demo.finance.eligiblestaging.co.uk Open in urlscan Pro
63.32.161.232 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://demo.finance.eligiblestaging.co.uk/
Submission Tags: @phishunt_io
Submission: On November 12 via api (November 12th 2022, 10:05:49 am UTC) from DE — Scanned from DE

Summary HTTP 17 Redirects Links 5 Behaviour Indicators

Summary

This website contacted 5 IPs in 3 countries across 4 domains to perform 17 HTTP transactions. The main IP is 63.32.161.232, located in Dublin, Ireland and belongs to AMAZON-02, US. The main domain is demo.finance.eligiblestaging.co.uk.
TLS certificate: Issued by R3 on November 11th 2022. Valid for: 3 months.

This is the only time demo.finance.eligiblestaging.co.uk was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
8	63.32.161.232 63.32.161.232	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:809::200a	15169 (GOOGLE) (GOOGLE)
5	54.247.69.169 54.247.69.169	16509 (AMAZON-02) (AMAZON-02)
1	52.95.150.129 52.95.150.129	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:812::2003	15169 (GOOGLE) (GOOGLE)
17	5

8 63.32.161.232 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-63-32-161-232.eu-west-1.compute.amazonaws.com

demo.finance.eligiblestaging.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 54.247.69.169 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-247-69-169.eu-west-1.compute.amazonaws.com

api.eligiblestaging.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.95.150.129 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: s3-w.eu-west-2.amazonaws.com

eligible-staging.s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:812::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
13	eligiblestaging.co.uk demo.finance.eligiblestaging.co.uk api.eligiblestaging.co.uk	979 KB
2	gstatic.com fonts.gstatic.com	63 KB
1	amazonaws.com eligible-staging.s3.amazonaws.com	8 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 43	1 KB
17	4

	Domain	Requested by
8	demo.finance.eligiblestaging.co.uk	demo.finance.eligiblestaging.co.uk
5	api.eligiblestaging.co.uk	demo.finance.eligiblestaging.co.uk
2	fonts.gstatic.com	fonts.googleapis.com
1	eligible-staging.s3.amazonaws.com
1	fonts.googleapis.com	demo.finance.eligiblestaging.co.uk
17	5

This site contains links to these domains. Also see Links.

Domain
ico.org.uk
en.wikipedia.org
www.sllaw.co.uk
developer.mozilla.org
www.sesame.co.uk

Subject Issuer	Validity	Valid
demo.finance.eligiblestaging.co.uk R3	`2022-11-11` - `2023-02-09`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-10-25` - `2023-01-17`	3 months	crt.sh
api.eligiblestaging.co.uk R3	`2022-11-11` - `2023-02-09`	3 months	crt.sh
*.s3.amazonaws.com Amazon	`2022-09-21` - `2023-08-26`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2022-10-25` - `2023-01-17`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://demo.finance.eligiblestaging.co.uk/
Frame ID: CAB81448CCAD0763A47E00E44D746DB2
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

DemoCookiesPlayChevron Down

Detected technologies

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Page Statistics

17
Requests

100 %
HTTPS

40 %
IPv6

4
Domains

5
Subdomains

5
IPs

3
Countries

1051 kB
Transfer

3140 kB
Size

0
Cookies

5 Outgoing links

These are links going to different origins than the main page.

URL: https://ico.org.uk/your-data-matters/online/cookies/
Title: cookies

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/Privacy_policy
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: http://www.sllaw.co.uk/legal-services/terms-of-business.html
Title: Terms of Business Policy

Search URL Search Domain Scan URL

URL: https://developer.mozilla.org/en-US/docs/Learn/Accessibility/What_is_accessibility
Title: Accessibility Policy

Search URL Search Domain Scan URL

URL: https://www.sesame.co.uk/Portals/2/Documents/Sesame-Customer-DPN.pdf
Title: DPN

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
demo.finance.eligiblestaging.co.uk/ 1 KB
2 KB 104ms
36ms Document
text/html 63.32.161.232
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://demo.finance.eligiblestaging.co.uk/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

63.32.161.232 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-63-32-161-232.eu-west-1.compute.amazonaws.com

