application.staging.bbva.poweredbydivido.com Open in urlscan Pro
2600:9000:2156:cc00:18:5b66:ef80:93a1  Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response application.staging.bbva.poweredbydivido.com/	709 B 1017 B	125ms 61ms	Document text/html	2600:9000:2156:cc00:18:5b66:ef80:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://application.staging.bbva.poweredbydivido.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:cc00:18:5b66:ef80:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash aef38088cea6f7b3f0ce93ed23298be69bf12957f8aafb7860e0ce7cc900c3b0 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers content-length 709 content-type text/html date Thu, 13 Oct 2022 23:10:04 GMT etag "36249c0c2145e40568b5c587ff29c438" last-modified Thu, 14 Jan 2021 10:36:14 GMT server AmazonS3 via 1.1 cdb2dba3874dd4d7b53213b8c63a0996.cloudfront.net (CloudFront) x-amz-cf-id ByjQOPV_MwfK0FsXJ_vzcX1SIiriyuNBRVcEYv3R0D2H2_LRq7yETQ== x-amz-cf-pop FRA50-C1 x-cache RefreshHit from cloudfront
GET H2	200	css fonts.googleapis.com/	13 KB 1 KB	60ms 26ms	Stylesheet text/css	2a00:1450:4001:82a::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Source+Sans+Pro:200,300,400,600,700,400italic Requested by Host: application.staging.bbva.poweredbydivido.com URL: https://application.staging.bbva.poweredbydivido.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash e88cb4d6c0228edb36d73a1dd660098e4454460ed6e34edee06a164550008255 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://application.staging.bbva.poweredbydivido.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers strict-transport-security max-age=31536000 date Thu, 13 Oct 2022 23:10:03 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" x-xss-protection 0 last-modified Thu, 13 Oct 2022 23:10:03 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Thu, 13 Oct 2022 23:10:03 GMT
GET H2	200	app.css application.staging.bbva.poweredbydivido.com/css/	117 KB 117 KB	110ms 109ms	Stylesheet text/css	2600:9000:2156:cc00:18:5b66:ef80:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://application.staging.bbva.poweredbydivido.com/css/app.css Requested by Host: application.staging.bbva.poweredbydivido.com URL: https://application.staging.bbva.poweredbydivido.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:cc00:18:5b66:ef80:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 3346ecfcfa957a167c47c70b352e292dc8a13b9f0719f33673b6d4f8db911277 Request headers accept-language de-DE,de;q=0.9 Referer https://application.staging.bbva.poweredbydivido.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Thu, 13 Oct 2022 23:10:04 GMT via 1.1 cdb2dba3874dd4d7b53213b8c63a0996.cloudfront.net (CloudFront) last-modified Thu, 14 Jan 2021 10:36:14 GMT server AmazonS3 x-amz-cf-pop FRA50-C1 etag "7119493d8bc9344964e8094681feebac" x-cache RefreshHit from cloudfront content-type text/css content-length 119579 x-amz-cf-id 0n3PHdoikXf9g4RX-8LJFfvQDu9bRwAfaeXkj4djhJP-DBgF8fELhQ==
GET H2	200	/ Show response js.stripe.com/v3/	368 KB 89 KB	39ms 6ms	Script text/javascript	151.101.0.176 FASTLY
General Check archive.org Show headers Download Go to Full URL https://js.stripe.com/v3/ Requested by Host: application.staging.bbva.poweredbydivido.com URL: https://application.staging.bbva.poweredbydivido.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.0.176 , United States, ASN54113 (FASTLY, US), Reverse DNS Software Fastly / Resource Hash 7f79c30ccc49152046fc3c2d422ad9639af6f6d664cc5349d59c9b5a568061cc Security Headers Name Value Strict-Transport-Security max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://application.staging.bbva.poweredbydivido.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers strict-transport-security max-age=31556926; includeSubDomains; preload content-encoding br x-content-type-options nosniff date Thu, 13 Oct 2022 23:10:03 GMT via 1.1 varnish age 41 x-cache HIT content-length 91008 x-request-id 74c78036-c8a2-416b-9606-f17de400f650 x-served-by cache-fra19129-FRA last-modified Thu, 13 Oct 2022 19:39:56 GMT server Fastly etag "476f6a7543ca9a993d6117a6f789928c" vary Accept-Encoding content-type text/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=60 accept-ranges bytes timing-allow-origin * x-cache-hits 18
