app.staging.projectwashington.com Open in urlscan Pro
2620:0:890::100 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://auth.app.staging.projectwashington.com/
Effective URL:
https://app.staging.projectwashington.com/
Submission: On August 13 via automatic, source certstream-suspicious (August 13th 2024, 12:41:34 am UTC) — Scanned from DE

Summary HTTP 21 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 10 IPs in 3 countries across 6 domains to perform 21 HTTP transactions. The main IP is 2620:0:890::100, located in United States and belongs to FASTLY, US. The main domain is app.staging.projectwashington.com.
TLS certificate: Issued by WR3 on June 3rd 2024. Valid for: 3 months.

This is the only time app.staging.projectwashington.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 4	2606:4700::68... 2606:4700::6813:a718	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2620:0:890::100 2620:0:890::100	54113 (FASTLY) (FASTLY)
1	2a00:1450:400... 2a00:1450:4001:82f::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:81c::2008	15169 (GOOGLE) (GOOGLE)
1	13.225.78.65 13.225.78.65	16509 (AMAZON-02) (AMAZON-02)
3	199.36.158.100 199.36.158.100	54113 (FASTLY) (FASTLY)
1	2600:9000:235... 2600:9000:2359:f200:10:474e:104a:2961	16509 (AMAZON-02) (AMAZON-02)
4	104.19.168.24 104.19.168.24	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	99.86.4.9 99.86.4.9	16509 (AMAZON-02) (AMAZON-02)
21	10

4 2606:4700::6813:a718 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

auth.app.staging.projectwashington.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2620:0:890::100 (United States)

ASN54113 (FASTLY, US)

app.staging.projectwashington.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
washington-dev-27f36.web.app	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81c::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.225.78.65 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-78-65.fra2.r.cloudfront.net

js.stripe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 199.36.158.100 (United States)

ASN54113 (FASTLY, US)

app.staging.projectwashington.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2359:f200:10:474e:104a:2961 (United States)

ASN16509 (AMAZON-02, US)

cdn.auth0.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.19.168.24 (None, )

ASN13335 (CLOUDFLARENET, US)

auth.app.staging.projectwashington.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 99.86.4.9 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-4-9.fra6.r.cloudfront.net

js.stripe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	projectwashington.com 1 redirects auth.app.staging.projectwashington.com app.staging.projectwashington.com	561 KB
3	stripe.com js.stripe.com — Cisco Umbrella Rank: 2856	156 KB
1	auth0.com cdn.auth0.com — Cisco Umbrella Rank: 10656	3 KB
1	web.app washington-dev-27f36.web.app	9 KB
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 112	102 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 110	1 KB
21	6

	Domain	Requested by
8	auth.app.staging.projectwashington.com	1 redirects app.staging.projectwashington.com
6	app.staging.projectwashington.com	app.staging.projectwashington.com
3	js.stripe.com	app.staging.projectwashington.com js.stripe.com
1	cdn.auth0.com	app.staging.projectwashington.com
1	washington-dev-27f36.web.app	app.staging.projectwashington.com
1	www.googletagmanager.com	app.staging.projectwashington.com
1	fonts.googleapis.com	app.staging.projectwashington.com
21	7

This site contains links to these domains. Also see Links.

Domain
betterwise.com

Subject Issuer	Validity	Valid
harris.tools WR3	`2024-06-03` - `2024-09-01`	3 months	crt.sh
upload.video.google.com WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
*.google-analytics.com WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
auth.app.staging.projectwashington.com E6	`2024-08-12` - `2024-11-10`	3 months	crt.sh
a.stripecdn.com DigiCert SHA2 Extended Validation Server CA	`2024-07-23` - `2024-10-24`	3 months	crt.sh
web.app WR4	`2024-07-26` - `2024-10-24`	3 months	crt.sh
*.auth0.com Amazon RSA 2048 M03	`2024-01-25` - `2025-02-22`	a year	crt.sh

This page contains 6 frames:

Primary Page: https://app.staging.projectwashington.com/
Frame ID: 51336FE6528173EE26962A0F48F21E4D
Requests: 15 HTTP requests in this frame

Frame: https://auth.app.staging.projectwashington.com/authorize?client_id=OIdcUwAo3gGmvQ3thaCZHw11F9eH3x1b&response_type=token%20id_token&redirect_uri=https%3A%2F%2Fapp.staging.projectwashington.com%3FappState%3D%2Fdashboard&scope=openid%20profile%20email&audience=%2Fapi%2Fmembership&state=GVQsMwXL8t9yIK7V8PeD1-DSjK_58ehK&nonce=LtvQhEbkmD8-ZzPk0DSYTV2yXik6VO96&response_mode=web_message&prompt=none&auth0Client=eyJuYW1lIjoibG9jay5qcyIsInZlcnNpb24iOiIxMS4zNS4xIiwiZW52Ijp7ImF1dGgwLmpzIjoiOS4yNi4xIn19
Frame ID: 6CBFDFC0699481B5E6E1F7672C3010CD
Requests: 1 HTTP requests in this frame

