urlscan.io logo urlscan.io
SecurityTrails logo

integration-01-dus.accounty.dev Open in urlscan Pro
89.117.51.206  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://integration-01-dus.accounty.dev/
Effective URL: https://integration-01-dus.accounty.dev/users/sign_in
Submission: On December 05 via automatic, source certstream-suspicious — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 7 IPs in 2 countries across 5 domains to perform 20 HTTP transactions. The main IP is 89.117.51.206, located in Düsseldorf, Germany and belongs to CONTABO, DE. The main domain is integration-01-dus.accounty.dev.
TLS certificate: Issued by R3 on December 4th 2022. Valid for: 3 months.
This is the only time integration-01-dus.accounty.dev was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 10 89.117.51.206 51167 (CONTABO)
3 108.138.7.103 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
3 54.187.119.242 16509 (AMAZON-02)
2 2600:9000:223... 16509 (AMAZON-02)
1 35.82.157.189 16509 (AMAZON-02)
20 7
10    89.117.51.206 (Düsseldorf, Germany)

ASN51167 (CONTABO, DE)
PTR: vmi1108012.contaboserver.net
integration-01-dus.accounty.dev
3    108.138.7.103 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-7-103.fra56.r.cloudfront.net
js.stripe.com
1    2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    2a00:1450:4001:80b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
3    54.187.119.242 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ip-54-187-119-242.stripe.com
q.stripe.com
2    2600:9000:223e:3000:19:7d10:bd80:93a1 (United States)

ASN16509 (AMAZON-02, US)
m.stripe.network
1    35.82.157.189 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-82-157-189.us-west-2.compute.amazonaws.com
m.stripe.com
Apex Domain
Subdomains		 Transfer
10 accounty.dev
integration-01-dus.accounty.dev
529 KB
7 stripe.com
js.stripe.com — Cisco Umbrella Rank: 1203
q.stripe.com — Cisco Umbrella Rank: 7246
m.stripe.com — Cisco Umbrella Rank: 1181
102 KB
2 stripe.network
m.stripe.network — Cisco Umbrella Rank: 1262
16 KB
1 gstatic.com
fonts.gstatic.com
38 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 51
1 KB
20 5
Domain Requested by
10 integration-01-dus.accounty.dev 1 redirects integration-01-dus.accounty.dev
3 q.stripe.com integration-01-dus.accounty.dev
3 js.stripe.com integration-01-dus.accounty.dev
js.stripe.com
2 m.stripe.network js.stripe.com
m.stripe.network
1 m.stripe.com m.stripe.network
1 fonts.gstatic.com fonts.googleapis.com
1 fonts.googleapis.com integration-01-dus.accounty.dev
20 7

This site contains no links.

Subject Issuer Validity Valid
integration-01-dus.accounty.dev
R3		 2022-12-04 -
2023-03-04		 3 months crt.sh
a.stripecdn.com
DigiCert SHA2 Extended Validation Server CA		 2022-10-19 -
2023-01-11		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2022-11-02 -
2023-01-25		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2022-11-02 -
2023-01-25		 3 months crt.sh
*.stripe.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-11-12 -
2023-03-09		 4 months crt.sh
m.stripe.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-09-15 -
2023-01-26		 4 months crt.sh

This page contains 3 frames:

Primary Page: https://integration-01-dus.accounty.dev/users/sign_in
Frame ID: 72339ED1740D61CC616263720A4E5190
Requests: 12 HTTP requests in this frame

Frame: https://js.stripe.com/v3/m-outer-93afeeb17bc37e711759584dbfc50d47.html
Frame ID: FE48F0943D2FB9691B93288B938191BF
Requests: 4 HTTP requests in this frame

Frame: https://m.stripe.network/inner.html
Frame ID: F0F3D105940A2516EBB6B64E4B1DF1E5
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Accounty

Page URL History Show full URLs

  1. https://integration-01-dus.accounty.dev/ HTTP 302
    https://integration-01-dus.accounty.dev/users/sign_in Page URL

