1f8b837479cb553dd3523c9fd249315295e22757f35137f7d311cc938e86feb54b2049ed48ca3a3a68ee2dba4f8220a18843189a418ff23e3a9ef55","ssdeep":"384:MEFe70vM9+/ZBdRaFvi0NsaLW4Oia0owPs4I1UEfP9KRifnvRrF/IJm5eqKIrR:MENMiaq5L6vPsvUmVFfnJrF/IvbIV","tlshash":"1bb2e127a93bbae1f4e5f2b501707691d645caf19cda398b438ce6d440702c3f97815d","first_seen":"2026-04-16T05:12:24.55156Z","last_seen":"2026-04-20T10:11:22.714059Z","times_seen":36,"resource_available":false,"data":null}},"time_used":48,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":38,"receive":10,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"mailreference.fr","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"mailreference.fr","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"mailreference.fr","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"mailreference.fr","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"mailreference.fr","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mailreference.fr/arrow/slick/ajax-loader.gif","fqdn":"mailreference.fr","domain":"mailreference.fr","tld":"fr"},"ip":{"addr":"217.160.0.53","port":443,"asn":8560,"as":"IONOS SE","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mailreference.fr/arrow/","date":"2026-04-20T10:10:59.628Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.mailreference.fr","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 14 Oct 2025 00:00:00 GMT","end":"Wed, 14 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"78:F6:F6:0F:83:44:C8:A9:3E:A5:D9:E0:DF:0D:4D:64:73:A8:66:D9","sha256":"79:E2:F3:2C:91:3D:E6:B5:21:FA:A7:8C:B5:0D:8B:45:9F:AA:F1:D0:50:68:68:83:C7:91:F0:A0:D9:EF:8D:10"}}},"request":{"raw":"GET /arrow/slick/ajax-loader.gif HTTP/1.1\r\nHost: mailreference.fr\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mailreference.fr/arrow/slick/slick-theme.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/gif\r\ncontent-length: 4178\r\nx-ws-origin: available\r\nx-ws-ratelimit-limit: 1000\r\nx-ws-ratelimit-remaining: 981\r\ndate: Mon, 20 Apr 2026 10:10:59 GMT\r\nserver: Apache\r\nlast-modified: Fri, 12 Dec 2025 07:56:45 GMT\r\netag: \"1052-645bc9a4a6940\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":4178,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 32 x 32","md5":"c5cd7f5300576ab4c88202b42f6ded62","sha1":"7a1aa43614396382bb15e5fde574d9cdcd21698f","sha256":"e7b44c86b050fca766a96ddac2d0932af0126da6f2305280342d909168dcce6b","sha512":"f0d7ada22a3eb3b2758198a71472fb240c74ce4ca09028076e23690c70b2339c6b2a40f9158dd71c52d953ef27bbcc0105b061bdc74fbb0ad0b304c7c6a04a38","ssdeep":"48:32e4MxZKDtivGOFkoajWKOwD2s4UYX034Hk4zHdwt4zeoAF5oM4JTp3uVj4gBFyj:32e4ZtyiqsdWAXWwXPF5oMcdUjVsmuS","tlshash":"e2810b9ce8a0f631c59936b78dd92d1a9adc5796ac3ccf5215986808f91f223028735d","first_seen":"2023-04-05T22:52:05Z","last_seen":"2026-04-20T13:09:26.034275Z","times_seen":35566,"resource_available":false,"data":null}},"time_used":38,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":38,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"mailreference.fr","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"mailreference.fr","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"mailreference.fr","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"mailreference.fr","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"mailreference.fr","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mailreference.fr/arrow/slick/slick.css","fqdn":"mailreference.fr","domain":"mailreference.fr","tld":"fr"},"ip":{"addr":"217.160.0.53","port":443,"asn":8560,"as":"IONOS SE","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://mailreference.fr/arrow/","date":"2026-04-20T10:10:59.375Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.mailreference.fr","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 14 Oct 2025 00:00:00 GMT","end":"Wed, 14 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"78:F6:F6:0F:83:44:C8:A9:3E:A5:D9:E0:DF:0D:4D:64:73:A8:66:D9","sha256":"79:E2:F3:2C:91:3D:E6:B5:21:FA:A7:8C:B5:0D:8B:45:9F:AA:F1:D0:50:68:68:83:C7:91:F0:A0:D9:EF:8D:10"}}},"request":{"raw":"GET /arrow/slick/slick.css HTTP/1.1\r\nHost: mailreference.fr\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mailreference.fr/arrow/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css\r\ncontent-length: 1776\r\nx-ws-origin: available\r\nx-ws-ratelimit-limit: 1000\r\nx-ws-ratelimit-remaining: 997\r\ndate: Mon, 20 Apr 2026 10:10:59 GMT\r\nserver: Apache\r\nlast-modified: Fri, 12 Dec 2025 07:56:53 GMT\r\netag: \"6f0-645bc9ac47b40\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":1776,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"f38b2db10e01b1572732a3191d538707","sha1":"a94a059b3178b4adec09e3281ace2819a30095a4","sha256":"de1e399b07289f3b0a8d35142e363e128124a1185770e214e25e58030dad48e5","sha512":"c11e283612c11dfeec9a3cb42b8a2acdd5ae99dfabe7ffba40efef0dd6bbe8c5b98ae8383d3eeff3a168124c922097eddd703401ee9ac6122f1ebab09bbf7737","ssdeep":"","tlshash":"c931294845b389468416808d5fd7ca6d2bfff0130829e199ba8d1306cfce7d8a9c26b2","first_seen":"2023-04-05T08:37:21Z","last_seen":"2026-04-20T12:44:26.821708Z","times_seen":55193,"resource_available":false,"data":null}},"time_used":39,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":39,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"mailreference.fr","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"mailreference.fr","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"mailreference.fr","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"mailreference.fr","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"mailreference.fr","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mailreference.fr/arrow/slick/mon-slick-a-moi.css","fqdn":"mailreference.fr","domain":"mailreference.fr","tld":"fr"},"ip":{"addr":"217.160.0.53","port":443,"asn":8560,"as":"IONOS