Submitted URL: https://mail.jupiterpressu.rewashing.com/
Effective URL: https://mail.jupiterpressu.rewashing.com/index.php?check_cookie=true
Submission Tags: krdtest
Submission: On May 16 via api from JP

Summary

This website contacted 10 IPs in 3 countries across 9 domains to perform 24 HTTP transactions. The main IP is 54.214.116.219, located in Boardman, United States and belongs to AMAZON-02, US. The main domain is mail.jupiterpressu.rewashing.com.
TLS certificate: Issued by R3 on March 30th 2021. Valid for: 3 months.
This is the only time mail.jupiterpressu.rewashing.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 2 54.214.116.219 16509 (AMAZON-02)
6 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
3 99.86.242.12 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
2 151.101.13.44 54113 (FASTLY)
2 2a00:1288:80:... 203220 (YAHOO-DEB)
3 2620:1ec:c11:... 8068 (MICROSOFT...)
24 10
Domain Requested by
6 www.google.com mail.jupiterpressu.rewashing.com
www.google.com
3 bat.bing.com www.googletagmanager.com
bat.bing.com
3 cdn.convertingtraffic.com mail.jupiterpressu.rewashing.com
cdn.convertingtraffic.com
2 s.yimg.com mail.jupiterpressu.rewashing.com
s.yimg.com
2 fonts.gstatic.com fonts.googleapis.com
2 fonts.googleapis.com mail.jupiterpressu.rewashing.com
www.google.com
2 mail.jupiterpressu.rewashing.com 1 redirects ajax.googleapis.com
1 trc.taboola.com mail.jupiterpressu.rewashing.com
1 cdn.taboola.com www.googletagmanager.com
1 www.googletagmanager.com mail.jupiterpressu.rewashing.com
1 ajax.googleapis.com mail.jupiterpressu.rewashing.com
24 11

This site contains no links.

Subject Issuer Validity Valid
convertingtraffic.com
R3
2021-03-30 -
2021-06-28
3 months crt.sh
www.google.com
GTS CA 1C3
2021-04-13 -
2021-07-06
3 months crt.sh
upload.video.google.com
GTS CA 1O1
2021-04-13 -
2021-07-06
3 months crt.sh
cdn.convertingtraffic.com
Amazon
2021-03-21 -
2022-04-19
a year crt.sh
*.google-analytics.com
GTS CA 1C3
2021-04-13 -
2021-07-06
3 months crt.sh
*.google.com
GTS CA 1O1
2021-04-13 -
2021-07-06
3 months crt.sh
*.taboola.com
DigiCert TLS RSA SHA256 2020 CA1
2020-11-25 -
2021-12-26
a year crt.sh
*.yahoo.com
DigiCert SHA2 High Assurance Server CA
2021-05-03 -
2021-06-23
2 months crt.sh
www.bing.com
Microsoft RSA TLS CA 01
2021-04-12 -
2021-10-12
6 months crt.sh

This page contains 3 frames:

Primary Page: https://mail.jupiterpressu.rewashing.com/index.php?check_cookie=true
Frame ID: D49540B15D0712CB038C80DF6749BC24
Requests: 18 HTTP requests in this frame

Frame: https://www.google.com/dp/ads?r=m&cpp=0&client=dp-sphere_related_xml&hl=en-US&adsafe=low&type=3&pcsa=false&swp=as-drid-oo-1409976722326648&uiopt=false&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17300494%2C17300496%2C17300694%2C17300696&format=r6&num=0&output=afd_ads&domain_name=mail.jupiterpressu.rewashing.com&v=3&adext=as1%2Csr1&bsl=8&u_his=2&u_tz=120&dt=1621144490227&u_w=1600&u_h=1200&biw=1600&bih=1200&psw=-1&psh=-1&frm=0&uio=st24sa10lt34sl1sr1-&cont=rs&inames=master-1&jsv=28808&rurl=https%3A%2F%2Fmail.jupiterpressu.rewashing.com%2Findex.php%3Fcheck_cookie%3Dtrue
Frame ID: 4863BD3B940E1DFF17F4BAC15B3A850B
Requests: 5 HTTP requests in this frame

Frame: https://www.google.com/js/bg/DyQI0nSy6BUFz1wbhNnw1YMoJJCDSr_iJxDmlzQsBeQ.js
Frame ID: D137B6ECE749E370DB8D5765FC5C8928
Requests: 1 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. https://mail.jupiterpressu.rewashing.com/ HTTP 302
    https://mail.jupiterpressu.rewashing.com/index.php?check_cookie=true Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /php\/?([\d.]+)?/i