Detected technologies

Overall confidence: 75%
Detected patterns
  • <[^>]+[^\w-]x-data[^\w-][^<]+
Overall confidence: 100%
Detected patterns
  • js\.stripe\.com

Page Statistics

20
Requests

100 %
HTTPS

43 %
IPv6

5
Domains

7
Subdomains

7
IPs

2
Countries

686 kB
Transfer

2065 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://integration-01-dus.accounty.dev/ HTTP 302
    https://integration-01-dus.accounty.dev/users/sign_in Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

20 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request sign_in
integration-01-dus.accounty.dev/users/
Redirect Chain
  • https://integration-01-dus.accounty.dev/
  • https://integration-01-dus.accounty.dev/users/sign_in
5 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://integration-01-dus.accounty.dev/users/sign_in
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
89.117.51.206 Düsseldorf, Germany, ASN51167 (CONTABO, DE),
Reverse DNS
vmi1108012.contaboserver.net
Software
Caddy /
Resource Hash
821fd9c7accce268d9cf5c35a896b763a9354b9d9e2c069c80addec941039098
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000
cache-control
max-age=0, private, must-revalidate
content-type
text/html; charset=utf-8
date
Mon, 05 Dec 2022 00:25:27 GMT
etag
W/"821fd9c7accce268d9cf5c35a896b763"
link
</assets/frontend/style-13413aa8f423fce238e879ecfa3f008baaff3e130b3a217c458e9e0fb7ac5b97.css>; rel=preload; as=style; nopush,</assets/application-d0aa12ee35ab20265a585a378738812f745c5962df5bf9b68287743d8729f1ed.css>; rel=preload; as=style; nopush
referrer-policy
strict-origin-when-cross-origin
server
Caddy
x-content-type-options
nosniff
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
none
x-request-id
dabfa4b4-37b6-4991-abc1-784e071ad65e
x-runtime
0.051696
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=2592000
cache-control
no-cache
content-type
text/html; charset=utf-8
date
Mon, 05 Dec 2022 00:25:27 GMT
location
https://integration-01-dus.accounty.dev/users/sign_in
server
Caddy
x-request-id
bbca9d9f-263c-4bc9-aa0b-8c5079c5eb04
x-runtime
0.005068
style-13413aa8f423fce238e879ecfa3f008baaff3e130b3a217c458e9e0fb7ac5b97.css
integration-01-dus.accounty.dev/assets/frontend/ 		61 KB
11 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://integration-01-dus.accounty.dev/assets/frontend/style-13413aa8f423fce238e879ecfa3f008baaff3e130b3a217c458e9e0fb7ac5b97.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
89.117.51.206 Düsseldorf, Germany, ASN51167 (CONTABO, DE),
Reverse DNS
vmi1108012.contaboserver.net
Software
Caddy /
Resource Hash
0f55e42e1b01d5851e563b3adac6d3a17712cda9f8c5dcab4aa153abfc2fcf2b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://integration-01-dus.accounty.dev/users/sign_in
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date
Mon, 05 Dec 2022 00:25:27 GMT
content-encoding
gzip
last-modified
Sun, 04 Dec 2022 20:10:26 GMT
server
Caddy
vary
Accept-Encoding
content-type
text/css
alt-svc
h3=":443"; ma=2592000
content-length
10810
application-d0aa12ee35ab20265a585a378738812f745c5962df5bf9b68287743d8729f1ed.css
integration-01-dus.accounty.dev/assets/ 		122 B
158 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://integration-01-dus.accounty.dev/assets/application-d0aa12ee35ab20265a585a378738812f745c5962df5bf9b68287743d8729f1ed.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
89.117.51.206 Düsseldorf, Germany, ASN51167 (CONTABO, DE),
Reverse DNS
vmi1108012.contaboserver.net
Software
Caddy /
Resource Hash
c5fb41a952e04f1de9c89e9770d4125449d81681c03e55a348a6cfb044b7621e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://integration-01-dus.accounty.dev/users/sign_in
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date
Mon, 05 Dec 2022 00:25:27 GMT
content-encoding
gzip
last-modified
Sun, 04 Dec 2022 20:10:26 GMT
server
Caddy
vary
Accept-Encoding
content-type
text/css
alt-svc
h3=":443"; ma=2592000
content-length
128
flatpickr.min.css
integration-01-dus.accounty.dev/css/vendors/ 		16 KB
16 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://integration-01-dus.accounty.dev/css/vendors/flatpickr.min.css
Requested by
Host: integration-01-dus.accounty.dev
URL: https://integration-01-dus.accounty.dev/users/sign_in
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
89.117.51.206 Düsseldorf, Germany, ASN51167 (CONTABO, DE),
Reverse DNS
vmi1108012.contaboserver.net
Software
Caddy /
Resource Hash
1b34a42552c96f10e4dfaaa4a367276b03868aacff63c1ac42ffe331352bc754

