Submitted URL: https://adadschr.dev.amazonbacklot.com/
Effective URL: https://midway-auth.amazon.com/login?next=%2FSSO%2Fredirect%3Fclient_id%3Dhttps%253A%252F%252Fidp-integ-eu-west-1.federate.amaz...
Submission Tags: @phishunt_io
Submission: On March 24 via api from DE — Scanned from DE

Summary

This website contacted 7 IPs in 1 countries across 6 domains to perform 28 HTTP transactions. The main IP is 52.94.218.63, located in and belongs to . The main domain is midway-auth.amazon.com.
TLS certificate: Issued by Amazon RSA 2048 M01 on March 8th 2023. Valid for: a year.
This is the only time midway-auth.amazon.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

Domain Requested by
6 adadschr.dev.amazonbacklot.com adadschr.dev.amazonbacklot.com
4 cognito-identity.us-east-1.amazonaws.com adadschr.dev.amazonbacklot.com
2 midway-auth.amazon.com 1 redirects adadschr.dev.amazonbacklot.com
midway-auth.amazon.com
1 sts.us-east-1.amazonaws.com adadschr.dev.amazonbacklot.com
1 m.media-amazon.com
1 idp-integ.federate.amazon.com 1 redirects
1 studios-portal-app-dev-adadschr.auth.us-east-1.amazoncognito.com 1 redirects
1 cdn.pendo.io adadschr.dev.amazonbacklot.com
28 8

This site contains no links.

Subject Issuer Validity Valid
adadschr.dev.amazonbacklot.com
Amazon RSA 2048 M01
2023-03-23 -
2024-04-20
a year crt.sh
cdn.pendo.io
Amazon RSA 2048 M01
2023-02-20 -
2023-08-28
6 months crt.sh
midway-auth.dub.amazon.com
Amazon RSA 2048 M01
2023-03-08 -
2024-03-07
a year crt.sh
cognito-identity.us-east-1.amazonaws.com
Amazon RSA 2048 M02
2023-02-21 -
2023-07-06
4 months crt.sh
images-na.ssl-images-amazon.com
DigiCert Global CA G2
2022-10-26 -
2023-10-14
a year crt.sh
sts.us-east-1.amazonaws.com
Amazon RSA 2048 M01
2023-03-08 -
2024-03-07
a year crt.sh

This page contains 1 frames:

Primary Page: https://midway-auth.amazon.com/login?next=%2FSSO%2Fredirect%3Fclient_id%3Dhttps%253A%252F%252Fidp-integ-eu-west-1.federate.amazon.com%26redirect_uri%3Dhttps%253A%252F%252Fidp-integ-eu-west-1.federate.amazon.com%252Fapi%252Fv1%252Fintermediate%26response_type%3Did_token%26scope%3Dopenid%26nonce%3DI230324003603974DUBDMJBUKE3UWCI%26state%3Dv1eu-west-1_I230324003603974DUBDMJBUKE3UWCI_AgR4w7GyyIkB5UvwJ7ZaRvWzZw8pB1opGwWuTWCxDUTPbiIAKAABAAN0eG4AH0kyMzAzMjQwMDM2MDM5NzREVUJETUpCVUtFM1VXQ0kAAQAHYXdzLWttcwBLYXJuOmF3czprbXM6ZXUtd2VzdC0xOjA2NjU3MDk2OTgzMzprZXkvMzJhOTkwMDMtNjhkNi00ZDExLTgwMTEtNWYzZGY1YTQyNmM3ALgBAgEAeA2vGAlLAeDro1UcXoOf1o9uortpkFo3uwfkFO6mjSmFAd4WTrrvg13q5nhtBbbkZmIAAAB-MHwGCSqGSIb3DQEHBqBvMG0CAQAwaAYJKoZIhvcNAQcBMB4GCWCGSAFlAwQBLjARBAxn6MrPdUsu97ZLCeMCARCAO2CYmGyRIM0DmW3WdQfWwZM_p-ptqNILNCWV8z3MsbaYTNtOUKsVck2FUBMBdBglXtiBKXtXEIBIZudXAgAAEADamPSDCxHPgTzmo8F2XkgcmyXQcFI3pGdm6t_ZgedNntEsOpzZTmqlPue_kPcKK03_____AAAAAQAAAAAAAAAAAAAAAQAAAFrhKTPk5cBjbrh3dekCjGcS48KcFpPJJfMw8vGNj9CQ7lI7pkK7N7YqUoRCjXw18lAPRw4VptURh59cU6CruwySJrZEJiUbhZLIu__UHe5vXRzmniWSgkUi_10d-xlhwuj4vFmi_6Fhxvgq&require_digital_identity=false
Frame ID: C5300CABBED359EEC39C10C29B9FDA0E
Requests: 23 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. https://adadschr.dev.amazonbacklot.com/ Page URL
  2. https://studios-portal-app-dev-adadschr.auth.us-east-1.amazoncognito.com/oauth2/authorize?redirect_uri=https%3A%2F%2Fadadschr.dev.amazonbacklot.com&r... HTTP 302
    https://idp-integ.federate.amazon.com/api/oauth2/v1/authorize?client_id=backlot-web-portal-dev&redirect_uri=https%... HTTP 302
    https://midway-auth.amazon.com/SSO/redirect?client_id=https%3A%2F%2Fidp-integ-eu-west-1.federate.amazon.com... HTTP 302
    https://midway-auth.amazon.com/login?next=%2FSSO%2Fredirect%3Fclient_id%3Dhttps%253A%252F%252Fidp-integ-eu-... Page URL

