URL: https://bwaval.gq/so-net.ne.jp_webmail3/W/index.php
Submission: On May 10 via manual from JP — Scanned from JP

Summary

This website contacted 11 IPs in 5 countries across 14 domains to perform 38 HTTP transactions. The main IP is 162.240.68.191, located in United States and belongs to UNIFIEDLAYER-AS-1, US. The main domain is bwaval.gq.
TLS certificate: Issued by R3 on April 24th 2022. Valid for: 3 months.
This is the only time bwaval.gq was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: So-net (Telecommunication)

Domain & IP information

IP Address AS Autonomous System
3 10 162.240.68.191 46606 (UNIFIEDLA...)
2 2600:140b:2:9... 20940 (AKAMAI-ASN1)
12 2001:3b8:207:... 2527 (SO-NET So...)
7 13.114.82.230 16509 (AMAZON-02)
2 63.140.50.108 16509 (AMAZON-02)
1 1 52.76.170.82 16509 (AMAZON-02)
2 2001:4de0:ac1... 20446 (STACKPATH...)
2 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 117.18.232.200 15133 (EDGECAST)
1 54.199.194.140 16509 (AMAZON-02)
2 2 142.251.42.194 15169 (GOOGLE)
1 104.244.42.131 13414 (TWITTER)
1 1 202.232.238.40 2497 (IIJ Inter...)
2 2 2600:1901:0:80:: 15169 (GOOGLE)
2 2 99.84.128.16 16509 (AMAZON-02)
38 11
Apex Domain
Subdomains
Transfer
14 so-net.ne.jp
www.so-net.ne.jp — Cisco Umbrella Rank: 665835
ssmr.so-net.ne.jp
125 KB
10 bwaval.gq
bwaval.gq
63 KB
8 demdex.net
dpm.demdex.net — Cisco Umbrella Rank: 283
sonet.demdex.net
11 KB
2 ladsp.com
cr-p10060.ladsp.com — Cisco Umbrella Rank: 77769
957 B
2 impact-ad.jp
aw.dw.impact-ad.jp — Cisco Umbrella Rank: 44333
344 B
2 doubleclick.net
cm.g.doubleclick.net — Cisco Umbrella Rank: 289
1 KB
2 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 341
12 KB
2 jquery.com
code.jquery.com — Cisco Umbrella Rank: 936
53 KB
2 adobedtm.com
assets.adobedtm.com — Cisco Umbrella Rank: 469
254 KB
1 fout.jp
sync.dmp.fout.jp — Cisco Umbrella Rank: 62003
503 B
1 twitter.com
analytics.twitter.com — Cisco Umbrella Rank: 800
354 B
1 aspnetcdn.com
ajax.aspnetcdn.com — Cisco Umbrella Rank: 2187
30 KB
1 bootstrapcdn.com
stackpath.bootstrapcdn.com — Cisco Umbrella Rank: 3175
15 KB
1 everesttech.net
cm.everesttech.net — Cisco Umbrella Rank: 1413
517 B
38 14
Domain Requested by
12 www.so-net.ne.jp bwaval.gq
10 bwaval.gq 3 redirects bwaval.gq
7 dpm.demdex.net assets.adobedtm.com
bwaval.gq
2 cr-p10060.ladsp.com 2 redirects
2 aw.dw.impact-ad.jp 2 redirects
2 cm.g.doubleclick.net 2 redirects
2 cdnjs.cloudflare.com bwaval.gq
2 code.jquery.com bwaval.gq
2 ssmr.so-net.ne.jp assets.adobedtm.com
bwaval.gq
2 assets.adobedtm.com bwaval.gq
assets.adobedtm.com
1 sync.dmp.fout.jp 1 redirects
1 analytics.twitter.com bwaval.gq
1 sonet.demdex.net assets.adobedtm.com
1 ajax.aspnetcdn.com bwaval.gq
1 stackpath.bootstrapcdn.com bwaval.gq
1 cm.everesttech.net 1 redirects
38 16

This site contains links to these domains. Also see Links.

Domain
www.so-net.ne.jp
www.sonynetwork.co.jp
privacymark.jp
Subject Issuer Validity Valid
bwaval.gq
R3
2022-04-24 -
2022-07-23
3 months crt.sh
assets.adobedtm.com
DigiCert TLS RSA SHA256 2020 CA1
2021-09-10 -
2022-09-10
a year crt.sh
*.so-net.ne.jp
DigiCert TLS RSA SHA256 2020 CA1
2021-09-02 -
2022-09-16
a year crt.sh
*.demdex.net
DigiCert TLS RSA SHA256 2020 CA1
2021-10-19 -
2022-11-19
a year crt.sh
ssmr.so-net.ne.jp
DigiCert TLS RSA SHA256 2020 CA1
2021-07-28 -
2022-08-28
a year crt.sh
*.jquery.com
Sectigo RSA Domain Validation Secure Server CA
2021-07-14 -
2022-08-14
a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2021-09-21 -
2022-09-20
a year crt.sh
*.vo.msecnd.net
DigiCert SHA2 Secure Server CA
2021-08-06 -
2022-08-06
a year crt.sh
*.twitter.com
DigiCert TLS RSA SHA256 2020 CA1
2022-01-24 -
2023-01-23
a year crt.sh

This page contains 2 frames:

Primary Page: https://bwaval.gq/so-net.ne.jp_webmail3/W/index.php
Frame ID: 7065E13FE8D687CE8CC4B62669302BE6
Requests: 32 HTTP requests in this frame

Frame: https://sonet.demdex.net/dest5.html?d_nsid=0
Frame ID: B383C4B9517569CC6768425CF8E8BEA6
Requests: 6 HTTP requests in this frame

Screenshot

Page Title

Access mailbox(追加メールボックス)|ログイン

Detected technologies

Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Overall confidence: 100%
Detected patterns
  • /popper\.js/([0-9.]+)

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

38
Requests

79 %
HTTPS

38 %
IPv6

14
Domains

16
Subdomains

11
IPs

5
Countries

563 kB
Transfer

1449 kB
Size

21
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 4
  • https://bwaval.gq/webmail/js/jquery-2.1.4.min.js?1.0.16 HTTP 301
  • https://bwaval.gq:2096/js/jquery-2.1.4.min.js?1.0.16
Request Chain 7
  • https://bwaval.gq/webmail/js/run.js?1.0.16 HTTP 301
  • https://bwaval.gq:2096/js/run.js?1.0.16
Request Chain 16
  • https://cm.everesttech.net/cm/dd?d_uuid=10748607187824325662266817425233204275 HTTP 302
  • https://dpm.demdex.net/ibs:dpid=411&dpuuid=YnnFMwAAAEp2AAPi
Request Chain 17
  • https://bwaval.gq/webmail/image/blank.png HTTP 301
  • https://bwaval.gq:2096/image/blank.png
Request Chain 31
  • https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm&gdpr=0&gdpr_consent=&google_hm=MTA3NDg2MDcxODc4MjQzMjU2NjIyNjY4MTc0MjUyMzMyMDQyNzU= HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm=&gdpr=0&gdpr_consent=&google_hm=MTA3NDg2MDcxODc4MjQzMjU2NjIyNjY4MTc0MjUyMzMyMDQyNzU=&google_tc= HTTP 302
  • https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESELu3XkBdhKnPwBs6O6cjj_M&google_cver=1?gdpr=0&gdpr_consent=
Request Chain 33
  • https://sync.dmp.fout.jp/serve/?id=6836&mt=127 HTTP 302
  • https://dpm.demdex.net/ibs:dpid=16292&dpuuid=ZmjOIaO4VXBzulOQ3Xbt2v8HNyc
Request Chain 34
  • https://aw.dw.impact-ad.jp/c/u/?oid=mone.6c51c563bd5&rdr=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D47438%26dpuuid%3D%7BAONEID%7D HTTP 303
  • https://aw.dw.impact-ad.jp/c/ur/?oid=mone.6c51c563bd5&rdr=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D47438%26dpuuid%3D%7BAONEID%7D HTTP 302
  • https://dpm.demdex.net/ibs:dpid=47438&dpuuid=ae398487-a8ca-490f-b482-849c37c60428
Request Chain 35
  • https://cr-p10060.ladsp.com/pid/10060 HTTP 302
  • https://cr-p10060.ladsp.com/cr/10060 HTTP 302
  • https://dpm.demdex.net/ibs:dpid=57289&dpuuid=ARR5kl4i88kTks8ADqiTTOuZcM0nTA

