urlscan.io logo urlscan.io
SecurityTrails logo

accounts-dot-devsnapchat.appspot.com Open in urlscan Pro
2a00:1450:4001:80b::2014  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://accounts-dot-devsnapchat.appspot.com/accounts/login
Effective URL: https://accounts-dot-devsnapchat.appspot.com/accounts/v2/login?continue=%2Faccounts%2Fwelcome
Submission: On December 23 via automatic, source openphish — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 13 IPs in 3 countries across 6 domains to perform 34 HTTP transactions. The main IP is 2a00:1450:4001:80b::2014, located in Frankfurt am Main, Germany and belongs to GOOGLE, US. The main domain is accounts-dot-devsnapchat.appspot.com.
TLS certificate: Issued by WR2 on December 2nd 2024. Valid for: 3 months.
This is the only time accounts-dot-devsnapchat.appspot.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Snapchat (Instant Messenger)

Domain & IP information

IP Address AS Autonomous System
1 2 2a00:1450:400... 15169 (GOOGLE)
12 3.5.30.96 14618 (AMAZON-AES)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2600:9000:223... 16509 (AMAZON-02)
2 142.250.186.180 15169 (GOOGLE)
2 172.217.23.123 15169 (GOOGLE)
4 3.251.220.161 16509 (AMAZON-02)
2 146.75.119.18 54113 (FASTLY)
2 34.149.46.130 396982 (GOOGLE-CL...)
2 172.217.16.219 15169 (GOOGLE)
2 35.190.43.134 15169 (GOOGLE)
34 13
2    2a00:1450:4001:80b::2014 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
accounts-dot-devsnapchat.appspot.com
12    3.5.30.96 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: s3-1-w.amazonaws.com
sc-static-web-assets-dev.s3.amazonaws.com
1    2a00:1450:4001:813::201b (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
snapnet-cdn.storage.googleapis.com
1    2a00:1450:4001:827::201b (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
storage.googleapis.com
1    2600:9000:223e:be00:3:12b1:2300:93a1 (United States)

ASN16509 (AMAZON-02, US)
iframe.arkoselabs.com
2    142.250.186.180 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f20.1e100.net
accounts-dot-devsnapchat.appspot.com
2    172.217.23.123 (United States)

ASN15169 (GOOGLE, US)
PTR: mil04s23-in-f123.1e100.net
snapnet-cdn.storage.googleapis.com
4    3.251.220.161 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-251-220-161.eu-west-1.compute.amazonaws.com
aws.api.snapchat.com
2    146.75.119.18 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)
graphql.contentful.com
2    34.149.46.130 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 130.46.149.34.bc.googleusercontent.com
www.snapchat.com
2    172.217.16.219 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s08-in-f219.1e100.net
storage.googleapis.com
2    35.190.43.134 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 134.43.190.35.bc.googleusercontent.com
gcp.api.snapchat.com
Apex Domain
Subdomains		 Transfer
12 amazonaws.com
sc-static-web-assets-dev.s3.amazonaws.com
15 MB
8 snapchat.com
aws.api.snapchat.com — Cisco Umbrella Rank: 584
story.snapchat.com Failed
www.snapchat.com — Cisco Umbrella Rank: 20715
gcp.api.snapchat.com — Cisco Umbrella Rank: 649
3 KB
6 googleapis.com
snapnet-cdn.storage.googleapis.com — Cisco Umbrella Rank: 150709
storage.googleapis.com — Cisco Umbrella Rank: 314
196 KB
4 appspot.com
accounts-dot-devsnapchat.appspot.com
9 KB
2 contentful.com
graphql.contentful.com — Cisco Umbrella Rank: 10955
10 KB
1 arkoselabs.com
iframe.arkoselabs.com — Cisco Umbrella Rank: 23211
34 6
Domain Requested by
12 sc-static-web-assets-dev.s3.amazonaws.com accounts-dot-devsnapchat.appspot.com
sc-static-web-assets-dev.s3.amazonaws.com
4 aws.api.snapchat.com sc-static-web-assets-dev.s3.amazonaws.com
4 accounts-dot-devsnapchat.appspot.com 1 redirects accounts-dot-devsnapchat.appspot.com
3 storage.googleapis.com sc-static-web-assets-dev.s3.amazonaws.com
storage.googleapis.com
3 snapnet-cdn.storage.googleapis.com accounts-dot-devsnapchat.appspot.com
snapnet-cdn.storage.googleapis.com
2 gcp.api.snapchat.com sc-static-web-assets-dev.s3.amazonaws.com
2 www.snapchat.com sc-static-web-assets-dev.s3.amazonaws.com
2 graphql.contentful.com sc-static-web-assets-dev.s3.amazonaws.com
1 iframe.arkoselabs.com sc-static-web-assets-dev.s3.amazonaws.com
0 story.snapchat.com Failed sc-static-web-assets-dev.s3.amazonaws.com
34 10
Subject Issuer Validity Valid
*.appspot.com
WR2		 2024-12-02 -
2025-02-24		 3 months crt.sh
*.s3.amazonaws.com
Amazon RSA 2048 M01		 2024-04-22 -
2025-04-07		 a year crt.sh
*.storage.googleapis.com
WR2		 2024-12-02 -
2025-02-24		 3 months crt.sh
storage.googleapis.com
WR2		 2024-12-02 -
2025-02-24		 3 months crt.sh
arkoselabs.com
Amazon RSA 2048 M02		 2024-04-29 -
2025-05-28		 a year crt.sh
*.api.snapchat.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-07-30 -
2025-07-29		 a year crt.sh
graphql.contentful.com
GlobalSign Atlas R3 DV TLS CA 2024 Q1		 2024-04-03 -
2025-05-05		 a year crt.sh
*.snap.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-07-23 -
2025-07-22		 a year crt.sh

This page contains 2 frames:

Primary Page: https://accounts-dot-devsnapchat.appspot.com/accounts/v2/login?continue=%2Faccounts%2Fwelcome
Frame ID: BE181117A65C4974FC13E9837F212CDE
Requests: 29 HTTP requests in this frame

Frame: https://iframe.arkoselabs.com/FE9DC8DA-5E83-495F-A762-582267EEACDE/index.html?mkt=de-DE
Frame ID: DAB20EDE1BD1A40DD4C14DBFD0F6F209
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Einloggen | Snapchat

Page URL History Show full URLs

  1. https://accounts-dot-devsnapchat.appspot.com/accounts/login HTTP 302
    https://accounts-dot-devsnapchat.appspot.com/accounts/v2/login?continue=%2Faccounts%2Fwelcome Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]+semantic(?:\.min)\.css"
  • /semantic(?:-([\d.]+))?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

34
Requests

94 %
HTTPS

33 %
IPv6

6
Domains

10
Subdomains

13
IPs

3
Countries

15247 kB
Transfer

15357 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://accounts-dot-devsnapchat.appspot.com/accounts/login HTTP 302
    https://accounts-dot-devsnapchat.appspot.com/accounts/v2/login?continue=%2Faccounts%2Fwelcome Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

