cfahome.oktapreview.com Open in urlscan Pro
3.33.147.176 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://order-management-internal.dev.crndev.chick-fil-a.com/
Effective URL:
https://cfahome.oktapreview.com/oauth2/ausc6e4sj2fnPnQ670h7/v1/authorize?client_id=0oae1cb28rKPvxpzc0h7&redirect_uri=https%3A%2F...
Submission: On August 23 via automatic, source certstream-suspicious (August 23rd 2024, 7:04:24 am UTC) — Scanned from US

Summary HTTP 18 Redirects Behaviour Indicators

Summary

This website contacted 6 IPs in 1 countries across 5 domains to perform 18 HTTP transactions. The main IP is 3.33.147.176, located in United States and belongs to AMAZON-02, US. The main domain is cfahome.oktapreview.com.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on January 9th 2024. Valid for: a year.

This is the only time cfahome.oktapreview.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
6	2606:4700:440... 2606:4700:4400::6812:226e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	44.225.61.109 44.225.61.109	16509 (AMAZON-02) (AMAZON-02)
2	3.33.147.176 3.33.147.176	16509 (AMAZON-02) (AMAZON-02)
2	2600:1901:0:a... 2600:1901:0:a5e4::	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	3.168.122.98 3.168.122.98	16509 (AMAZON-02) (AMAZON-02)
18	6

6 2606:4700:4400::6812:226e (United States)

ASN13335 (CLOUDFLARENET, US)

order-management-internal.dev.crndev.chick-fil-a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 44.225.61.109 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-44-225-61-109.us-west-2.compute.amazonaws.com

api.amplitude.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.33.147.176 (United States)

ASN16509 (AMAZON-02, US)
PTR: ab7bfd6a9b7fa1eec.awsglobalaccelerator.com

cfahome.oktapreview.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1901:0:a5e4:: (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)

notify.bugsnag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.168.122.98 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-3-168-122-98.jfk52.r.cloudfront.net

op1static.oktacdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	chick-fil-a.com order-management-internal.dev.crndev.chick-fil-a.com order.api.qa.crndev.chick-fil-a.com Failed	996 KB
2	oktacdn.com op1static.oktacdn.com — Cisco Umbrella Rank: 63554	56 KB
2	bugsnag.com notify.bugsnag.com — Cisco Umbrella Rank: 1566	104 B
2	oktapreview.com cfahome.oktapreview.com	3 KB
2	amplitude.com api.amplitude.com — Cisco Umbrella Rank: 3376	136 B
18	5

	Domain	Requested by
6	order-management-internal.dev.crndev.chick-fil-a.com	order-management-internal.dev.crndev.chick-fil-a.com
2	op1static.oktacdn.com	cfahome.oktapreview.com
2	notify.bugsnag.com	order-management-internal.dev.crndev.chick-fil-a.com
2	cfahome.oktapreview.com	order-management-internal.dev.crndev.chick-fil-a.com cfahome.oktapreview.com
2	api.amplitude.com	order-management-internal.dev.crndev.chick-fil-a.com
0	order.api.qa.crndev.chick-fil-a.com Failed	order-management-internal.dev.crndev.chick-fil-a.com
18	6

This site contains no links.

Subject Issuer	Validity	Valid
order-management-internal.dev.crndev.chick-fil-a.com WE1	`2024-08-21` - `2024-11-19`	3 months	crt.sh
*.amplitude.com COMODO RSA Domain Validation Secure Server CA	`2024-01-31` - `2025-03-02`	a year	crt.sh
*.oktapreview.com DigiCert TLS RSA SHA256 2020 CA1	`2024-01-09` - `2025-02-08`	a year	crt.sh
*.bugsnag.com DigiCert TLS RSA SHA256 2020 CA1	`2024-03-20` - `2025-04-15`	a year	crt.sh
*.oktacdn.com DigiCert TLS RSA SHA256 2020 CA1	`2023-12-15` - `2025-01-02`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://cfahome.oktapreview.com/oauth2/ausc6e4sj2fnPnQ670h7/v1/authorize?client_id=0oae1cb28rKPvxpzc0h7&redirect_uri=https%3A%2F%2Forder-management-internal.dev.crndev.chick-fil-a.com&response_type=id_token&response_mode=fragment&state=HBv5oezTGUJBlo0zRdS9DVHPb1Ee2aWW7hQiqZxh2QsXWIdqKhLVl9acao9xe0PC&nonce=rwuKg4Zwwdgw3H9GXBnZQ8TOp8o4HecbQZT5cpltTKEFrXPc8T0PQOrSPEhrRoab&scope=openid%20email
Frame ID: 86519BB62992DD7E4CC4EBD2F386DDE4
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Chick-fil-A (Non-Production) - Access Forbidden

