app.capacities.io Open in urlscan Pro
2600:9000:223d:d200:a:2067:c540:93a1  Public Scan

URL: https://app.capacities.io/home/ce876d3c-88be-4b07-96a6-d590700e733d
Submission: On February 16 via manual from DE — Scanned from DE

Summary

This website contacted 5 IPs in 2 countries across 4 domains to perform 20 HTTP transactions. The main IP is 2600:9000:223d:d200:a:2067:c540:93a1, located in United States and belongs to AMAZON-02, US. The main domain is app.capacities.io. The Cisco Umbrella rank of the primary domain is 552744.
TLS certificate: Issued by Amazon RSA 2048 M03 on January 26th 2024. Valid for: a year.
This is the only time app.capacities.io was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
10 2600:9000:223... 16509 (AMAZON-02)
1 13.32.121.50 16509 (AMAZON-02)
6 3.73.17.39 16509 (AMAZON-02)
2 2606:4700:20:... 13335 (CLOUDFLAR...)
1 3.5.137.167 16509 (AMAZON-02)
20 5
Apex Domain
Subdomains
Transfer
16 capacities.io
app.capacities.io — Cisco Umbrella Rank: 552744
portal.capacities.io — Cisco Umbrella Rank: 308213
7 MB
2 iconify.design
api.iconify.design — Cisco Umbrella Rank: 15155
2 KB
1 amazonaws.com
capacities-images.s3.eu-central-1.amazonaws.com
115 KB
1 profitwell.com
public.profitwell.com — Cisco Umbrella Rank: 12483
9 KB
20 4
Domain Requested by
10 app.capacities.io app.capacities.io
6 portal.capacities.io app.capacities.io
2 api.iconify.design app.capacities.io
1 capacities-images.s3.eu-central-1.amazonaws.com
1 public.profitwell.com app.capacities.io
20 5

This site contains links to these domains. Also see Links.

Domain
capacities.io
jhweyibqzvmbdzq.ru
Subject Issuer Validity Valid
capacities.io
Amazon RSA 2048 M03
2024-01-26 -
2025-02-23
a year crt.sh
*.profitwell.com
Amazon RSA 2048 M02
2023-06-03 -
2024-07-01
a year crt.sh
iconify.design
Cloudflare Inc ECC CA-3
2023-05-18 -
2024-05-17
a year crt.sh
*.s3.eu-central-1.amazonaws.com
Amazon RSA 2048 M01
2023-10-10 -
2024-08-12
10 months crt.sh

This page contains 1 frames:

Primary Page: https://app.capacities.io/home/ce876d3c-88be-4b07-96a6-d590700e733d
Frame ID: 4F2CDC38C70BE5E20F071FF745334E80
Requests: 15 HTTP requests in this frame

Screenshot

Page Title

Capacities

Detected technologies

Overall confidence: 100%
Detected patterns
  • <[^>]+\sdata-v(?:ue)?-

Overall confidence: 100%
Detected patterns
  • public\.profitwell\.com/js/profitwell\.js