SE","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://mailreference.fr/arrow/","date":"2026-04-20T10:10:59.380Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.mailreference.fr","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 14 Oct 2025 00:00:00 GMT","end":"Wed, 14 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"78:F6:F6:0F:83:44:C8:A9:3E:A5:D9:E0:DF:0D:4D:64:73:A8:66:D9","sha256":"79:E2:F3:2C:91:3D:E6:B5:21:FA:A7:8C:B5:0D:8B:45:9F:AA:F1:D0:50:68:68:83:C7:91:F0:A0:D9:EF:8D:10"}}},"request":{"raw":"GET /arrow/slick/mon-slick-a-moi.css HTTP/1.1\r\nHost: mailreference.fr\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mailreference.fr/arrow/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css\r\ncontent-length: 3680\r\nx-ws-origin: available\r\nx-ws-ratelimit-limit: 1000\r\nx-ws-ratelimit-remaining: 995\r\ndate: Mon, 20 Apr 2026 10:10:59 GMT\r\nserver: Apache\r\nlast-modified: Fri, 12 Dec 2025 07:56:50 GMT\r\netag: \"e60-645bc9a96b480\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":3680,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with CRLF line terminators","md5":"763a3aac7d2e93ae8139eb701cab035f","sha1":"397212a41d777bcd977f864cde3e92f7602fb2c8","sha256":"abe1c049ecdb0e25cb7c9c6ac162cf8ac50c38aa86d84051150d3d26960ef9c3","sha512":"364fb95717c64602216a230191f3bc12480f21b1beaa4f1ab30656c303a8c538964f2b07fa19d773f1cf1f54eab7ac5fddc4d786e29d19e6d86c2f32ec6c64f9","ssdeep":"","tlshash":"5571bd77fdd6514b6327c181a2733bb8febda01053620df8a5827770a3a85e60edc598","first_seen":"2026-04-16T05:12:24.543702Z","last_seen":"2026-04-20T10:11:22.721995Z","times_seen":36,"resource_available":false,"data":null}},"time_used":46,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":46,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"mailreference.fr","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"mailreference.fr","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"mailreference.fr","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"mailreference.fr","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"mailreference.fr","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mailreference.fr/arrow/css/style-responsive.css","fqdn":"mailreference.fr","domain":"mailreference.fr","tld":"fr"},"ip":{"addr":"217.160.0.53","port":443,"asn":8560,"as":"IONOS SE","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://mailreference.fr/arrow/","date":"2026-04-20T10:10:59.381Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.mailreference.fr","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 14 Oct 2025 00:00:00 GMT","end":"Wed, 14 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"78:F6:F6:0F:83:44:C8:A9:3E:A5:D9:E0:DF:0D:4D:64:73:A8:66:D9","sha256":"79:E2:F3:2C:91:3D:E6:B5:21:FA:A7:8C:B5:0D:8B:45:9F:AA:F1:D0:50:68:68:83:C7:91:F0:A0:D9:EF:8D:10"}}},"request":{"raw":"GET /arrow/css/style-responsive.css HTTP/1.1\r\nHost: mailreference.fr\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mailreference.fr/arrow/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css\r\ncontent-length: 100025\r\nx-ws-origin: available\r\nx-ws-ratelimit-limit: 1000\r\nx-ws-ratelimit-remaining: 994\r\ndate: Mon, 20 Apr 2026 10:10:59 GMT\r\nserver: Apache\r\nlast-modified: Fri, 12 Dec 2025 07:57:12 GMT\r\netag: \"186b9-645bc9be66600\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":100025,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with CRLF line terminators","md5":"8996edaf77986f99f600d77a67233eda","sha1":"4746252319b9efdf7240cf04e62da87496f6f0d3","sha256":"1d883843221baf539ec6c08fe74e938b9026c923acc9ad077a9fb7daf2451000","sha512":"a6a4f81d00aa51aed43fbcf1765696220a40acc89d1db3bb3e6c7d8ee3388788cb1a95a9e2a3de1d35b494140afcbb4b02d23a047ba10086482a76ad601736d9","ssdeep":"768:g2hAmQKThdp+y1jYJQgt8Mkc0KafCdn2yAKSMmG9HesZSoxe4mne01ODoeN9RrD+:XSKThdp+qyG/MVAmLdYKjDhieFB8z","tlshash":"62a3ac27bf835189421ec64dfa736fb4efa8c922434699f1fe802125c7845920dedadd","first_seen":"2026-04-16T05:12:24.581767Z","last_seen":"2026-04-20T10:11:22.724636Z","times_seen":36,"resource_available":false,"data":null}},"time_used":125,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":72,"receive":53,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"mailreference.fr","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"mailreference.fr","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"mailreference.fr","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"mailreference.fr","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"mailreference.fr","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mailreference.fr/arrow/img/logo.svg","fqdn":"mailreference.fr","domain":"mailreference.fr","tld":"fr"},"ip":{"addr":"217.160.0.53","port":443,"asn":8560,"as":"IONOS SE","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mailreference.fr/arrow/","date":"2026-04-20T10:10:59.387Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.mailreference.fr","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 14 Oct 2025 00:00:00 GMT","end":"Wed, 14 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"78:F6:F6:0F:83:44:C8:A9:3E:A5:D9:E0:DF:0D:4D:64:73:A8:66:D9","sha256":"79:E2:F3:2C:91:3D:E6:B5:21:FA:A7:8C:B5:0D:8B:45:9F:AA:F1:D0:50:68:68:83:C7:91:F0:A0:D9:EF:8D:10"}}},"request":{"raw":"GET /arrow/img/logo.svg HTTP/1.1\r\nHost: mailreference.fr\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mailreference.fr/arrow/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/svg+xml\r\ncontent-length: 6473\r\nx-ws-origin: available\r\nx-ws-ratelimit-limit: 1000\r\nx-ws-ratelimit-remaining: 990\r\ndate: Mon, 20 Apr 2026 10:10:59 GMT\r\nserver: Apache\r\nlast-modified: Fri, 12 Dec 2025 07:57:05 GMT\r\netag: \"1949-645bc9b7b9640\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":6473,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"c22ed2a991fcc84249c964ed883079bf","sha1":"4bf9c524a081329f042c5b55d13cdff7c3f52138","sha256":"fdab6c51145f9bf94c0aab2a50b45f4ab25b521b129ad1faa21abd4eee8e4b7a","sha512":"067a519a7c797332fe0191df484ceb00e7536ed886d64b2a3f0145d075de336fc4947ca163656e2c06ec44d5a378f9f037f78d3109651db33a51174f0822d7de","ssdeep":"96:+W3OtQe+kiTsekT/KqUnvMQ8xpzv3B5jE5oPeBej93IkE41TPKQxZjomCizx/p1o:52RDx1stepRlAr","tlshash":"3cd12f7f22985ba582a097509fd5258c637dd195b4b341c8fb4f3d035f227b3a1bea01","first_seen":"2026-04-16T05:12:24.591759Z","last_seen":"2026-04-20T10:11:22.726999Z","times_seen":36,"resource_available":false,"data":null}},"time_used":123,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":123,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"mailreference.fr","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"mailreference.fr","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"mailreference.fr","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"mailreference.fr","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"mailreference.fr","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mailreference.fr/arrow/img/ebook.png","fqdn":"mailreference.fr","domain":"mailreference.fr","tld":"fr"},"ip":{"addr":"217.160.0.53","port":443,"asn":8560,"as":"IONOS SE","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mailreference.fr/arrow/","date":"2026-04-20T10:10:59.390Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.mailreference.fr","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 14 Oct 2025 00:00:00 GMT","end":"Wed, 14 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"78:F6:F6:0F:83:44:C8:A9:3E:A5:D9:E0:DF:0D:4D:64:73:A8:66:D9","sha256":"79:E2:F3:2C:91:3D:E6:B5:21:FA:A7:8C:B5:0D:8B:45:9F:AA:F1:D0:50:68:68:83:C7:91:F0:A0:D9:EF:8D:10"}}},"request":{"raw":"GET /arrow/img/ebook.png HTTP/1.1\r\nHost: mailreference.fr\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mailreference.fr/arrow/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 95562\r\nx-ws-origin: available\r\nx-ws-ratelimit-limit: 1000\r\nx-ws-ratelimit-remaining: 988\r\ndate: Mon, 20 Apr 2026 10:10:59 GMT\r\nserver: Apache\r\nlast-modified: Fri, 12 Dec 2025 07:57:01 GMT\r\netag: \"1754a-645bc9b3e8d40\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":95562,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 368 x 372, 8-bit/color RGBA, non-interlaced","md5":"880b01a989d2270858a1ff77f8400356","sha1":"791f77b246ab03d7852efc5e4f026d94f2c85d76","sha256":"63b9abf5af8892fa1207a5b376e2348cc3e91d59ca61a8dd7200d95d05aef61c","sha512":"23ed2c8a700ce98c4de23f2022157bb8ff0779f9c7a379fbe06fa2eba0dc5e144be7940e833630fd7518ad7ffc81cfbc43843540a7e41267f8b25561bbbf6447","ssdeep":"1536:q8jW18jm3WxkMJpjRwx/8JXjDiUW2Ag8As+tmwNLXhV7AfO4SzW/q1EJigqJp6JS:HWyMeax/8JXjg2N8f4mwdXf7XJ6T2","tlshash":"069312c3b4d590716342da78f14ddc17cde607de0e22365480a9e2dd9914ebe29b2fd1","first_seen":"2026-04-16T05:12:24.548929Z","last_seen":"2026-04-20T10:11:22.728307Z","times_seen":36,"resource_available":false,"data":null}},"time_used":173,"timings":{"blocked":17,"dns":0,"connect":0,"send":0,"wait":152,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"mailreference.fr","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"mailreference.fr","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"mailreference.fr","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"mailreference.fr","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"mailreference.fr","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mailreference.fr/arrow/slick/fleche-droite.svg","fqdn":"mailreference.fr","domain":"mailreference.fr","tld":"fr"},"ip":{"addr":"217.160.0.53","port":443,"asn":8560,"as":"IONOS SE","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mailreference.fr/arrow/","date":"2026-04-20T10:10:59.616Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.mailreference.fr","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 14 Oct 2025 00:00:00 GMT","end":"Wed, 14 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"78:F6:F6:0F:83:44:C8:A9:3E:A5:D9:E0:DF:0D:4D:64:73:A8:66:D9","sha256":"79:E2:F3:2C:91:3D:E6:B5:21:FA:A7:8C:B5:0D:8B:45:9F:AA:F1:D0:50:68:68:83:C7:91:F0:A0:D9:EF:8D:10"}}},"request":{"raw":"GET /arrow/slick/fleche-droite.svg HTTP/1.1\r\nHost: mailreference.fr\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mailreference.fr/arrow/slick/mon-slick-a-moi.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/svg+xml\r\ncontent-length: 382\r\nx-ws-origin: available\r\nx-ws-ratelimit-limit: 1000\r\nx-ws-ratelimit-remaining: 983\r\ndate: Mon, 20 Apr 2026 10:10:59 GMT\r\nserver: Apache\r\nlast-modified: Fri, 12 Dec 2025 07:56:48 GMT\r\netag: \"17e-645bc9a783000\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":382,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"e9f3d0bc9e26d7b06b707df92b0e3f45","sha1":"b0d66cbf540f6478bc461cd5716cb9c60260a884","sha256":"4c9db398a061668b3ae3df371c98c3f29b0a32781631081f4de3245ce3bad3b4","sha512":"ef7bdfe761fcb88a4041544caaf9dbc6313c1fdaddecc393eaa3694f4a9e3d4ebae8a50c06f3a344b75b4786d6a08a47fc034a1f7bcb23966db3a91c2923d8a2","ssdeep":"","tlshash":"dce068a48b9f8534e115cb6023a0ab4093b67042868416a871d507b13b114ed2f831fc","first_seen":"2026-04-16T05:12:24.576782Z","last_seen":"2026-04-20T10:11:22.729518Z","times_seen":36,"resource_available":false,"data":null}},"time_used":44,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":43,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"mailreference.fr","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"mailreference.fr","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"mailreference.fr","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"mailreference.fr","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"mailreference.fr","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mailreference.fr/arrow/slick/fonts/slick.woff","fqdn":"mailreference.fr","domain":"mailreference.fr","tld":"fr"},"ip":{"addr":"217.160.0.53","port":443,"asn":8560,"as":"IONOS SE","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://mailreference.fr/arrow/","date":"2026-04-20T10:10:59.621Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.mailreference.fr","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 14 Oct 2025 00:00:00 GMT","end":"Wed, 14 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"78:F6:F6:0F:83:44:C8:A9:3E:A5:D9:E0:DF:0D:4D:64:73:A8:66:D9","sha256":"79:E2:F3:2C:91:3D:E6:B5:21:FA:A7:8C:B5:0D:8B:45:9F:AA:F1:D0:50:68:68:83:C7:91:F0:A0:D9:EF:8D:10"}}},"request":{"raw":"GET /arrow/slick/fonts/slick.woff HTTP/1.1\r\nHost: mailreference.fr\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mailreference.fr/arrow/slick/slick-theme.