api.clientpreview-vitruvian.beta.syfter.ai Open in urlscan Pro
31.24.106.236 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://api.clientpreview-vitruvian.beta.syfter.ai/
Submission: On January 22 via automatic, source certstream-suspicious (January 22nd 2024, 1:47:05 pm UTC) — Scanned from GB

Summary HTTP 13 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 13 HTTP transactions. The main IP is 31.24.106.236, located in London, United Kingdom and belongs to SC, GB. The main domain is api.clientpreview-vitruvian.beta.syfter.ai.
TLS certificate: Issued by R3 on January 22nd 2024. Valid for: 3 months.

This is the only time api.clientpreview-vitruvian.beta.syfter.ai was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
7	31.24.106.236 31.24.106.236	60672 (SC) (SC)
5	2a00:1450:400... 2a00:1450:4001:82a::200a	15169 (GOOGLE) (GOOGLE)
1	2a04:4e42:8e:... 2a04:4e42:8e::720	54113 (FASTLY) (FASTLY)
13	3

7 31.24.106.236 (London, United Kingdom)

ASN60672 (SC, GB)

api.clientpreview-vitruvian.beta.syfter.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:82a::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:8e::720 (United States)

ASN54113 (FASTLY, US)

images.unsplash.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	syfter.ai api.clientpreview-vitruvian.beta.syfter.ai	2 MB
5	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 28	4 KB
1	unsplash.com images.unsplash.com — Cisco Umbrella Rank: 5777	465 KB
13	3

	Domain	Requested by
7	api.clientpreview-vitruvian.beta.syfter.ai	api.clientpreview-vitruvian.beta.syfter.ai
5	fonts.googleapis.com	api.clientpreview-vitruvian.beta.syfter.ai
1	images.unsplash.com	api.clientpreview-vitruvian.beta.syfter.ai
13	3

This site contains no links.

Subject Issuer	Validity	Valid
api.clientpreview-vitruvian.beta.syfter.ai R3	`2024-01-22` - `2024-04-21`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
images.unsplash.com GlobalSign Atlas R3 DV TLS CA 2023 Q4	`2023-12-07` - `2025-01-07`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://api.clientpreview-vitruvian.beta.syfter.ai/
Frame ID: 304F35D842308212776FFDD60CD7358F
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Solutions Boilerplate

Page Statistics

13
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

2983 kB
Transfer

8966 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
api.clientpreview-vitruvian.beta.syfter.ai/ 730 B
2 KB 135ms
36ms Document
text/html 31.24.106.236
SC

General

Check archive.org

Show headers Download Go to

Full URL

https://api.clientpreview-vitruvian.beta.syfter.ai/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

31.24.106.236 London, United Kingdom, ASN60672 (SC, GB),

Reverse DNS

Software

Resource Hash

614a19d08d4cad685e70367d8cd856ef351a9b4f14d841b9eee6760b1f725401

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data:;object-src none;child-src 'self';frame-ancestors none;upgrade-insecure-requests;block-all-mixed-content;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;img-src 'self' data: *;font-src 'self' https://fonts.gstatic.com;base-uri 'self';form-action 'self';script-src 'self';script-src-attr 'none'
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
access-control-expose-headers: Authentication-Info
cache-control: public, max-age=0
content-length: 730
content-security-policy: default-src 'self' data:;object-src none;child-src 'self';frame-ancestors none;upgrade-insecure-requests;block-all-mixed-content;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;img-src 'self' data: *;font-src 'self' https://fonts.gstatic.com;base-uri 'self';form-action 'self';script-src 'self';script-src-attr 'none'
content-type: text/html; charset=UTF-8
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
date: Mon, 22 Jan 2024 13:46:59 GMT
etag: W/"2da-18d3103d418"
last-modified: Mon, 22 Jan 2024 11:52:31 GMT
origin-agent-cluster: ?1
permissions-policy: accelerometer=(), autoplay=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(self), usb=(), web-share=(), xr-spatial-tracking=()
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
vary: Origin, Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0