GET H2	200	bundle.js Show response application.staging.bbva.poweredbydivido.com/js/	2 MB 2 MB	101ms 101ms	Script application/javascript	2600:9000:2156:cc00:18:5b66:ef80:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://application.staging.bbva.poweredbydivido.com/js/bundle.js Requested by Host: application.staging.bbva.poweredbydivido.com URL: https://application.staging.bbva.poweredbydivido.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:cc00:18:5b66:ef80:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 8560096fc5655ac354dcd8482ce19880d1aeb03b9cc511374d3e26699210a6db Request headers accept-language de-DE,de;q=0.9 Referer https://application.staging.bbva.poweredbydivido.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Thu, 13 Oct 2022 23:10:04 GMT via 1.1 cdb2dba3874dd4d7b53213b8c63a0996.cloudfront.net (CloudFront) last-modified Thu, 14 Jan 2021 10:36:14 GMT server AmazonS3 x-amz-cf-pop FRA50-C1 etag "43d01494124226fcc67137f3974deabd" x-cache RefreshHit from cloudfront content-type application/javascript content-length 2073165 x-amz-cf-id HXep0GAhfeUOB3tRKJnfC4YJIJDfz897uZmQQTcgkrKWgjKMo_42MA==
GET H2	200	logo-white.svg application.staging.bbva.poweredbydivido.com/assets/images/themes/bbva/	3 KB 4 KB	96ms 96ms	Image image/svg+xml	2600:9000:2156:cc00:18:5b66:ef80:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://application.staging.bbva.poweredbydivido.com/assets/images/themes/bbva/logo-white.svg Requested by Host: application.staging.bbva.poweredbydivido.com URL: https://application.staging.bbva.poweredbydivido.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:cc00:18:5b66:ef80:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 62613eafe9f4eca81be82ca4b7e0ef0c00aacc7f90372b69c1036b54df3d4225 Request headers accept-language de-DE,de;q=0.9 Referer https://application.staging.bbva.poweredbydivido.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Thu, 13 Oct 2022 23:10:04 GMT via 1.1 cdb2dba3874dd4d7b53213b8c63a0996.cloudfront.net (CloudFront) last-modified Thu, 14 Jan 2021 10:36:13 GMT server AmazonS3 x-amz-cf-pop FRA50-C1 etag "ec81c04898202d3c50b37bd555466ee9" x-cache RefreshHit from cloudfront content-type image/svg+xml content-length 3287 x-amz-cf-id uczMlLYYLbCWe00SBeLRvA-9hlRhw7wC0J8OoNcZLu8FSdcsp9Up9A==
GET H2	200	bbva.css cdn.divido.com/fonts/BentonSansBBVA/	3 KB 692 B	194ms 151ms	Stylesheet text/css	2600:9000:223c:2a00:e:732c:ed40:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://cdn.divido.com/fonts/BentonSansBBVA/bbva.css Requested by Host: application.staging.bbva.poweredbydivido.com URL: https://application.staging.bbva.poweredbydivido.com/js/bundle.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:223c:2a00:e:732c:ed40:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash afbd89c58181c6de4a604d838cea9e73bde1b13d17e6c0e0dfcff7de098d44a0 Request headers accept-language de-DE,de;q=0.9 Referer https://application.staging.bbva.poweredbydivido.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Thu, 13 Oct 2022 23:10:04 GMT x-amz-version-id null content-encoding br last-modified Tue, 06 Aug 2019 14:02:42 GMT server AmazonS3 via 1.1 11e35514d631a9a9566fd489de935c06.cloudfront.net (CloudFront) x-amz-cf-pop FRA56-P2 etag W/"c2db993f5b0b3595b37a669e0c94f383" vary Accept-Encoding x-cache Miss from cloudfront content-type text/css x-amz-cf-id meT8mVewoN31CezQHlVvmmxFPpKXt27MrB-EI8BsLKb8Wa7pAEX51w==
