urlscan.io logo urlscan.io
SecurityTrails logo

crm-client-stage.cingo.dev Open in urlscan Pro
34.66.87.226  Public Scan

Go To Rescan Add Verdict Report
URL: https://crm-client-stage.cingo.dev/
Submission: On January 08 via automatic, source certstream-suspicious — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 1 countries across 3 domains to perform 15 HTTP transactions. The main IP is 34.66.87.226, located in Council Bluffs, United States and belongs to GOOGLE-CLOUD-PLATFORM, US. The main domain is crm-client-stage.cingo.dev.
TLS certificate: Issued by R3 on January 7th 2023. Valid for: 3 months.
This is the only time crm-client-stage.cingo.dev was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
6 34.66.87.226 396982 (GOOGLE-CL...)
3 151.101.64.176 54113 (FASTLY)
3 54.187.119.242 16509 (AMAZON-02)
2 2600:9000:223... 16509 (AMAZON-02)
1 35.166.137.69 16509 (AMAZON-02)
15 5
6    34.66.87.226 (Council Bluffs, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 226.87.66.34.bc.googleusercontent.com
crm-client-stage.cingo.dev
3    151.101.64.176 (United States)

ASN54113 (FASTLY, US)
js.stripe.com
3    54.187.119.242 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ip-54-187-119-242.stripe.com
q.stripe.com
2    2600:9000:223e:600:19:7d10:bd80:93a1 (United States)

ASN16509 (AMAZON-02, US)
m.stripe.network
1    35.166.137.69 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-166-137-69.us-west-2.compute.amazonaws.com
m.stripe.com
Apex Domain
Subdomains		 Transfer
7 stripe.com
js.stripe.com — Cisco Umbrella Rank: 2684
q.stripe.com — Cisco Umbrella Rank: 24056
m.stripe.com — Cisco Umbrella Rank: 2418
103 KB
6 cingo.dev
crm-client-stage.cingo.dev
15 MB
2 stripe.network
m.stripe.network — Cisco Umbrella Rank: 3020
16 KB
15 3
Domain Requested by
6 crm-client-stage.cingo.dev crm-client-stage.cingo.dev
3 q.stripe.com crm-client-stage.cingo.dev
3 js.stripe.com crm-client-stage.cingo.dev
js.stripe.com
2 m.stripe.network js.stripe.com
m.stripe.network
1 m.stripe.com m.stripe.network
15 5

This site contains no links.

Subject Issuer Validity Valid
crm-web-stage.cingo.dev
R3		 2023-01-07 -
2023-04-07		 3 months crt.sh
a.stripecdn.com
DigiCert SHA2 Extended Validation Server CA		 2022-12-15 -
2024-01-11		 a year crt.sh
*.stripe.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-11-12 -
2023-03-09		 4 months crt.sh
m.stripe.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-09-15 -
2023-01-26		 4 months crt.sh

This page contains 3 frames:

Primary Page: https://crm-client-stage.cingo.dev/
Frame ID: C12BA9005006A7D7B87A659F5D75AE7C
Requests: 7 HTTP requests in this frame

Frame: https://js.stripe.com/v3/m-outer-93afeeb17bc37e711759584dbfc50d47.html
Frame ID: 8BE628C989525C36F7AB5E4BD5762E99
Requests: 4 HTTP requests in this frame

Frame: https://m.stripe.network/inner.html
Frame ID: E28A922340E4A93AF1679B52C80D4666
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Base

Detected technologies

Overall confidence: 100%
Detected patterns
  • <[^>]*class="ant-(?:btn|col|row|layout|breadcrumb|menu|pagination|steps|select|cascader|checkbox|calendar|form|input-number|input|mention|rate|radio|slider|switch|tree-select|time-picker|transfer|upload|avatar|badge|card|carousel|collapse|list|popover|tooltip|table|tabs|tag|timeline|tree|alert|modal|message|notification|progress|popconfirm|spin|anchor|back-top|divider|drawer)
Overall confidence: 100%
Detected patterns
  • js\.stripe\.com

