urlscan.io logo urlscan.io
SecurityTrails logo

4kin.app Open in urlscan Pro
54.221.251.148  Public Scan

Go To Rescan Add Verdict Report
URL: https://4kin.app/
Submission: On September 22 via api from BE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 1 countries across 3 domains to perform 10 HTTP transactions. The main IP is 54.221.251.148, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is 4kin.app.
TLS certificate: Issued by R11 on August 25th 2024. Valid for: 3 months.
This is the only time 4kin.app was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
7 54.221.251.148 14618 (AMAZON-AES)
1 1 44.212.204.2 14618 (AMAZON-AES)
1 2606:50c0:800... 54113 (FASTLY)
2 34.200.55.140 14618 (AMAZON-AES)
10 3
Apex Domain
Subdomains		 Transfer
7 4kin.app
4kin.app
457 KB
3 getcode.com
js.getcode.com
sdk.getcode.com
135 B
1 github.io
code-payments.github.io
110 KB
10 3
Domain Requested by
7 4kin.app 4kin.app
2 sdk.getcode.com code-payments.github.io
1 code-payments.github.io 4kin.app
1 js.getcode.com 1 redirects
10 4

This site contains no links.

Subject Issuer Validity Valid
4kin.app
R11		 2024-08-25 -
2024-11-23		 3 months crt.sh
getcode.com
Amazon RSA 2048 M03		 2024-03-11 -
2025-04-09		 a year crt.sh

This page contains 3 frames:

Primary Page: https://4kin.app/
Frame ID: 0EE98887EA8F293FBCAF026A02234568
Requests: 8 HTTP requests in this frame

Frame: https://sdk.getcode.com/v1/elements/login-request-button/
Frame ID: 993A53F9AEE6605B457A77F004534A27
Requests: 1 HTTP requests in this frame

Frame: https://sdk.getcode.com/v1/elements/login-request-modal-desktop/
Frame ID: F30F56884923B55AEA0454760D9F12CA
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

4kin - Home

Detected technologies

Overall confidence: 100%
Detected patterns
  • <[^>]+\sdata-v(?:ue)?-

Page Statistics

10
Requests

90 %
HTTPS

25 %
IPv6

3
Domains

4
Subdomains

3
IPs

1
Countries

567 kB
Transfer

920 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 3
  • https://js.getcode.com/v1 HTTP 302
  • https://code-payments.github.io/code-sdk/v1/web.a6ec62e.js

10 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
4kin.app/ 		3 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://4kin.app/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.221.251.148 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-221-251-148.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
4db281ca31313c67aa870c0420824f536a124874d37b592e80863ba2f284fb8a
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://sdk.getcode.com;base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self' https://js.getcode.com https://code-payments.github.io 'unsafe-inline';script-src-attr 'none';style-src 'self' 'unsafe-inline';upgrade-insecure-requests;frame-src 'self' https://sdk.getcode.com;connect-src 'self' https://sdk.getcode.com
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