Page Statistics

20
Requests

100 %
HTTPS

40 %
IPv6

4
Domains

5
Subdomains

5
IPs

2
Countries

6979 kB
Transfer

6990 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

20 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request ce876d3c-88be-4b07-96a6-d590700e733d
app.capacities.io/home/
4 KB
4 KB
Document
General
Full URL
https://app.capacities.io/home/ce876d3c-88be-4b07-96a6-d590700e733d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:d200:a:2067:c540:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
862599f20024118e20baec2ebdb6b73e1186d2922e953de2b665996826cd4f60
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-length
3736
content-type
text/html
date
Fri, 16 Feb 2024 12:29:02 GMT
etag
"45178755010ade2c7039184dd935bcb9"
last-modified
Thu, 15 Feb 2024 13:55:22 GMT
referrer-policy
strict-origin-when-cross-origin
server
AmazonS3
strict-transport-security
max-age=31536000
vary
Origin
via
1.1 e41703af87be84ac95b3cadf9d8dd470.cloudfront.net (CloudFront)
x-amz-cf-id
wSPwz7A7-E-dGu-Oava64I5ZAbTQpt5yGxFIX7CAvKFULfjWUzXMxA==
x-amz-cf-pop
FRA56-P3
x-amz-error-code
NoSuchKey
x-amz-error-detail-key
home/ce876d3c-88be-4b07-96a6-d590700e733d
x-amz-error-message
The specified key does not exist.
x-amz-version-id
XW1BKHcvMeC8ETjkiRpwdFdskRy_QogI
x-cache
Error from cloudfront
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
index30571.js
app.capacities.io/
5 MB
5 MB
Script
General
Full URL
https://app.capacities.io/index30571.js
Requested by
Host: app.capacities.io
URL: https://app.capacities.io/home/ce876d3c-88be-4b07-96a6-d590700e733d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:d200:a:2067:c540:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
846f71c6794718df3e6d2cb5f2af0b90fe12c6cf7abac2589b4fc10447ce4a71
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://app.capacities.io/home/ce876d3c-88be-4b07-96a6-d590700e733d
Origin
https://app.capacities.io
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Thu, 15 Feb 2024 13:55:37 GMT
x-amz-version-id
cTlFhLh.hhE.X53YEEzqkoWtosZlqEnW
via
1.1 e41703af87be84ac95b3cadf9d8dd470.cloudfront.net (CloudFront)
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
x-amz-cf-pop
FRA56-P3
age
81206
x-cache
Hit from cloudfront
content-length
5584904
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 15 Feb 2024 13:55:22 GMT
server
AmazonS3
etag
"749dfe0ec497f51d7f54aecfce08c449"
x-frame-options
SAMEORIGIN
content-type
text/javascript
access-control-allow-origin
*
access-control-expose-headers
*
x-amz-cf-id
i48Q4k9c3bxhq50Jg1dMQx7YWBuWsqiQKk5xHpmQmYf9hJiT4tlsrA==
index30571.css
app.capacities.io/
795 KB
796 KB
Stylesheet
General
Full URL
https://app.capacities.io/index30571.css
Requested by
Host: app.capacities.io
URL: https://app.capacities.io/home/ce876d3c-88be-4b07-96a6-d590700e733d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:d200:a:2067:c540:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a1a9471523bf74e101b0676726545b9a3818f2cd26edaa42a4dcc319e09dce56
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.capacities.io/home/ce876d3c-88be-4b07-96a6-d590700e733d
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Thu, 15 Feb 2024 13:55:37 GMT
x-amz-version-id
lOFnwy0QTrQIa0pFpSQOBsju2BEAISsI
via
1.1 e41703af87be84ac95b3cadf9d8dd470.cloudfront.net (CloudFront)
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
x-amz-cf-pop
FRA56-P3
age
81206
x-cache
Hit from cloudfront
content-length
813942
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 15 Feb 2024 13:55:22 GMT
server
AmazonS3
etag
"60a82990c83195aba29c264496f24c66"
x-frame-options
SAMEORIGIN
vary
Origin
content-type
text/css
x-amz-cf-id
b0z6txext2BR9tm6oFj5E47Dp9UDRj5imgPlkT7tR5M1_9j5ORym4w==
profitwell.js
public.profitwell.com/js/
35 KB
9 KB
Script
General
Full URL
https://public.profitwell.com/js/profitwell.js?auth=7f9c4b4d79c926cd3d7b36b86e7c144b
Requested by
Host: app.capacities.io
URL: https://app.capacities.io/home/ce876d3c-88be-4b07-96a6-d590700e733d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.121.50 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-121-50.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d19b7af86a35dfda3a91657fb0f532541ad1bf34b75c68bb9992a374cd5fd5f2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.capacities.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-amz-version-id
uxIt1SCydrYnaOCuzhsDaHENAdMuSyNO
content-encoding
gzip
via
1.1 857b0dca772798c338c78a1be69c955c.cloudfront.net (CloudFront)
date
Fri, 16 Feb 2024 09:34:09 GMT
last-modified
Thu, 21 Dec 2023 14:58:22 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P1
age
10767
x-amz-server-side-encryption
AES256
etag
W/"40097cdf413c1f1f303c66489742cb44"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
x-amz-cf-id
44VKquS7xPVU5vP_EtYyJTSgEysfzyvFTqhSjOFI8KwSmDJ2hrgR6w==
pdf30571.js
app.capacities.io/
283 KB
284 KB
Script
General
Full URL
https://app.capacities.io/pdf30571.js
Requested by
Host: app.capacities.io
URL: https://app.capacities.io/index30571.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:d200:a:2067:c540:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
368956fec1d778b6527613908dbb82f24f58f7496581a2a7e5f338b6330c3ca1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://app.capacities.io/index30571.js
Origin
https://app.capacities.io
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Thu, 15 Feb 2024 13:55:39 GMT
x-amz-version-id
h5ymbD6LBHFDKrsrOC8DJqC4Mefltzpi
via
1.1 e41703af87be84ac95b3cadf9d8dd470.cloudfront.net (CloudFront)
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
x-amz-cf-pop
FRA56-P3
age
81205
x-cache
Hit from cloudfront
content-length
289796
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 15 Feb 2024 13:55:23 GMT
server
AmazonS3
etag
"25a6170d48861ab53717937011c447cd"
x-frame-options
SAMEORIGIN
content-type
text/javascript
access-control-allow-origin
*
access-control-expose-headers
*
x-amz-cf-id
JLfw3G-o4D6dhwSx_gojHMvTIUuwOipC2slvfMyzbS5rKteSAyGmDQ==
version
app.capacities.io/
8 B
505 B
Fetch
General
Full URL
https://app.capacities.io/version
Requested by
Host: app.capacities.io
URL: https://app.capacities.io/index30571.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:d200:a:2067:c540:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e11d4c693004c4f58e4510c4b2fde64ec53202d73694fe14196089d75d975acf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Cache-Control
no-cache
Referer
https://app.capacities.io/home/ce876d3c-88be-4b07-96a6-d590700e733d
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
Expires
0

