urlscan.io logo urlscan.io
SecurityTrails logo

app.smartsheet.com Open in urlscan Pro
34.228.173.114  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://app19.vrent.com/
Effective URL: https://app.smartsheet.com/b/form/ae7161167bfc4cd2bba115fa55f59c69
Submission Tags: @phishunt_io
Submission: On February 04 via api from DE — Scanned from NL
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 3 countries across 4 domains to perform 15 HTTP transactions. The main IP is 34.228.173.114, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is app.smartsheet.com. The Cisco Umbrella rank of the primary domain is 5705.
TLS certificate: Issued by Amazon RSA 2048 M03 on December 7th 2023. Valid for: a year.
This is the only time app.smartsheet.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 2a12:5240::1 209626 (ENFLOW)
1 34.228.173.114 14618 (AMAZON-AES)
1 2a00:1450:400... 15169 (GOOGLE)
9 3.231.133.216 14618 (AMAZON-AES)
1 34.237.101.165 14618 (AMAZON-AES)
3 2a00:1450:400... 15169 (GOOGLE)
15 6
1    2a12:5240::1 (Netherlands)

ASN209626 (ENFLOW, NL)
app19.vrent.com
1    34.228.173.114 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-228-173-114.compute-1.amazonaws.com
app.smartsheet.com
1    2a00:1450:4001:801::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
9    3.231.133.216 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-231-133-216.compute-1.amazonaws.com
forms.smartsheet.com
1    34.237.101.165 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-237-101-165.compute-1.amazonaws.com
aws.smartsheet.com
3    2a00:1450:4001:806::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
Apex Domain
Subdomains		 Transfer
11 smartsheet.com
app.smartsheet.com — Cisco Umbrella Rank: 5705
forms.smartsheet.com — Cisco Umbrella Rank: 23369
aws.smartsheet.com — Cisco Umbrella Rank: 16791
2 MB
3 gstatic.com
fonts.gstatic.com
47 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 28
1 KB
1 vrent.com
app19.vrent.com
222 B
15 4
Domain Requested by
9 forms.smartsheet.com app.smartsheet.com
forms.smartsheet.com
3 fonts.gstatic.com fonts.googleapis.com
1 aws.smartsheet.com app.smartsheet.com
1 fonts.googleapis.com app.smartsheet.com
1 app.smartsheet.com
1 app19.vrent.com 1 redirects
15 6

This site contains links to these domains. Also see Links.

Domain
www.smartsheet.com
Subject Issuer Validity Valid
app.smartsheet.com
Amazon RSA 2048 M03		 2023-12-07 -
2025-01-05		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2024-01-09 -
2024-04-02		 3 months crt.sh
us-east-1.forms.smartsheet.com
Amazon RSA 2048 M03		 2023-11-27 -
2024-12-24		 a year crt.sh
aws.smartsheet.com
Amazon RSA 2048 M01		 2023-06-14 -
2024-07-12		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2024-01-09 -
2024-04-02		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://app.smartsheet.com/b/form/ae7161167bfc4cd2bba115fa55f59c69
Frame ID: 249014FC8FFEA08A153F7D315D467D44
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

19-Rental Application Request - santacruz@vrent.comCalendar IconCaret Icon

Page URL History Show full URLs

  1. https://app19.vrent.com/ HTTP 301
    https://app.smartsheet.com/b/form/ae7161167bfc4cd2bba115fa55f59c69 Page URL

Page Statistics

15
Requests

100 %
HTTPS

50 %
IPv6

4
Domains

6
Subdomains

6
IPs

3
Countries

2459 kB
Transfer

2489 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://app19.vrent.com/ HTTP 301
    https://app.smartsheet.com/b/form/ae7161167bfc4cd2bba115fa55f59c69 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request ae7161167bfc4cd2bba115fa55f59c69
app.smartsheet.com/b/form/
Redirect Chain
  • https://app19.vrent.com/
  • https://app.smartsheet.com/b/form/ae7161167bfc4cd2bba115fa55f59c69
15 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://app.smartsheet.com/b/form/ae7161167bfc4cd2bba115fa55f59c69
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.228.173.114 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-228-173-114.compute-1.amazonaws.com
Software
Apache /
Resource Hash
092f835b80e2177797720dffe9e17215609d937ab99061640d37baac6ce1096a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

cache-control
no-store
content-encoding
gzip
content-length
4551
content-type
text/html;charset=UTF-8
date
Sun, 04 Feb 2024 07:38:03 GMT
server
Apache
strict-transport-security
max-age=31536000; includeSubDomains
x-envoy-upstream-service-time
449
x-smar-halo-version
1893268