38 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request index.php
bwaval.gq/so-net.ne.jp_webmail3/W/
23 KB
23 KB
Document
General
Full URL
https://bwaval.gq/so-net.ne.jp_webmail3/W/index.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
162.240.68.191 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
5819104.monkey.com
Software
Apache /
Resource Hash
c6b61dc254825a526cccf0aa4015fee363a74b004002459038ce08603a8f3da3

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
jp-JP,jp;q=0.9

Response headers

cache-control
no-store, no-cache, must-revalidate
content-type
text/html; charset=UTF-8
date
Tue, 10 May 2022 01:51:44 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
pragma
no-cache
server
Apache
satelliteLib-ea3bae92bad6869bca2ee96094be75c242840f35.js
assets.adobedtm.com/17361013af29ef6ae83ffd4113ce414f44be89b8/
879 KB
234 KB
Script
General
Full URL
https://assets.adobedtm.com/17361013af29ef6ae83ffd4113ce414f44be89b8/satelliteLib-ea3bae92bad6869bca2ee96094be75c242840f35.js
Requested by
Host: bwaval.gq
URL: https://bwaval.gq/so-net.ne.jp_webmail3/W/index.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:140b:2:9ad::1e80 Tokyo, Japan, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
81326998f8bcc36f1f6b5c5a0235299c964646faf7c9dabb6b0516cc5626d085

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://bwaval.gq/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 10 May 2022 01:51:45 GMT
content-encoding
gzip
last-modified
Mon, 09 May 2022 04:12:28 GMT
server
AkamaiNetStorage
etag
"e8b6e657b1cbd5ae87ba14d3d1a32fdd:1652069548.630648"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://bwaval.gq
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
239098
expires
Tue, 10 May 2022 02:51:45 GMT
webmail_pclogin.css
www.so-net.ne.jp/webmail/css/
8 KB
9 KB
Stylesheet
General
Full URL
https://www.so-net.ne.jp/webmail/css/webmail_pclogin.css?1.0.16
Requested by
Host: bwaval.gq
URL: https://bwaval.gq/so-net.ne.jp_webmail3/W/index.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:3b8:207:2e::f2:142 , Japan, ASN2527 (SO-NET Sony Network Communications Inc., JP),
Reverse DNS
Software
Apache /
Resource Hash
c6616e27a1f1d4024d26cac27af5ac26396e8edfc74ac35a004144ede6109940
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://bwaval.gq/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Tue, 10 May 2022 01:51:45 GMT
X-Content-Type-Options
nosniff
Last-Modified
Fri, 10 Dec 2021 07:30:46 GMT
Server
Apache
Strict-Transport-Security
max-age=31536000;includeSubDomains
Content-Type
text/css
Connection
Keep-Alive
Content-Security-Policy-Report-Only
default-src 'unsafe-eval' 'unsafe-inline' 'self' http: https: data: wss: blob: chrome-extension ; report-uri /cgi-bin/csp-reports.cgi
Content-Length
8581
X-XSS-Protection
1; mode=block
Keep-Alive
timeout=5, max=70
webmail_common.css
www.so-net.ne.jp/webmail/css/
3 KB
3 KB
Stylesheet
General
Full URL
https://www.so-net.ne.jp/webmail/css/webmail_common.css?1.0.16
Requested by
Host: bwaval.gq
URL: https://bwaval.gq/so-net.ne.jp_webmail3/W/index.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:3b8:207:2e::f2:142 , Japan, ASN2527 (SO-NET Sony Network Communications Inc., JP),
Reverse DNS
Software
Apache /
Resource Hash
14e9b38d9549db3c9183b6379e9432aacc9d0bfbd04eb460828aaeb1ad0a1508
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://bwaval.gq/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Tue, 10 May 2022 01:51:45 GMT
X-Content-Type-Options
nosniff
Last-Modified
Fri, 10 Dec 2021 07:30:46 GMT
Server
Apache
Strict-Transport-Security
max-age=31536000;includeSubDomains
Content-Type
text/css
Connection
Keep-Alive
Content-Security-Policy-Report-Only
default-src 'unsafe-eval' 'unsafe-inline' 'self' http: https: data: wss: blob: chrome-extension ; report-uri /cgi-bin/csp-reports.cgi
Content-Length
2962
X-XSS-Protection
1; mode=block
Keep-Alive
timeout=5, max=70
style.css
www.so-net.ne.jp/webmail/css/
25 KB
25 KB
Stylesheet
General
Full URL
https://www.so-net.ne.jp/webmail/css/style.css?1.0.16
Requested by
Host: bwaval.gq
URL: https://bwaval.gq/so-net.ne.jp_webmail3/W/index.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:3b8:207:2e::f2:142 , Japan, ASN2527 (SO-NET Sony Network Communications Inc., JP),
Reverse DNS
Software
Apache /
Resource Hash
405221ae8179f34dc3a020060112179fa5c9ebc1be586126a1dec338110bc660
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://bwaval.gq/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Tue, 10 May 2022 01:51:45 GMT
X-Content-Type-Options
nosniff
Last-Modified
Fri, 10 Dec 2021 07:30:46 GMT
Server
Apache
Strict-Transport-Security
max-age=31536000;includeSubDomains
Content-Type
text/css
Connection
Keep-Alive
Content-Security-Policy-Report-Only
default-src 'unsafe-eval' 'unsafe-inline' 'self' http: https: data: wss: blob: chrome-extension ; report-uri /cgi-bin/csp-reports.cgi
Content-Length
25126
X-XSS-Protection
1; mode=block
Keep-Alive
timeout=5, max=70
jquery-2.1.4.min.js
bwaval.gq/js/
Redirect Chain
  • https://bwaval.gq/webmail/js/jquery-2.1.4.min.js?1.0.16
  • https://bwaval.gq:2096/js/jquery-2.1.4.min.js?1.0.16
0
0
Script
General
Full URL
https://bwaval.gq:2096/js/jquery-2.1.4.min.js?1.0.16
Requested by
Host: bwaval.gq
URL: https://bwaval.gq/so-net.ne.jp_webmail3/W/index.php
Protocol
HTTP/1.1
Server
162.240.68.191 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
5819104.monkey.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://bwaval.gq/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Redirect headers