Connection
keep-alive
Content-Length
3020
Content-Security-Policy
default-src 'self' https://sdk.getcode.com;base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self' https://js.getcode.com https://code-payments.github.io 'unsafe-inline';script-src-attr 'none';style-src 'self' 'unsafe-inline';upgrade-insecure-requests;frame-src 'self' https://sdk.getcode.com;connect-src 'self' https://sdk.getcode.com
Content-Type
text/html; charset=utf-8
Cross-Origin-Opener-Policy
same-origin
Cross-Origin-Resource-Policy
same-origin
Date
Sun, 22 Sep 2024 10:33:54 GMT
Etag
W/"bcc-PPnyQwUxmYSlnP9Ze2W5O03swYs"
Nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
Origin-Agent-Cluster
?1
Referrer-Policy
no-referrer
Report-To
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1727001234&sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6&s=doBhqOghEDVjJxE3uQJlJlCcG7vCwqc4izGeuHmKUGM%3D"}]}
Reporting-Endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1727001234&sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6&s=doBhqOghEDVjJxE3uQJlJlCcG7vCwqc4izGeuHmKUGM%3D
Server
Cowboy
Strict-Transport-Security
max-age=15552000; includeSubDomains
Via
1.1 vegur
X-Content-Type-Options
nosniff
X-Dns-Prefetch-Control
off
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
X-Permitted-Cross-Domain-Policies
none
X-Xss-Protection
0
fonts.css
4kin.app/css/ 		577 B
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://4kin.app/css/fonts.css
Requested by
Host: 4kin.app
URL: https://4kin.app/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.221.251.148 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-221-251-148.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
44578b951ce0738a6945119da7720741a429d6c893072ecd0a1b0fd242476a89
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://sdk.getcode.com;base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self' https://js.getcode.com https://code-payments.github.io 'unsafe-inline';script-src-attr 'none';style-src 'self' 'unsafe-inline';upgrade-insecure-requests;frame-src 'self' https://sdk.getcode.com;connect-src 'self' https://sdk.getcode.com
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Etag
W/"241-191f47837c8"
X-Permitted-Cross-Domain-Policies
none
Report-To
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1727001234&sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6&s=doBhqOghEDVjJxE3uQJlJlCcG7vCwqc4izGeuHmKUGM%3D"}]}
X-Content-Type-Options
nosniff
Date
Sun, 22 Sep 2024 10:33:54 GMT
Last-Modified
Sun, 15 Sep 2024 06:56:45 GMT
Content-Type
text/css; charset=utf-8
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=15552000; includeSubDomains
Reporting-Endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1727001234&sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6&s=doBhqOghEDVjJxE3uQJlJlCcG7vCwqc4izGeuHmKUGM%3D
Content-Security-Policy
default-src 'self' https://sdk.getcode.com;base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self' https://js.getcode.com https://code-payments.github.io 'unsafe-inline';script-src-attr 'none';style-src 'self' 'unsafe-inline';upgrade-insecure-requests;frame-src 'self' https://sdk.getcode.com;connect-src 'self' https://sdk.getcode.com
Nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
X-Dns-Prefetch-Control
off
Cross-Origin-Opener-Policy
same-origin
Cache-Control
public, max-age=0
Connection
keep-alive
Cross-Origin-Resource-Policy
same-origin
Referrer-Policy
no-referrer
X-Download-Options
noopen
Via
1.1 vegur
Accept-Ranges
bytes
Content-Length
577
X-Xss-Protection
0
Origin-Agent-Cluster
?1
Server
Cowboy
index.css
4kin.app/css/ 		2 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://4kin.app/css/index.css
Requested by
Host: 4kin.app
URL: https://4kin.app/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.221.251.148 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-221-251-148.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
d423c48bef2cf708f028600d0937637d0eafabd5f121a2dd3feee9f7434e8264
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://sdk.getcode.com;base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self' https://js.getcode.com https://code-payments.github.io 'unsafe-inline';script-src-attr 'none';style-src 'self' 'unsafe-inline';upgrade-insecure-requests;frame-src 'self' https://sdk.getcode.com;connect-src 'self' https://sdk.getcode.com
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Etag
W/"677-191f47837c8"
X-Permitted-Cross-Domain-Policies
none
Report-To
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1727001234&sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6&s=doBhqOghEDVjJxE3uQJlJlCcG7vCwqc4izGeuHmKUGM%3D"}]}
X-Content-Type-Options
nosniff
Date
Sun, 22 Sep 2024 10:33:55 GMT
Last-Modified
Sun, 15 Sep 2024 06:56:45 GMT
Content-Type
text/css; charset=utf-8
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=15552000; includeSubDomains
Reporting-Endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1727001234&sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6&s=doBhqOghEDVjJxE3uQJlJlCcG7vCwqc4izGeuHmKUGM%3D
Content-Security-Policy
default-src 'self' https://sdk.getcode.com;base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self' https://js.getcode.com https://code-payments.github.io 'unsafe-inline';script-src-attr 'none';style-src 'self' 'unsafe-inline';upgrade-insecure-requests;frame-src 'self' https://sdk.getcode.com;connect-src 'self' https://sdk.getcode.com
Nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
X-Dns-Prefetch-Control
off
Cross-Origin-Opener-Policy
same-origin
Cache-Control
public, max-age=0
Connection
keep-alive
Cross-Origin-Resource-Policy
same-origin
Referrer-Policy
no-referrer
X-Download-Options
noopen
Via
1.1 vegur
Accept-Ranges
bytes
Content-Length
1655
X-Xss-Protection
0
Origin-Agent-Cluster
?1
Server
Cowboy
logo.png
4kin.app/images/ 		36 KB
38 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://4kin.app/images/logo.png
Requested by
Host: 4kin.app
URL: https://4kin.app/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.221.251.148 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-221-251-148.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
f82e05bd749a15a5dae83647a5dbb464da92cd0ecd70adcd6044f95e28d3e4b9
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://sdk.getcode.com;base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self' https://js.getcode.com https://code-payments.github.io 'unsafe-inline';script-src-attr 'none';style-src 'self' 'unsafe-inline';upgrade-insecure-requests;frame-src 'self' https://sdk.getcode.com;connect-src 'self' https://sdk.getcode.com
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Etag
W/"9185-191f47837c8"
X-Permitted-Cross-Domain-Policies
none
Report-To
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1727001235&sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6&s=gkMFAXSH%2BONbYU73%2BpXxrHrIW2ZLZcXeU9cPCKVlcF4%3D"}]}
X-Content-Type-Options
nosniff
Date
Sun, 22 Sep 2024 10:33:55 GMT
Last-Modified
Sun, 15 Sep 2024 06:56:45 GMT
Content-Type
image/png
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=15552000; includeSubDomains
Reporting-Endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1727001235&sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6&s=gkMFAXSH%2BONbYU73%2BpXxrHrIW2ZLZcXeU9cPCKVlcF4%3D
Content-Security-Policy
default-src 'self' https://sdk.getcode.com;base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self' https://js.getcode.com https://code-payments.github.io 'unsafe-inline';script-src-attr 'none';style-src 'self' 'unsafe-inline';upgrade-insecure-requests;frame-src 'self' https://sdk.getcode.com;connect-src 'self' https://sdk.getcode.com
Nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
X-Dns-Prefetch-Control
off
Cross-Origin-Opener-Policy
same-origin
Cache-Control
public, max-age=0
Connection
keep-alive
Cross-Origin-Resource-Policy
same-origin
Referrer-Policy
no-referrer
X-Download-Options
noopen
Via
1.1 vegur
Accept-Ranges
bytes
Content-Length
37253
X-Xss-Protection
0
Origin-Agent-Cluster
?1
Server
Cowboy
web.a6ec62e.js
code-payments.github.io/code-sdk/v1/
Redirect Chain
  • https://js.getcode.com/v1
  • https://code-payments.github.io/code-sdk/v1/web.a6ec62e.js
473 KB
110 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code-payments.github.io/code-sdk/v1/web.a6ec62e.js
Requested by
Host: 4kin.app
URL: https://4kin.app/
Protocol
H2
Server
2606:50c0:8000::153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
GitHub.com /
Resource Hash
a6ec62e15334df62572ab0af26bcc0105c01d03e8b5d08ad1a83b24fdd4ab2ab
Security Headers
Name Value
Strict-Transport-Security max-age=31556952