Software

nginx /

Resource Hash

130bf7274ad2700e7d7b73dd67bf4d6afbdc3ab35614ee0814c7ce143b9fd432

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline'; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-ancestors 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://beacon-v2.helpscout.net https://widget.intercom.io https://.googleapis.com https://.gstatic.com .google.com https://.ggpht.com .googleusercontent.com; img-src 'self' https://eligible-staging.s3.amazonaws.com https://eligible-production.s3.eu-west-2.amazonaws.com https://eligible-production.s3.amazonaws.com https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com data:; connect-src 'self' https://.cloudfront.net https://.helpscout.net https://api.eligible.ai https://api.eligiblestaging.co.uk https://sentry.io https://.googleapis.com .google.com https://.gstatic.com data: blob:; object-src 'none'; manifest-src 'self' blob: ;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Connection: keep-alive
Content-Encoding: gzip
Content-Security-Policy: default-src 'self' 'unsafe-inline'; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-ancestors 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://beacon-v2.helpscout.net https://widget.intercom.io https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com; img-src 'self' https://eligible-staging.s3.amazonaws.com https://eligible-production.s3.eu-west-2.amazonaws.com https://eligible-production.s3.amazonaws.com https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com data:; connect-src 'self' https://*.cloudfront.net https://*.helpscout.net https://api.eligible.ai https://api.eligiblestaging.co.uk https://sentry.io https://*.googleapis.com *.google.com https://*.gstatic.com data: blob:; object-src 'none'; manifest-src 'self' blob: ;
Content-Type: text/html; charset=UTF-8
Date: Sat, 12 Nov 2022 10:05:44 GMT
Etag: W/"636e51d0-593"
Last-Modified: Fri, 11 Nov 2022 13:44:48 GMT
Referrer-Policy: same-origin
Server: nginx
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Transfer-Encoding: chunked
Vary: Accept-Encoding
Via: 1.1 vegur
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Xss-Protection: 1; mode=block

GET
H2 200 css
fonts.googleapis.com/ 6 KB
1 KB 43ms
19ms Stylesheet
text/css 2a00:1450:4001:809::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Muli:400,400i,600,600i,700,700i

Requested by

Host: demo.finance.eligiblestaging.co.uk
URL: https://demo.finance.eligiblestaging.co.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

291c648b9e5c84460b73a68cc4fa7f79084bac076c08871907eea60358c72128

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sat, 12 Nov 2022 10:05:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 12 Nov 2022 10:05:44 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 12 Nov 2022 10:05:44 GMT

GET
H/1.1 200
OK main.d02b8a5d.js Show response
demo.finance.eligiblestaging.co.uk/static/js/ 2 MB
688 KB 40ms
39ms Script
application/x-javascript 63.32.161.232
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://demo.finance.eligiblestaging.co.uk/static/js/main.d02b8a5d.js

Requested by

Host: demo.finance.eligiblestaging.co.uk
URL: https://demo.finance.eligiblestaging.co.uk/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

63.32.161.232 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-63-32-161-232.eu-west-1.compute.amazonaws.com

Software

nginx /

Resource Hash

7cc0c8d801897d8ed58b784e45f1e02a3898786499e29798d9d2b9267b12a3b1

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline'; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-ancestors 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://beacon-v2.helpscout.net https://widget.intercom.io https://.googleapis.com https://.gstatic.com .google.com https://.ggpht.com .googleusercontent.com; img-src 'self' https://eligible-staging.s3.amazonaws.com https://eligible-production.s3.eu-west-2.amazonaws.com https://eligible-production.s3.amazonaws.com https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com data:; connect-src 'self' https://.cloudfront.net https://.helpscout.net https://api.eligible.ai https://api.eligiblestaging.co.uk https://sentry.io https://.googleapis.com .google.com https://.gstatic.com data: blob:; object-src 'none'; manifest-src 'self' blob: ;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://demo.finance.eligiblestaging.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date: Sat, 12 Nov 2022 10:05:44 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' 'unsafe-inline'; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-ancestors 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://beacon-v2.helpscout.net https://widget.intercom.io https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com; img-src 'self' https://eligible-staging.s3.amazonaws.com https://eligible-production.s3.eu-west-2.amazonaws.com https://eligible-production.s3.amazonaws.com https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com data:; connect-src 'self' https://*.cloudfront.net https://*.helpscout.net https://api.eligible.ai https://api.eligiblestaging.co.uk https://sentry.io https://*.googleapis.com *.google.com https://*.gstatic.com data: blob:; object-src 'none'; manifest-src 'self' blob: ;
Content-Encoding: gzip
Via: 1.1 vegur
Transfer-Encoding: chunked
Connection: keep-alive
X-Xss-Protection: 1; mode=block
Referrer-Policy: same-origin
Last-Modified: Fri, 11 Nov 2022 13:45:31 GMT
Server: nginx
Etag: W/"636e51fb-1ff113"
X-Frame-Options: DENY
Vary: Accept-Encoding
Content-Type: application/x-javascript

