urlscan.io logo urlscan.io
SecurityTrails logo

control.openpath.com Open in urlscan Pro
99.86.4.12  Public Scan

Go To Rescan Add Verdict Report
URL: https://control.openpath.com/cloudKeyUnlock?shortCode=455zmkc3ghzy
Submission: On August 16 via manual from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 2 countries across 4 domains to perform 11 HTTP transactions. The main IP is 99.86.4.12, located in United States and belongs to AMAZON-02, US. The main domain is control.openpath.com. The Cisco Umbrella rank of the primary domain is 319699.
TLS certificate: Issued by Amazon RSA 2048 M02 on August 15th 2023. Valid for: a year.
This is the only time control.openpath.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
4 99.86.4.12 16509 (AMAZON-02)
2 2606:4700::68... 13335 (CLOUDFLAR...)
2 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 2600:9000:223... 16509 (AMAZON-02)
11 6
4    99.86.4.12 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-4-12.fra6.r.cloudfront.net
control.openpath.com
2    2606:4700::6810:5514 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.jsdelivr.net
2    2a00:1450:4001:830::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
2    2a00:1450:4001:82a::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
1    2600:9000:223f:1e00:4:c8d0:6ec0:93a1 (United States)

ASN16509 (AMAZON-02, US)
helium.prod.openpath.com
Apex Domain
Subdomains		 Transfer
5 openpath.com
control.openpath.com — Cisco Umbrella Rank: 319699
helium.prod.openpath.com — Cisco Umbrella Rank: 53916
442 KB
2 gstatic.com
fonts.gstatic.com
43 KB
2 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 73
1 KB
2 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 374
141 KB
11 4
Domain Requested by
4 control.openpath.com control.openpath.com
2 fonts.gstatic.com fonts.googleapis.com
2 fonts.googleapis.com control.openpath.com
cdn.jsdelivr.net
2 cdn.jsdelivr.net control.openpath.com
cdn.jsdelivr.net
1 helium.prod.openpath.com control.openpath.com
11 5

This site contains no links.

Subject Issuer Validity Valid
*.prod.openpath.com
Amazon RSA 2048 M02		 2023-08-15 -
2024-09-12		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-05-02 -
2024-05-01		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2023-07-31 -
2023-10-23		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2023-07-31 -
2023-10-23		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://control.openpath.com/cloudKeyUnlock?shortCode=455zmkc3ghzy
Frame ID: B02741C1A4E3900DD66B1F3EE8CE9FC1
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Openpath Guest Access

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]+semantic(?:\.min)\.css"
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • <link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
  • //cdn\.jsdelivr\.net/

