internal.demo.gocatch.io Open in urlscan Pro
35.188.130.148  Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

21 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response internal.demo.gocatch.io/	2 KB 3 KB	893ms 186ms	Document text/html	35.188.130.148 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://internal.demo.gocatch.io/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.188.130.148 Council Bluffs, United States, ASN15169 (GOOGLE, US), Reverse DNS 148.130.188.35.bc.googleusercontent.com Software istio-envoy / Resource Hash 48281b1971a658decb31f716ac419a39439725a047008b955ce74ccb9c1bca62 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers cache-control max-age=0, private, must-revalidate content-type text/html; charset=utf-8 date Thu, 29 Jun 2023 19:42:04 GMT etag W/"48281b1971a658decb31f716ac419a39" link <https://cdn.demo.gocatch.io/packs/css/application-c2608e2c.chunk.css>; rel=preload; as=style; nopush,<https://cdn.demo.gocatch.io/packs/js/runtime~application-81b7409b120ca6c6734b.js>; rel=preload; as=script; nopush,<https://cdn.demo.gocatch.io/packs/js/application-a0ce5f54371998ff5a8f.chunk.js>; rel=preload; as=script; nopush,<https://cdn.demo.gocatch.io/packs/js/runtime~Internal-5722a1e9eb8bba0c46e9.js>; rel=preload; as=script; nopush,<https://cdn.demo.gocatch.io/packs/js/vendors~Customer~Internal~Store~Terminal~VenueAdmin-39eb43741b60865a5c5f.chunk.js>; rel=preload; as=script; nopush,<https://cdn.demo.gocatch.io/packs/js/vendors~Internal~Store~VenueAdmin-36ea0d3e672b5af4cb67.chunk.js>; rel=preload; as=script; nopush,<https://cdn.demo.gocatch.io/packs/js/Internal-4c98db333196a4344b6e.chunk.js>; rel=preload; as=script; nopush,<https://cdn.demo.gocatch.io/packs/css/Internal-b174ec4e.chunk.css>; rel=preload; as=style; nopush referrer-policy strict-origin-when-cross-origin server istio-envoy strict-transport-security max-age=31536000; includeSubDomains x-content-type-options nosniff x-download-options noopen x-envoy-upstream-service-time 14 x-frame-options SAMEORIGIN x-permitted-cross-domain-policies none x-request-id aa995925-cce5-4d9b-b4fd-81486e176118 x-runtime 0.009878 x-xss-protection 1; mode=block
GET H2	200	application-c2608e2c.chunk.css cdn.demo.gocatch.io/packs/css/	830 KB 81 KB	779ms 643ms	Stylesheet text/css	2600:9000:26da:1e00:a:b95f:7240:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://cdn.demo.gocatch.io/packs/css/application-c2608e2c.chunk.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:26da:1e00:a:b95f:7240:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software istio-envoy / Resource Hash 2c8e95f50b507f051cb03bcba02e61a99cb4b7cd9464c80dfd54ea6562c6b1b7 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language de-DE,de;q=0.9 Referer https://internal.demo.gocatch.io/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Thu, 29 Jun 2023 19:42:05 GMT content-encoding br via 1.1 0c9e9d172625986c065b7bb9836e5d08.cloudfront.net (CloudFront) strict-transport-security max-age=31536000; includeSubDomains last-modified Thu, 29 Jun 2023 02:41:50 GMT server istio-envoy x-amz-cf-pop MUC50-P4 vary Accept-Encoding, Origin x-cache Miss from cloudfront content-type text/css x-envoy-upstream-service-time 4 content-length 82448 x-amz-cf-id B7G4MvzBzxmP4kIFItGatQVHbvXNp1hh5pdttTbSx4xvPwNjPmQXJw==
GET H2	200	runtime~application-81b7409b120ca6c6734b.js Show response cdn.demo.gocatch.io/packs/js/	2 KB 1 KB	662ms 528ms	Script application/javascript	2600:9000:26da:1e00:a:b95f:7240:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://cdn.demo.gocatch.io/packs/js/runtime~application-81b7409b120ca6c6734b.