34 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request login
accounts-dot-devsnapchat.appspot.com/accounts/v2/
Redirect Chain
  • https://accounts-dot-devsnapchat.appspot.com/accounts/login
  • https://accounts-dot-devsnapchat.appspot.com/accounts/v2/login?continue=%2Faccounts%2Fwelcome
3 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://accounts-dot-devsnapchat.appspot.com/accounts/v2/login?continue=%2Faccounts%2Fwelcome
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2014 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Frontend /
Resource Hash
1e26fa08eca12cebce4b7cc893ca0095f56786f9645e92c6170b1c36ef3c27e3
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'wasm-unsafe-eval' https://sc-static-web-assets-dev.s3.amazonaws.com 'unsafe-eval' 'unsafe-inline' http://tagmanager.google.com 'sha256-93ejg12EAT+6aW5hUFXASC0su+RZ+zOjgnJgLqJaLmY=' https://sc-static.net https://www.google-analytics.com https://www.googletagmanager.com https://snap-api.arkoselabs.com/ https://accounts.google.com https://www.google.com/recaptcha/ https://www.google.com/js https://www.gstatic.com/ https://apis.google.com/ https://tr.snapchat.com/config/com/49966cac-c23c-49c7-9ff9-c7f8f6f771ba.js; font-src 'self' https://snapnet-cdn.storage.googleapis.com *.sc-cdn.net https://storage.googleapis.com/snap-design-system/fonts/ data: https://sc-static-web-assets-dev.s3.amazonaws.com; style-src 'self' 'unsafe-inline' https://snapnet-cdn.storage.googleapis.com https://sc-static-web-assets-dev.s3.amazonaws.com *.sc-cdn.net https://storage.googleapis.com/snap-design-system/ blob:; frame-src 'self' https://iframe.arkoselabs.com https://snap-api.arkoselabs.com https://tr.snapchat.com https://www.google.com/ https://client-api.arkoselabs.com/; connect-src 'self' https://graphql.contentful.com/content/v1/spaces/kp51zybwznx4/environments/master https://sc-static-web-assets-dev.s3.amazonaws.com https://snap-api.arkoselabs.com/ https://tr.snapchat.com https://www.snapchat.com https://accounts.snapchat.com https://web-frontend-dot-sc-analytics.appspot.com https://us-central1-gcp.api.snapchat.com https://staging-us-central1-gcp.api.snapchat.com https://www.google-analytics.com https://sentry.sc-prod.net https://cdn.contentful.com/spaces/kp51zybwznx4/ https://accounts.snap.com/ https://web.snapchat.com/ https://gcp.api.snapchat.com https://story.snapchat.com https://aws.api.snapchat.com/snapchat.cdp.cof.CircumstancesService/targetingQuery https://aws.api.snapchat.com/snapchat.ab.exposure_service.ExposureService/BatchUpdateAbExposure https://chat-gold.sc-corp.net; img-src 'self' data: https://ssl.gstatic.com https://www.snapchat.com https://sc-oauth2-client-icons-dev.storage.googleapis.com https://sc-static-web-assets-dev.s3.amazonaws.com https://storage.googleapis.com https://www.google-analytics.com https://images.ctfassets.net https://sdk.bitmoji.com; media-src 'self' https://sc-static-web-assets-dev.s3.amazonaws.com https://storage.googleapis.com/accounts-resources; form-action 'self' https://*.snap.com https://*.snapchat.com https://*.snap-dev.net https://*.sc-corp.net https://localhost:3000 http://localhost:3000 https://staging--auth-web-sso.mesh.sc-corp.net https://accounts.google.com https://iap.googleapis.com; frame-ancestors https://iframe.arkoselabs.com https://profile.snap-dev.net https://snap-profile-manager-dev.appspot.com https://business-manager.snap-dev.net https://enterprise.snap-dev.net;
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options allow-from https://iframe.arkoselabs.com
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0
content-encoding
gzip
content-length
1006
content-security-policy
default-src 'self'; script-src 'self' 'wasm-unsafe-eval' https://sc-static-web-assets-dev.s3.amazonaws.com 'unsafe-eval' 'unsafe-inline' http://tagmanager.google.com 'sha256-93ejg12EAT+6aW5hUFXASC0su+RZ+zOjgnJgLqJaLmY=' https://sc-static.net https://www.google-analytics.com https://www.googletagmanager.com https://snap-api.arkoselabs.com/ https://accounts.google.com https://www.google.com/recaptcha/ https://www.google.com/js https://www.gstatic.com/ https://apis.google.com/ https://tr.snapchat.com/config/com/49966cac-c23c-49c7-9ff9-c7f8f6f771ba.js; font-src 'self' https://snapnet-cdn.storage.googleapis.com *.sc-cdn.net https://storage.googleapis.com/snap-design-system/fonts/ data: https://sc-static-web-assets-dev.s3.amazonaws.com; style-src 'self' 'unsafe-inline' https://snapnet-cdn.storage.googleapis.com https://sc-static-web-assets-dev.s3.amazonaws.com *.sc-cdn.net https://storage.googleapis.com/snap-design-system/ blob:; frame-src 'self' https://iframe.arkoselabs.com https://snap-api.arkoselabs.com https://tr.snapchat.com https://www.google.com/ https://client-api.arkoselabs.com/; connect-src 'self' https://graphql.contentful.com/content/v1/spaces/kp51zybwznx4/environments/master https://sc-static-web-assets-dev.s3.amazonaws.com https://snap-api.arkoselabs.com/ https://tr.snapchat.com https://www.snapchat.com https://accounts.snapchat.com https://web-frontend-dot-sc-analytics.appspot.com https://us-central1-gcp.api.snapchat.com https://staging-us-central1-gcp.api.snapchat.com https://www.google-analytics.com https://sentry.sc-prod.net https://cdn.contentful.com/spaces/kp51zybwznx4/ https://accounts.snap.com/ https://web.snapchat.com/ https://gcp.api.snapchat.com https://story.snapchat.com https://aws.api.snapchat.com/snapchat.cdp.cof.CircumstancesService/targetingQuery https://aws.api.snapchat.com/snapchat.ab.exposure_service.ExposureService/BatchUpdateAbExposure https://chat-gold.sc-corp.net; img-src 'self' data: https://ssl.gstatic.com https://www.snapchat.com https://sc-oauth2-client-icons-dev.storage.googleapis.com https://sc-static-web-assets-dev.s3.amazonaws.com https://storage.googleapis.com https://www.google-analytics.com https://images.ctfassets.net https://sdk.bitmoji.com; media-src 'self' https://sc-static-web-assets-dev.s3.amazonaws.com https://storage.googleapis.com/accounts-resources; form-action 'self' https://*.snap.com https://*.snapchat.com https://*.snap-dev.net https://*.sc-corp.net https://localhost:3000 http://localhost:3000 https://staging--auth-web-sso.mesh.sc-corp.net https://accounts.google.com https://iap.googleapis.com; frame-ancestors https://iframe.arkoselabs.com https://profile.snap-dev.net https://snap-profile-manager-dev.appspot.com https://business-manager.snap-dev.net https://enterprise.snap-dev.net;
content-type
text/html
date
Mon, 23 Dec 2024 13:10:08 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
server
Google Frontend
strict-transport-security
max-age=31536000; includeSubdomains
vary
Accept-Encoding, User-Agent
x-cloud-trace-context
a7a04723d3b0b8d979a11bb9449ae798
x-content-type-options
nosniff
x-frame-options
allow-from https://iframe.arkoselabs.com
x-xss-protection
1; mode=block

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0
content-length
0
content-security-policy
default-src 'self'; script-src 'self' 'wasm-unsafe-eval' https://sc-static-web-assets-dev.s3.amazonaws.com 'unsafe-eval' 'unsafe-inline' http://tagmanager.google.com 'sha256-93ejg12EAT+6aW5hUFXASC0su+RZ+zOjgnJgLqJaLmY=' https://sc-static.net https://www.google-analytics.com https://www.googletagmanager.com https://snap-api.arkoselabs.com/ https://accounts.google.com https://www.google.com/recaptcha/ https://www.google.com/js https://www.gstatic.com/ https://apis.google.com/ https://tr.snapchat.com/config/com/49966cac-c23c-49c7-9ff9-c7f8f6f771ba.js; font-src 'self' https://snapnet-cdn.storage.googleapis.com *.sc-cdn.net https://storage.googleapis.com/snap-design-system/fonts/ data: https://sc-static-web-assets-dev.s3.amazonaws.com; style-src 'self' 'unsafe-inline' https://snapnet-cdn.storage.googleapis.com https://sc-static-web-assets-dev.s3.amazonaws.com *.sc-cdn.net https://storage.googleapis.com/snap-design-system/ blob:; frame-src 'self' https://iframe.arkoselabs.com https://snap-api.arkoselabs.com https://tr.snapchat.com https://www.google.com/ https://client-api.arkoselabs.com/; connect-src 'self' https://graphql.contentful.com/content/v1/spaces/kp51zybwznx4/environments/master https://sc-static-web-assets-dev.s3.amazonaws.com https://snap-api.arkoselabs.com/ https://tr.snapchat.com https://www.snapchat.com https://accounts.snapchat.com https://web-frontend-dot-sc-analytics.appspot.com https://us-central1-gcp.api.snapchat.com https://staging-us-central1-gcp.api.snapchat.com https://www.google-analytics.com https://sentry.sc-prod.net https://cdn.contentful.com/spaces/kp51zybwznx4/ https://accounts.snap.com/ https://web.snapchat.com/ https://gcp.api.snapchat.com https://story.snapchat.com https://aws.api.snapchat.com/snapchat.cdp.cof.CircumstancesService/targetingQuery https://aws.api.snapchat.com/snapchat.ab.exposure_service.ExposureService/BatchUpdateAbExposure https://chat-gold.sc-corp.net; img-src 'self' data: https://ssl.gstatic.com https://www.snapchat.com https://sc-oauth2-client-icons-dev.storage.googleapis.com https://sc-static-web-assets-dev.s3.amazonaws.com https://storage.googleapis.com https://www.google-analytics.com https://images.ctfassets.net https://sdk.bitmoji.com; media-src 'self' https://sc-static-web-assets-dev.s3.amazonaws.com https://storage.googleapis.com/accounts-resources; form-action 'self' https://*.snap.com https://*.snapchat.com https://*.snap-dev.net https://*.sc-corp.net https://localhost:3000 http://localhost:3000 https://staging--auth-web-sso.mesh.sc-corp.net https://accounts.google.com https://iap.googleapis.com; frame-ancestors https://iframe.arkoselabs.com https://profile.snap-dev.net https://snap-profile-manager-dev.appspot.com https://business-manager.snap-dev.net https://enterprise.snap-dev.net;
content-type
text/html
date
Mon, 23 Dec 2024 13:10:07 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
location
/accounts/v2/login?continue=%2Faccounts%2Fwelcome
server
Google Frontend
strict-transport-security
max-age=31536000; includeSubdomains
x-cloud-trace-context
49af98491365ebd1e96466f30581953e
x-content-type-options
nosniff
x-frame-options
allow-from https://iframe.arkoselabs.com
x-xss-protection
1; mode=block
semantic.min.css
sc-static-web-assets-dev.s3.amazonaws.com/public/accounts-ui/static/1734661444/styles/ 		401 KB
401 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://sc-static-web-assets-dev.s3.amazonaws.com/public/accounts-ui/static/1734661444/styles/semantic.min.css
Requested by
Host: accounts-dot-devsnapchat.appspot.com
URL: https://accounts-dot-devsnapchat.appspot.com/accounts/v2/login?continue=%2Faccounts%2Fwelcome
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
3.5.30.96 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
498453af95a962f85c7ec7fe739918bc32d0b0768f108edaab76dd63478a1d1a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://accounts-dot-devsnapchat.appspot.com/