location
https://bwaval.gq:2096/js/jquery-2.1.4.min.js?1.0.16
date
Tue, 10 May 2022 01:51:44 GMT
server
Apache
content-type
application/cgi
rwd.css
www.so-net.ne.jp/common/hf1704/css/
28 KB
29 KB
Stylesheet
General
Full URL
https://www.so-net.ne.jp/common/hf1704/css/rwd.css
Requested by
Host: bwaval.gq
URL: https://bwaval.gq/so-net.ne.jp_webmail3/W/index.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:3b8:207:2e::f2:142 , Japan, ASN2527 (SO-NET Sony Network Communications Inc., JP),
Reverse DNS
Software
Apache /
Resource Hash
3c17e51dbaf56467422e01a0d79110a3809cd161ab37e707b79332180c3735ca
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://bwaval.gq/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Tue, 10 May 2022 01:51:45 GMT
X-Content-Type-Options
nosniff
Last-Modified
Wed, 01 Sep 2021 01:00:04 GMT
Server
Apache
Strict-Transport-Security
max-age=31536000;includeSubDomains
Upgrade
h2
Connection
Upgrade, Keep-Alive
Accept-Ranges
none
Content-Type
text/css
Content-Security-Policy-Report-Only
default-src 'unsafe-eval' 'unsafe-inline' 'self' http: https: data: wss: blob: chrome-extension ; report-uri /cgi-bin/csp-reports.cgi
Content-Length
28823
X-XSS-Protection
1; mode=block
Keep-Alive
timeout=5, max=70
init.js
www.so-net.ne.jp/common/hf1704/js/
396 B
971 B
Script
General
Full URL
https://www.so-net.ne.jp/common/hf1704/js/init.js
Requested by
Host: bwaval.gq
URL: https://bwaval.gq/so-net.ne.jp_webmail3/W/index.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:3b8:207:2e::f2:142 , Japan, ASN2527 (SO-NET Sony Network Communications Inc., JP),
Reverse DNS
Software
Apache /
Resource Hash
888a45715a43fedad2a1450402e761969440920910730a9fa063754126f17b84
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://bwaval.gq/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Tue, 10 May 2022 01:51:45 GMT
X-Content-Type-Options
nosniff
Last-Modified
Fri, 03 Mar 2017 04:35:17 GMT
Server
Apache
Strict-Transport-Security
max-age=31536000;includeSubDomains
Upgrade
h2
Connection
Upgrade, Keep-Alive
Accept-Ranges
none
Content-Type
application/javascript
Content-Security-Policy-Report-Only
default-src 'unsafe-eval' 'unsafe-inline' 'self' http: https: data: wss: blob: chrome-extension ; report-uri /cgi-bin/csp-reports.cgi
Content-Length
396
X-XSS-Protection
1; mode=block
Keep-Alive
timeout=5, max=70
run.js
bwaval.gq/js/
Redirect Chain
  • https://bwaval.gq/webmail/js/run.js?1.0.16
  • https://bwaval.gq:2096/js/run.js?1.0.16
0
0
Script
General
Full URL
https://bwaval.gq:2096/js/run.js?1.0.16
Requested by
Host: bwaval.gq
URL: https://bwaval.gq/so-net.ne.jp_webmail3/W/index.php
Protocol
HTTP/1.1
Server
162.240.68.191 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
5819104.monkey.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://bwaval.gq/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Redirect headers

location
https://bwaval.gq:2096/js/run.js?1.0.16
date
Tue, 10 May 2022 01:51:44 GMT
server
Apache
content-length
0
content-type
application/cgi
gHd_gFt2016_run.js
www.so-net.ne.jp/common/ui_ver2/js/
21 KB
22 KB
Script
General
Full URL
https://www.so-net.ne.jp/common/ui_ver2/js/gHd_gFt2016_run.js
Requested by
Host: bwaval.gq
URL: https://bwaval.gq/so-net.ne.jp_webmail3/W/index.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:3b8:207:2e::f2:142 , Japan, ASN2527 (SO-NET Sony Network Communications Inc., JP),
Reverse DNS
Software
Apache /
Resource Hash
3a198eff27f5a0cbe6ddd51406f0fabb11a181184dec3dd6263c2f2df0112e4a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://bwaval.gq/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Tue, 10 May 2022 01:51:45 GMT
X-Content-Type-Options
nosniff
Last-Modified
Thu, 05 Aug 2021 05:01:04 GMT
Server
Apache
Strict-Transport-Security
max-age=31536000;includeSubDomains
Upgrade
h2
Connection
Upgrade, Keep-Alive
Accept-Ranges
none
Content-Type
application/javascript
Content-Security-Policy-Report-Only
default-src 'unsafe-eval' 'unsafe-inline' 'self' http: https: data: wss: blob: chrome-extension ; report-uri /cgi-bin/csp-reports.cgi
Content-Length
21568
X-XSS-Protection
1; mode=block
Keep-Alive
timeout=5, max=70
so_net-util.min.js
www.so-net.ne.jp/common/js/
360 B
913 B
Script
General
Full URL
https://www.so-net.ne.jp/common/js/so_net-util.min.js
Requested by
Host: bwaval.gq
URL: https://bwaval.gq/so-net.ne.jp_webmail3/W/index.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:3b8:207:2e::f2:142 , Japan, ASN2527 (SO-NET Sony Network Communications Inc., JP),
Reverse DNS
Software
Apache /
Resource Hash
75e9cad8399336821ee090f0efec5d9ddeef105cab6b9dc24bb1505e5a0f1531
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://bwaval.gq/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Tue, 10 May 2022 01:51:45 GMT
X-Content-Type-Options
nosniff
Last-Modified
Fri, 01 Jul 2016 01:01:59 GMT
Server
Apache
Strict-Transport-Security
max-age=31536000;includeSubDomains
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
none
Content-Security-Policy-Report-Only
default-src 'unsafe-eval' 'unsafe-inline' 'self' http: https: data: wss: blob: chrome-extension ; report-uri /cgi-bin/csp-reports.cgi
Content-Length
360
X-XSS-Protection
1; mode=block
Keep-Alive
timeout=5, max=69
style.css
bwaval.gq/so-net.ne.jp_webmail3/W/css/
348 B
413 B
Stylesheet
General
Full URL
https://bwaval.gq/so-net.ne.jp_webmail3/W/css/style.css
Requested by
Host: bwaval.gq
URL: https://bwaval.gq/so-net.ne.jp_webmail3/W/index.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
162.240.68.191 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
5819104.monkey.com
Software
Apache /
Resource Hash
42b4a2d493bcaf3a4512e7fc66dbc7db3944f46c58ffce13c1f5cababd61d6d8