GET
H/1.1 200
OK main.81949364.css
demo.finance.eligiblestaging.co.uk/static/css/ 107 KB
18 KB 104ms
39ms Stylesheet
text/css 63.32.161.232
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://demo.finance.eligiblestaging.co.uk/static/css/main.81949364.css

Requested by

Host: demo.finance.eligiblestaging.co.uk
URL: https://demo.finance.eligiblestaging.co.uk/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

63.32.161.232 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-63-32-161-232.eu-west-1.compute.amazonaws.com

Software

nginx /

Resource Hash

3c59b1f53993ef55c0533a757799a0abacdc1b5fb9a6c9e9e3c86f68dfe0a759

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline'; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-ancestors 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://beacon-v2.helpscout.net https://widget.intercom.io https://.googleapis.com https://.gstatic.com .google.com https://.ggpht.com .googleusercontent.com; img-src 'self' https://eligible-staging.s3.amazonaws.com https://eligible-production.s3.eu-west-2.amazonaws.com https://eligible-production.s3.amazonaws.com https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com data:; connect-src 'self' https://.cloudfront.net https://.helpscout.net https://api.eligible.ai https://api.eligiblestaging.co.uk https://sentry.io https://.googleapis.com .google.com https://.gstatic.com data: blob:; object-src 'none'; manifest-src 'self' blob: ;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://demo.finance.eligiblestaging.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date: Sat, 12 Nov 2022 10:05:44 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' 'unsafe-inline'; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-ancestors 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://beacon-v2.helpscout.net https://widget.intercom.io https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com; img-src 'self' https://eligible-staging.s3.amazonaws.com https://eligible-production.s3.eu-west-2.amazonaws.com https://eligible-production.s3.amazonaws.com https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com data:; connect-src 'self' https://*.cloudfront.net https://*.helpscout.net https://api.eligible.ai https://api.eligiblestaging.co.uk https://sentry.io https://*.googleapis.com *.google.com https://*.gstatic.com data: blob:; object-src 'none'; manifest-src 'self' blob: ;
Content-Encoding: gzip
Via: 1.1 vegur
Transfer-Encoding: chunked
Connection: keep-alive
X-Xss-Protection: 1; mode=block
Referrer-Policy: same-origin
Last-Modified: Fri, 11 Nov 2022 13:44:48 GMT
Server: nginx
Etag: W/"636e51d0-1aba4"
X-Frame-Options: DENY
Vary: Accept-Encoding
Content-Type: text/css

GET
H/1.1 200
OK / Show response
api.eligiblestaging.co.uk/api-v1/me/ 8 KB
8 KB 283ms
189ms XHR
application/json 54.247.69.169
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.eligiblestaging.co.uk/api-v1/me/

Requested by

Host: demo.finance.eligiblestaging.co.uk
URL: https://demo.finance.eligiblestaging.co.uk/static/js/main.d02b8a5d.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

54.247.69.169 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-247-69-169.eu-west-1.compute.amazonaws.com

Software

gunicorn /

Resource Hash

3ed99066d03e9c522260dc35daf9372f7fd9f7d2d116a0a0da58e02ee9426c92

Security Headers

Name	Value
Strict-Transport-Security	max-age=60; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date: Sat, 12 Nov 2022 10:05:44 GMT
Strict-Transport-Security: max-age=60; includeSubDomains; preload
X-Content-Type-Options: nosniff
Referrer-Policy: same-origin
Via: 1.1 vegur
Server: gunicorn
Vary: Cookie, Origin
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
X-Frame-Options: DENY
Access-Control-Allow-Origin: https://demo.finance.eligiblestaging.co.uk
Connection: keep-alive
Content-Length: 8099
X-Xss-Protection: 1; mode=block

GET
H/1.1 200
OK / Show response
api.eligiblestaging.co.uk/api-v1/content/ 5 KB
6 KB 603ms
509ms XHR
application/json 54.247.69.169
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.eligiblestaging.co.uk/api-v1/content/

Requested by

Host: demo.finance.eligiblestaging.co.uk
URL: https://demo.finance.eligiblestaging.co.uk/static/js/main.d02b8a5d.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

54.247.69.169 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-247-69-169.eu-west-1.compute.amazonaws.com