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:26da:1e00:a:b95f:7240:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software istio-envoy / Resource Hash 3aabaa3df7bc66fb616566a28c40125d96ed7dd10ac1558487cec74829e1feaa Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language de-DE,de;q=0.9 Referer https://internal.demo.gocatch.io/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Thu, 29 Jun 2023 19:42:05 GMT content-encoding br via 1.1 0c9e9d172625986c065b7bb9836e5d08.cloudfront.net (CloudFront) strict-transport-security max-age=31536000; includeSubDomains last-modified Thu, 29 Jun 2023 02:41:50 GMT server istio-envoy x-amz-cf-pop MUC50-P4 vary Accept-Encoding, Origin x-cache Miss from cloudfront content-type application/javascript x-envoy-upstream-service-time 7 content-length 726 x-amz-cf-id popXS7IZNBXspORIkhmhKzm-0Hsu6Ri4buxyFHWpKftNXorrI8f53Q==
GET H2	200	application-a0ce5f54371998ff5a8f.chunk.js Show response cdn.demo.gocatch.io/packs/js/	652 B 747 B	669ms 534ms	Script application/javascript	2600:9000:26da:1e00:a:b95f:7240:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://cdn.demo.gocatch.io/packs/js/application-a0ce5f54371998ff5a8f.chunk.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:26da:1e00:a:b95f:7240:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software istio-envoy / Resource Hash d64d64cdb8b2ef3c2ef64b6f7686092608b424335f22b59d331479fd809b97b5 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language de-DE,de;q=0.9 Referer https://internal.demo.gocatch.io/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Thu, 29 Jun 2023 19:42:05 GMT content-encoding br via 1.1 0c9e9d172625986c065b7bb9836e5d08.cloudfront.net (CloudFront) strict-transport-security max-age=31536000; includeSubDomains last-modified Thu, 29 Jun 2023 02:41:50 GMT server istio-envoy x-amz-cf-pop MUC50-P4 vary Accept-Encoding, Origin x-cache Miss from cloudfront content-type application/javascript x-envoy-upstream-service-time 4 content-length 350 x-amz-cf-id 1Y1fVhUtPd0DpqU-1xPyabEwWONju0y4wpkahVJyjbm7egU_inNAQg==
GET H2	200	runtime~Internal-5722a1e9eb8bba0c46e9.js Show response cdn.demo.gocatch.io/packs/js/	2 KB 1 KB	666ms 531ms	Script application/javascript	2600:9000:26da:1e00:a:b95f:7240:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://cdn.demo.gocatch.io/packs/js/runtime~Internal-5722a1e9eb8bba0c46e9.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:26da:1e00:a:b95f:7240:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software istio-envoy / Resource Hash 39712af7ccd29d0ae979208521dcec25ac0be5ce1733b7435d8388bbf7515968 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language de-DE,de;q=0.9 Referer https://internal.demo.gocatch.io/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Thu, 29 Jun 2023 19:42:05 GMT content-encoding br via 1.1 0c9e9d172625986c065b7bb9836e5d08.cloudfront.net (CloudFront) strict-transport-security max-age=31536000; includeSubDomains last-modified Thu, 29 Jun 2023 02:41:50 GMT server istio-envoy x-amz-cf-pop MUC50-P4 vary Accept-Encoding, Origin x-cache Miss from cloudfront content-type application/javascript x-envoy-upstream-service-time 5 content-length 1068 x-amz-cf-id hOmTv23URf5oRe7PfoMvdzX6ych5uTpQppWHgI3B9bTcWwzEIhXKEQ==
GET H2	200	vendors~Customer~Internal~Store~Terminal~VenueAdmin-39eb43741b60865a5c5f.chunk.js Show response cdn.demo.gocatch.io/packs/js/	443 KB 104 KB	787ms 652ms	Script application/javascript	2600:9000:26da:1e00:a:b95f:7240:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://cdn.demo.gocatch.io/packs/js/vendors~Customer~Internal~Store~Terminal~VenueAdmin-39eb43741b60865a5c5f.chunk.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:26da:1e00:a:b95f:7240:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software istio-envoy / Resource Hash 24ec4c2af454a6786a435c18654e1d8fdea442c1344a01aede65d92319212f00 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language de-DE,de;q=0.9 Referer https://internal.demo.gocatch.io/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Thu, 29 Jun 2023 19:42:05 GMT content-encoding br via 1.1 0c9e9d172625986c065b7bb9836e5d08.cloudfront.net (CloudFront) strict-transport-security max-age=31536000; includeSubDomains last-modified Thu, 29 Jun 2023 02:41:50 GMT server istio-envoy x-amz-cf-pop MUC50-P4 vary Accept-Encoding, Origin x-cache Miss from cloudfront content-type application/javascript x-envoy-upstream-service-time 11 content-length 105702 x-amz-cf-id ygKiIZZrEMVcnEv5ViO7z7Um-6cB5BqB80_eVfpk6on2YX9eqFIIcQ==