Response headers

date
Thu, 15 Feb 2024 13:55:28 GMT
x-amz-version-id
2wRRr4a6ycWqx0Fkm4S5Z6R2E_A1ArFy
via
1.1 e41703af87be84ac95b3cadf9d8dd470.cloudfront.net (CloudFront)
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
x-amz-cf-pop
FRA56-P3
age
81217
x-cache
Hit from cloudfront
content-length
8
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 15 Feb 2024 13:55:24 GMT
server
AmazonS3
etag
"b9a49af454cfc7105b2104d68db7d76a"
x-frame-options
SAMEORIGIN
vary
Origin
content-type
binary/octet-stream
x-amz-cf-id
koJpFXLUbKUs7jaWCgN24A5HCnVnlQaol1Kt6Ie5SCn0qQQCcUilnA==
maintenance-info
portal.capacities.io/resources/
90 B
806 B
XHR
General
Full URL
https://portal.capacities.io/resources/maintenance-info
Requested by
Host: app.capacities.io
URL: https://app.capacities.io/index30571.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.73.17.39 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-73-17-39.eu-central-1.compute.amazonaws.com
Software
nginx/1.25.3 /
Resource Hash
479aba2ce0a6ee57937ca331c95f527b52af34fcf9105e2802e1f75d9841ec04
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
application/json, text/plain, */*
Referer
https://app.capacities.io/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
appversion
web-1.34.10