Software

gunicorn /

Resource Hash

f17c3128bc507625be4215d83247ed1a562fb6c13a28b004dc236f4b55033f2c

Security Headers

Name	Value
Strict-Transport-Security	max-age=60; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date: Sat, 12 Nov 2022 10:05:45 GMT
Strict-Transport-Security: max-age=60; includeSubDomains; preload
X-Content-Type-Options: nosniff
Referrer-Policy: same-origin
Via: 1.1 vegur
Server: gunicorn
Vary: Cookie, Origin
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
X-Frame-Options: DENY
Access-Control-Allow-Origin: https://demo.finance.eligiblestaging.co.uk
Connection: keep-alive
Content-Length: 5186
X-Xss-Protection: 1; mode=block

GET
H/1.1 200
OK 904.ebecdd0b.chunk.js Show response
demo.finance.eligiblestaging.co.uk/static/js/ 368 KB
83 KB 52ms
49ms Script
application/x-javascript 63.32.161.232
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://demo.finance.eligiblestaging.co.uk/static/js/904.ebecdd0b.chunk.js

Requested by

Host: demo.finance.eligiblestaging.co.uk
URL: https://demo.finance.eligiblestaging.co.uk/static/js/main.d02b8a5d.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

63.32.161.232 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-63-32-161-232.eu-west-1.compute.amazonaws.com

Software

nginx /

Resource Hash

93a3b8d08cee2232694dd3e793fc8dadf088304838a8fb2ec7b4392e34e2bbd1

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline'; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-ancestors 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://beacon-v2.helpscout.net https://widget.intercom.io https://.googleapis.com https://.gstatic.com .google.com https://.ggpht.com .googleusercontent.com; img-src 'self' https://eligible-staging.s3.amazonaws.com https://eligible-production.s3.eu-west-2.amazonaws.com https://eligible-production.s3.amazonaws.com https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com data:; connect-src 'self' https://.cloudfront.net https://.helpscout.net https://api.eligible.ai https://api.eligiblestaging.co.uk https://sentry.io https://.googleapis.com .google.com https://.gstatic.com data: blob:; object-src 'none'; manifest-src 'self' blob: ;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://demo.finance.eligiblestaging.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date: Sat, 12 Nov 2022 10:05:44 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' 'unsafe-inline'; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-ancestors 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://beacon-v2.helpscout.net https://widget.intercom.io https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com; img-src 'self' https://eligible-staging.s3.amazonaws.com https://eligible-production.s3.eu-west-2.amazonaws.com https://eligible-production.s3.amazonaws.com https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com data:; connect-src 'self' https://*.cloudfront.net https://*.helpscout.net https://api.eligible.ai https://api.eligiblestaging.co.uk https://sentry.io https://*.googleapis.com *.google.com https://*.gstatic.com data: blob:; object-src 'none'; manifest-src 'self' blob: ;
Content-Encoding: gzip
Via: 1.1 vegur
Transfer-Encoding: chunked
Connection: keep-alive
X-Xss-Protection: 1; mode=block
Referrer-Policy: same-origin
Last-Modified: Fri, 11 Nov 2022 13:44:48 GMT
Server: nginx
Etag: W/"636e51d0-5c0e4"
X-Frame-Options: DENY
Vary: Accept-Encoding
Content-Type: application/x-javascript

GET
H/1.1 200
OK 493.9be83815.chunk.js Show response
demo.finance.eligiblestaging.co.uk/static/js/ 128 KB
43 KB 42ms
40ms Script
application/x-javascript 63.32.161.232
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://demo.finance.eligiblestaging.co.uk/static/js/493.9be83815.chunk.js

Requested by

Host: demo.finance.eligiblestaging.co.uk
URL: https://demo.finance.eligiblestaging.co.uk/static/js/main.d02b8a5d.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

63.32.161.232 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-63-32-161-232.eu-west-1.compute.amazonaws.com

