vapt.staging.akto.io Open in urlscan Pro
3.108.140.120  Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response vapt.staging.akto.io/	10 KB 4 KB	719ms 176ms	Document text/html	3.108.140.120 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://vapt.staging.akto.io/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 3.108.140.120 Mumbai, India, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-108-140-120.ap-south-1.compute.amazonaws.com Software / Resource Hash 7f2bd986bcef7281a1087b7a931d82c5469548fbf0a7c87595c720b270b97e1f Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options deny X-Xss-Protection 1 Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers Cache-Control no-cache, no-store, must-revalidate, pre-check=0, post-check=0 Content-Encoding gzip Content-Language de-DE Content-Length 3378 Content-Type text/html;charset=utf-8 Expires Thu, 01 Jan 1970 00:00:00 GMT Vary Accept-Encoding, User-Agent X-Content-Type-Options nosniff X-Frame-Options deny X-XSS-Protection 1
GET H2	200	jquery.min.js Show response ajax.googleapis.com/ajax/libs/jquery/3.6.3/	88 KB 31 KB	132ms 42ms	Script text/javascript	2a00:1450:4001:82a::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://ajax.googleapis.com/ajax/libs/jquery/3.6.3/jquery.min.js Requested by Host: vapt.staging.akto.io URL: https://vapt.staging.akto.io/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash a6f3f0faea4b3d48e03176341bef0ed3151ffbf226d4c6635f1c6039c0500575 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://vapt.staging.akto.io/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Sat, 20 Apr 2024 22:15:26 GMT content-encoding gzip x-content-type-options nosniff age 481632 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 31191 x-xss-protection 0 last-modified Wed, 11 Jan 2023 19:15:00 GMT server sffe cross-origin-opener-policy same-origin; report-to="hosted-libraries-pushers" vary Accept-Encoding report-to {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]} content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=31536000, stale-while-revalidate=2592000 accept-ranges bytes timing-allow-origin * expires Sun, 20 Apr 2025 22:15:26 GMT
GET H2	200	client:platform.js Show response apis.google.com/js/	55 KB 21 KB	140ms 49ms	Script text/javascript	2a00:1450:4001:82b::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://apis.google.com/js/client:platform.js?onload=start Requested by Host: vapt.staging.akto.io URL: https://vapt.staging.akto.io/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 7505ba9dd807fea792910b048481df25e03a778b0d8d3c2f8f243c59ab82c0d9 Security Headers Name Value Content-Security-Policy require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://vapt.staging.akto.io/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers content-security-policy require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team content-encoding gzip x-content-type-options nosniff date Fri, 26 Apr 2024 12:02:38 GMT cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 21304 x-xss-protection 0 server sffe cross-origin-opener-policy same-origin; report-to="gapi-team" etag "d8f89a5cf9c1f335" vary Accept-Encoding report-to {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]} content-type text/javascript access-control-allow-origin * cache-control private, max-age=1800, stale-while-revalidate=1800 accept-ranges bytes timing-allow-origin * expires Fri, 26 Apr 2024 12:02:38 GMT
