urlscan.io logo urlscan.io
SecurityTrails logo

staging.sundayapp.xyz Open in urlscan Pro
34.160.50.210  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://auth.staging.sundayapp.xyz/
Effective URL: https://staging.sundayapp.xyz/
Submission: On July 03 via automatic, source certstream-suspicious — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 1 countries across 2 domains to perform 16 HTTP transactions. The main IP is 34.160.50.210, located in Kansas City, United States and belongs to GOOGLE-CLOUD-PLATFORM, US. The main domain is staging.sundayapp.xyz.
TLS certificate: Issued by R3 on May 27th 2024. Valid for: 3 months.
This is the only time staging.sundayapp.xyz was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 2606:4700::68... 13335 (CLOUDFLAR...)
8 34.160.50.210 396982 (GOOGLE-CL...)
5 151.101.130.132 54113 (FASTLY)
2 34.212.43.9 16509 (AMAZON-02)
16 4
Apex Domain
Subdomains		 Transfer
9 sundayapp.xyz
auth.staging.sundayapp.xyz
staging.sundayapp.xyz
950 KB
7 amplitude.com
api.lab.amplitude.com — Cisco Umbrella Rank: 4993
api2.amplitude.com — Cisco Umbrella Rank: 1432
3 KB
16 2
Domain Requested by
8 staging.sundayapp.xyz staging.sundayapp.xyz
5 api.lab.amplitude.com staging.sundayapp.xyz
2 api2.amplitude.com staging.sundayapp.xyz
1 auth.staging.sundayapp.xyz 1 redirects
16 4

This site contains links to these domains. Also see Links.

Domain
sundayapp.com
Subject Issuer Validity Valid
staging.sundayapp.xyz
R3		 2024-05-27 -
2024-08-25		 3 months crt.sh
*.lab.amplitude.com
GlobalSign Atlas R3 DV TLS CA 2023 Q4		 2023-11-29 -
2024-12-30		 a year crt.sh
*.amplitude.com
COMODO RSA Domain Validation Secure Server CA		 2024-01-31 -
2025-03-02		 a year crt.sh

This page contains 1 frames:

Primary Page: https://staging.sundayapp.xyz/
Frame ID: B3DA34FBF80EB9209B038C8A78D48539
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

sunday - pay faster

Page URL History Show full URLs

  1. https://auth.staging.sundayapp.xyz/ HTTP 302
    https://staging.sundayapp.xyz/ Page URL

Page Statistics

16
Requests

94 %
HTTPS

25 %
IPv6

2
Domains

4
Subdomains

4
IPs

1
Countries

953 kB
Transfer

3174 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://auth.staging.sundayapp.xyz/ HTTP 302
    https://staging.sundayapp.xyz/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
staging.sundayapp.xyz/
Redirect Chain
  • https://auth.staging.sundayapp.xyz/
  • https://staging.sundayapp.xyz/
29 KB
9 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://staging.sundayapp.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.160.50.210 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
210.50.160.34.bc.googleusercontent.com
Software
/
Resource Hash
63fc21cfdbeef9bf5e0f7079da3d879a66fd08944c208766372ff8f9286f0133

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
br
content-type
text/html
date
Wed, 03 Jul 2024 21:22:34 GMT
last-modified
Wed, 03 Jul 2024 15:21:04 GMT
vary
Accept-Encoding
via
1.1 google
x-rtt
39

Redirect headers

alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=60
cf-cache-status
DYNAMIC
cf-ray
89d9ee828ed19975-FRA
content-type
text/html; charset=utf-8
date
Wed, 03 Jul 2024 21:22:34 GMT
location
https://staging.sundayapp.xyz/
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept, Accept-Encoding
x-auth0-requestid
41972b3e657327335b4e
x-content-type-options
nosniff
config.js
staging.sundayapp.xyz/config/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://staging.sundayapp.xyz/config/config.js
Requested by
Host: staging.sundayapp.xyz
URL: https://staging.sundayapp.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.160.50.210 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
210.50.160.34.bc.googleusercontent.com
Software
/
Resource Hash
ad6f0578e7136277b0debc6d60d83b40400ae2d096bb5f678ea0777009ec7a08