Page Statistics

28
Requests

50 %
HTTPS

50 %
IPv6

6
Domains

8
Subdomains

7
IPs

1
Countries

759 kB
Transfer

3010 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://adadschr.dev.amazonbacklot.com/ Page URL
  2. https://studios-portal-app-dev-adadschr.auth.us-east-1.amazoncognito.com/oauth2/authorize?redirect_uri=https%3A%2F%2Fadadschr.dev.amazonbacklot.com&response_type=code&client_id=4cfoar7gddfq58mtf9n4arkkab&identity_provider=AmazonFederate&scope=openid&state=7ceBmLR8JiTTh6n7SoyGCc6lwhIZ1mha&code_challenge=uzq3lmHylT2t2o6dLww38PdVuYwo1byA7kuNQM1Sqy8&code_challenge_method=S256 HTTP 302
    https://idp-integ.federate.amazon.com/api/oauth2/v1/authorize?client_id=backlot-web-portal-dev&redirect_uri=https%3A%2F%2Fstudios-portal-app-dev-adadschr.auth.us-east-1.amazoncognito.com%2Foauth2%2Fidpresponse&scope=openid&response_type=code&state=H4sIAAAAAAAAAD1R2XLiMBD8Fz0jgmTjgzcgG0yWEIMdErO1RcmSfOBDPuQ4Ymv_fZWtVN66Zrq7Zrr_AAIWYOghJ72E6HImbLa7flQumIBYb5YVuYn6gTPeEcn1kOqhSRNBOjtlLGnnTiUTtzZJVxQk1gSmCZmUTb-4uyOMsJ5m3ZTx9yn5bxUTWpRCTqmoNJlrMhXs0zjR8Hl7v9YwBYtfQDS8zhn4PQGZ3tiUr6rd0XnMwzCzajsQarOmVjlm2zOqMqJV-ecjt9YoK0-VIZZYWGw3jobjs9MQjQLFamkXw_7whIJWOVpx1YoAzy0NCw09G4eBXKXqra78pXFe_ojeFSnag1Eqr8RHPlzM1EmMdnnecvL6wk5lvBGn-wfCDO7CA-5n_Pgyr-Szediq9PWKZ_mjx3Ad_3xG_uY28GHkUefLNrd9c-mbfV_Xb-vQVy5c7dv8iarV0EeBt4-UYiNGuX9JwkYMwWXv5dfoiOfxR7b3qpLqi0t9cS8HloseNqKTpISkaaBOGn7HTgaZTb_L_WqAirTOpfhqoAILZNmuhRxkGRPQgEVCyp5PQKf9iYHd2J1b0GA2gqZlUOjEyIaO7SLXodhAnIC__wCJwuXhRAIAAA.H4sIAAAAAAAAAPt1e_vkT3NagkSWck3185p91MHQYH3C1JXFnJFtIcUcwncAeyHWsyAAAAA.4 HTTP 302
    https://midway-auth.amazon.com/SSO/redirect?client_id=https%3A%2F%2Fidp-integ-eu-west-1.federate.amazon.com&redirect_uri=https%3A%2F%2Fidp-integ-eu-west-1.federate.amazon.com%2Fapi%2Fv1%2Fintermediate&response_type=id_token&scope=openid&nonce=I230324003603974DUBDMJBUKE3UWCI&state=v1eu-west-1_I230324003603974DUBDMJBUKE3UWCI_AgR4w7GyyIkB5UvwJ7ZaRvWzZw8pB1opGwWuTWCxDUTPbiIAKAABAAN0eG4AH0kyMzAzMjQwMDM2MDM5NzREVUJETUpCVUtFM1VXQ0kAAQAHYXdzLWttcwBLYXJuOmF3czprbXM6ZXUtd2VzdC0xOjA2NjU3MDk2OTgzMzprZXkvMzJhOTkwMDMtNjhkNi00ZDExLTgwMTEtNWYzZGY1YTQyNmM3ALgBAgEAeA2vGAlLAeDro1UcXoOf1o9uortpkFo3uwfkFO6mjSmFAd4WTrrvg13q5nhtBbbkZmIAAAB-MHwGCSqGSIb3DQEHBqBvMG0CAQAwaAYJKoZIhvcNAQcBMB4GCWCGSAFlAwQBLjARBAxn6MrPdUsu97ZLCeMCARCAO2CYmGyRIM0DmW3WdQfWwZM_p-ptqNILNCWV8z3MsbaYTNtOUKsVck2FUBMBdBglXtiBKXtXEIBIZudXAgAAEADamPSDCxHPgTzmo8F2XkgcmyXQcFI3pGdm6t_ZgedNntEsOpzZTmqlPue_kPcKK03_____AAAAAQAAAAAAAAAAAAAAAQAAAFrhKTPk5cBjbrh3dekCjGcS48KcFpPJJfMw8vGNj9CQ7lI7pkK7N7YqUoRCjXw18lAPRw4VptURh59cU6CruwySJrZEJiUbhZLIu__UHe5vXRzmniWSgkUi_10d-xlhwuj4vFmi_6Fhxvgq HTTP 302
    https://midway-auth.amazon.com/login?next=%2FSSO%2Fredirect%3Fclient_id%3Dhttps%253A%252F%252Fidp-integ-eu-west-1.federate.amazon.com%26redirect_uri%3Dhttps%253A%252F%252Fidp-integ-eu-west-1.federate.amazon.com%252Fapi%252Fv1%252Fintermediate%26response_type%3Did_token%26scope%3Dopenid%26nonce%3DI230324003603974DUBDMJBUKE3UWCI%26state%3Dv1eu-west-1_I230324003603974DUBDMJBUKE3UWCI_AgR4w7GyyIkB5UvwJ7ZaRvWzZw8pB1opGwWuTWCxDUTPbiIAKAABAAN0eG4AH0kyMzAzMjQwMDM2MDM5NzREVUJETUpCVUtFM1VXQ0kAAQAHYXdzLWttcwBLYXJuOmF3czprbXM6ZXUtd2VzdC0xOjA2NjU3MDk2OTgzMzprZXkvMzJhOTkwMDMtNjhkNi00ZDExLTgwMTEtNWYzZGY1YTQyNmM3ALgBAgEAeA2vGAlLAeDro1UcXoOf1o9uortpkFo3uwfkFO6mjSmFAd4WTrrvg13q5nhtBbbkZmIAAAB-MHwGCSqGSIb3DQEHBqBvMG0CAQAwaAYJKoZIhvcNAQcBMB4GCWCGSAFlAwQBLjARBAxn6MrPdUsu97ZLCeMCARCAO2CYmGyRIM0DmW3WdQfWwZM_p-ptqNILNCWV8z3MsbaYTNtOUKsVck2FUBMBdBglXtiBKXtXEIBIZudXAgAAEADamPSDCxHPgTzmo8F2XkgcmyXQcFI3pGdm6t_ZgedNntEsOpzZTmqlPue_kPcKK03_____AAAAAQAAAAAAAAAAAAAAAQAAAFrhKTPk5cBjbrh3dekCjGcS48KcFpPJJfMw8vGNj9CQ7lI7pkK7N7YqUoRCjXw18lAPRw4VptURh59cU6CruwySJrZEJiUbhZLIu__UHe5vXRzmniWSgkUi_10d-xlhwuj4vFmi_6Fhxvgq&require_digital_identity=false Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