Page Statistics

15
Requests

100 %
HTTPS

20 %
IPv6

3
Domains

5
Subdomains

5
IPs

1
Countries

15430 kB
Transfer

15778 kB
Size

4
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
crm-client-stage.cingo.dev/ 		591 B
829 B 		Document
General
Check archive.org
Download Go to
Full URL
https://crm-client-stage.cingo.dev/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.66.87.226 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
226.87.66.34.bc.googleusercontent.com
Software
/ Express
Resource Hash
dd930b38097cc4d3441b7688082861d007ed9bf4940437706cb96355cebb4565
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
public, max-age=0
content-length
591
content-type
text/html; charset=UTF-8
date
Sun, 08 Jan 2023 00:09:19 GMT
etag
W/"24f-18564e10a60"
last-modified
Fri, 30 Dec 2022 21:12:28 GMT
strict-transport-security
max-age=15724800; includeSubDomains
x-powered-by
Express
src.2b629868.css
crm-client-stage.cingo.dev/ 		1 MB
1 MB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://crm-client-stage.cingo.dev/src.2b629868.css
Requested by
Host: crm-client-stage.cingo.dev
URL: https://crm-client-stage.cingo.dev/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.66.87.226 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
226.87.66.34.bc.googleusercontent.com
Software
/ Express
Resource Hash
b118ee44bb20dbf1029c4cdf9b61c3de0e21619b67cd1246287d34829372e9d7
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://crm-client-stage.cingo.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Sun, 08 Jan 2023 00:09:19 GMT
strict-transport-security
max-age=15724800; includeSubDomains
last-modified
Fri, 30 Dec 2022 21:12:29 GMT
x-powered-by
Express
etag
W/"166c2d-18564e10e48"
content-type
text/css; charset=UTF-8
cache-control
public, max-age=0
accept-ranges
bytes
content-length
1469485
src.36d9b50b.js
crm-client-stage.cingo.dev/ 		13 MB
14 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://crm-client-stage.cingo.dev/src.36d9b50b.js
Requested by
Host: crm-client-stage.cingo.dev
URL: https://crm-client-stage.cingo.dev/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.66.87.226 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
226.87.66.34.bc.googleusercontent.com
Software
/ Express
Resource Hash
7efde5aff7823aae1cb28f055b4e5b4accbf4e365088ddd08b456fd994079125
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://crm-client-stage.cingo.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Sun, 08 Jan 2023 00:09:19 GMT
strict-transport-security
max-age=15724800; includeSubDomains
last-modified
Fri, 30 Dec 2022 21:12:32 GMT
x-powered-by
Express
etag
W/"d7a86f-18564e11a00"
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=0
accept-ranges
bytes
content-length
14133359
v3
js.stripe.com/ 		414 KB
99 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3
Requested by
Host: crm-client-stage.cingo.dev
URL: https://crm-client-stage.cingo.dev/src.36d9b50b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.64.176 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
9104ad43e2a9b75023e3e08ca58033c8850a9392007d109ac43847cd9b3f8616
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://crm-client-stage.cingo.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
date
Sun, 08 Jan 2023 00:09:22 GMT
via
1.1 varnish
age
54
x-cache
HIT
content-length
101446
x-request-id
ac623396-b32a-4f2b-9ff5-72fa438fcfb8
x-served-by
cache-hhn-etou8220093-HHN
last-modified
Fri, 06 Jan 2023 21:28:22 GMT
server
Fastly
etag
"51e4bb7721625693a6f67474c52ae7c3"
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=60
accept-ranges
bytes
timing-allow-origin
*
x-cache-hits
9
graphql
crm-client-stage.cingo.dev/api/ 		36 B
372 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://crm-client-stage.cingo.dev/api/graphql
Requested by
Host: crm-client-stage.cingo.dev
URL: https://crm-client-stage.cingo.dev/src.36d9b50b.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.66.87.226 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
226.87.66.34.bc.googleusercontent.com
Software
/ Express
Resource Hash
29d652fce2bfe51f0817459ad480bc3de665d442a533a10b72691caeef48a866
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept
*/*
Referer
https://crm-client-stage.cingo.dev/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
content-type
application/json