Software

nginx /

Resource Hash

3505ba2e54eca5b55eb19f5c46122d57cbc58c9da7d2937b623736ff891e687d

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline'; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-ancestors 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://beacon-v2.helpscout.net https://widget.intercom.io https://.googleapis.com https://.gstatic.com .google.com https://.ggpht.com .googleusercontent.com; img-src 'self' https://eligible-staging.s3.amazonaws.com https://eligible-production.s3.eu-west-2.amazonaws.com https://eligible-production.s3.amazonaws.com https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com data:; connect-src 'self' https://.cloudfront.net https://.helpscout.net https://api.eligible.ai https://api.eligiblestaging.co.uk https://sentry.io https://.googleapis.com .google.com https://.gstatic.com data: blob:; object-src 'none'; manifest-src 'self' blob: ;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://demo.finance.eligiblestaging.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date: Sat, 12 Nov 2022 10:05:44 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' 'unsafe-inline'; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-ancestors 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://beacon-v2.helpscout.net https://widget.intercom.io https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com; img-src 'self' https://eligible-staging.s3.amazonaws.com https://eligible-production.s3.eu-west-2.amazonaws.com https://eligible-production.s3.amazonaws.com https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com data:; connect-src 'self' https://*.cloudfront.net https://*.helpscout.net https://api.eligible.ai https://api.eligiblestaging.co.uk https://sentry.io https://*.googleapis.com *.google.com https://*.gstatic.com data: blob:; object-src 'none'; manifest-src 'self' blob: ;
Content-Encoding: gzip
Via: 1.1 vegur
Transfer-Encoding: chunked
Connection: keep-alive
X-Xss-Protection: 1; mode=block
Referrer-Policy: same-origin
Last-Modified: Fri, 11 Nov 2022 13:44:48 GMT
Server: nginx
Etag: W/"636e51d0-1ffcd"
X-Frame-Options: DENY
Vary: Accept-Encoding
Content-Type: application/x-javascript

GET
H/1.1 200
OK 713.92480902.chunk.js Show response
demo.finance.eligiblestaging.co.uk/static/js/ 45 KB
15 KB 101ms
36ms Script
application/x-javascript 63.32.161.232
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://demo.finance.eligiblestaging.co.uk/static/js/713.92480902.chunk.js

Requested by

Host: demo.finance.eligiblestaging.co.uk
URL: https://demo.finance.eligiblestaging.co.uk/static/js/main.d02b8a5d.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

63.32.161.232 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-63-32-161-232.eu-west-1.compute.amazonaws.com

Software

nginx /

Resource Hash

e487d460d9cf999e9fcbe27633cea9e12561eb02cc5cb1706c1341895dbfda43

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline'; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-ancestors 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://beacon-v2.helpscout.net https://widget.intercom.io https://.googleapis.com https://.gstatic.com .google.com https://.ggpht.com .googleusercontent.com; img-src 'self' https://eligible-staging.s3.amazonaws.com https://eligible-production.s3.eu-west-2.amazonaws.com https://eligible-production.s3.amazonaws.com https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com data:; connect-src 'self' https://.cloudfront.net https://.helpscout.net https://api.eligible.ai https://api.eligiblestaging.co.uk https://sentry.io https://.googleapis.com .google.com https://.gstatic.com data: blob:; object-src 'none'; manifest-src 'self' blob: ;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://demo.finance.eligiblestaging.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date: Sat, 12 Nov 2022 10:05:45 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' 'unsafe-inline'; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-ancestors 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://beacon-v2.helpscout.net https://widget.intercom.io https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com; img-src 'self' https://eligible-staging.s3.amazonaws.com https://eligible-production.s3.eu-west-2.amazonaws.com https://eligible-production.s3.amazonaws.com https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com data:; connect-src 'self' https://*.cloudfront.net https://*.helpscout.net https://api.eligible.ai https://api.eligiblestaging.co.uk https://sentry.io https://*.googleapis.com *.google.com https://*.gstatic.com data: blob:; object-src 'none'; manifest-src 'self' blob: ;
Content-Encoding: gzip
Via: 1.1 vegur
Transfer-Encoding: chunked
Connection: keep-alive
X-Xss-Protection: 1; mode=block
Referrer-Policy: same-origin
Last-Modified: Fri, 11 Nov 2022 13:44:48 GMT
Server: nginx
Etag: W/"636e51d0-b2af"
X-Frame-Options: DENY
Vary: Accept-Encoding
Content-Type: application/x-javascript

GET
H/1.1 200
OK 971.f03002a1.chunk.css
demo.finance.eligiblestaging.co.uk/static/css/ 83 KB
17 KB 101ms
39ms Stylesheet
text/css 63.32.161.232
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://demo.finance.eligiblestaging.co.uk/static/css/971.f03002a1.chunk.css

Requested by

Host: demo.finance.eligiblestaging.co.uk
URL: https://demo.finance.eligiblestaging.co.uk/static/js/main.d02b8a5d.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

63.32.161.232 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-63-32-161-232.eu-west-1.compute.amazonaws.com