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/font-woff\r\ncontent-length: 1380\r\nx-ws-origin: available\r\nx-ws-ratelimit-limit: 1000\r\nx-ws-ratelimit-remaining: 982\r\ndate: Mon, 20 Apr 2026 10:10:59 GMT\r\nserver: Apache\r\nlast-modified: Fri, 12 Dec 2025 07:57:19 GMT\r\netag: \"564-645bc9c5135c0\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":1380,"size_decoded":0,"mime_type":"application/font-woff","magic":"Web Open Font Format, CFF, length 1380, version 1.0","md5":"b7c9e1e479de3b53f1e4e30ebac2403a","sha1":"af91c12f0f406a4f801aeb3b398768fe41d8f864","sha256":"26726bac4060abb1226e6ceebc1336e84930fe7a7af1b3895a109d067f5b5dcc","sha512":"976f6e9d65859b1a5e3bbd426441e6885d1912f5694f40e2897b10f46b3bd0c7d940f7917a6050d6bb8cdeaaa5e5f0332391d3d398f6c21ce27299dfc7036911","ssdeep":"","tlshash":"cb21a55dbda5eb19fe9ed376738497e1bb1e849db2a20246990e2e3db280040a880655","first_seen":"2023-04-05T04:33:55Z","last_seen":"2026-04-20T12:13:43.983835Z","times_seen":19719,"resource_available":false,"data":null}},"time_used":39,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":39,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"mailreference.fr","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"mailreference.fr","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"mailreference.fr","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"mailreference.fr","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"mailreference.fr","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mailreference.fr/arrow","fqdn":"mailreference.fr","domain":"mailreference.fr","tld":"fr"},"ip":{"addr":"217.160.0.53","port":443,"asn":8560,"as":"IONOS SE","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-20T10:10:58.786Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.mailreference.fr","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 14 Oct 2025 00:00:00 GMT","end":"Wed, 14 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"78:F6:F6:0F:83:44:C8:A9:3E:A5:D9:E0:DF:0D:4D:64:73:A8:66:D9","sha256":"79:E2:F3:2C:91:3D:E6:B5:21:FA:A7:8C:B5:0D:8B:45:9F:AA:F1:D0:50:68:68:83:C7:91:F0:A0:D9:EF:8D:10"}}},"request":{"raw":"GET /arrow HTTP/1.1\r\nHost: mailreference.fr\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 301 Moved Permanently\r\ncontent-type: text/html; charset=iso-8859-1\r\ncontent-length: 279\r\nlocation: https://mailreference.fr/arrow/\r\nx-ws-origin: available\r\nx-ws-ratelimit-limit: 1000\r\nx-ws-ratelimit-remaining: 999\r\ndate: Mon, 20 Apr 2026 10:10:59 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":15084,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T12:59:41.832676Z","times_seen":13976190,"resource_available":true,"data":null}},"time_used":463,"timings":{"blocked":211,"dns":65,"connect":34,"send":0,"wait":41,"receive":0,"ssl":109},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"mailreference.fr","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"mailreference.fr","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"mailreference.fr","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"mailreference.fr","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"mailreference.fr","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mailreference.fr/arrow/slick/slick-theme.css","fqdn":"mailreference.fr","domain":"mailreference.fr","tld":"fr"},"ip":{"addr":"217.160.0.53","port":443,"asn":8560,"as":"IONOS SE","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://mailreference.fr/arrow/","date":"2026-04-20T10:10:59.378Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.mailreference.fr","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 14 Oct 2025 00:00:00 GMT","end":"Wed, 14 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"78:F6:F6:0F:83:44:C8:A9:3E:A5:D9:E0:DF:0D:4D:64:73:A8:66:D9","sha256":"79:E2:F3:2C:91:3D:E6:B5:21:FA:A7:8C:B5:0D:8B:45:9F:AA:F1:D0:50:68:68:83:C7:91:F0:A0:D9:EF:8D:10"}}},"request":{"raw":"GET /arrow/slick/slick-theme.css HTTP/1.1\r\nHost: mailreference.fr\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mailreference.fr/arrow/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css\r\ncontent-length: 3145\r\nx-ws-origin: available\r\nx-ws-ratelimit-limit: 1000\r\nx-ws-ratelimit-remaining: 996\r\ndate: Mon, 20 Apr 2026 10:10:59 GMT\r\nserver: Apache\r\nlast-modified: Fri, 12 Dec 2025 07:56:51 GMT\r\netag: \"c49-645bc9aa5f6c0\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":3145,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text","md5":"f9faba678c4d6dcfdde69e5b11b37a2e","sha1":"81a434f94f2b1124f3232bb86f2944f82fb23ac0","sha256":"7adaf08052c6a6a0f8a0d0055b4f191fd07389fe41c972b69573472b2ecb406a","sha512":"ea52d475e439ba178c15b5a6dc23f6ef5975e11b17d71b71f89e71db27880e49220697954cd853aa28cc13b1a044a2a2ea10aaa2fc02a014e5441102db433c32","ssdeep":"","tlshash":"cb51e19856b3a746101694903be7472477cb70131629d8acff95638dcfcd0d8ead934e","first_seen":"2023-04-05T09:38:24Z","last_seen":"2026-04-20T13:07:55.959861Z","times_seen":21072,"resource_available":false,"data":null}},"time_used":43,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":43,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"mailreference.fr","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"mailreference.fr","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"mailreference.fr","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"mailreference.fr","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"mailreference.fr","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mailreference.fr/arrow/css/landing-exemple-14.css","fqdn":"mailreference.fr","domain":"mailreference.fr","tld":"fr"},"ip":{"addr":"217.160.0.53","port":443,"asn":8560,"as":"IONOS