Overall confidence: 100%
Detected patterns
  • headers server /Red Hat/i

Overall confidence: 100%
Detected patterns
  • headers server /OpenSSL(?:\/([\d.]+[a-z]?))?/i

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Overall confidence: 100%
Detected patterns
  • html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Overall confidence: 100%
Detected patterns
  • html /googletagmanager\.com\/ns\.html[^>]+><\/iframe>/i
  • html /<!-- (?:End )?Google Tag Manager -->/i

Overall confidence: 100%
Detected patterns
  • script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
  • script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

24
Requests

92 %
HTTPS

67 %
IPv6

9
Domains

11
Subdomains

10
IPs

3
Countries

362 kB
Transfer

769 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://mail.jupiterpressu.rewashing.com/ HTTP 302
    https://mail.jupiterpressu.rewashing.com/index.php?check_cookie=true Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

24 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request Cookie set index.php
mail.jupiterpressu.rewashing.com/
Redirect Chain
  • https://mail.jupiterpressu.rewashing.com/
  • https://mail.jupiterpressu.rewashing.com/index.php?check_cookie=true
7 KB
8 KB
Document
General
Full URL
https://mail.jupiterpressu.rewashing.com/index.php?check_cookie=true
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.214.116.219 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-214-116-219.us-west-2.compute.amazonaws.com
Software
Apache/2.4.6 (Red Hat Enterprise Linux) mpm-itk/2.4.7-04 OpenSSL/1.0.2k-fips PHP/5.4.16 / PHP/5.4.16
Resource Hash
e18ae916a5e7e0113a1e8d1485cca8572a1d0aec08d52b22c2094a24b8b8076e

Request headers

Host
mail.jupiterpressu.rewashing.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Cookie
fastid=hiev9tk6bk43h82jb90f2fheq5; __test_cookie=__test
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Sun, 16 May 2021 05:54:49 GMT
Server
Apache/2.4.6 (Red Hat Enterprise Linux) mpm-itk/2.4.7-04 OpenSSL/1.0.2k-fips PHP/5.4.16
X-Powered-By
PHP/5.4.16
X-Adblock-Key
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAOlUFqneVkVRi0X0yw6vwDnR4iay2IsP1OKzCdQfjFIMKjwwzJwhASIy24icvR7KGmJM9TVre/b1Gfh38UnZ02sCAwEAAQ==_odMqgi1DhPsgBXxsKUSBYasxoZXFuhDy8lCoNzYseLIpj5xdVlNuxnjShb9RRmGwd+W9skpy0dV1EwzmGhgKQg==
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma
no-cache
Set-Cookie
__test_cookie=__test; expires=Sun, 16-May-2021 06:24:49 GMT; path=/; domain=.rewashing.com
Content-Length
7675
Keep-Alive
timeout=5, max=99
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8

Redirect headers

Date
Sun, 16 May 2021 05:54:49 GMT
Server
Apache/2.4.6 (Red Hat Enterprise Linux) mpm-itk/2.4.7-04 OpenSSL/1.0.2k-fips PHP/5.4.16
X-Powered-By
PHP/5.4.16
X-Adblock-Key
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAOlUFqneVkVRi0X0yw6vwDnR4iay2IsP1OKzCdQfjFIMKjwwzJwhASIy24icvR7KGmJM9TVre/b1Gfh38UnZ02sCAwEAAQ==_qJdforNu/qYhF6HeZoBr/c8617Rv5EjpfqZwqOtLinHyAhdGagHjSYXxg2vxEP7A1Uk5a0SdIVhBz+yYQh1ewg==
Set-Cookie
fastid=hiev9tk6bk43h82jb90f2fheq5; path=/; domain=.rewashing.com; HttpOnly __test_cookie=__test; expires=Sun, 16-May-2021 06:24:49 GMT; path=/; domain=.rewashing.com
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma
no-cache
location
index.php?check_cookie=true
Content-Length
15
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8
caf.js
www.google.com/adsense/domains/
168 KB
59 KB
Script
General
Full URL
https://www.google.com/adsense/domains/caf.js
Requested by
Host: mail.jupiterpressu.rewashing.com
URL: https://mail.jupiterpressu.rewashing.com/index.php?check_cookie=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
631ba89bfce142b9aa34ca02fa84c3a7b991c7e1c2b52ce41b03616245ea1bf9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://mail.jupiterpressu.rewashing.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 16 May 2021 05:54:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"4231916561038695555"
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
expires
Sun, 16 May 2021 05:54:50 GMT
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/2.1.3/
82 KB
29 KB
Script
General
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js
Requested by
Host: mail.jupiterpressu.rewashing.com
URL: https://mail.jupiterpressu.rewashing.com/index.php?check_cookie=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8af93bd675e1cfd9ecc850e862819fdac6e3ad1f5d761f970e409c7d9c63bdc3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://mail.jupiterpressu.rewashing.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 12 May 2021 09:35:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
332377
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
29707
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 12 May 2022 09:35:13 GMT
css
fonts.googleapis.com/
1003 B
514 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Poppins
Requested by
Host: mail.jupiterpressu.rewashing.com
URL: https://mail.jupiterpressu.rewashing.com/index.php?check_cookie=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
83b2db06e4e840f5c818b986001e24ed7added38a25e036e6e12607025d14f0e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://mail.jupiterpressu.rewashing.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Sun, 16 May 2021 05:43:02 GMT
server
ESF
date
Sun, 16 May 2021 05:54:50 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sun, 16 May 2021 05:54:50 GMT
style.css
cdn.convertingtraffic.com/caf-themes/rainbowselect-3/desktop/css/
1 KB
1 KB
Stylesheet
General
Full URL
https://cdn.convertingtraffic.com/caf-themes/rainbowselect-3/desktop/css/style.css
Requested by
Host: mail.jupiterpressu.rewashing.com
URL: https://mail.jupiterpressu.rewashing.com/index.php?check_cookie=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.242.12 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-242-12.vie50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
2ecc60b401e1763711598357ae5a3b54bf99ebd6c678ae831ceaebf8c61bf4d8