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://integration-01-dus.accounty.dev/users/sign_in
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date
Mon, 05 Dec 2022 00:25:27 GMT
last-modified
Sun, 04 Dec 2022 19:15:23 GMT
server
Caddy
alt-svc
h3=":443"; ma=2592000
content-length
16166
content-type
text/css
application-f3389aa374eb46265891f7da337da67a7a834c58002e897789ccd5a158166891.js
integration-01-dus.accounty.dev/assets/ 		1 MB
204 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://integration-01-dus.accounty.dev/assets/application-f3389aa374eb46265891f7da337da67a7a834c58002e897789ccd5a158166891.js
Requested by
Host: integration-01-dus.accounty.dev
URL: https://integration-01-dus.accounty.dev/users/sign_in
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
89.117.51.206 Düsseldorf, Germany, ASN51167 (CONTABO, DE),
Reverse DNS
vmi1108012.contaboserver.net
Software
Caddy /
Resource Hash
ade518341ff26d0341ea905507721cf59374998029516a082f292052f79eeda4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://integration-01-dus.accounty.dev/users/sign_in
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date
Mon, 05 Dec 2022 00:25:27 GMT
content-encoding
gzip
last-modified
Sun, 04 Dec 2022 20:10:26 GMT
server
Caddy
vary
Accept-Encoding
content-type
application/javascript
alt-svc
h3=":443"; ma=2592000
content-length
208484
/
js.stripe.com/v3/ 		400 KB
98 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/
Requested by
Host: integration-01-dus.accounty.dev
URL: https://integration-01-dus.accounty.dev/users/sign_in
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.7.103 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-7-103.fra56.r.cloudfront.net
Software
Cloudfront /
Resource Hash
0129aa384e32bcc87c766bd0ce8968d89e997ebeefb3a6938ede11e41aebc063
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://integration-01-dus.accounty.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
date
Mon, 05 Dec 2022 00:25:10 GMT
via
1.1 0e37105a96e87c22ff4981659a6dc176.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P6
age
18
x-cache
Hit from cloudfront
last-modified
Fri, 02 Dec 2022 22:04:28 GMT
server
Cloudfront
etag
W/"3095c268dab7dd627cd11dfb810a7f24"
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=60
timing-allow-origin
*
x-amz-cf-id
lF8N1wET1hcGLqXjKhwHxgtqJdVGu53f9pfK3TtxolpZk6FNLvd9_Q==
accounty-logo-text-black.svg
integration-01-dus.accounty.dev/images/logos/ 		11 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://integration-01-dus.accounty.dev/images/logos/accounty-logo-text-black.svg
Requested by
Host: integration-01-dus.accounty.dev
URL: https://integration-01-dus.accounty.dev/users/sign_in
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
89.117.51.206 Düsseldorf, Germany, ASN51167 (CONTABO, DE),
Reverse DNS
vmi1108012.contaboserver.net
Software
Caddy /
Resource Hash
94c3d590187324967aa6dfd6922470afa0a245e041c3cfd02ce3e09e282638ea