Response headers

x-amz-id-2
e19/daLvOOmfayqnRVRUc7NOcTCDoppkJCvsPAlcfhdVhK7uCSYMHH8wAP7r654lpJit65aktTUa2M2llYgXAR33u5x45AAJ
Cache-Control
max-age=300,public,immutable
ETag
"ae47b4a71f2dcf1a770cdf6e0cd9b793"
x-amz-request-id
6GCT75974J2Y5171
Accept-Ranges
bytes
Content-Length
410126
Date
Mon, 23 Dec 2024 13:10:10 GMT
Last-Modified
Fri, 20 Dec 2024 02:30:59 GMT
Content-Type
text/css
Server
AmazonS3
x-amz-server-side-encryption
AES256
dropdown.min.css
sc-static-web-assets-dev.s3.amazonaws.com/public/accounts-ui/static/1734661444/styles/ 		23 KB
23 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://sc-static-web-assets-dev.s3.amazonaws.com/public/accounts-ui/static/1734661444/styles/dropdown.min.css
Requested by
Host: accounts-dot-devsnapchat.appspot.com
URL: https://accounts-dot-devsnapchat.appspot.com/accounts/v2/login?continue=%2Faccounts%2Fwelcome
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
3.5.30.96 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
cb90820edef6ff76150e4795a54491ed695f5621a9fc5e13284f9b3c11efde32

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://accounts-dot-devsnapchat.appspot.com/

Response headers

x-amz-id-2
g8LmsR1OIk6xxixSe4ITGFA9h35xfTrfNYlvNn3dcgQK3YKkEKtmMwA4W2dPontfJCFGB6JKQ53CPSpumkBWrl69m+ipqCER
Cache-Control
max-age=300,public,immutable
ETag
"57c7d369fd2aa0aacf62461986d3f397"
x-amz-request-id
6GCM6V17XANHNBWQ
Accept-Ranges
bytes
Content-Length
23479
Date
Mon, 23 Dec 2024 13:10:10 GMT
Last-Modified
Fri, 20 Dec 2024 02:30:59 GMT
Content-Type
text/css
Server
AmazonS3
x-amz-server-side-encryption
AES256
snapchat.css
sc-static-web-assets-dev.s3.amazonaws.com/public/accounts-ui/static/1734661444/styles/ 		1 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://sc-static-web-assets-dev.s3.amazonaws.com/public/accounts-ui/static/1734661444/styles/snapchat.css?t=0
Requested by
Host: accounts-dot-devsnapchat.appspot.com
URL: https://accounts-dot-devsnapchat.appspot.com/accounts/v2/login?continue=%2Faccounts%2Fwelcome
Protocol
HTTP/1.1
Security
TLS 1.3, , CHACHA20_POLY1305
Server
3.5.30.96 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
494b8167faba431c364dc43257d6e60ccf8490803bf03648198454fdadaec8f2

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://accounts-dot-devsnapchat.appspot.com/

Response headers

x-amz-id-2
q+/sHakZUAJonPJr6TX5oV9aHyIildoQS8i2gomuVznpVN2hVrgiSn3Gv1KjpihooxvRCjCf8XNnxue6NWaBS6K4yaAwxGas
Cache-Control
max-age=300,public,immutable
ETag
"e0afb0c16b895721570e6fb4f5f94ac4"
x-amz-request-id
6GCX3Y1FGJPPW7WR
Accept-Ranges
bytes
Content-Length
1260
Date
Mon, 23 Dec 2024 13:10:10 GMT
Last-Modified
Fri, 20 Dec 2024 02:30:59 GMT
Content-Type
text/css
Server
AmazonS3
x-amz-server-side-encryption
AES256
accounts.css
sc-static-web-assets-dev.s3.amazonaws.com/public/accounts-ui/static/1734661444/styles/ 		2 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://sc-static-web-assets-dev.s3.amazonaws.com/public/accounts-ui/static/1734661444/styles/accounts.css
Requested by
Host: accounts-dot-devsnapchat.appspot.com
URL: https://accounts-dot-devsnapchat.appspot.com/accounts/v2/login?continue=%2Faccounts%2Fwelcome
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
3.5.30.96 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
e8d1e5eee09335046a5d65e14effd65e71e95a0892fecd59638cf874abdaf412

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://accounts-dot-devsnapchat.appspot.com/

Response headers

x-amz-id-2
wl7mnUMk7ThSXelzjqGL+oT/NSaW9Ir1aEDL/G9XQb5OYeYZbCWJ6EwhFuWhKr4frQZAy9zJZKAwgcQn1ZtCytLGLUuKU+Wy
Cache-Control
max-age=300,public,immutable
ETag
"5e1891f1ab4c789cd7cae191ad69e8fc"
x-amz-request-id
6GCP77Y1JRN1Z2BG
Accept-Ranges
bytes
Content-Length
1897
Date
Mon, 23 Dec 2024 13:10:10 GMT
Last-Modified
Fri, 20 Dec 2024 02:30:59 GMT
Content-Type
text/css
Server
AmazonS3
x-amz-server-side-encryption
AES256
auth.css
sc-static-web-assets-dev.s3.amazonaws.com/public/accounts-ui/static/1734661444/styles/ 		1 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://sc-static-web-assets-dev.s3.amazonaws.com/public/accounts-ui/static/1734661444/styles/auth.css
Requested by
Host: accounts-dot-devsnapchat.appspot.com
URL: https://accounts-dot-devsnapchat.appspot.com/accounts/v2/login?continue=%2Faccounts%2Fwelcome
Protocol
HTTP/1.1
Security
TLS 1.3, , CHACHA20_POLY1305
Server
3.5.30.96 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
87e50f229ef7329e90030981164f7f23dcab7a28527937ea3b15e562ee69e42f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://accounts-dot-devsnapchat.appspot.com/

Response headers

x-amz-id-2
y4KCnRerjUt+/yCCUp4U5rIjwzTxU9kJbf9Jcyv8Y0jBYGbPo+YeiXUQHyKXvJPaHE136SAs47NzPCpHFN/a0xEWXY3qSLw/
Cache-Control
max-age=300,public,immutable
ETag
"e8e184f13540f36644b9255056ba25e7"
x-amz-request-id
6GCJX8FT681Q5ZK7
Accept-Ranges
bytes
Content-Length
1448
Date
Mon, 23 Dec 2024 13:10:10 GMT
Last-Modified
Fri, 20 Dec 2024 02:30:59 GMT
Content-Type
text/css
Server
AmazonS3
x-amz-server-side-encryption
AES256
revoke.css
sc-static-web-assets-dev.s3.amazonaws.com/public/accounts-ui/static/1734661444/styles/ 		1 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://sc-static-web-assets-dev.s3.amazonaws.com/public/accounts-ui/static/1734661444/styles/revoke.css
Requested by
Host: accounts-dot-devsnapchat.appspot.com
URL: https://accounts-dot-devsnapchat.appspot.com/accounts/v2/login?continue=%2Faccounts%2Fwelcome
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
3.5.30.96 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
55afb4e61527076483c1929a24971b27b8b366fbc5b72f85b96b051a97c1a263

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://accounts-dot-devsnapchat.appspot.com/

Response headers

x-amz-id-2
1yCnuso8K7Xp7uRog28jb1IdHREgWJB7pS3u80UW3aUf8xW0iduZGFhP+Cq1bK04kI3To1732lKoXZ+s+kxm4Jz3tc2dJMgE
Cache-Control
max-age=300,public,immutable
ETag
"e48dd947385838553b944fca5c7d6c16"
x-amz-request-id
6GCJGXZ0E67E4MXA
Accept-Ranges
bytes
Content-Length
1150
Date
Mon, 23 Dec 2024 13:10:10 GMT
Last-Modified
Fri, 20 Dec 2024 02:30:59 GMT
Content-Type
text/css
Server
AmazonS3
x-amz-server-side-encryption
AES256
jquery.min.js
sc-static-web-assets-dev.s3.amazonaws.com/public/accounts-ui/static/1734661444/scripts/ 		82 KB
83 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sc-static-web-assets-dev.s3.amazonaws.com/public/accounts-ui/static/1734661444/scripts/jquery.min.js
Requested by
Host: accounts-dot-devsnapchat.appspot.com
URL: https://accounts-dot-devsnapchat.appspot.com/accounts/v2/login?continue=%2Faccounts%2Fwelcome
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
3.5.30.96 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
8af93bd675e1cfd9ecc850e862819fdac6e3ad1f5d761f970e409c7d9c63bdc3

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://accounts-dot-devsnapchat.appspot.com/