Software

nginx /

Resource Hash

c91bcea9d87aae82fa73a4c25939d026139113e9679fa69ffd9b087d92ef222e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline'; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-ancestors 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://beacon-v2.helpscout.net https://widget.intercom.io https://.googleapis.com https://.gstatic.com .google.com https://.ggpht.com .googleusercontent.com; img-src 'self' https://eligible-staging.s3.amazonaws.com https://eligible-production.s3.eu-west-2.amazonaws.com https://eligible-production.s3.amazonaws.com https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com data:; connect-src 'self' https://.cloudfront.net https://.helpscout.net https://api.eligible.ai https://api.eligiblestaging.co.uk https://sentry.io https://.googleapis.com .google.com https://.gstatic.com data: blob:; object-src 'none'; manifest-src 'self' blob: ;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://demo.finance.eligiblestaging.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date: Sat, 12 Nov 2022 10:05:45 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' 'unsafe-inline'; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-ancestors 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://beacon-v2.helpscout.net https://widget.intercom.io https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com; img-src 'self' https://eligible-staging.s3.amazonaws.com https://eligible-production.s3.eu-west-2.amazonaws.com https://eligible-production.s3.amazonaws.com https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com data:; connect-src 'self' https://*.cloudfront.net https://*.helpscout.net https://api.eligible.ai https://api.eligiblestaging.co.uk https://sentry.io https://*.googleapis.com *.google.com https://*.gstatic.com data: blob:; object-src 'none'; manifest-src 'self' blob: ;
Content-Encoding: gzip
Via: 1.1 vegur
Transfer-Encoding: chunked
Connection: keep-alive
X-Xss-Protection: 1; mode=block
Referrer-Policy: same-origin
Last-Modified: Fri, 11 Nov 2022 13:44:48 GMT
Server: nginx
Etag: W/"636e51d0-14de9"
X-Frame-Options: DENY
Vary: Accept-Encoding
Content-Type: text/css

GET
H/1.1 200
OK 971.556bb573.chunk.js Show response
demo.finance.eligiblestaging.co.uk/static/js/ 267 KB
89 KB 104ms
38ms Script
application/x-javascript 63.32.161.232
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://demo.finance.eligiblestaging.co.uk/static/js/971.556bb573.chunk.js

Requested by

Host: demo.finance.eligiblestaging.co.uk
URL: https://demo.finance.eligiblestaging.co.uk/static/js/main.d02b8a5d.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

63.32.161.232 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-63-32-161-232.eu-west-1.compute.amazonaws.com

Software

nginx /

Resource Hash

88e0b400b8ce8a19320a930f8142c16a25e7d916dd8abacd93f39347b5a865e2

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline'; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-ancestors 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://beacon-v2.helpscout.net https://widget.intercom.io https://.googleapis.com https://.gstatic.com .google.com https://.ggpht.com .googleusercontent.com; img-src 'self' https://eligible-staging.s3.amazonaws.com https://eligible-production.s3.eu-west-2.amazonaws.com https://eligible-production.s3.amazonaws.com https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com data:; connect-src 'self' https://.cloudfront.net https://.helpscout.net https://api.eligible.ai https://api.eligiblestaging.co.uk https://sentry.io https://.googleapis.com .google.com https://.gstatic.com data: blob:; object-src 'none'; manifest-src 'self' blob: ;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://demo.finance.eligiblestaging.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date: Sat, 12 Nov 2022 10:05:45 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' 'unsafe-inline'; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-ancestors 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://beacon-v2.helpscout.net https://widget.intercom.io https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com; img-src 'self' https://eligible-staging.s3.amazonaws.com https://eligible-production.s3.eu-west-2.amazonaws.com https://eligible-production.s3.amazonaws.com https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com data:; connect-src 'self' https://*.cloudfront.net https://*.helpscout.net https://api.eligible.ai https://api.eligiblestaging.co.uk https://sentry.io https://*.googleapis.com *.google.com https://*.gstatic.com data: blob:; object-src 'none'; manifest-src 'self' blob: ;
Content-Encoding: gzip
Via: 1.1 vegur
Transfer-Encoding: chunked
Connection: keep-alive
X-Xss-Protection: 1; mode=block
Referrer-Policy: same-origin
Last-Modified: Fri, 11 Nov 2022 13:44:48 GMT
Server: nginx
Etag: W/"636e51d0-42bd0"
X-Frame-Options: DENY
Vary: Accept-Encoding
Content-Type: application/x-javascript

GET
H/1.1 200
OK / Show response
api.eligiblestaging.co.uk/api-v1/me/ 8 KB
8 KB 152ms
152ms XHR
application/json 54.247.69.169
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.eligiblestaging.co.uk/api-v1/me/

Requested by

Host: demo.finance.eligiblestaging.co.uk
URL: https://demo.finance.eligiblestaging.co.uk/static/js/main.d02b8a5d.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