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://bwaval.gq/so-net.ne.jp_webmail3/W/index.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 10 May 2022 01:51:44 GMT
last-modified
Tue, 27 Apr 2021 18:56:46 GMT
server
Apache
accept-ranges
bytes
content-length
348
content-type
text/css
logo-sony.png
www.so-net.ne.jp/common/hf1704/img/
2 KB
2 KB
Image
General
Full URL
https://www.so-net.ne.jp/common/hf1704/img/logo-sony.png
Requested by
Host: bwaval.gq
URL: https://bwaval.gq/so-net.ne.jp_webmail3/W/index.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:3b8:207:2e::f2:142 , Japan, ASN2527 (SO-NET Sony Network Communications Inc., JP),
Reverse DNS
Software
Apache /
Resource Hash
82df9cbcc508ac2aec7863f8bcfd63ce9b13cb1e15f93573ad5af74f046a60c0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://bwaval.gq/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Tue, 10 May 2022 01:51:47 GMT
X-Content-Type-Options
nosniff
Last-Modified
Fri, 03 Mar 2017 04:35:16 GMT
Server
Apache
Strict-Transport-Security
max-age=31536000;includeSubDomains
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
none
Content-Security-Policy-Report-Only
default-src 'unsafe-eval' 'unsafe-inline' 'self' http: https: data: wss: blob: chrome-extension ; report-uri /cgi-bin/csp-reports.cgi
Content-Length
1929
X-XSS-Protection
1; mode=block
Keep-Alive
timeout=5, max=69
logo.png
www.so-net.ne.jp/common/hf1704/img/
6 KB
7 KB
Image
General
Full URL
https://www.so-net.ne.jp/common/hf1704/img/logo.png
Requested by
Host: bwaval.gq
URL: https://bwaval.gq/so-net.ne.jp_webmail3/W/index.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:3b8:207:2e::f2:142 , Japan, ASN2527 (SO-NET Sony Network Communications Inc., JP),
Reverse DNS
Software
Apache /
Resource Hash
dfae4e1fc0be3ec5c1e17a1fd9ce7bb05b457baf0b348753ad009a5f1c7e341f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://bwaval.gq/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Tue, 10 May 2022 01:51:47 GMT
X-Content-Type-Options
nosniff
Last-Modified
Wed, 01 Sep 2021 01:00:04 GMT
Server
Apache
Strict-Transport-Security
max-age=31536000;includeSubDomains
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
none
Content-Security-Policy-Report-Only
default-src 'unsafe-eval' 'unsafe-inline' 'self' http: https: data: wss: blob: chrome-extension ; report-uri /cgi-bin/csp-reports.cgi
Content-Length
6521
X-XSS-Protection
1; mode=block
Keep-Alive
timeout=5, max=69
id
dpm.demdex.net/
1 KB
1 KB
XHR
General
Full URL
https://dpm.demdex.net/id?d_visid_ver=5.0.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=969F02BE53295D3C0A490D4C%40AdobeOrg&d_nsid=0&ts=1652147505467
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/17361013af29ef6ae83ffd4113ce414f44be89b8/satelliteLib-ea3bae92bad6869bca2ee96094be75c242840f35.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.114.82.230 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-114-82-230.ap-northeast-1.compute.amazonaws.com
Software
/
Resource Hash
0d84fc4c8caf1d0493aeb749bef5b2de8f82349fcb201fd12399aca25e432285
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://bwaval.gq/
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

DCS
dcs-prod-tyo3-2-v029-0885f7da4.edge-tyo3.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-TID
w93jlzUXSZw=
Vary
Origin
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin
https://bwaval.gq
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json;charset=utf-8
Content-Length
643
Expires
Thu, 01 Jan 1970 00:00:00 UTC
EXdf696e9a51f24937af66d11ac4867fd7-libraryCode_source.min.js
assets.adobedtm.com/b38dcb8dbbd6/1368969e5ef3/b4745da788ec/
54 KB
20 KB
Script
General
Full URL
https://assets.adobedtm.com/b38dcb8dbbd6/1368969e5ef3/b4745da788ec/EXdf696e9a51f24937af66d11ac4867fd7-libraryCode_source.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/17361013af29ef6ae83ffd4113ce414f44be89b8/satelliteLib-ea3bae92bad6869bca2ee96094be75c242840f35.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:140b:2:9ad::1e80 Tokyo, Japan, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
92c7d324f8296beff6619d336943dd02aadb6875d409fbf2f99bdf8e4a9a8ab0

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://bwaval.gq/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 10 May 2022 01:51:47 GMT
content-encoding
gzip
last-modified
Mon, 09 May 2022 04:12:29 GMT
server
AkamaiNetStorage
etag
"55da09c6490de8e8ff5b2b2b6af9c26d:1652069549.433444"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://bwaval.gq
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
20114
expires
Tue, 10 May 2022 02:51:47 GMT
id
ssmr.so-net.ne.jp/
89 B
655 B
XHR
General
Full URL
https://ssmr.so-net.ne.jp/id?d_visid_ver=5.0.1&d_fieldgroup=A&mcorgid=969F02BE53295D3C0A490D4C%40AdobeOrg&mid=10602894777292147062245345651852243447&ts=1652147505524
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/17361013af29ef6ae83ffd4113ce414f44be89b8/satelliteLib-ea3bae92bad6869bca2ee96094be75c242840f35.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
63.140.50.108 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
jag /
Resource Hash
a916f39df6a0ef84a732dfb28411f9226c6e2750a4084922a02b2bf87411abf3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://bwaval.gq/
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Tue, 10 May 2022 01:51:45 GMT
x-content-type-options
nosniff
server
jag
xserver
anedge-5b7d4f44fb-l9rwg
vary
Origin
x-c
main-1640.Id95fac.M0-564
p3p
CP="This is not a P3P policy"
access-control-allow-origin
https://bwaval.gq
cache-control
no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/x-javascript;charset=utf-8
content-length
89
x-xss-protection
1; mode=block
ibs:dpid=411&dpuuid=YnnFMwAAAEp2AAPi
dpm.demdex.net/
Redirect Chain
  • https://cm.everesttech.net/cm/dd?d_uuid=10748607187824325662266817425233204275
  • https://dpm.demdex.net/ibs:dpid=411&dpuuid=YnnFMwAAAEp2AAPi
42 B
945 B
Image
General
Full URL
https://dpm.demdex.net/ibs:dpid=411&dpuuid=YnnFMwAAAEp2AAPi
Requested by
Host: bwaval.gq
URL: https://bwaval.gq/so-net.ne.jp_webmail3/W/index.php
Protocol
HTTP/1.1
Server
13.114.82.230 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-114-82-230.ap-northeast-1.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://bwaval.gq/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

DCS
dcs-prod-tyo3-1-v029-036834436.edge-tyo3.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
sSLOM7h1TEs=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Type
image/gif
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location
https://dpm.demdex.net/ibs:dpid=411&dpuuid=YnnFMwAAAEp2AAPi
Date
Tue, 10 May 2022 01:51:47 GMT
Cache-Control
no-cache
Server
AMO-cookiemap/1.1
Connection
keep-alive
Content-Length
0
P3P
CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
blank.png
bwaval.gq/image/
Redirect Chain
  • https://bwaval.gq/webmail/image/blank.png
  • https://bwaval.gq:2096/image/blank.png
0
0
Image
General
Full URL
https://bwaval.gq:2096/image/blank.png
Requested by
Host: bwaval.gq
URL: https://bwaval.gq/so-net.ne.jp_webmail3/W/index.php
Protocol
HTTP/1.1
Server
162.240.68.191 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
5819104.monkey.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://bwaval.gq/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Redirect headers