GET H3	200	beamer-embed.js Show response app.getbeamer.com/js/	96 KB 22 KB	108ms 54ms	Script application/javascript	172.67.68.36 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://app.getbeamer.com/js/beamer-embed.js Requested by Host: vapt.staging.akto.io URL: https://vapt.staging.akto.io/ Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.68.36 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash f8fd734c4832dc201ba975ace9ee5f3874deddb24f1609c5a9700d410edb0968 Security Headers Name Value Strict-Transport-Security max-age=0 X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://vapt.staging.akto.io/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Fri, 26 Apr 2024 12:02:38 GMT via 1.1 google x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=0 age 12453 cf-polished origSize=98474 content-encoding br alt-svc h3=":443"; ma=86400 cf-bgj minify last-modified Thu, 11 Apr 2024 12:13:29 GMT server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=biKPCDDQrUAIjptLGuu%2B8RiWPsLJqBWW7RlMv%2FiGTJoi2fgljEVs9K2iGZzvFkTcODALKuQRlsn4HDBpMPEQ4kKvu%2F4V9KhzNor%2BM3cgbFVwD4Bit3UxPMNAyK2y%2FQTqFObI"}],"group":"cf-nel","max_age":604800} content-language iw content-type application/javascript;charset=utf-8 cache-control public, max-age=14400 cf-ray 87a66ccf5da2a040-FRA expires Fri, 26 Apr 2024 16:02:38 GMT
GET H2	200	mixpanel-2-latest.min.js Show response cdn.mxpnl.com/libs/	54 KB 19 KB	142ms 40ms	Script text/javascript	2600:1901:0:bc29:: GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://cdn.mxpnl.com/libs/mixpanel-2-latest.min.js Requested by Host: vapt.staging.akto.io URL: https://vapt.staging.akto.io/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:1901:0:bc29:: Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS Software UploadServer / Resource Hash 7c690a6ebb2eef51e8ccc66161b02197c22f388f1fc23c89e0f5c7b70e1eac50 Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://vapt.staging.akto.io/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Fri, 26 Apr 2024 12:01:55 GMT content-encoding gzip age 43 x-guploader-uploadid ABPtcPrkNeYQ2BL9WmyRRWM_tPugtAb4bXTnSX3Q5K9dPv8FolE5zvHmZ1yKpuhAyH7V76J1lSraVRAOnw x-goog-storage-class MULTI_REGIONAL x-goog-metageneration 2 x-goog-stored-content-encoding gzip alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 18490 last-modified Tue, 06 Feb 2024 00:09:36 GMT server UploadServer etag "eb0675a8749ea5d76345796217db928f" vary Accept-Encoding x-goog-generation 1707178176338436 x-goog-hash crc32c=fWmQwA==, md5=6wZ1qHSepddjRXliF9uSjw== access-control-allow-origin * content-type text/javascript cache-control public,max-age=600 x-goog-stored-content-length 18490 accept-ranges bytes expires Fri, 26 Apr 2024 12:11:55 GMT
GET H2	200	main.js Show response d1hvi6xs55woen.cloudfront.net/on_prem/polaris_web/1.37.4/dist/	11 MB 11 MB	716ms 607ms	Script text/javascript	2600:9000:2761:6000:1e:99a7:23c0:21 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://d1hvi6xs55woen.cloudfront.net/on_prem/polaris_web/1.37.4/dist/main.js Requested by Host: vapt.staging.akto.io URL: https://vapt.staging.akto.io/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2761:6000:1e:99a7:23c0:21 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 2a543a11a0d465387c4d946a012fdfd250cf287b410759691667ac994a8cb407 Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://vapt.staging.akto.io/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Fri, 26 Apr 2024 12:02:40 GMT via 1.1 d6f2ecdfd53b40c1776d655bd15fdeb0.cloudfront.net (CloudFront) last-modified Mon, 22 Apr 2024 13:11:11 GMT server AmazonS3 x-amz-cf-pop FRA60-P8 x-amz-server-side-encryption AES256 etag "0b5c8921fbda2fe96ce7b5e66dcc1354-2" vary Accept-Encoding, Origin x-cache RefreshHit from cloudfront content-type text/javascript accept-ranges bytes content-length 12022663 x-amz-cf-id Z6c4WPh3r4S5TbNTv9m0nXPbhu0kEnbj14WrUjQEYwrglhpEhFgmjg==