Page Statistics

11
Requests

100 %
HTTPS

80 %
IPv6

4
Domains

5
Subdomains

6
IPs

2
Countries

628 kB
Transfer

2900 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request cloudKeyUnlock
control.openpath.com/ 		3 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://control.openpath.com/cloudKeyUnlock?shortCode=455zmkc3ghzy
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.12 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-12.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
22b43729157cecf5f06f5a9cadc851aa83055e43837348314292e05d5af49851
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; font-src https: data: https://fonts.gstatic.com; connect-src 'self' https: wss: https://www.google-analytics.com; img-src 'self' https: data: https://ssl.gstatic.com https://www.gstatic.com https://www.google-analytics.com; script-src 'sha256-DzBnYQfpuRor1FC89hsyxBDORmgrrvettZk6CsJ33f8=' 'sha256-qUpXLVc5xowXtwGDperJ+1ZRMiSb0Qr1yGCB8CYURcU=' 'sha256-dUEy+HarzMcjG/30jFlk16mhhq6DY5XFFDEbLE3L9JI=' 'sha256-IBfrBzWe/313UGBENHKjFNILnnDWdwMqBlhUOXlN+5c=' 'sha256-sVKX08+SqOmnWhiySYk3xC7RDUgKyAkmbXV2GWts4fo=' 'sha256-BaZ86Ms/KjMWfCCdUY/vv8bqpvsG3hfBCQEPU4MmxkQ=' 'self' https://www.gstatic.com/firebasejs/ https://www.googletagmanager.com https://tagmanager.google.com https://js.stripe.com https://*.openpath.com https://www.google-analytics.com https://openpath.trackinglibrary.prodperfect.com https://unpkg.com/amazon-kinesis-video-streams-webrtc/dist/kvs-webrtc.min.js https://global.localizecdn.com/localize.js; style-src https: https://tagmanager.google.com https://fonts.googleapis.com 'unsafe-inline'; object-src https://drive.google.com; frame-src https://*.openpath.com https://js.stripe.com https://drive.google.com; frame-ancestors 'none'; manifest-src 'self'; media-src 'self' blob: data:;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
max-age=60, s-maxage=60
content-encoding
gzip
content-security-policy
default-src 'none'; base-uri 'self'; font-src https: data: https://fonts.gstatic.com; connect-src 'self' https: wss: https://www.google-analytics.com; img-src 'self' https: data: https://ssl.gstatic.com https://www.gstatic.com https://www.google-analytics.com; script-src 'sha256-DzBnYQfpuRor1FC89hsyxBDORmgrrvettZk6CsJ33f8=' 'sha256-qUpXLVc5xowXtwGDperJ+1ZRMiSb0Qr1yGCB8CYURcU=' 'sha256-dUEy+HarzMcjG/30jFlk16mhhq6DY5XFFDEbLE3L9JI=' 'sha256-IBfrBzWe/313UGBENHKjFNILnnDWdwMqBlhUOXlN+5c=' 'sha256-sVKX08+SqOmnWhiySYk3xC7RDUgKyAkmbXV2GWts4fo=' 'sha256-BaZ86Ms/KjMWfCCdUY/vv8bqpvsG3hfBCQEPU4MmxkQ=' 'self' https://www.gstatic.com/firebasejs/ https://www.googletagmanager.com https://tagmanager.google.com https://js.stripe.com https://*.openpath.com https://www.google-analytics.com https://openpath.trackinglibrary.prodperfect.com https://unpkg.com/amazon-kinesis-video-streams-webrtc/dist/kvs-webrtc.min.js https://global.localizecdn.com/localize.js; style-src https: https://tagmanager.google.com https://fonts.googleapis.com 'unsafe-inline'; object-src https://drive.google.com; frame-src https://*.openpath.com https://js.stripe.com https://drive.google.com; frame-ancestors 'none'; manifest-src 'self'; media-src 'self' blob: data:;
content-type
text/html
date
Wed, 16 Aug 2023 12:24:04 GMT
etag
W/"de1fe27869e7677bc49f5888fbb3861f"
last-modified
Mon, 14 Aug 2023 17:07:50 GMT
referrer-policy
strict-origin-when-cross-origin
server
AmazonS3
strict-transport-security
max-age=63072000; includeSubDomains; preload
vary
Accept-Encoding
via
1.1 c6b364b1181abfafd7a69f210841edca.cloudfront.net (CloudFront)
x-amz-cf-id
-dLgxUP8aV6Gicrg6nmJAiFsUaC6ACMOwj-u4bhd0AaEqXWapbFukg==
x-amz-cf-pop
FRA6-C1
x-cache
RefreshHit from cloudfront
x-content-type-options
nosniff
x-frame-options
DENY
x-xss-protection
1; mode=block
semantic.min.css
cdn.jsdelivr.net/npm/semantic-ui@2.4.2/dist/ 		614 KB
101 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/semantic-ui@2.4.2/dist/semantic.min.css
Requested by
Host: control.openpath.com
URL: https://control.openpath.com/cloudKeyUnlock?shortCode=455zmkc3ghzy