SE","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://mailreference.fr/arrow/","date":"2026-04-20T10:10:59.384Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.mailreference.fr","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 14 Oct 2025 00:00:00 GMT","end":"Wed, 14 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"78:F6:F6:0F:83:44:C8:A9:3E:A5:D9:E0:DF:0D:4D:64:73:A8:66:D9","sha256":"79:E2:F3:2C:91:3D:E6:B5:21:FA:A7:8C:B5:0D:8B:45:9F:AA:F1:D0:50:68:68:83:C7:91:F0:A0:D9:EF:8D:10"}}},"request":{"raw":"GET /arrow/css/landing-exemple-14.css HTTP/1.1\r\nHost: mailreference.fr\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mailreference.fr/arrow/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css\r\ncontent-length: 695\r\nx-ws-origin: available\r\nx-ws-ratelimit-limit: 1000\r\nx-ws-ratelimit-remaining: 992\r\ndate: Mon, 20 Apr 2026 10:10:59 GMT\r\nserver: Apache\r\nlast-modified: Fri, 12 Dec 2025 07:57:11 GMT\r\netag: \"2b7-645bc9bd723c0\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":695,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with CRLF line terminators","md5":"5ecbe09aab4d36f598be3ea0962b090f","sha1":"e164cdb56d9bcd5b60c184b3c17a4e8afc746271","sha256":"7a1eb2af9a9a4face3c13951029eaaecbd6396c575f82911dd7d700a23b0a07e","sha512":"75e15007781fcf1450df7497e0afa48a41db291d6e27c18732ee2f0058adab9259a154ec4a99e3edf60f3e1d24d17df5b460c0c5501e9ecaabd0cdb70ea25368","ssdeep":"","tlshash":"3f01d8676d52fa5d0d4d6e6cc72993881f18d417970f18913a8ce09cc2c925e25365fd","first_seen":"2025-07-11T08:57:22.83007Z","last_seen":"2026-04-20T10:11:22.733928Z","times_seen":41,"resource_available":false,"data":null}},"time_used":125,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":125,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"mailreference.fr","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"mailreference.fr","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"mailreference.fr","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"mailreference.fr","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"mailreference.fr","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mailreference.fr/arrow/slick/slick.js","fqdn":"mailreference.fr","domain":"mailreference.fr","tld":"fr"},"ip":{"addr":"217.160.0.53","port":443,"asn":8560,"as":"IONOS SE","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://mailreference.fr/arrow/","date":"2026-04-20T10:10:59.392Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.mailreference.fr","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 14 Oct 2025 00:00:00 GMT","end":"Wed, 14 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"78:F6:F6:0F:83:44:C8:A9:3E:A5:D9:E0:DF:0D:4D:64:73:A8:66:D9","sha256":"79:E2:F3:2C:91:3D:E6:B5:21:FA:A7:8C:B5:0D:8B:45:9F:AA:F1:D0:50:68:68:83:C7:91:F0:A0:D9:EF:8D:10"}}},"request":{"raw":"GET /arrow/slick/slick.js HTTP/1.1\r\nHost: mailreference.fr\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mailreference.fr/arrow/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/javascript\r\ncontent-length: 88955\r\nx-ws-origin: available\r\nx-ws-ratelimit-limit: 1000\r\nx-ws-ratelimit-remaining: 987\r\ndate: Mon, 20 Apr 2026 10:10:59 GMT\r\nserver: Apache\r\nlast-modified: Fri, 12 Dec 2025 07:56:53 GMT\r\netag: \"15b7b-645bc9ac47b40\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":88955,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text","md5":"5f8f4aed010e1afe499184d8197309f9","sha1":"097f6a1b4f115e9b6ebefa70d76d830733bcc9ba","sha256":"0aaa4cf927b0e3631cffbe62f6786810aa65348483cd950e49f634a0881b16b4","sha512":"01c7606b23491608bdff75c6e6ef468155d948ba492acbf74c1f8af91614832ee0655dd96ae7c2cb70b14fd608bc5987862f57e22c71d471454577ceebc0a87e","ssdeep":"1536:lXWVBuGGI2R7R+FXDyMibroAPoJATv2UsWNuJ:lXWVLGI2R7R+FTyMibroAwJATAJ","tlshash":"ff93ed0b55e6131294a731bd6bdfc028b3ba91275504ed9cbccc4385afd45288feabe4","first_seen":"2023-03-07T01:06:40Z","last_seen":"2026-04-20T10:11:22.735477Z","times_seen":16702,"resource_available":true,"data":null}},"time_used":183,"timings":{"blocked":20,"dns":0,"connect":0,"send":0,"wait":152,"receive":11,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"mailreference.fr","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"mailreference.fr","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"mailreference.fr","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"mailreference.fr","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"mailreference.fr","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mailreference.fr/arrow/slick/fleche-gauche.svg","fqdn":"mailreference.fr","domain":"mailreference.fr","tld":"fr"},"ip":{"addr":"217.160.0.53","port":443,"asn":8560,"as":"IONOS SE","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mailreference.fr/arrow/","date":"2026-04-20T10:10:59.612Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.mailreference.fr","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 14 Oct 2025 00:00:00 GMT","end":"Wed, 14 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"78:F6:F6:0F:83:44:C8:A9:3E:A5:D9:E0:DF:0D:4D:64:73:A8:66:D9","sha256":"79:E2:F3:2C:91:3D:E6:B5:21:FA:A7:8C:B5:0D:8B:45:9F:AA:F1:D0:50:68:68:83:C7:91:F0:A0:D9:EF:8D:10"}}},"request":{"raw":"GET /arrow/slick/fleche-gauche.svg HTTP/1.1\r\nHost: mailreference.fr\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mailreference.fr/arrow/slick/mon-slick-a-moi.