Frame: https://auth.app.staging.projectwashington.com/authorize?client_id=OIdcUwAo3gGmvQ3thaCZHw11F9eH3x1b&response_type=token%20id_token&redirect_uri=https%3A%2F%2Fapp.staging.projectwashington.com%3FappState%3D%2Fdashboard&scope=openid%20profile%20email&audience=%2Fapi%2Fmembership&state=6~.jiQoBR-j2gTFnNyy2.XqbY~eb8Pp~&nonce=939v3obPb8NKv4jNc97P8EaCz90tRmJT&response_mode=web_message&prompt=none&auth0Client=eyJuYW1lIjoibG9jay5qcyIsInZlcnNpb24iOiIxMS4zNS4xIiwiZW52Ijp7ImF1dGgwLmpzIjoiOS4yNi4xIiwiYXV0aDAuanMtdWxwIjoiOS4yNi4xIn19
Frame ID: 7C57582124614E810CCB6B12FA32CAAD
Requests: 1 HTTP requests in this frame

Frame: https://auth.app.staging.projectwashington.com/authorize?client_id=OIdcUwAo3gGmvQ3thaCZHw11F9eH3x1b&response_type=token%20id_token&redirect_uri=https%3A%2F%2Fapp.staging.projectwashington.com%3FappState%3D%2Fdashboard&scope=openid%20profile%20email&audience=%2Fapi%2Fmembership&state=SohG69lnUya48~Y2xOcMcyXLXoXv1ZI9&nonce=qZt8fQI7YTzYcBpRXl1iQyNdnPbUVBqv&response_mode=web_message&prompt=none&auth0Client=eyJuYW1lIjoibG9jay5qcyIsInZlcnNpb24iOiIxMS4zNS4xIiwiZW52Ijp7ImF1dGgwLmpzIjoiOS4yNi4xIiwiYXV0aDAuanMtdWxwIjoiOS4yNi4xIn19
Frame ID: BAC53F13C0170CDF4F0EF2EC49483BC7
Requests: 1 HTTP requests in this frame

Frame: https://js.stripe.com/v3/controller-with-preconnect-c5ddb4c39f2937bbc0e25e5710a9603b.html
Frame ID: CB992F99DF70748BD2C142C638715889
Requests: 1 HTTP requests in this frame

Frame: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html
Frame ID: D4A9D06886C4D5485C6ABE93038BF065
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Betterwise

Page URL History Show full URLs

https://auth.app.staging.projectwashington.com/ HTTP 302
https://app.staging.projectwashington.com/ Page URL

Detected technologies

Stripe (Payment Processors) Expand

Overall confidence: 100%
Detected patterns

js\.stripe\.com

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Page Statistics

21
Requests

95 %
HTTPS

56 %
IPv6

6
Domains

7
Subdomains

10
IPs

3
Countries

833 kB
Transfer

3481 kB
Size

6
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://betterwise.com/terms/
Title: Terms of Service

Search URL Search Domain Scan URL

URL: https://betterwise.com/privacy
Title: Privacy Policy

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://auth.app.staging.projectwashington.com/ HTTP 302
https://app.staging.projectwashington.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

21 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
app.staging.projectwashington.com/
Redirect Chain

https://auth.app.staging.projectwashington.com/
https://app.staging.projectwashington.com/

1 KB
722 B

402ms
171ms

Document
text/html

2620:0:890::100
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://app.staging.projectwashington.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:0:890::100 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

c792a5ae5b141a9e86f2906a323e776e2352c2b0622a1f563a9d9c80163e1a74

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
cache-control: max-age=3600
content-encoding: br
content-length: 372
content-type: text/html; charset=utf-8
date: Tue, 13 Aug 2024 00:41:29 GMT
etag: "296528e4c8c41621b3229c39522c62c26e16bff4a8808f2aeadb2cef46c28c68-br"
last-modified: Sat, 08 Jun 2024 20:31:02 GMT
strict-transport-security: max-age=31556926
vary: x-fh-requested-host, accept-encoding
x-cache: MISS
x-cache-hits: 0
x-served-by: cache-fra-eddf8230078-FRA
x-timer: S1723509689.376853,VS0,VE144

Redirect headers

age: 1
alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=60
cf-cache-status: HIT
cf-ray: 8b24a8e4dd103686-FRA
content-type: text/html; charset=utf-8
date: Tue, 13 Aug 2024 00:41:29 GMT
location: https://app.staging.projectwashington.com/
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept, Accept-Encoding
x-auth0-requestid: 7316f05fe2aba422ece7
x-content-type-options: nosniff