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5514 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5177ac8b16de2e407f518c554f3ba3fe0837f8b333830026837cc3f82e190124
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://control.openpath.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Wed, 16 Aug 2023 12:24:03 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
3222535
x-jsd-version
2.4.2
content-encoding
br
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-served-by
cache-fra-eddf8230050-FRA, cache-jnb7026-JNB
x-jsd-version-type
version
server
cloudflare
etag
W/"99738-xBtVnjRc5piOJZyFKbhk0QxxYOQ"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O4VSwEutsCYoyTl82HHeXt2TZyF4oj7nrgmSBeo%2B97lECdEl98VgdN%2BUQVGpFphCR3VaLNbFtsPY1tVsQmnX0swO643iqyjXaRtTgbSUkJtgkGmUqOiWuGs6TqTOWr0DKC%2FokGudRFUAOQrgj3k%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin
*
cf-ray
7f79a6ef8dc04d94-FRA
openpath.css
control.openpath.com/assets/css/ 		50 KB
11 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://control.openpath.com/assets/css/openpath.css?1692032772688
Requested by
Host: control.openpath.com
URL: https://control.openpath.com/cloudKeyUnlock?shortCode=455zmkc3ghzy
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.12 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-12.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
73d4aba3dda7b95cb602821ff61fcb555036a990ca650d414103a97b6e704ca7
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; font-src https: data: https://fonts.gstatic.com; connect-src 'self' https: wss: https://www.google-analytics.com; img-src 'self' https: data: https://ssl.gstatic.com https://www.gstatic.com https://www.google-analytics.com; script-src 'sha256-DzBnYQfpuRor1FC89hsyxBDORmgrrvettZk6CsJ33f8=' 'sha256-qUpXLVc5xowXtwGDperJ+1ZRMiSb0Qr1yGCB8CYURcU=' 'sha256-dUEy+HarzMcjG/30jFlk16mhhq6DY5XFFDEbLE3L9JI=' 'sha256-IBfrBzWe/313UGBENHKjFNILnnDWdwMqBlhUOXlN+5c=' 'sha256-sVKX08+SqOmnWhiySYk3xC7RDUgKyAkmbXV2GWts4fo=' 'sha256-BaZ86Ms/KjMWfCCdUY/vv8bqpvsG3hfBCQEPU4MmxkQ=' 'self' https://www.gstatic.com/firebasejs/ https://www.googletagmanager.com https://tagmanager.google.com https://js.stripe.com https://*.openpath.com https://www.google-analytics.com https://openpath.trackinglibrary.prodperfect.com https://unpkg.com/amazon-kinesis-video-streams-webrtc/dist/kvs-webrtc.min.js https://global.localizecdn.com/localize.js; style-src https: https://tagmanager.google.com https://fonts.googleapis.com 'unsafe-inline'; object-src https://drive.google.com; frame-src https://*.openpath.com https://js.stripe.com https://drive.google.com; frame-ancestors 'none'; manifest-src 'self'; media-src 'self' blob: data:;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://control.openpath.com/cloudKeyUnlock?shortCode=455zmkc3ghzy
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Wed, 16 Aug 2023 12:24:04 GMT
content-encoding
gzip
via
1.1 c6b364b1181abfafd7a69f210841edca.cloudfront.net (CloudFront)
content-security-policy
default-src 'none'; base-uri 'self'; font-src https: data: https://fonts.gstatic.com; connect-src 'self' https: wss: https://www.google-analytics.com; img-src 'self' https: data: https://ssl.gstatic.com https://www.gstatic.com https://www.google-analytics.com; script-src 'sha256-DzBnYQfpuRor1FC89hsyxBDORmgrrvettZk6CsJ33f8=' 'sha256-qUpXLVc5xowXtwGDperJ+1ZRMiSb0Qr1yGCB8CYURcU=' 'sha256-dUEy+HarzMcjG/30jFlk16mhhq6DY5XFFDEbLE3L9JI=' 'sha256-IBfrBzWe/313UGBENHKjFNILnnDWdwMqBlhUOXlN+5c=' 'sha256-sVKX08+SqOmnWhiySYk3xC7RDUgKyAkmbXV2GWts4fo=' 'sha256-BaZ86Ms/KjMWfCCdUY/vv8bqpvsG3hfBCQEPU4MmxkQ=' 'self' https://www.gstatic.com/firebasejs/ https://www.googletagmanager.com https://tagmanager.google.com https://js.stripe.com https://*.openpath.com https://www.google-analytics.com https://openpath.trackinglibrary.prodperfect.com https://unpkg.com/amazon-kinesis-video-streams-webrtc/dist/kvs-webrtc.min.js https://global.localizecdn.com/localize.js; style-src https: https://tagmanager.google.com https://fonts.googleapis.com 'unsafe-inline'; object-src https://drive.google.com; frame-src https://*.openpath.com https://js.stripe.com https://drive.google.com; frame-ancestors 'none'; manifest-src 'self'; media-src 'self' blob: data:;