28 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
/
adadschr.dev.amazonbacklot.com/
2 KB
2 KB
Document
General
Full URL
https://adadschr.dev.amazonbacklot.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.86.36 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-86-36.ams1.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
bf70d5986216652ce15a54cd7ee15a0323380a5be6f2cf8988e0f32d9a258f15
Security Headers
Name Value
Content-Security-Policy default-src https: 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.amazonbacklot.com https://*.studios.a2z.com https://cdn.pendo.io https://pendo-io-static.storage.googleapis.com http://localhost:8081; style-src 'unsafe-inline' https://*.amazonbacklot.com https://*.studios.a2z.com; font-src https://m.media-amazon.com img-src https://*.amazon.com https://data.pendo.io https://*.amazonbacklot.com https://*.studios.a2z.com; connect-src https://data.pendo.io https://*.amazoncognito.com https://*.amazonbacklot.com https://*.studios.a2z.com https://dataplane.rum.us-east-1.amazonaws.com https://cognito-identity.us-east-1.amazonaws.com https://cognito-idp.us-east-1.amazonaws.com https://*.amazonaws.com https://sts.us-east-1.amazonaws.com; report-uri https://api.adadschr.dev.amazonbacklot.com/api/csp-reporting
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
9019
content-encoding
gzip
content-security-policy
default-src https: 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.amazonbacklot.com https://*.studios.a2z.com https://cdn.pendo.io https://pendo-io-static.storage.googleapis.com http://localhost:8081; style-src 'unsafe-inline' https://*.amazonbacklot.com https://*.studios.a2z.com; font-src https://m.media-amazon.com img-src https://*.amazon.com https://data.pendo.io https://*.amazonbacklot.com https://*.studios.a2z.com; connect-src https://data.pendo.io https://*.amazoncognito.com https://*.amazonbacklot.com https://*.studios.a2z.com https://dataplane.rum.us-east-1.amazonaws.com https://cognito-identity.us-east-1.amazonaws.com https://cognito-idp.us-east-1.amazonaws.com https://*.amazonaws.com https://sts.us-east-1.amazonaws.com; report-uri https://api.adadschr.dev.amazonbacklot.com/api/csp-reporting
content-type
text/html
date
Thu, 23 Mar 2023 22:05:41 GMT
etag
W/"e87ff38d91851315e7da192286fd9d68"
last-modified
Thu, 23 Mar 2023 18:54:48 GMT
referrer-policy
no-referrer
server
AmazonS3
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
via
1.1 0186e9c41d0aebb13c1398b95b7f4756.cloudfront.net (CloudFront)
x-amz-cf-id
OdKghfdqjFHxuE4B9eVWwZvVjoQamMRFVkh0gcPDqPPORjeATZxT-g==
x-amz-cf-pop
AMS1-C1
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-content-type-options
nosniff
x-frame-options
DENY
x-xss-protection
1; mode=block
system.min.js
adadschr.dev.amazonbacklot.com/public/vendors/systemjs/dist/
12 KB
6 KB
Script
General
Full URL
https://adadschr.dev.amazonbacklot.com/public/vendors/systemjs/dist/system.min.js
Requested by
Host: adadschr.dev.amazonbacklot.com
URL: https://adadschr.dev.amazonbacklot.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.86.36 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-86-36.ams1.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
989934e773d5d0ffe8cd07937690b001283943343fd74affab906d5cdca1497c
Security Headers
Name Value
Content-Security-Policy default-src https: 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.amazonbacklot.com https://*.studios.a2z.com https://cdn.pendo.io https://pendo-io-static.storage.googleapis.com http://localhost:8081; style-src 'unsafe-inline' https://*.amazonbacklot.com https://*.studios.a2z.com; font-src https://m.media-amazon.com img-src https://*.amazon.com https://data.pendo.io https://*.amazonbacklot.com https://*.studios.a2z.com; connect-src https://data.pendo.io https://*.amazoncognito.com https://*.amazonbacklot.com https://*.studios.a2z.com https://dataplane.rum.us-east-1.amazonaws.com https://cognito-identity.us-east-1.amazonaws.com https://cognito-idp.us-east-1.amazonaws.com https://*.amazonaws.com https://sts.us-east-1.amazonaws.com; report-uri https://api.adadschr.dev.amazonbacklot.com/api/csp-reporting
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date
Fri, 24 Mar 2023 00:36:01 GMT
content-encoding
br
via
1.1 0186e9c41d0aebb13c1398b95b7f4756.cloudfront.net (CloudFront)
content-security-policy
default-src https: 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.amazonbacklot.com https://*.studios.a2z.com https://cdn.pendo.io https://pendo-io-static.storage.googleapis.com http://localhost:8081; style-src 'unsafe-inline' https://*.amazonbacklot.com https://*.studios.a2z.com; font-src https://m.media-amazon.com img-src https://*.amazon.com https://data.pendo.io https://*.amazonbacklot.com https://*.studios.a2z.com; connect-src https://data.pendo.io https://*.amazoncognito.com https://*.amazonbacklot.com https://*.studios.a2z.com https://dataplane.rum.us-east-1.amazonaws.com https://cognito-identity.us-east-1.amazonaws.com https://cognito-idp.us-east-1.amazonaws.com https://*.amazonaws.com https://sts.us-east-1.amazonaws.com; report-uri https://api.adadschr.dev.amazonbacklot.com/api/csp-reporting
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
AMS1-C1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Thu, 23 Mar 2023 18:54:51 GMT
server
AmazonS3
etag
W/"4e9feb952aca853ccc8354c14f7b06b6"
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/javascript
x-amz-cf-id
n5YfCh5hpJ3xME4R2pjrTmKfzTEdInVzD3uS6F8COou8dTdE1VN_Xg==
amd.min.js
adadschr.dev.amazonbacklot.com/public/vendors/systemjs/dist/extras/
1 KB
2 KB
Script
General
Full URL
https://adadschr.dev.amazonbacklot.com/public/vendors/systemjs/dist/extras/amd.min.js
Requested by
Host: adadschr.dev.amazonbacklot.com
URL: https://adadschr.dev.amazonbacklot.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.86.36 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-86-36.ams1.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
55edf3040867848ea4dccc07ab8a2c443ad5988aa4d9221d01577f001914d8f1
Security Headers
Name Value
Content-Security-Policy default-src https: 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.amazonbacklot.com https://*.studios.a2z.com https://cdn.pendo.io https://pendo-io-static.storage.googleapis.com http://localhost:8081; style-src 'unsafe-inline' https://*.amazonbacklot.com https://*.studios.a2z.com; font-src https://m.media-amazon.com img-src https://*.amazon.com https://data.pendo.io https://*.amazonbacklot.com https://*.studios.a2z.com; connect-src https://data.pendo.io https://*.amazoncognito.com https://*.amazonbacklot.com https://*.studios.a2z.com https://dataplane.rum.us-east-1.amazonaws.com https://cognito-identity.us-east-1.amazonaws.com https://cognito-idp.us-east-1.amazonaws.com https://*.amazonaws.com https://sts.us-east-1.amazonaws.com; report-uri https://api.adadschr.dev.amazonbacklot.com/api/csp-reporting
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date
Fri, 24 Mar 2023 00:36:01 GMT
content-encoding
br
via
1.1 0186e9c41d0aebb13c1398b95b7f4756.cloudfront.net (CloudFront)
content-security-policy
default-src https: 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.amazonbacklot.com https://*.studios.a2z.com https://cdn.pendo.io https://pendo-io-static.storage.googleapis.com http://localhost:8081; style-src 'unsafe-inline' https://*.amazonbacklot.com https://*.studios.a2z.com; font-src https://m.media-amazon.com img-src https://*.amazon.com https://data.pendo.io https://*.amazonbacklot.com https://*.studios.a2z.com; connect-src https://data.pendo.io https://*.amazoncognito.com https://*.amazonbacklot.com https://*.studios.a2z.com https://dataplane.rum.us-east-1.amazonaws.com https://cognito-identity.us-east-1.amazonaws.com https://cognito-idp.us-east-1.amazonaws.com https://*.amazonaws.com https://sts.us-east-1.amazonaws.com; report-uri https://api.adadschr.dev.amazonbacklot.com/api/csp-reporting
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
AMS1-C1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Thu, 23 Mar 2023 18:54:51 GMT
server
AmazonS3
etag
W/"b1c589d69da9588789c77f58e1eca68d"
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/javascript
x-amz-cf-id
MRGroufgaG3ueRZy_3iwRBvO5WsKY3bgDbjOA0vUEj7qxcnNiVPgnw==
pendo.js
cdn.pendo.io/agent/static/e7633f9e-df71-40b3-6924-2bd35adc083a/
396 KB
132 KB
Script
General
Full URL
https://cdn.pendo.io/agent/static/e7633f9e-df71-40b3-6924-2bd35adc083a/pendo.js
Requested by
Host: adadschr.dev.amazonbacklot.com
URL: https://adadschr.dev.amazonbacklot.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2204:2000:1f:aa31:7740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
UploadServer /
Resource Hash
f4221bb53b1a95ee1f037b94c8a53fb41467712c84b9154fc24b5251d6010318