GET H2	200	cb=gapi.loaded_0 Show response apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.de.Dsoa_Wdo28w.O/m=client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo_vT9SKJEh9EgzMdmSuOtg3sj0vqg/	318 KB 109 KB	55ms 48ms	Script text/javascript	2a00:1450:4001:82b::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.de.Dsoa_Wdo28w.O/m=client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo_vT9SKJEh9EgzMdmSuOtg3sj0vqg/cb=gapi.loaded_0?le=scs Requested by Host: apis.google.com URL: https://apis.google.com/js/client:platform.js?onload=start Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 67a8b91c7b7e19e80feb9b82d946c3eb063d7ef3c3b4f58eb8d60a3dacebaf2d Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://vapt.staging.akto.io/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 24 Apr 2024 11:45:57 GMT content-encoding gzip x-content-type-options nosniff age 173801 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 111053 x-xss-protection 0 last-modified Mon, 15 Apr 2024 18:15:45 GMT server sffe cross-origin-opener-policy same-origin; report-to="social-frontend-mpm-access" vary Accept-Encoding report-to {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]} content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes expires Thu, 24 Apr 2025 11:45:57 GMT
GET H2	200	v3 Show response js.stripe.com/	605 KB 149 KB	153ms 50ms	Script text/javascript	13.32.121.64 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.stripe.com/v3 Requested by Host: d1hvi6xs55woen.cloudfront.net URL: https://d1hvi6xs55woen.cloudfront.net/on_prem/polaris_web/1.37.4/dist/main.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.32.121.64 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-32-121-64.fra60.r.cloudfront.net Software Cloudfront / Resource Hash 4acf00b5c2dc792089bf606c74dc8fd1e29d01a8430fbfc6187c90c6cad1b14e Security Headers Name Value Strict-Transport-Security max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://vapt.staging.akto.io/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Fri, 26 Apr 2024 12:02:40 GMT content-encoding br via 1.1 9336c14434e205e440418213079c6074.cloudfront.net (CloudFront) strict-transport-security max-age=31556926; includeSubDomains; preload x-content-type-options nosniff age 2 x-amz-cf-pop FRA60-P1 x-cache Hit from cloudfront last-modified Thu, 25 Apr 2024 20:46:59 GMT server Cloudfront etag W/"ab703f8a4e4b3f86bcbaa07728267fcd" vary Accept-Encoding content-type text/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=60 timing-allow-origin * x-amz-cf-id 8Kiwl3e9L6YGUP6sYHPIW3QAZ8po-wo7o-ctPXVTocttX0RgOmsJHA==
OPTIONS H2	204	client-sdk-configuration.json edge.api.stigg.io/v1/config/ Frame	0 0	167ms 52ms	Preflight	2600:9000:235a:7400:12:31ef:1b40:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://edge.api.stigg.io/v1/config/client-sdk-configuration.json Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:235a:7400:12:31ef:1b40:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software CloudFront / Resource Hash Request headers Accept */* Access-Control-Request-Headers source,x-api-key Access-Control-Request-Method GET Origin https://vapt.staging.akto.io Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Response headers access-control-allow-headers * access-control-allow-origin * access-control-request-method PUT, GET, OPTIONS, DELETE date Fri, 26 Apr 2024 12:02:40 GMT server CloudFront via 1.1 45e3ccd889272a7e8732f0eda13e87ca.cloudfront.net (CloudFront) x-amz-cf-id 5VVRSj6Ng1JToSKjx-twnL4pfkOAHiPARa9sNUTlhzyDBODQI2f-Iw== x-amz-cf-pop FRA60-P9 x-cache LambdaGeneratedResponse from cloudfront
GET H2	401	client-sdk-configuration.json Show response edge.api.stigg.io/v1/config/	44 B 371 B	52ms 52ms	Fetch application/json	2600:9000:235a:7400:12:31ef:1b40:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://edge.api.stigg.io/v1/config/client-sdk-configuration.json Requested by Host: d1hvi6xs55woen.cloudfront.net URL: https://d1hvi6xs55woen.cloudfront.net/on_prem/polaris_web/1.37.4/dist/main.