GET
H2 200 css2
fonts.googleapis.com/ 18 KB
1 KB 134ms
48ms Stylesheet
text/css 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Lexend:wght@400;500;600;700&family=Roboto:wght@100;300;400;500;700;900&display=swap

Requested by

Host: app.staging.projectwashington.com
URL: https://app.staging.projectwashington.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ba6ba9d4ef28bf980b321759c3589e94e4e0f6b6b5cf288924bc7027324c8a15

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://app.staging.projectwashington.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 13 Aug 2024 00:41:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 13 Aug 2024 00:41:29 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 13 Aug 2024 00:41:29 GMT

GET
H2 200 main.dfb06f90.js Show response
app.staging.projectwashington.com/static/js/ 2 MB
506 KB 214ms
212ms Script
text/javascript 2620:0:890::100
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://app.staging.projectwashington.com/static/js/main.dfb06f90.js

Requested by

Host: app.staging.projectwashington.com
URL: https://app.staging.projectwashington.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:0:890::100 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

d09fcea828ab0c4a160444118456fdb24c1735b01dc70230871607317b97ad8e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926

Request headers

Referer: https://app.staging.projectwashington.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-cache-hits: 0
strict-transport-security: max-age=31556926
content-encoding: br
date: Tue, 13 Aug 2024 00:41:29 GMT
last-modified: Sat, 08 Jun 2024 20:31:02 GMT
x-timer: S1723509690.585081,VS0,VE184
etag: "d66470c3d93b3a1de27d1a4368cb625ca027ddf1c0b6c8ac9012baa4ee8c265f-br"
vary: x-fh-requested-host, accept-encoding
x-cache: MISS
content-type: text/javascript; charset=utf-8
cache-control: max-age=3600
accept-ranges: bytes
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 517275
x-served-by: cache-fra-eddf8230078-FRA

GET
H2 200 main.3566c99b.css
app.staging.projectwashington.com/static/css/ 3 KB
931 B 165ms
165ms Stylesheet
text/css 2620:0:890::100
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://app.staging.projectwashington.com/static/css/main.3566c99b.css

Requested by

Host: app.staging.projectwashington.com
URL: https://app.staging.projectwashington.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:0:890::100 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

f68dfcc3464c2923c75a0a63dac88c1b954b809be270e69c69c184cce84452c8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926

Request headers

Referer: https://app.staging.projectwashington.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-cache-hits: 0
strict-transport-security: max-age=31556926
content-encoding: br
date: Tue, 13 Aug 2024 00:41:29 GMT
last-modified: Sat, 08 Jun 2024 20:31:02 GMT
x-timer: S1723509690.585096,VS0,VE140
etag: "ff7f16986decf408433a701bcb56a65dd7051706780a96b4aaa63a04a6bed652-br"
vary: x-fh-requested-host, accept-encoding
x-cache: MISS
content-type: text/css; charset=utf-8
cache-control: max-age=3600
accept-ranges: bytes
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 799
x-served-by: cache-fra-eddf8230078-FRA

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 308 KB
102 KB 119ms
58ms Script
application/javascript 2a00:1450:4001:81c::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-4ED57KCKZ8

Requested by

Host: app.staging.projectwashington.com
URL: https://app.staging.projectwashington.com/static/js/main.dfb06f90.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

90fdc1fcf5b24d49a6a2e0a21e8d8c191e51b1d4dda694965934e6711820349f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://app.staging.projectwashington.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 13 Aug 2024 00:41:30 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 104503
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 13 Aug 2024 00:41:30 GMT

GET
H2 200 authorize Show response
auth.app.staging.projectwashington.com/ Frame 6CBF 1 KB
1 KB 270ms
253ms Document
text/html 2606:4700::6813:a718
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://auth.app.staging.projectwashington.com/authorize?client_id=OIdcUwAo3gGmvQ3thaCZHw11F9eH3x1b&response_type=token%20id_token&redirect_uri=https%3A%2F%2Fapp.staging.projectwashington.com%3FappState%3D%2Fdashboard&scope=openid%20profile%20email&audience=%2Fapi%2Fmembership&state=GVQsMwXL8t9yIK7V8PeD1-DSjK_58ehK&nonce=LtvQhEbkmD8-ZzPk0DSYTV2yXik6VO96&response_mode=web_message&prompt=none&auth0Client=eyJuYW1lIjoibG9jay5qcyIsInZlcnNpb24iOiIxMS4zNS4xIiwiZW52Ijp7ImF1dGgwLmpzIjoiOS4yNi4xIn19

Requested by

Host: app.staging.projectwashington.com
URL: https://app.staging.projectwashington.com/static/js/main.dfb06f90.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:a718 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cb6378231e240ab91b1daf205c8e1c5246f23449c8555aa4fc0ed77ac9746069