GET H2	200	vendors~Internal~Store~VenueAdmin-36ea0d3e672b5af4cb67.chunk.js Show response cdn.demo.gocatch.io/packs/js/	417 KB 57 KB	800ms 666ms	Script application/javascript	2600:9000:26da:1e00:a:b95f:7240:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://cdn.demo.gocatch.io/packs/js/vendors~Internal~Store~VenueAdmin-36ea0d3e672b5af4cb67.chunk.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:26da:1e00:a:b95f:7240:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software istio-envoy / Resource Hash f83a74b576cd977d9c336dfb06e7aed075be050e42c7d4a4d946a960613b53c1 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language de-DE,de;q=0.9 Referer https://internal.demo.gocatch.io/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Thu, 29 Jun 2023 19:42:05 GMT content-encoding br via 1.1 0c9e9d172625986c065b7bb9836e5d08.cloudfront.net (CloudFront) strict-transport-security max-age=31536000; includeSubDomains last-modified Thu, 29 Jun 2023 02:41:50 GMT server istio-envoy x-amz-cf-pop MUC50-P4 vary Accept-Encoding, Origin x-cache Miss from cloudfront content-type application/javascript x-envoy-upstream-service-time 13 content-length 58383 x-amz-cf-id eBu4e9mWcbrJhCIpKaUziyB3RzhtjKw3PiLhONvkJDcK4JE9x-h-Yw==
GET H2	200	Internal-4c98db333196a4344b6e.chunk.js Show response cdn.demo.gocatch.io/packs/js/	2 MB 254 KB	755ms 621ms	Script application/javascript	2600:9000:26da:1e00:a:b95f:7240:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://cdn.demo.gocatch.io/packs/js/Internal-4c98db333196a4344b6e.chunk.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:26da:1e00:a:b95f:7240:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software istio-envoy / Resource Hash a698fdc8d0c7e46e762cde998fc4ae4f54d0389390f2a2533eec6f92755fc968 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language de-DE,de;q=0.9 Referer https://internal.demo.gocatch.io/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Thu, 29 Jun 2023 19:42:05 GMT content-encoding br via 1.1 0c9e9d172625986c065b7bb9836e5d08.cloudfront.net (CloudFront) strict-transport-security max-age=31536000; includeSubDomains last-modified Thu, 29 Jun 2023 02:41:50 GMT server istio-envoy x-amz-cf-pop MUC50-P4 vary Accept-Encoding, Origin x-cache Miss from cloudfront content-type application/javascript x-envoy-upstream-service-time 9 content-length 259497 x-amz-cf-id MSdT-uEGmLULUU_mOVr6kwyVWrSpktEL3bCR7JHiT29BQUI2fH-XGg==
GET H2	200	Internal-b174ec4e.chunk.css cdn.demo.gocatch.io/packs/css/	33 KB 6 KB	640ms 506ms	Stylesheet text/css	2600:9000:26da:1e00:a:b95f:7240:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://cdn.demo.gocatch.io/packs/css/Internal-b174ec4e.chunk.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:26da:1e00:a:b95f:7240:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software istio-envoy / Resource Hash 180734b86f3bb5b045c7d787bdab7cea589706221a69043d24cc21ab7636e56d Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language de-DE,de;q=0.9 Referer https://internal.demo.gocatch.io/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Thu, 29 Jun 2023 19:42:05 GMT content-encoding br via 1.1 0c9e9d172625986c065b7bb9836e5d08.cloudfront.net (CloudFront) strict-transport-security max-age=31536000; includeSubDomains last-modified Thu, 29 Jun 2023 02:41:50 GMT server istio-envoy x-amz-cf-pop MUC50-P4 vary Accept-Encoding, Origin x-cache Miss from cloudfront content-type text/css x-envoy-upstream-service-time 5 content-length 5611 x-amz-cf-id bcZTYhu2kcQdG3JEMEmbgFAssSeB8X8XZOLvddNd7uGUi4d4gHxQWA==