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:235a:7400:12:31ef:1b40:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software CloudFront / Resource Hash 8de9fac24c7afd109c9d077cfadc01f585f3b0780d4b97287d50b0837ced6afa Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Accept-Language de-DE,de;q=0.9;q=0.9 source JS_CLIENT_SDK sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Referer https://vapt.staging.akto.io/ x-api-key invalid-key sec-ch-ua-platform "Win32" Response headers x-dynamodb-region eu-central-1 date Fri, 26 Apr 2024 12:02:41 GMT via 1.1 45e3ccd889272a7e8732f0eda13e87ca.cloudfront.net (CloudFront) server CloudFront x-amz-cf-pop FRA60-P9 x-cache LambdaGeneratedResponse from cloudfront content-type application/json access-control-allow-origin * x-aws-region eu-central-1 content-length 44 x-amz-cf-id B0odqGBE6FBypJSK65fZwgryWRRcPBhxgLI2dBQz_UBV99xy_LQaNA==
GET BLOB	200 OK	324f3e90-63a9-4392-a9ef-3ca134e89423 https://vapt.staging.akto.io/	10 KB 0		Other text/plain
General Check archive.org Show headers Download Go to Full URL blob:https://vapt.staging.akto.io/324f3e90-63a9-4392-a9ef-3ca134e89423 Requested by Host: vapt.staging.akto.io URL: https://vapt.staging.akto.io/ Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash 2ca3d44191e822500b330ae74a7b981fddc94188da2e683a1e1508fd188d2b1b Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Response headers Content-Length 10285 Content-Type
POST H2	429	/ Show response o4506573945438208.ingest.sentry.io/api/4506574714306560/envelope/	198 B 493 B	170ms 48ms	Fetch application/json	34.120.195.249 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://o4506573945438208.ingest.sentry.io/api/4506574714306560/envelope/?sentry_key=ddf19fb1a875f83cfa3baa1a8efe35d0&sentry_version=7&sentry_client=sentry.javascript.react%2F7.93.0 Requested by Host: d1hvi6xs55woen.cloudfront.net URL: https://d1hvi6xs55woen.cloudfront.net/on_prem/polaris_web/1.37.4/dist/main.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.120.195.249 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 249.195.120.34.bc.googleusercontent.com Software nginx / Resource Hash bac10d17440dcd6f6c6c4e0bd7eca2e1a7eec030ef3b1143d4be3791dcf91263 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" sec-ch-ua-platform "Win32" Referer https://vapt.staging.akto.io/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers date Fri, 26 Apr 2024 12:02:40 GMT content-encoding br via 1.1 google strict-transport-security max-age=31536000; includeSubDomains; preload server nginx vary origin,access-control-request-method,access-control-request-headers content-type application/json access-control-allow-origin * access-control-expose-headers x-sentry-error,x-sentry-rate-limits,retry-after cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-sentry-rate-limits 60:transaction;profile:organization:transaction_usage_exceeded retry-after 60
GET H/1.1	200 OK	productss.png vapt.staging.akto.io/public/	254 KB 254 KB	345ms 345ms	Image image/png	3.108.140.120 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://vapt.staging.akto.io/public/productss.png Requested by Host: vapt.staging.akto.io URL: https://vapt.staging.akto.io/login Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 3.108.140.120 Mumbai, India, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-108-140-120.ap-south-1.compute.amazonaws.com Software / Resource Hash dfc84ab7f0827b139b963a9c109fb0a8853209026f2ed162afb0379b83a14ada Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options deny X-Xss-Protection 1 Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://vapt.staging.akto.io/login Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers X-Content-Type-Options nosniff Last-Modified Mon, 22 Apr 2024 13:02:16 GMT X-Frame-Options deny Content-Type image/png;charset=iso-8859-1 Content-Language de-DE Cache-Control no-cache, no-store, must-revalidate, pre-check=0, post-check=0 Accept-Ranges bytes Content-Length 260053 X-XSS-Protection 1