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://integration-01-dus.accounty.dev/users/sign_in
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date
Mon, 05 Dec 2022 00:25:27 GMT
last-modified
Sun, 04 Dec 2022 19:15:23 GMT
server
Caddy
alt-svc
h3=":443"; ma=2592000
content-length
10870
content-type
image/svg+xml
auth-image.jpg
integration-01-dus.accounty.dev/images/ 		227 KB
227 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://integration-01-dus.accounty.dev/images/auth-image.jpg
Requested by
Host: integration-01-dus.accounty.dev
URL: https://integration-01-dus.accounty.dev/users/sign_in
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
89.117.51.206 Düsseldorf, Germany, ASN51167 (CONTABO, DE),
Reverse DNS
vmi1108012.contaboserver.net
Software
Caddy /
Resource Hash
b4a9973b2dfc6294548444bb7cdccee7cc5d4810f1782c9192a33563ff4f07be

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://integration-01-dus.accounty.dev/users/sign_in
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date
Mon, 05 Dec 2022 00:25:27 GMT
last-modified
Sun, 04 Dec 2022 19:15:23 GMT
server
Caddy
alt-svc
h3=":443"; ma=2592000
content-length
232046
content-type
image/jpeg
auth-decoration.png
integration-01-dus.accounty.dev/images/ 		17 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://integration-01-dus.accounty.dev/images/auth-decoration.png
Requested by
Host: integration-01-dus.accounty.dev
URL: https://integration-01-dus.accounty.dev/users/sign_in
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
89.117.51.206 Düsseldorf, Germany, ASN51167 (CONTABO, DE),
Reverse DNS
vmi1108012.contaboserver.net
Software
Caddy /
Resource Hash
a3f89aeceb9dd4116f7ce9260c207fe4bfa39b6db7889092b2dc54194126c704