GET H2	200	m-outer-3437aaddcdf6922d623e172c2d6f9278.html Show response js.stripe.com/v3/ Frame BEB6	200 B 783 B	7ms 7ms	Document text/html	151.101.0.176 FASTLY
General Check archive.org Show headers Download Go to Full URL https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html Requested by Host: js.stripe.com URL: https://js.stripe.com/v3/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.0.176 , United States, ASN54113 (FASTLY, US), Reverse DNS Software Fastly / Resource Hash 35dcc382eb69d00369d708708cdc545f3968b68fa5bbe3e728d11fedd04f93bb Security Headers Name Value Content-Security-Policy base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report Strict-Transport-Security max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://application.staging.bbva.poweredbydivido.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers accept-ranges bytes access-control-allow-origin * age 96935 cache-control max-age=31536000 content-encoding br content-length 122 content-security-policy base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report content-security-policy-report-only base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report content-type text/html; charset=utf-8 date Thu, 13 Oct 2022 23:10:03 GMT etag "3437aaddcdf6922d623e172c2d6f9278" last-modified Wed, 12 Oct 2022 20:13:44 GMT server Fastly strict-transport-security max-age=31556926; includeSubDomains; preload timing-allow-origin * vary Accept-Encoding via 1.1 varnish x-cache HIT x-cache-hits 59123 x-content-type-options nosniff x-request-id 8c66be53-cb3e-43be-a81e-9a15cc305206 x-served-by cache-fra19129-FRA
POST H2	200	csp-report q.stripe.com/ Frame BEB6	0 570 B	529ms 175ms	Other text/plain	54.186.23.98 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://q.stripe.com/csp-report Requested by Host: application.staging.bbva.poweredbydivido.com URL: https://application.staging.bbva.poweredbydivido.com/ Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 54.186.23.98 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ip-54-186-23-98.stripe.com Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://js.stripe.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Content-Type application/csp-report Response headers date Thu, 13 Oct 2022 23:10:04 GMT strict-transport-security max-age=63072000; includeSubDomains; preload x-content-type-options nosniff x-envoy-upstream-service-time 2 content-length 0 pragma no-cache referrer-policy strict-origin-when-cross-origin server nginx cross-origin-opener-policy same-origin access-control-max-age 3600 access-control-allow-methods GET, POST, OPTIONS access-control-allow-origin https://js.stripe.com access-control-expose-headers Server, Range, Content-Type cache-control max-age=0, no-cache, no-store, must-revalidate x-robots-tag none access-control-allow-headers Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token expires 0
POST H2	200	csp-report q.stripe.com/ Frame BEB6	0 570 B	528ms 175ms	Other text/plain	54.186.23.98 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://q.stripe.com/csp-report Requested by Host: application.staging.bbva.poweredbydivido.com URL: https://application.staging.bbva.poweredbydivido.com/ Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 54.186.23.98 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ip-54-186-23-98.stripe.com Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://js.stripe.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Content-Type application/csp-report Response headers date Thu, 13 Oct 2022 23:10:04 GMT strict-transport-security max-age=63072000; includeSubDomains; preload x-content-type-options nosniff x-envoy-upstream-service-time 1 content-length 0 pragma no-cache referrer-policy strict-origin-when-cross-origin server nginx cross-origin-opener-policy same-origin access-control-max-age 3600 access-control-allow-methods GET, POST, OPTIONS access-control-allow-origin https://js.stripe.com access-control-expose-headers Server, Range, Content-Type cache-control max-age=0, no-cache, no-store, must-revalidate x-robots-tag none access-control-allow-headers Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token expires 0