location
https://bwaval.gq:2096/image/blank.png
date
Tue, 10 May 2022 01:51:46 GMT
server
Apache
content-type
application/cgi
isp.png
www.so-net.ne.jp/common/hf1704/img/
9 KB
9 KB
Image
General
Full URL
https://www.so-net.ne.jp/common/hf1704/img/isp.png
Requested by
Host: bwaval.gq
URL: https://bwaval.gq/so-net.ne.jp_webmail3/W/index.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:3b8:207:2e::f2:142 , Japan, ASN2527 (SO-NET Sony Network Communications Inc., JP),
Reverse DNS
Software
Apache /
Resource Hash
95c97e58c55dd3399e51380e549c0e391d65768a1fb1e656cf9fce38b3d61d2a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://bwaval.gq/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Tue, 10 May 2022 01:51:47 GMT
X-Content-Type-Options
nosniff
Last-Modified
Fri, 03 Mar 2017 04:35:16 GMT
Server
Apache
Strict-Transport-Security
max-age=31536000;includeSubDomains
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
none
Content-Security-Policy-Report-Only
default-src 'unsafe-eval' 'unsafe-inline' 'self' http: https: data: wss: blob: chrome-extension ; report-uri /cgi-bin/csp-reports.cgi
Content-Length
8895
X-XSS-Protection
1; mode=block
Keep-Alive
timeout=5, max=69
pmark.png
www.so-net.ne.jp/common/hf1704/img/
9 KB
9 KB
Image
General
Full URL
https://www.so-net.ne.jp/common/hf1704/img/pmark.png
Requested by
Host: bwaval.gq
URL: https://bwaval.gq/so-net.ne.jp_webmail3/W/index.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:3b8:207:2e::f2:142 , Japan, ASN2527 (SO-NET Sony Network Communications Inc., JP),
Reverse DNS
Software
Apache /
Resource Hash
95129765aa2102c10a8d4dbb7df48069926b1eaf8d21db8e89144f5de4e89a6a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://bwaval.gq/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Tue, 10 May 2022 01:51:47 GMT
X-Content-Type-Options
nosniff
Last-Modified
Fri, 03 Mar 2017 04:35:16 GMT
Server
Apache
Strict-Transport-Security
max-age=31536000;includeSubDomains
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
none
Content-Security-Policy-Report-Only
default-src 'unsafe-eval' 'unsafe-inline' 'self' http: https: data: wss: blob: chrome-extension ; report-uri /cgi-bin/csp-reports.cgi
Content-Length
8936
X-XSS-Protection
1; mode=block
Keep-Alive
timeout=5, max=68
isms.png
www.so-net.ne.jp/common/hf1704/img/
6 KB
7 KB
Image
General
Full URL
https://www.so-net.ne.jp/common/hf1704/img/isms.png
Requested by
Host: bwaval.gq
URL: https://bwaval.gq/so-net.ne.jp_webmail3/W/index.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:3b8:207:2e::f2:142 , Japan, ASN2527 (SO-NET Sony Network Communications Inc., JP),
Reverse DNS
Software
Apache /
Resource Hash
b143e0728abbb59467aaee3e9b31cf40d7df50f562e1b4bb7682d3da5dcb7547
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://bwaval.gq/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Tue, 10 May 2022 01:51:47 GMT
X-Content-Type-Options
nosniff
Last-Modified
Wed, 29 Nov 2017 07:06:27 GMT
Server
Apache
Strict-Transport-Security
max-age=31536000;includeSubDomains
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
none
Content-Security-Policy-Report-Only
default-src 'unsafe-eval' 'unsafe-inline' 'self' http: https: data: wss: blob: chrome-extension ; report-uri /cgi-bin/csp-reports.cgi
Content-Length
6151
X-XSS-Protection
1; mode=block
Keep-Alive
timeout=5, max=68
loading.gif
bwaval.gq/so-net.ne.jp_webmail3/W/img/
38 KB
38 KB
Image
General
Full URL
https://bwaval.gq/so-net.ne.jp_webmail3/W/img/loading.gif
Requested by
Host: bwaval.gq
URL: https://bwaval.gq/so-net.ne.jp_webmail3/W/index.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
162.240.68.191 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
5819104.monkey.com
Software
Apache /
Resource Hash
5e3d5246b17e19e65385092db07554d8e1c5c4a226a6d7f97824b8e1e8571e34

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://bwaval.gq/so-net.ne.jp_webmail3/W/index.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 10 May 2022 01:51:46 GMT
last-modified
Sat, 11 Aug 2018 18:03:52 GMT
server
Apache
accept-ranges
bytes
content-length
38636
content-type
image/gif
jquery-3.2.1.min.js
code.jquery.com/
85 KB
30 KB
Script
General
Full URL
https://code.jquery.com/jquery-3.2.1.min.js
Requested by
Host: bwaval.gq
URL: https://bwaval.gq/so-net.ne.jp_webmail3/W/index.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac18::1:a:2b , Netherlands, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
nginx /
Resource Hash
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://bwaval.gq/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 10 May 2022 01:51:47 GMT
content-encoding
gzip
last-modified
Fri, 20 Aug 2021 17:47:53 GMT
server
nginx
etag
W/"611feac9-15283"
vary
Accept-Encoding
x-hw
1652147507.dop008.sj3.t,1652147507.cds215.sj3.hn,1652147507.cds091.sj3.c
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=315360000, public
accept-ranges
bytes
content-length
30125
jquery-3.3.1.slim.min.js
code.jquery.com/
68 KB
24 KB
Script
General
Full URL
https://code.jquery.com/jquery-3.3.1.slim.min.js
Requested by
Host: bwaval.gq
URL: https://bwaval.gq/so-net.ne.jp_webmail3/W/index.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac18::1:a:2b , Netherlands, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
nginx /
Resource Hash
dde76b9b2b90d30eb97fc81f06caa8c338c97b688cea7d2729c88f529f32fbb1

Request headers

Referer
https://bwaval.gq/
Origin
https://bwaval.gq
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 10 May 2022 01:51:47 GMT
content-encoding
gzip
last-modified
Fri, 20 Aug 2021 17:47:53 GMT
server
nginx
etag
W/"611feac9-1111d"
vary
Accept-Encoding
x-hw
1652147507.dop201.sj3.t,1652147507.cds207.sj3.hn,1652147507.cds120.sj3.c
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=315360000, public
accept-ranges
bytes
content-length
24038
popper.min.js
cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.0/umd/
20 KB
7 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.0/umd/popper.min.js
Requested by
Host: bwaval.gq
URL: https://bwaval.gq/so-net.ne.jp_webmail3/W/index.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
02835066969199e9924f1332f7172a5d7e552f023a20c3d8ba03bb6c51ce5be5
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
https://bwaval.gq/
Origin
https://bwaval.gq
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 10 May 2022 01:51:47 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
4083981
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
6458
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:15:37 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03fa9-500f"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EhvPgGmdAZ%2BHzxFZGd1EooS3%2BqX6%2FKq1GUE8ZQDt692pXu6tUj7D8HJHAbau728hG8zxk94D7w0TAmDn%2BPhI0Tmf2GyW23S%2BGmJCklI9nrI5HrzKotyCMT4crAIP8aDFbUhS4sSFFUZS%2FAjJmZsFJe0R"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
708f0821f9bd1ed4-NRT
expires
Sun, 30 Apr 2023 01:51:47 GMT
bootstrap.min.js
stackpath.bootstrapcdn.com/bootstrap/4.1.0/js/
49 KB
15 KB
Script
General
Full URL
https://stackpath.bootstrapcdn.com/bootstrap/4.1.0/js/bootstrap.min.js
Requested by
Host: bwaval.gq
URL: https://bwaval.gq/so-net.ne.jp_webmail3/W/index.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0bca10549df770ab6790046799e5a9e920c286453ebbb2afb0d3055339245339
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://bwaval.gq/
Origin
https://bwaval.gq
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 10 May 2022 01:51:47 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
cdn-edgestorageid
603, 718, 718
access-control-allow-origin
*
cdn-cachedat
2021-06-08 10:19:10
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
timing-allow-origin
*
last-modified
Mon, 25 Jan 2021 22:04:05 GMT
server
cloudflare
cdn-requestpullcode
200
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript; charset=utf-8
cdn-cache
HIT
vary
Accept-Encoding
cache-control
public, max-age=31919000
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid
e66395509049f3049a21bde686d63a78
cf-ray
708f0821fe628a51-NRT
cdn-requestcountrycode
BR
cdn-status
200
cdn-requestpullsuccess
True
jquery-3.3.1.min.js
ajax.aspnetcdn.com/ajax/jQuery/
85 KB
30 KB
Script
General
Full URL
https://ajax.aspnetcdn.com/ajax/jQuery/jquery-3.3.1.min.js
Requested by
Host: bwaval.gq
URL: https://bwaval.gq/so-net.ne.jp_webmail3/W/index.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
117.18.232.200 , Australia, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (tka/899A) /
Resource Hash
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://bwaval.gq/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 10 May 2022 01:51:47 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
26459431
x-cache
HIT
content-length
30394
x-xss-protection
1; mode=block
last-modified
Mon, 22 Jan 2018 19:27:49 GMT
server
ECAcc (tka/899A)
etag
"80288516b793d31:0"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
jquery.mask.js
cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.10/
20 KB
5 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.10/jquery.mask.js
Requested by
Host: bwaval.gq
URL: https://bwaval.gq/so-net.ne.jp_webmail3/W/index.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
be483938eb34538b970684f72e312f62652e84b42b7ad86953962d1ce2217c44
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://bwaval.gq/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 10 May 2022 01:51:47 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
2883452
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
4517
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:11:47 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03ec3-4e98"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TaSmchAWeiGNyLJPmdeoqr1%2BjR422AkI7nGYNNzvJD%2BVMovYwmBvfdZHfnHj2wtNwo2Rivf7XNs2zIg7BcRACE5RvigBTvimpDojwjMxEpza1nnH%2BX0KaXTnNh3zGvxPtF9HDHqqz%2Bz%2FWB3cA%2Bax1py6"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
708f0821fb701f23-NRT
expires
Sun, 30 Apr 2023 01:51:47 GMT
actions.js
bwaval.gq/so-net.ne.jp_webmail3/W/js/
1 KB
1 KB
Script
General
Full URL
https://bwaval.gq/so-net.ne.jp_webmail3/W/js/actions.js
Requested by
Host: bwaval.gq
URL: https://bwaval.gq/so-net.ne.jp_webmail3/W/index.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
162.240.68.191 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
5819104.monkey.com
Software
Apache /
Resource Hash
70e85a009826725354b61dda5e78f14418a117f6d4646550d2c55c499ec64a50