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://integration-01-dus.accounty.dev/users/sign_in
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date
Mon, 05 Dec 2022 00:25:27 GMT
last-modified
Sun, 04 Dec 2022 19:15:23 GMT
server
Caddy
alt-svc
h3=":443"; ma=2592000
content-length
17817
content-type
image/png
alpinejs.min.js
integration-01-dus.accounty.dev/js/vendors/ 		38 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://integration-01-dus.accounty.dev/js/vendors/alpinejs.min.js
Requested by
Host: integration-01-dus.accounty.dev
URL: https://integration-01-dus.accounty.dev/users/sign_in
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
89.117.51.206 Düsseldorf, Germany, ASN51167 (CONTABO, DE),
Reverse DNS
vmi1108012.contaboserver.net
Software
Caddy /
Resource Hash
d1573a45c19419ee881d3f7e6d6810bb955ea0d64470da1f1875537de18c603e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://integration-01-dus.accounty.dev/users/sign_in
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date
Mon, 05 Dec 2022 00:25:27 GMT
last-modified
Sun, 04 Dec 2022 19:15:23 GMT
server
Caddy
alt-svc
h3=":443"; ma=2592000
content-length
38458
content-type
application/javascript
css2
fonts.googleapis.com/ 		9 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700&display=fallback
Requested by
Host: integration-01-dus.accounty.dev
URL: https://integration-01-dus.accounty.dev/assets/frontend/style-13413aa8f423fce238e879ecfa3f008baaff3e130b3a217c458e9e0fb7ac5b97.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
8183bdeeadcff11bb4171c741430e6a0338c8a13fbdef3dc0d1b010a0218b931
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://integration-01-dus.accounty.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Mon, 05 Dec 2022 00:25:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Mon, 05 Dec 2022 00:25:27 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 05 Dec 2022 00:25:27 GMT
UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
fonts.gstatic.com/s/inter/v12/ 		37 KB
38 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/inter/v12/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700&display=fallback
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
450f3ba4e47ee174bd9692b396f264b907d37d2528f53911760f3d0edb785f7e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://integration-01-dus.accounty.dev
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date
Mon, 28 Nov 2022 16:54:37 GMT
x-content-type-options
nosniff
age
545450
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37924
x-xss-protection
0
last-modified
Mon, 11 Jul 2022 20:54:46 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 28 Nov 2023 16:54:37 GMT
m-outer-93afeeb17bc37e711759584dbfc50d47.html
js.stripe.com/v3/ Frame FE48 		200 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/m-outer-93afeeb17bc37e711759584dbfc50d47.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.7.103 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-7-103.fra56.r.cloudfront.net
Software
Cloudfront /
Resource Hash
f22005da41e15b7adb453814b37a794f7c6b955f086a6c5fc9980e3c3f6c8bca
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://integration-01-dus.accounty.dev/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
771
cache-control
max-age=31536000
content-length
200
content-security-policy
base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only
base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
content-type
text/html; charset=utf-8
date
Mon, 05 Dec 2022 00:12:39 GMT
etag
"93afeeb17bc37e711759584dbfc50d47"
last-modified
Tue, 22 Nov 2022 03:54:48 GMT
server
Cloudfront
strict-transport-security
max-age=31556926; includeSubDomains; preload
timing-allow-origin
*
vary
Accept-Encoding
via
1.1 0e37105a96e87c22ff4981659a6dc176.cloudfront.net (CloudFront)
x-amz-cf-id
vXUXUhzMHn87t0gZNZWMaSnkMi-SJQr69APyT6TgPZWgVKKsGYrcAA==
x-amz-cf-pop
FRA56-P6
x-cache
Hit from cloudfront
x-content-type-options
nosniff
csp-report
q.stripe.com/ Frame FE48 		0
571 B 		Other
General
Check archive.org
Download Go to
Full URL
https://q.stripe.com/csp-report
Requested by
Host: integration-01-dus.accounty.dev
URL: https://integration-01-dus.accounty.dev/users/sign_in
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-187-119-242.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://js.stripe.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Mon, 05 Dec 2022 00:25:27 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
x-envoy-upstream-service-time
16
content-length
0
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
nginx
cross-origin-opener-policy
same-origin
access-control-max-age
3600
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://js.stripe.com
access-control-expose-headers
Server, Range, Content-Type
cache-control
max-age=0, no-cache, no-store, must-revalidate
x-robots-tag
none
access-control-allow-headers
Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires
0
csp-report
q.stripe.com/ Frame FE48 		0
572 B 		Other
General
Check archive.org
Download Go to
Full URL
https://q.stripe.com/csp-report
Requested by
Host: integration-01-dus.accounty.dev
URL: https://integration-01-dus.accounty.dev/users/sign_in
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-187-119-242.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://js.stripe.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Mon, 05 Dec 2022 00:25:27 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
x-envoy-upstream-service-time
16
content-length
0
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
nginx
cross-origin-opener-policy
same-origin
access-control-max-age
3600
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://js.stripe.com
access-control-expose-headers
Server, Range, Content-Type
cache-control
max-age=0, no-cache, no-store, must-revalidate
x-robots-tag
none
access-control-allow-headers
Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires
0
m-outer-8cb24ab2d649fd36a488d04d8c457933.js
js.stripe.com/v3/fingerprinted/js/ Frame FE48 		631 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/fingerprinted/js/m-outer-8cb24ab2d649fd36a488d04d8c457933.js
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/m-outer-93afeeb17bc37e711759584dbfc50d47.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.7.103 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-7-103.fra56.r.cloudfront.net
Software
Cloudfront /
Resource Hash
250a0782da875705bd206ee23c2a46abf90656645a81e084126c5e8c53eeb9d6
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.stripe.com/v3/m-outer-93afeeb17bc37e711759584dbfc50d47.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
date
Sun, 04 Dec 2022 23:36:40 GMT
x-content-type-options
nosniff
via
1.1 0e37105a96e87c22ff4981659a6dc176.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P6
age
3141
x-cache
Hit from cloudfront
content-length
631
last-modified
Sun, 13 Nov 2022 20:03:40 GMT
server
Cloudfront
etag
"f8f6a4584135f737b26927596ce6e0a7"
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
rT7haRthCWofhtyz71ux_a-9EnEE9M6tuhmbq-O6NNGm7VfhsDac7A==
inner.html
m.stripe.network/ Frame F0F3 		930 B
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://m.stripe.network/inner.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/m-outer-8cb24ab2d649fd36a488d04d8c457933.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223e:3000:19:7d10:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Cloudfront /
Resource Hash
a5f27af9c0c6f37979ebafcac22eb3a613841a3d4e728f4577baf94e64d42f35
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-e/Jqu4k9Gk1ZCWO6StAsfhF3i7qgIwfuitaD1g9DyvE='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://js.stripe.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
26
cache-control
max-age=300, public
content-length
930
content-security-policy
base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-e/Jqu4k9Gk1ZCWO6StAsfhF3i7qgIwfuitaD1g9DyvE='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report
content-type
text/html; charset=utf-8
date
Mon, 05 Dec 2022 00:25:02 GMT
etag
"fc2e029628f163bb59adc6fa5a31161c"
last-modified
Thu, 17 Mar 2022 19:03:12 GMT
server
Cloudfront
strict-transport-security
max-age=31556926; includeSubDomains; preload
vary
Accept-Encoding
via
1.1 2ba7b49ec4c4de4e67297e603c89a5e4.cloudfront.net (CloudFront)
x-amz-cf-id
UWrj5yRxua-0UmT80dfqUexbMsUCVw2fXHuZB6VtartKurlnVz05NA==
x-amz-cf-pop
FRA56-P4
x-cache
Hit from cloudfront
x-content-type-options
nosniff
csp-report
q.stripe.com/ Frame F0F3 		0
345 B 		Other
General
Check archive.org
Download Go to
Full URL
https://q.stripe.com/csp-report
Requested by
Host: integration-01-dus.accounty.dev
URL: https://integration-01-dus.accounty.dev/users/sign_in
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-187-119-242.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload, max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://m.stripe.network/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type
application/csp-report