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-amz-cf-pop
FRA6-C1
x-cache
RefreshHit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Fri, 04 Nov 2022 21:25:19 GMT
server
AmazonS3
etag
W/"89a76bc6c6ce639bef09fd2e6b01085d"
vary
Accept-Encoding
x-frame-options
DENY
content-type
text/css
cache-control
max-age=60, s-maxage=60
x-amz-cf-id
umN5DEAJhBAiTmtZwbFS1BxBu1_QLWw6n82s-cgSrdHf86tfYMIhSQ==
css
fonts.googleapis.com/ 		4 KB
901 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Assistant:300,400,600,700&display=swap
Requested by
Host: control.openpath.com
URL: https://control.openpath.com/cloudKeyUnlock?shortCode=455zmkc3ghzy
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
2a2d94eefcc7da259083f149fe87f12ddbcf56fae110d939930acf552bf18f12
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://control.openpath.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Wed, 16 Aug 2023 12:24:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Wed, 16 Aug 2023 11:25:50 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 16 Aug 2023 12:24:03 GMT
cloudKeyUnlock.de69678e70b322574629.js
control.openpath.com/ 		2 MB
424 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://control.openpath.com/cloudKeyUnlock.de69678e70b322574629.js
Requested by
Host: control.openpath.com
URL: https://control.openpath.com/cloudKeyUnlock?shortCode=455zmkc3ghzy
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.12 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-12.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e0ea7afe9ee2f44b55adc42879f8096f1236665c9cbe48d438aad1d0dce5b608
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; font-src https: data: https://fonts.gstatic.com; connect-src 'self' https: wss: https://www.google-analytics.com; img-src 'self' https: data: https://ssl.gstatic.com https://www.gstatic.com https://www.google-analytics.com; script-src 'sha256-DzBnYQfpuRor1FC89hsyxBDORmgrrvettZk6CsJ33f8=' 'sha256-qUpXLVc5xowXtwGDperJ+1ZRMiSb0Qr1yGCB8CYURcU=' 'sha256-dUEy+HarzMcjG/30jFlk16mhhq6DY5XFFDEbLE3L9JI=' 'sha256-IBfrBzWe/313UGBENHKjFNILnnDWdwMqBlhUOXlN+5c=' 'sha256-sVKX08+SqOmnWhiySYk3xC7RDUgKyAkmbXV2GWts4fo=' 'sha256-BaZ86Ms/KjMWfCCdUY/vv8bqpvsG3hfBCQEPU4MmxkQ=' 'self' https://www.gstatic.com/firebasejs/ https://www.googletagmanager.com https://tagmanager.google.com https://js.stripe.com https://*.openpath.com https://www.google-analytics.com https://openpath.trackinglibrary.prodperfect.com https://unpkg.com/amazon-kinesis-video-streams-webrtc/dist/kvs-webrtc.min.js https://global.localizecdn.com/localize.js; style-src https: https://tagmanager.google.com https://fonts.googleapis.com 'unsafe-inline'; object-src https://drive.google.com; frame-src https://*.openpath.com https://js.stripe.com https://drive.google.com; frame-ancestors 'none'; manifest-src 'self'; media-src 'self' blob: data:;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://control.openpath.com/cloudKeyUnlock?shortCode=455zmkc3ghzy
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Wed, 16 Aug 2023 12:24:04 GMT
content-encoding
gzip
via
1.1 c6b364b1181abfafd7a69f210841edca.cloudfront.net (CloudFront)
content-security-policy
default-src 'none'; base-uri 'self'; font-src https: data: https://fonts.gstatic.com; connect-src 'self' https: wss: https://www.google-analytics.com; img-src 'self' https: data: https://ssl.gstatic.com https://www.gstatic.com https://www.google-analytics.com; script-src 'sha256-DzBnYQfpuRor1FC89hsyxBDORmgrrvettZk6CsJ33f8=' 'sha256-qUpXLVc5xowXtwGDperJ+1ZRMiSb0Qr1yGCB8CYURcU=' 'sha256-dUEy+HarzMcjG/30jFlk16mhhq6DY5XFFDEbLE3L9JI=' 'sha256-IBfrBzWe/313UGBENHKjFNILnnDWdwMqBlhUOXlN+5c=' 'sha256-sVKX08+SqOmnWhiySYk3xC7RDUgKyAkmbXV2GWts4fo=' 'sha256-BaZ86Ms/KjMWfCCdUY/vv8bqpvsG3hfBCQEPU4MmxkQ=' 'self' https://www.gstatic.com/firebasejs/ https://www.googletagmanager.com https://tagmanager.google.com https://js.stripe.com https://*.openpath.com https://www.google-analytics.com https://openpath.trackinglibrary.prodperfect.com https://unpkg.com/amazon-kinesis-video-streams-webrtc/dist/kvs-webrtc.min.js https://global.localizecdn.com/localize.js; style-src https: https://tagmanager.google.com https://fonts.googleapis.com 'unsafe-inline'; object-src https://drive.google.com; frame-src https://*.openpath.com https://js.stripe.com https://drive.google.com; frame-ancestors 'none'; manifest-src 'self'; media-src 'self' blob: data:;