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://staging.sundayapp.xyz/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Jul 2024 21:22:34 GMT
content-encoding
br
via
1.1 google
last-modified
Wed, 03 Jul 2024 15:34:29 GMT
vary
Accept-Encoding
content-type
application/javascript
x-rtt
41
cache-control
no-cache, no-store, max-age=0, must-revalidate
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
index-Dt8z5iRA.js
staging.sundayapp.xyz/assets/ 		579 KB
147 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://staging.sundayapp.xyz/assets/index-Dt8z5iRA.js
Requested by
Host: staging.sundayapp.xyz
URL: https://staging.sundayapp.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.160.50.210 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
210.50.160.34.bc.googleusercontent.com
Software
/
Resource Hash
a17c8f3e5b2930b472d9b1d6255dcb6fca2779b45dd67a73a1667db56cc30124

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://staging.sundayapp.xyz/
Origin
https://staging.sundayapp.xyz
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Jul 2024 21:22:34 GMT
content-encoding
br
via
1.1 google
last-modified
Wed, 03 Jul 2024 15:21:04 GMT
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
https://staging.sundayapp.xyz
x-rtt
41
cache-control
max-age=31536000
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Thu, 03 Jul 2025 21:22:34 GMT
vendor-1I4vcGL9.js
staging.sundayapp.xyz/assets/ 		2 MB
697 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://staging.sundayapp.xyz/assets/vendor-1I4vcGL9.js
Requested by
Host: staging.sundayapp.xyz
URL: https://staging.sundayapp.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.160.50.210 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
210.50.160.34.bc.googleusercontent.com
Software
/
Resource Hash
08ea9b727bcc3daeeda1b00535baf91f6589361f3eca0703dca578dce266580e

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://staging.sundayapp.xyz/
Origin
https://staging.sundayapp.xyz
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Jul 2024 21:22:34 GMT
content-encoding
br
via
1.1 google
last-modified
Wed, 03 Jul 2024 15:21:04 GMT
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
https://staging.sundayapp.xyz
x-rtt
41
cache-control
max-age=31536000
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Thu, 03 Jul 2025 21:22:34 GMT
index-DRnYVNrg.css
staging.sundayapp.xyz/assets/ 		27 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://staging.sundayapp.xyz/assets/index-DRnYVNrg.css
Requested by
Host: staging.sundayapp.xyz
URL: https://staging.sundayapp.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.160.50.210 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
210.50.160.34.bc.googleusercontent.com
Software
/
Resource Hash
27a4862f815587e0f152203c58ea2286460505def106cdb83eea32ed3ca19c90