Page URL History Show full URLs

https://order-management-internal.dev.crndev.chick-fil-a.com/ Page URL
https://cfahome.oktapreview.com/oauth2/ausc6e4sj2fnPnQ670h7/v1/authorize?client_id=0oae1cb28rKPvxpzc0h7&redi... Page URL

Page Statistics

18
Requests

78 %
HTTPS

40 %
IPv6

5
Domains

6
Subdomains

6
IPs

1
Countries

1055 kB
Transfer

4264 kB
Size

8
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://order-management-internal.dev.crndev.chick-fil-a.com/ Page URL
https://cfahome.oktapreview.com/oauth2/ausc6e4sj2fnPnQ670h7/v1/authorize?client_id=0oae1cb28rKPvxpzc0h7&redirect_uri=https%3A%2F%2Forder-management-internal.dev.crndev.chick-fil-a.com&response_type=id_token&response_mode=fragment&state=HBv5oezTGUJBlo0zRdS9DVHPb1Ee2aWW7hQiqZxh2QsXWIdqKhLVl9acao9xe0PC&nonce=rwuKg4Zwwdgw3H9GXBnZQ8TOp8o4HecbQZT5cpltTKEFrXPc8T0PQOrSPEhrRoab&scope=openid%20email Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 / Show response
order-management-internal.dev.crndev.chick-fil-a.com/ 3 KB
2 KB 624ms
429ms Document
text/html 2606:4700:4400::6812:226e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://order-management-internal.dev.crndev.chick-fil-a.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:226e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6ced928f3bf3743481277465ac53ebfbd2ac2fdb809f7585bddaeb6ae5d7cae6

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

cache-control: no-cache
cf-cache-status: DYNAMIC
cf-ray: 8b793f6cce070c9f-LAX
content-encoding: br
content-type: text/html
date: Fri, 23 Aug 2024 07:04:19 GMT
expires: Thu, 01 Jan 1970 00:00:01 GMT
last-modified: Mon, 01 Jul 2024 15:42:15 GMT
server: cloudflare
strict-transport-security: max-age=0
vary: Accept-Encoding
x-envoy-decorator-operation: cmt-service.default.svc.cluster.local:80/*
x-envoy-upstream-service-time: 3

GET
H2 200 2.d1ab0506.chunk.css
order-management-internal.dev.crndev.chick-fil-a.com/static/css/ 14 KB
3 KB 632ms
630ms Stylesheet
text/css 2606:4700:4400::6812:226e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://order-management-internal.dev.crndev.chick-fil-a.com/static/css/2.d1ab0506.chunk.css

Requested by

Host: order-management-internal.dev.crndev.chick-fil-a.com
URL: https://order-management-internal.dev.crndev.chick-fil-a.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:226e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f151a8f91464bf72004e584a4c3b815ada0afbac27f61e38b85b74fcab15bd11

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://order-management-internal.dev.crndev.chick-fil-a.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 23 Aug 2024 07:04:19 GMT
strict-transport-security: max-age=0
x-envoy-decorator-operation: cmt-service.default.svc.cluster.local:80/*
cf-cache-status: MISS
last-modified: Mon, 01 Jul 2024 15:42:15 GMT
server: cloudflare
content-encoding: br
etag: W/"6682ce57-38eb"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=315360000
x-envoy-upstream-service-time: 1
cf-ray: 8b793f6f88ad0c9f-LAX
expires: Mon, 21 Aug 2034 07:04:19 GMT

GET
H2 200 main.ea548cb2.chunk.css
order-management-internal.dev.crndev.chick-fil-a.com/static/css/ 2 KB
830 B 307ms
305ms Stylesheet
text/css 2606:4700:4400::6812:226e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://order-management-internal.dev.crndev.chick-fil-a.com/static/css/main.ea548cb2.chunk.css