Request headers

Referer
https://mail.jupiterpressu.rewashing.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 15 May 2021 18:44:24 GMT
content-encoding
gzip
last-modified
Fri, 17 Aug 2018 06:12:14 GMT
server
AmazonS3
x-amz-meta-s3cmd-attrs
atime:1534453754/ctime:1526537944/gid:515/gname:newhostingcdn/md5:49fc83abe7778c6569edcd8090b7b775/mode:33188/mtime:1526537944/uid:515/uname:newhostingcdn
age
40227
etag
W/"49fc83abe7778c6569edcd8090b7b775"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/css
via
1.1 315b8dfb52e5c49bd834510b0301e939.cloudfront.net (CloudFront)
x-amz-cf-pop
VIE50-C1
x-amz-cf-id
ztxncG4NrSsZkCBFqH1K4hfdzRwLUEoqbweiHe4Q26NZeZEvvwmGSA==
gtm.js
www.googletagmanager.com/
92 KB
33 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-TLNVRKN
Requested by
Host: mail.jupiterpressu.rewashing.com
URL: https://mail.jupiterpressu.rewashing.com/index.php?check_cookie=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
657720539d55e2889f71a5344e10e83bfa0170de47b77177719b80baa63be5be
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://mail.jupiterpressu.rewashing.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 16 May 2021 05:54:50 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
33684
x-xss-protection
0
last-modified
Sun, 16 May 2021 03:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Sun, 16 May 2021 05:54:50 GMT
texture.png
cdn.convertingtraffic.com/caf-themes/rainbowselect-3/desktop/images/
83 KB
83 KB
Image
General
Full URL
https://cdn.convertingtraffic.com/caf-themes/rainbowselect-3/desktop/images/texture.png
Requested by
Host: cdn.convertingtraffic.com
URL: https://cdn.convertingtraffic.com/caf-themes/rainbowselect-3/desktop/css/style.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.242.12 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-242-12.vie50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
9ac584704539b6bdae9db66aebabb19c41cc858272b85581fedf1f7ab26f73e9

Request headers

Referer
https://cdn.convertingtraffic.com/caf-themes/rainbowselect-3/desktop/css/style.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 15 May 2021 18:46:41 GMT
content-encoding
gzip
last-modified
Fri, 17 Aug 2018 06:12:15 GMT
server
AmazonS3
x-amz-meta-s3cmd-attrs
atime:1534453754/ctime:1525243742/gid:515/gname:newhostingcdn/md5:57bbfe7c227619d47a41639eba996150/mode:33188/mtime:1525243742/uid:515/uname:newhostingcdn
age
40090
etag
W/"57bbfe7c227619d47a41639eba996150"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/css
via
1.1 315b8dfb52e5c49bd834510b0301e939.cloudfront.net (CloudFront)
x-amz-cf-pop
VIE50-C1
x-amz-cf-id
7I8tiFi6qYTuKSUE_syrdOETSDD2PhVZ2uqXUfD8utqwBfSgeTL90A==
shape.jpg
cdn.convertingtraffic.com/caf-themes/rainbowselect-3/desktop/images/
32 KB
28 KB
Image
General
Full URL
https://cdn.convertingtraffic.com/caf-themes/rainbowselect-3/desktop/images/shape.jpg
Requested by
Host: cdn.convertingtraffic.com
URL: https://cdn.convertingtraffic.com/caf-themes/rainbowselect-3/desktop/css/style.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.242.12 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-242-12.vie50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
9d269be8f0f13b90f7bfa42fa31b04dbcc3170fe1ae06f54920d7ab48803bb59