Response headers

x-amz-id-2
nKZfJskA8U7YFeZAvTXV6F67voLVFCfYelbyTQDOQWBlt8o3GPE8gf7lIPZekwF9Pbx/wVE5tTNYmBbNdzIg2b3SzKYjx7rZ
Cache-Control
max-age=300,public,immutable
ETag
"32015dd42e9582a80a84736f5d9a44d7"
x-amz-request-id
6GCK6SNYK3TADMD5
Accept-Ranges
bytes
Content-Length
84320
Date
Mon, 23 Dec 2024 13:10:10 GMT
Last-Modified
Fri, 20 Dec 2024 02:30:58 GMT
Content-Type
text/javascript
Server
AmazonS3
x-amz-server-side-encryption
AES256
semantic.min.js
sc-static-web-assets-dev.s3.amazonaws.com/public/accounts-ui/static/1734661444/scripts/ 		220 KB
221 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sc-static-web-assets-dev.s3.amazonaws.com/public/accounts-ui/static/1734661444/scripts/semantic.min.js
Requested by
Host: accounts-dot-devsnapchat.appspot.com
URL: https://accounts-dot-devsnapchat.appspot.com/accounts/v2/login?continue=%2Faccounts%2Fwelcome
Protocol
HTTP/1.1
Security
TLS 1.3, , CHACHA20_POLY1305
Server
3.5.30.96 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
315e836cbde156652aa9162e5fd32ede267ffbffc664582b0ff4607e6adc9403

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://accounts-dot-devsnapchat.appspot.com/

Response headers

x-amz-id-2
c9KVsSLvDGsM+uhFN1Q3IslHVS9jdmpjBqzSznb9fBXxmmqDp7L5F3sJy+sS7bq9iEpmbuK9P8hPCcAZjL+R22gIpIxuHOkc
Cache-Control
max-age=300,public,immutable
ETag
"c1e03715299be04eebee50331ea2d499"
x-amz-request-id
6GCX8Z3DTFK2D855
Accept-Ranges
bytes
Content-Length
225346
Date
Mon, 23 Dec 2024 13:10:10 GMT
Last-Modified
Fri, 20 Dec 2024 02:30:59 GMT
Content-Type
text/javascript
Server
AmazonS3
x-amz-server-side-encryption
AES256
dropdown.min.js
sc-static-web-assets-dev.s3.amazonaws.com/public/accounts-ui/static/1734661444/scripts/ 		43 KB
43 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sc-static-web-assets-dev.s3.amazonaws.com/public/accounts-ui/static/1734661444/scripts/dropdown.min.js
Requested by
Host: accounts-dot-devsnapchat.appspot.com
URL: https://accounts-dot-devsnapchat.appspot.com/accounts/v2/login?continue=%2Faccounts%2Fwelcome
Protocol
HTTP/1.1
Security
TLS 1.3, , CHACHA20_POLY1305
Server
3.5.30.96 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
c574a0ad7694f369a2e7ada44fc2e958136ff4c4beb98114e79e2b868eacb0bd

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://accounts-dot-devsnapchat.appspot.com/

Response headers

x-amz-id-2
53P11TR3jbzbqdtC2B8jmeKatugKoYAaXhaIOJvPZ6w+NJ+3IXwLo1hZJJ79NayWoSbp3P6skxN5+fTgBZ8RUQvFlFej0Yr6
Cache-Control
max-age=300,public,immutable
ETag
"e0a670d2bf2702e7bcaa5dbd0c4407cd"
x-amz-request-id
6GCYZKT9HJ2XDSR4
Accept-Ranges
bytes
Content-Length
43975
Date
Mon, 23 Dec 2024 13:10:10 GMT
Last-Modified
Fri, 20 Dec 2024 02:30:58 GMT
Content-Type
text/javascript
Server
AmazonS3
x-amz-server-side-encryption
AES256
accounts-dev.js
sc-static-web-assets-dev.s3.amazonaws.com/public/accounts-ui/static/1734661444/scripts/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sc-static-web-assets-dev.s3.amazonaws.com/public/accounts-ui/static/1734661444/scripts/accounts-dev.js
Requested by
Host: accounts-dot-devsnapchat.appspot.com
URL: https://accounts-dot-devsnapchat.appspot.com/accounts/v2/login?continue=%2Faccounts%2Fwelcome
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
3.5.30.96 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
15dde3b26505097bbb438821c968b67c9e303deada0367ae9b5a77d6b2370ce6

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://accounts-dot-devsnapchat.appspot.com/

Response headers

x-amz-id-2
1gemE4F0hoOuOXNk4FuZ1ikXuGfw2oljrRm58g2qAzJM1exRucu49pYyi+yV5cV5S2kvDxQzhtH/FD1+pOr2LbXL3NoUSsz9
Cache-Control
max-age=300,public,immutable
ETag
"ac89af6884616a4accf6708a99cbd250"
x-amz-request-id
6GCTE41J2KSQFWPB
Accept-Ranges
bytes
Content-Length
1956
Date
Mon, 23 Dec 2024 13:10:10 GMT
Last-Modified
Fri, 20 Dec 2024 02:30:58 GMT
Content-Type
text/javascript
Server
AmazonS3
x-amz-server-side-encryption
AES256
avenirnext.font.css
snapnet-cdn.storage.googleapis.com/fonts/avenir-next/ 		3 KB
850 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://snapnet-cdn.storage.googleapis.com/fonts/avenir-next/avenirnext.font.css
Requested by
Host: accounts-dot-devsnapchat.appspot.com
URL: https://accounts-dot-devsnapchat.appspot.com/accounts/v2/login?continue=%2Faccounts%2Fwelcome
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::201b Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
UploadServer /
Resource Hash
48ec1864836be0c08309078bb22c6c5d979a977ddb9c4199f73eb1a3652ab441

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://accounts-dot-devsnapchat.appspot.com/

Response headers

x-goog-metageneration
4
access-control-expose-headers
Content-Type
content-encoding
gzip
x-goog-hash
crc32c=pWMf2w==, md5=WhcAM0ypNVDqAQqsjSyPTg==
etag
"5a1700334ca93550ea010aac8d2c8f4e"
age
2159
x-goog-stored-content-encoding
gzip
expires
Mon, 23 Dec 2024 13:34:09 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
333
date
Mon, 23 Dec 2024 12:34:09 GMT
last-modified
Wed, 30 Sep 2020 04:03:08 GMT
content-type
text/css
x-guploader-uploadid
AFiumC5V8idTdOWxUcYN-dyR9jLGWfM5UtWK7sY43yMYfS7alAPtUatFvayB_8fGRKdJYvRd
cache-control
public, max-age=3600,no-transform
x-goog-storage-class
STANDARD
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1601438588977969
content-length
333
content-language
en
server
UploadServer
main.js
sc-static-web-assets-dev.s3.amazonaws.com/public/accounts-ui/static/1734661444/scripts/ 		14 MB
14 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://sc-static-web-assets-dev.s3.amazonaws.com/public/accounts-ui/static/1734661444/scripts/main.js?v=67a491081734478912260e4b123c6ffa80c8daa295c0f6d981934d3183878c24%20%20src%2Fmain%2Fwebapp%2Faccounts%2Fstatic%2Fscripts%2Fmain.js%20master9ffb12af
Requested by
Host: accounts-dot-devsnapchat.appspot.com
URL: https://accounts-dot-devsnapchat.appspot.com/accounts/v2/login?continue=%2Faccounts%2Fwelcome
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
3.5.30.96 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
67a491081734478912260e4b123c6ffa80c8daa295c0f6d981934d3183878c24

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://accounts-dot-devsnapchat.appspot.com/

Response headers

x-amz-id-2
2EkFm+RNP5JsJhp5gIuSaZIvL+0OHIdzAPm/vjPZ0UDnkoFQnPGVFlHW8NKlShp4llk824Y2k97X0lLXDceF/Lnp4Ir48ajA
Cache-Control
max-age=300,public,immutable
ETag
"32a2ead4272ffb006d859246ffd9a61f-2"
x-amz-request-id
6GCVEZQZT703ZKT9
Accept-Ranges
bytes
Content-Length
14589184
Date
Mon, 23 Dec 2024 13:10:10 GMT
Last-Modified
Fri, 20 Dec 2024 02:30:58 GMT
Content-Type
text/javascript
Server
AmazonS3
x-amz-server-side-encryption
AES256
font.graphik.css
storage.googleapis.com/snap-design-system/fonts/ 		8 KB
8 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://storage.googleapis.com/snap-design-system/fonts/font.graphik.css
Requested by
Host: sc-static-web-assets-dev.s3.amazonaws.com
URL: https://sc-static-web-assets-dev.s3.amazonaws.com/public/accounts-ui/static/1734661444/scripts/main.js?v=67a491081734478912260e4b123c6ffa80c8daa295c0f6d981934d3183878c24%20%20src%2Fmain%2Fwebapp%2Faccounts%2Fstatic%2Fscripts%2Fmain.js%20master9ffb12af
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::201b Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
UploadServer /
Resource Hash
aa2c8490e58ec24a622bd9226a5c4c70fb1143e8df1fedbf38c25c8d76012398

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://accounts-dot-devsnapchat.appspot.com/