Requested by

Host: order-management-internal.dev.crndev.chick-fil-a.com
URL: https://order-management-internal.dev.crndev.chick-fil-a.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:226e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6330f081e6fb1f3d7debe126ccc163e9aa88fc2a5646b401519bcd0f96035c6d

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://order-management-internal.dev.crndev.chick-fil-a.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 23 Aug 2024 07:04:19 GMT
strict-transport-security: max-age=0
x-envoy-decorator-operation: cmt-service.default.svc.cluster.local:80/*
cf-cache-status: MISS
last-modified: Mon, 01 Jul 2024 15:42:15 GMT
server: cloudflare
content-encoding: br
etag: W/"6682ce57-75c"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=315360000
x-envoy-upstream-service-time: 3
cf-ray: 8b793f6f88ae0c9f-LAX
expires: Mon, 21 Aug 2034 07:04:19 GMT

GET
H2 200 2.6053d2f1.chunk.js Show response
order-management-internal.dev.crndev.chick-fil-a.com/static/js/ 4 MB
828 KB 345ms
344ms Script
application/javascript 2606:4700:4400::6812:226e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://order-management-internal.dev.crndev.chick-fil-a.com/static/js/2.6053d2f1.chunk.js

Requested by

Host: order-management-internal.dev.crndev.chick-fil-a.com
URL: https://order-management-internal.dev.crndev.chick-fil-a.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:226e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

98531ea9721c3ac6159464662dfe31c91bdf098a1ea39d6fc5ec360506ff58db

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://order-management-internal.dev.crndev.chick-fil-a.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 23 Aug 2024 07:04:19 GMT
strict-transport-security: max-age=0
x-envoy-decorator-operation: cmt-service.default.svc.cluster.local:80/*
cf-cache-status: HIT
last-modified: Mon, 01 Jul 2024 15:42:15 GMT
server: cloudflare
content-encoding: br
etag: W/"6682ce57-3ac628"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=315360000
x-envoy-upstream-service-time: 3
cf-ray: 8b793f6f88af0c9f-LAX
expires: Mon, 21 Aug 2034 07:04:19 GMT

GET
H2 200 main.ea20fcf0.chunk.js
order-management-internal.dev.crndev.chick-fil-a.com/static/js/ 353 KB
89 KB 631ms
631ms Script
application/javascript 2606:4700:4400::6812:226e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://order-management-internal.dev.crndev.chick-fil-a.com/static/js/main.ea20fcf0.chunk.js

Requested by

Host: order-management-internal.dev.crndev.chick-fil-a.com
URL: https://order-management-internal.dev.crndev.chick-fil-a.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:226e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://order-management-internal.dev.crndev.chick-fil-a.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 23 Aug 2024 07:04:19 GMT
strict-transport-security: max-age=0
x-envoy-decorator-operation: cmt-service.default.svc.cluster.local:80/*
cf-cache-status: MISS
last-modified: Mon, 01 Jul 2024 15:42:15 GMT
server: cloudflare
content-encoding: br
etag: W/"6682ce57-582ce"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=315360000
x-envoy-upstream-service-time: 3
cf-ray: 8b793f6f88b00c9f-LAX
expires: Mon, 21 Aug 2034 07:04:19 GMT

OPTIONS feature-flags
order.api.qa.crndev.chick-fil-a.com/cmt/config/1.0/ 0
0

OPTIONS
H2 200 /
api.amplitude.com/ 0
0 309ms
102ms Preflight 44.225.61.109
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.amplitude.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.225.61.109 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-225-61-109.us-west-2.compute.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Accept: */*
Access-Control-Request-Headers: cross-origin-resource-policy
Access-Control-Request-Method: POST
Origin: https://order-management-internal.dev.crndev.chick-fil-a.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: cross-origin-resource-policy
access-control-allow-methods: GET, POST
access-control-allow-origin: *
access-control-max-age: 86400
content-length: 0
date: Fri, 23 Aug 2024 07:04:20 GMT
strict-transport-security: max-age=15768000

GET feature-flags
order.api.qa.crndev.chick-fil-a.com/cmt/config/1.0/ 0
0

POST
H2 200 /
api.amplitude.com/ 7 B
136 B 109ms
107ms XHR
text/html 44.225.61.109
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.amplitude.com/

