urlscan.io logo urlscan.io
SecurityTrails logo

candymachine.app Open in urlscan Pro
75.2.60.5  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://candymachine.app/
Effective URL: https://candymachine.app/
Submission: On April 29 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 2 countries across 4 domains to perform 9 HTTP transactions. The main IP is 75.2.60.5, located in United States and belongs to AMAZON-02, US. The main domain is candymachine.app.
TLS certificate: Issued by R3 on April 26th 2023. Valid for: 3 months.
This is the only time candymachine.app was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
4 75.2.60.5 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
2 2001:4860:480... 15169 (GOOGLE)
2 107.20.219.207 14618 (AMAZON-AES)
9 4
Apex Domain
Subdomains		 Transfer
4 candymachine.app
candymachine.app
578 KB
2 aptoslabs.com
fullnode.mainnet.aptoslabs.com — Cisco Umbrella Rank: 275644
2 KB
2 google-analytics.com
region1.google-analytics.com — Cisco Umbrella Rank: 1718
299 B
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 114
81 KB
9 4
Domain Requested by
4 candymachine.app candymachine.app
2 fullnode.mainnet.aptoslabs.com candymachine.app
2 region1.google-analytics.com www.googletagmanager.com
1 www.googletagmanager.com candymachine.app
9 4

This site contains links to these domains. Also see Links.

Domain
github.com
twitter.com
aptos.dev
Subject Issuer Validity Valid
candymachine.app
R3		 2023-04-26 -
2023-07-25		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2023-04-03 -
2023-06-26		 3 months crt.sh
fullnode.cloud-b.mainnet.aptoslabs.com
Amazon RSA 2048 M02		 2023-03-01 -
2023-11-09		 8 months crt.sh

This page contains 1 frames:

Primary Page: https://candymachine.app/
Frame ID: C3A1F35DA5387565378CA6B581F653C5
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Aptos Candy Machine

Page URL History Show full URLs

  1. http://candymachine.app/ HTTP 307
    https://candymachine.app/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js

Page Statistics

9
Requests

100 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

661 kB
Transfer

2529 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://candymachine.app/ HTTP 307
    https://candymachine.app/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
candymachine.app/
Redirect Chain
  • http://candymachine.app/
  • https://candymachine.app/
1 KB
672 B 		Document
General
Check archive.org
Download Go to
Full URL
https://candymachine.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
75.2.60.5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
acd89244c803f7181.awsglobalaccelerator.com
Software
Netlify /
Resource Hash
bd4468c70031727a6101aca1c5d650fc28251f883f003ccc70a745e060cf16b0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
1
cache-control
public, max-age=0, must-revalidate
content-encoding
br
content-length
459
content-type
text/html; charset=UTF-8
date
Sat, 29 Apr 2023 13:10:34 GMT
etag
"1d907d0fdf667a7fa795281c9c69e4a2-ssl-df"
server
Netlify
strict-transport-security
max-age=31536000
vary
Accept-Encoding
x-nf-request-id
01GZ6J5Y3D5S7EX1E0GMP269XD

Redirect headers

Cross-Origin-Resource-Policy
Cross-Origin
Location
https://candymachine.app/
Non-Authoritative-Reason
HSTS
main.fc38eb25.js
candymachine.app/static/js/ 		2 MB
526 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://candymachine.app/static/js/main.fc38eb25.js
Requested by
Host: candymachine.app
URL: https://candymachine.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
75.2.60.5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
acd89244c803f7181.awsglobalaccelerator.com
Software
Netlify /
Resource Hash
3d2dcbec1da21b73c41465f436aa54ac9c492746401266b1a0629f076a8c0dc8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://candymachine.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-nf-request-id
01GZ6J5YJTJFRFP6P009DDMT4C
date
Sat, 29 Apr 2023 13:10:34 GMT
content-encoding
br
strict-transport-security
max-age=31536000
server
Netlify
age
0
etag
"4641e323ee2f024fd2691f198c5e8b82-ssl-df"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=0, must-revalidate
accept-ranges
bytes
js
www.googletagmanager.com/gtag/ 		237 KB
81 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-ZMWR8MW50L
Requested by
Host: candymachine.app
URL: https://candymachine.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
b4e5c48f2e49c1bd060eb99b336a11ec1c06de0ebcbc0d0cd0f030899067c7e0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://candymachine.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sat, 29 Apr 2023 13:10:34 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
82734
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Sat, 29 Apr 2023 13:10:34 GMT
collect
region1.google-analytics.com/g/ 		0
254 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-ZMWR8MW50L&gtm=45je34q0&_p=1476858517&cid=2135952910.1682773835&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&ngs=1&_s=1&sid=1682773834&sct=1&seg=0&dl=https%3A%2F%2Fcandymachine.app%2F&dt=Aptos%20Candy%20Machine&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-ZMWR8MW50L
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://candymachine.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 29 Apr 2023 13:10:34 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://candymachine.app
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
logo512.png
candymachine.app/ 		50 KB
50 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://candymachine.app/logo512.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
75.2.60.5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
acd89244c803f7181.awsglobalaccelerator.com
Software
Netlify /
Resource Hash
22a72966715d90743dfa79153925ceb0fb9ada4831c9c583f7147b549d2153d0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://candymachine.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-nf-request-id
01GZ6J5ZK35NMBN44FA87G07S9
date
Sat, 29 Apr 2023 13:10:35 GMT
strict-transport-security
max-age=31536000
server
Netlify
age
0
etag
"a1e4c3a625cb77f0cd7f0ef24e5a2983-ssl"
content-type
image/png
cache-control
public, max-age=0, must-revalidate
accept-ranges
bytes
content-length
50821
aptos_word.svg
candymachine.app/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://candymachine.app/aptos_word.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
75.2.60.5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
acd89244c803f7181.awsglobalaccelerator.com
Software
Netlify /
Resource Hash
fc5a22f8528db28e8c72a6fbc9487388c4603e32b7cae2669efe8c002045ed14
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://candymachine.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-nf-request-id
01GZ6J5ZK37RW0TT3JHJQQP9W6
date
Sat, 29 Apr 2023 13:10:35 GMT
content-encoding
br
strict-transport-security
max-age=31536000
server
Netlify
age
0
etag
"8c925086928618870396556da184ea6f-ssl-df"
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
public, max-age=0, must-revalidate
accept-ranges
bytes
content-length
946
0x88e579563fad6dd96b17c9314badd081f667f443519a2512c0fbf95d462cc791::candy_machine_of_token_data_id::CandyMachineEvents
fullnode.mainnet.aptoslabs.com/v1/accounts/0x88e579563fad6dd96b17c9314badd081f667f443519a2512c0fbf95d462cc791/resource/ 		436 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fullnode.mainnet.aptoslabs.com/v1/accounts/0x88e579563fad6dd96b17c9314badd081f667f443519a2512c0fbf95d462cc791/resource/0x88e579563fad6dd96b17c9314badd081f667f443519a2512c0fbf95d462cc791::candy_machine_of_token_data_id::CandyMachineEvents
Requested by
Host: candymachine.app
URL: https://candymachine.app/static/js/main.fc38eb25.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
107.20.219.207 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-107-20-219-207.compute-1.amazonaws.com
Software
/
Resource Hash
dccc7be622b0c1374e9012cc3d6f276fb920a3511f7b93c0d1f397ea538de03b