GET H2	200	v3 Show response js.stripe.com/	502 KB 124 KB	116ms 30ms	Script text/javascript	108.138.36.74 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.stripe.com/v3 Requested by Host: cdn.demo.gocatch.io URL: https://cdn.demo.gocatch.io/packs/js/vendors~Customer~Internal~Store~Terminal~VenueAdmin-39eb43741b60865a5c5f.chunk.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 108.138.36.74 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-108-138-36-74.muc50.r.cloudfront.net Software Cloudfront / Resource Hash c7d7c9c1af6e4790a8c8ccae4409f8bf64803a0a6a42080f27af36fa0c082041 Security Headers Name Value Strict-Transport-Security max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://internal.demo.gocatch.io/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers strict-transport-security max-age=31556926; includeSubDomains; preload content-encoding br x-content-type-options nosniff date Thu, 29 Jun 2023 19:41:40 GMT via 1.1 2190b35b24e05763512aa336b18a1b52.cloudfront.net (CloudFront) x-amz-cf-pop MUC50-P2 age 30 x-cache Hit from cloudfront alt-svc h3=":443"; ma=86400 last-modified Thu, 29 Jun 2023 16:03:50 GMT server Cloudfront etag W/"db5a6b01c810237b09bad1abc38f2e10" vary Accept-Encoding content-type text/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=60 timing-allow-origin * x-amz-cf-id SWJxK0qEsk2Ue0xAAnQqzewpdEwTy3xlKi8fsPsZJZ_hmX5dObltew==
GET H2	200	stupid-logo.svg internal.demo.gocatch.io/images/	3 KB 3 KB	176ms 176ms	Image image/svg+xml	35.188.130.148 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://internal.demo.gocatch.io/images/stupid-logo.svg Requested by Host: internal.demo.gocatch.io URL: https://internal.demo.gocatch.io/login Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.188.130.148 Council Bluffs, United States, ASN15169 (GOOGLE, US), Reverse DNS 148.130.188.35.bc.googleusercontent.com Software istio-envoy / Resource Hash 75e432b013e4c3df15a1331fdbe700156a529666306957357f71bfbdc96b2113 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language de-DE,de;q=0.9 Referer https://internal.demo.gocatch.io/login User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Thu, 29 Jun 2023 19:42:06 GMT strict-transport-security max-age=31536000; includeSubDomains x-envoy-upstream-service-time 4 last-modified Thu, 29 Jun 2023 02:41:50 GMT server istio-envoy content-length 2916 content-type image/svg+xml
GET H2	200	whoami Show response internal.demo.gocatch.io/api/	2 B 533 B	189ms 189ms	XHR application/json	35.188.130.148 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://internal.demo.gocatch.io/api/whoami Requested by Host: cdn.demo.gocatch.io URL: https://cdn.demo.gocatch.io/packs/js/vendors~Customer~Internal~Store~Terminal~VenueAdmin-39eb43741b60865a5c5f.chunk.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.188.130.148 Council Bluffs, United States, ASN15169 (GOOGLE, US), Reverse DNS 148.130.188.35.bc.googleusercontent.com Software istio-envoy / Resource Hash 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Accept application/json, text/plain, */* Referer https://internal.demo.gocatch.io/login X-CSRF-Token T92EIL4ayG3CyS9P8z3BfsjDc7YSMNBIcg_dch4_Mqv5a_a9kaByEX3OEuNnOIh2RoV_yOrQNWJAz_qWZqE__g accept-language de-DE,de;q=0.9 X-CURRENT-PAGE https://internal.demo.gocatch.io/ Authorization null User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Thu, 29 Jun 2023 19:42:05 GMT strict-transport-security max-age=31536000; includeSubDomains x-content-type-options nosniff x-permitted-cross-domain-policies none x-envoy-upstream-service-time 18 x-xss-protection 1; mode=block x-request-id 81941416-a4b6-4f1a-9ed6-05d7a71d8f41 x-runtime 0.011342 referrer-policy strict-origin-when-cross-origin server istio-envoy etag W/"44136fa355b3678a1146ad16f7e8649e" x-download-options noopen x-frame-options SAMEORIGIN content-type application/json; charset=utf-8 api_version c7d209047dd2a6055ec60e19583595f6af421864 cache-control max-age=0, private, must-revalidate