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://app.staging.projectwashington.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-cache, no-store
cf-cache-status: DYNAMIC
cf-ray: 8b24a8ebe9503686-FRA
content-encoding: br
content-type: text/html;charset=UTF-8
date: Tue, 13 Aug 2024 00:41:30 GMT
pragma: no-cache
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
x-auth0-requestid: 6048ae69ee8039c2f32d
x-content-type-options: nosniff
x-ratelimit-limit: 100
x-ratelimit-remaining: 99
x-ratelimit-reset: 1723509691

GET
H2 200 v3 Show response
js.stripe.com/ 637 KB
156 KB 280ms
150ms Script
text/javascript 13.225.78.65
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3

Requested by

Host: app.staging.projectwashington.com
URL: https://app.staging.projectwashington.com/static/js/main.dfb06f90.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.78.65 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-78-65.fra2.r.cloudfront.net

Software

Cloudfront /

Resource Hash

cbe2ad6853b4107f183861dcb0779d1781a5a1fd865057508291e492a64dacb4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://app.staging.projectwashington.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 13 Aug 2024 00:41:02 GMT
content-encoding: br
via: 1.1 1bf129b8787cf2e96d3bce725554e4d4.cloudfront.net (CloudFront)
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-content-type-options: nosniff
age: 29
x-amz-cf-pop: FRA2-C2
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 12 Aug 2024 17:52:00 GMT
server: Cloudfront
etag: W/"12d6b55afd0a9b13610c2562f5d2f4ad"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=60
timing-allow-origin: *
x-amz-cf-id: 9itJKp08UAsqK6d8KGUmGFdx3E-4N6WDzAV_MIGa4MmW3yZCWj3U5Q==

GET
H2 200 logo.png
washington-dev-27f36.web.app/ 9 KB
9 KB 230ms
108ms Image
image/png 2620:0:890::100
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://washington-dev-27f36.web.app/logo.png

Requested by

Host: app.staging.projectwashington.com
URL: https://app.staging.projectwashington.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:0:890::100 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

596352161262dd65f6b053a10cf1e618612487538b6bfd39f0a41e8adae6a64a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Referer: https://app.staging.projectwashington.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-cache-hits: 0
strict-transport-security: max-age=31556926; includeSubDomains; preload
date: Tue, 13 Aug 2024 00:41:30 GMT
last-modified: Mon, 25 Sep 2023 18:08:05 GMT
x-timer: S1723509690.404793,VS0,VE1
etag: "fc2d84f7ae717f03cc618092f59c33517f7a8dbbac8fd469c7ec09fc040afa25"
vary: x-fh-requested-host, accept-encoding
x-cache: HIT
content-type: image/png
cache-control: max-age=3600
accept-ranges: bytes
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 9354
x-served-by: cache-fra-eddf8230104-FRA

GET
H3 200 translation.json Show response
app.staging.projectwashington.com/locales/en/ 2 B
304 B 132ms
114ms Fetch
application/json 199.36.158.100
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://app.staging.projectwashington.com/locales/en/translation.json

Requested by

Host: app.staging.projectwashington.com
URL: https://app.staging.projectwashington.com/static/js/main.dfb06f90.js

Protocol

Security

QUIC, , AES_256_GCM

Server

199.36.158.100 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926

Request headers

Referer: https://app.staging.projectwashington.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-cache-hits: 0
strict-transport-security: max-age=31556926
date: Tue, 13 Aug 2024 00:41:30 GMT
last-modified: Sat, 08 Jun 2024 20:31:02 GMT
x-timer: S1723509690.321321,VS0,VE62
etag: "694735d2026dd25f1fcedb44649393c5ae6c3644b717e84d9cc9f44750c50e2a"
vary: x-fh-requested-host, accept-encoding
x-cache: MISS
content-type: application/json
cache-control: max-age=3600
accept-ranges: bytes
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 2
x-served-by: cache-fra-etou8220065-FRA

GET
BLOB 200
OK dc15e72d-dbc7-4253-a5b5-cd9a6e27161a
https://app.staging.projectwashington.com/ 4 KB
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://app.staging.projectwashington.com/dc15e72d-dbc7-4253-a5b5-cd9a6e27161a
Requested by: Host: app.staging.projectwashington.com
URL: https://app.staging.projectwashington.com/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 14818a6aa61db8fe8d897a7378306fc6366b2d94e6b1d01777aa4c6e311ca538

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Length: 4218
Content-Type: application/javascript

GET
H2 200 en.js Show response
cdn.auth0.com/js/lock/11.35.1/ 7 KB
3 KB 145ms
33ms Script
application/javascript 2600:9000:2359:f200:10:474e:104a:2961
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.auth0.com/js/lock/11.35.1/en.js