Response headers

pragma
no-cache
date
Mon, 05 Dec 2022 00:25:27 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload, max-age=31556926; includeSubDomains; preload
referrer-policy
strict-origin-when-cross-origin
x-content-type-options
nosniff
server
nginx
cross-origin-opener-policy
same-origin
cache-control
max-age=0, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
24
x-robots-tag
none
content-length
0
expires
0
out-4.5.42.js
m.stripe.network/ Frame F0F3 		86 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://m.stripe.network/out-4.5.42.js
Requested by
Host: m.stripe.network
URL: https://m.stripe.network/inner.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223e:3000:19:7d10:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Cloudfront /
Resource Hash
f445ee14f2454d974293d28677213ae002e9ac17721fc04b2fdeb037e083b083
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://m.stripe.network/inner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
date
Mon, 05 Dec 2022 00:23:58 GMT
last-modified
Thu, 17 Mar 2022 19:03:12 GMT
server
Cloudfront
via
1.1 2ba7b49ec4c4de4e67297e603c89a5e4.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P4
etag
W/"21df7244385e5c0bdf32da01d0dad6c0"
age
90
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript; charset=utf-8
cache-control
max-age=300, public
x-amz-cf-id
CtvdbHoVvQvthyCsg1ZKso9-oM2A6PSioiwCMPaZr2QlVSyUwUJNaA==
6
m.stripe.com/ Frame F0F3 		156 B
523 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://m.stripe.com/6
Requested by
Host: m.stripe.network
URL: https://m.stripe.network/out-4.5.42.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.82.157.189 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-82-157-189.us-west-2.compute.amazonaws.com
Software
nginx /
Resource Hash
51040533480c349db167f6433c3b2610312bc4a30a4ab168c2b8d115a38328b4
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://m.stripe.network/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Mon, 05 Dec 2022 00:25:28 GMT
strict-transport-security
max-age=31556926; includeSubDomains; preload
x-content-type-options
nosniff
server
nginx
content-type
application/json;charset=utf-8
access-control-allow-origin
https://m.stripe.network
access-control-allow-credentials
true
access-control-allow-headers
Content-Type
content-length
156