GET H2	200	bg4.jpeg cdn.demo.gocatch.io/images/bgs/	287 KB 288 KB	196ms 195ms	Image image/jpeg	2600:9000:26da:1e00:a:b95f:7240:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.demo.gocatch.io/images/bgs/bg4.jpeg Requested by Host: cdn.demo.gocatch.io URL: https://cdn.demo.gocatch.io/packs/css/Internal-b174ec4e.chunk.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:26da:1e00:a:b95f:7240:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software istio-envoy / Resource Hash c6c3542e08c72404bc1cec7257cc9a9b13c27b7c494b1a529da664507c3d1750 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language de-DE,de;q=0.9 Referer https://cdn.demo.gocatch.io/packs/css/Internal-b174ec4e.chunk.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers date Thu, 29 Jun 2023 19:42:06 GMT strict-transport-security max-age=31536000; includeSubDomains via 1.1 0c9e9d172625986c065b7bb9836e5d08.cloudfront.net (CloudFront) last-modified Thu, 29 Jun 2023 02:41:50 GMT server istio-envoy x-amz-cf-pop MUC50-P4 vary Origin x-cache Miss from cloudfront content-type image/jpeg x-envoy-upstream-service-time 4 content-length 294103 x-amz-cf-id D6VEPZY3EHAPM4klM7GapW2Ej8e8Lnvw-9Tmts8_FXTy7oRmBnPIkg==
GET H2	200	m-outer-93afeeb17bc37e711759584dbfc50d47.html Show response js.stripe.com/v3/ Frame A603	200 B 1 KB	28ms 27ms	Document text/html	108.138.36.74 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.stripe.com/v3/m-outer-93afeeb17bc37e711759584dbfc50d47.html Requested by Host: js.stripe.com URL: https://js.stripe.com/v3 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 108.138.36.74 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-108-138-36-74.muc50.r.cloudfront.net Software Cloudfront / Resource Hash f22005da41e15b7adb453814b37a794f7c6b955f086a6c5fc9980e3c3f6c8bca Security Headers Name Value Content-Security-Policy base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report Strict-Transport-Security max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://internal.demo.gocatch.io/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers accept-ranges bytes access-control-allow-origin * age 3383 alt-svc h3=":443"; ma=86400 cache-control max-age=31536000 content-length 200 content-security-policy base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report content-security-policy-report-only base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report content-type text/html; charset=utf-8 date Thu, 29 Jun 2023 18:45:44 GMT etag "93afeeb17bc37e711759584dbfc50d47" last-modified Tue, 27 Jun 2023 22:04:34 GMT server Cloudfront strict-transport-security max-age=31556926; includeSubDomains; preload timing-allow-origin * vary Accept-Encoding via 1.1 2190b35b24e05763512aa336b18a1b52.cloudfront.net (CloudFront) x-amz-cf-id iUsopxLLYVzr7-lymxmIHQyqwczRsMFqi2RyIi7qeCFPbvjYudTWWg== x-amz-cf-pop MUC50-P2 x-cache Hit from cloudfront x-content-type-options nosniff
GET H3	200	m-outer-8cb24ab2d649fd36a488d04d8c457933.js Show response js.stripe.com/v3/fingerprinted/js/ Frame A603	631 B 1001 B	28ms 28ms	Script text/javascript	108.138.36.74 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.stripe.com/v3/fingerprinted/js/m-outer-8cb24ab2d649fd36a488d04d8c457933.js Requested by Host: js.stripe.com URL: https://js.stripe.com/v3/m-outer-93afeeb17bc37e711759584dbfc50d47.html Protocol H3 Security QUIC, , AES_128_GCM Server 108.138.36.74 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-108-138-36-74.muc50.r.cloudfront.net Software Cloudfront / Resource Hash 250a0782da875705bd206ee23c2a46abf90656645a81e084126c5e8c53eeb9d6 Security Headers Name Value Strict-Transport-Security max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://js.stripe.com/v3/m-outer-93afeeb17bc37e711759584dbfc50d47.