Requested by

Host: app.staging.projectwashington.com
URL: https://app.staging.projectwashington.com/static/js/main.dfb06f90.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2359:f200:10:474e:104a:2961 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

4b8e1578e14f20ccaee0c0c80f5420d5d2c48ffd8bb3edd0573010719fad5be8

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://app.staging.projectwashington.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-amz-version-id: vF.ml57yWUDXdQRYx19B5VH0hhk7FOxS
content-encoding: gzip
via: 1.1 13c8b9a0a39ad1238a922185ad5547fc.cloudfront.net (CloudFront)
date: Mon, 12 Aug 2024 02:34:20 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains
x-amz-cf-pop: FRA60-P10
age: 79662
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: FAILED
last-modified: Thu, 02 Feb 2023 12:52:58 GMT
server: AmazonS3
etag: W/"bcbf740cd8a652fc01809dedc83e09e9"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2628000,public
x-robots-tag: noindex
x-amz-cf-id: 8Gl5JQn4lR6tWptIxTAyFxwKs106QeGxuyxxE7c4PEefV6i4xuZnKA==

GET
H2 200 OIdcUwAo3gGmvQ3thaCZHw11F9eH3x1b.js Show response
auth.app.staging.projectwashington.com/client/ 459 B
373 B 318ms
300ms Script
application/x-javascript 2606:4700::6813:a718
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://auth.app.staging.projectwashington.com/client/OIdcUwAo3gGmvQ3thaCZHw11F9eH3x1b.js?t1723509690248

Requested by

Host: app.staging.projectwashington.com
URL: https://app.staging.projectwashington.com/static/js/main.dfb06f90.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:a718 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cdaca0a5895db4aa771bc28726444604986fe229d2d4c430b277b9adb70cf23f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://app.staging.projectwashington.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 13 Aug 2024 00:41:30 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
cf-bgj: minify
x-auth0-requestid: 35c0de9130ed77c1b349
server: cloudflare
age: 0
etag: W/"1cb-Bqs5Z5PeyF3ZobgsJ8AvUYYFb7w"
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
content-encoding: br
cache-control: public, max-age=60, stale-while-revalidate=60, stale-if-error=86400
cf-ray: 8b24a8ec69a13686-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 country Show response
auth.app.staging.projectwashington.com/user/geoloc/ 21 B
672 B 204ms
204ms XHR
application/json 104.19.168.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://auth.app.staging.projectwashington.com/user/geoloc/country

Requested by

Host: app.staging.projectwashington.com
URL: https://app.staging.projectwashington.com/static/js/main.dfb06f90.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.19.168.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

67c482243f604951ac751908daddf1a2b1b3f3cf9923d9526c2e2b25e909176d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Auth0-Client: eyJuYW1lIjoibG9jay5qcyIsInZlcnNpb24iOiIxMS4zNS4xIiwiZW52Ijp7ImF1dGgwLmpzIjoiOS4yNi4xIn19
Referer: https://app.staging.projectwashington.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 13 Aug 2024 00:41:30 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-auth0-requestid: fc0d8169511f56615b21
alt-svc: h3=":443"; ma=86400
content-length: 21
server: cloudflare
etag: W/"15-8TsxufutxXeyxCTFEg6Kut8b/gM"
vary: Origin, Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0, no-transform
access-control-allow-credentials: false
cf-ray: 8b24a8eea96271dc-FRA

GET
H2 200 OIdcUwAo3gGmvQ3thaCZHw11F9eH3x1b.js Show response
auth.app.staging.projectwashington.com/client/ 459 B
487 B 290ms
272ms Script
application/x-javascript 2606:4700::6813:a718
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://auth.app.staging.projectwashington.com/client/OIdcUwAo3gGmvQ3thaCZHw11F9eH3x1b.js?t1723509690250

Requested by

Host: app.staging.projectwashington.com
URL: https://app.staging.projectwashington.com/static/js/main.dfb06f90.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:a718 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cdaca0a5895db4aa771bc28726444604986fe229d2d4c430b277b9adb70cf23f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://app.staging.projectwashington.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 13 Aug 2024 00:41:30 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: MISS
content-encoding: br
x-auth0-requestid: 35c0de9130ed77c1b349
server: cloudflare
etag: W/"1cb-Bqs5Z5PeyF3ZobgsJ8AvUYYFb7w"
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=60, stale-while-revalidate=60, stale-if-error=86400
cf-ray: 8b24a8ec69a23686-FRA
alt-svc: h3=":443"; ma=86400

OPTIONS
H3 204 country
auth.app.staging.projectwashington.com/user/geoloc/ Frame 0
0 373ms
324ms Preflight 104.19.168.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://auth.app.staging.projectwashington.com/user/geoloc/country