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date
Fri, 24 Mar 2023 00:36:00 GMT
content-encoding
gzip
via
1.1 415e8d76bf2c69e5e03b89ba8461cd7e.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS50-C1
x-guploader-uploadid
ADPycdvL0xXdUUUMFupGg54P5VhXgllyUYudhzNgAimQ17p8SPi3IJ-nUxScGyeULDn4JeCa9JZAHISEo6mSmRRGX9zv1kn_cHvG
x-cache
Miss from cloudfront
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
content-length
134154
last-modified
Thu, 23 Mar 2023 18:50:09 GMT
server
UploadServer
etag
"274b8b2a871693851ee46e8a6f578bdd"
vary
Accept-Encoding
x-goog-generation
1679597409388314
content-type
application/javascript
access-control-allow-origin
*
x-goog-hash
crc32c=akF2vQ==, md5=J0uLKocWk4Ue5G6Kb1eL3Q==
access-control-expose-headers
*
cache-control
max-age=450
x-goog-stored-content-length
134154
accept-ranges
bytes
x-amz-cf-id
n1a6WDtBqDB2ct4WTkQ3ZspeSTixBO4vdqJofv6mZgnoMIm6JlDTpg==
expires
Fri, 24 Mar 2023 00:43:30 GMT
amzn-studios-portal-app-root-config.js
adadschr.dev.amazonbacklot.com/public/js/
2 MB
547 KB
Script
General
Full URL
https://adadschr.dev.amazonbacklot.com/public/js/amzn-studios-portal-app-root-config.js
Requested by
Host: adadschr.dev.amazonbacklot.com
URL: https://adadschr.dev.amazonbacklot.com/public/vendors/systemjs/dist/system.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.86.36 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-86-36.ams1.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
5f06b6ed4ac0c488d110747a6410f2b66c60082f89723a627d4ddf892e3f1c81
Security Headers
Name Value
Content-Security-Policy default-src https: 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.amazonbacklot.com https://*.studios.a2z.com https://cdn.pendo.io https://pendo-io-static.storage.googleapis.com http://localhost:8081; style-src 'unsafe-inline' https://*.amazonbacklot.com https://*.studios.a2z.com; font-src https://m.media-amazon.com img-src https://*.amazon.com https://data.pendo.io https://*.amazonbacklot.com https://*.studios.a2z.com; connect-src https://data.pendo.io https://*.amazoncognito.com https://*.amazonbacklot.com https://*.studios.a2z.com https://dataplane.rum.us-east-1.amazonaws.com https://cognito-identity.us-east-1.amazonaws.com https://cognito-idp.us-east-1.amazonaws.com https://*.amazonaws.com https://sts.us-east-1.amazonaws.com; report-uri https://api.adadschr.dev.amazonbacklot.com/api/csp-reporting
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date
Fri, 24 Mar 2023 00:36:01 GMT
content-encoding
br
via
1.1 0186e9c41d0aebb13c1398b95b7f4756.cloudfront.net (CloudFront)
content-security-policy
default-src https: 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.amazonbacklot.com https://*.studios.a2z.com https://cdn.pendo.io https://pendo-io-static.storage.googleapis.com http://localhost:8081; style-src 'unsafe-inline' https://*.amazonbacklot.com https://*.studios.a2z.com; font-src https://m.media-amazon.com img-src https://*.amazon.com https://data.pendo.io https://*.amazonbacklot.com https://*.studios.a2z.com; connect-src https://data.pendo.io https://*.amazoncognito.com https://*.amazonbacklot.com https://*.studios.a2z.com https://dataplane.rum.us-east-1.amazonaws.com https://cognito-identity.us-east-1.amazonaws.com https://cognito-idp.us-east-1.amazonaws.com https://*.amazonaws.com https://sts.us-east-1.amazonaws.com; report-uri https://api.adadschr.dev.amazonbacklot.com/api/csp-reporting
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
AMS1-C1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Thu, 23 Mar 2023 18:54:49 GMT
server
AmazonS3
etag
W/"19b36987ad03ff3112783936b0a6de12"
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/javascript
x-amz-cf-id
AkCwHLSUliY5doNsEmbMPA5FWYJDxYuQQCZ0NswkmZQ8ypwbyaUqOg==
single-spa.min.js
adadschr.dev.amazonbacklot.com/public/vendors/single-spa/lib/system/
20 KB
7 KB
Script
General
Full URL
https://adadschr.dev.amazonbacklot.com/public/vendors/single-spa/lib/system/single-spa.min.js
Requested by
Host: adadschr.dev.amazonbacklot.com
URL: https://adadschr.dev.amazonbacklot.com/public/vendors/systemjs/dist/system.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.86.36 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-86-36.ams1.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
5a680c7b0a6ce4d56c973bf237cf42a16c040f6a934a442066430b3f9adda3ca
Security Headers
Name Value
Content-Security-Policy default-src https: 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.amazonbacklot.com https://*.studios.a2z.com https://cdn.pendo.io https://pendo-io-static.storage.googleapis.com http://localhost:8081; style-src 'unsafe-inline' https://*.amazonbacklot.com https://*.studios.a2z.com; font-src https://m.media-amazon.com img-src https://*.amazon.com https://data.pendo.io https://*.amazonbacklot.com https://*.studios.a2z.com; connect-src https://data.pendo.io https://*.amazoncognito.com https://*.amazonbacklot.com https://*.studios.a2z.com https://dataplane.rum.us-east-1.amazonaws.com https://cognito-identity.us-east-1.amazonaws.com https://cognito-idp.us-east-1.amazonaws.com https://*.amazonaws.com https://sts.us-east-1.amazonaws.com; report-uri https://api.adadschr.dev.amazonbacklot.com/api/csp-reporting
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date
Fri, 24 Mar 2023 00:36:02 GMT
content-encoding
br
via
1.1 0186e9c41d0aebb13c1398b95b7f4756.cloudfront.net (CloudFront)
content-security-policy
default-src https: 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.amazonbacklot.com https://*.studios.a2z.com https://cdn.pendo.io https://pendo-io-static.storage.googleapis.com http://localhost:8081; style-src 'unsafe-inline' https://*.amazonbacklot.com https://*.studios.a2z.com; font-src https://m.media-amazon.com img-src https://*.amazon.com https://data.pendo.io https://*.amazonbacklot.com https://*.studios.a2z.com; connect-src https://data.pendo.io https://*.amazoncognito.com https://*.amazonbacklot.com https://*.studios.a2z.com https://dataplane.rum.us-east-1.amazonaws.com https://cognito-identity.us-east-1.amazonaws.com https://cognito-idp.us-east-1.amazonaws.com https://*.amazonaws.com https://sts.us-east-1.amazonaws.com; report-uri https://api.adadschr.dev.amazonbacklot.com/api/csp-reporting
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
AMS1-C1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Thu, 23 Mar 2023 18:54:51 GMT
server
AmazonS3
etag
W/"bd4f74962a0bfd23e6aa8d63a6f4a614"
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/javascript
x-amz-cf-id
RQmXhaJ00tddpQOrU1runLtsWtVN7ipcsaSE_Afi0DHBEkc4KkHrOw==
configs.json
adadschr.dev.amazonbacklot.com/
3 KB
3 KB
Fetch
General
Full URL
https://adadschr.dev.amazonbacklot.com/configs.json
Requested by
Host: adadschr.dev.amazonbacklot.com
URL: https://adadschr.dev.amazonbacklot.com/public/js/amzn-studios-portal-app-root-config.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.86.36 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-86-36.ams1.r.cloudfront.net
Software
CloudFront /
Resource Hash
38719bbcc2b90a2e5f7f7cd4bfa81c07485a0df0141b263e0c8ea131b86fbea5