Request headers

Accept
application/json
Referer
https://candymachine.app/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-aptos-ledger-version
131913410
date
Sat, 29 Apr 2023 13:10:35 GMT
x-aptos-oldest-block-height
0
x-aptos-ledger-oldest-version
0
x-aptos-epoch
2389
x-aptos-ledger-timestampusec
1682773834228574
content-type
application/json; charset=utf-8
access-control-allow-origin
https://candymachine.app
x-aptos-block-height
51343357
access-control-allow-credentials
true
vary
Origin
content-length
436
x-aptos-chain-id
1
0x88e579563fad6dd96b17c9314badd081f667f443519a2512c0fbf95d462cc791::candy_machine_of_token_data_id::CandyMachineEvents
fullnode.mainnet.aptoslabs.com/v1/accounts/0x88e579563fad6dd96b17c9314badd081f667f443519a2512c0fbf95d462cc791/resource/ 		436 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fullnode.mainnet.aptoslabs.com/v1/accounts/0x88e579563fad6dd96b17c9314badd081f667f443519a2512c0fbf95d462cc791/resource/0x88e579563fad6dd96b17c9314badd081f667f443519a2512c0fbf95d462cc791::candy_machine_of_token_data_id::CandyMachineEvents
Requested by
Host: candymachine.app
URL: https://candymachine.app/static/js/main.fc38eb25.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
107.20.219.207 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-107-20-219-207.compute-1.amazonaws.com
Software
/
Resource Hash
dccc7be622b0c1374e9012cc3d6f276fb920a3511f7b93c0d1f397ea538de03b

Request headers

Accept
application/json
Referer
https://candymachine.app/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-aptos-ledger-version
131913408
date
Sat, 29 Apr 2023 13:10:35 GMT
x-aptos-oldest-block-height
0
x-aptos-ledger-oldest-version
0
x-aptos-epoch
2389
x-aptos-ledger-timestampusec
1682773834017333
content-type
application/json; charset=utf-8
access-control-allow-origin
https://candymachine.app
x-aptos-block-height
51343356
access-control-allow-credentials
true
vary
Origin
content-length
436
x-aptos-chain-id
1
collect
region1.google-analytics.com/g/ 		0
45 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-ZMWR8MW50L&gtm=45je34q0&_p=1476858517&cid=2135952910.1682773835&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AEA&ngs=1&_s=2&sid=1682773834&sct=1&seg=0&dl=https%3A%2F%2Fcandymachine.app%2F&dt=Aptos%20Candy%20Machine&en=scroll&epn.percent_scrolled=90&_et=5
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-ZMWR8MW50L
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://candymachine.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 29 Apr 2023 13:10:39 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://candymachine.app
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless function| gtag object| dataLayer object| google_tag_manager object| google_tag_data function| onYouTubeIframeAPIReady object| gaGlobal object| webpackChunkcandymachine_ui undefined| memoryStorage object| regeneratorRuntime object| __REACT_ASYNC__

3 Cookies

Domain/Path Name / Value
.candymachine.app/ Name: _ga
Value: GA1.1.2135952910.1682773835
.candymachine.app/ Name: _ga_ZMWR8MW50L
Value: GS1.1.1682773834.1.0.1682773834.0.0.0
fullnode.mainnet.aptoslabs.com/ Name: AWSALBCORS
Value: pukxjE7gZxgh8T7yfzblXkp3tyUQrXIUXmesoryKigqOIPsf5DPcewqilAtyXEdrZsiIvP5druQzhgUxszu5BnO8p/mmIRdRT1CNtpK4IEg9zpQHrmPYOlJdRT7I

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000