54.247.69.169 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-247-69-169.eu-west-1.compute.amazonaws.com

Software

gunicorn /

Resource Hash

3ed99066d03e9c522260dc35daf9372f7fd9f7d2d116a0a0da58e02ee9426c92

Security Headers

Name	Value
Strict-Transport-Security	max-age=60; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date: Sat, 12 Nov 2022 10:05:45 GMT
Strict-Transport-Security: max-age=60; includeSubDomains; preload
X-Content-Type-Options: nosniff
Referrer-Policy: same-origin
Via: 1.1 vegur
Server: gunicorn
Vary: Cookie, Origin
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
X-Frame-Options: DENY
Access-Control-Allow-Origin: https://demo.finance.eligiblestaging.co.uk
Connection: keep-alive
Content-Length: 8099
X-Xss-Protection: 1; mode=block

GET
H/1.1 200
OK dark_rectangular_logo.png.240x240_q85_autocrop.png
eligible-staging.s3.amazonaws.com/firms/476f9a8c-a4c5-46da-8626-bee483e9b771/ 8 KB
8 KB 191ms
71ms Image
image/png 52.95.150.129
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eligible-staging.s3.amazonaws.com/firms/476f9a8c-a4c5-46da-8626-bee483e9b771/dark_rectangular_logo.png.240x240_q85_autocrop.png
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.95.150.129 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-w.eu-west-2.amazonaws.com
Software: AmazonS3 /
Resource Hash: 79043e822d640adf6c34434df868260f284e7eb654d1670bd94caf09b8a45bd4

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date: Sat, 12 Nov 2022 10:05:46 GMT
Last-Modified: Thu, 13 May 2021 06:47:47 GMT
Server: AmazonS3
x-amz-request-id: FXXPAXSAXN0S6ZP1
ETag: "0560662edba110340d5149963e08457a"
x-amz-server-side-encryption: AES256
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 8049
x-amz-id-2: cVRJ00gqgBpeQMOLgbCT98bBt8NViwEWvMpX4lQz4a4t0BgONkgaHuQadiycYjPPPQIq8rHKa3s=

GET
H2 200 7Auwp_0qiz-afTLGLQ.woff2
fonts.gstatic.com/s/muli/v28/ 30 KB
31 KB 33ms
8ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/muli/v28/7Auwp_0qiz-afTLGLQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Muli:400,400i,600,600i,700,700i

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2a04078f9550381b5148170ceaf5b378a1b31ed8274c6d0094aeba6f599462cc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://demo.finance.eligiblestaging.co.uk
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Fri, 11 Nov 2022 20:07:08 GMT
x-content-type-options: nosniff
age: 50317
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31196
x-xss-protection: 0
last-modified: Mon, 11 Jul 2022 20:43:05 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 11 Nov 2023 20:07:08 GMT

GET
H2 200 7Au-p_0qiz-afTf2LwLT.woff2
fonts.gstatic.com/s/muli/v28/ 31 KB
31 KB 40ms
15ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/muli/v28/7Au-p_0qiz-afTf2LwLT.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Muli:400,400i,600,600i,700,700i

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

542aa3a659dae23a91406e12842f7c1554e955238427f8374c6a1e17bfdb1940

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://demo.finance.eligiblestaging.co.uk
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 07 Nov 2022 23:02:14 GMT
x-content-type-options: nosniff
age: 385411
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32108
x-xss-protection: 0
last-modified: Mon, 11 Jul 2022 21:01:21 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 07 Nov 2023 23:02:14 GMT

POST
H/1.1 201
Created / Show response
api.eligiblestaging.co.uk/api-v1/pageview/ 0
441 B 63ms
63ms XHR
text/plain 54.247.69.169
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.eligiblestaging.co.uk/api-v1/pageview/

Requested by

Host: demo.finance.eligiblestaging.co.uk
URL: https://demo.finance.eligiblestaging.co.uk/static/js/main.d02b8a5d.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

54.247.69.169 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-247-69-169.eu-west-1.compute.amazonaws.com

Software

gunicorn /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=60; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
Content-Type: application/json

Response headers

Date: Sat, 12 Nov 2022 10:05:45 GMT
Strict-Transport-Security: max-age=60; includeSubDomains; preload
X-Content-Type-Options: nosniff
Referrer-Policy: same-origin
Via: 1.1 vegur
Server: gunicorn
Vary: Cookie, Origin
Allow: POST, OPTIONS
X-Frame-Options: DENY
Access-Control-Allow-Origin: https://demo.finance.eligiblestaging.co.uk
Connection: keep-alive
Content-Length: 0
X-Xss-Protection: 1; mode=block