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date
Fri, 24 Mar 2023 00:36:03 GMT
via
1.1 0186e9c41d0aebb13c1398b95b7f4756.cloudfront.net (CloudFront)
server
CloudFront
x-amz-cf-pop
AMS1-C1
content-length
2607
x-amz-cf-id
Y1vjZ10iPp9ymBOlQ34UjLdFiNlFSE3LEm-gVKzrJW0hCwEwksCvDQ==
x-cache
LambdaGeneratedResponse from cloudfront
Primary Request login
midway-auth.amazon.com/
Redirect Chain
  • https://studios-portal-app-dev-adadschr.auth.us-east-1.amazoncognito.com/oauth2/authorize?redirect_uri=https%3A%2F%2Fadadschr.dev.amazonbacklot.com&response_type=code&client_id=4cfoar7gddfq58mtf9n4...
  • https://idp-integ.federate.amazon.com/api/oauth2/v1/authorize?client_id=backlot-web-portal-dev&redirect_uri=https%3A%2F%2Fstudios-portal-app-dev-adadschr.auth.us-east-1.amazoncognito.com%2Foauth2%2...
  • https://midway-auth.amazon.com/SSO/redirect?client_id=https%3A%2F%2Fidp-integ-eu-west-1.federate.amazon.com&redirect_uri=https%3A%2F%2Fidp-integ-eu-west-1.federate.amazon.com%2Fapi%2Fv1%2Fintermedi...
  • https://midway-auth.amazon.com/login?next=%2FSSO%2Fredirect%3Fclient_id%3Dhttps%253A%252F%252Fidp-integ-eu-west-1.federate.amazon.com%26redirect_uri%3Dhttps%253A%252F%252Fidp-integ-eu-west-1.federa...
8 KB
0
Document
General
Full URL
https://midway-auth.amazon.com/login?next=%2FSSO%2Fredirect%3Fclient_id%3Dhttps%253A%252F%252Fidp-integ-eu-west-1.federate.amazon.com%26redirect_uri%3Dhttps%253A%252F%252Fidp-integ-eu-west-1.federate.amazon.com%252Fapi%252Fv1%252Fintermediate%26response_type%3Did_token%26scope%3Dopenid%26nonce%3DI230324003603974DUBDMJBUKE3UWCI%26state%3Dv1eu-west-1_I230324003603974DUBDMJBUKE3UWCI_AgR4w7GyyIkB5UvwJ7ZaRvWzZw8pB1opGwWuTWCxDUTPbiIAKAABAAN0eG4AH0kyMzAzMjQwMDM2MDM5NzREVUJETUpCVUtFM1VXQ0kAAQAHYXdzLWttcwBLYXJuOmF3czprbXM6ZXUtd2VzdC0xOjA2NjU3MDk2OTgzMzprZXkvMzJhOTkwMDMtNjhkNi00ZDExLTgwMTEtNWYzZGY1YTQyNmM3ALgBAgEAeA2vGAlLAeDro1UcXoOf1o9uortpkFo3uwfkFO6mjSmFAd4WTrrvg13q5nhtBbbkZmIAAAB-MHwGCSqGSIb3DQEHBqBvMG0CAQAwaAYJKoZIhvcNAQcBMB4GCWCGSAFlAwQBLjARBAxn6MrPdUsu97ZLCeMCARCAO2CYmGyRIM0DmW3WdQfWwZM_p-ptqNILNCWV8z3MsbaYTNtOUKsVck2FUBMBdBglXtiBKXtXEIBIZudXAgAAEADamPSDCxHPgTzmo8F2XkgcmyXQcFI3pGdm6t_ZgedNntEsOpzZTmqlPue_kPcKK03_____AAAAAQAAAAAAAAAAAAAAAQAAAFrhKTPk5cBjbrh3dekCjGcS48KcFpPJJfMw8vGNj9CQ7lI7pkK7N7YqUoRCjXw18lAPRw4VptURh59cU6CruwySJrZEJiUbhZLIu__UHe5vXRzmniWSgkUi_10d-xlhwuj4vFmi_6Fhxvgq&require_digital_identity=false
Requested by
Host: adadschr.dev.amazonbacklot.com
URL: https://adadschr.dev.amazonbacklot.com/public/js/amzn-studios-portal-app-root-config.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.94.218.63 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' https://d3s096xoykcjlq.cloudfront.net; style-src 'self' https://d3s096xoykcjlq.cloudfront.net; img-src 'self' https://d3s096xoykcjlq.cloudfront.net; connect-src 'self' https://midway-static.amazon.com/app-id.json https://unagi-na.amazon.com; object-src 'none'; frame-ancestors 'self'
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
max-age=0, private, must-revalidate
content-security-policy
default-src 'self'; script-src 'self' https://d3s096xoykcjlq.cloudfront.net; style-src 'self' https://d3s096xoykcjlq.cloudfront.net; img-src 'self' https://d3s096xoykcjlq.cloudfront.net; connect-src 'self' https://midway-static.amazon.com/app-id.json https://unagi-na.amazon.com; object-src 'none'; frame-ancestors 'self'
content-type
text/html; charset=utf-8
date
Fri, 24 Mar 2023 00:36:04 GMT
etag
W/"00ad7be4aca5b2ba873920f4f69bc786"
referrer-policy
strict-origin-when-cross-origin
server
nginx
strict-transport-security
max-age=63072000; includeSubDomains
x-content-type-options
nosniff
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-host
midway-auth-prod-dub4-14006.dub4.amazon.com
x-permitted-cross-domain-policies
none
x-request-id
cdd34129-1029-4270-89c7-9b43cb58ede9
x-ua-compatible
IE=Edge,chrome=1
x-xss-protection
1; mode=block