Request headers

Referer
https://cdn.convertingtraffic.com/caf-themes/rainbowselect-3/desktop/css/style.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 16 May 2021 02:46:01 GMT
content-encoding
gzip
last-modified
Fri, 17 Aug 2018 06:12:14 GMT
server
AmazonS3
x-amz-meta-s3cmd-attrs
atime:1534453754/ctime:1526536994/gid:515/gname:newhostingcdn/md5:c35d9f9951bc44b63ff3f4b0deeeaa1a/mode:33188/mtime:1526536994/uid:515/uname:newhostingcdn
age
25798
etag
W/"c35d9f9951bc44b63ff3f4b0deeeaa1a"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/css
via
1.1 315b8dfb52e5c49bd834510b0301e939.cloudfront.net (CloudFront)
x-amz-cf-pop
VIE50-C1
x-amz-cf-id
2Ij8Z-bXRSgzW8QcbyuKiQjzVW6uJFxSWLnMrftcDtJL3QWODc_tfg==
ads
www.google.com/dp/ Frame 4863
10 KB
7 KB
Document
General
Full URL
https://www.google.com/dp/ads?r=m&cpp=0&client=dp-sphere_related_xml&hl=en-US&adsafe=low&type=3&pcsa=false&swp=as-drid-oo-1409976722326648&uiopt=false&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17300494%2C17300496%2C17300694%2C17300696&format=r6&num=0&output=afd_ads&domain_name=mail.jupiterpressu.rewashing.com&v=3&adext=as1%2Csr1&bsl=8&u_his=2&u_tz=120&dt=1621144490227&u_w=1600&u_h=1200&biw=1600&bih=1200&psw=-1&psh=-1&frm=0&uio=st24sa10lt34sl1sr1-&cont=rs&inames=master-1&jsv=28808&rurl=https%3A%2F%2Fmail.jupiterpressu.rewashing.com%2Findex.php%3Fcheck_cookie%3Dtrue
Requested by
Host: www.google.com
URL: https://www.google.com/adsense/domains/caf.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
gws /
Resource Hash
8437cc8235cee18ee08b9b0ee6d1131a7912cc525049fb27dbc8ea9c453c0498
Security Headers
Name Value
X-Xss-Protection 0

Request headers

:method
GET
:authority
www.google.com
:scheme
https
:path
/dp/ads?r=m&cpp=0&client=dp-sphere_related_xml&hl=en-US&adsafe=low&type=3&pcsa=false&swp=as-drid-oo-1409976722326648&uiopt=false&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17300494%2C17300496%2C17300694%2C17300696&format=r6&num=0&output=afd_ads&domain_name=mail.jupiterpressu.rewashing.com&v=3&adext=as1%2Csr1&bsl=8&u_his=2&u_tz=120&dt=1621144490227&u_w=1600&u_h=1200&biw=1600&bih=1200&psw=-1&psh=-1&frm=0&uio=st24sa10lt34sl1sr1-&cont=rs&inames=master-1&jsv=28808&rurl=https%3A%2F%2Fmail.jupiterpressu.rewashing.com%2Findex.php%3Fcheck_cookie%3Dtrue
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://mail.jupiterpressu.rewashing.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://mail.jupiterpressu.rewashing.com/