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

x-fastly-request-id
f592bafe47be89609e91ea629e62a42e74ab5475
content-encoding
gzip
etag
W/"66c4d39d-765bf"
age
0
x-github-request-id
9242:3F3BFB:52DF38:55D432:66EFEF1C
expires
Sun, 22 Sep 2024 10:29:09 GMT
x-proxy-cache
MISS
x-cache
HIT
date
Sun, 22 Sep 2024 10:33:55 GMT
content-type
application/javascript; charset=utf-8
last-modified
Tue, 20 Aug 2024 17:34:21 GMT
x-served-by
cache-fra-eddf8230021-FRA
x-cache-hits
0
vary
Accept-Encoding
strict-transport-security
max-age=31556952
cache-control
max-age=600
x-timer
S1727001235.301507,VS0,VE96
via
1.1 varnish
permissions-policy
interest-cohort=()
accept-ranges
bytes
access-control-allow-origin
*
content-length
112004
server
GitHub.com

Redirect headers

apigw-requestid
egLXCgvYoAMEYrQ=
access-control-allow-origin
*
location
https://code-payments.github.io/code-sdk/v1/web.a6ec62e.js
content-length
0
date
Sun, 22 Sep 2024 10:33:55 GMT
Montserrat-SemiBold.ttf
4kin.app/fonts/montserrat/static/ 		193 KB
195 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://4kin.app/fonts/montserrat/static/Montserrat-SemiBold.ttf
Requested by
Host: 4kin.app
URL: https://4kin.app/css/fonts.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.221.251.148 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-221-251-148.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
e23dc6d21070d45a1840c2b8217fc17ddd8a502a4db652748ec2f40d3603dc2d
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://sdk.getcode.com;base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self' https://js.getcode.com https://code-payments.github.io 'unsafe-inline';script-src-attr 'none';style-src 'self' 'unsafe-inline';upgrade-insecure-requests;frame-src 'self' https://sdk.getcode.com;connect-src 'self' https://sdk.getcode.com
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://4kin.app
Referer