GET H/1.1	200 OK	akto_name_with_logo.svg vapt.staging.akto.io/public/	6 KB 3 KB	497ms 170ms	Image image/svg+xml	3.108.140.120 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://vapt.staging.akto.io/public/akto_name_with_logo.svg Requested by Host: vapt.staging.akto.io URL: https://vapt.staging.akto.io/login Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 3.108.140.120 Mumbai, India, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-108-140-120.ap-south-1.compute.amazonaws.com Software / Resource Hash 03c5adba47f1319b62ae6c70143fccd6d2efc92970378e264d6e6ca2ba9ab4c8 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options deny X-Xss-Protection 1 Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://vapt.staging.akto.io/login Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Content-Encoding gzip X-Content-Type-Options nosniff Last-Modified Mon, 22 Apr 2024 13:02:16 GMT X-Frame-Options deny Vary Accept-Encoding, User-Agent Content-Type image/svg+xml;charset=iso-8859-1 Content-Language de-DE Cache-Control no-cache, no-store, must-revalidate, pre-check=0, post-check=0 Accept-Ranges bytes Content-Length 2870 X-XSS-Protection 1
GET H2	200	m-outer-3437aaddcdf6922d623e172c2d6f9278.html js.stripe.com/v3/ Frame C841	0 0	120ms 42ms	Document text/html	13.32.121.112 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html Requested by Host: js.stripe.com URL: https://js.stripe.com/v3 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.32.121.112 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-32-121-112.fra60.r.cloudfront.net Software Cloudfront / Resource Hash Security Headers Name Value Content-Security-Policy base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report Strict-Transport-Security max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer https://vapt.staging.akto.io/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers accept-ranges bytes access-control-allow-origin * age 2532 cache-control max-age=31536000 content-length 200 content-security-policy base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report content-security-policy-report-only base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report content-type text/html; charset=utf-8 date Fri, 26 Apr 2024 11:29:25 GMT etag "3437aaddcdf6922d623e172c2d6f9278" last-modified Mon, 22 Apr 2024 20:08:56 GMT server Cloudfront strict-transport-security max-age=31556926; includeSubDomains; preload timing-allow-origin * vary Accept-Encoding via 1.1 36cd2d0f34e25c2dc5099656a60bedac.cloudfront.net (CloudFront) x-amz-cf-id wtVoRKgX4ldYmgivKlbfx8Ve8Ho0qUkFfcEWWUr2MTFfUTg0Ylh8Ow== x-amz-cf-pop FRA60-P1 x-cache Hit from cloudfront x-content-type-options nosniff
GET H/1.1	200 OK	favicon.svg vapt.staging.akto.io/public/	978 B 918 B	171ms 171ms	Other image/svg+xml	3.108.140.120 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://vapt.staging.akto.io/public/favicon.svg Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 3.108.140.120 Mumbai, India, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-108-140-120.ap-south-1.compute.amazonaws.com Software / Resource Hash 5c33b7ae54ccee6c456d6787620e859e2ee0e47f91b0b0930e8517cd9b8219c1 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options deny X-Xss-Protection 1 Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://vapt.staging.akto.io/login Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Content-Encoding gzip X-Content-Type-Options nosniff Last-Modified Mon, 22 Apr 2024 13:02:16 GMT X-Frame-Options deny Vary Accept-Encoding, User-Agent Content-Type image/svg+xml;charset=iso-8859-1 Content-Language de-DE Cache-Control no-cache, no-store, must-revalidate, pre-check=0, post-check=0 Accept-Ranges bytes Content-Length 522 X-XSS-Protection 1