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-amz-cf-pop
FRA6-C1
x-cache
RefreshHit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 14 Aug 2023 17:07:12 GMT
server
AmazonS3
etag
W/"95f55061c275721af40b95596fe399b4"
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/javascript
cache-control
max-age=604800, s-maxage=604800
x-amz-cf-id
xfvxD3f9ZBm89eTsH4PdIlarmlbx2cd4Fc1mXe0kiOrKeQrrQ_kLzQ==
globalLoader.1eafb38f2ad62ae84201.js
control.openpath.com/ 		1 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://control.openpath.com/globalLoader.1eafb38f2ad62ae84201.js
Requested by
Host: control.openpath.com
URL: https://control.openpath.com/cloudKeyUnlock?shortCode=455zmkc3ghzy
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.12 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-12.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c7917553ef84f639540d13a560049f42e2ea1c841bd47c97924dcc2417d19e63
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; font-src https: data: https://fonts.gstatic.com; connect-src 'self' https: wss: https://www.google-analytics.com; img-src 'self' https: data: https://ssl.gstatic.com https://www.gstatic.com https://www.google-analytics.com; script-src 'sha256-DzBnYQfpuRor1FC89hsyxBDORmgrrvettZk6CsJ33f8=' 'sha256-qUpXLVc5xowXtwGDperJ+1ZRMiSb0Qr1yGCB8CYURcU=' 'sha256-dUEy+HarzMcjG/30jFlk16mhhq6DY5XFFDEbLE3L9JI=' 'sha256-IBfrBzWe/313UGBENHKjFNILnnDWdwMqBlhUOXlN+5c=' 'sha256-sVKX08+SqOmnWhiySYk3xC7RDUgKyAkmbXV2GWts4fo=' 'sha256-BaZ86Ms/KjMWfCCdUY/vv8bqpvsG3hfBCQEPU4MmxkQ=' 'self' https://www.gstatic.com/firebasejs/ https://www.googletagmanager.com https://tagmanager.google.com https://js.stripe.com https://*.openpath.com https://www.google-analytics.com https://openpath.trackinglibrary.prodperfect.com https://unpkg.com/amazon-kinesis-video-streams-webrtc/dist/kvs-webrtc.min.js https://global.localizecdn.com/localize.js; style-src https: https://tagmanager.google.com https://fonts.googleapis.com 'unsafe-inline'; object-src https://drive.google.com; frame-src https://*.openpath.com https://js.stripe.com https://drive.google.com; frame-ancestors 'none'; manifest-src 'self'; media-src 'self' blob: data:;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://control.openpath.com/cloudKeyUnlock?shortCode=455zmkc3ghzy
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Wed, 16 Aug 2023 12:24:03 GMT
content-encoding
gzip
via
1.1 c6b364b1181abfafd7a69f210841edca.cloudfront.net (CloudFront)
content-security-policy
default-src 'none'; base-uri 'self'; font-src https: data: https://fonts.gstatic.com; connect-src 'self' https: wss: https://www.google-analytics.com; img-src 'self' https: data: https://ssl.gstatic.com https://www.gstatic.com https://www.google-analytics.com; script-src 'sha256-DzBnYQfpuRor1FC89hsyxBDORmgrrvettZk6CsJ33f8=' 'sha256-qUpXLVc5xowXtwGDperJ+1ZRMiSb0Qr1yGCB8CYURcU=' 'sha256-dUEy+HarzMcjG/30jFlk16mhhq6DY5XFFDEbLE3L9JI=' 'sha256-IBfrBzWe/313UGBENHKjFNILnnDWdwMqBlhUOXlN+5c=' 'sha256-sVKX08+SqOmnWhiySYk3xC7RDUgKyAkmbXV2GWts4fo=' 'sha256-BaZ86Ms/KjMWfCCdUY/vv8bqpvsG3hfBCQEPU4MmxkQ=' 'self' https://www.gstatic.com/firebasejs/ https://www.googletagmanager.com https://tagmanager.google.com https://js.stripe.com https://*.openpath.com https://www.google-analytics.com https://openpath.trackinglibrary.prodperfect.com https://unpkg.com/amazon-kinesis-video-streams-webrtc/dist/kvs-webrtc.min.js https://global.localizecdn.com/localize.js; style-src https: https://tagmanager.google.com https://fonts.googleapis.com 'unsafe-inline'; object-src https://drive.google.com; frame-src https://*.openpath.com https://js.stripe.com https://drive.google.com; frame-ancestors 'none'; manifest-src 'self'; media-src 'self' blob: data:;