Redirect headers

content-length
101
content-type
text/html; charset=utf-8
date
Sun, 04 Feb 2024 07:38:02 GMT
location
https://app.smartsheet.com/b/form/ae7161167bfc4cd2bba115fa55f59c69
referrer-policy
no-referrer-when-downgrade
x-content-type-options
nosniff
x-powered-by
redirect.pizza
x-server
ams0.prod.edge.redirect.pizza
css
fonts.googleapis.com/ 		17 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto+Mono|Roboto+Slab|Roboto:300,400,400i,500,700,900
Requested by
Host: app.smartsheet.com
URL: https://app.smartsheet.com/b/form/ae7161167bfc4cd2bba115fa55f59c69
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
c16c5c735b143eb8bf3bbbdd90b3ba458da81b8d8af296ca996092ecb9ccc623
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://app.smartsheet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Sun, 04 Feb 2024 07:38:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Sun, 04 Feb 2024 07:20:53 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sun, 04 Feb 2024 07:38:03 GMT
main.f1bf452c.css
forms.smartsheet.com/assets/form-app/static/css/ 		44 KB
44 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://forms.smartsheet.com/assets/form-app/static/css/main.f1bf452c.css
Requested by
Host: app.smartsheet.com
URL: https://app.smartsheet.com/b/form/ae7161167bfc4cd2bba115fa55f59c69
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.231.133.216 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-231-133-216.compute-1.amazonaws.com
Software
/
Resource Hash
4d6f4f9da9ad9cf00699af230d055de498a37944b24760f0d4afd8fa466f5caf

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://app.smartsheet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Sun, 04 Feb 2024 07:38:03 GMT
last-modified
Tue, 28 Nov 2023 01:13:00 GMT
access-control-max-age
3600
access-control-allow-methods
*
x-smar-request-id
aaaaddltbwfjwgsko4yrwa5or14kave7b
access-control-allow-origin
*
content-type
text/css
cache-control
max-age=259200, public
x-smar-forms-version
1.135.10
accept-ranges
bytes
access-control-allow-headers
*
content-length
44977
main.960906fe.js
forms.smartsheet.com/assets/form-app/static/js/ 		2 MB
2 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://forms.smartsheet.com/assets/form-app/static/js/main.960906fe.js
Requested by
Host: app.smartsheet.com
URL: https://app.smartsheet.com/b/form/ae7161167bfc4cd2bba115fa55f59c69
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.231.133.216 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-231-133-216.compute-1.amazonaws.com
Software
/
Resource Hash
1489f62b704e18ba6acffa7f7dbb94e9f3afa7e559f8ba8e2aa89d14cb9eb0de

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://app.smartsheet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Sun, 04 Feb 2024 07:38:03 GMT
last-modified
Tue, 28 Nov 2023 01:13:00 GMT
access-control-max-age
3600
access-control-allow-methods
*
x-smar-request-id
aaaaddltbwfjwp9dfi633jbwiiesfvlau
access-control-allow-origin
*
content-type
application/javascript
cache-control
max-age=259200, public
x-smar-forms-version
1.135.10
accept-ranges
bytes
access-control-allow-headers
*
content-length
2404213
uimetrics
forms.smartsheet.com/api/public/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://forms.smartsheet.com/api/public/uimetrics
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.231.133.216 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-231-133-216.compute-1.amazonaws.com
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-smar-submission-token
Access-Control-Request-Method
POST
Origin
https://app.smartsheet.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

access-control-allow-headers
content-type, x-smar-submission-token
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-max-age
1800
content-length
0
date
Sun, 04 Feb 2024 07:38:04 GMT
vary
Origin Access-Control-Request-Method Access-Control-Request-Headers
x-smar-forms-version
1.135.10
x-smar-request-id
aaaaddltbwho4lh5336vtp2yhcvu5hlk1
truncated
/ 		9 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c6842b71c76c9cc160f40154b2b6c3a5c79cdc513cd2c382432be511044e4b0b