Redirect headers

cache-control
no-cache
content-security-policy
default-src 'self'; script-src 'self' https://d3s096xoykcjlq.cloudfront.net; style-src 'self' https://d3s096xoykcjlq.cloudfront.net; img-src 'self' https://d3s096xoykcjlq.cloudfront.net; connect-src 'self' https://midway-static.amazon.com/app-id.json https://unagi-na.amazon.com; object-src 'none'; frame-ancestors 'self'
content-type
text/html; charset=utf-8
date
Fri, 24 Mar 2023 00:36:04 GMT
location
https://midway-auth.amazon.com/login?next=%2FSSO%2Fredirect%3Fclient_id%3Dhttps%253A%252F%252Fidp-integ-eu-west-1.federate.amazon.com%26redirect_uri%3Dhttps%253A%252F%252Fidp-integ-eu-west-1.federate.amazon.com%252Fapi%252Fv1%252Fintermediate%26response_type%3Did_token%26scope%3Dopenid%26nonce%3DI230324003603974DUBDMJBUKE3UWCI%26state%3Dv1eu-west-1_I230324003603974DUBDMJBUKE3UWCI_AgR4w7GyyIkB5UvwJ7ZaRvWzZw8pB1opGwWuTWCxDUTPbiIAKAABAAN0eG4AH0kyMzAzMjQwMDM2MDM5NzREVUJETUpCVUtFM1VXQ0kAAQAHYXdzLWttcwBLYXJuOmF3czprbXM6ZXUtd2VzdC0xOjA2NjU3MDk2OTgzMzprZXkvMzJhOTkwMDMtNjhkNi00ZDExLTgwMTEtNWYzZGY1YTQyNmM3ALgBAgEAeA2vGAlLAeDro1UcXoOf1o9uortpkFo3uwfkFO6mjSmFAd4WTrrvg13q5nhtBbbkZmIAAAB-MHwGCSqGSIb3DQEHBqBvMG0CAQAwaAYJKoZIhvcNAQcBMB4GCWCGSAFlAwQBLjARBAxn6MrPdUsu97ZLCeMCARCAO2CYmGyRIM0DmW3WdQfWwZM_p-ptqNILNCWV8z3MsbaYTNtOUKsVck2FUBMBdBglXtiBKXtXEIBIZudXAgAAEADamPSDCxHPgTzmo8F2XkgcmyXQcFI3pGdm6t_ZgedNntEsOpzZTmqlPue_kPcKK03_____AAAAAQAAAAAAAAAAAAAAAQAAAFrhKTPk5cBjbrh3dekCjGcS48KcFpPJJfMw8vGNj9CQ7lI7pkK7N7YqUoRCjXw18lAPRw4VptURh59cU6CruwySJrZEJiUbhZLIu__UHe5vXRzmniWSgkUi_10d-xlhwuj4vFmi_6Fhxvgq&require_digital_identity=false
referrer-policy
strict-origin-when-cross-origin
server
nginx
strict-transport-security
max-age=63072000; includeSubDomains
x-content-type-options
nosniff
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-host
midway-auth-prod-dub4-14006.dub4.amazon.com
x-permitted-cross-domain-policies
none
x-request-id
620c427c-faa0-415b-b49b-1f668f9a8f15
x-xss-protection
1; mode=block
/
cognito-identity.us-east-1.amazonaws.com/
63 B
317 B
Fetch
General
Full URL
https://cognito-identity.us-east-1.amazonaws.com/
Requested by
Host: adadschr.dev.amazonbacklot.com
URL: https://adadschr.dev.amazonbacklot.com/public/js/amzn-studios-portal-app-root-config.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:41d6:7402:f2aa:82fe:a0c1:98d8 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
content-type
application/x-amz-json-1.1
amz-sdk-invocation-id
740f1844-2d43-44aa-ac61-a0cc0062b7a2
Referer
amz-sdk-request
attempt=1; max=3
x-amz-target
AWSCognitoIdentityService.GetId
x-amz-user-agent
aws-sdk-js/3.231.0 os/Windows/NT_10.0 lang/js md/browser/Chrome_111.0.5563.110 api/cognito_identity/3.231.0