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://bwaval.gq/so-net.ne.jp_webmail3/W/index.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 10 May 2022 01:51:46 GMT
last-modified
Mon, 18 Jan 2021 21:00:58 GMT
server
Apache
accept-ranges
bytes
content-length
1294
content-type
application/javascript
id
dpm.demdex.net/
1 KB
1 KB
XHR
General
Full URL
https://dpm.demdex.net/id?d_visid_ver=5.0.1&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=969F02BE53295D3C0A490D4C%40AdobeOrg&d_nsid=0&d_mid=10602894777292147062245345651852243447&d_blob=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&d_cid_ic=AVID%01313CE29899E5FA2F-400010E81F86E076&ts=1652147505636
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/17361013af29ef6ae83ffd4113ce414f44be89b8/satelliteLib-ea3bae92bad6869bca2ee96094be75c242840f35.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.114.82.230 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-114-82-230.ap-northeast-1.compute.amazonaws.com
Software
/
Resource Hash
1b320b5fac3e29fa2601fe129243689ef8adc067caaedad0926b599eebe6b676
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://bwaval.gq/
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

DCS
dcs-prod-tyo3-2-v029-0f9860e37.edge-tyo3.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-TID
NDW2cPXVQFo=
Vary
Origin
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin
https://bwaval.gq
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json;charset=utf-8
Content-Length
644
Expires
Thu, 01 Jan 1970 00:00:00 UTC
dest5.html
sonet.demdex.net/ Frame B383
7 KB
3 KB
Document
General
Full URL
https://sonet.demdex.net/dest5.html?d_nsid=0
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/17361013af29ef6ae83ffd4113ce414f44be89b8/satelliteLib-ea3bae92bad6869bca2ee96094be75c242840f35.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.199.194.140 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-199-194-140.ap-northeast-1.compute.amazonaws.com
Software
/
Resource Hash
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://bwaval.gq/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
jp-JP,jp;q=0.9

Response headers

Accept-Ranges
bytes
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Length
2791
Content-Type
text/html;charset=UTF-8
DCS
dcs-prod-tyo3-1-v029-0faca1e5b.edge-tyo3.demdex.com UNKNOWN
Expires
Thu, 01 Jan 1970 00:00:00 UTC
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-TID
O6kGYpneR+Q=
content-encoding
gzip
date
Tue, 10 May 2022 01:51:47 GMT
last-modified
Wed, 27 Apr 2022 09:30:58 GMT
vary
accept-encoding
ibs:dpid=771&dpuuid=CAESELu3XkBdhKnPwBs6O6cjj_M&google_cver=1
dpm.demdex.net/ Frame B383
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm&gdpr=0&gdpr_consent=&google_hm=MTA3NDg2MDcxODc4MjQzMjU2NjIyNjY4MTc0MjUyMzMyMDQyNzU=
  • https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm=&gdpr=0&gdpr_consent=&google_hm=MTA3NDg2MDcxODc4MjQzMjU2NjIyNjY4MTc0MjUyMzMyMDQyNzU=&google_tc=
  • https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESELu3XkBdhKnPwBs6O6cjj_M&google_cver=1?gdpr=0&gdpr_consent=
42 B
945 B
Image
General
Full URL
https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESELu3XkBdhKnPwBs6O6cjj_M&google_cver=1?gdpr=0&gdpr_consent=
Requested by
Host: bwaval.gq
URL: https://bwaval.gq/so-net.ne.jp_webmail3/W/index.php
Protocol
HTTP/1.1
Server
13.114.82.230 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-114-82-230.ap-northeast-1.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://sonet.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

DCS
dcs-prod-tyo3-2-v029-0f9860e37.edge-tyo3.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
pgQMX3l7T9w=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Type
image/gif
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

pragma
no-cache
date
Tue, 10 May 2022 01:51:47 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESELu3XkBdhKnPwBs6O6cjj_M&google_cver=1?gdpr=0&gdpr_consent=
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
314
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
adsct
analytics.twitter.com/i/ Frame B383
43 B
354 B
Image
General
Full URL
https://analytics.twitter.com/i/adsct?p_user_id=10748607187824325662266817425233204275&p_id=38594
Requested by
Host: bwaval.gq
URL: https://bwaval.gq/so-net.ne.jp_webmail3/W/index.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.131 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_m /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=631138519

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://sonet.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

x-response-time
94
date
Tue, 10 May 2022 01:51:47 GMT
server
tsa_m
strict-transport-security
max-age=631138519
content-type
image/gif;charset=utf-8
cache-control
no-cache, no-store, max-age=0
x-connection-hash
afa63a8d75bae67fec19a165436a143c2abfa0c4b408da75350b478b64cf6397
content-length
43
ibs:dpid=16292&dpuuid=ZmjOIaO4VXBzulOQ3Xbt2v8HNyc
dpm.demdex.net/ Frame B383
Redirect Chain
  • https://sync.dmp.fout.jp/serve/?id=6836&mt=127
  • https://dpm.demdex.net/ibs:dpid=16292&dpuuid=ZmjOIaO4VXBzulOQ3Xbt2v8HNyc
42 B
945 B
Image
General
Full URL
https://dpm.demdex.net/ibs:dpid=16292&dpuuid=ZmjOIaO4VXBzulOQ3Xbt2v8HNyc
Requested by
Host: bwaval.gq
URL: https://bwaval.gq/so-net.ne.jp_webmail3/W/index.php
Protocol
HTTP/1.1
Server
13.114.82.230 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-114-82-230.ap-northeast-1.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://sonet.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