Response headers

Etag
W/"3054c-191f47837c8"
X-Permitted-Cross-Domain-Policies
none
Report-To
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1727001235&sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6&s=gkMFAXSH%2BONbYU73%2BpXxrHrIW2ZLZcXeU9cPCKVlcF4%3D"}]}
X-Content-Type-Options
nosniff
Date
Sun, 22 Sep 2024 10:33:55 GMT
Last-Modified
Sun, 15 Sep 2024 06:56:45 GMT
Content-Type
font/ttf
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=15552000; includeSubDomains
Reporting-Endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1727001235&sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6&s=gkMFAXSH%2BONbYU73%2BpXxrHrIW2ZLZcXeU9cPCKVlcF4%3D
Content-Security-Policy
default-src 'self' https://sdk.getcode.com;base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self' https://js.getcode.com https://code-payments.github.io 'unsafe-inline';script-src-attr 'none';style-src 'self' 'unsafe-inline';upgrade-insecure-requests;frame-src 'self' https://sdk.getcode.com;connect-src 'self' https://sdk.getcode.com
Nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
X-Dns-Prefetch-Control
off
Cross-Origin-Opener-Policy
same-origin
Cache-Control
public, max-age=0
Connection
keep-alive
Cross-Origin-Resource-Policy
same-origin
Referrer-Policy
no-referrer
X-Download-Options
noopen
Via
1.1 vegur
Accept-Ranges
bytes
Content-Length
197964
X-Xss-Protection
0
Origin-Agent-Cluster
?1
Server
Cowboy
Montserrat-Regular.ttf
4kin.app/fonts/montserrat/static/ 		193 KB
195 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://4kin.app/fonts/montserrat/static/Montserrat-Regular.ttf
Requested by
Host: 4kin.app
URL: https://4kin.app/css/fonts.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.221.251.148 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-221-251-148.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
c3fb0280e4339f6c70cea42b8b432c6fb17fde130fbb12e9209c7cdfa79d976f
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://sdk.getcode.com;base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self' https://js.getcode.com https://code-payments.github.io 'unsafe-inline';script-src-attr 'none';style-src 'self' 'unsafe-inline';upgrade-insecure-requests;frame-src 'self' https://sdk.getcode.com;connect-src 'self' https://sdk.getcode.com
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://4kin.app
Referer

Response headers

Etag
W/"303f8-191f47837c8"
X-Permitted-Cross-Domain-Policies
none
Report-To
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1727001235&sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6&s=gkMFAXSH%2BONbYU73%2BpXxrHrIW2ZLZcXeU9cPCKVlcF4%3D"}]}
X-Content-Type-Options
nosniff
Date
Sun, 22 Sep 2024 10:33:55 GMT
Last-Modified
Sun, 15 Sep 2024 06:56:45 GMT
Content-Type
font/ttf
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=15552000; includeSubDomains
Reporting-Endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1727001235&sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6&s=gkMFAXSH%2BONbYU73%2BpXxrHrIW2ZLZcXeU9cPCKVlcF4%3D
Content-Security-Policy
default-src 'self' https://sdk.getcode.com;base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self' https://js.getcode.com https://code-payments.github.io 'unsafe-inline';script-src-attr 'none';style-src 'self' 'unsafe-inline';upgrade-insecure-requests;frame-src 'self' https://sdk.getcode.com;connect-src 'self' https://sdk.getcode.com
Nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
X-Dns-Prefetch-Control
off
Cross-Origin-Opener-Policy
same-origin
Cache-Control
public, max-age=0
Connection
keep-alive
Cross-Origin-Resource-Policy
same-origin
Referrer-Policy
no-referrer
X-Download-Options
noopen
Via
1.1 vegur
Accept-Ranges
bytes
Content-Length
197624
X-Xss-Protection
0
Origin-Agent-Cluster
?1
Server
Cowboy
/
sdk.getcode.com/v1/elements/login-request-button/ Frame 993A 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://sdk.getcode.com/v1/elements/login-request-button/
Requested by
Host: code-payments.github.io
URL: https://code-payments.github.io/code-sdk/v1/web.a6ec62e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.200.55.140 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-200-55-140.compute-1.amazonaws.com
Software
GitHub.com /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31556952