Response headers

x-goog-metageneration
2
x-goog-hash
crc32c=krLCNA==, md5=usFiwLxVjutEupkiBrjRDw==
etag
"bac162c0bc558eeb44ba992206b8d10f"
age
2817
x-goog-stored-content-encoding
identity
expires
Mon, 23 Dec 2024 13:23:16 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
7998
date
Mon, 23 Dec 2024 12:23:16 GMT
last-modified
Fri, 24 May 2024 21:12:29 GMT
content-type
text/css
x-guploader-uploadid
AFiumC5x_Km3PEmIaCyUAisdonefa8_asBbg7ReY1QQYSkltiRjDFKrDMr-HMCCZgZZqHD9_
cache-control
public, max-age=3600
x-goog-storage-class
STANDARD
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1716585149004175
content-length
7998
server
UploadServer
index.html
iframe.arkoselabs.com/FE9DC8DA-5E83-495F-A762-582267EEACDE/ Frame DAB2 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://iframe.arkoselabs.com/FE9DC8DA-5E83-495F-A762-582267EEACDE/index.html?mkt=de-DE
Requested by
Host: sc-static-web-assets-dev.s3.amazonaws.com
URL: https://sc-static-web-assets-dev.s3.amazonaws.com/public/accounts-ui/static/1734661444/scripts/main.js?v=67a491081734478912260e4b123c6ffa80c8daa295c0f6d981934d3183878c24%20%20src%2Fmain%2Fwebapp%2Faccounts%2Fstatic%2Fscripts%2Fmain.js%20master9ffb12af
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223e:be00:3:12b1:2300:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
cloudfront /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self' iframe.arkoselabs.com client-api.arkoselabs.com snap-api.arkoselabs.com; connect-src 'self' iframe.arkoselabs.com client-api.arkoselabs.com snap-api.arkoselabs.com; font-src 'self' iframe.arkoselabs.com client-api.arkoselabs.com snap-api.arkoselabs.com; frame-src 'self' iframe.arkoselabs.com client-api.arkoselabs.com snap-api.arkoselabs.com; img-src 'self' iframe.arkoselabs.com client-api.arkoselabs.com snap-api.arkoselabs.com data:; script-src 'self' 'unsafe-inline' iframe.arkoselabs.com client-api.arkoselabs.com snap-api.arkoselabs.com; style-src 'self' 'unsafe-inline' iframe.arkoselabs.com client-api.arkoselabs.com snap-api.arkoselabs.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://accounts-dot-devsnapchat.appspot.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ch
Device-Memory, Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-DPR, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-Viewport-Width, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-Width, Sec-CH-UA-Form-Factors
age
3814
alt-svc
h3=":443"; ma=86400
cache-control
content-encoding
br
content-security-policy
default-src 'self' iframe.arkoselabs.com client-api.arkoselabs.com snap-api.arkoselabs.com; connect-src 'self' iframe.arkoselabs.com client-api.arkoselabs.com snap-api.arkoselabs.com; font-src 'self' iframe.arkoselabs.com client-api.arkoselabs.com snap-api.arkoselabs.com; frame-src 'self' iframe.arkoselabs.com client-api.arkoselabs.com snap-api.arkoselabs.com; img-src 'self' iframe.arkoselabs.com client-api.arkoselabs.com snap-api.arkoselabs.com data:; script-src 'self' 'unsafe-inline' iframe.arkoselabs.com client-api.arkoselabs.com snap-api.arkoselabs.com; style-src 'self' 'unsafe-inline' iframe.arkoselabs.com client-api.arkoselabs.com snap-api.arkoselabs.com;
content-type
text/html
date
Mon, 23 Dec 2024 12:06:39 GMT
permissions-policy
accelerometer=*, autoplay=*, camera=*, display-capture=*, encrypted-media=*, fullscreen=*, geolocation=*, gyroscope=*, midi=*, payment=*, picture-in-picture=*, sync-xhr=*, usb=*
referrer-policy
strict-origin-when-cross-origin
server
cloudfront
server-timing
cdn-cache-hit,cdn-pop;desc="FRA56-P4",cdn-rid;desc="RgSVi-RHijHSMphm5ylcdC9-C3N6V3u1GM8xhhlCfMSYf3gAMTYscQ==",cdn-hit-layer;desc="REC",cdn-downstream-fbl;dur=5
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
via
1.1 3d34e163f3f1a0c4a397ad818b79a810.cloudfront.net (CloudFront)
x-amz-cf-id
RgSVi-RHijHSMphm5ylcdC9-C3N6V3u1GM8xhhlCfMSYf3gAMTYscQ==
x-amz-cf-pop
FRA56-P4
x-cache
Hit from cloudfront
x-content-type-options
nosniff
x-xss-protection
1; mode=block
ghost.svg
accounts-dot-devsnapchat.appspot.com/accounts/static/images/ghost/ 		5 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://accounts-dot-devsnapchat.appspot.com/accounts/static/images/ghost/ghost.svg
Requested by
Host: accounts-dot-devsnapchat.appspot.com
URL: https://accounts-dot-devsnapchat.appspot.com/accounts/v2/login?continue=%2Faccounts%2Fwelcome
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.180 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f20.1e100.net
Software
Google Frontend /
Resource Hash
6d420a1f6beaf9c3f18c01f468ccfafbe03d867aa274ef39d09c37d2449d28d3
Security Headers
Name Value
X-Frame-Options DENY

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://accounts-dot-devsnapchat.appspot.com/

Response headers

cache-control
public, max-age=600
content-encoding
gzip
etag
"yx29sQ"
age
0
expires
Mon, 23 Dec 2024 13:20:13 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2446
date
Mon, 23 Dec 2024 13:10:13 GMT
x-cloud-trace-context
ee505806767a081252e84936db8143ff
content-type
image/svg+xml
server
Google Frontend
x-frame-options
DENY
snapchat-app-icon.svg
accounts-dot-devsnapchat.appspot.com/accounts/static/images/ghost/ 		5 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://accounts-dot-devsnapchat.appspot.com/accounts/static/images/ghost/snapchat-app-icon.svg
Requested by
Host: accounts-dot-devsnapchat.appspot.com
URL: https://accounts-dot-devsnapchat.appspot.com/accounts/v2/login?continue=%2Faccounts%2Fwelcome
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.180 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f20.1e100.net
Software
Google Frontend /
Resource Hash
6d420a1f6beaf9c3f18c01f468ccfafbe03d867aa274ef39d09c37d2449d28d3
Security Headers
Name Value
X-Frame-Options DENY

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://accounts-dot-devsnapchat.appspot.com/

Response headers

cache-control
public, max-age=600
content-encoding
gzip
etag
"yx29sQ"
age
0
expires
Mon, 23 Dec 2024 13:20:13 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2446
date
Mon, 23 Dec 2024 13:10:13 GMT
x-cloud-trace-context
8f762aa5a36d146be9c1aa09d8a385b2
content-type
image/svg+xml
server
Google Frontend
x-frame-options
DENY
AvenirNext-DemiBold.woff2
snapnet-cdn.storage.googleapis.com/fonts/avenir-next/ 		58 KB
58 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://snapnet-cdn.storage.googleapis.com/fonts/avenir-next/AvenirNext-DemiBold.woff2
Requested by
Host: snapnet-cdn.storage.googleapis.com
URL: https://snapnet-cdn.storage.googleapis.com/fonts/avenir-next/avenirnext.font.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.23.123 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
mil04s23-in-f123.1e100.net
Software
UploadServer /
Resource Hash
bd177a4f083c686f63ccafb9de27a81b59da32dd43d37e70d4875ce93e20cf40

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://accounts-dot-devsnapchat.appspot.com
Referer
https://snapnet-cdn.storage.googleapis.com/fonts/avenir-next/avenirnext.font.css

Response headers

x-goog-metageneration
2
access-control-expose-headers
Content-Type
content-encoding
gzip
x-goog-hash
crc32c=LEN0oQ==, md5=DCRiqLtf40b3Rz9jG+x92A==
etag
"0c2462a8bb5fe346f7473f631bec7dd8"
age
3520
x-goog-stored-content-encoding
gzip
expires
Mon, 23 Dec 2024 13:11:33 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
59647
date
Mon, 23 Dec 2024 12:11:33 GMT
last-modified
Wed, 30 Sep 2020 04:03:09 GMT
content-type
font/woff2
x-guploader-uploadid
AFiumC4HMowdNL8LAWAYZIdJtKQYQde2DAzVUryWJDy_5ym618s2T5APyRwQ2innzuFguX6X
cache-control
public, max-age=3600,no-transform
x-goog-storage-class
STANDARD
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1601438589595778
content-length
59647
content-language
en
server
UploadServer
AvenirNext-Medium.woff2
snapnet-cdn.storage.googleapis.com/fonts/avenir-next/ 		58 KB
58 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://snapnet-cdn.storage.googleapis.com/fonts/avenir-next/AvenirNext-Medium.woff2
Requested by
Host: snapnet-cdn.storage.googleapis.com
URL: https://snapnet-cdn.storage.googleapis.com/fonts/avenir-next/avenirnext.font.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.23.123 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
mil04s23-in-f123.1e100.net
Software
UploadServer /
Resource Hash
51a7eec230379332cc842686e8142da114333f39e4827b97552210113833a6b0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://accounts-dot-devsnapchat.appspot.com
Referer
https://snapnet-cdn.storage.googleapis.com/fonts/avenir-next/avenirnext.font.css