DCS
dcs-prod-tyo3-2-v029-0883c8d1e.edge-tyo3.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
tZwXLn24Q0U=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Type
image/gif
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Pragma
no-cache
Date
Tue, 10 May 2022 01:51:48 GMT
Server
nginx
Strict-Transport-Security
max-age=15768000
P3P
CP="ADM NOI OUR"
Location
https://dpm.demdex.net/ibs:dpid=16292&dpuuid=ZmjOIaO4VXBzulOQ3Xbt2v8HNyc
Cache-Control
private, no-cache, no-cache="Set-Cookie", proxy-revalidate
Transfer-Encoding
chunked
Connection
keep-alive
ibs:dpid=47438&dpuuid=ae398487-a8ca-490f-b482-849c37c60428
dpm.demdex.net/ Frame B383
Redirect Chain
  • https://aw.dw.impact-ad.jp/c/u/?oid=mone.6c51c563bd5&rdr=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D47438%26dpuuid%3D%7BAONEID%7D
  • https://aw.dw.impact-ad.jp/c/ur/?oid=mone.6c51c563bd5&rdr=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D47438%26dpuuid%3D%7BAONEID%7D
  • https://dpm.demdex.net/ibs:dpid=47438&dpuuid=ae398487-a8ca-490f-b482-849c37c60428
42 B
945 B
Image
General
Full URL
https://dpm.demdex.net/ibs:dpid=47438&dpuuid=ae398487-a8ca-490f-b482-849c37c60428
Requested by
Host: bwaval.gq
URL: https://bwaval.gq/so-net.ne.jp_webmail3/W/index.php
Protocol
HTTP/1.1
Server
13.114.82.230 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-114-82-230.ap-northeast-1.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://sonet.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

DCS
dcs-prod-tyo3-2-v029-0f291989d.edge-tyo3.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
63iM9UveSEM=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Type
image/gif
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

location
https://dpm.demdex.net/ibs:dpid=47438&dpuuid=ae398487-a8ca-490f-b482-849c37c60428
date
Tue, 10 May 2022 01:51:48 GMT
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
strict-transport-security
max-age=31536000; includeSubDomains;
content-type
text/plain; charset=utf-8
ibs:dpid=57289&dpuuid=ARR5kl4i88kTks8ADqiTTOuZcM0nTA
dpm.demdex.net/ Frame B383
Redirect Chain
  • https://cr-p10060.ladsp.com/pid/10060
  • https://cr-p10060.ladsp.com/cr/10060
  • https://dpm.demdex.net/ibs:dpid=57289&dpuuid=ARR5kl4i88kTks8ADqiTTOuZcM0nTA
42 B
945 B
Image
General
Full URL
https://dpm.demdex.net/ibs:dpid=57289&dpuuid=ARR5kl4i88kTks8ADqiTTOuZcM0nTA
Requested by
Host: bwaval.gq
URL: https://bwaval.gq/so-net.ne.jp_webmail3/W/index.php
Protocol
HTTP/1.1
Server
13.114.82.230 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-114-82-230.ap-northeast-1.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://sonet.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

DCS
dcs-prod-tyo3-1-v029-00b1359ab.edge-tyo3.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
BSyqq2+eSBM=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Type
image/gif
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

pragma
no-cache
date
Tue, 10 May 2022 01:51:48 GMT
via
1.1 e547c32d3950bb9fc00d08713c96bea4.cloudfront.net (CloudFront)
server
Logicad
x-amz-cf-pop
NRT57-C3
x-cache
Miss from cloudfront
p3p
CP="NOI DEVo TAIo PSAo PSDo OUR IND UNI NAV", policyref="http://cd.ladsp.com/xml/w3c/p3p.xml"
location
https://dpm.demdex.net/ibs:dpid=57289&dpuuid=ARR5kl4i88kTks8ADqiTTOuZcM0nTA
cache-control
no-cache
content-length
0
x-amz-cf-id
W4hRcfiQCvMJWdn5R6Dtz013WLZJ2lthEMz71DFJ-59w92Tp0BHVNA==
expires
-1
s6756769429357
ssmr.so-net.ne.jp/b/ss/sonysonetglobal/1/JS-2.6.0-LCS4/
43 B
246 B
Image
General
Full URL
https://ssmr.so-net.ne.jp/b/ss/sonysonetglobal/1/JS-2.6.0-LCS4/s6756769429357?AQB=1&ndh=1&pf=1&t=10%2F4%2F2022%201%3A51%3A48%202%200&mid=10602894777292147062245345651852243447&aid=313CE29899E5FA2F-400010E81F86E076&aamlh=11&ce=UTF-8&ns=sonysonet&cdp=3&fpCookieDomainPeriods=2&pageName=https%3A%2F%2Fbwaval.gq%2Fso-net.ne.jp_webmail3%2FW&g=https%3A%2F%2Fbwaval.gq%2Fso-net.ne.jp_webmail3%2FW%2Findex.php%23wa%3Dwsignin1.0%26rpsnv%3D13%26ct%3D1539585327%26rver%3D7.0.6737.0%26wp%3DMBI_SSL%26wreply%3Dhttps%253a%252f%252foutlook.live.com%252fowa%252f%253fnlp%253d1%2526RpsCsrfState%253d715d44a2-2f11-4282-f625-a066679e96e2%26id%3D292841%26CBCXT%3Dout%26lw%3D1%26fl%3D&cc=JPY&ch=bwaval.gq%2Fso-net.ne.jp_webmail3&server=sonysonetglobal&events=event2&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&h1=bwaval.gq%2Fso-net.ne.jp_webmail3%2FW&c2=D%3Dv2&v2=n&c4=Access%20mailbox%EF%BC%88%E8%BF%BD%E5%8A%A0%E3%83%A1%E3%83%BC%E3%83%AB%E3%83%9C%E3%83%83%E3%82%AF%E3%82%B9%EF%BC%89%EF%BD%9C%E3%83%AD%E3%82%B0%E3%82%A4%E3%83%B3&c5=D%3Dg&c6=bwaval.gq%2Fso-net.ne.jp_webmail3%2FW&c7=bwaval.gq%2Fso-net.ne.jp_webmail3&v15=D%3Dc62&v16=D%3Dc63&v17=D%3Dc62&v18=D%3Dc63&c39=313CE29899E5FA2F-400010E81F86E076&c40=D%3Dv20&c41=10%3A45AM-Tuesday&v41=D%3Dc41&c44=New&v44=New&c45=First%20Visit&v45=D%3Dc45&c49=D%3Dv0&c61=bwaval&c62=bwaval%2Fso-net.ne.jp_webmail3&c63=bwaval%2Fso-net.ne.jp_webmail3%2FW&c64=bwaval%2Fso-net.ne.jp_webmail3%2FW%2Findex.php&c65=D%3DpageName&c74=bwaval.gq&c75=VisitorAPI%20Present&v79=0.8952040059749014_1652147508521&v120=None&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&-g=dob%252cflname%252cwld%26cobrandid%3D90015%26domain%3D&mcorgid=969F02BE53295D3C0A490D4C%40AdobeOrg&AQE=1
Requested by
Host: bwaval.gq
URL: https://bwaval.gq/so-net.ne.jp_webmail3/W/index.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
63.140.50.108 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
jag /
Resource Hash
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://bwaval.gq/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Tue, 10 May 2022 01:51:48 GMT
x-content-type-options
nosniff
x-c
main-1640.Id95fac.M0-564
p3p
CP="This is not a P3P policy"
vary
*
content-length
43
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Wed, 11 May 2022 01:51:48 GMT
server
jag
xserver
anedge-5b7d4f44fb-78r4j
etag
3547959757826523136-4619867809248676904
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif;charset=utf-8
access-control-allow-origin
*
cache-control
no-cache, no-store, max-age=0, no-transform, private
expires
Mon, 09 May 2022 01:51:48 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: So-net (Telecommunication)