Verdicts & Comments Add Verdict or Comment

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| oncontentvisibilityautostatechange object| webpackChunkStripeJSouter function| Stripe function| addVanillaNestedFields function| removeVanillaNestedFields object| Chartkick function| jQuery function| $ object| Stimulus function| setInvoiceTotal boolean| _rails_loaded function| vanillaNestedNoRemoveForInitialField function| vanillaNestedLabelForInitialField object| Alpine

4 Cookies

Domain/Path Name / Value
integration-01-dus.accounty.dev/ Name: _accounty_session
Value: woAw66lqcBZR%2B4O7dx6iYIoobfyU6Synv8SFSs2CwSBMuGRoJPziZ%2BN1Mc6EqqkWwmUWpguiegvxv%2BWqunx8VnoJ2H0RGSGQXLB8I0fvO1rpXjpdUBHsI16pt4yKhkCVD2jy%2BX7u%2FVFOorTcOvzvqE7viBQkhvJM6dqpQazIbOGYtZBD1b15VrdkuMn7s7w8EchG9aMtUOf4s%2F0NWmcJiEM2NTkuGiqG10rKzV%2FdW%2F8b3wBrwL%2Bx5eQqGHd8eEkrL98lFai1MyLNQk6DgWypMiPE29c7VAD91TX0VXhbSi37FwVS16DC5ZjfGpAnT0idp4%2By7Ds%3D--upmWNbH9HOG32FNK--AS2Ro0yyENf9Wsf2Kc7WlA%3D%3D
m.stripe.com/ Name: m
Value: 4208e5bf-9813-4924-a727-8dc83ffe947d9238ec
.integration-01-dus.accounty.dev/ Name: __stripe_mid
Value: 685bdfe7-88af-4a46-a30c-795be99f10b4a8452c
.integration-01-dus.accounty.dev/ Name: __stripe_sid
Value: 2604e735-3c55-44b7-83b6-703f5c019f769d3a85

1 Console Messages

Source Level URL
Text
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self'".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.googleapis.com
fonts.gstatic.com
integration-01-dus.accounty.dev
js.stripe.com
m.stripe.com
m.stripe.network
q.stripe.com
108.138.7.103
2600:9000:223e:3000:19:7d10:bd80:93a1
2a00:1450:4001:80b::2003
2a00:1450:4001:831::200a
35.82.157.189
54.187.119.242
89.117.51.206
0129aa384e32bcc87c766bd0ce8968d89e997ebeefb3a6938ede11e41aebc063
0f55e42e1b01d5851e563b3adac6d3a17712cda9f8c5dcab4aa153abfc2fcf2b
1b34a42552c96f10e4dfaaa4a367276b03868aacff63c1ac42ffe331352bc754
250a0782da875705bd206ee23c2a46abf90656645a81e084126c5e8c53eeb9d6
450f3ba4e47ee174bd9692b396f264b907d37d2528f53911760f3d0edb785f7e
51040533480c349db167f6433c3b2610312bc4a30a4ab168c2b8d115a38328b4
8183bdeeadcff11bb4171c741430e6a0338c8a13fbdef3dc0d1b010a0218b931
821fd9c7accce268d9cf5c35a896b763a9354b9d9e2c069c80addec941039098
94c3d590187324967aa6dfd6922470afa0a245e041c3cfd02ce3e09e282638ea
a3f89aeceb9dd4116f7ce9260c207fe4bfa39b6db7889092b2dc54194126c704
a5f27af9c0c6f37979ebafcac22eb3a613841a3d4e728f4577baf94e64d42f35
ade518341ff26d0341ea905507721cf59374998029516a082f292052f79eeda4
b4a9973b2dfc6294548444bb7cdccee7cc5d4810f1782c9192a33563ff4f07be
c5fb41a952e04f1de9c89e9770d4125449d81681c03e55a348a6cfb044b7621e
d1573a45c19419ee881d3f7e6d6810bb955ea0d64470da1f1875537de18c603e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f22005da41e15b7adb453814b37a794f7c6b955f086a6c5fc9980e3c3f6c8bca
f445ee14f2454d974293d28677213ae002e9ac17721fc04b2fdeb037e083b083