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://staging.sundayapp.xyz/
Origin
https://staging.sundayapp.xyz
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Jul 2024 21:22:34 GMT
content-encoding
br
via
1.1 google
last-modified
Wed, 03 Jul 2024 15:21:04 GMT
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
https://staging.sundayapp.xyz
x-rtt
41
cache-control
max-age=31536000
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Thu, 03 Jul 2025 21:22:34 GMT
vardata
api.lab.amplitude.com/sdk/v2/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.lab.amplitude.com/sdk/v2/vardata?v=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.130.132 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,x-amp-exp-user
Access-Control-Request-Method
GET
Origin
https://staging.sundayapp.xyz
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-credentials
true
access-control-allow-headers
authorization,x-amp-exp-user
access-control-allow-methods
GET,POST,HEAD
access-control-allow-origin
https://staging.sundayapp.xyz
access-control-max-age
1800
age
2354
cache-control
no-store
content-length
0
date
Wed, 03 Jul 2024 21:22:35 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
Origin,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-amzn-trace-id
Root=1-6685b7e9-2df5368d05457f7d5b771f6b
x-cache
HIT
x-cache-hits
146
x-content-type-options
nosniff
x-served-by
cache-fra-etou8220156-FRA
x-timer
S1720041755.047410,VS0,VE0
vardata
api.lab.amplitude.com/sdk/v2/ 		4 KB
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.lab.amplitude.com/sdk/v2/vardata?v=0
Requested by
Host: staging.sundayapp.xyz
URL: https://staging.sundayapp.xyz/assets/vendor-1I4vcGL9.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.130.132 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
6754395f91056f18c99db8fe9fa14f996abdf00f1404c49a6f425971acb4d69b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
X-Amp-Exp-User
eyJsaWJyYXJ5IjoiZXhwZXJpbWVudC1qcy1jbGllbnQvMS4xMC4yIiwibGFuZ3VhZ2UiOiJlbi1VUyIsInBsYXRmb3JtIjoiV2ViIiwib3MiOiJDaHJvbWUgMTI2IiwiZGV2aWNlX21vZGVsIjoiV2luZG93cyIsImRldmljZV9pZCI6ImY1ZDdkMWY0LWVhOGItNGY5Zi1iOTFjLWU2MWU2MGYzZWE2MiIsInVzZXJfcHJvcGVydGllcyI6e319
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Authorization
Api-Key client-aiaLvwtzNwe2VBH6ROfqXbaixpPAV8oZ
Referer
https://staging.sundayapp.xyz/
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Jul 2024 21:22:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
0
x-cache
MISS
cache-tag
client-aiaLvwtzNwe2VBH6ROfqXbaixpPAV8oZ
content-length
950
x-served-by
cache-fra-etou8220156-FRA
x-timer
S1720041755.087519,VS0,VE199
x-amzn-trace-id
Root=1-6685c11b-246b27b9573dcd311b3dda10
vary
Origin, Origin
content-type
application/json;charset=utf-8
access-control-allow-origin
https://staging.sundayapp.xyz
cache-control
no-store
access-control-allow-credentials
true
accept-ranges
bytes
x-cache-hits
0
vardata
api.lab.amplitude.com/sdk/v2/ 		4 KB
1017 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.lab.amplitude.com/sdk/v2/vardata?v=0
Requested by
Host: staging.sundayapp.xyz
URL: https://staging.sundayapp.xyz/assets/vendor-1I4vcGL9.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.130.132 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
6754395f91056f18c99db8fe9fa14f996abdf00f1404c49a6f425971acb4d69b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
X-Amp-Exp-User
eyJsaWJyYXJ5IjoiZXhwZXJpbWVudC1qcy1jbGllbnQvMS4xMC4yIiwibGFuZ3VhZ2UiOiJlbi1VUyIsInBsYXRmb3JtIjoiV2ViIiwib3MiOiJDaHJvbWUgMTI2IiwiZGV2aWNlX21vZGVsIjoiV2luZG93cyIsImRldmljZV9pZCI6ImY1ZDdkMWY0LWVhOGItNGY5Zi1iOTFjLWU2MWU2MGYzZWE2MiIsInVzZXJfcHJvcGVydGllcyI6e319
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Authorization
Api-Key client-aiaLvwtzNwe2VBH6ROfqXbaixpPAV8oZ
Referer
https://staging.sundayapp.xyz/
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Jul 2024 21:22:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
0
x-cache
HIT
cache-tag
client-aiaLvwtzNwe2VBH6ROfqXbaixpPAV8oZ
content-length
950
x-served-by
cache-fra-etou8220156-FRA
x-timer
S1720041755.326233,VS0,VE1
x-amzn-trace-id
Root=1-6685c11b-246b27b9573dcd311b3dda10
vary
Origin, Origin
content-type
application/json;charset=utf-8
access-control-allow-origin
https://staging.sundayapp.xyz
cache-control
no-store
access-control-allow-credentials
true
accept-ranges
bytes
x-cache-hits
1
vardata
api.lab.amplitude.com/sdk/v2/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.lab.amplitude.com/sdk/v2/vardata?v=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.130.132 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,x-amp-exp-user
Access-Control-Request-Method
GET
Origin
https://staging.sundayapp.xyz
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-credentials
true
access-control-allow-headers
authorization,x-amp-exp-user
access-control-allow-methods
GET,POST,HEAD
access-control-allow-origin
https://staging.sundayapp.xyz
access-control-max-age
1800
age
2354
cache-control
no-store
content-length
0
date
Wed, 03 Jul 2024 21:22:35 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
Origin,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-amzn-trace-id
Root=1-6685b7e9-2df5368d05457f7d5b771f6b
x-cache
HIT
x-cache-hits
147
x-content-type-options
nosniff
x-served-by
cache-fra-etou8220156-FRA
x-timer
S1720041755.047563,VS0,VE0
en_US-BxW2b0UZ.js
staging.sundayapp.xyz/assets/ 		71 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://staging.sundayapp.xyz/assets/en_US-BxW2b0UZ.js
Requested by
Host: staging.sundayapp.xyz
URL: https://staging.sundayapp.xyz/assets/index-Dt8z5iRA.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.160.50.210 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
210.50.160.34.bc.googleusercontent.com
Software
/
Resource Hash
752e9c232b65e5c2c68a72b899d1acde9e432a8d7e3e51d70edc85b0f5047656

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://staging.sundayapp.xyz/assets/index-Dt8z5iRA.js
Origin
https://staging.sundayapp.xyz
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Jul 2024 21:22:35 GMT
content-encoding
br
via
1.1 google
last-modified
Wed, 03 Jul 2024 15:21:04 GMT
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
https://staging.sundayapp.xyz
x-rtt
75
cache-control
max-age=31536000
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Thu, 03 Jul 2025 21:22:35 GMT
favicon.png
staging.sundayapp.xyz/ 		4 KB
4 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://staging.sundayapp.xyz/favicon.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.160.50.210 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
210.50.160.34.bc.googleusercontent.com
Software
/
Resource Hash
48b2078a991154e618cbed828168a0c54333cf0e279681f962f6bf4dad1b8283

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://staging.sundayapp.xyz/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Jul 2024 15:09:42 GMT
via
1.1 google
last-modified
Tue, 02 Jul 2024 12:38:30 GMT
age
108773
content-type
image/png
x-rtt
75
cache-control
max-age=31536000
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
3677
expires
Wed, 02 Jul 2025 15:09:42 GMT
home-page-image.png
staging.sundayapp.xyz/images/ 		66 KB
66 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://staging.sundayapp.xyz/images/home-page-image.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.160.50.210 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
210.50.160.34.bc.googleusercontent.com
Software
/
Resource Hash
360f9425dfa218adc3f0f8c0825cd1965f7697cb0c0f4c4e0586c09efc1562c8

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://staging.sundayapp.xyz/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Jul 2024 21:22:35 GMT
via
1.1 google
last-modified
Wed, 03 Jul 2024 15:21:00 GMT
content-type
image/png
x-rtt
46
cache-control
max-age=31536000
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
67708
expires
Thu, 03 Jul 2025 21:22:35 GMT
b8c8001e-a4fb-4679-820d-d741dfa4004f
https://staging.sundayapp.xyz/ 		2 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://staging.sundayapp.xyz/b8c8001e-a4fb-4679-820d-d741dfa4004f
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
58763412c3a28933886d961ee282e33be311ebb239509e94b7de687316937d5d