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

Content-Type
image/gif
alert-red.88f98533.svg
forms.smartsheet.com/assets/form-app/static/media/ 		966 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://forms.smartsheet.com/assets/form-app/static/media/alert-red.88f98533.svg
Requested by
Host: app.smartsheet.com
URL: https://app.smartsheet.com/b/form/ae7161167bfc4cd2bba115fa55f59c69
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.231.133.216 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-231-133-216.compute-1.amazonaws.com
Software
/
Resource Hash
b7e0a782ffdbbe286dc199ec2be7b7ab9f608a9f73419e8d2f2cd6fe5b5e3105

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://app.smartsheet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Sun, 04 Feb 2024 07:38:04 GMT
last-modified
Tue, 28 Nov 2023 01:13:00 GMT
access-control-max-age
3600
access-control-allow-methods
*
x-smar-request-id
aaaaddltbwhcgxmkiu924bo5t35y0tagy
access-control-allow-origin
*
content-type
image/svg+xml
cache-control
max-age=259200, public
x-smar-forms-version
1.135.10
accept-ranges
bytes
access-control-allow-headers
*
content-length
966
uimetrics
forms.smartsheet.com/api/public/ 		0
193 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://forms.smartsheet.com/api/public/uimetrics
Requested by
Host: forms.smartsheet.com
URL: https://forms.smartsheet.com/assets/form-app/static/js/main.960906fe.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.231.133.216 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-231-133-216.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/json, text/plain, */*
Referer
https://app.smartsheet.com/
x-smar-submission-token
5cgxgqvfkr8eyblenzez
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
Content-Type
application/json;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Sun, 04 Feb 2024 07:38:05 GMT
x-smar-forms-version
1.135.10
content-length
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-smar-request-id
aaaaddltbwhvgqz1leyzktg870skvrbn3
f!7XjYe4xaSq0!eqPUp3NNHG0!vH13pCyjo3qXFFF7_QVFWf
aws.smartsheet.com/storageProxy/image/images/ 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aws.smartsheet.com/storageProxy/image/images/f!7XjYe4xaSq0!eqPUp3NNHG0!vH13pCyjo3qXFFF7_QVFWf
Requested by
Host: app.smartsheet.com
URL: https://app.smartsheet.com/b/form/ae7161167bfc4cd2bba115fa55f59c69
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.237.101.165 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-237-101-165.compute-1.amazonaws.com
Software
. /
Resource Hash
c0d2a5801415d3a59a136ab5e0716eeb02e52c4f0e646cda18ec11681300df80
Security Headers
Name Value
Content-Security-Policy default-src 'none'; media-src 'self'; style-src 'unsafe-inline'; object-src 'self'; img-src *; font-src *; form-action 'none'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'none'; plugin-types application/pdf; frame-ancestors 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://app.smartsheet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Sun, 04 Feb 2024 07:38:05 GMT
content-security-policy
default-src 'none'; media-src 'self'; style-src 'unsafe-inline'; object-src 'self'; img-src *; font-src *; form-action 'none'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'none'; plugin-types application/pdf; frame-ancestors 'none';
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-image-width
300
referrer-policy
no-referrer
server
.
content-type
image/jpeg
access-control-allow-origin
https://app.smartsheet.com
cache-control
max-age=31536000, private, must-revalidate
access-control-allow-credentials
true
x-image-height
52
content-length
8707
x-xss-protection
1; mode=block
uimetrics
forms.smartsheet.com/api/public/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://forms.smartsheet.com/api/public/uimetrics
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.231.133.216 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-231-133-216.compute-1.amazonaws.com
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-smar-submission-token
Access-Control-Request-Method
POST
Origin
https://app.smartsheet.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