87 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 string| HOTJAR_SITE_ID function| $ function| jQuery object| mixpanel object| SIGNUP_INFO string| AVATAR string| USER_NAME string| USERS object| DASHBOARDS object| ACCOUNTS number| ACTIVE_ACCOUNT string| DASHBOARD_MODE string| CLOUD_TYPE string| IS_SAAS string| ACCESS_TOKEN string| SIGNUP_INVITATION_CODE string| SIGNUP_EMAIL_ID string| ACCOUNT_NAME string| RELEASE_VERSION string| RELEASE_VERSION_GLOBAL string| AKTO_UI_MODE string| GITHUB_CLIENT_ID string| OKTA_AUTH_URL string| AZURE_REQUEST_URL string| JIRA_INTEGRATED string| STIGG_CUSTOMER_ID string| STIGG_CUSTOMER_TOKEN string| STIGG_CLIENT_KEY string| STIGG_IS_OVERAGE object| USAGE_PAUSED object| STIGG_FEATURE_WISE_ALLOWED object| beamer_config object| script object| gapi object| ___jsl string| _BEAMER_DATE string| _BEAMER_BOOSTED_ANNOUNCEMENT_DATE string| _BEAMER_FIRST_VISIT string| _BEAMER_USER_ID string| _BEAMER_SELECTOR_COLOR string| _BEAMER_HEADER_COLOR string| _BEAMER_TEST string| _BEAMER_LAST_UPDATE string| _BEAMER_SOUND_PLAYED string| _BEAMER_LAST_POST_SHOWN string| _BEAMER_LAST_PUSH_PROMPT_INTERACTION string| _BEAMER_FILTER_BY_URL string| _BEAMER_URL string| _BEAMER_URL_BACK string| _BEAMER_PUSH_URL string| _BEAMER_STATIC_URL boolean| _BEAMER_MASSIVE boolean| _BEAMER_IS_OPEN undefined| _BEAMER_PUSH_PROMPT_TYPE undefined| _BEAMER_PUSH_PROMPT_LABEL undefined| _BEAMER_PUSH_PROMPT_ACCEPT undefined| _BEAMER_PUSH_PROMPT_REFUSE undefined| _BEAMER_LOGO_URL boolean| _BEAMER_SHOW_PUSH_PROMPT boolean| _BEAMER_CSS_LOADED object| Beamer object| _F_toggles object| osapi object| gadgets object| iframer object| __gapi_jstiming__ object| shindig function| ToolbarApi object| iframes function| IframeBase function| Iframe function| IframeProxy function| IframeWindow object| googleapis object| webpackChunkpolaris object| regeneratorRuntime function| saveAs function| _ object| FontAwesomeConfig object| ___FONT_AWESOME___ object| __SENTRY__ object| __core-js_shared__ object| MonacoEnvironment object| webpackChunkStripeJSouter function| noop function| Stripe

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			vapt.staging.akto.io/	1969-12-31 23:59:59	Name: JSESSIONID Value: node0f2184g3lxjop1m64wzi2hc6t25.node0

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
recommendation	verbose	URL: https://vapt.staging.akto.io/login Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o
network	error	URL: https://o4506573945438208.ingest.sentry.io/api/4506574714306560/envelope/?sentry_key=ddf19fb1a875f83cfa3baa1a8efe35d0&sentry_version=7&sentry_client=sentry.javascript.react%2F7.93.0 Message: Failed to load resource: the server responded with a status of 429 ()
network	error	URL: https://edge.api.stigg.io/v1/config/client-sdk-configuration.json Message: Failed to load resource: the server responded with a status of 401 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
apis.google.com
app.getbeamer.com
cdn.mxpnl.com
d1hvi6xs55woen.cloudfront.net
edge.api.stigg.io
js.stripe.com
o4506573945438208.ingest.sentry.io
vapt.staging.akto.io
13.32.121.112
13.32.121.64
172.67.68.36
2600:1901:0:bc29::
2600:9000:235a:7400:12:31ef:1b40:93a1
2600:9000:2761:6000:1e:99a7:23c0:21
2a00:1450:4001:82a::200a
2a00:1450:4001:82b::200e
3.108.140.120
34.120.195.249
03c5adba47f1319b62ae6c70143fccd6d2efc92970378e264d6e6ca2ba9ab4c8
2a543a11a0d465387c4d946a012fdfd250cf287b410759691667ac994a8cb407
2ca3d44191e822500b330ae74a7b981fddc94188da2e683a1e1508fd188d2b1b
4acf00b5c2dc792089bf606c74dc8fd1e29d01a8430fbfc6187c90c6cad1b14e
5c33b7ae54ccee6c456d6787620e859e2ee0e47f91b0b0930e8517cd9b8219c1
67a8b91c7b7e19e80feb9b82d946c3eb063d7ef3c3b4f58eb8d60a3dacebaf2d
7505ba9dd807fea792910b048481df25e03a778b0d8d3c2f8f243c59ab82c0d9
7c690a6ebb2eef51e8ccc66161b02197c22f388f1fc23c89e0f5c7b70e1eac50
7f2bd986bcef7281a1087b7a931d82c5469548fbf0a7c87595c720b270b97e1f
8de9fac24c7afd109c9d077cfadc01f585f3b0780d4b97287d50b0837ced6afa
a6f3f0faea4b3d48e03176341bef0ed3151ffbf226d4c6635f1c6039c0500575
bac10d17440dcd6f6c6c4e0bd7eca2e1a7eec030ef3b1143d4be3791dcf91263
dfc84ab7f0827b139b963a9c109fb0a8853209026f2ed162afb0379b83a14ada
f8fd734c4832dc201ba975ace9ee5f3874deddb24f1609c5a9700d410edb0968