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/svg+xml\r\ncontent-length: 389\r\nx-ws-origin: available\r\nx-ws-ratelimit-limit: 1000\r\nx-ws-ratelimit-remaining: 984\r\ndate: Mon, 20 Apr 2026 10:10:59 GMT\r\nserver: Apache\r\nlast-modified: Fri, 12 Dec 2025 07:56:49 GMT\r\netag: \"185-645bc9a877240\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":389,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"b25e23f7c1fa2392a972ab1fa61542b1","sha1":"cfef1172a536a36b07a180416477eb4cd0cd1620","sha256":"8eaf882c39253e2bb10824c32153d3f0338e480383f302ab0ab77e27a24bb105","sha512":"8ec864132add148b2922bab24ece242d5ba57a0c6dac681aad0d5330146a648a7132d6fbd8d63123e0c8bc7206e9161fa5f379c162bd3b933af55112a9269d79","ssdeep":"","tlshash":"63e0689686af9834d230cbe023a0e74093f360424a80066471e90bb0bb1a4fd1f471fc","first_seen":"2026-04-16T05:12:24.594853Z","last_seen":"2026-04-20T10:11:22.736821Z","times_seen":36,"resource_available":false,"data":null}},"time_used":44,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":43,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"mailreference.fr","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"mailreference.fr","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"mailreference.fr","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"mailreference.fr","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"mailreference.fr","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"redir.mailreference.fr/c/119/9109040/14264/0/887326426/9125/479632/cf87a9bb62.html","fqdn":"redir.mailreference.fr","domain":"mailreference.fr","tld":"fr"},"ip":{"addr":"37.208.111.4","port":443,"asn":58010,"as":"uvensys GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-20T10:10:58.600Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"redir.mailreference.fr","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:32:30 GMT","end":"Tue, 14 Jul 2026 06:32:29 GMT"},"fingerprint":{"sha1":"7B:33:DB:79:AC:DA:EB:E7:1A:19:45:94:27:B5:D5:D4:3D:4A:32:0F","sha256":"70:11:EF:5B:82:2D:C5:07:51:BD:86:A4:83:42:79:B0:20:B9:E2:50:12:16:28:34:58:AA:70:DA:D0:2C:39:78"}}},"request":{"raw":"GET /c/119/9109040/14264/0/887326426/9125/479632/cf87a9bb62.html HTTP/1.1\r\nHost: redir.mailreference.fr\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: nginx\r\ndate: Mon, 20 Apr 2026 10:10:58 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncache-control: private, must-revalidate\r\nlocation: https://mailreference.fr/arrow\r\npragma: no-cache\r\nexpires: -1\r\nx-rm-bal: lb-tools1\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":15084,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T12:59:41.832676Z","times_seen":13976190,"resource_available":true,"data":null}},"time_used":288,"timings":{"blocked":101,"dns":41,"connect":26,"send":0,"wait":79,"receive":0,"ssl":38},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"redir.mailreference.fr","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"redir.mailreference.fr","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"redir.mailreference.fr","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"redir.mailreference.fr","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"redir.mailreference.fr","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mailreference.fr/arrow/","fqdn":"mailreference.fr","domain":"mailreference.fr","tld":"fr"},"ip":{"addr":"217.160.0.53","port":443,"asn":8560,"as":"IONOS SE","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-20T10:10:59.047Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.mailreference.fr","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 14 Oct 2025 00:00:00 GMT","end":"Wed, 14 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"78:F6:F6:0F:83:44:C8:A9:3E:A5:D9:E0:DF:0D:4D:64:73:A8:66:D9","sha256":"79:E2:F3:2C:91:3D:E6:B5:21:FA:A7:8C:B5:0D:8B:45:9F:AA:F1:D0:50:68:68:83:C7:91:F0:A0:D9:EF:8D:10"}}},"request":{"raw":"GET /arrow/ HTTP/1.1\r\nHost: mailreference.fr\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/html; charset=UTF-8\r\nx-ws-origin: available\r\nx-ws-ratelimit-limit: 1000\r\nx-ws-ratelimit-remaining: 998\r\ndate: Mon, 20 Apr 2026 10:10:59 GMT\r\nserver: Apache\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Slick","description":"","website":"https://kenwheeler.github.io/slick","common_platform_enumeration":"","icon":"Slick.svg","categories":["JavaScript libraries"]},{"name":"jQuery:2.2.0","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"jQuery CDN","description":"jQuery CDN is a way to include jQuery in your website without actually downloading and keeping it your website's folder.","website":"https://code.jquery.com/","common_platform_enumeration":"","icon":"jQuery.svg","categories":["CDN"]},{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":15084,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (490), with CRLF line terminators","md5":"526994012db7271c36b78b1f182e17c9","sha1":"13082517f6c5cd01ea272cb22866aa8b56405eb7","sha256":"17e9545a2a253dfb03b0d66aabeb2aa94b8ff32eceb7d0ea3b88adf2b337710a","sha512":"8da859c3d36ca14313a8af5c9b67b44990ef06d4c38ba40fb2c287ea89f58e1f1128a044f6eefb44de2c3d5abb5fe969921c100a08ad10bb74c06af691ba61f1","ssdeep":"384:aIXqIXpIXjIXgIX3IXztcHJ9wxiFDb9E/5SQIzLlTl1v7ReyWmon8y3B:6cH/n2OVp8R","tlshash":"c662ed147e8d44760167c2a6b8709b06eb7fce328609929879fc13275fe5d80aa4f1e8","first_seen":"2026-04-16T05:12:24.559215Z","last_seen":"2026-04-20T10:11:22.738091Z","times_seen":36,"resource_available":true,"data":null}},"time_used":75,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":75,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"mailreference.fr","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"mailreference.fr","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"mailreference.fr","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"mailreference.fr","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"mailreference.fr","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mailreference.fr/arrow/fonts/arrow-display/stylesheet.css","fqdn":"mailreference.fr","domain":"mailreference.fr","tld":"fr"},"ip":{"addr":"217.160.0.53","port":443,"asn":8560,"as":"IONOS