Requested by

Host: order-management-internal.dev.crndev.chick-fil-a.com
URL: https://order-management-internal.dev.crndev.chick-fil-a.com/static/js/2.6053d2f1.chunk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.225.61.109 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-225-61-109.us-west-2.compute.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://order-management-internal.dev.crndev.chick-fil-a.com/
Cross-Origin-Resource-Policy: cross-origin
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

access-control-allow-origin: *
date: Fri, 23 Aug 2024 07:04:20 GMT
strict-transport-security: max-age=15768000
content-length: 7
content-type: text/html;charset=utf-8

GET
H2 200 Apercu.941f622f.ttf
order-management-internal.dev.crndev.chick-fil-a.com/static/media/ 73 KB
74 KB 372ms
371ms Font
application/octet-stream 2606:4700:4400::6812:226e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://order-management-internal.dev.crndev.chick-fil-a.com/static/media/Apercu.941f622f.ttf

Requested by

Host: order-management-internal.dev.crndev.chick-fil-a.com
URL: https://order-management-internal.dev.crndev.chick-fil-a.com/static/css/main.ea548cb2.chunk.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:226e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://order-management-internal.dev.crndev.chick-fil-a.com/static/css/main.ea548cb2.chunk.css
Origin: https://order-management-internal.dev.crndev.chick-fil-a.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 23 Aug 2024 07:04:20 GMT
strict-transport-security: max-age=0
x-envoy-decorator-operation: cmt-service.default.svc.cluster.local:80/*
cf-cache-status: MISS
x-envoy-upstream-service-time: 3
content-length: 75048
last-modified: Mon, 01 Jul 2024 15:42:15 GMT
server: cloudflare
etag: "6682ce57-12528"
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: https://order-management-internal.dev.crndev.chick-fil-a.com
access-control-expose-headers: connect-protocol-version,grpc-status,grpc-message,trailers,trailer,x-forwarded-for,x-forwarded-host,x-forwarded-proto,x-client-ip-address
cache-control: public, max-age=43200
access-control-allow-credentials: true
accept-ranges: bytes
cf-ray: 8b793f759de10c9f-LAX
expires: Fri, 23 Aug 2024 19:04:20 GMT

GET Apercu-Bold.27d250ad.woff
order-management-internal.dev.crndev.chick-fil-a.com/static/media/ 0
0

GET
H2 403 Primary Request authorize Show response
cfahome.oktapreview.com/oauth2/ausc6e4sj2fnPnQ670h7/v1/ 2 KB
2 KB 414ms
155ms Document
text/html 3.33.147.176
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cfahome.oktapreview.com/oauth2/ausc6e4sj2fnPnQ670h7/v1/authorize?client_id=0oae1cb28rKPvxpzc0h7&redirect_uri=https%3A%2F%2Forder-management-internal.dev.crndev.chick-fil-a.com&response_type=id_token&response_mode=fragment&state=HBv5oezTGUJBlo0zRdS9DVHPb1Ee2aWW7hQiqZxh2QsXWIdqKhLVl9acao9xe0PC&nonce=rwuKg4Zwwdgw3H9GXBnZQ8TOp8o4HecbQZT5cpltTKEFrXPc8T0PQOrSPEhrRoab&scope=openid%20email

Requested by

Host: order-management-internal.dev.crndev.chick-fil-a.com
URL: https://order-management-internal.dev.crndev.chick-fil-a.com/static/js/2.6053d2f1.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.33.147.176 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ab7bfd6a9b7fa1eec.awsglobalaccelerator.com

Software

nginx /

Resource Hash

79e09430b5f35714b6df7a2c704dc84451c83573682b5e2af4b598eb968ed6d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=315360000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://order-management-internal.dev.crndev.chick-fil-a.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

accept-ch: Sec-CH-UA-Platform-Version
cache-control: no-cache, no-store
content-encoding: gzip
content-language: en
content-type: text/html;charset=utf-8
date: Fri, 23 Aug 2024 07:04:20 GMT
expires: 0
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: nginx
strict-transport-security: max-age=315360000; includeSubDomains
vary: Accept-Encoding
x-content-type-options: nosniff
x-okta-request-id: db090cece921c4a34b362696e2be4143
x-xss-protection: 0