OPTIONS
H/1.1 200
OK /
api.eligiblestaging.co.uk/api-v1/pageview/ 0
0 37ms
37ms Preflight
text/html 54.247.69.169
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.eligiblestaging.co.uk/api-v1/pageview/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 54.247.69.169 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-247-69-169.eu-west-1.compute.amazonaws.com
Software: gunicorn /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://demo.finance.eligiblestaging.co.uk
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Access-Control-Allow-Headers: accept, accept-encoding, authorization, content-type, dnt, origin, user-agent, x-csrftoken, x-requested-with
Access-Control-Allow-Methods: DELETE, GET, OPTIONS, PATCH, POST, PUT
Access-Control-Allow-Origin: https://demo.finance.eligiblestaging.co.uk
Access-Control-Max-Age: 86400
Connection: keep-alive
Content-Length: 0
Content-Type: text/html; charset=utf-8
Date: Sat, 12 Nov 2022 10:05:45 GMT
Server: gunicorn
Vary: Origin
Via: 1.1 vegur

Verdicts & Comments Add Verdict or Comment

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline'; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-ancestors 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://beacon-v2.helpscout.net https://widget.intercom.io https://.googleapis.com https://.gstatic.com .google.com https://.ggpht.com .googleusercontent.com; img-src 'self' https://eligible-staging.s3.amazonaws.com https://eligible-production.s3.eu-west-2.amazonaws.com https://eligible-production.s3.amazonaws.com https://.googleapis.com https://.gstatic.com .google.com .googleusercontent.com data:; connect-src 'self' https://.cloudfront.net https://.helpscout.net https://api.eligible.ai https://api.eligiblestaging.co.uk https://sentry.io https://.googleapis.com .google.com https://.gstatic.com data: blob:; object-src 'none'; manifest-src 'self' blob: ;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.eligiblestaging.co.uk
demo.finance.eligiblestaging.co.uk
eligible-staging.s3.amazonaws.com
fonts.googleapis.com
fonts.gstatic.com
2a00:1450:4001:809::200a
2a00:1450:4001:812::2003
52.95.150.129
54.247.69.169
63.32.161.232
130bf7274ad2700e7d7b73dd67bf4d6afbdc3ab35614ee0814c7ce143b9fd432
291c648b9e5c84460b73a68cc4fa7f79084bac076c08871907eea60358c72128
2a04078f9550381b5148170ceaf5b378a1b31ed8274c6d0094aeba6f599462cc
3505ba2e54eca5b55eb19f5c46122d57cbc58c9da7d2937b623736ff891e687d
3c59b1f53993ef55c0533a757799a0abacdc1b5fb9a6c9e9e3c86f68dfe0a759
3ed99066d03e9c522260dc35daf9372f7fd9f7d2d116a0a0da58e02ee9426c92
542aa3a659dae23a91406e12842f7c1554e955238427f8374c6a1e17bfdb1940
79043e822d640adf6c34434df868260f284e7eb654d1670bd94caf09b8a45bd4
7cc0c8d801897d8ed58b784e45f1e02a3898786499e29798d9d2b9267b12a3b1
88e0b400b8ce8a19320a930f8142c16a25e7d916dd8abacd93f39347b5a865e2
93a3b8d08cee2232694dd3e793fc8dadf088304838a8fb2ec7b4392e34e2bbd1
c91bcea9d87aae82fa73a4c25939d026139113e9679fa69ffd9b087d92ef222e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e487d460d9cf999e9fcbe27633cea9e12561eb02cc5cb1706c1341895dbfda43
f17c3128bc507625be4215d83247ed1a562fb6c13a28b004dc236f4b55033f2c

demo.finance.eligiblestaging.co.uk Open in urlscan Pro 63.32.161.232 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

17 Requests

100 %HTTPS

40 %IPv6

4 Domains

5 Subdomains

5 IPs

3 Countries

1051 kBTransfer

3140 kBSize

0 Cookies

5 Outgoing links

Redirected requests

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

6 JavaScript Global Variables

0 Cookies

Security Headers

Indicators

demo.finance.eligiblestaging.co.uk Open in urlscan Pro
63.32.161.232 Public Scan

Screenshot
Live screenshot

Full Image

17
Requests

100 %
HTTPS

40 %
IPv6

4
Domains

5
Subdomains

5
IPs

3
Countries

1051 kB
Transfer

3140 kB
Size

0
Cookies

17 HTTP transactions
0 data transactions