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers strict-transport-security max-age=31556926; includeSubDomains; preload date Thu, 29 Jun 2023 19:27:38 GMT x-content-type-options nosniff via 1.1 ba1081cbdcd39cc4928b65493cb81558.cloudfront.net (CloudFront) age 871 x-amz-cf-pop MUC50-P2 x-cache Hit from cloudfront alt-svc h3=":443"; ma=86400 content-length 631 last-modified Thu, 22 Jun 2023 20:03:58 GMT server Cloudfront etag "f8f6a4584135f737b26927596ce6e0a7" vary Accept-Encoding content-type text/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=31536000 accept-ranges bytes timing-allow-origin * x-amz-cf-id kiEbIRli3TYH0wKQEdfaVg6xRtEG4U_ROU0jPN1CddXEfZTuUtKh4w==
POST H2	200	csp-report q.stripe.com/ Frame A603	0 717 B	624ms 199ms	Other text/plain	54.187.159.182 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://q.stripe.com/csp-report Requested by Host: internal.demo.gocatch.io URL: https://internal.demo.gocatch.io/ Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ip-54-187-159-182.stripe.com Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://js.stripe.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Content-Type application/csp-report Response headers date Thu, 29 Jun 2023 19:42:07 GMT strict-transport-security max-age=63072000; includeSubDomains; preload x-content-type-options nosniff x-stripe-server-envoy-start-time-us 1688067727107650 x-envoy-upstream-service-time 1 content-length 0 x-stripe-bg-intended-route-color green pragma no-cache referrer-policy strict-origin-when-cross-origin server nginx cross-origin-opener-policy same-origin access-control-max-age 3600 access-control-allow-methods GET, POST, OPTIONS x-stripe-server-envoy-upstream-service-time-ms 0 access-control-allow-origin https://js.stripe.com x-stripe-client-envoy-start-time-us 1688067727107203 cache-control max-age=0, no-cache, no-store, must-revalidate access-control-expose-headers Server, Range, Content-Type x-robots-tag none access-control-allow-headers Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token expires 0
POST H2	200	csp-report q.stripe.com/ Frame A603	0 717 B	623ms 199ms	Other text/plain	54.187.159.182 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://q.stripe.com/csp-report Requested by Host: internal.demo.gocatch.io URL: https://internal.demo.gocatch.io/ Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ip-54-187-159-182.stripe.com Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://js.stripe.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Content-Type application/csp-report Response headers date Thu, 29 Jun 2023 19:42:07 GMT strict-transport-security max-age=63072000; includeSubDomains; preload x-content-type-options nosniff x-stripe-server-envoy-start-time-us 1688067727107489 x-envoy-upstream-service-time 1 content-length 0 x-stripe-bg-intended-route-color green pragma no-cache referrer-policy strict-origin-when-cross-origin server nginx cross-origin-opener-policy same-origin access-control-max-age 3600 access-control-allow-methods GET, POST, OPTIONS x-stripe-server-envoy-upstream-service-time-ms 0 access-control-allow-origin https://js.stripe.com x-stripe-client-envoy-start-time-us 1688067727107247 cache-control max-age=0, no-cache, no-store, must-revalidate access-control-expose-headers Server, Range, Content-Type x-robots-tag none access-control-allow-headers Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token expires 0