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-amz-cf-pop
FRA6-C1
age
22
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 14 Aug 2023 17:07:52 GMT
server
AmazonS3
etag
W/"3b5865bc469c6803f246d5bcc2a0bc27"
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/javascript
cache-control
max-age=604800, s-maxage=604800
x-amz-cf-id
LWrXPFjtFXJsWw05agkB1RI757Gq8RRvw4Vo_J_SNmIv3wtb_WPQyA==
css
fonts.googleapis.com/ 		3 KB
550 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Lato:400,700,400italic,700italic&subset=latin
Requested by
Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/semantic-ui@2.4.2/dist/semantic.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
699e8cb3d0af7f12172315152a58cf8154526ddc2ee3d29ed8861218e9cf91a2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cdn.jsdelivr.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Wed, 16 Aug 2023 12:24:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Wed, 16 Aug 2023 10:38:54 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 16 Aug 2023 12:24:03 GMT
icons.woff2
cdn.jsdelivr.net/npm/semantic-ui@2.4.2/dist/themes/default/assets/fonts/ 		39 KB
40 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/semantic-ui@2.4.2/dist/themes/default/assets/fonts/icons.woff2
Requested by
Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/semantic-ui@2.4.2/dist/semantic.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5514 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
434466b59545a8a1cac6ddb38197cdc6b35995a98c3f3812fb88d61b1c300dd3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://cdn.jsdelivr.net/npm/semantic-ui@2.4.2/dist/semantic.min.css
Origin
https://control.openpath.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Wed, 16 Aug 2023 12:24:04 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
15133782
x-jsd-version
2.4.2
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
40148
x-served-by
cache-fra-eddf8230061-FRA, cache-yyz4576-YYZ
x-jsd-version-type
version
server
cloudflare
etag
W/"9cd4-bsbTbLJGS06CHPq7Uy8xC9NCYBw"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iEJvxYVRu%2FjXbhzmffsfgNFpwZIAFqvCl3iMLLC9QTbLZEvwhZDvJhR9UPmCR5oprfmc6H2gkjXvKJUqkGAvgd1n%2BW9bNdicJntBbOlWHspDxyVphBVQFeLNUQnFG%2FzCNndz%2BSwh%2BXH6np%2BtU1M%3D"}],"group":"cf-nel","max_age":604800}
content-type
font/woff2
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges
bytes
timing-allow-origin
*
cf-ray
7f79a6f0fadb1947-FRA
2sDcZGJYnIjSi6H75xkzaGW5.woff2
fonts.gstatic.com/s/assistant/v18/ 		20 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/assistant/v18/2sDcZGJYnIjSi6H75xkzaGW5.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Assistant:300,400,600,700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
36ea273138b793477fef7ab102c5d882f9329660f70df5d5ad43f30f0edd7026
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://control.openpath.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Sat, 12 Aug 2023 05:15:28 GMT
x-content-type-options
nosniff
age
371316
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20608
x-xss-protection
0
last-modified
Fri, 24 Jun 2022 19:46:35 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 11 Aug 2024 05:15:28 GMT
S6u9w4BMUTPHh6UVSwiPGQ.woff2
fonts.gstatic.com/s/lato/v24/ 		23 KB
23 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh6UVSwiPGQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:400,700,400italic,700italic&subset=latin
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://control.openpath.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Sat, 12 Aug 2023 21:18:33 GMT
x-content-type-options
nosniff
age
313531
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
23040
x-xss-protection
0
last-modified
Tue, 02 May 2023 15:07:25 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 11 Aug 2024 21:18:33 GMT
truncated
/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
79da466e9ffa7ac02e041d98fa83e647355d3c0d3575d9507777c0ac99ea9652