OPTIONS
H2 200 /
notify.bugsnag.com/ 0
0 258ms
97ms Preflight 2600:1901:0:a5e4::
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://notify.bugsnag.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:a5e4:: Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: bugsnag-api-key,bugsnag-payload-version,bugsnag-sent-at,content-type
Access-Control-Request-Method: POST
Origin: https://order-management-internal.dev.crndev.chick-fil-a.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: Origin, Content-Type, Accept, Authorization, User-Agent, Referer, X-Forwarded-For, Bugsnag-Api-Key, Bugsnag-Sent-At, Bugsnag-Payload-Version, Bugsnag-Integrity
access-control-allow-methods: POST
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Fri, 23 Aug 2024 07:04:20 GMT
via: 1.1 google

POST
H2 200 /
notify.bugsnag.com/ 2 B
104 B 100ms
97ms XHR
text/plain 2600:1901:0:a5e4::
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://notify.bugsnag.com/
Requested by: Host: order-management-internal.dev.crndev.chick-fil-a.com
URL: https://order-management-internal.dev.crndev.chick-fil-a.com/static/js/2.6053d2f1.chunk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:a5e4:: Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Bugsnag-Payload-Version: 4
Referer: https://order-management-internal.dev.crndev.chick-fil-a.com/
Bugsnag-Sent-At: 2024-08-23T07:04:20.082Z
Bugsnag-Api-Key: b0d00dfe57549e290ed0ba83afe6551e
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

access-control-allow-origin: *
date: Fri, 23 Aug 2024 07:04:20 GMT
via: 1.1 google
bugsnag-event-id: 66c8347400f8757509140000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2
content-type: text/plain; charset=utf-8

GET
H2 200 errors-v2.css
cfahome.oktapreview.com/assets/css/sections/ 2 KB
1 KB 141ms
139ms Stylesheet
text/css 3.33.147.176
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cfahome.oktapreview.com/assets/css/sections/errors-v2.css

Requested by

Host: cfahome.oktapreview.com
URL: https://cfahome.oktapreview.com/oauth2/ausc6e4sj2fnPnQ670h7/v1/authorize?client_id=0oae1cb28rKPvxpzc0h7&redirect_uri=https%3A%2F%2Forder-management-internal.dev.crndev.chick-fil-a.com&response_type=id_token&response_mode=fragment&state=HBv5oezTGUJBlo0zRdS9DVHPb1Ee2aWW7hQiqZxh2QsXWIdqKhLVl9acao9xe0PC&nonce=rwuKg4Zwwdgw3H9GXBnZQ8TOp8o4HecbQZT5cpltTKEFrXPc8T0PQOrSPEhrRoab&scope=openid%20email

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.33.147.176 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ab7bfd6a9b7fa1eec.awsglobalaccelerator.com

Software

nginx /

Resource Hash

07d7429f55979af1968161a3eb812a39c797f9c3e2f0fd88aecbf1ea741349c1

Security Headers

Name	Value
Strict-Transport-Security	max-age=315360000; includeSubDomains

Request headers

Referer: https://cfahome.oktapreview.com/oauth2/ausc6e4sj2fnPnQ670h7/v1/authorize?client_id=0oae1cb28rKPvxpzc0h7&redirect_uri=https%3A%2F%2Forder-management-internal.dev.crndev.chick-fil-a.com&response_type=id_token&response_mode=fragment&state=HBv5oezTGUJBlo0zRdS9DVHPb1Ee2aWW7hQiqZxh2QsXWIdqKhLVl9acao9xe0PC&nonce=rwuKg4Zwwdgw3H9GXBnZQ8TOp8o4HecbQZT5cpltTKEFrXPc8T0PQOrSPEhrRoab&scope=openid%20email
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 23 Aug 2024 07:04:20 GMT
x-amz-meta-sha1sum: a0af4ecf251187b0203ff095d16f850cc57a38c1
content-encoding: gzip
strict-transport-security: max-age=315360000; includeSubDomains
last-modified: Thu, 27 Oct 2022 02:12:48 GMT
server: nginx
etag: W/"80127ba5c47706686501006723ba83da"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
expires: Sat, 23 Aug 2025 07:04:20 GMT