Response headers

x-goog-metageneration
2
access-control-expose-headers
Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
content-encoding
gzip
x-goog-hash
crc32c=Whu4Dg==, md5=7I4YxNczSU7/dJyc/prUnw==
etag
"ec8e18c4d733494eff749c9cfe9ad49f"
age
3238
x-goog-stored-content-encoding
gzip
expires
Mon, 23 Dec 2024 13:16:15 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
59626
date
Mon, 23 Dec 2024 12:16:15 GMT
last-modified
Wed, 30 Sep 2020 04:03:09 GMT
content-type
font/woff2
x-guploader-uploadid
AFiumC4m1frNmhG3Vek0HwM-Zt4V1E1EMtvvUSqG8w7xdZwgBBG3jqBMYRsxpByj2plCJGmkATDoxZc
cache-control
public, max-age=3600,no-transform
x-goog-storage-class
STANDARD
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1601438589645398
content-length
59626
content-language
en
server
UploadServer
targetingQuery
aws.api.snapchat.com/snapchat.cdp.cof.CircumstancesService/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://aws.api.snapchat.com/snapchat.cdp.cof.CircumstancesService/targetingQuery
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.251.220.161 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-251-220-161.eu-west-1.compute.amazonaws.com
Software
API Gateway /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-grpc-web,x-snap-client-user-agent
Access-Control-Request-Method
POST
Origin
https://accounts-dot-devsnapchat.appspot.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Authorization,Content-Type,x-grpc-web,X-Snap-Route-Tag,x-cof-user-agent,x-snap-client-user-agent
access-control-allow-methods
GET,POST,PUT,DELETE,OPTIONS,PATCH
access-control-allow-origin
https://accounts-dot-devsnapchat.appspot.com
access-control-max-age
600
date
Mon, 23 Dec 2024 13:10:13 GMT
server
API Gateway
master
graphql.contentful.com/content/v1/spaces/kp51zybwznx4/environments/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://graphql.contentful.com/content/v1/spaces/kp51zybwznx4/environments/master
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
146.75.119.18 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
Contentful /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,content-type
Access-Control-Request-Method
POST
Origin
https://accounts-dot-devsnapchat.appspot.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-headers
Accept,Accept-Language,Authorization,Cache-Control,Content-Length,Content-Range,Content-Type,DNT,Destination,Expires,If-Match,If-Modified-Since,If-None-Match,Keep-Alive,Last-Modified,Origin,Pragma,Range,User-Agent,X-Http-Method-Override,X-Mx-ReqToken,X-Requested-With,X-Contentful-Version,X-Contentful-Content-Type,X-Contentful-Organization,X-Contentful-Skip-Transformation,X-Contentful-User-Agent,X-Contentful-Enable-Alpha-Feature,X-Contentful-Resource-Resolution
access-control-allow-methods
GET,POST,HEAD,OPTIONS
access-control-allow-origin
*
access-control-expose-headers
Etag
access-control-max-age
86400
age
73778
date
Mon, 23 Dec 2024 13:10:13 GMT
server
Contentful
strict-transport-security
max-age=15768000
via
1.1 varnish, 1.1 varnish
x-cache
HIT
x-cache-hits
2928, 1102
x-content-type-options
nosniff
x-contentful-region
us-east-1
x-contentful-request-id
2dd2ae07-2b01-4ac7-b136-c4158f76225e
x-served-by
cache-ewr-kewr1740066-EWR, cache-fra-eddf8230077-FRA
x-timer
S1734959413.204042,VS0,VE0
targetingQuery
aws.api.snapchat.com/snapchat.cdp.cof.CircumstancesService/ 		2 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://aws.api.snapchat.com/snapchat.cdp.cof.CircumstancesService/targetingQuery
Requested by
Host: sc-static-web-assets-dev.s3.amazonaws.com
URL: https://sc-static-web-assets-dev.s3.amazonaws.com/public/accounts-ui/static/1734661444/scripts/main.js?v=67a491081734478912260e4b123c6ffa80c8daa295c0f6d981934d3183878c24%20%20src%2Fmain%2Fwebapp%2Faccounts%2Fstatic%2Fscripts%2Fmain.js%20master9ffb12af
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.251.220.161 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-251-220-161.eu-west-1.compute.amazonaws.com
Software
API Gateway /
Resource Hash
2fbe9866e5be930b44ce806b64b3b3eaa6f254628c96bfbe5a3aa9f83ec9d4dd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://accounts-dot-devsnapchat.appspot.com/
x-snap-client-user-agent
SnapchatWeb/0.0.0.0 PROD (linux 0.0.0; chrome 131.0.0.0)
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
content-type
application/grpc-web+proto
x-grpc-web
1

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
x-envoy-upstream-service-time
6
access-control-allow-credentials
true
x-envoy-decorator-operation
ingress-gateway.PROD
grpc-accept-encoding
gzip
reqid
KRHvK4imkB
access-control-allow-origin
https://accounts-dot-devsnapchat.appspot.com
date
Mon, 23 Dec 2024 13:10:13 GMT
content-type
application/grpc-web+proto
grpc-encoding
identity
server
API Gateway
f072a46b266e65f3731d.wasm
sc-static-web-assets-dev.s3.amazonaws.com/public/accounts-ui/static/1734661444/scripts/ 		0
0
web-page-view
story.snapchat.com/report-metrics/ 		0
0
master
graphql.contentful.com/content/v1/spaces/kp51zybwznx4/environments/ 		118 KB
10 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://graphql.contentful.com/content/v1/spaces/kp51zybwznx4/environments/master
Requested by
Host: sc-static-web-assets-dev.s3.amazonaws.com
URL: https://sc-static-web-assets-dev.s3.amazonaws.com/public/accounts-ui/static/1734661444/scripts/main.js?v=67a491081734478912260e4b123c6ffa80c8daa295c0f6d981934d3183878c24%20%20src%2Fmain%2Fwebapp%2Faccounts%2Fstatic%2Fscripts%2Fmain.js%20master9ffb12af
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
146.75.119.18 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
Contentful /
Resource Hash
aba198cd2e89239c400929cffeadd9fb68eddb21fe7bb66056fa21e749977263
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff

Request headers

authorization
Bearer dpk-7L7rGYzkKk-jZwtIDnyhui6DgLq6VTapJNI7W44
Referer
https://accounts-dot-devsnapchat.appspot.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
accept
*/*
content-type
application/json

Response headers

access-control-max-age
86400
x-contentful-region
us-east-1
access-control-expose-headers
Etag
content-encoding
gzip
etag
17287636111160646346
age
224225
x-content-type-options
nosniff
access-control-allow-methods
GET,POST,HEAD,OPTIONS
x-cache
HIT
date
Mon, 23 Dec 2024 13:10:13 GMT
content-type
application/json; charset=utf-8
x-served-by
cache-ewr-kewr1740077-EWR, cache-fra-eddf8230077-FRA
x-cache-hits
7, 324
access-control-allow-headers
Accept,Accept-Language,Authorization,Cache-Control,Content-Length,Content-Range,Content-Type,DNT,Destination,Expires,If-Match,If-Modified-Since,If-None-Match,Keep-Alive,Last-Modified,Origin,Pragma,Range,User-Agent,X-Http-Method-Override,X-Mx-ReqToken,X-Requested-With,X-Contentful-Version,X-Contentful-Content-Type,X-Contentful-Organization,X-Contentful-Skip-Transformation,X-Contentful-User-Agent,X-Contentful-Enable-Alpha-Feature,X-Contentful-Resource-Resolution
x-contentful-graphql-query-cost
2011
strict-transport-security
max-age=15768000
x-contentful-route
/spaces/:spaceId/environments/:environmentId
cache-control
max-age=0
contentful-api
gql
contentful-upstream
graph-api
x-timer
S1734959413.457705,VS0,VE0
via
1.1 varnish, 1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
10284
x-contentful-request-id
f8d7edd7-d6f3-482f-af57-c2bcf89907ac
server
Contentful
is_cookie_popup_eligible
www.snapchat.com/cookies/api/ 		21 B
133 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.snapchat.com/cookies/api/is_cookie_popup_eligible
Requested by
Host: sc-static-web-assets-dev.s3.amazonaws.com
URL: https://sc-static-web-assets-dev.s3.amazonaws.com/public/accounts-ui/static/1734661444/scripts/main.js?v=67a491081734478912260e4b123c6ffa80c8daa295c0f6d981934d3183878c24%20%20src%2Fmain%2Fwebapp%2Faccounts%2Fstatic%2Fscripts%2Fmain.js%20master9ffb12af
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.46.130 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
130.46.149.34.bc.googleusercontent.com
Software
API Gateway / Express
Resource Hash
899464845bab4cdce8fde5af7eedd1baa6e80936e7fefe67d7e5b55b6dcc2469
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://accounts-dot-devsnapchat.appspot.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
etag
W/"15-3ZJ+c5/nvNa25ePP2tE7Y4xRJsw"
via
1.1 google, 1.1 google
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000, h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
21
date
Mon, 23 Dec 2024 13:10:13 GMT
content-type
application/json; charset=utf-8
x-powered-by
Express
server
API Gateway
x-cloud-trace-context
d3947575f37d1be6ab65723b9c7103e4
user_location
www.snapchat.com/cookies/api/ 		57 B
326 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.snapchat.com/cookies/api/user_location
Requested by
Host: sc-static-web-assets-dev.s3.amazonaws.com
URL: https://sc-static-web-assets-dev.s3.amazonaws.com/public/accounts-ui/static/1734661444/scripts/main.js?v=67a491081734478912260e4b123c6ffa80c8daa295c0f6d981934d3183878c24%20%20src%2Fmain%2Fwebapp%2Faccounts%2Fstatic%2Fscripts%2Fmain.js%20master9ffb12af
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.46.130 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
130.46.149.34.bc.googleusercontent.com
Software
API Gateway / Express
Resource Hash
14f9763e3f1fe6cf0d6aff7d94c579152ec5ae32146d50de0dc7e01840e2695e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://accounts-dot-devsnapchat.appspot.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
etag
W/"39-b41nwbbyFEqjH7VHhM7pSi4oms0"
via
1.1 google, 1.1 google
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000, h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
57
date
Mon, 23 Dec 2024 13:10:13 GMT
content-type
application/json; charset=utf-8
x-powered-by
Express
server
API Gateway
x-cloud-trace-context
a9562aa4c93496fd9ceba11833faacc3
Graphik-Medium.woff2
storage.googleapis.com/snap-design-system/fonts/graphik/ 		35 KB
35 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://storage.googleapis.com/snap-design-system/fonts/graphik/Graphik-Medium.woff2
Requested by
Host: storage.googleapis.com
URL: https://storage.googleapis.com/snap-design-system/fonts/font.graphik.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.16.219 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s08-in-f219.1e100.net
Software
UploadServer /
Resource Hash
d73427c3e5427baa23a3a9b7d222a7f0d1cb8639274e6d408c42f7b9a4dc3d3a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://accounts-dot-devsnapchat.appspot.com
Referer
https://storage.googleapis.com/snap-design-system/fonts/font.graphik.css