Response headers

access-control-allow-origin
*
date
Sun, 08 Jan 2023 00:09:22 GMT
strict-transport-security
max-age=15724800; includeSubDomains
x-powered-by
Express
content-length
36
etag
W/"24-sQZQRN22dBuiq+k9SHUnlmg8UAM"
content-type
application/json; charset=utf-8
cingo-logo.769242d7.svg
crm-client-stage.cingo.dev/ 		36 KB
36 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://crm-client-stage.cingo.dev/cingo-logo.769242d7.svg
Requested by
Host: crm-client-stage.cingo.dev
URL: https://crm-client-stage.cingo.dev/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.66.87.226 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
226.87.66.34.bc.googleusercontent.com
Software
/ Express
Resource Hash
5a08f307fa71c82275f959b8fc0e6fb24668e19795d1de99840a6a5cc7d9154b
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://crm-client-stage.cingo.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Sun, 08 Jan 2023 00:09:22 GMT
strict-transport-security
max-age=15724800; includeSubDomains
last-modified
Fri, 30 Dec 2022 21:12:28 GMT
x-powered-by
Express
etag
W/"9006-18564e10a60"
content-type
image/svg+xml
cache-control
public, max-age=0
accept-ranges
bytes
content-length
36870
login-background-logo.88135595.svg
crm-client-stage.cingo.dev/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://crm-client-stage.cingo.dev/login-background-logo.88135595.svg
Requested by
Host: crm-client-stage.cingo.dev
URL: https://crm-client-stage.cingo.dev/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.66.87.226 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
226.87.66.34.bc.googleusercontent.com
Software
/ Express
Resource Hash
e2fdcca0726fe1f9dd336f92adf79bee6d13366c4b9b71785030c3c91de9ffea
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://crm-client-stage.cingo.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Sun, 08 Jan 2023 00:09:22 GMT
strict-transport-security
max-age=15724800; includeSubDomains
last-modified
Fri, 30 Dec 2022 21:12:28 GMT
x-powered-by
Express
etag
W/"981-18564e10a60"
content-type
image/svg+xml
cache-control
public, max-age=0
accept-ranges
bytes
content-length
2433
m-outer-93afeeb17bc37e711759584dbfc50d47.html
js.stripe.com/v3/ Frame 8BE6 		200 B
786 B 		Document
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/m-outer-93afeeb17bc37e711759584dbfc50d47.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.64.176 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
f22005da41e15b7adb453814b37a794f7c6b955f086a6c5fc9980e3c3f6c8bca
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://crm-client-stage.cingo.dev/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
2671458
cache-control
max-age=31536000
content-encoding
br
content-length
122
content-security-policy
base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only
base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
content-type
text/html; charset=utf-8
date
Sun, 08 Jan 2023 00:09:22 GMT
etag
"93afeeb17bc37e711759584dbfc50d47"
last-modified
Wed, 07 Dec 2022 23:30:12 GMT
server
Fastly
strict-transport-security
max-age=31556926; includeSubDomains; preload
timing-allow-origin
*
vary
Accept-Encoding
via
1.1 varnish
x-cache
HIT
x-cache-hits
160498
x-content-type-options
nosniff
x-request-id
8b89a6bb-ee3b-4b10-aaf4-07a64f36752d
x-served-by
cache-hhn-etou8220093-HHN
csp-report
q.stripe.com/ Frame 8BE6 		0
600 B 		Other
General
Check archive.org
Download Go to
Full URL
https://q.stripe.com/csp-report
Requested by
Host: crm-client-stage.cingo.dev
URL: https://crm-client-stage.cingo.dev/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-187-119-242.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://js.stripe.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Sun, 08 Jan 2023 00:09:23 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
x-envoy-upstream-service-time
1
content-length
0
x-stripe-bg-intended-route-color
green
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
nginx
cross-origin-opener-policy
same-origin
access-control-max-age
3600
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://js.stripe.com
access-control-expose-headers