Response headers

date
Fri, 16 Feb 2024 12:29:04 GMT
content-security-policy
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies
none
x-dns-prefetch-control
off
cross-origin-resource-policy
same-origin
content-length
90
x-xss-protection
0
referrer-policy
no-referrer
server
nginx/1.25.3
cross-origin-opener-policy
same-origin
etag
W/"5a-4yl2xYVkuSerfEojZM7NtoQMh7o"
x-download-options
noopen
x-frame-options
SAMEORIGIN
vary
Origin, Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://app.capacities.io
origin-agent-cluster
?1
access-control-allow-credentials
true
_...location_30571.js
app.capacities.io/
302 B
844 B
Script
General
Full URL
https://app.capacities.io/_...location_30571.js
Requested by
Host: app.capacities.io
URL: https://app.capacities.io/index30571.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:d200:a:2067:c540:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
9f7d277ba8264b0a51a9fe8ff97856074022ed6c17581aa68e191f606dfe4051
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://app.capacities.io/index30571.js
Origin
https://app.capacities.io
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Thu, 15 Feb 2024 16:02:09 GMT
x-amz-version-id
0sC_skDOeYPLOKH87Ta1NCZ5VL8WfTLI
via
1.1 e41703af87be84ac95b3cadf9d8dd470.cloudfront.net (CloudFront)
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
x-amz-cf-pop
FRA56-P3
age
73616
x-cache
Hit from cloudfront
content-length
302
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 15 Feb 2024 13:55:22 GMT
server
AmazonS3
etag
"80143f766057db8a0170c3c73b05e134"
x-frame-options
SAMEORIGIN
content-type
text/javascript
access-control-allow-origin
*
access-control-expose-headers
*
x-amz-cf-id
yxuwQOCzzdQz_QaJXyTpJpO75dZHi4Hd0HZ0ZsNy7zvsw2JZMdpaLg==
Inter-SemiBold30571.woff2
app.capacities.io/
103 KB
104 KB
Font
General
Full URL
https://app.capacities.io/Inter-SemiBold30571.woff2?v=3.19
Requested by
Host: app.capacities.io
URL: https://app.capacities.io/index30571.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:d200:a:2067:c540:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
152261291c938aa5aad6a56d52b47ffcb893d1c0387e76d7f270a7382ff786d5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://app.capacities.io/index30571.css
Origin
https://app.capacities.io
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Thu, 15 Feb 2024 16:02:08 GMT
x-amz-version-id
BxLujyOcb8ZC9K3WHUMqeyCg6N5d7Oca
via
1.1 e41703af87be84ac95b3cadf9d8dd470.cloudfront.net (CloudFront)
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
x-amz-cf-pop
FRA56-P3
age
73617
x-cache
Hit from cloudfront
content-length
105804
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 15 Feb 2024 13:55:20 GMT
server
AmazonS3
etag
"007ad31a53f4ab3f58ee74f2308482ce"
x-frame-options
SAMEORIGIN
content-type
font/woff2
access-control-allow-origin
*
access-control-expose-headers
*
x-amz-cf-id
DS3S0LP7l4FN6vms2ScI8DpC9Y6RK4FJc5UoNjacZCwhbz7xaP137Q==
Inter-Regular30571.woff2
app.capacities.io/
97 KB
97 KB
Font
General
Full URL
https://app.capacities.io/Inter-Regular30571.woff2?v=3.19
Requested by
Host: app.capacities.io
URL: https://app.capacities.io/index30571.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:d200:a:2067:c540:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d612f1212b452af07f1a5defb2b672e76a91f7139e7499fa48bb9b2b985c22d6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://app.capacities.io/index30571.css
Origin
https://app.capacities.io
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Thu, 15 Feb 2024 13:55:39 GMT
x-amz-version-id
Y5WhtCqH6aIdvcs0RJWpmS5NiGOd.68T
via
1.1 e41703af87be84ac95b3cadf9d8dd470.cloudfront.net (CloudFront)
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
x-amz-cf-pop
FRA56-P3
age
81206
x-cache
Hit from cloudfront
content-length
98868
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 15 Feb 2024 13:55:20 GMT
server
AmazonS3
etag
"dc131113894217b5031000575d9de002"
x-frame-options