GET H2	200	m-outer-15a2b40a058ddff1cffdb63779fe3de1.js Show response js.stripe.com/v3/fingerprinted/js/ Frame BEB6	526 B 390 B	7ms 6ms	Script text/javascript	151.101.0.176 FASTLY
General Check archive.org Show headers Download Go to Full URL https://js.stripe.com/v3/fingerprinted/js/m-outer-15a2b40a058ddff1cffdb63779fe3de1.js Requested by Host: js.stripe.com URL: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.0.176 , United States, ASN54113 (FASTLY, US), Reverse DNS Software Fastly / Resource Hash ba2338aa6670580269c762f51c4291daef913201aa8f4d4fd166c1a878262652 Security Headers Name Value Strict-Transport-Security max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers strict-transport-security max-age=31556926; includeSubDomains; preload content-encoding br x-content-type-options nosniff date Thu, 13 Oct 2022 23:10:03 GMT via 1.1 varnish age 96934 x-cache HIT content-length 256 x-request-id 7f09cb6c-4f4b-4675-b453-6199a392b6fd x-served-by cache-fra19129-FRA last-modified Wed, 12 Oct 2022 20:13:43 GMT server Fastly etag "d96c709017743c0759cf3853d1806ba5" vary Accept-Encoding content-type text/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=31536000 accept-ranges bytes timing-allow-origin * x-cache-hits 56068
GET H2	200	inner.html Show response m.stripe.network/ Frame 6B22	930 B 1 KB	27ms 7ms	Document text/html	151.101.0.176 FASTLY
General Check archive.org Show headers Download Go to Full URL https://m.stripe.network/inner.html Requested by Host: js.stripe.com URL: https://js.stripe.com/v3/fingerprinted/js/m-outer-15a2b40a058ddff1cffdb63779fe3de1.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.0.176 , United States, ASN54113 (FASTLY, US), Reverse DNS Software Fastly / Resource Hash a5f27af9c0c6f37979ebafcac22eb3a613841a3d4e728f4577baf94e64d42f35 Security Headers Name Value Content-Security-Policy base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-e/Jqu4k9Gk1ZCWO6StAsfhF3i7qgIwfuitaD1g9DyvE='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report Strict-Transport-Security max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://js.stripe.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers accept-ranges bytes age 201 cache-control max-age=300, public content-encoding gzip content-length 527 content-security-policy base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-e/Jqu4k9Gk1ZCWO6StAsfhF3i7qgIwfuitaD1g9DyvE='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report content-type text/html; charset=utf-8 date Thu, 13 Oct 2022 23:10:03 GMT server Fastly strict-transport-security max-age=31556926; includeSubDomains; preload vary Accept-Encoding, Origin via 1.1 varnish x-cache HIT x-cache-hits 90 x-content-type-options nosniff x-request-id 4582c2c8-13a0-4de6-9f4b-7289b1e4166a x-served-by cache-fra19129-FRA x-timer S1665702604.840566,VS0,VE0