SE","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://mailreference.fr/arrow/","date":"2026-04-20T10:10:59.385Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.mailreference.fr","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 14 Oct 2025 00:00:00 GMT","end":"Wed, 14 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"78:F6:F6:0F:83:44:C8:A9:3E:A5:D9:E0:DF:0D:4D:64:73:A8:66:D9","sha256":"79:E2:F3:2C:91:3D:E6:B5:21:FA:A7:8C:B5:0D:8B:45:9F:AA:F1:D0:50:68:68:83:C7:91:F0:A0:D9:EF:8D:10"}}},"request":{"raw":"GET /arrow/fonts/arrow-display/stylesheet.css HTTP/1.1\r\nHost: mailreference.fr\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mailreference.fr/arrow/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css\r\ncontent-length: 484\r\nx-ws-origin: available\r\nx-ws-ratelimit-limit: 1000\r\nx-ws-ratelimit-remaining: 991\r\ndate: Mon, 20 Apr 2026 10:10:59 GMT\r\nserver: Apache\r\nlast-modified: Fri, 12 Dec 2025 07:57:30 GMT\r\netag: \"1e4-645bc9cf90e80\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":484,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"d92c5c1f8ee5c5eac9e9e46789526450","sha1":"2696cb653e98a983abf8ced26bcad5c008883a84","sha256":"61622107f2d090d43be72e1786e576a414814a254ee009e8973b84d9c304162c","sha512":"3ccc936fc87c30cc2f8d5378895cdf3f4510f4447b543e83f54435b3fc49c845a12b532c94a3eb0bc0b18f8a761633a2819206def6c5702da60015fd61fa2c93","ssdeep":"","tlshash":"f1f08c60ccc33e416116b89c23de6b660e2f1caa8011a2937e2e70084fabe48c7c871c","first_seen":"2026-04-16T05:12:24.599555Z","last_seen":"2026-04-20T10:11:22.739422Z","times_seen":36,"resource_available":false,"data":null}},"time_used":46,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":46,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"mailreference.fr","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"mailreference.fr","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"mailreference.fr","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"mailreference.fr","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"mailreference.fr","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mailreference.fr/arrow/img/image-principale.jpg","fqdn":"mailreference.fr","domain":"mailreference.fr","tld":"fr"},"ip":{"addr":"217.160.0.53","port":443,"asn":8560,"as":"IONOS SE","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://mailreference.fr/arrow/","date":"2026-04-20T10:10:59.389Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.mailreference.fr","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 14 Oct 2025 00:00:00 GMT","end":"Wed, 14 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"78:F6:F6:0F:83:44:C8:A9:3E:A5:D9:E0:DF:0D:4D:64:73:A8:66:D9","sha256":"79:E2:F3:2C:91:3D:E6:B5:21:FA:A7:8C:B5:0D:8B:45:9F:AA:F1:D0:50:68:68:83:C7:91:F0:A0:D9:EF:8D:10"}}},"request":{"raw":"GET /arrow/img/image-principale.jpg HTTP/1.1\r\nHost: mailreference.fr\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mailreference.fr/arrow/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/jpeg\r\ncontent-length: 278456\r\nx-ws-origin: available\r\nx-ws-ratelimit-limit: 1000\r\nx-ws-ratelimit-remaining: 989\r\ndate: Mon, 20 Apr 2026 10:10:59 GMT\r\nserver: Apache\r\nlast-modified: Fri, 12 Dec 2025 07:57:03 GMT\r\netag: \"43fb8-645bc9b5d11c0\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":278456,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 960x654, components 3","md5":"038c67b10e4575f5b57e2bf26b4816c3","sha1":"075ef0d8e27d5081ead3a287ff959b2cea36523f","sha256":"7ef5f660d6f66b3b95f3244e1f404fe0868e7ccf2e5a41e11f49cf0d0fd490d9","sha512":"a4f4abdc9ed1877c73dba16ca462a9dce29cd91864f6e063678943ead9290b8a1a54bd9ece21ceeb002ec67964dadeec86666a7cb04b5886de88b25721d492d9","ssdeep":"6144:lJ3jKSThVez+F/KlEdj3DbL4ojQS3oEcm/6:TDPF/KmdXnfjQS3H3i","tlshash":"df442302d5f607a8d29b61229572fe7fa0150c1535269249f6870a03ebdf02e7a7d3ef","first_seen":"2026-04-16T05:12:24.60209Z","last_seen":"2026-04-20T10:11:22.740374Z","times_seen":36,"resource_available":false,"data":null}},"time_used":168,"timings":{"blocked":13,"dns":0,"connect":0,"send":0,"wait":98,"receive":57,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"mailreference.fr","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"mailreference.fr","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"mailreference.fr","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"mailreference.fr","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"mailreference.fr","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"code.jquery.com/jquery-2.2.0.min.js","fqdn":"code.jquery.com","domain":"jquery.com","tld":"com"},"ip":{"addr":"151.101.2.137","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://mailreference.fr/arrow/","date":"2026-04-20T10:10:59.390Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.jquery.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV E36","organization":"Sectigo Limited"},"validity":{"start":"Thu, 12 Jun 2025 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"56:36:FB:D3:E0:9E:71:88:98:A4:C9:34:94:9B:43:3A:C4:C5:1E:BE","sha256":"9A:64:20:6F:F5:DC:F1:8A:D6:B2:D0:93:C2:7E:62:86:0B:1A:D5:24:CF:CE:4A:9F:4C:0D:F1:FB:F2:A0:A8:1E"}}},"request":{"raw":"GET /jquery-2.2.0.min.js HTTP/1.1\r\nHost: code.jquery.