Response headers

x-goog-metageneration
1
access-control-expose-headers
Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
content-encoding
gzip
x-goog-hash
crc32c=3pqr1Q==, md5=WpKld30YsPlNnLH62OKZHw==
etag
"5a92a5777d18b0f94d9cb1fad8e2991f"
age
466
x-goog-stored-content-encoding
gzip
expires
Wed, 22 Jan 2025 23:07:15 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
35534
date
Mon, 23 Dec 2024 13:02:27 GMT
last-modified
Fri, 09 Jun 2023 18:55:18 GMT
content-type
font/woff2
x-guploader-uploadid
AFiumC5kSdNqgXp4_iAwQfPavBDEnqKPViHvaJVi1TOCI-kS4pxTM0kJTddVmJ1xwAJscILw
cache-control
public, max-age=2628288,no-transform
x-goog-storage-class
STANDARD
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1686336918606506
content-length
35534
content-language
en
server
UploadServer
Graphik-Regular.woff2
storage.googleapis.com/snap-design-system/fonts/graphik/ 		36 KB
36 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://storage.googleapis.com/snap-design-system/fonts/graphik/Graphik-Regular.woff2
Requested by
Host: storage.googleapis.com
URL: https://storage.googleapis.com/snap-design-system/fonts/font.graphik.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.16.219 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s08-in-f219.1e100.net
Software
UploadServer /
Resource Hash
091c76fbe2b9812439ac608e1b9d0ef2906f73416aaf9e47d6a717091650b7ea

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://accounts-dot-devsnapchat.appspot.com
Referer
https://storage.googleapis.com/snap-design-system/fonts/font.graphik.css

Response headers

x-goog-metageneration
1
access-control-expose-headers
Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
content-encoding
gzip
x-goog-hash
crc32c=5Xxg9w==, md5=Q9tPXlWS77LqbGH2jQ7UDg==
etag
"43db4f5e5592efb2ea6c61f68d0ed40e"
age
3122
x-goog-stored-content-encoding
gzip
expires
Wed, 22 Jan 2025 22:22:59 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
36570
date
Mon, 23 Dec 2024 12:18:11 GMT
last-modified
Fri, 09 Jun 2023 18:55:22 GMT
content-type
font/woff2
x-guploader-uploadid
AFiumC5MjFeOLqoAiBDLvGUfWk_v1IqyykMzyUUOts7npsOOL5NAmk5RgdcGW0HmkYdGWz2S
cache-control
public, max-age=2628288,no-transform
x-goog-storage-class
STANDARD
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1686336922930174
content-length
36570
content-language
en
server
UploadServer
BatchUpdateAbExposure
aws.api.snapchat.com/snapchat.ab.exposure_service.ExposureService/ 		25 B
74 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://aws.api.snapchat.com/snapchat.ab.exposure_service.ExposureService/BatchUpdateAbExposure
Requested by
Host: sc-static-web-assets-dev.s3.amazonaws.com
URL: https://sc-static-web-assets-dev.s3.amazonaws.com/public/accounts-ui/static/1734661444/scripts/main.js?v=67a491081734478912260e4b123c6ffa80c8daa295c0f6d981934d3183878c24%20%20src%2Fmain%2Fwebapp%2Faccounts%2Fstatic%2Fscripts%2Fmain.js%20master9ffb12af
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.251.220.161 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-251-220-161.eu-west-1.compute.amazonaws.com
Software
API Gateway /
Resource Hash
a7fbae6ea5b5b8999052b17829abb1525baeaa9c9c105484f31f1a9ff2e17e6c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://accounts-dot-devsnapchat.appspot.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
content-type
application/grpc-web+proto
x-grpc-web
1

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
x-envoy-upstream-service-time
2
access-control-allow-credentials
true
grpc-accept-encoding
gzip
access-control-allow-origin
https://accounts-dot-devsnapchat.appspot.com
date
Mon, 23 Dec 2024 13:10:13 GMT
content-type
application/grpc-web+proto
grpc-encoding
identity
server
API Gateway
BatchUpdateAbExposure
aws.api.snapchat.com/snapchat.ab.exposure_service.ExposureService/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://aws.api.snapchat.com/snapchat.ab.exposure_service.ExposureService/BatchUpdateAbExposure
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.251.220.161 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-251-220-161.eu-west-1.compute.amazonaws.com
Software
API Gateway /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-grpc-web
Access-Control-Request-Method
POST
Origin
https://accounts-dot-devsnapchat.appspot.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Authorization,Content-Type,x-grpc-web,X-Snap-Route-Tag,x-cof-user-agent,x-snap-client-user-agent
access-control-allow-methods
GET,POST,PUT,DELETE,OPTIONS,PATCH
access-control-allow-origin
https://accounts-dot-devsnapchat.appspot.com
access-control-max-age
600
date
Mon, 23 Dec 2024 13:10:13 GMT
server
API Gateway
favicon.png
sc-static-web-assets-dev.s3.amazonaws.com/public/accounts-ui/static/1734661444/images/favicon/ 		3 KB
3 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://sc-static-web-assets-dev.s3.amazonaws.com/public/accounts-ui/static/1734661444/images/favicon/favicon.png
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
3.5.30.96 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
673e11d75bc71ea8e88c9057bd0cd95a88d213442aca91a061bbdaebf0903723

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://accounts-dot-devsnapchat.appspot.com/

Response headers

x-amz-id-2
/WzPr3PNRexYzczmy1IXVAIC+/lj0MZX4MqeEDtctYOLVYCLc/aET6nVBnGqpJgvF4U7aCuxIJrEQwBjJgFEtF155GLIDCRR
Cache-Control
max-age=300,public,immutable
ETag
"66dede62866ec5017b2e8b021b9a5825"
x-amz-request-id
GQPGXDYPMKAS9SMW
Accept-Ranges
bytes
Content-Length
2753
Date
Mon, 23 Dec 2024 13:10:14 GMT
Last-Modified
Fri, 20 Dec 2024 02:30:57 GMT
Content-Type
image/png
Server
AmazonS3
x-amz-server-side-encryption
AES256
metrics
gcp.api.snapchat.com/web/ 		0
94 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://gcp.api.snapchat.com/web/metrics
Requested by
Host: sc-static-web-assets-dev.s3.amazonaws.com
URL: https://sc-static-web-assets-dev.s3.amazonaws.com/public/accounts-ui/static/1734661444/scripts/main.js?v=67a491081734478912260e4b123c6ffa80c8daa295c0f6d981934d3183878c24%20%20src%2Fmain%2Fwebapp%2Faccounts%2Fstatic%2Fscripts%2Fmain.js%20master9ffb12af
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.43.134 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
134.43.190.35.bc.googleusercontent.com
Software
API Gateway /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://accounts-dot-devsnapchat.appspot.com/
X-Snapchat-Web-Client-Auth
NTkzMzY2ZDRiYjgyMTlkZWM4YmUzNjkxYThjNmI4NTA4YWVhZDU2OWJkMWM1ZTY0OGQ2YTY4NDU4MmI1MzMyODoxNzM0OTU5NDE0MDk2
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
application/x-protobuf

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
x-envoy-upstream-service-time
0
access-control-allow-credentials
true
via
1.1 google
access-control-allow-origin
https://accounts-dot-devsnapchat.appspot.com
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Mon, 23 Dec 2024 13:10:14 GMT
server
API Gateway
metrics
gcp.api.snapchat.com/web/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://gcp.api.snapchat.com/web/metrics
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.43.134 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
134.43.190.35.bc.googleusercontent.com
Software
API Gateway /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-snapchat-web-client-auth
Access-Control-Request-Method
POST
Origin
https://accounts-dot-devsnapchat.appspot.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
X-Snapchat-Web-Client-Auth,Content-Type,X-Snap-Route-Tag
access-control-allow-methods
POST
access-control-allow-origin
https://accounts-dot-devsnapchat.appspot.com
access-control-max-age
600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Mon, 23 Dec 2024 13:10:14 GMT
server
API Gateway
via
1.1 google