GET style-sheet
cfahome.oktapreview.com/api/internal/brand/theme/ 0
0

GET
H2 200 fs01or44yznl7thYM0h8
op1static.oktacdn.com/fs/bco/1/ 16 KB
16 KB 488ms
157ms Image
image/png 3.168.122.98
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://op1static.oktacdn.com/fs/bco/1/fs01or44yznl7thYM0h8

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.168.122.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-3-168-122-98.jfk52.r.cloudfront.net

Software

nginx /

Resource Hash

b10b9bebef65c3d31604f443eb96b5cc65935e6e7bb4ec142c1570ac4c9c09fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=315360000; includeSubDomains

Request headers

Referer: https://cfahome.oktapreview.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 16 Aug 2024 12:45:40 GMT
strict-transport-security: max-age=315360000; includeSubDomains
via: 1.1 e43394d21905c9e6ce0980d7e55974f4.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK52-P7
age: 584320
x-cache: Hit from cloudfront
content-length: 16331
last-modified: Thu, 01 Jun 2023 13:51:32 GMT
server: nginx
etag: "fead0e205c20766da3f102817ae4e699"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
accept-ranges: bytes
x-amz-cf-id: xqz3LQoftPoh68kEwKBm8rTNN3m1kgGbgX4eiMQlVVP9SXg0GDLoRA==
expires: Sat, 16 Aug 2025 12:45:40 GMT

GET
H2 200 fileStoreRecord
op1static.oktacdn.com/bc/image/ 38 KB
40 KB 159ms
159ms Other
image/png 3.168.122.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://op1static.oktacdn.com/bc/image/fileStoreRecord?id=fs011kb172oLBy1CL0h8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.168.122.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-3-168-122-98.jfk52.r.cloudfront.net

Software

nginx /

Resource Hash

59daca985380899e1b7f2ddacbac9ccf4eb3d7c1611e401e64dfe283111035b4

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' atko.oktapreview.com .oktacdn.com; connect-src 'self' atko.oktapreview.com atko-admin.oktapreview.com .oktacdn.com .mixpanel.com .mapbox.com .mtls.oktapreview.com atko.kerberos.oktapreview.com https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' atko.oktapreview.com .oktacdn.com; style-src 'unsafe-inline' 'self' atko.oktapreview.com .oktacdn.com; frame-src 'self' atko.oktapreview.com atko-admin.oktapreview.com login.okta.com .vidyard.com; img-src 'self' atko.oktapreview.com .oktacdn.com .tiles.mapbox.com .mapbox.com .vidyard.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' atko.oktapreview.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self'
Strict-Transport-Security	max-age=315360000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cfahome.oktapreview.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-okta-request-id: eae0071d9f50373cc242937ae1b77e20
content-security-policy: default-src 'self' atko.oktapreview.com *.oktacdn.com; connect-src 'self' atko.oktapreview.com atko-admin.oktapreview.com *.oktacdn.com *.mixpanel.com *.mapbox.com *.mtls.oktapreview.com atko.kerberos.oktapreview.com https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' atko.oktapreview.com *.oktacdn.com; style-src 'unsafe-inline' 'self' atko.oktapreview.com *.oktacdn.com; frame-src 'self' atko.oktapreview.com atko-admin.oktapreview.com login.okta.com *.vidyard.com; img-src 'self' atko.oktapreview.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com *.vidyard.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' atko.oktapreview.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self'
strict-transport-security: max-age=315360000; includeSubDomains
x-rate-limit-limit: 600
x-content-type-options: nosniff
via: 1.1 e43394d21905c9e6ce0980d7e55974f4.cloudfront.net (CloudFront)
x-rate-limit-remaining: 598
date: Thu, 22 Aug 2024 11:45:07 GMT
x-amz-cf-pop: JFK52-P7
age: 69554
content-security-policy-report-only: default-src 'self' atko.oktapreview.com *.oktacdn.com; connect-src 'self' atko.oktapreview.com atko-admin.oktapreview.com *.oktacdn.com *.mixpanel.com *.mapbox.com *.mtls.oktapreview.com atko.kerberos.oktapreview.com https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' atko.oktapreview.com *.oktacdn.com; style-src 'unsafe-inline' 'nonce-H8-C1oQ6WNm_vuJtx8CR6g' 'self' atko.oktapreview.com *.oktacdn.com; frame-src 'self' atko.oktapreview.com atko-admin.oktapreview.com login.okta.com *.vidyard.com; img-src 'self' atko.oktapreview.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com *.vidyard.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' atko.oktapreview.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self'; report-uri https://oktacsp.report-uri.com/r/t/csp/reportOnly; report-to csp
x-cache: Hit from cloudfront
p3p: CP="HONK"
content-length: 38564
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 15 Sep 2021 19:16:08 GMT
server: nginx
accept-ch: Sec-CH-UA-Platform-Version
report-to: {"group":"csp","max_age":31536000,"endpoints":[{"url":"https://oktacsp.report-uri.com/a/t/g"}],"include_subdomains":true}
content-type: image/png
access-control-allow-origin: *
x-rate-limit-reset: 1722512722
cache-control: public,max-age=31536000,s-maxage=1814400
x-robots-tag: noindex,nofollow
x-amz-cf-id: 0k-7RdachxcAgDT75RtSd14uUb94OHr2GVbffsIh1wIa84YhOGmzkw==
expires: Fri, 22 Aug 2025 11:45:07 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: order.api.qa.crndev.chick-fil-a.com
URL: https://order.api.qa.crndev.chick-fil-a.com/cmt/config/1.0/feature-flags