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

Content-Type
image/svg+xml
455zmkc3ghzy
helium.prod.openpath.com/shortUrl/ 		1 KB
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://helium.prod.openpath.com/shortUrl/455zmkc3ghzy
Requested by
Host: control.openpath.com
URL: https://control.openpath.com/cloudKeyUnlock.de69678e70b322574629.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223f:1e00:4:c8d0:6ec0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.0 /
Resource Hash
04251cafb6547db97ab33f7abbcc4e245c4ca6895b168d775f893cf4220b9b4f
Security Headers
Name Value
Content-Security-Policy default-src 'none'; frame-ancestors 'none'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://control.openpath.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

content-security-policy
default-src 'none'; frame-ancestors 'none'
content-encoding
gzip
x-content-type-options
nosniff
date
Wed, 16 Aug 2023 12:24:04 GMT
via
1.1 edffe6978db53d114a80cda421e0b6b8.cloudfront.net (CloudFront)
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-amz-cf-pop
FRA56-P5
x-cache
Miss from cloudfront
server
nginx/1.20.0
x-version-hash
d8b22530eb9fb3eae887785feebfa15ec5bd1943
x-download-options
noopen
vary
origin,accept-encoding
x-frame-options
DENY
content-type
application/json; charset=utf-8
access-control-allow-origin
https://control.openpath.com
access-control-expose-headers
WWW-Authenticate,Server-Authorization
cache-control
no-cache
x-amz-cf-id
5301cTfhrC0yT1BBFBrE2EHGlPPIxhE-H770LuOWVmOdAVEYk9pDkA==
x-instance-id
i-0225a29232c4c59e5