Protocol

Security

QUIC, , AES_128_GCM

Server

104.19.168.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: auth0-client,content-type
Access-Control-Request-Method: GET
Origin: https://app.staging.projectwashington.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: false
access-control-allow-headers: Origin, Content-Type, Accept, X-Requested-With, Authorization, Auth0-Client, X-Request-Language
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
access-control-expose-headers: X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset
access-control-max-age: 1000
alt-svc: h3=":443"; ma=86400
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0, no-transform
cf-cache-status: DYNAMIC
cf-ray: 8b24a8ed48b671dc-FRA
date: Tue, 13 Aug 2024 00:41:30 GMT
etag: W/"a-bAsFyilMr4Ra1hIU5PyoyFRunpI"
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains
vary: Origin, Accept-Encoding
x-auth0-requestid: f29871297f7446244140
x-content-type-options: nosniff

GET
H3 200 AcuminPro-Medium.f417b1f796c0cabf63dc.otf
app.staging.projectwashington.com/static/media/ 86 KB
46 KB 198ms
197ms Font
font/otf 199.36.158.100
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://app.staging.projectwashington.com/static/media/AcuminPro-Medium.f417b1f796c0cabf63dc.otf

Requested by

Host: app.staging.projectwashington.com
URL: https://app.staging.projectwashington.com/static/css/main.3566c99b.css

Protocol

Security

QUIC, , AES_256_GCM

Server

199.36.158.100 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

84ef33de61a0a8c6a588e114bc660b36f63b48e8ac9edfae2315fdfd50e78121

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926

Request headers

Referer: https://app.staging.projectwashington.com/static/css/main.3566c99b.css
Origin: https://app.staging.projectwashington.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-cache-hits: 0
strict-transport-security: max-age=31556926
content-encoding: br
date: Tue, 13 Aug 2024 00:41:30 GMT
last-modified: Sat, 08 Jun 2024 20:31:02 GMT
x-timer: S1723509691.544043,VS0,VE144
etag: "d930c148a366d0e115ccf5b34f09364daf1d33055dd683f964c195328dc86732-br"
vary: x-fh-requested-host, accept-encoding
x-cache: MISS
content-type: font/otf
cache-control: max-age=3600
accept-ranges: bytes
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 46445
x-served-by: cache-fra-etou8220065-FRA

GET
H3 200 authorize Show response
auth.app.staging.projectwashington.com/ Frame 7C57 1 KB
786 B 303ms
301ms Document
text/html 104.19.168.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://auth.app.staging.projectwashington.com/authorize?client_id=OIdcUwAo3gGmvQ3thaCZHw11F9eH3x1b&response_type=token%20id_token&redirect_uri=https%3A%2F%2Fapp.staging.projectwashington.com%3FappState%3D%2Fdashboard&scope=openid%20profile%20email&audience=%2Fapi%2Fmembership&state=6~.jiQoBR-j2gTFnNyy2.XqbY~eb8Pp~&nonce=939v3obPb8NKv4jNc97P8EaCz90tRmJT&response_mode=web_message&prompt=none&auth0Client=eyJuYW1lIjoibG9jay5qcyIsInZlcnNpb24iOiIxMS4zNS4xIiwiZW52Ijp7ImF1dGgwLmpzIjoiOS4yNi4xIiwiYXV0aDAuanMtdWxwIjoiOS4yNi4xIn19

Requested by

Host: app.staging.projectwashington.com
URL: https://app.staging.projectwashington.com/static/js/main.dfb06f90.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.19.168.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

069ec9f43c2f7598c048619d999ec52fb8809f7e07a096391c4992ca8e891b02

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://app.staging.projectwashington.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-cache, no-store
cf-cache-status: DYNAMIC
cf-ray: 8b24a8ee7881690f-FRA
content-encoding: br
content-type: text/html;charset=UTF-8
date: Tue, 13 Aug 2024 00:41:30 GMT
pragma: no-cache
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
x-auth0-requestid: 9a727b045bfd8069f5de
x-content-type-options: nosniff
x-ratelimit-limit: 100
x-ratelimit-remaining: 99
x-ratelimit-reset: 1723509691

GET
H3 200 authorize Show response
auth.app.staging.projectwashington.com/ Frame BAC5 1 KB
820 B 249ms
249ms Document
text/html 104.19.168.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://auth.app.staging.projectwashington.com/authorize?client_id=OIdcUwAo3gGmvQ3thaCZHw11F9eH3x1b&response_type=token%20id_token&redirect_uri=https%3A%2F%2Fapp.staging.projectwashington.com%3FappState%3D%2Fdashboard&scope=openid%20profile%20email&audience=%2Fapi%2Fmembership&state=SohG69lnUya48~Y2xOcMcyXLXoXv1ZI9&nonce=qZt8fQI7YTzYcBpRXl1iQyNdnPbUVBqv&response_mode=web_message&prompt=none&auth0Client=eyJuYW1lIjoibG9jay5qcyIsInZlcnNpb24iOiIxMS4zNS4xIiwiZW52Ijp7ImF1dGgwLmpzIjoiOS4yNi4xIiwiYXV0aDAuanMtdWxwIjoiOS4yNi4xIn19