Response headers

content-type
text/html; charset=UTF-8
content-disposition
inline
date
Sun, 16 May 2021 05:54:50 GMT
expires
Sun, 16 May 2021 05:54:50 GMT
cache-control
private, max-age=3600
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
content-encoding
br
server
gws
content-length
7164
x-xss-protection
0
set-cookie
CONSENT=PENDING+156; expires=Fri, 01-Jan-2038 00:00:00 GMT; path=/; domain=.google.com; Secure
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
caf.js
www.google.com/adsense/domains/ Frame 4863
168 KB
59 KB
Script
General
Full URL
https://www.google.com/adsense/domains/caf.js
Requested by
Host: www.google.com
URL: https://www.google.com/dp/ads?r=m&cpp=0&client=dp-sphere_related_xml&hl=en-US&adsafe=low&type=3&pcsa=false&swp=as-drid-oo-1409976722326648&uiopt=false&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17300494%2C17300496%2C17300694%2C17300696&format=r6&num=0&output=afd_ads&domain_name=mail.jupiterpressu.rewashing.com&v=3&adext=as1%2Csr1&bsl=8&u_his=2&u_tz=120&dt=1621144490227&u_w=1600&u_h=1200&biw=1600&bih=1200&psw=-1&psh=-1&frm=0&uio=st24sa10lt34sl1sr1-&cont=rs&inames=master-1&jsv=28808&rurl=https%3A%2F%2Fmail.jupiterpressu.rewashing.com%2Findex.php%3Fcheck_cookie%3Dtrue
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5705544bce95f6afc6508ecf12dd0cf86c07d7aaf31f26710598b578046bb210
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 16 May 2021 05:54:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"9981349173649787418"
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
expires
Sun, 16 May 2021 05:54:50 GMT
css
fonts.googleapis.com/ Frame 4863
2 KB
471 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Poppins%3A400%2C700%7CPoppins
Requested by
Host: www.google.com
URL: https://www.google.com/dp/ads?r=m&cpp=0&client=dp-sphere_related_xml&hl=en-US&adsafe=low&type=3&pcsa=false&swp=as-drid-oo-1409976722326648&uiopt=false&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17300494%2C17300496%2C17300694%2C17300696&format=r6&num=0&output=afd_ads&domain_name=mail.jupiterpressu.rewashing.com&v=3&adext=as1%2Csr1&bsl=8&u_his=2&u_tz=120&dt=1621144490227&u_w=1600&u_h=1200&biw=1600&bih=1200&psw=-1&psh=-1&frm=0&uio=st24sa10lt34sl1sr1-&cont=rs&inames=master-1&jsv=28808&rurl=https%3A%2F%2Fmail.jupiterpressu.rewashing.com%2Findex.php%3Fcheck_cookie%3Dtrue
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
9a7a82ff50bbbf38a676a619bf56d8c3b180a3da44fad945f910f6c4477ac38d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Sun, 16 May 2021 05:54:50 GMT
server
ESF
date
Sun, 16 May 2021 05:54:50 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sun, 16 May 2021 05:54:50 GMT
tracking.php
mail.jupiterpressu.rewashing.com/
0
0

pxiEyp8kv8JHgFVrJJfecg.woff2
fonts.gstatic.com/s/poppins/v15/ Frame 4863
8 KB
8 KB
Font
General
Full URL
https://fonts.gstatic.com/s/poppins/v15/pxiEyp8kv8JHgFVrJJfecg.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins%3A400%2C700%7CPoppins
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
41e46faff74c6a77d581689ec35eb040f6c96d17f4d2c5b25dccd42ed498b01c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://www.google.com
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 13 May 2021 15:43:44 GMT
x-content-type-options
nosniff
last-modified
Thu, 05 Nov 2020 22:02:01 GMT
server
sffe
age
223866
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7900
x-xss-protection
0
expires
Fri, 13 May 2022 15:43:44 GMT
pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v15/ Frame 4863
8 KB
8 KB
Font
General
Full URL
https://fonts.gstatic.com/s/poppins/v15/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins%3A400%2C700%7CPoppins
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b0b43e548e691662dac85b1dc159d148a273d5cb9139f3fcf457cdeebe7bdf3f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://www.google.com
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 13 May 2021 02:03:02 GMT
x-content-type-options
nosniff
last-modified
Thu, 05 Nov 2020 22:01:48 GMT
server
sffe
age
273108
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7832
x-xss-protection
0
expires
Fri, 13 May 2022 02:03:02 GMT
tfa.js
cdn.taboola.com/libtrc/taboolaaccount-amerzaverigmailcom/
48 KB
15 KB
Script
General
Full URL
https://cdn.taboola.com/libtrc/taboolaaccount-amerzaverigmailcom/tfa.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TLNVRKN
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
cd21ad75671f0580e71f86655d2ede3218de7ee1f9676e703d878414b225eb7b