GET
H2 200 2.ca4ebec7.chunk.css
api.clientpreview-vitruvian.beta.syfter.ai/static/css/ 250 KB
36 KB 45ms
44ms Stylesheet
text/css 31.24.106.236
SC

General

Check archive.org

Show headers Download Go to

Full URL

https://api.clientpreview-vitruvian.beta.syfter.ai/static/css/2.ca4ebec7.chunk.css

Requested by

Host: api.clientpreview-vitruvian.beta.syfter.ai
URL: https://api.clientpreview-vitruvian.beta.syfter.ai/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

31.24.106.236 London, United Kingdom, ASN60672 (SC, GB),

Reverse DNS

Software

Resource Hash

b24c2168bd511015c367325534de320dfd2c2cbd4d65d7f4a0fee7fe89b09eb3

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data:;object-src none;child-src 'self';frame-ancestors none;upgrade-insecure-requests;block-all-mixed-content;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;img-src 'self' data: *;font-src 'self' https://fonts.gstatic.com;base-uri 'self';form-action 'self';script-src 'self';script-src-attr 'none'
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-security-policy: default-src 'self' data:;object-src none;child-src 'self';frame-ancestors none;upgrade-insecure-requests;block-all-mixed-content;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;img-src 'self' data: *;font-src 'self' https://fonts.gstatic.com;base-uri 'self';form-action 'self';script-src 'self';script-src-attr 'none'
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 22 Jan 2024 13:46:59 GMT
x-permitted-cross-domain-policies: none
strict-transport-security: max-age=15552000; includeSubDomains
x-dns-prefetch-control: off
cross-origin-resource-policy: same-origin
x-xss-protection: 0
referrer-policy: no-referrer
last-modified: Mon, 22 Jan 2024 11:52:31 GMT
cross-origin-opener-policy: same-origin
etag: W/"3e772-18d3103d418"
x-download-options: noopen
vary: Origin, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css; charset=UTF-8
origin-agent-cluster: ?1
access-control-expose-headers: Authentication-Info
cache-control: public, max-age=0
permissions-policy: accelerometer=(), autoplay=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(self), usb=(), web-share=(), xr-spatial-tracking=()
accept-ranges: bytes

GET
H2 200 main.8e5fcb6e.chunk.css
api.clientpreview-vitruvian.beta.syfter.ai/static/css/ 677 B
756 B 40ms
39ms Stylesheet
text/css 31.24.106.236
SC

General

Check archive.org

Show headers Download Go to

Full URL

https://api.clientpreview-vitruvian.beta.syfter.ai/static/css/main.8e5fcb6e.chunk.css

Requested by

Host: api.clientpreview-vitruvian.beta.syfter.ai
URL: https://api.clientpreview-vitruvian.beta.syfter.ai/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

31.24.106.236 London, United Kingdom, ASN60672 (SC, GB),

Reverse DNS

Software

Resource Hash

97603c70df01347dcf68425796a09eae72e65b8e9547f200905effce5d8cf859

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data:;object-src none;child-src 'self';frame-ancestors none;upgrade-insecure-requests;block-all-mixed-content;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;img-src 'self' data: *;font-src 'self' https://fonts.gstatic.com;base-uri 'self';form-action 'self';script-src 'self';script-src-attr 'none'
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-security-policy: default-src 'self' data:;object-src none;child-src 'self';frame-ancestors none;upgrade-insecure-requests;block-all-mixed-content;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;img-src 'self' data: *;font-src 'self' https://fonts.gstatic.com;base-uri 'self';form-action 'self';script-src 'self';script-src-attr 'none'
date: Mon, 22 Jan 2024 13:46:59 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
x-dns-prefetch-control: off
cross-origin-resource-policy: same-origin
content-length: 677
x-xss-protection: 0
referrer-policy: no-referrer
last-modified: Mon, 22 Jan 2024 11:52:31 GMT
cross-origin-opener-policy: same-origin
etag: W/"2a5-18d3103d418"
x-download-options: noopen
vary: Origin, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css; charset=UTF-8
origin-agent-cluster: ?1
access-control-expose-headers: Authentication-Info
cache-control: public, max-age=0
permissions-policy: accelerometer=(), autoplay=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(self), usb=(), web-share=(), xr-spatial-tracking=()
accept-ranges: bytes