Response headers

access-control-allow-origin
*
date
Fri, 24 Mar 2023 00:36:03 GMT
strict-transport-security
max-age=31536000; includeSubDomains
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amzn-ErrorMessage,Date
x-amzn-requestid
58c7d64a-4c46-435f-b56e-1b69ef46a1ed
content-length
63
content-type
application/x-amz-json-1.1
/
cognito-identity.us-east-1.amazonaws.com/
0
0
Preflight
General
Full URL
https://cognito-identity.us-east-1.amazonaws.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:41d6:7402:f2aa:82fe:a0c1:98d8 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Headers
amz-sdk-invocation-id,amz-sdk-request,content-type,x-amz-target,x-amz-user-agent
Access-Control-Request-Method
POST
Origin
https://adadschr.dev.amazonbacklot.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

access-control-allow-headers
amz-sdk-invocation-id,amz-sdk-request,content-type,x-amz-target,x-amz-user-agent
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amzn-ErrorMessage,Date
access-control-max-age
172800
content-length
0
date
Fri, 24 Mar 2023 00:36:03 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-amzn-requestid
5682a5d5-943b-46a0-99fa-8c5ae2a865b9
AmazonEmberDisplay_Rg.ttf
m.media-amazon.com/images/G/01/fonts/
132 KB
60 KB
Font
General
Full URL
https://m.media-amazon.com/images/G/01/fonts/AmazonEmberDisplay_Rg.ttf
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2204:e00:1d:d7f6:39d2:2dc1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash

Request headers

Referer
https://adadschr.dev.amazonbacklot.com/
Origin
https://adadschr.dev.amazonbacklot.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date
Thu, 23 Mar 2023 15:45:55 GMT
content-encoding
br
via
1.1 196da8dbede310a18cd917665afeaa22.cloudfront.net (CloudFront)
age
31808
x-amz-cf-pop
AMS50-C1
edge-cache-tag
x-cache-188,/images/G/01/fonts/AmazonEmberDisplay_Rg
x-nginx-cache-status
HIT
x-cache
Hit from cloudfront
server-timing
provider;desc="cf"
surrogate-key
x-cache-188 /images/G/01/fonts/AmazonEmberDisplay_Rg
last-modified
Tue, 01 Aug 2017 07:32:06 GMT
server
Server
vary
Accept-Encoding
content-type
application/x-font-ttf
access-control-allow-origin
*
cache-control
max-age=86400,public
x-amz-ir-id
56748aab-298e-4e88-98e5-9133ba014358
timing-allow-origin
https://www.amazon.com
x-amz-cf-id
6O4g9n8zO0rlu7KW_EWg6VcuQL4PTYYRBaYvWdlZjX9zTg0DyRXZ1Q==
expires
Thu, 23 Mar 2023 21:31:33 GMT
/
cognito-identity.us-east-1.amazonaws.com/
771 B
1 KB
Fetch
General
Full URL
https://cognito-identity.us-east-1.amazonaws.com/
Requested by
Host: adadschr.dev.amazonbacklot.com
URL: https://adadschr.dev.amazonbacklot.com/public/js/amzn-studios-portal-app-root-config.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:41d6:7402:f2aa:82fe:a0c1:98d8 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
content-type
application/x-amz-json-1.1
amz-sdk-invocation-id
53e9063b-e326-4650-b257-bdc33ee3438b
Referer
amz-sdk-request
attempt=1; max=3
x-amz-target
AWSCognitoIdentityService.GetOpenIdToken
x-amz-user-agent
aws-sdk-js/3.231.0 os/Windows/NT_10.0 lang/js md/browser/Chrome_111.0.5563.110 api/cognito_identity/3.231.0

Response headers

access-control-allow-origin
*
date
Fri, 24 Mar 2023 00:36:03 GMT
strict-transport-security
max-age=31536000; includeSubDomains
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amzn-ErrorMessage,Date
x-amzn-requestid
7d5b6522-e754-429d-8772-596593f66b46
content-length
771
content-type
application/x-amz-json-1.1
/
cognito-identity.us-east-1.amazonaws.com/
0
0
Preflight
General
Full URL
https://cognito-identity.us-east-1.amazonaws.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:41d6:7402:f2aa:82fe:a0c1:98d8 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Headers
amz-sdk-invocation-id,amz-sdk-request,content-type,x-amz-target,x-amz-user-agent
Access-Control-Request-Method
POST
Origin
https://adadschr.dev.amazonbacklot.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

access-control-allow-headers
amz-sdk-invocation-id,amz-sdk-request,content-type,x-amz-target,x-amz-user-agent
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-expose-headers
x-amzn-RequestId,x-amzn-ErrorType,x-amzn-ErrorMessage,Date
access-control-max-age
172800
content-length
0
date
Fri, 24 Mar 2023 00:36:03 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-amzn-requestid
d33321a6-e0d8-4058-bcfb-658d481d2da9
/
sts.us-east-1.amazonaws.com/
0
0