GET H2	200	inner.html Show response m.stripe.network/ Frame 288F	930 B 2 KB	108ms 27ms	Document text/html	2600:9000:26da:8a00:19:7d10:bd80:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://m.stripe.network/inner.html Requested by Host: js.stripe.com URL: https://js.stripe.com/v3/fingerprinted/js/m-outer-8cb24ab2d649fd36a488d04d8c457933.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:26da:8a00:19:7d10:bd80:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software Cloudfront / Resource Hash a5f27af9c0c6f37979ebafcac22eb3a613841a3d4e728f4577baf94e64d42f35 Security Headers Name Value Content-Security-Policy base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-e/Jqu4k9Gk1ZCWO6StAsfhF3i7qgIwfuitaD1g9DyvE='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report Strict-Transport-Security max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://js.stripe.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers accept-ranges bytes age 112 cache-control max-age=300, public content-length 930 content-security-policy base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-e/Jqu4k9Gk1ZCWO6StAsfhF3i7qgIwfuitaD1g9DyvE='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report content-type text/html; charset=utf-8 date Thu, 29 Jun 2023 19:40:16 GMT etag "fc2e029628f163bb59adc6fa5a31161c" last-modified Thu, 17 Mar 2022 19:03:12 GMT server Cloudfront strict-transport-security max-age=31556926; includeSubDomains; preload vary Accept-Encoding via 1.1 c318f6c5edde4e7ab2b9ba2243b14b28.cloudfront.net (CloudFront) x-amz-cf-id MnlP0P_ZenHloPXIM_tk-U--Pnc5C7ypY0g62NVLnbswJ3c-ZuxH-g== x-amz-cf-pop MUC50-P4 x-cache Hit from cloudfront x-content-type-options nosniff
POST H2	200	csp-report q.stripe.com/ Frame 288F	0 492 B	508ms 198ms	Other text/plain	54.187.159.182 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://q.stripe.com/csp-report Requested by Host: internal.demo.gocatch.io URL: https://internal.demo.gocatch.io/ Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ip-54-187-159-182.stripe.com Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload, max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://m.stripe.network/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Content-Type application/csp-report Response headers date Thu, 29 Jun 2023 19:42:07 GMT strict-transport-security max-age=63072000; includeSubDomains; preload, max-age=31556926; includeSubDomains; preload x-content-type-options nosniff x-stripe-server-envoy-start-time-us 1688067727107630 x-envoy-upstream-service-time 0 content-length 0 x-stripe-bg-intended-route-color green pragma no-cache referrer-policy strict-origin-when-cross-origin server nginx cross-origin-opener-policy same-origin x-stripe-server-envoy-upstream-service-time-ms 0 x-stripe-client-envoy-start-time-us 1688067727107422 cache-control max-age=0, no-cache, no-store, must-revalidate x-robots-tag none expires 0
GET H2	200	out-4.5.42.js Show response m.stripe.network/ Frame 288F	86 KB 14 KB	31ms 30ms	Script text/javascript	2600:9000:26da:8a00:19:7d10:bd80:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://m.stripe.network/out-4.5.42.js Requested by Host: m.stripe.network URL: https://m.stripe.network/inner.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:26da:8a00:19:7d10:bd80:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software Cloudfront / Resource Hash f445ee14f2454d974293d28677213ae002e9ac17721fc04b2fdeb037e083b083 Security Headers Name Value Strict-Transport-Security max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://m.stripe.network/inner.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers strict-transport-security max-age=31556926; includeSubDomains; preload content-encoding br x-content-type-options nosniff date Thu, 29 Jun 2023 19:40:29 GMT last-modified Thu, 17 Mar 2022 19:03:12 GMT server Cloudfront via 1.1 c318f6c5edde4e7ab2b9ba2243b14b28.cloudfront.net (CloudFront) x-amz-cf-pop MUC50-P4 etag W/"21df7244385e5c0bdf32da01d0dad6c0" age 108 vary Accept-Encoding x-cache Hit from cloudfront content-type text/javascript; charset=utf-8 cache-control max-age=300, public x-amz-cf-id EyG45ahKFK_JWFXD6zL14ux_dI4q09k1O-xlIBBKuG-OYJ8Ob7pE7A==