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Length
2235
Content-Type
application/javascript
vardata
api.lab.amplitude.com/sdk/v2/ 		4 KB
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.lab.amplitude.com/sdk/v2/vardata?v=0
Requested by
Host: staging.sundayapp.xyz
URL: https://staging.sundayapp.xyz/assets/vendor-1I4vcGL9.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.130.132 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
6754395f91056f18c99db8fe9fa14f996abdf00f1404c49a6f425971acb4d69b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
X-Amp-Exp-User
eyJsaWJyYXJ5IjoiZXhwZXJpbWVudC1qcy1jbGllbnQvMS4xMC4yIiwibGFuZ3VhZ2UiOiJlbi1VUyIsInBsYXRmb3JtIjoiV2ViIiwib3MiOiJDaHJvbWUgMTI2IiwiZGV2aWNlX21vZGVsIjoiV2luZG93cyIsImRldmljZV9pZCI6ImY1ZDdkMWY0LWVhOGItNGY5Zi1iOTFjLWU2MWU2MGYzZWE2MiIsInVzZXJfcHJvcGVydGllcyI6eyJzY3JlZW5XaWR0aCI6MTYwMCwic2NyZWVuSGVpZ2h0IjoxMjAwfX0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Authorization
Api-Key client-aiaLvwtzNwe2VBH6ROfqXbaixpPAV8oZ
Referer
https://staging.sundayapp.xyz/
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Jul 2024 21:22:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
0
x-cache
MISS
cache-tag
client-aiaLvwtzNwe2VBH6ROfqXbaixpPAV8oZ
content-length
950
x-served-by
cache-fra-etou8220156-FRA
x-timer
S1720041755.366512,VS0,VE173
x-amzn-trace-id
Root=1-6685c11b-081945b32a3a3e254c3fdf25
vary
Origin, Origin
content-type
application/json;charset=utf-8
access-control-allow-origin
https://staging.sundayapp.xyz
cache-control
no-store
access-control-allow-credentials
true
accept-ranges
bytes
x-cache-hits
0
httpapi
api2.amplitude.com/2/ 		94 B
308 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api2.amplitude.com/2/httpapi
Requested by
Host: staging.sundayapp.xyz
URL: https://staging.sundayapp.xyz/assets/vendor-1I4vcGL9.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.212.43.9 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-212-43-9.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
002e16537acba4f99d857b21c2c7c3ad20ab77aee339a4bfdc6645e625b50ae6
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
application/json
Accept
*/*
Referer
https://staging.sundayapp.xyz/
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Jul 2024 21:22:36 GMT
strict-transport-security
max-age=15768000
access-control-max-age
86400
access-control-allow-methods
GET, POST
content-type
application/json
access-control-allow-origin
*
trace-id
Root=1-6685c11c-0d728b796611a7c17296bfaf
content-length
94
httpapi
api2.amplitude.com/2/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api2.amplitude.com/2/httpapi
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.212.43.9 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-212-43-9.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://staging.sundayapp.xyz
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
content-type
access-control-allow-methods
GET, POST
access-control-allow-origin
*
access-control-max-age
86400
content-length
0
date
Wed, 03 Jul 2024 21:22:36 GMT
strict-transport-security
max-age=15768000

Verdicts & Comments Add Verdict or Comment

29 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

undefined| event object| fence object| sharedStorage object| sundayEnv function| fallbackCopyTextToClipboard function| copyTextToClipboard function| getNowUtc number| loadStart object| scanId object| ssid object| pwd object| brandColor object| accentColor object| logo object| brandLogo object| logoToken string| url function| sendEvent function| clearImmediate function| setImmediate object| DD_LOGS string| __reactRouterVersion object| __REACT_INTL_CONTEXT__ object| DD_RUM object| analyticsConnectorInstances number| coldStartIsAt number| coldStartTime boolean| networkWasSlowOnAppStartup boolean| slowNetwork

4 Cookies

Domain/Path Name / Value
.auth.staging.sundayapp.xyz/ Name: __cf_bm
Value: AAAPnX4XC2rvdeeBN.Ya3GW0aJuBfRioAClA1yzOZsQ-1720041754-1.0.1.1-1Fc.mzICnqkcqVcxgV.LLxiRv5Q9YKv3JccLUU3irEhocJZ9GoxHAwcLc1YKQXLa
.sundayapp.xyz/ Name: AMP_MKTG_5b437ab11d
Value: JTdCJTdE
.sundayapp.xyz/ Name: AMP_5b437ab11d
Value: JTdCJTIyZGV2aWNlSWQlMjIlM0ElMjJmNWQ3ZDFmNC1lYThiLTRmOWYtYjkxYy1lNjFlNjBmM2VhNjIlMjIlMkMlMjJzZXNzaW9uSWQlMjIlM0ExNzIwMDQxNzU0OTIxJTJDJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJsYXN0RXZlbnRUaW1lJTIyJTNBMTcyMDA0MTc1NTE0NCUyQyUyMmxhc3RFdmVudElkJTIyJTNBMiUyQyUyMnBhZ2VDb3VudGVyJTIyJTNBMCU3RA==
staging.sundayapp.xyz/ Name: _dd_s
Value: logs=1&id=1e9f1023-2e1a-43a6-a198-6caaad3581be&created=1720041754902&expire=1720042654902