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
0
apigw-requestid
egLXJhiKIAMEJLw=
cache-control
max-age=600
content-length
1799
content-type
text/html; charset=utf-8
date
Sun, 22 Sep 2024 10:33:56 GMT
etag
"66c4d39d-707"
expires
Sun, 22 Sep 2024 06:04:17 GMT
last-modified
Tue, 20 Aug 2024 17:34:21 GMT
permissions-policy
interest-cohort=()
server
GitHub.com
strict-transport-security
max-age=31556952
vary
Accept-Encoding
via
1.1 varnish
x-cache
HIT
x-cache-hits
0
x-fastly-request-id
5cd2a26f1e0d44f4722ed83c04b28df6a3cf7a9a
x-forwarded-to-github
https://code-payments.github.io/code-sdk/v1/elements/login-request-button/
x-github-request-id
CEE1:169C:239787F:271B07A:66EFB109
x-proxy-cache
MISS
x-served-by
cache-iad-kcgs7200109-IAD
x-timer
S1727001236.280050,VS0,VE16
/
sdk.getcode.com/v1/elements/login-request-modal-desktop/ Frame F30F 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://sdk.getcode.com/v1/elements/login-request-modal-desktop/
Requested by
Host: code-payments.github.io
URL: https://code-payments.github.io/code-sdk/v1/web.a6ec62e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.200.55.140 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-200-55-140.compute-1.amazonaws.com
Software
GitHub.com /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31556952

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
0
apigw-requestid
egLXJh_yIAMEcCw=
cache-control
max-age=600
content-length
649
content-type
text/html; charset=utf-8
date
Sun, 22 Sep 2024 10:33:56 GMT
etag
"66c4d39d-289"
expires
Sun, 22 Sep 2024 07:25:51 GMT
last-modified
Tue, 20 Aug 2024 17:34:21 GMT
permissions-policy
interest-cohort=()
server
GitHub.com
strict-transport-security
max-age=31556952
vary
Accept-Encoding
via
1.1 varnish
x-cache
HIT
x-cache-hits
0
x-fastly-request-id
445490c5e2462f4fe15e76d1e2446d54867120d7
x-forwarded-to-github
https://code-payments.github.io/code-sdk/v1/elements/login-request-modal-desktop/
x-github-request-id
5305:2D8647:2E4AE80:337E867:66EFC427
x-proxy-cache
MISS
x-served-by
cache-iad-kcgs7200068-IAD
x-timer
S1727001236.050766,VS0,VE13
favicon.png
4kin.app/images/ 		18 KB
20 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://4kin.app/images/favicon.png
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.221.251.148 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-221-251-148.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
a0942f6060d7c5cd5eaf1c15a579f1e143a6dd28eca4a5b984bb4e906d0a807b
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://sdk.getcode.com;base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self' https://js.getcode.com https://code-payments.github.io 'unsafe-inline';script-src-attr 'none';style-src 'self' 'unsafe-inline';upgrade-insecure-requests;frame-src 'self' https://sdk.getcode.com;connect-src 'self' https://sdk.getcode.com
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Etag
W/"49f3-191f47837c8"
X-Permitted-Cross-Domain-Policies
none
Report-To
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1727001237&sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6&s=n7DX3MGJh%2F13tOj%2B7xPECtVDSTm9ym3c2sPFOS9runk%3D"}]}
X-Content-Type-Options
nosniff
Date
Sun, 22 Sep 2024 10:33:57 GMT
Last-Modified
Sun, 15 Sep 2024 06:56:45 GMT
Content-Type
image/png
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=15552000; includeSubDomains
Reporting-Endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1727001237&sid=929419e7-33ea-4e2f-85f0-7d8b7cd5cbd6&s=n7DX3MGJh%2F13tOj%2B7xPECtVDSTm9ym3c2sPFOS9runk%3D
Content-Security-Policy
default-src 'self' https://sdk.getcode.com;base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self' https://js.getcode.com https://code-payments.github.io 'unsafe-inline';script-src-attr 'none';style-src 'self' 'unsafe-inline';upgrade-insecure-requests;frame-src 'self' https://sdk.getcode.com;connect-src 'self' https://sdk.getcode.com
Nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
X-Dns-Prefetch-Control
off
Cross-Origin-Opener-Policy
same-origin
Cache-Control
public, max-age=0
Connection
keep-alive
Cross-Origin-Resource-Policy
same-origin
Referrer-Policy
no-referrer
X-Download-Options
noopen
Via
1.1 vegur
Accept-Ranges
bytes
Content-Length
18931
X-Xss-Protection
0
Origin-Agent-Cluster
?1
Server
Cowboy

Verdicts & Comments Add Verdict or Comment

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| __VUE_HMR_RUNTIME__ object| __VUE_INSTANCE_SETTERS__ object| __VUE_SSR_SETTERS__ object| devtoolsFormatters boolean| __VUE__

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' https://sdk.getcode.com;base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self' https://js.getcode.com https://code-payments.github.io 'unsafe-inline';script-src-attr 'none';style-src 'self' 'unsafe-inline';upgrade-insecure-requests;frame-src 'self' https://sdk.getcode.com;connect-src 'self' https://sdk.getcode.com
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0