Request headers

Referer
https://mail.jupiterpressu.rewashing.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id
2MZQuGBc5dBNUtkj3U2l0fnsxigzHDTH
content-encoding
gzip
etag
"e9430a4e12c5352983c146257e81111b"
age
25877
x-cache
HIT
x-amz-replication-status
PENDING
fastly-restarts
1
x-amz-id-2
S7UeXMQZWGGyz7wXjf60/6A+fcbeAgfY/cjVKsdZ++eLv/gp+9ejipP0IkTRhnAZlGh4XP5PRSM=
x-served-by
cache-fra19156-FRA
accept-ranges
bytes
last-modified
Sat, 15 May 2021 22:43:10 GMT
server
AmazonS3
x-timer
S1621144490.491722,VS0,VE95
date
Sun, 16 May 2021 05:54:50 GMT
vary
Accept-Encoding
x-amz-request-id
10VBFRP84QSFA36K
via
1.1 varnish
cache-control
private,max-age=14401
content-length
15174
content-type
application/javascript; charset=utf-8
abp
80
x-cache-hits
417
DyQI0nSy6BUFz1wbhNnw1YMoJJCDSr_iJxDmlzQsBeQ.js
www.google.com/js/bg/ Frame D137
14 KB
6 KB
Script
General
Full URL
https://www.google.com/js/bg/DyQI0nSy6BUFz1wbhNnw1YMoJJCDSr_iJxDmlzQsBeQ.js
Requested by
Host: www.google.com
URL: https://www.google.com/adsense/domains/caf.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0f2408d274b2e81505cf5c1b84d9f0d583282490834abfe22710e697342c05e4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 13 May 2021 12:55:32 GMT
content-encoding
br
x-content-type-options
nosniff
last-modified
Thu, 06 May 2021 09:30:00 GMT
server
sffe
age
233958
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5636
x-xss-protection
0
expires
Fri, 13 May 2022 12:55:32 GMT
mark
trc.taboola.com/taboolaaccount-amerzaverigmailcom/log/3/
0
248 B
Image
General
Full URL
https://trc.taboola.com/taboolaaccount-amerzaverigmailcom/log/3/mark?tim=07%3A54%3A50.613&item-url=https%3A//mail.jupiterpressu.rewashing.com/index.php%3Fcheck_cookie%3Dtrue&marking-type=New_Cars_Retarget
Requested by
Host: mail.jupiterpressu.rewashing.com
URL: https://mail.jupiterpressu.rewashing.com/index.php?check_cookie=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://mail.jupiterpressu.rewashing.com/index.php?check_cookie=true
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms
57
pragma
no-cache
date
Sun, 16 May 2021 05:54:50 GMT
via
1.1 varnish
server
nginx
x-timer
S1621144491.626681,VS0,VE57
x-served-by
cache-fra19156-FRA
x-cache
MISS
p3p
policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-credentials
true
accept-ranges
bytes
content-type
image/gif
x-cache-hits
0
ytc.js
s.yimg.com/wi/
15 KB
6 KB
Script
General
Full URL
https://s.yimg.com/wi/ytc.js
Requested by
Host: mail.jupiterpressu.rewashing.com
URL: https://mail.jupiterpressu.rewashing.com/index.php?check_cookie=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1288:80:800::7000 , United Kingdom, ASN203220 (YAHOO-DEB, GB),
Reverse DNS
Software
ATS /
Resource Hash
63896532a7015ab5b7288359c02124980a5075e9267f0ba3fbfc7c3f5038b478
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://mail.jupiterpressu.rewashing.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

ats-carp-promotion
1
date
Sun, 16 May 2021 05:39:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
948
x-amz-server-side-encryption
AES256
vary
Origin, Accept-Encoding
content-length
5581
x-amz-id-2
aUTjTFFmazLVo6wV4P2mGDv1+bZyZ5a+1S9V93Ma9+AaVeNtsU8RcAqyDyf5k83RrKgVT/fRQxI=
referrer-policy
no-referrer-when-downgrade
x-amz-expiration
expiry-date="Sat, 30 Oct 2021 00:00:00 GMT", rule-id="oath-standard-lifecycle"
last-modified
Thu, 24 Sep 2020 23:08:16 GMT
server
ATS
etag
"49db10c8315384e8dad2e92a6841ed81-df"
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=15552000
x-amz-request-id
EYE1ZKMZMVV9ZFYE
x-xss-protection
1; mode=block
cache-control
public,max-age=3600
x-amz-version-id
swANRqp_TdPZf97XDKuCKoVnrp7c.h.0
accept-ranges
bytes
content-type
application/javascript
10041134.json
s.yimg.com/wi/config/
2 B
496 B
XHR
General
Full URL
https://s.yimg.com/wi/config/10041134.json
Requested by
Host: s.yimg.com
URL: https://s.yimg.com/wi/ytc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1288:80:800::7000 , United Kingdom, ASN203220 (YAHOO-DEB, GB),
Reverse DNS
Software
ATS /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://mail.jupiterpressu.rewashing.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 16 May 2021 05:54:49 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
x-amz-request-id
9VCKSSJCWPM42YYJ
x-amz-id-2
UzARgJMakOp+tEFqAE8WSHt0SkCMoJjEpT7n9usbgVITWpUo94NXLxg6L1zlGiiQIHZHBeQTYn0=
referrer-policy
no-referrer-when-downgrade
server
ATS
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=15552000
access-control-allow-methods
GET
content-type
application/json
access-control-allow-origin
*
x-xss-protection
1; mode=block
cache-control
public,max-age=3600
content-length
22
bat.js
bat.bing.com/
30 KB
9 KB
Script
General
Full URL
https://bat.bing.com/bat.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TLNVRKN
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
3183481f09352eade87e53d32ac3c1f6ab5b853e2b5bde4035834680b53d9299