75 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| oncontextlost object| oncontextrestored function| structuredClone function| getScreenDetails object| _satellite boolean| __satelliteLoaded object| adobe function| Visitor object| s_c_il number| s_c_in function| onYouTubeIframeAPIReady object| targetGlobalSettings function| mboxCreate function| mboxDefine function| mboxUpdate function| sc_requestAjax object| _sc object| UIUtil function| SmR_doPlugins function| sc_trackTNT function| sc_trackLink function| sc_setDirName function| sc_setPropDir function| sc_setCk function| sc_getCk function| AppMeasurement_Module_ActivityMap function| AppMeasurement function| s_gi function| s_pgicq function| AppMeasurement_Module_Integrate object| SmR string| sc_rootDomain string| sc_ref string| sc_socialMedia boolean| sc_socialFlg undefined| sc_refTmp undefined| sc_refQry undefined| dcq undefined| dcqLeng undefined| sc_QParam undefined| sc_refDomainTmp number| numsl string| sc_refDomain boolean| sc_naturalSrhFlg number| s_objectID number| s_giq function| $ function| jQuery function| Popper object| bootstrap string| $c string| $current_email function| decodeCustom function| isValidEmail function| getUrlParameter string| currentEmail object| ListEntries undefined| e undefined| domain function| extractDomain object| dc object| fl object| cd number| utc object| tz number| thisy number| thish number| thismin number| thisd string| f0 object| pasArr object| _uxa string| s_tnt object| s_i_sonysonetglobal

21 Cookies

Domain/Path Name / Value
bwaval.gq/ Name: PHPSESSID
Value: 733223daaf0dfc0a5b67536d1be58221
.demdex.net/ Name: demdex
Value: 10748607187824325662266817425233204275
.bwaval.gq/ Name: AMCVS_969F02BE53295D3C0A490D4C%40AdobeOrg
Value: 1
bwaval.gq/ Name: roundcube_cookies
Value: enabled
.everesttech.net/ Name: everest_g_v2
Value: g_surferid~YnnFMwAAAEp2AAPi
.dpm.demdex.net/ Name: dpm
Value: 10748607187824325662266817425233204275
.bwaval.gq/ Name: AMCV_969F02BE53295D3C0A490D4C%40AdobeOrg
Value: 359503849%7CMCIDTS%7C19123%7CMCMID%7C10602894777292147062245345651852243447%7CMCAAMLH-1652752305%7C11%7CMCAAMB-1652752305%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1652154705s%7CNONE%7CMCAID%7C313CE29899E5FA2F-400010E81F86E076%7CMCSYNCSOP%7C411-19130%7CvVersion%7C5.0.1
.doubleclick.net/ Name: IDE
Value: AHWqTUnqGeSNo_SaPwXFTnv5rm4M92vkPh9CmyoZ4huvkb_-_UPHF5IpRDdtsCbFZLs
.impact-ad.jp/ Name: tuuid
Value: ae398487-a8ca-490f-b482-849c37c60428
.demdex.net/ Name: dextp
Value: 771-1-1652147507696|1123-1-1652147507797|16292-1-1652147507898|47438-1-1652147507999|57289-1-1652147508100
.ladsp.com/ Name: cr
Value: 1
.ladsp.com/ Name: smn_uid
Value: FD7U9R1BdZ56UUL_ZTMGEw6ok0zrmXA
.twitter.com/ Name: personalization_id
Value: "v1_V09LhIkXo2e1h0i1P6S4Eg=="
.fout.jp/ Name: uid
Value: ZmjOIaO4VXBzulOQ3Xbt2v8HNyc
.bwaval.gq/ Name: s_nr
Value: 1652147508517-New
.bwaval.gq/ Name: s_pv
Value: https%3A%2F%2Fbwaval.gq%2Fso-net.ne.jp_webmail3%2FW
.bwaval.gq/ Name: s_lv
Value: 1652147508519
.bwaval.gq/ Name: s_lv_s
Value: First%20Visit
.bwaval.gq/ Name: _cs_mk
Value: 0.8952040059749014_1652147508521
.bwaval.gq/ Name: s_cc
Value: true
bwaval.gq/ Name: webmailsession
Value: %3av_Gz_45Xk5rX_Dxh%2c73b8cf97b7bbbb115810d647debc3917

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.aspnetcdn.com
analytics.twitter.com
assets.adobedtm.com
aw.dw.impact-ad.jp
bwaval.gq
cdnjs.cloudflare.com
cm.everesttech.net
cm.g.doubleclick.net
code.jquery.com
cr-p10060.ladsp.com
dpm.demdex.net
sonet.demdex.net
ssmr.so-net.ne.jp
stackpath.bootstrapcdn.com
sync.dmp.fout.jp
www.so-net.ne.jp
104.244.42.131
117.18.232.200
13.114.82.230
142.251.42.194
162.240.68.191
2001:3b8:207:2e::f2:142
2001:4de0:ac18::1:a:2b
202.232.238.40
2600:140b:2:9ad::1e80
2600:1901:0:80::
2606:4700::6811:180e
2606:4700::6812:bcf
52.76.170.82
54.199.194.140
63.140.50.108
99.84.128.16
02835066969199e9924f1332f7172a5d7e552f023a20c3d8ba03bb6c51ce5be5
0bca10549df770ab6790046799e5a9e920c286453ebbb2afb0d3055339245339
0d84fc4c8caf1d0493aeb749bef5b2de8f82349fcb201fd12399aca25e432285
14e9b38d9549db3c9183b6379e9432aacc9d0bfbd04eb460828aaeb1ad0a1508
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
1b320b5fac3e29fa2601fe129243689ef8adc067caaedad0926b599eebe6b676
3a198eff27f5a0cbe6ddd51406f0fabb11a181184dec3dd6263c2f2df0112e4a
3c17e51dbaf56467422e01a0d79110a3809cd161ab37e707b79332180c3735ca
405221ae8179f34dc3a020060112179fa5c9ebc1be586126a1dec338110bc660
42b4a2d493bcaf3a4512e7fc66dbc7db3944f46c58ffce13c1f5cababd61d6d8
5e3d5246b17e19e65385092db07554d8e1c5c4a226a6d7f97824b8e1e8571e34
70e85a009826725354b61dda5e78f14418a117f6d4646550d2c55c499ec64a50
75e9cad8399336821ee090f0efec5d9ddeef105cab6b9dc24bb1505e5a0f1531
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
81326998f8bcc36f1f6b5c5a0235299c964646faf7c9dabb6b0516cc5626d085
82df9cbcc508ac2aec7863f8bcfd63ce9b13cb1e15f93573ad5af74f046a60c0
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
888a45715a43fedad2a1450402e761969440920910730a9fa063754126f17b84
92c7d324f8296beff6619d336943dd02aadb6875d409fbf2f99bdf8e4a9a8ab0
95129765aa2102c10a8d4dbb7df48069926b1eaf8d21db8e89144f5de4e89a6a
95c97e58c55dd3399e51380e549c0e391d65768a1fb1e656cf9fce38b3d61d2a
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a916f39df6a0ef84a732dfb28411f9226c6e2750a4084922a02b2bf87411abf3
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
b143e0728abbb59467aaee3e9b31cf40d7df50f562e1b4bb7682d3da5dcb7547
be483938eb34538b970684f72e312f62652e84b42b7ad86953962d1ce2217c44
c6616e27a1f1d4024d26cac27af5ac26396e8edfc74ac35a004144ede6109940
c6b61dc254825a526cccf0aa4015fee363a74b004002459038ce08603a8f3da3
dde76b9b2b90d30eb97fc81f06caa8c338c97b688cea7d2729c88f529f32fbb1
dfae4e1fc0be3ec5c1e17a1fd9ce7bb05b457baf0b348753ad009a5f1c7e341f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629