GET
H2 200 runtime-main.09b85ec0.js Show response
api.clientpreview-vitruvian.beta.syfter.ai/static/js/ 1 KB
804 B 45ms
44ms Script
application/javascript 31.24.106.236
SC

General

Check archive.org

Show headers Download Go to

Full URL

https://api.clientpreview-vitruvian.beta.syfter.ai/static/js/runtime-main.09b85ec0.js

Requested by

Host: api.clientpreview-vitruvian.beta.syfter.ai
URL: https://api.clientpreview-vitruvian.beta.syfter.ai/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

31.24.106.236 London, United Kingdom, ASN60672 (SC, GB),

Reverse DNS

Software

Resource Hash

aecc3be190d6c2d0d6317e9db88e77ae60c6099834f346360e042999795038ed

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data:;object-src none;child-src 'self';frame-ancestors none;upgrade-insecure-requests;block-all-mixed-content;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;img-src 'self' data: *;font-src 'self' https://fonts.gstatic.com;base-uri 'self';form-action 'self';script-src 'self';script-src-attr 'none'
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-security-policy: default-src 'self' data:;object-src none;child-src 'self';frame-ancestors none;upgrade-insecure-requests;block-all-mixed-content;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;img-src 'self' data: *;font-src 'self' https://fonts.gstatic.com;base-uri 'self';form-action 'self';script-src 'self';script-src-attr 'none'
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 22 Jan 2024 13:46:59 GMT
x-permitted-cross-domain-policies: none
strict-transport-security: max-age=15552000; includeSubDomains
x-dns-prefetch-control: off
cross-origin-resource-policy: same-origin
x-xss-protection: 0
referrer-policy: no-referrer
last-modified: Mon, 22 Jan 2024 11:52:31 GMT
cross-origin-opener-policy: same-origin
etag: W/"5df-18d3103d418"
x-download-options: noopen
vary: Origin, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=UTF-8
origin-agent-cluster: ?1
access-control-expose-headers: Authentication-Info
cache-control: public, max-age=0
permissions-policy: accelerometer=(), autoplay=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(self), usb=(), web-share=(), xr-spatial-tracking=()
accept-ranges: bytes

GET
H2 200 2.3839c1ed.chunk.js Show response
api.clientpreview-vitruvian.beta.syfter.ai/static/js/ 8 MB
2 MB 45ms
44ms Script
application/javascript 31.24.106.236
SC

General

Check archive.org

Show headers Download Go to

Full URL

https://api.clientpreview-vitruvian.beta.syfter.ai/static/js/2.3839c1ed.chunk.js

Requested by

Host: api.clientpreview-vitruvian.beta.syfter.ai
URL: https://api.clientpreview-vitruvian.beta.syfter.ai/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