POST H2	200	csp-report q.stripe.com/ Frame 6B22	0 345 B	486ms 174ms	Other text/plain	54.186.23.98 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://q.stripe.com/csp-report Requested by Host: application.staging.bbva.poweredbydivido.com URL: https://application.staging.bbva.poweredbydivido.com/ Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 54.186.23.98 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ip-54-186-23-98.stripe.com Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload, max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://m.stripe.network/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Content-Type application/csp-report Response headers pragma no-cache date Thu, 13 Oct 2022 23:10:04 GMT strict-transport-security max-age=63072000; includeSubDomains; preload, max-age=31556926; includeSubDomains; preload referrer-policy strict-origin-when-cross-origin x-content-type-options nosniff server nginx cross-origin-opener-policy same-origin cache-control max-age=0, no-cache, no-store, must-revalidate x-envoy-upstream-service-time 1 x-robots-tag none content-length 0 expires 0
GET H2	200	out-4.5.42.js Show response m.stripe.network/ Frame 6B22	86 KB 16 KB	33ms 32ms	Script text/javascript	151.101.0.176 FASTLY
General Check archive.org Show headers Download Go to Full URL https://m.stripe.network/out-4.5.42.js Requested by Host: m.stripe.network URL: https://m.stripe.network/inner.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.0.176 , United States, ASN54113 (FASTLY, US), Reverse DNS Software Fastly / Resource Hash f445ee14f2454d974293d28677213ae002e9ac17721fc04b2fdeb037e083b083 Security Headers Name Value Strict-Transport-Security max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://m.stripe.network/inner.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers strict-transport-security max-age=31556926; includeSubDomains; preload date Thu, 13 Oct 2022 23:10:03 GMT x-content-type-options nosniff content-encoding gzip via 1.1 varnish age 10 x-cache HIT content-length 16031 x-request-id 0fd0188f-8a72-421d-b8e3-49015e746e5f x-served-by cache-fra19129-FRA server Fastly x-timer S1665702604.876305,VS0,VE0 vary Accept-Encoding, Origin content-type text/javascript; charset=utf-8 cache-control max-age=300, public accept-ranges bytes x-cache-hits 8
POST H2	200	6 Show response m.stripe.com/ Frame 6B22	156 B 523 B	524ms 173ms	XHR application/json	35.81.202.99 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://m.stripe.com/6 Requested by Host: m.stripe.network URL: https://m.stripe.network/out-4.5.42.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 35.81.202.99 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-35-81-202-99.us-west-2.compute.amazonaws.com Software nginx / Resource Hash e3d4b2928830142a81d33fa118899c51f336af3c2730527b1fcf4776059ddc5f Security Headers Name Value Strict-Transport-Security max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://m.stripe.network/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers date Thu, 13 Oct 2022 23:10:04 GMT strict-transport-security max-age=31556926; includeSubDomains; preload x-content-type-options nosniff server nginx content-type application/json;charset=utf-8 access-control-allow-origin https://m.stripe.network access-control-allow-credentials true access-control-allow-headers Content-Type content-length 156
GET H2	200	BentonSansBBVA-Light.woff2 cdn.divido.com/fonts/BentonSansBBVA/	46 KB 47 KB	187ms 169ms	Font binary/octet-stream	2600:9000:223c:2a00:e:732c:ed40:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://cdn.divido.com/fonts/BentonSansBBVA/BentonSansBBVA-Light.woff2 Requested by Host: cdn.divido.com URL: https://cdn.divido.com/fonts/BentonSansBBVA/bbva.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:223c:2a00:e:732c:ed40:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash fe9478c3062c20141118549db658dc3bab2be67b26677b30ae71c4672e608d3c Request headers Referer https://cdn.divido.com/fonts/BentonSansBBVA/bbva.css Origin https://application.staging.bbva.poweredbydivido.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Thu, 13 Oct 2022 23:10:05 GMT x-amz-version-id null via 1.1 7ed0982309781d390a105a3ead66dbfa.cloudfront.net (CloudFront) last-modified Tue, 06 Aug 2019 14:02:43 GMT server AmazonS3 x-amz-cf-pop FRA56-P2 etag "381d8503fd307606a8d6eba836479d50" access-control-max-age 3000 access-control-allow-methods GET, PUT, POST, DELETE, HEAD content-type binary/octet-stream access-control-allow-origin * x-cache Miss from cloudfront accept-ranges bytes content-length 47212 x-amz-cf-id g14UUdil8ZdOWhDFQ61HnrRgJ_4zzwCchCDsVcMewbxYvqHmRQ18tQ==