Requested by

Host: app.staging.projectwashington.com
URL: https://app.staging.projectwashington.com/static/js/main.dfb06f90.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.19.168.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

874b2f2349e010aa580e7eacd98a2633abc788b3184cfdb54698dad4cd632f62

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://app.staging.projectwashington.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-cache, no-store
cf-cache-status: DYNAMIC
cf-ray: 8b24a8ee8889690f-FRA
content-encoding: br
content-type: text/html;charset=UTF-8
date: Tue, 13 Aug 2024 00:41:30 GMT
pragma: no-cache
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
x-auth0-requestid: 266a8541ba804e6c630f
x-content-type-options: nosniff
x-ratelimit-limit: 100
x-ratelimit-remaining: 98
x-ratelimit-reset: 1723509691

GET
H2 200 controller-with-preconnect-c5ddb4c39f2937bbc0e25e5710a9603b.html
js.stripe.com/v3/ Frame CB99 0
0 91ms
32ms Document
text/html 99.86.4.9
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/controller-with-preconnect-c5ddb4c39f2937bbc0e25e5710a9603b.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.9 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-9.fra6.r.cloudfront.net

Software

Cloudfront /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; connect-src 'self' https://api.stripe.com https://merchant-ui-api.stripe.com https://stripe.com/cookie-settings/enforcement-mode https://errors.stripe.com https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'sha256-0hAheEzaMe6uXIKV4EehS9pu1am1lj/KnnzrOYqckXk='; worker-src 'none'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://app.staging.projectwashington.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 45
alt-svc: h3=":443"; ma=86400
cache-control: max-age=60, stale-while-revalidate=900
content-length: 651
content-security-policy: base-uri 'none'; connect-src 'self' https://api.stripe.com https://merchant-ui-api.stripe.com https://stripe.com/cookie-settings/enforcement-mode https://errors.stripe.com https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'sha256-0hAheEzaMe6uXIKV4EehS9pu1am1lj/KnnzrOYqckXk='; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Tue, 13 Aug 2024 00:41:30 GMT
etag: "c5ddb4c39f2937bbc0e25e5710a9603b"
last-modified: Mon, 12 Aug 2024 17:10:05 GMT
origin-agent-cluster: ?1
server: Cloudfront
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
vary: Accept-Encoding
via: 1.1 d8e97d2c28917e4c41ab79bb1e94b844.cloudfront.net (CloudFront)
x-amz-cf-id: iAH_UxgHgvRSyQfHTWm0-lKSxQ2UXu7zuUxvQkIIVmsXmOmU9Sbe5w==
x-amz-cf-pop: FRA6-C1
x-cache: Hit from cloudfront
x-content-type-options: nosniff

GET
H3 200 m-outer-3437aaddcdf6922d623e172c2d6f9278.html
js.stripe.com/v3/ Frame D4A9 0
0 34ms
33ms Document
text/html 99.86.4.9
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3

Protocol

Security

QUIC, , AES_128_GCM

Server

99.86.4.9 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-9.fra6.r.cloudfront.net

Software

Cloudfront /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://app.staging.projectwashington.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 1567
alt-svc: h3=":443"; ma=86400
cache-control: max-age=31536000
content-length: 200
content-security-policy: base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only: base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Tue, 13 Aug 2024 00:15:25 GMT
etag: "3437aaddcdf6922d623e172c2d6f9278"
last-modified: Sat, 10 Aug 2024 19:01:47 GMT
origin-agent-cluster: ?1
server: Cloudfront
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
vary: Accept-Encoding
via: 1.1 f0a97a8c56cd2bb79a1739863489ed4c.cloudfront.net (CloudFront)
x-amz-cf-id: Oo5JdDG8tFd_4YYV3vw_4qO-_1Sf-7atHSjff6Xu1XZQNUNwAFBRvw==
x-amz-cf-pop: FRA6-C1
x-cache: Hit from cloudfront
x-content-type-options: nosniff

GET
H3 200 favicon.ico
app.staging.projectwashington.com/ 97 KB
4 KB 226ms
226ms Other
image/x-icon 199.36.158.100
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://app.staging.projectwashington.com/favicon.ico

Protocol

Security

QUIC, , AES_256_GCM

Server

199.36.158.100 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

e56c2a2668941dfe35d9fbcda142f0587528282a8abab48f66e7cc66a4a9c9fa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926