SAMEORIGIN
content-type
font/woff2
access-control-allow-origin
*
access-control-expose-headers
*
x-amz-cf-id
V6TOU-I9gJTG6tdM-4lPophT2GJ2tVchQEMHwqmGRorCH7pK1pN9xw==
maintenance-info
portal.capacities.io/resources/
0
0
Preflight
General
Full URL
https://portal.capacities.io/resources/maintenance-info
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.73.17.39 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-73-17-39.eu-central-1.compute.amazonaws.com
Software
nginx/1.25.3 /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
appversion
Access-Control-Request-Method
GET
Origin
https://app.capacities.io
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Origin,X-Requested-With,Content-Type,Accept,Authorization,auth-token,accept-version,appversion,sentry-trace,baggage
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin
https://app.capacities.io
content-length
0
content-security-policy
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
cross-origin-opener-policy
same-origin
cross-origin-resource-policy
same-origin
date
Fri, 16 Feb 2024 12:29:04 GMT
origin-agent-cluster
?1
referrer-policy
no-referrer
server
nginx/1.25.3
strict-transport-security
max-age=15552000; includeSubDomains
vary
Origin
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
none
x-xss-protection
0
user
portal.capacities.io/
0
0
Preflight
General
Full URL
https://portal.capacities.io/user
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.73.17.39 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-73-17-39.eu-central-1.compute.amazonaws.com
Software
nginx/1.25.3 /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
appversion
Access-Control-Request-Method
GET
Origin
https://app.capacities.io
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Origin,X-Requested-With,Content-Type,Accept,Authorization,auth-token,accept-version,appversion,sentry-trace,baggage
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin
https://app.capacities.io
content-length
0
content-security-policy
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
cross-origin-opener-policy
same-origin
cross-origin-resource-policy
same-origin
date
Fri, 16 Feb 2024 12:29:04 GMT
origin-agent-cluster
?1
referrer-policy
no-referrer
server
nginx/1.25.3
strict-transport-security
max-age=15552000; includeSubDomains
vary
Origin
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
none
x-xss-protection
0
entity
portal.capacities.io/content/
0
0
Preflight
General
Full URL
https://portal.capacities.io/content/entity?id=ce876d3c-88be-4b07-96a6-d590700e733d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.73.17.39 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-73-17-39.eu-central-1.compute.amazonaws.com
Software
nginx/1.25.3 /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
appversion
Access-Control-Request-Method
GET
Origin
https://app.capacities.io
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Origin,X-Requested-With,Content-Type,Accept,Authorization,auth-token,accept-version,appversion,sentry-trace,baggage
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin
https://app.capacities.io
content-length
0
content-security-policy
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
cross-origin-opener-policy
same-origin
cross-origin-resource-policy
same-origin
date
Fri, 16 Feb 2024 12:29:04 GMT
origin-agent-cluster
?1
referrer-policy
no-referrer
server
nginx/1.25.3
strict-transport-security
max-age=15552000; includeSubDomains
vary
Origin
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
none
x-xss-protection
0
ph.json
api.iconify.design/
1 KB
1 KB
Fetch
General
Full URL
https://api.iconify.design/ph.json?icons=book-open%2Csign-in%2Cuser-plus
Requested by
Host: app.capacities.io
URL: https://app.capacities.io/index30571.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:ccc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a580c363ebcf6a0e262cccb5b0bf556019d230a367ab824c70c4e302c8a6cf62