Server, Range, Content-Type
cache-control
max-age=0, no-cache, no-store, must-revalidate
x-robots-tag
none
access-control-allow-headers
Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires
0
csp-report
q.stripe.com/ Frame 8BE6 		0
601 B 		Other
General
Check archive.org
Download Go to
Full URL
https://q.stripe.com/csp-report
Requested by
Host: crm-client-stage.cingo.dev
URL: https://crm-client-stage.cingo.dev/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-187-119-242.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://js.stripe.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Sun, 08 Jan 2023 00:09:23 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
x-envoy-upstream-service-time
1
content-length
0
x-stripe-bg-intended-route-color
green
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
nginx
cross-origin-opener-policy
same-origin
access-control-max-age
3600
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://js.stripe.com
access-control-expose-headers
Server, Range, Content-Type
cache-control
max-age=0, no-cache, no-store, must-revalidate
x-robots-tag
none
access-control-allow-headers
Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires
0
m-outer-8cb24ab2d649fd36a488d04d8c457933.js
js.stripe.com/v3/fingerprinted/js/ Frame 8BE6 		631 B
460 B 		Script
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/fingerprinted/js/m-outer-8cb24ab2d649fd36a488d04d8c457933.js
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/m-outer-93afeeb17bc37e711759584dbfc50d47.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.64.176 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
250a0782da875705bd206ee23c2a46abf90656645a81e084126c5e8c53eeb9d6
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.stripe.com/v3/m-outer-93afeeb17bc37e711759584dbfc50d47.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
date
Sun, 08 Jan 2023 00:09:22 GMT
via
1.1 varnish
age
2671458
x-cache
HIT
content-length
332
x-request-id
fd0a574a-736f-4622-b19c-d08cff5bf59d
x-served-by
cache-hhn-etou8220093-HHN
last-modified
Wed, 07 Dec 2022 23:30:11 GMT
server
Fastly
etag
"f8f6a4584135f737b26927596ce6e0a7"
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
x-cache-hits
142224
inner.html
m.stripe.network/ Frame E28A 		930 B
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://m.stripe.network/inner.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/m-outer-8cb24ab2d649fd36a488d04d8c457933.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223e:600:19:7d10:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Cloudfront /
Resource Hash
a5f27af9c0c6f37979ebafcac22eb3a613841a3d4e728f4577baf94e64d42f35
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-e/Jqu4k9Gk1ZCWO6StAsfhF3i7qgIwfuitaD1g9DyvE='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://js.stripe.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
190
cache-control
max-age=300, public
content-length
930
content-security-policy
base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-e/Jqu4k9Gk1ZCWO6StAsfhF3i7qgIwfuitaD1g9DyvE='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report
content-type
text/html; charset=utf-8
date
Sun, 08 Jan 2023 00:06:12 GMT
etag
"fc2e029628f163bb59adc6fa5a31161c"
last-modified
Thu, 17 Mar 2022 19:03:12 GMT
server
Cloudfront
strict-transport-security
max-age=31556926; includeSubDomains; preload
vary
Accept-Encoding
via
1.1 5519a8cb450b567e8b7111ae986a9b4c.cloudfront.net (CloudFront)
x-amz-cf-id
qLrmppo_vSvSulZoa5zMd5lYOkU6wEK_0GYGaYpQKWQIxzX2CEvxag==
x-amz-cf-pop
FRA56-P4
x-cache
Hit from cloudfront
x-content-type-options
nosniff
csp-report
q.stripe.com/ Frame E28A 		0
374 B 		Other
General
Check archive.org
Download Go to
Full URL
https://q.stripe.com/csp-report
Requested by
Host: crm-client-stage.cingo.dev
URL: https://crm-client-stage.cingo.dev/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-187-119-242.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload, max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://m.stripe.network/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type
application/csp-report