31.24.106.236 London, United Kingdom, ASN60672 (SC, GB),

Reverse DNS

Software

Resource Hash

6651514360ac13ef7a25cbaf59af0e12592d096e308e4fde1927994125fd09e9

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data:;object-src none;child-src 'self';frame-ancestors none;upgrade-insecure-requests;block-all-mixed-content;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;img-src 'self' data: *;font-src 'self' https://fonts.gstatic.com;base-uri 'self';form-action 'self';script-src 'self';script-src-attr 'none'
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-security-policy: default-src 'self' data:;object-src none;child-src 'self';frame-ancestors none;upgrade-insecure-requests;block-all-mixed-content;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;img-src 'self' data: *;font-src 'self' https://fonts.gstatic.com;base-uri 'self';form-action 'self';script-src 'self';script-src-attr 'none'
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 22 Jan 2024 13:46:59 GMT
x-permitted-cross-domain-policies: none
strict-transport-security: max-age=15552000; includeSubDomains
x-dns-prefetch-control: off
cross-origin-resource-policy: same-origin
x-xss-protection: 0
referrer-policy: no-referrer
last-modified: Mon, 22 Jan 2024 11:52:31 GMT
cross-origin-opener-policy: same-origin
etag: W/"7c1ed1-18d3103d418"
x-download-options: noopen
vary: Origin, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=UTF-8
origin-agent-cluster: ?1
access-control-expose-headers: Authentication-Info
cache-control: public, max-age=0
permissions-policy: accelerometer=(), autoplay=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(self), usb=(), web-share=(), xr-spatial-tracking=()
accept-ranges: bytes

GET
H2 200 main.4c76a35f.chunk.js Show response
api.clientpreview-vitruvian.beta.syfter.ai/static/js/ 242 KB
34 KB 44ms
43ms Script
application/javascript 31.24.106.236
SC

General

Check archive.org

Show headers Download Go to

Full URL

https://api.clientpreview-vitruvian.beta.syfter.ai/static/js/main.4c76a35f.chunk.js

Requested by

Host: api.clientpreview-vitruvian.beta.syfter.ai
URL: https://api.clientpreview-vitruvian.beta.syfter.ai/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

31.24.106.236 London, United Kingdom, ASN60672 (SC, GB),

Reverse DNS

Software

Resource Hash

1a1bd8f016f5b03dd353570ace259023436c931d5e91aff4babfbb93cfdc7c30

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data:;object-src none;child-src 'self';frame-ancestors none;upgrade-insecure-requests;block-all-mixed-content;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;img-src 'self' data: *;font-src 'self' https://fonts.gstatic.com;base-uri 'self';form-action 'self';script-src 'self';script-src-attr 'none'
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-security-policy: default-src 'self' data:;object-src none;child-src 'self';frame-ancestors none;upgrade-insecure-requests;block-all-mixed-content;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;img-src 'self' data: *;font-src 'self' https://fonts.gstatic.com;base-uri 'self';form-action 'self';script-src 'self';script-src-attr 'none'
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 22 Jan 2024 13:46:59 GMT
x-permitted-cross-domain-policies: none
strict-transport-security: max-age=15552000; includeSubDomains
x-dns-prefetch-control: off
cross-origin-resource-policy: same-origin
x-xss-protection: 0
referrer-policy: no-referrer
last-modified: Mon, 22 Jan 2024 11:52:31 GMT
cross-origin-opener-policy: same-origin
etag: W/"3c9b6-18d3103d418"
x-download-options: noopen
vary: Origin, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=UTF-8
origin-agent-cluster: ?1
access-control-expose-headers: Authentication-Info
cache-control: public, max-age=0
permissions-policy: accelerometer=(), autoplay=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(self), usb=(), web-share=(), xr-spatial-tracking=()
accept-ranges: bytes

GET
H2 200 css
fonts.googleapis.com/ 11 KB
1 KB 142ms
51ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,400i,600,700

Requested by

Host: api.clientpreview-vitruvian.beta.syfter.ai
URL: https://api.clientpreview-vitruvian.beta.syfter.ai/static/css/2.ca4ebec7.chunk.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

0d9553c795d3bacab53da4a00b9d2e606fd8f25b719e2530e7011cb26f76bf2b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 22 Jan 2024 13:46:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 22 Jan 2024 13:22:22 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 22 Jan 2024 13:46:59 GMT

GET
H2 200 css
fonts.googleapis.com/ 6 KB
699 B 146ms
55ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Oswald:300,400,500,600

Requested by

Host: api.clientpreview-vitruvian.beta.syfter.ai
URL: https://api.clientpreview-vitruvian.beta.syfter.ai/static/css/2.ca4ebec7.chunk.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