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.capacities.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Fri, 16 Feb 2024 12:29:04 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
access-control-max-age
86400
access-control-allow-methods
GET, OPTIONS
content-type
application/json; charset=utf-8
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LBLOPq13eQEYtSJeXNSRiMCfhfv9HMwsekGGg3jTQoqi6P5NZboB7wS2uHpdolosRpbZO4ew2b6nJOqrDY366lazkUjoXH7GKjTsoN1MPn5CKQKlN7Ks%2BNyI0t4EwJ4zVmFre4indDdhZkyu%2Fbh1ug%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=604800, min-refresh=604800, immutable
cross-origin-resource-policy
cross-origin
cf-ray
8565cb478ece6ae8-FRA
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Accept-Encoding
web305719.js
app.capacities.io/
116 B
657 B
Script
General
Full URL
https://app.capacities.io/web305719.js
Requested by
Host: app.capacities.io
URL: https://app.capacities.io/index30571.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:d200:a:2067:c540:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
37b47620226d68637de9ec812699605caaf4e7b3f07f7bf27b55a8a6acfd4c54
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://app.capacities.io/index30571.js
Origin
https://app.capacities.io
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Thu, 15 Feb 2024 14:53:06 GMT
x-amz-version-id
2wKID_2fAO8YrAcmJExd9ef1GLswqDCm
via
1.1 e41703af87be84ac95b3cadf9d8dd470.cloudfront.net (CloudFront)
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
x-amz-cf-pop
FRA56-P3
age
77759
x-cache
Hit from cloudfront
content-length
116
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 15 Feb 2024 13:55:24 GMT
server
AmazonS3
etag
"2ebffd08552300d02655da855025e3c3"
x-frame-options
SAMEORIGIN
content-type
text/javascript
access-control-allow-origin
*
access-control-expose-headers
*
x-amz-cf-id
yGutjv7v82cl4UF08QDIqpgF-_75TA9TSk0PAkMkSlNIhBVuN9__jg==
Inter-Bold30571.woff2
app.capacities.io/
104 KB
104 KB
Font
General
Full URL
https://app.capacities.io/Inter-Bold30571.woff2?v=3.19
Requested by
Host: app.capacities.io
URL: https://app.capacities.io/index30571.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:d200:a:2067:c540:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
c63158babcb7902203ed73476ccf901db34825ea524d4a36a52b5e5f97e1abf7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://app.capacities.io/index30571.css
Origin
https://app.capacities.io
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Thu, 15 Feb 2024 13:55:42 GMT
x-amz-version-id
SeD7wksQnGyxty02NQ5WuOlEqFLz_XYt
via
1.1 e41703af87be84ac95b3cadf9d8dd470.cloudfront.net (CloudFront)
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
x-amz-cf-pop
FRA56-P3
age
81203
x-cache
Hit from cloudfront
content-length
106140
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 15 Feb 2024 13:55:20 GMT
server
AmazonS3
etag
"444a7284663a3bc886683eb81450b294"
x-frame-options
SAMEORIGIN
content-type
font/woff2
access-control-allow-origin
*
access-control-expose-headers
*
x-amz-cf-id
xCzc3N6DdEI6m0JkCOPxsDxD67NM5-edzu4LKhVKiAFE5wpKzPFTaQ==
ce876d3c-88be-4b07-96a6-d590700e733d
portal.capacities.io/content/context/
0
0
Preflight
General
Full URL
https://portal.capacities.io/content/context/ce876d3c-88be-4b07-96a6-d590700e733d?edit=false
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.73.17.39 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-73-17-39.eu-central-1.compute.amazonaws.com
Software
nginx/1.25.3 /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
appversion
Access-Control-Request-Method
GET
Origin
https://app.capacities.io
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Origin,X-Requested-With,Content-Type,Accept,Authorization,auth-token,accept-version,appversion,sentry-trace,baggage
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin
https://app.capacities.io
content-length
0
content-security-policy
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
cross-origin-opener-policy
same-origin
cross-origin-resource-policy
same-origin
date
Fri, 16 Feb 2024 12:29:05 GMT
origin-agent-cluster
?1
referrer-policy
no-referrer
server
nginx/1.25.3
strict-transport-security
max-age=15552000; includeSubDomains
vary
Origin
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
none
x-xss-protection
0
entity-update
portal.capacities.io/content/
0
0
Preflight
General
Full URL
https://portal.capacities.io/content/entity-update?id=19edc873-9c26-44af-804d-811579d4bf91&type=MediaImage&lastUpdated=2024-02-14T15:39:35.891Z