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mailreference.fr/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ncontent-type: application/javascript; charset=utf-8\r\nlast-modified: Fri, 18 Oct 1991 12:00:00 GMT\r\netag: W/\"28feccc0-14e55\"\r\ncache-control: public, max-age=31536000, stale-while-revalidate=604800\r\naccess-control-allow-origin: *\r\ncontent-encoding: gzip\r\nvia: 1.1 varnish, 1.1 varnish\r\naccept-ranges: bytes\r\ndate: Mon, 20 Apr 2026 10:10:59 GMT\r\nage: 840970\r\nx-served-by: cache-lga21967-LGA, cache-hel1410021-HEL\r\nx-cache: HIT, HIT\r\nx-cache-hits: 23, 3734\r\nx-timer: S1776679859.464775,VS0,VE0\r\nvary: Accept-Encoding\r\ncontent-length: 29875\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":85589,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (32069)","md5":"6fc159d00dc3cea4153c038739683f93","sha1":"5d7e5bbfa540f0e53bd599e4305e1a4e815b5dd1","sha256":"8a102873a33f24f7eb22221e6b23c4f718e29f85168ecc769a35bfaed9b12cce","sha512":"a574742476d89bdf841a26fac51ff0fae62cfeed95f38a1f3eb0699202d8c8abe165826d514bca4b2d69822f2d25901a72c3f081fd646e1238cf082ef0e28ea8","ssdeep":"1536:kYE1JVoiB9JqZdXXe2pD3PgoIK6alrUnzZ6a4msO7R6xfWBP4TCddWHs3ghna98o:P4KZ+sOsOV6x6pwhna98HrU","tlshash":"1683d6d9b2d6705297b734b850bf410bb17a98dab44c8c60f098d4e47eb4a8e507bf2d","first_seen":"2023-03-07T01:03:01Z","last_seen":"2026-04-20T11:36:59.79576Z","times_seen":8104,"resource_available":true,"data":null}},"time_used":165,"timings":{"blocked":55,"dns":0,"connect":26,"send":0,"wait":30,"receive":8,"ssl":44},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mailreference.fr/favicon.ico","fqdn":"mailreference.fr","domain":"mailreference.fr","tld":"fr"},"ip":{"addr":"217.160.0.53","port":443,"asn":8560,"as":"IONOS SE","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mailreference.fr/arrow/","date":"2026-04-20T10:10:59.598Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.mailreference.fr","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 14 Oct 2025 00:00:00 GMT","end":"Wed, 14 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"78:F6:F6:0F:83:44:C8:A9:3E:A5:D9:E0:DF:0D:4D:64:73:A8:66:D9","sha256":"79:E2:F3:2C:91:3D:E6:B5:21:FA:A7:8C:B5:0D:8B:45:9F:AA:F1:D0:50:68:68:83:C7:91:F0:A0:D9:EF:8D:10"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: mailreference.fr\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mailreference.fr/arrow/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\ncontent-type: text/html; charset=iso-8859-1\r\nx-ws-origin: available\r\nx-ws-ratelimit-limit: 1000\r\nx-ws-ratelimit-remaining: 985\r\ndate: Mon, 20 Apr 2026 10:10:59 GMT\r\nserver: Apache\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":236,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"54ddfcfcbac52ccc7451161d40934ad7","sha1":"3f9915360e96bd0c5c756209a62d99b0246a634d","sha256":"9448f8a1159c9b14e3e1b9d8eab1a6ddf88d26e1f888a34cef430c756e4e6e1e","sha512":"b5b31c06e9e8cfc08e09e90bc5ba77c970c5be644c109f14b4b430384d4cecefae4368e051ed96323cfd3fe7a0e9f4832025c2efd213aa64bf65c55625bd72e6","ssdeep":"","tlshash":"61d0a79e90939386415176907ec123d2654953ab78b143e96ec1944690086bdc0d919d","first_seen":"2025-12-07T09:00:18.523222Z","last_seen":"2026-04-20T12:25:11.821027Z","times_seen":3356,"resource_available":true,"data":null}},"time_used":39,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":39,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"mailreference.fr","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"mailreference.fr","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"mailreference.fr","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"mailreference.fr","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"mailreference.fr","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mailreference.fr/arrow/css/landing.css","fqdn":"mailreference.fr","domain":"mailreference.fr","tld":"fr"},"ip":{"addr":"217.160.0.53","port":443,"asn":8560,"as":"IONOS SE","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://mailreference.fr/arrow/","date":"2026-04-20T10:10:59.382Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.mailreference.fr","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 14 Oct 2025 00:00:00 GMT","end":"Wed, 14 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"78:F6:F6:0F:83:44:C8:A9:3E:A5:D9:E0:DF:0D:4D:64:73:A8:66:D9","sha256":"79:E2:F3:2C:91:3D:E6:B5:21:FA:A7:8C:B5:0D:8B:45:9F:AA:F1:D0:50:68:68:83:C7:91:F0:A0:D9:EF:8D:10"}}},"request":{"raw":"GET /arrow/css/landing.css HTTP/1.1\r\nHost: mailreference.fr\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mailreference.fr/arrow/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css\r\ncontent-length: 7137\r\nx-ws-origin: available\r\nx-ws-ratelimit-limit: 1000\r\nx-ws-ratelimit-remaining: 993\r\ndate: Mon, 20 Apr 2026 10:10:59 GMT\r\nserver: Apache\r\nlast-modified: Fri, 12 Dec 2025 07:57:12 GMT\r\netag: \"1be1-645bc9be66600\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":7137,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with CRLF line terminators","md5":"1b8f7e40d9cc7a453167acd9b9ecb192","sha1":"65445831953cedc238b79f594f28bbede561811b","sha256":"3e031e876f1c7391901ca5cfa540eec2220898c291d2da83f19349eb76937d6d","sha512":"dd63ecf3c747ccd473f81da6cdaaac8cf34ec6c16a16099124dbfd5e6e2caa3f7f12bfbba7fc089351b318ad63226c41d613fb5901d860dcdbf2f1ab83d09e67","ssdeep":"192:bQPnlbyVtgMivtkMYfQKaXv+AWKqY+/MAIvFRTOXdoebIk:bQ/rvjEQAyFRTOXdoebIk","tlshash":"13e17923fe8b018b234fc67cf632af69dfa8c02687455bb8b9556174d3c41c21aad6d4","first_seen":"2026-04-16T05:12:24.562577Z","last_seen":"2026-04-20T10:11:22.74354Z","times_seen":36,"resource_available":false,"data":null}},"time_used":126,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":126,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"mailreference.fr","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"mailreference.fr","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"mailreference.fr","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"mailreference.fr","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"mailreference.fr","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}}]}