7f4fa2cda17334024ef89953b771f2b44480fb3b4a370429d96c0f0978bc6291

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 22 Jan 2024 13:46:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 22 Jan 2024 13:46:59 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 22 Jan 2024 13:46:59 GMT

GET
H2 200 css
fonts.googleapis.com/ 7 KB
708 B 143ms
52ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Playfair+Display:400,400i,700,700i,900

Requested by

Host: api.clientpreview-vitruvian.beta.syfter.ai
URL: https://api.clientpreview-vitruvian.beta.syfter.ai/static/css/2.ca4ebec7.chunk.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

923c08cdb9cc7fa005cf8c04d8119b31fa16960e1112a339767843f5e286aeb2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 22 Jan 2024 13:46:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 22 Jan 2024 13:43:33 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 22 Jan 2024 13:46:59 GMT

GET
H2 200 css
fonts.googleapis.com/ 15 KB
884 B 147ms
56ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Sarabun:200,300,300i,400,400i,500,500i,600,600i,700,800

Requested by

Host: api.clientpreview-vitruvian.beta.syfter.ai
URL: https://api.clientpreview-vitruvian.beta.syfter.ai/static/css/2.ca4ebec7.chunk.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a50e0a1f09dcf1fb47b6e5d048fb4ecd8b29101b50dcab76ab730c4c6bab2c85

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 22 Jan 2024 13:46:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 22 Jan 2024 13:46:59 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 22 Jan 2024 13:46:59 GMT

GET
H2 200 css
fonts.googleapis.com/ 17 KB
888 B 148ms
57ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Raleway:400,400i,500,500i,600,600i,700,700i,800,900&display=swap

Requested by

Host: api.clientpreview-vitruvian.beta.syfter.ai
URL: https://api.clientpreview-vitruvian.beta.syfter.ai/static/css/2.ca4ebec7.chunk.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a8b4e7ca494fe21076f29e094926d6f901cbfcce0e00c132c16c4c594c89d862

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 22 Jan 2024 13:46:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 22 Jan 2024 13:46:59 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 22 Jan 2024 13:46:59 GMT

GET
H2 200 filament-logo-dark.8822774a.svg
api.clientpreview-vitruvian.beta.syfter.ai/static/media/ 5 KB
3 KB 38ms
37ms Image
image/svg+xml 31.24.106.236
SC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://api.clientpreview-vitruvian.beta.syfter.ai/static/media/filament-logo-dark.8822774a.svg

Requested by

Host: api.clientpreview-vitruvian.beta.syfter.ai
URL: https://api.clientpreview-vitruvian.beta.syfter.ai/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

31.24.106.236 London, United Kingdom, ASN60672 (SC, GB),

Reverse DNS

Software

Resource Hash

ee24d8b929e421861faee57602591babceef21cdbe88000106fa6bbde63555bb

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data:;object-src none;child-src 'self';frame-ancestors none;upgrade-insecure-requests;block-all-mixed-content;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;img-src 'self' data: *;font-src 'self' https://fonts.gstatic.com;base-uri 'self';form-action 'self';script-src 'self';script-src-attr 'none'
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-security-policy: default-src 'self' data:;object-src none;child-src 'self';frame-ancestors none;upgrade-insecure-requests;block-all-mixed-content;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;img-src 'self' data: *;font-src 'self' https://fonts.gstatic.com;base-uri 'self';form-action 'self';script-src 'self';script-src-attr 'none'
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 22 Jan 2024 13:47:00 GMT
x-permitted-cross-domain-policies: none
strict-transport-security: max-age=15552000; includeSubDomains
x-dns-prefetch-control: off
cross-origin-resource-policy: same-origin
x-xss-protection: 0
referrer-policy: no-referrer
last-modified: Mon, 22 Jan 2024 11:52:31 GMT
cross-origin-opener-policy: same-origin
etag: W/"1538-18d3103d418"
x-download-options: noopen
vary: Origin, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
origin-agent-cluster: ?1
access-control-expose-headers: Authentication-Info
cache-control: public, max-age=0
permissions-policy: accelerometer=(), autoplay=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(self), usb=(), web-share=(), xr-spatial-tracking=()
accept-ranges: bytes