POST H2	200	6 Show response m.stripe.com/ Frame 288F	156 B 670 B	618ms 202ms	XHR application/json	44.241.244.122 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://m.stripe.com/6 Requested by Host: m.stripe.network URL: https://m.stripe.network/out-4.5.42.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 44.241.244.122 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-44-241-244-122.us-west-2.compute.amazonaws.com Software nginx / Resource Hash 5e04049b6b4dfeb2747a9d7827fb3ee297c6d5df65d3911eb5e32841ed2f9545 Security Headers Name Value Strict-Transport-Security max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://m.stripe.network/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers x-stripe-bg-intended-route-color green date Thu, 29 Jun 2023 19:42:07 GMT strict-transport-security max-age=31556926; includeSubDomains; preload x-content-type-options nosniff x-stripe-server-envoy-start-time-us 1688067727286569 server nginx content-type application/json;charset=utf-8 x-stripe-server-envoy-upstream-service-time-ms 2 access-control-allow-origin https://m.stripe.network x-stripe-client-envoy-start-time-us 1688067727285766 access-control-allow-credentials true access-control-allow-headers Content-Type content-length 156

20 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 boolean| credentialless object| onbeforetoggle object| onscrollend object| appConfig object| featureFlags string| nodeEnv object| webpackJsonp function| getUserId function| _ object| TreemapSquared function| SVG function| addResizeListener function| removeResizeListener object| Apex function| ApexCharts object| __framePainter object| webpackChunkStripeJSouter function| noop function| Stripe

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			internal.demo.gocatch.io/	1969-12-31 23:59:59	Name: _catch_session Value: myOgT9TRlJCzIAhjahw50VzxVmt5itNDrDbxH6LrBxfVKApBMRgREy386%2BFWUwR5sAawBYZ9VMN5lsphEZKZQwZ%2B39Bj0n9coGGTc046pPdsGPvIDu0l8wC%2B4sXKGT7vNa8Nprd0QSgFEH6L4n6TeypQI2yMlNDswRa2SnTTd9q2rFN%2BhxZFunkTCIBM%2FIvq4qWFd8rls6Fkl1ttq50UK7nCQXsCZyqIK%2BiZRGqJoCbP3yCIsVltBc33fvOYUJ4avtNOyKUvhq5ypLcN5MsYcDlQU46waw%3D%3D--Nli7wOm%2F%2Flt%2BUekJ--Kh62PQQCcjSHZLVl8%2BvaSA%3D%3D
			m.stripe.com/	1970-01-20 22:30:27	Name: m Value: 6dec0a75-696f-451a-abea-6eadb9eb8b41d98559
			.internal.demo.gocatch.io/	1970-01-20 21:40:03	Name: __stripe_mid Value: a6f0f669-b256-46fe-8bf1-1e87cd49941d758e2b
			.internal.demo.gocatch.io/	1970-01-20 12:54:29	Name: __stripe_sid Value: 9cae87c5-1c6a-479b-b43c-c882743e59e9edf8a3

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self'".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.demo.gocatch.io
internal.demo.gocatch.io
js.stripe.com
m.stripe.com
m.stripe.network
q.stripe.com
108.138.36.74
2600:9000:26da:1e00:a:b95f:7240:93a1
2600:9000:26da:8a00:19:7d10:bd80:93a1
35.188.130.148
44.241.244.122
54.187.159.182
180734b86f3bb5b045c7d787bdab7cea589706221a69043d24cc21ab7636e56d
24ec4c2af454a6786a435c18654e1d8fdea442c1344a01aede65d92319212f00
250a0782da875705bd206ee23c2a46abf90656645a81e084126c5e8c53eeb9d6
2c8e95f50b507f051cb03bcba02e61a99cb4b7cd9464c80dfd54ea6562c6b1b7
39712af7ccd29d0ae979208521dcec25ac0be5ce1733b7435d8388bbf7515968
3aabaa3df7bc66fb616566a28c40125d96ed7dd10ac1558487cec74829e1feaa
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
48281b1971a658decb31f716ac419a39439725a047008b955ce74ccb9c1bca62
5e04049b6b4dfeb2747a9d7827fb3ee297c6d5df65d3911eb5e32841ed2f9545
75e432b013e4c3df15a1331fdbe700156a529666306957357f71bfbdc96b2113
a5f27af9c0c6f37979ebafcac22eb3a613841a3d4e728f4577baf94e64d42f35
a698fdc8d0c7e46e762cde998fc4ae4f54d0389390f2a2533eec6f92755fc968
c6c3542e08c72404bc1cec7257cc9a9b13c27b7c494b1a529da664507c3d1750
c7d7c9c1af6e4790a8c8ccae4409f8bf64803a0a6a42080f27af36fa0c082041
d64d64cdb8b2ef3c2ef64b6f7686092608b424335f22b59d331479fd809b97b5
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f22005da41e15b7adb453814b37a794f7c6b955f086a6c5fc9980e3c3f6c8bca
f445ee14f2454d974293d28677213ae002e9ac17721fc04b2fdeb037e083b083
f83a74b576cd977d9c336dfb06e7aed075be050e42c7d4a4d946a960613b53c1