Response headers

x-stripe-bg-intended-route-color
green
pragma
no-cache
date
Sun, 08 Jan 2023 00:09:23 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload, max-age=31556926; includeSubDomains; preload
referrer-policy
strict-origin-when-cross-origin
x-content-type-options
nosniff
server
nginx
cross-origin-opener-policy
same-origin
cache-control
max-age=0, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
7
x-robots-tag
none
content-length
0
expires
0
out-4.5.42.js
m.stripe.network/ Frame E28A 		86 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://m.stripe.network/out-4.5.42.js
Requested by
Host: m.stripe.network
URL: https://m.stripe.network/inner.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223e:600:19:7d10:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Cloudfront /
Resource Hash
f445ee14f2454d974293d28677213ae002e9ac17721fc04b2fdeb037e083b083
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://m.stripe.network/inner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
date
Sun, 08 Jan 2023 00:09:10 GMT
last-modified
Thu, 17 Mar 2022 19:03:12 GMT
server
Cloudfront
via
1.1 5519a8cb450b567e8b7111ae986a9b4c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P4
etag
W/"21df7244385e5c0bdf32da01d0dad6c0"
age
16
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript; charset=utf-8
cache-control
max-age=300, public
x-amz-cf-id
72TliKD-89Zveju9xzcDWDF9JLycx0m375zula7TXbxSuf78hoi_QQ==
6
m.stripe.com/ Frame E28A 		156 B
553 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://m.stripe.com/6
Requested by
Host: m.stripe.network
URL: https://m.stripe.network/out-4.5.42.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.166.137.69 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-166-137-69.us-west-2.compute.amazonaws.com
Software
nginx /
Resource Hash
8c6e21fd5a32e3215a9a5dea3343da6adb4e7dac0855a0cd6ffb7c9be334aa20
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://m.stripe.network/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-stripe-bg-intended-route-color
green
date
Sun, 08 Jan 2023 00:09:23 GMT
strict-transport-security
max-age=31556926; includeSubDomains; preload
x-content-type-options
nosniff
server
nginx
content-type
application/json;charset=utf-8
access-control-allow-origin
https://m.stripe.network
access-control-allow-credentials
true
access-control-allow-headers
Content-Type
content-length
156

Verdicts & Comments Add Verdict or Comment

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| oncontentvisibilityautostatechange string| __react_router_build__ object| regeneratorRuntime object| __core-js_shared__ object| G2 function| _ function| Color function| Chart function| FlateStream object| __APOLLO_CLIENT__ function| parcelRequire object| webpackChunkStripeJSouter function| Stripe

4 Cookies

Domain/Path Name / Value
crm-client-stage.cingo.dev/ Name: connect.sid
Value: s%3Ayc2ynUrkWpGUocYkMEIYBjfdNnUctOcZ.v6XDpM1pcVtGCcLW9zlJ1hW6lKkvWMDICST9jgchi5s
m.stripe.com/ Name: m
Value: c229b8f5-0b5a-4cad-9e1a-ff8d5a6c3ec37f7368
.crm-client-stage.cingo.dev/ Name: __stripe_mid
Value: 990613ba-0b80-4450-ad09-f3d787387d7518e859
.crm-client-stage.cingo.dev/ Name: __stripe_sid
Value: 1270f103-cbce-48b9-a1ca-bebb82be7956f15b70

1 Console Messages

Source Level URL
Text
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self'".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=15724800; includeSubDomains