Verdicts & Comments Add Verdict or Comment

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture object| webpackChunkplatinum object| SENTRY_RELEASE object| __SENTRY__ function| removeGlobalLoader function| setGlobalLoaderText

0 Cookies

1 Console Messages

Source Level URL
Text
security error URL: https://control.openpath.com/cloudKeyUnlock?shortCode=455zmkc3ghzy
Message:
Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'sha256-DzBnYQfpuRor1FC89hsyxBDORmgrrvettZk6CsJ33f8=' 'sha256-qUpXLVc5xowXtwGDperJ+1ZRMiSb0Qr1yGCB8CYURcU=' 'sha256-dUEy+HarzMcjG/30jFlk16mhhq6DY5XFFDEbLE3L9JI=' 'sha256-IBfrBzWe/313UGBENHKjFNILnnDWdwMqBlhUOXlN+5c=' 'sha256-sVKX08+SqOmnWhiySYk3xC7RDUgKyAkmbXV2GWts4fo=' 'sha256-BaZ86Ms/KjMWfCCdUY/vv8bqpvsG3hfBCQEPU4MmxkQ=' 'self' https://www.gstatic.com/firebasejs/ https://www.googletagmanager.com https://tagmanager.google.com https://js.stripe.com https://*.openpath.com https://www.google-analytics.com https://openpath.trackinglibrary.prodperfect.com https://unpkg.com/amazon-kinesis-video-streams-webrtc/dist/kvs-webrtc.min.js https://global.localizecdn.com/localize.js". Either the 'unsafe-inline' keyword, a hash ('sha256-86eAGVxtRG9MV7YgPORIUXwsYDfkei/3NuVUj5psWyQ='), or a nonce ('nonce-...') is required to enable inline execution.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'none'; base-uri 'self'; font-src https: data: https://fonts.gstatic.com; connect-src 'self' https: wss: https://www.google-analytics.com; img-src 'self' https: data: https://ssl.gstatic.com https://www.gstatic.com https://www.google-analytics.com; script-src 'sha256-DzBnYQfpuRor1FC89hsyxBDORmgrrvettZk6CsJ33f8=' 'sha256-qUpXLVc5xowXtwGDperJ+1ZRMiSb0Qr1yGCB8CYURcU=' 'sha256-dUEy+HarzMcjG/30jFlk16mhhq6DY5XFFDEbLE3L9JI=' 'sha256-IBfrBzWe/313UGBENHKjFNILnnDWdwMqBlhUOXlN+5c=' 'sha256-sVKX08+SqOmnWhiySYk3xC7RDUgKyAkmbXV2GWts4fo=' 'sha256-BaZ86Ms/KjMWfCCdUY/vv8bqpvsG3hfBCQEPU4MmxkQ=' 'self' https://www.gstatic.com/firebasejs/ https://www.googletagmanager.com https://tagmanager.google.com https://js.stripe.com https://*.openpath.com https://www.google-analytics.com https://openpath.trackinglibrary.prodperfect.com https://unpkg.com/amazon-kinesis-video-streams-webrtc/dist/kvs-webrtc.min.js https://global.localizecdn.com/localize.js; style-src https: https://tagmanager.google.com https://fonts.googleapis.com 'unsafe-inline'; object-src https://drive.google.com; frame-src https://*.openpath.com https://js.stripe.com https://drive.google.com; frame-ancestors 'none'; manifest-src 'self'; media-src 'self' blob: data:;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block