Request headers

Referer
https://mail.jupiterpressu.rewashing.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 16 May 2021 05:54:50 GMT
content-encoding
gzip
last-modified
Tue, 13 Apr 2021 17:21:02 GMT
x-msedge-ref
Ref A: B5679D7F4C0248A68CA3DE81ADABEF34 Ref B: FRAEDGE1209 Ref C: 2021-05-16T05:54:50Z
etag
"0d398608930d71:0"
vary
Accept-Encoding
x-cache
CONFIG_NOCACHE
content-type
application/javascript
access-control-allow-origin
*
cache-control
private,max-age=1800
accept-ranges
bytes
content-length
8910
5637091
bat.bing.com/p/action/
0
127 B
Script
General
Full URL
https://bat.bing.com/p/action/5637091
Requested by
Host: bat.bing.com
URL: https://bat.bing.com/bat.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/ ARR/3.0
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://mail.jupiterpressu.rewashing.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin
*
date
Sun, 16 May 2021 05:54:50 GMT
cache-control
private,max-age=86400
x-msedge-ref
Ref A: 41906E6E606749F3A88B26B7BE01C604 Ref B: FRAEDGE1209 Ref C: 2021-05-16T05:54:50Z
x-powered-by
ARR/3.0
x-cache
CONFIG_NOCACHE
0
bat.bing.com/action/
0
148 B
Image
General
Full URL
https://bat.bing.com/action/0?ti=5637091&tm=gtm001&Ver=2&mid=ab287f7f-73d9-418c-92b3-145ba7352368&sid=3a844ed0b60b11ebacf1978810bf91b2&vid=3a849900b60b11eba270813771a30ff5&vids=1&pi=0&lg=en-US&sw=1600&sh=1200&sc=24&tl=rewashing.com&p=https%3A%2F%2Fmail.jupiterpressu.rewashing.com%2Findex.php%3Fcheck_cookie%3Dtrue&r=&lt=1741&evt=pageLoad&msclkid=N&sv=1&rn=703517
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://mail.jupiterpressu.rewashing.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin
*
pragma
no-cache
date
Sun, 16 May 2021 05:54:50 GMT
cache-control
no-cache, must-revalidate
x-msedge-ref
Ref A: 4801B3C7A1C24536820A502BEA91CC5E Ref B: FRAEDGE1209 Ref C: 2021-05-16T05:54:50Z
x-cache
CONFIG_NOCACHE
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
www.google.com/afs/
0
19 B
Image
General
Full URL
https://www.google.com/afs/gen_204?client=dp-sphere_related_xml&output=uds_ads_only&zx=hts0kt1dya1f&aqid=qrOgYOPAEcKm7AP0wZeoBw&pbt=bs&adbx=540&adby=40&adbh=335&adbw=520&adbn=master-1&eawp=partner-dp-sphere_related_xml&errv=2880898863056212731&csadii=11&csadr=178&lle=0&llm=1000&ifv=1&usr=0
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
gws /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://mail.jupiterpressu.rewashing.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 16 May 2021 05:54:51 GMT
server
gws
x-frame-options
SAMEORIGIN
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
content-type
text/html; charset=ISO-8859-1
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
gen_204
www.google.com/afs/
0
19 B
Image
General
Full URL
https://www.google.com/afs/gen_204?client=dp-sphere_related_xml&output=uds_ads_only&zx=yuvfrqylpvg6&aqid=qrOgYOPAEcKm7AP0wZeoBw&pbt=bv&adbx=540&adby=40&adbh=335&adbw=520&adbn=master-1&eawp=partner-dp-sphere_related_xml&errv=2880898863056212731&csadii=11&csadr=178&lle=0&llm=1000&ifv=1&usr=0
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
gws /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://mail.jupiterpressu.rewashing.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 16 May 2021 05:54:52 GMT
server
gws
x-frame-options
SAMEORIGIN
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
content-type
text/html; charset=ISO-8859-1
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
mail.jupiterpressu.rewashing.com
URL
http://mail.jupiterpressu.rewashing.com/tracking.php?&payload=eyJyZWZlcmVyIjpudWxsLCJ1c2VyLWFnZW50IjoiTW96aWxsYVwvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0XC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWVcLzg5LjAuNDM4OS43MiBTYWZhcmlcLzUzNy4zNiIsInF1ZXJ5LXN0cmluZyI6ImNoZWNrX2Nvb2tpZT10cnVlIiwicmVtb3RlLWFkZHItcmVhbCI6IjE4NS4yNDYuMjEwLjc3In0%3D&page_type=landing&domain_id=265441&nocache=1621144490