GET H2	200	BentonSansBBVA-Book.woff2 cdn.divido.com/fonts/BentonSansBBVA/	51 KB 52 KB	171ms 153ms	Font binary/octet-stream	2600:9000:223c:2a00:e:732c:ed40:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://cdn.divido.com/fonts/BentonSansBBVA/BentonSansBBVA-Book.woff2 Requested by Host: cdn.divido.com URL: https://cdn.divido.com/fonts/BentonSansBBVA/bbva.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:223c:2a00:e:732c:ed40:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 5ad9905e946ca98b15a519996a8f675f31a421ed56a526a4212a8af6b4e79432 Request headers Referer https://cdn.divido.com/fonts/BentonSansBBVA/bbva.css Origin https://application.staging.bbva.poweredbydivido.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Thu, 13 Oct 2022 23:10:05 GMT x-amz-version-id null via 1.1 7ed0982309781d390a105a3ead66dbfa.cloudfront.net (CloudFront) last-modified Tue, 06 Aug 2019 14:02:43 GMT server AmazonS3 x-amz-cf-pop FRA56-P2 etag "e65584acf8afac18b2cd796b5d87a26a" access-control-max-age 3000 access-control-allow-methods GET, PUT, POST, DELETE, HEAD content-type binary/octet-stream access-control-allow-origin * x-cache Miss from cloudfront accept-ranges bytes content-length 52648 x-amz-cf-id Ubgoj2yLa7xY6YTNFqXKNVa4G_03mAWmjoRpMeG8Ve7RSrureuwJlA==

23 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation object| webpackChunkstripe_js_v3 function| Stripe object| core object| __core-js_shared__ object| global object| System function| asap function| Observable function| setImmediate function| clearImmediate object| regeneratorRuntime boolean| _babelPolyfill function| Payment

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			m.stripe.com/	1970-01-20 16:17:42	Name: m Value: 3030624a-85be-4f88-9ec5-64bde452649f73378a
			.application.staging.bbva.poweredbydivido.com/	1970-01-20 15:27:18	Name: __stripe_mid Value: 915b6af1-ef54-46be-9348-c8a9c5b849db00e267
			.application.staging.bbva.poweredbydivido.com/	1970-01-20 06:41:44	Name: __stripe_sid Value: 607dbb6f-a3b2-493e-85e8-db45518bf2cdd7c7b5

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self'".

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

application.staging.bbva.poweredbydivido.com
cdn.divido.com
fonts.googleapis.com
js.stripe.com
m.stripe.com
m.stripe.network
q.stripe.com
151.101.0.176
2600:9000:2156:cc00:18:5b66:ef80:93a1
2600:9000:223c:2a00:e:732c:ed40:93a1
2a00:1450:4001:82a::200a
35.81.202.99
54.186.23.98
3346ecfcfa957a167c47c70b352e292dc8a13b9f0719f33673b6d4f8db911277
35dcc382eb69d00369d708708cdc545f3968b68fa5bbe3e728d11fedd04f93bb
5ad9905e946ca98b15a519996a8f675f31a421ed56a526a4212a8af6b4e79432
62613eafe9f4eca81be82ca4b7e0ef0c00aacc7f90372b69c1036b54df3d4225
7f79c30ccc49152046fc3c2d422ad9639af6f6d664cc5349d59c9b5a568061cc
8560096fc5655ac354dcd8482ce19880d1aeb03b9cc511374d3e26699210a6db
a5f27af9c0c6f37979ebafcac22eb3a613841a3d4e728f4577baf94e64d42f35
aef38088cea6f7b3f0ce93ed23298be69bf12957f8aafb7860e0ce7cc900c3b0
afbd89c58181c6de4a604d838cea9e73bde1b13d17e6c0e0dfcff7de098d44a0
ba2338aa6670580269c762f51c4291daef913201aa8f4d4fd166c1a878262652
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3d4b2928830142a81d33fa118899c51f336af3c2730527b1fcf4776059ddc5f
e88cb4d6c0228edb36d73a1dd660098e4454460ed6e34edee06a164550008255
f445ee14f2454d974293d28677213ae002e9ac17721fc04b2fdeb037e083b083
fe9478c3062c20141118549db658dc3bab2be67b26677b30ae71c4672e608d3c