GET
H2 200 photo-1515508866870-7aa2a950a492
images.unsplash.com/ 464 KB
465 KB 152ms
62ms Image
image/avif 2a04:4e42:8e::720
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.unsplash.com/photo-1515508866870-7aa2a950a492?ixlib=rb-1.2.1&ixid=eyJhcHBfaWQiOjEyMDd9&auto=format&fit=crop&w=1534&q=80

Requested by

Host: api.clientpreview-vitruvian.beta.syfter.ai
URL: https://api.clientpreview-vitruvian.beta.syfter.ai/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:8e::720 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

imgix /

Resource Hash

fc03b2b73ec4e0d4a704490363337c7dfca710b57ea124406a5c261298d70788

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://api.clientpreview-vitruvian.beta.syfter.ai/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 13:47:00 GMT
x-content-type-options: nosniff
age: 642238
x-cache: HIT, HIT
x-imgix-id: 125b98f1aeef44c9a2f2e3c943dc037fe7a7b852
cross-origin-resource-policy: cross-origin
content-length: 475603
x-served-by: cache-sjc1000104-SJC, cache-fra-etou8220053-FRA
x-imgix-render-farm: 01.140328
last-modified: Mon, 15 Jan 2024 03:23:02 GMT
server: imgix
vary: Accept, User-Agent
content-type: image/avif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'document-domain'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'web-share'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self' data:;object-src none;child-src 'self';frame-ancestors none;upgrade-insecure-requests;block-all-mixed-content;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;img-src 'self' data: *;font-src 'self' https://fonts.gstatic.com;base-uri 'self';form-action 'self';script-src 'self';script-src-attr 'none'
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.clientpreview-vitruvian.beta.syfter.ai
fonts.googleapis.com
images.unsplash.com
2a00:1450:4001:82a::200a
2a04:4e42:8e::720
31.24.106.236
0d9553c795d3bacab53da4a00b9d2e606fd8f25b719e2530e7011cb26f76bf2b
1a1bd8f016f5b03dd353570ace259023436c931d5e91aff4babfbb93cfdc7c30
614a19d08d4cad685e70367d8cd856ef351a9b4f14d841b9eee6760b1f725401
6651514360ac13ef7a25cbaf59af0e12592d096e308e4fde1927994125fd09e9
7f4fa2cda17334024ef89953b771f2b44480fb3b4a370429d96c0f0978bc6291
923c08cdb9cc7fa005cf8c04d8119b31fa16960e1112a339767843f5e286aeb2
97603c70df01347dcf68425796a09eae72e65b8e9547f200905effce5d8cf859
a50e0a1f09dcf1fb47b6e5d048fb4ecd8b29101b50dcab76ab730c4c6bab2c85
a8b4e7ca494fe21076f29e094926d6f901cbfcce0e00c132c16c4c594c89d862
aecc3be190d6c2d0d6317e9db88e77ae60c6099834f346360e042999795038ed
b24c2168bd511015c367325534de320dfd2c2cbd4d65d7f4a0fee7fe89b09eb3
ee24d8b929e421861faee57602591babceef21cdbe88000106fa6bbde63555bb
fc03b2b73ec4e0d4a704490363337c7dfca710b57ea124406a5c261298d70788

api.clientpreview-vitruvian.beta.syfter.ai Open in urlscan Pro 31.24.106.236 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

13 Requests

100 %HTTPS

67 %IPv6

3 Domains

3 Subdomains

3 IPs

3 Countries

2983 kBTransfer

8966 kBSize

0 Cookies

0 Outgoing links

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

0 Cookies

2 Console Messages

Security Headers

Indicators

api.clientpreview-vitruvian.beta.syfter.ai Open in urlscan Pro
31.24.106.236 Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

2983 kB
Transfer

8966 kB
Size

0
Cookies

13 HTTP transactions
0 data transactions