Verdicts & Comments Add Verdict or Comment

52 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated object| dataLayer number| googleNDT_ string| _googCsaExpIds number| _googCsaAlwaysHttps number| _googEnableCcpa number| _googEnableCcpaForCanoeV2 number| _enableLazyLoading number| _googEnableQup number| _googErrorTurnOffPersonalization number| _googTimeoutTurnOffPersonalization string| _googLazyLoadingDenyList string| _googLazyLoadingEnableList number| _googLazyLoadingRootMargin number| _googUspApiTimeout number| googleAltLoader object| google function| $ function| jQuery string| offline string| logo_link boolean| adultonly string| domain string| domain_request object| pageOptions boolean| tier2 function| cafReturned function| showAds function| loadAds object| google_tag_manager object| block_646 object| _tfa object| TRC object| _taboola number| taboola_view_id object| TRCImpl function| __trcError object| dotq object| YAHOO object| uetq function| UET

2 Cookies

Domain/Path Name / Value
.rewashing.com/ Name: __test_cookie
Value: __test
.rewashing.com/ Name: fastid
Value: hiev9tk6bk43h82jb90f2fheq5

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
bat.bing.com
cdn.convertingtraffic.com
cdn.taboola.com
fonts.googleapis.com
fonts.gstatic.com
mail.jupiterpressu.rewashing.com
s.yimg.com
trc.taboola.com
www.google.com
www.googletagmanager.com
mail.jupiterpressu.rewashing.com
151.101.13.44
2620:1ec:c11::200
2a00:1288:80:800::7000
2a00:1450:4001:802::2003
2a00:1450:4001:811::2008
2a00:1450:4001:82f::200a
2a00:1450:4001:831::2004
54.214.116.219
99.86.242.12
0f2408d274b2e81505cf5c1b84d9f0d583282490834abfe22710e697342c05e4
2ecc60b401e1763711598357ae5a3b54bf99ebd6c678ae831ceaebf8c61bf4d8
3183481f09352eade87e53d32ac3c1f6ab5b853e2b5bde4035834680b53d9299
41e46faff74c6a77d581689ec35eb040f6c96d17f4d2c5b25dccd42ed498b01c
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
5705544bce95f6afc6508ecf12dd0cf86c07d7aaf31f26710598b578046bb210
631ba89bfce142b9aa34ca02fa84c3a7b991c7e1c2b52ce41b03616245ea1bf9
63896532a7015ab5b7288359c02124980a5075e9267f0ba3fbfc7c3f5038b478
657720539d55e2889f71a5344e10e83bfa0170de47b77177719b80baa63be5be
83b2db06e4e840f5c818b986001e24ed7added38a25e036e6e12607025d14f0e
8437cc8235cee18ee08b9b0ee6d1131a7912cc525049fb27dbc8ea9c453c0498
8af93bd675e1cfd9ecc850e862819fdac6e3ad1f5d761f970e409c7d9c63bdc3
9a7a82ff50bbbf38a676a619bf56d8c3b180a3da44fad945f910f6c4477ac38d
9ac584704539b6bdae9db66aebabb19c41cc858272b85581fedf1f7ab26f73e9
9d269be8f0f13b90f7bfa42fa31b04dbcc3170fe1ae06f54920d7ab48803bb59
b0b43e548e691662dac85b1dc159d148a273d5cb9139f3fcf457cdeebe7bdf3f
cd21ad75671f0580e71f86655d2ede3218de7ee1f9676e703d878414b225eb7b
e18ae916a5e7e0113a1e8d1485cca8572a1d0aec08d52b22c2094a24b8b8076e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855