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
sc-static-web-assets-dev.s3.amazonaws.com
URL
https://sc-static-web-assets-dev.s3.amazonaws.com/public/accounts-ui/static/1734661444/scripts/f072a46b266e65f3731d.wasm
Domain
story.snapchat.com
URL
https://story.snapchat.com/report-metrics/web-page-view

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Snapchat (Instant Messenger)

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| $ function| jQuery object| Snapchat object| __core-js_shared__ object| __SENTRY__ function| _ object| regeneratorRuntime object| proto object| intl

3 Cookies

Domain/Path Name / Value
accounts-dot-devsnapchat.appspot.com/accounts/ Name: xsrf_token
Value: b9eQB-wAXz47oYURvSN-2Q
accounts-dot-devsnapchat.appspot.com/ Name: sc-wcid
Value: 0ddf444d-a529-4317-be9e-9bee100b372d
.arkoselabs.com/ Name: _cfuvid
Value: 2Tcy_EqLJ0qhYnviOGCTm_1P9sZBMu9.hAx5FSqz2z4-1717104076479-0.0.1.1-604800000

4 Console Messages

Source Level URL
Text
javascript error URL: https://accounts-dot-devsnapchat.appspot.com/accounts/v2/login?continue=%2Faccounts%2Fwelcome
Message:
Access to fetch at 'https://story.snapchat.com/report-metrics/web-page-view' from origin 'https://accounts-dot-devsnapchat.appspot.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
network error URL: https://story.snapchat.com/report-metrics/web-page-view
Message:
Failed to load resource: net::ERR_FAILED
javascript error URL: https://accounts-dot-devsnapchat.appspot.com/accounts/v2/login?continue=%2Faccounts%2Fwelcome
Message:
Access to fetch at 'https://sc-static-web-assets-dev.s3.amazonaws.com/public/accounts-ui/static/1734661444/scripts/f072a46b266e65f3731d.wasm' from origin 'https://accounts-dot-devsnapchat.appspot.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
network error URL: https://sc-static-web-assets-dev.s3.amazonaws.com/public/accounts-ui/static/1734661444/scripts/f072a46b266e65f3731d.wasm
Message:
Failed to load resource: net::ERR_FAILED

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self'; script-src 'self' 'wasm-unsafe-eval' https://sc-static-web-assets-dev.s3.amazonaws.com 'unsafe-eval' 'unsafe-inline' http://tagmanager.google.com 'sha256-93ejg12EAT+6aW5hUFXASC0su+RZ+zOjgnJgLqJaLmY=' https://sc-static.net https://www.google-analytics.com https://www.googletagmanager.com https://snap-api.arkoselabs.com/ https://accounts.google.com https://www.google.com/recaptcha/ https://www.google.com/js https://www.gstatic.com/ https://apis.google.com/ https://tr.snapchat.com/config/com/49966cac-c23c-49c7-9ff9-c7f8f6f771ba.js; font-src 'self' https://snapnet-cdn.storage.googleapis.com *.sc-cdn.net https://storage.googleapis.com/snap-design-system/fonts/ data: https://sc-static-web-assets-dev.s3.amazonaws.com; style-src 'self' 'unsafe-inline' https://snapnet-cdn.storage.googleapis.com https://sc-static-web-assets-dev.s3.amazonaws.com *.sc-cdn.net https://storage.googleapis.com/snap-design-system/ blob:; frame-src 'self' https://iframe.arkoselabs.com https://snap-api.arkoselabs.com https://tr.snapchat.com https://www.google.com/ https://client-api.arkoselabs.com/; connect-src 'self' https://graphql.contentful.com/content/v1/spaces/kp51zybwznx4/environments/master https://sc-static-web-assets-dev.s3.amazonaws.com https://snap-api.arkoselabs.com/ https://tr.snapchat.com https://www.snapchat.com https://accounts.snapchat.com https://web-frontend-dot-sc-analytics.appspot.com https://us-central1-gcp.api.snapchat.com https://staging-us-central1-gcp.api.snapchat.com https://www.google-analytics.com https://sentry.sc-prod.net https://cdn.contentful.com/spaces/kp51zybwznx4/ https://accounts.snap.com/ https://web.snapchat.com/ https://gcp.api.snapchat.com https://story.snapchat.com https://aws.api.snapchat.com/snapchat.cdp.cof.CircumstancesService/targetingQuery https://aws.api.snapchat.com/snapchat.ab.exposure_service.ExposureService/BatchUpdateAbExposure https://chat-gold.sc-corp.net; img-src 'self' data: https://ssl.gstatic.com https://www.snapchat.com https://sc-oauth2-client-icons-dev.storage.googleapis.com https://sc-static-web-assets-dev.s3.amazonaws.com https://storage.googleapis.com https://www.google-analytics.com https://images.ctfassets.net https://sdk.bitmoji.com; media-src 'self' https://sc-static-web-assets-dev.s3.amazonaws.com https://storage.googleapis.com/accounts-resources; form-action 'self' https://*.snap.com https://*.snapchat.com https://*.snap-dev.net https://*.sc-corp.net https://localhost:3000 http://localhost:3000 https://staging--auth-web-sso.mesh.sc-corp.net https://accounts.google.com https://iap.googleapis.com; frame-ancestors https://iframe.arkoselabs.com https://profile.snap-dev.net https://snap-profile-manager-dev.appspot.com https://business-manager.snap-dev.net https://enterprise.snap-dev.net;
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options allow-from https://iframe.arkoselabs.com
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accounts-dot-devsnapchat.appspot.com
aws.api.snapchat.com
gcp.api.snapchat.com
graphql.contentful.com
iframe.arkoselabs.com
sc-static-web-assets-dev.s3.amazonaws.com
snapnet-cdn.storage.googleapis.com
storage.googleapis.com
story.snapchat.com
www.snapchat.com
sc-static-web-assets-dev.s3.amazonaws.com
story.snapchat.com
142.250.186.180
146.75.119.18
172.217.16.219
172.217.23.123
2600:9000:223e:be00:3:12b1:2300:93a1
2a00:1450:4001:80b::2014
2a00:1450:4001:813::201b
2a00:1450:4001:827::201b
3.251.220.161
3.5.30.96
34.149.46.130
35.190.43.134
091c76fbe2b9812439ac608e1b9d0ef2906f73416aaf9e47d6a717091650b7ea
14f9763e3f1fe6cf0d6aff7d94c579152ec5ae32146d50de0dc7e01840e2695e
15dde3b26505097bbb438821c968b67c9e303deada0367ae9b5a77d6b2370ce6
1e26fa08eca12cebce4b7cc893ca0095f56786f9645e92c6170b1c36ef3c27e3
2fbe9866e5be930b44ce806b64b3b3eaa6f254628c96bfbe5a3aa9f83ec9d4dd
315e836cbde156652aa9162e5fd32ede267ffbffc664582b0ff4607e6adc9403
48ec1864836be0c08309078bb22c6c5d979a977ddb9c4199f73eb1a3652ab441
494b8167faba431c364dc43257d6e60ccf8490803bf03648198454fdadaec8f2
498453af95a962f85c7ec7fe739918bc32d0b0768f108edaab76dd63478a1d1a
51a7eec230379332cc842686e8142da114333f39e4827b97552210113833a6b0
55afb4e61527076483c1929a24971b27b8b366fbc5b72f85b96b051a97c1a263
673e11d75bc71ea8e88c9057bd0cd95a88d213442aca91a061bbdaebf0903723
67a491081734478912260e4b123c6ffa80c8daa295c0f6d981934d3183878c24
6d420a1f6beaf9c3f18c01f468ccfafbe03d867aa274ef39d09c37d2449d28d3
87e50f229ef7329e90030981164f7f23dcab7a28527937ea3b15e562ee69e42f
899464845bab4cdce8fde5af7eedd1baa6e80936e7fefe67d7e5b55b6dcc2469
8af93bd675e1cfd9ecc850e862819fdac6e3ad1f5d761f970e409c7d9c63bdc3
a7fbae6ea5b5b8999052b17829abb1525baeaa9c9c105484f31f1a9ff2e17e6c
aa2c8490e58ec24a622bd9226a5c4c70fb1143e8df1fedbf38c25c8d76012398
aba198cd2e89239c400929cffeadd9fb68eddb21fe7bb66056fa21e749977263
bd177a4f083c686f63ccafb9de27a81b59da32dd43d37e70d4875ce93e20cf40
c574a0ad7694f369a2e7ada44fc2e958136ff4c4beb98114e79e2b868eacb0bd
cb90820edef6ff76150e4795a54491ed695f5621a9fc5e13284f9b3c11efde32
d73427c3e5427baa23a3a9b7d222a7f0d1cb8639274e6d408c42f7b9a4dc3d3a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e8d1e5eee09335046a5d65e14effd65e71e95a0892fecd59638cf874abdaf412