Domain: order.api.qa.crndev.chick-fil-a.com
URL: https://order.api.qa.crndev.chick-fil-a.com/cmt/config/1.0/feature-flags

Domain: order-management-internal.dev.crndev.chick-fil-a.com
URL: https://order-management-internal.dev.crndev.chick-fil-a.com/static/media/Apercu-Bold.27d250ad.woff

Domain: cfahome.oktapreview.com
URL: https://cfahome.oktapreview.com/api/internal/brand/theme/style-sheet?touch-point=ERROR_PAGE&v=17108ba7855f04646665881851a507f56d1355689fdda2ae377def222ffb95f3dc85d5124c437ac69e06f6aae9c4ff25

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

8 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.crndev.chick-fil-a.com/	1970-01-20 22:59:58	Name: __cf_bm Value: LPJJ1mewVoc8F_NZ3LUf_6g.RlslMAEMAX2KP1pE0xY-1724396659-1.0.1.1-.2upRv_5we2umxgfO_N1NtcLDyUMtgAIy.gvuyoTa_a.EO1v8ZP21m4J5hW4raWrwL6ly80pCyQVh6NkP0ncFQ
.chick-fil-a.com/	1970-01-21 07:45:32	Name: amp_554e50 Value: xbo4-f-hTGuk47T0O97pgT...1i5v0pp9d.1i5v0ppag.1.0.1
order-management-internal.dev.crndev.chick-fil-a.com/	1969-12-31 23:59:59	Name: okta-oauth-redirect-params Value: {"responseType":"id_token","state":"HBv5oezTGUJBlo0zRdS9DVHPb1Ee2aWW7hQiqZxh2QsXWIdqKhLVl9acao9xe0PC","nonce":"rwuKg4Zwwdgw3H9GXBnZQ8TOp8o4HecbQZT5cpltTKEFrXPc8T0PQOrSPEhrRoab","scopes":["openid","email"],"urls":{"issuer":"https://cfahome.oktapreview.com/oauth2/ausc6e4sj2fnPnQ670h7","authorizeUrl":"https://cfahome.oktapreview.com/oauth2/ausc6e4sj2fnPnQ670h7/v1/authorize","userinfoUrl":"https://cfahome.oktapreview.com/oauth2/ausc6e4sj2fnPnQ670h7/v1/userinfo"}}
order-management-internal.dev.crndev.chick-fil-a.com/	1969-12-31 23:59:59	Name: okta-oauth-nonce Value: rwuKg4Zwwdgw3H9GXBnZQ8TOp8o4HecbQZT5cpltTKEFrXPc8T0PQOrSPEhrRoab
order-management-internal.dev.crndev.chick-fil-a.com/	1969-12-31 23:59:59	Name: okta-oauth-state Value: HBv5oezTGUJBlo0zRdS9DVHPb1Ee2aWW7hQiqZxh2QsXWIdqKhLVl9acao9xe0PC
cfahome.oktapreview.com/	1969-12-31 23:59:59	Name: JSESSIONID Value: CD2B151FCBFE65607DA9FBE7D613A931
cfahome.oktapreview.com/	1969-12-31 23:59:59	Name: t Value: default
cfahome.oktapreview.com/	1970-01-21 08:35:56	Name: DT Value: DI1zFV27b8BRrqZdTAFAwkIAg