/
sts.us-east-1.amazonaws.com/
0
0
Preflight
General
Full URL
https://sts.us-east-1.amazonaws.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.239.16.72 -, , ASN (),
Reverse DNS
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
amz-sdk-invocation-id,amz-sdk-request,x-amz-user-agent
Access-Control-Request-Method
POST
Origin
https://adadschr.dev.amazonbacklot.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Access-Control-Allow-Headers
amz-sdk-invocation-id,amz-sdk-request,x-amz-user-agent
Access-Control-Allow-Methods
POST
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
x-amzn-RequestId,x-amzn-ErrorType,x-amzn-ErrorMessage,Date
Access-Control-Max-Age
172800
Content-Length
0
Date
Fri, 24 Mar 2023 00:36:03 GMT
x-amzn-RequestId
c689396d-f158-4c2d-bade-c117ee686f93
/
cognito-identity.us-east-1.amazonaws.com/
0
0

/
cognito-identity.us-east-1.amazonaws.com/
0
0

/
cognito-identity.us-east-1.amazonaws.com/
0
0

/
cognito-identity.us-east-1.amazonaws.com/
0
0

application-032f3df1c0e93b21ade1c01bccab57816053e09b3a8d40cff456a84628ab3376.css
midway-auth.amazon.com/assets/
0
0

application-76b1c1becd889c7cbe6709c8ed7740e2e6c1ade986072c8786f5c7eae8353d31.js
midway-auth.amazon.com/assets/
0
0

client-side-metrics-0ddcb29ab8c3c96afb26.js
midway-auth.amazon.com/packs/js/
0
0

login-aa32185be48fcb19ba1e262bd763b2f42b75778784446caebdb82b8c6208aa73.js
midway-auth.amazon.com/assets/
0
0

yubikey-with-lock-5555a15fa7c43bd7778dbabf1c87ccd5b8cfcca373bc6d355648a054d3628d50.png
midway-auth.amazon.com/assets/
0
0

ajax-spinner-8ca9fe045cf585735bce86ab8ca873f396696ca879d783db9918d4c83a41e208.gif
midway-auth.amazon.com/assets/
0
0

warning-icon-e50eece4de2050077708614013680c4d934561e8625efe04024162e13b598c94.png
midway-auth.amazon.com/assets/
0
0

amazon-logo-cabbd5a0efd8cbe9bbce9472937b612b286632bd561cef6462b3ed638295b80e.png
midway-auth.amazon.com/assets/
0
0

old-ui-a51f7b491b2ff385cd8f.js
midway-auth.amazon.com/packs/js/
0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
sts.us-east-1.amazonaws.com
URL
https://sts.us-east-1.amazonaws.com/
Domain
cognito-identity.us-east-1.amazonaws.com
URL
https://cognito-identity.us-east-1.amazonaws.com/
Domain
cognito-identity.us-east-1.amazonaws.com
URL
https://cognito-identity.us-east-1.amazonaws.com/
Domain
cognito-identity.us-east-1.amazonaws.com
URL
https://cognito-identity.us-east-1.amazonaws.com/
Domain
cognito-identity.us-east-1.amazonaws.com
URL
https://cognito-identity.us-east-1.amazonaws.com/
Domain
midway-auth.amazon.com
URL
https://midway-auth.amazon.com/assets/application-032f3df1c0e93b21ade1c01bccab57816053e09b3a8d40cff456a84628ab3376.css
Domain
midway-auth.amazon.com
URL
https://midway-auth.amazon.com/assets/application-76b1c1becd889c7cbe6709c8ed7740e2e6c1ade986072c8786f5c7eae8353d31.js
Domain
midway-auth.amazon.com
URL
https://midway-auth.amazon.com/packs/js/client-side-metrics-0ddcb29ab8c3c96afb26.js
Domain
midway-auth.amazon.com
URL
https://midway-auth.amazon.com/assets/login-aa32185be48fcb19ba1e262bd763b2f42b75778784446caebdb82b8c6208aa73.js
Domain
midway-auth.amazon.com
URL
https://midway-auth.amazon.com/assets/yubikey-with-lock-5555a15fa7c43bd7778dbabf1c87ccd5b8cfcca373bc6d355648a054d3628d50.png
Domain
midway-auth.amazon.com
URL
https://midway-auth.amazon.com/assets/ajax-spinner-8ca9fe045cf585735bce86ab8ca873f396696ca879d783db9918d4c83a41e208.gif
Domain
midway-auth.amazon.com
URL
https://midway-auth.amazon.com/assets/warning-icon-e50eece4de2050077708614013680c4d934561e8625efe04024162e13b598c94.png
Domain
midway-auth.amazon.com
URL
https://midway-auth.amazon.com/assets/amazon-logo-cabbd5a0efd8cbe9bbce9472937b612b286632bd561cef6462b3ed638295b80e.png
Domain
midway-auth.amazon.com
URL
https://midway-auth.amazon.com/packs/js/old-ui-a51f7b491b2ff385cd8f.js

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless

2 Cookies

Domain/Path Name / Value
.adadschr.dev.amazonbacklot.com/ Name: cwr_u
Value: 5594d116-9160-4764-b2a0-35f05ec9ddda
.adadschr.dev.amazonbacklot.com/ Name: cwr_s
Value: eyJzZXNzaW9uSWQiOiI1YzVmYzdmYi0wZTU0LTRlNmMtODEyNy1kZWY1YzkxNDk5NDciLCJyZWNvcmQiOnRydWUsImV2ZW50Q291bnQiOjMsInBhZ2UiOnsicGFnZUlkIjoiLyIsImludGVyYWN0aW9uIjowLCJzdGFydCI6MTY3OTYxODE2MzIzM319

1 Console Messages

Source Level URL
Text
security error URL: https://adadschr.dev.amazonbacklot.com/
Message:
The Content-Security-Policy directive 'font-src' contains 'img-src' as a source expression. Did you want to add it as a directive and forget a semicolon?

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src https: 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.amazonbacklot.com https://*.studios.a2z.com https://cdn.pendo.io https://pendo-io-static.storage.googleapis.com http://localhost:8081; style-src 'unsafe-inline' https://*.amazonbacklot.com https://*.studios.a2z.com; font-src https://m.media-amazon.com img-src https://*.amazon.com https://data.pendo.io https://*.amazonbacklot.com https://*.studios.a2z.com; connect-src https://data.pendo.io https://*.amazoncognito.com https://*.amazonbacklot.com https://*.studios.a2z.com https://dataplane.rum.us-east-1.amazonaws.com https://cognito-identity.us-east-1.amazonaws.com https://cognito-idp.us-east-1.amazonaws.com https://*.amazonaws.com https://sts.us-east-1.amazonaws.com; report-uri https://api.adadschr.dev.amazonbacklot.com/api/csp-reporting
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block