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.73.17.39 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-73-17-39.eu-central-1.compute.amazonaws.com
Software
nginx/1.25.3 /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
appversion
Access-Control-Request-Method
GET
Origin
https://app.capacities.io
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Origin,X-Requested-With,Content-Type,Accept,Authorization,auth-token,accept-version,appversion,sentry-trace,baggage
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin
https://app.capacities.io
content-length
0
content-security-policy
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
cross-origin-opener-policy
same-origin
cross-origin-resource-policy
same-origin
date
Fri, 16 Feb 2024 12:29:05 GMT
origin-agent-cluster
?1
referrer-policy
no-referrer
server
nginx/1.25.3
strict-transport-security
max-age=15552000; includeSubDomains
vary
Origin
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
none
x-xss-protection
0
ph.json
api.iconify.design/
447 B
586 B
Fetch
General
Full URL
https://api.iconify.design/ph.json?icons=file-text
Requested by
Host: app.capacities.io
URL: https://app.capacities.io/index30571.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:ccc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2db27adc0e61ea936226bb7f4efd363b7b48878b8e769a63ac9e76d4d418979b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.capacities.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Fri, 16 Feb 2024 12:29:05 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
access-control-max-age
86400
access-control-allow-methods
GET, OPTIONS
content-type
application/json; charset=utf-8
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cnSqOIOP99aQJZmEXqvG%2BNRuKa%2FRciSx9DnJM5gQDGKk7zBU%2BRd%2FJUt7%2F6PEiJoePS4cWzP7vL3qsIsfA1KnVhSqRaxDhdIXATMgTL9wPsIdxnY%2BpAeDuXkvr%2F2PlK133NrjWkiXWIy9jOBa%2F%2FKaKg%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=604800, min-refresh=604800, immutable
cross-origin-resource-policy
cross-origin
cf-ray
8565cb4c0d1e6ae8-FRA
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Accept-Encoding
regular.png
capacities-images.s3.eu-central-1.amazonaws.com/private/19edc873-9c26-44af-804d-811579d4bf91/
114 KB
115 KB
Image
General
Full URL
https://capacities-images.s3.eu-central-1.amazonaws.com/private/19edc873-9c26-44af-804d-811579d4bf91/regular.png?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Content-Sha256=UNSIGNED-PAYLOAD&X-Amz-Credential=AKIA5VTNRR6EBR56K2NK%2F20240216%2Feu-central-1%2Fs3%2Faws4_request&X-Amz-Date=20240216T122905Z&X-Amz-Expires=43200&X-Amz-Signature=f02bdbb692f9abd6800fc22b357dd52f4fe0ba0d34676eb6891cfe7d14c4735b&X-Amz-SignedHeaders=host&x-id=GetObject
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.5.137.167 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-r-w.eu-central-1.amazonaws.com
Software
AmazonS3 /
Resource Hash
ec6c5c7654534f130464e792767afea5af3908f0e82c42d3da403e0716ada0dd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.capacities.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date
Fri, 16 Feb 2024 12:29:06 GMT
Last-Modified
Wed, 14 Feb 2024 15:39:35 GMT
Server
AmazonS3
x-amz-request-id
8A7Y7X3AM7J1XWJ7
ETag
"3adc349a1bd0cdafcfaa1ea1de0a378e"
x-amz-server-side-encryption
AES256
Content-Type
image
Accept-Ranges
bytes
Content-Length
117211
x-amz-id-2
XB0zpz6EwEUXTIrtHpiWwIT8pj+fNYdEa/a6lPo4ZFK/l0gF5lxKuUTzqMtlO8UTG+34a6NSZBVga1C/BAkI7A==

Verdicts & Comments Add Verdict or Comment

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| profitwell object| __VUE_INSTANCE_SETTERS__ boolean| __INTLIFY_PROD_DEVTOOLS__ object| CapacitorPlatforms object| Capacitor object| __vueuse_ssr_handlers__ function| saveAs boolean| __VUE__

0 Cookies

4 Console Messages

Source Level URL
Text
network error URL: https://app.capacities.io/home/ce876d3c-88be-4b07-96a6-d590700e733d
Message:
Failed to load resource: the server responded with a status of 404 ()
worker warning URL: https://app.capacities.io/assets/worker-8967bda5.js(Line 100)
Message:
getComponentTreePortal: tried to load unallowed content local_userPersonal_id
worker warning URL: https://app.capacities.io/assets/worker-8967bda5.js(Line 100)
Message:
no session settings cache
worker warning URL: https://app.capacities.io/assets/worker-8967bda5.js(Line 100)
Message:
no session settings cache

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block