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://cfahome.oktapreview.com/oauth2/ausc6e4sj2fnPnQ670h7/v1/authorize?client_id=0oae1cb28rKPvxpzc0h7&redirect_uri=https%3A%2F%2Forder-management-internal.dev.crndev.chick-fil-a.com&response_type=id_token&response_mode=fragment&state=HBv5oezTGUJBlo0zRdS9DVHPb1Ee2aWW7hQiqZxh2QsXWIdqKhLVl9acao9xe0PC&nonce=rwuKg4Zwwdgw3H9GXBnZQ8TOp8o4HecbQZT5cpltTKEFrXPc8T0PQOrSPEhrRoab&scope=openid%20email Message: Failed to load resource: the server responded with a status of 403 ()
security	error	URL: https://cfahome.oktapreview.com/oauth2/ausc6e4sj2fnPnQ670h7/v1/authorize?client_id=0oae1cb28rKPvxpzc0h7&redirect_uri=https%3A%2F%2Forder-management-internal.dev.crndev.chick-fil-a.com&response_type=id_token&response_mode=fragment&state=HBv5oezTGUJBlo0zRdS9DVHPb1Ee2aWW7hQiqZxh2QsXWIdqKhLVl9acao9xe0PC&nonce=rwuKg4Zwwdgw3H9GXBnZQ8TOp8o4HecbQZT5cpltTKEFrXPc8T0PQOrSPEhrRoab&scope=openid%20email Message: Refused to apply style from 'https://cfahome.oktapreview.com/api/internal/brand/theme/style-sheet?touch-point=ERROR_PAGE&v=17108ba7855f04646665881851a507f56d1355689fdda2ae377def222ffb95f3dc85d5124c437ac69e06f6aae9c4ff25' because its MIME type ('application/json') is not a supported stylesheet MIME type, and strict MIME checking is enabled.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.amplitude.com
cfahome.oktapreview.com
notify.bugsnag.com
op1static.oktacdn.com
order-management-internal.dev.crndev.chick-fil-a.com
order.api.qa.crndev.chick-fil-a.com
cfahome.oktapreview.com
order-management-internal.dev.crndev.chick-fil-a.com
order.api.qa.crndev.chick-fil-a.com
2600:1901:0:a5e4::
2606:4700:4400::6812:226e
3.168.122.98
3.33.147.176
44.225.61.109
07d7429f55979af1968161a3eb812a39c797f9c3e2f0fd88aecbf1ea741349c1
59daca985380899e1b7f2ddacbac9ccf4eb3d7c1611e401e64dfe283111035b4
6330f081e6fb1f3d7debe126ccc163e9aa88fc2a5646b401519bcd0f96035c6d
6ced928f3bf3743481277465ac53ebfbd2ac2fdb809f7585bddaeb6ae5d7cae6
79e09430b5f35714b6df7a2c704dc84451c83573682b5e2af4b598eb968ed6d5
98531ea9721c3ac6159464662dfe31c91bdf098a1ea39d6fc5ec360506ff58db
b10b9bebef65c3d31604f443eb96b5cc65935e6e7bb4ec142c1570ac4c9c09fe
f151a8f91464bf72004e584a4c3b815ada0afbac27f61e38b85b74fcab15bd11

cfahome.oktapreview.com Open in urlscan Pro 3.33.147.176 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

18 Requests

78 %HTTPS

40 %IPv6

5 Domains

6 Subdomains

6 IPs

1 Countries

1055 kBTransfer

4264 kBSize

8 Cookies

0 Outgoing links

Page URL History

Redirected requests

18 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

8 Cookies

2 Console Messages

Security Headers

Indicators

cfahome.oktapreview.com Open in urlscan Pro
3.33.147.176 Public Scan

Screenshot
Live screenshot

Full Image

18
Requests

78 %
HTTPS

40 %
IPv6

5
Domains

6
Subdomains

6
IPs

1
Countries

1055 kB
Transfer

4264 kB
Size

8
Cookies

18 HTTP transactions
0 data transactions