Request headers

Referer: https://app.staging.projectwashington.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-cache-hits: 0
strict-transport-security: max-age=31556926
content-encoding: br
date: Tue, 13 Aug 2024 00:41:31 GMT
last-modified: Sat, 08 Jun 2024 20:31:02 GMT
x-timer: S1723509691.487173,VS0,VE182
etag: "17fa9a7d4a173476105cb600136dcb4128ea940bffb953dff6cc6515a1f3690a-br"
vary: x-fh-requested-host, accept-encoding
x-cache: MISS
content-type: image/x-icon
cache-control: max-age=3600
accept-ranges: bytes
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 3452
x-served-by: cache-fra-etou8220065-FRA

Verdicts & Comments Add Verdict or Comment

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

6 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
app.staging.projectwashington.com/	1969-12-31 23:59:59	Name: i18next Value: en
auth.app.staging.projectwashington.com/	1970-01-21 07:31:07	Name: did Value: s%3Av0%3A50e7f18d-ee52-40e5-a3c4-e6be719e85d9.TvrkqBa4DdMREzsQUwwDeiSZxGBCM1Rz9SLihw2DxjM
auth.app.staging.projectwashington.com/	1970-01-21 07:31:07	Name: did_compat Value: s%3Av0%3A50e7f18d-ee52-40e5-a3c4-e6be719e85d9.TvrkqBa4DdMREzsQUwwDeiSZxGBCM1Rz9SLihw2DxjM
m.stripe.com/	1970-01-21 08:21:09	Name: m Value: 507cd2c6-4444-47d1-a1fc-1192b8ae40abf7f1b2
.app.staging.projectwashington.com/	1970-01-21 07:30:45	Name: __stripe_mid Value: ba78c214-9666-46ac-b1bc-33ad87173ce7e7a19c
.app.staging.projectwashington.com/	1970-01-20 22:45:11	Name: __stripe_sid Value: 87702573-cbbe-4eaa-bbc6-5af7509d22186f8d74

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31556926

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

app.staging.projectwashington.com
auth.app.staging.projectwashington.com
cdn.auth0.com
fonts.googleapis.com
js.stripe.com
washington-dev-27f36.web.app
www.googletagmanager.com
104.19.168.24
13.225.78.65
199.36.158.100
2600:9000:2359:f200:10:474e:104a:2961
2606:4700::6813:a718
2620:0:890::100
2a00:1450:4001:81c::2008
2a00:1450:4001:82f::200a
99.86.4.9
069ec9f43c2f7598c048619d999ec52fb8809f7e07a096391c4992ca8e891b02
14818a6aa61db8fe8d897a7378306fc6366b2d94e6b1d01777aa4c6e311ca538
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4b8e1578e14f20ccaee0c0c80f5420d5d2c48ffd8bb3edd0573010719fad5be8
596352161262dd65f6b053a10cf1e618612487538b6bfd39f0a41e8adae6a64a
67c482243f604951ac751908daddf1a2b1b3f3cf9923d9526c2e2b25e909176d
84ef33de61a0a8c6a588e114bc660b36f63b48e8ac9edfae2315fdfd50e78121
874b2f2349e010aa580e7eacd98a2633abc788b3184cfdb54698dad4cd632f62
90fdc1fcf5b24d49a6a2e0a21e8d8c191e51b1d4dda694965934e6711820349f
ba6ba9d4ef28bf980b321759c3589e94e4e0f6b6b5cf288924bc7027324c8a15
c792a5ae5b141a9e86f2906a323e776e2352c2b0622a1f563a9d9c80163e1a74
cb6378231e240ab91b1daf205c8e1c5246f23449c8555aa4fc0ed77ac9746069
cbe2ad6853b4107f183861dcb0779d1781a5a1fd865057508291e492a64dacb4
cdaca0a5895db4aa771bc28726444604986fe229d2d4c430b277b9adb70cf23f
d09fcea828ab0c4a160444118456fdb24c1735b01dc70230871607317b97ad8e
e56c2a2668941dfe35d9fbcda142f0587528282a8abab48f66e7cc66a4a9c9fa
f68dfcc3464c2923c75a0a63dac88c1b954b809be270e69c69c184cce84452c8

app.staging.projectwashington.com Open in urlscan Pro 2620:0:890::100 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

21 Requests

95 %HTTPS

56 %IPv6

6 Domains

7 Subdomains

10 IPs

3 Countries

833 kBTransfer

3481 kBSize

6 Cookies

2 Outgoing links

Page URL History

Redirected requests

21 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

15 JavaScript Global Variables

6 Cookies

Security Headers

Indicators

app.staging.projectwashington.com Open in urlscan Pro
2620:0:890::100 Public Scan

Screenshot
Live screenshot

Full Image

21
Requests

95 %
HTTPS

56 %
IPv6

6
Domains

7
Subdomains

10
IPs

3
Countries

833 kB
Transfer

3481 kB
Size

6
Cookies

21 HTTP transactions
0 data transactions