access-control-allow-headers
content-type, x-smar-submission-token
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-max-age
1800
content-length
0
date
Sun, 04 Feb 2024 07:38:05 GMT
vary
Origin Access-Control-Request-Method Access-Control-Request-Headers
x-smar-forms-version
1.135.10
x-smar-request-id
aaaaddltbwhx612p5a9hwu07lw108v0k0
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto+Mono|Roboto+Slab|Roboto:300,400,400i,500,700,900
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://app.smartsheet.com
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Wed, 31 Jan 2024 23:50:55 GMT
x-content-type-options
nosniff
age
287230
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15744
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:48 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 30 Jan 2025 23:50:55 GMT
KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto+Mono|Roboto+Slab|Roboto:300,400,400i,500,700,900
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://app.smartsheet.com
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Tue, 30 Jan 2024 00:01:51 GMT
x-content-type-options
nosniff
age
459374
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15740
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:56 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 29 Jan 2025 00:01:51 GMT
KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto+Mono|Roboto+Slab|Roboto:300,400,400i,500,700,900
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://app.smartsheet.com
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Fri, 02 Feb 2024 16:39:21 GMT
x-content-type-options
nosniff
age
140324
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15860
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:42 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 01 Feb 2025 16:39:21 GMT
uimetrics
forms.smartsheet.com/api/public/ 		0
192 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://forms.smartsheet.com/api/public/uimetrics
Requested by
Host: forms.smartsheet.com
URL: https://forms.smartsheet.com/assets/form-app/static/js/main.960906fe.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.231.133.216 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-231-133-216.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/json, text/plain, */*
Referer
https://app.smartsheet.com/
x-smar-submission-token
5cgxgqvfkr8eyblenzez
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
Content-Type
application/json;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Sun, 04 Feb 2024 07:38:05 GMT
x-smar-forms-version
1.135.10
content-length
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-smar-request-id
aaaaddltbwh6gp6suctusubcy5hdyolso
uimetrics
forms.smartsheet.com/api/public/ 		0
193 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://forms.smartsheet.com/api/public/uimetrics
Requested by
Host: forms.smartsheet.com
URL: https://forms.smartsheet.com/assets/form-app/static/js/main.960906fe.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.231.133.216 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-231-133-216.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/json, text/plain, */*
Referer
https://app.smartsheet.com/
x-smar-submission-token
5cgxgqvfkr8eyblenzez
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
Content-Type
application/json;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Sun, 04 Feb 2024 07:38:05 GMT
x-smar-forms-version
1.135.10
content-length
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-smar-request-id
aaaaddltbwh6iy6aotyw65j0dwevj6g2j
uimetrics
forms.smartsheet.com/api/public/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://forms.smartsheet.com/api/public/uimetrics
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.231.133.216 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-231-133-216.compute-1.amazonaws.com
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-smar-submission-token
Access-Control-Request-Method
POST
Origin
https://app.smartsheet.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

access-control-allow-headers
content-type, x-smar-submission-token
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-max-age
1800
content-length
0
date
Sun, 04 Feb 2024 07:38:05 GMT
vary
Origin Access-Control-Request-Method Access-Control-Request-Headers
x-smar-forms-version
1.135.10
x-smar-request-id
aaaaddltbwhx6l3i41kofpq0ih3f8kgm3

Verdicts & Comments Add Verdict or Comment

36 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

string| formEndpoint string| formDefinition string| formToken string| formAppVersion string| publishKey function| setImmediate function| clearImmediate object| regeneratorRuntime object| IntlPolyfill function| __extends function| __assign function| __rest function| __decorate function| __param function| __metadata function| __awaiter function| __generator function| __exportStar function| __createBinding function| __values function| __read function| __spread function| __spreadArrays function| __await function| __asyncGenerator function| __asyncDelegator function| __asyncValues function| __makeTemplateObject function| __importStar function| __importDefault function| __classPrivateFieldGet function| __classPrivateFieldSet function| __spreadArray object| core object| __SECRET_EMOTION__ function| _

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubDomains