urlscan.io logo urlscan.io
SecurityTrails logo

app.navan.com Open in urlscan Pro
2606:4700:4400::ac40:94ce  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://collector.tripactions.com/r/tp2?p=web&e=se&se_ca=079cea8f-b2c8-407b-a991-4bb947250bbc&se_ac=link&uid=newUser%3ADouglas+Rod...
Effective URL: https://app.navan.com/app/user2
Submission: On December 11 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 7 IPs in 1 countries across 7 domains to perform 25 HTTP transactions. The main IP is 2606:4700:4400::ac40:94ce, located in United States and belongs to CLOUDFLARENET, US. The main domain is app.navan.com. The Cisco Umbrella rank of the primary domain is 79009.
TLS certificate: Issued by GTS CA 1P5 on October 21st 2023. Valid for: 3 months.
This is the only time app.navan.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
3 3 2606:4700::68... 13335 (CLOUDFLAR...)
6 2606:4700:440... 13335 (CLOUDFLAR...)
5 151.101.0.176 54113 (FASTLY)
4 151.101.194.137 54113 (FASTLY)
3 2a04:4e42:600... 54113 (FASTLY)
3 54.187.119.242 16509 (AMAZON-02)
1 52.10.76.194 16509 (AMAZON-02)
3 162.247.241.14 23467 (NEWRELIC-...)
25 7
3    2606:4700::6812:9078 (United States)

ASN13335 (CLOUDFLARENET, US)
collector.tripactions.com
app.tripactions.com
6    2606:4700:4400::ac40:94ce (United States)

ASN13335 (CLOUDFLARENET, US)
app.navan.com
5    151.101.0.176 (United States)

ASN54113 (FASTLY, US)
js.stripe.com
m.stripe.network
4    151.101.194.137 (United States)

ASN54113 (FASTLY, US)
js-agent.newrelic.com
3    2a04:4e42:600::622 (United States)

ASN54113 (FASTLY, US)
fast.appcues.com
3    54.187.119.242 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ip-54-187-119-242.stripe.com
q.stripe.com
1    52.10.76.194 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-10-76-194.us-west-2.compute.amazonaws.com
m.stripe.com
3    162.247.241.14 (United States)

ASN23467 (NEWRELIC-AS-1, US)
bam.nr-data.net
Apex Domain
Subdomains		 Transfer
7 stripe.com
js.stripe.com — Cisco Umbrella Rank: 1282
q.stripe.com — Cisco Umbrella Rank: 7730
m.stripe.com — Cisco Umbrella Rank: 1245
164 KB
6 navan.com
app.navan.com — Cisco Umbrella Rank: 79009
1 MB
4 newrelic.com
js-agent.newrelic.com — Cisco Umbrella Rank: 590
105 KB
3 nr-data.net
bam.nr-data.net — Cisco Umbrella Rank: 225
1 KB
3 appcues.com
fast.appcues.com — Cisco Umbrella Rank: 4861
134 KB
3 tripactions.com
collector.tripactions.com — Cisco Umbrella Rank: 89811
app.tripactions.com — Cisco Umbrella Rank: 230975
938 B
2 stripe.network
m.stripe.network — Cisco Umbrella Rank: 1361
16 KB
25 7
Domain Requested by
6 app.navan.com app.navan.com
4 js-agent.newrelic.com app.navan.com
js-agent.newrelic.com
3 bam.nr-data.net js-agent.newrelic.com
3 q.stripe.com app.navan.com
3 fast.appcues.com app.navan.com
js-agent.newrelic.com
3 js.stripe.com app.navan.com
js-agent.newrelic.com
js.stripe.com
2 m.stripe.network js.stripe.com
m.stripe.network
2 app.tripactions.com 2 redirects
1 m.stripe.com m.stripe.network
1 collector.tripactions.com 1 redirects
25 10

This site contains no links.

Subject Issuer Validity Valid
navan.com
GTS CA 1P5		 2023-10-21 -
2024-01-19		 3 months crt.sh
a.stripecdn.com
DigiCert SHA2 Extended Validation Server CA		 2023-10-30 -
2024-01-25		 3 months crt.sh
js-agent.newrelic.com
GlobalSign Atlas R3 DV TLS CA 2023 Q2		 2023-04-13 -
2024-05-14		 a year crt.sh
fast.appcues.com
GlobalSign Atlas R3 DV TLS CA 2023 Q3		 2023-08-05 -
2024-09-05		 a year crt.sh
*.stripe.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2023-10-09 -
2024-01-18		 3 months crt.sh
m.stripe.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-10-05 -
2024-01-18		 3 months crt.sh
*.nr-data.net
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-09-29 -
2024-10-01		 a year crt.sh

This page contains 3 frames:

Primary Page: https://app.navan.com/app/user2
Frame ID: 37B6C3E59B4BA244724CEC9C09945900
Requests: 17 HTTP requests in this frame

Frame: https://js.stripe.com/v3/m-outer-27c67c0d52761104439bb051c7856ab1.html
Frame ID: 825237B2708F05556F2A8220FD8B43E6
Requests: 4 HTTP requests in this frame

Frame: https://m.stripe.network/inner.html
Frame ID: 9319992962F8841E68DA90796747FF0F
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Navan

Page URL History Show full URLs

  1. https://collector.tripactions.com/r/tp2?p=web&e=se&se_ca=079cea8f-b2c8-407b-a991-4bb947250bbc&se_ac=link&uid=n... HTTP 302
    https://app.tripactions.com/?utm_source=EmailVerificationInviteEmail&utm_medium=email HTTP 302
    https://app.tripactions.com/app/user2 HTTP 302
    https://app.navan.com/app/user2 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • js\.stripe\.com

Page Statistics

25
Requests

100 %
HTTPS

38 %
IPv6

7
Domains

10
Subdomains

7
IPs

1
Countries

1944 kB
Transfer

7716 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://collector.tripactions.com/r/tp2?p=web&e=se&se_ca=079cea8f-b2c8-407b-a991-4bb947250bbc&se_ac=link&uid=newUser%3ADouglas+Rodney&aid=email&tna=EmailVerificationInviteEmail&u=https%3A%2F%2Fapp.tripactions.com%2F%3Futm_source%3DEmailVerificationInviteEmail%26utm_medium%3Demail HTTP 302
    https://app.tripactions.com/?utm_source=EmailVerificationInviteEmail&utm_medium=email HTTP 302
    https://app.tripactions.com/app/user2 HTTP 302
    https://app.navan.com/app/user2 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

25 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request user2
app.navan.com/app/
Redirect Chain
  • https://collector.tripactions.com/r/tp2?p=web&e=se&se_ca=079cea8f-b2c8-407b-a991-4bb947250bbc&se_ac=link&uid=newUser%3ADouglas+Rodney&aid=email&tna=EmailVerificationInviteEmail&u=https%3A%2F%2Fapp....
  • https://app.tripactions.com/?utm_source=EmailVerificationInviteEmail&utm_medium=email
  • https://app.tripactions.com/app/user2
  • https://app.navan.com/app/user2
18 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://app.navan.com/app/user2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:94ce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2a66fba2f51a1ca039ad7c84d1d506e00004dcef2d25679eedee6e4535c7e67f

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-cache, no-store, max-age=0, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
83418c5fba779199-FRA
content-encoding
br
content-type
text/html
date
Mon, 11 Dec 2023 23:36:11 GMT
last-modified
Mon, 11 Dec 2023 22:45:30 GMT
server
cloudflare
ta-request-uuid
001cf09f-cfe4-4199-8aad-c2cc7266fb7b
vary
Accept-Encoding

Redirect headers

cache-control
private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray
83418c5f1bf7926e-FRA
date
Mon, 11 Dec 2023 23:36:11 GMT
expires
Thu, 01 Jan 1970 00:00:01 GMT
location
https://app.navan.com/app/user2
server
cloudflare
vary
Accept-Encoding
/
js.stripe.com/v3/ 		577 KB
161 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/
Requested by
Host: app.navan.com
URL: https://app.navan.com/app/user2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.0.176 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
7358ef9fc01a20d8bc4f977e21664343b85abf89b48f22fcfe3f787b9419fb04
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.navan.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
date
Mon, 11 Dec 2023 23:36:11 GMT
via
1.1 varnish
age
43
x-cache
HIT
content-length
163952
x-request-id
44bc6103-a6fe-42ca-a519-2ebb4b37e175
x-served-by
cache-cph2320047-CPH
last-modified
Mon, 11 Dec 2023 21:41:21 GMT
server
Fastly
etag
"204a8f27076bea73c10f5485675cc7ee"
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=60
accept-ranges
bytes
timing-allow-origin
*
x-cache-hits
2
nr-loader-spa-1.248.0.min.js
js-agent.newrelic.com/ 		54 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js-agent.newrelic.com/nr-loader-spa-1.248.0.min.js
Requested by
Host: app.navan.com
URL: https://app.navan.com/app/user2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
0854cf1a0ce3f0e51ef7a606e18f26cde6fd063f013996275ba3334aa9ed7719
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.navan.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

x-amz-version-id
r7R2PAmcaxf.0rZO07QP5d2wiaK2D5ZB
content-encoding
br
via
1.1 varnish
date
Mon, 11 Dec 2023 23:36:11 GMT
strict-transport-security
max-age=300
x-amz-request-id
ZT72109FGMDV66A4
x-amz-server-side-encryption
AES256
x-cache
HIT
cross-origin-resource-policy
cross-origin
content-length
18848
x-amz-id-2
x1ejTWsQ6RTO0Q3OJC9U2rd+8mVeb+XxyQ2GZHUODyDscQ3N0xq84FzxMj7OygbyPNXRiWMEYJs=
x-served-by
cache-cph2320054-CPH
last-modified
Thu, 16 Nov 2023 17:54:54 GMT
server
AmazonS3
x-timer
S1702337772.801244,VS0,VE1
etag
"ad1f970587443c551676ebad7953b992"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=86400, stale-if-error=86400
accept-ranges
bytes
x-cache-hits
1
58995.js
fast.appcues.com/ 		22 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fast.appcues.com/58995.js
Requested by
Host: app.navan.com
URL: https://app.navan.com/app/user2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::622 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Cowboy /
Resource Hash
958c92fc215e8c98d1c4fba52533853f82f5323e86de3943f22cf920946394f1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.navan.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date
Mon, 11 Dec 2023 23:36:11 GMT
content-encoding
gzip
via
1.1 varnish
age
52
x-cache
HIT
content-length
5183
x-request-id
F5_rIwTbDa9rsmImvvbE
x-served-by
cache-fra-eddf8230068-FRA
server
Cowboy
x-timer
S1702337772.915954,VS0,VE1
vary
accept-encoding, Accept-Encoding
access-control-allow-methods
GET,PUT,POST,DELETE,OPTIONS
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
cache-control
max-age=120,public
access-control-allow-credentials
true
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
X-Requested-With,Authorization
x-cache-hits
1
runtime.8c24ab3c0e809c97.js
app.navan.com/app/user2/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://app.navan.com/app/user2/runtime.8c24ab3c0e809c97.js
Requested by
Host: app.navan.com
URL: https://app.navan.com/app/user2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:94ce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://app.navan.com/app/user2
Origin
https://app.navan.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date
Mon, 11 Dec 2023 23:36:12 GMT
content-encoding
br
cf-cache-status
DYNAMIC
server
cloudflare
access-control-max-age
3600
access-control-allow-methods
GET, PUT, POST, DELETE, OPTIONS, PATCH, HEAD
content-type
text/html
access-control-allow-origin
*
vary
Accept-Encoding
cf-ray
83418c611b2b9199-FRA
access-control-allow-headers
newrelic, traceparent, tracestate, x-tripactions-locale, x-requested-with, authorization, Content-Type, X-XSRF-TOKEN, x-ta-region, x-agent-desktop, x-gateway-authorization
ta-request-uuid
e9b0dfca-2b9e-4ada-a534-84aeaf8ee625
polyfills.c67a8ed292a2ea94.js
app.navan.com/app/user2/ 		39 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.navan.com/app/user2/polyfills.c67a8ed292a2ea94.js
Requested by
Host: app.navan.com
URL: https://app.navan.com/app/user2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:94ce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0aeaa11d402b896d02fa88fd604411fec1e31977171ec55f4a9bd1256a8fba56

Request headers

Referer
https://app.navan.com/app/user2
Origin
https://app.navan.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date
Mon, 11 Dec 2023 23:36:11 GMT
content-encoding
br
cf-cache-status
DYNAMIC
last-modified
Mon, 11 Dec 2023 20:13:46 GMT
server
cloudflare
etag
W/"65776d7a-9b7c"
access-control-max-age
3600
access-control-allow-methods
GET, PUT, POST, DELETE, OPTIONS, PATCH, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=600
vary
Accept-Encoding
cf-ray
83418c611b2c9199-FRA
access-control-allow-headers
newrelic, traceparent, tracestate, x-tripactions-locale, x-requested-with, authorization, Content-Type, X-XSRF-TOKEN, x-ta-region, x-agent-desktop, x-gateway-authorization
ta-request-uuid
a3e11c1a-9246-4574-b7e1-096ea88db226
scripts.ffdba5eb99ff5ceb.js
app.navan.com/app/user2/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.navan.com/app/user2/scripts.ffdba5eb99ff5ceb.js
Requested by
Host: app.navan.com
URL: https://app.navan.com/app/user2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:94ce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fedbdb0e2b84201df42bc0dbe144a77af8d48d6efe02507ef4f1b8f50589329c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.navan.com/app/user2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date
Mon, 11 Dec 2023 23:36:12 GMT
content-encoding
br
cf-cache-status
DYNAMIC
last-modified
Mon, 11 Dec 2023 20:13:46 GMT
server
cloudflare
etag
W/"65776d7a-cac"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=600
cf-ray
83418c621bab9199-FRA
ta-request-uuid
0f5bc04f-aa60-4c75-8c6f-fe5aabe65ffb
main.17e66182c2744543.js
app.navan.com/app/user2/ 		6 MB
1 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.navan.com/app/user2/main.17e66182c2744543.js
Requested by
Host: app.navan.com
URL: https://app.navan.com/app/user2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:94ce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6c8c50d58cc87c7b849dda2602249129e6a8f1dd35e127e35e1b228562b7267a

Request headers

Referer
https://app.navan.com/app/user2
Origin
https://app.navan.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date
Mon, 11 Dec 2023 23:36:11 GMT
content-encoding
br
cf-cache-status
DYNAMIC
last-modified
Mon, 11 Dec 2023 22:45:27 GMT
server
cloudflare
etag
W/"65779107-5ec20c"
access-control-max-age
3600
access-control-allow-methods
GET, PUT, POST, DELETE, OPTIONS, PATCH, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=600
vary
Accept-Encoding
cf-ray
83418c611b2d9199-FRA
access-control-allow-headers
newrelic, traceparent, tracestate, x-tripactions-locale, x-requested-with, authorization, Content-Type, X-XSRF-TOKEN, x-ta-region, x-agent-desktop, x-gateway-authorization
ta-request-uuid
584bd716-19b9-4237-83ac-b484dc0453db
styles.b3a22dad16ec8b6f.css
app.navan.com/app/user2/ 		129 KB
21 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://app.navan.com/app/user2/styles.b3a22dad16ec8b6f.css
Requested by
Host: app.navan.com
URL: https://app.navan.com/app/user2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:94ce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d94fae2a77d913ab9c9f9f36b1346ae783d7278b1daf7c5a76ded64899ca78f0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.navan.com/app/user2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date
Mon, 11 Dec 2023 23:36:12 GMT
content-encoding
br
cf-cache-status
DYNAMIC
last-modified
Mon, 11 Dec 2023 22:45:27 GMT
server
cloudflare
etag
W/"65779107-202b2"
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=600
cf-ray
83418c621bac9199-FRA
ta-request-uuid
751c5fe3-dccd-4828-bb38-1e5ee0ea7235
appcues.main.d0231f3d493abd624afa4a834d21141fbe717bea.js
fast.appcues.com/generic/main/4.60.54/ 		447 KB
127 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fast.appcues.com/generic/main/4.60.54/appcues.main.d0231f3d493abd624afa4a834d21141fbe717bea.js
Requested by
Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-loader-spa-1.248.0.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::622 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
31b66466752d08ce8c7069445465cfa5a34c4664352af5589a5e7cc400a18cff

Request headers

Referer
https://app.navan.com/
Origin
https://app.navan.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date
Mon, 11 Dec 2023 23:36:12 GMT
content-encoding
gzip
via
1.1 varnish
x-amz-request-id
KASBPG7S5GFRZN6A
age
8203
x-amz-server-side-encryption
AES256
x-cache
HIT
content-length
129146
x-amz-id-2
ReJJKxLafVpdgyouS5+Y6w/ftIh7XM7BHaGO9cw2hYFkNBmj1OpOIrSo85yrlEdT1R/3FW7IM48jjbY646+lYA==
x-served-by
cache-fra-eddf8230080-FRA
last-modified
Mon, 11 Dec 2023 21:03:01 GMT
server
AmazonS3
x-timer
S1702337772.037233,VS0,VE0
etag
"136a0e750c76bb82358dc6d429683b01"
vary
Accept-Encoding
access-control-allow-methods
GET,PUT,POST,DELETE,OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
X-Requested-With,Authorization
x-cache-hits
11
container.d0231f3d493abd624afa4a834d21141fbe717bea.css
fast.appcues.com/generic/main/4.60.54/ 		16 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fast.appcues.com/generic/main/4.60.54/container.d0231f3d493abd624afa4a834d21141fbe717bea.css
Requested by
Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-loader-spa-1.248.0.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::622 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
c2f5a697cf483b8a50b286ec9481c2767bcc448ad563047894e7e623de8049eb

Request headers

Referer
https://app.navan.com/
Origin
https://app.navan.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date
Mon, 11 Dec 2023 23:36:12 GMT
content-encoding
gzip
via
1.1 varnish
x-amz-request-id
H942V0CWD7JH8P5P
age
8261
x-amz-server-side-encryption
AES256
x-cache
HIT
content-length
1992
x-amz-id-2
MugJZRiankxCqvsPHQnR9AVZ8uhZw2e/GKo3bHBC7j41qqiABh4WWsT6kWYZ+X+CkJSfeRfkeQo=
x-served-by
cache-fra-eddf8230080-FRA
last-modified
Mon, 11 Dec 2023 21:03:01 GMT
server
AmazonS3
x-timer
S1702337772.158010,VS0,VE0
etag
"5be05ce494e7cac41d062a0b12a1657c"
vary
Accept-Encoding
access-control-allow-methods
GET,PUT,POST,DELETE,OPTIONS
content-type
text/css; charset=utf-8;
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
X-Requested-With,Authorization
x-cache-hits
322
m-outer-27c67c0d52761104439bb051c7856ab1.html
js.stripe.com/v3/ Frame 8252 		200 B
839 B 		Document
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/m-outer-27c67c0d52761104439bb051c7856ab1.html
Requested by
Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-loader-spa-1.248.0.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.0.176 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
351ffc2bdf381352dcd801be49be5018361119588eae077650260f9e162fe7b9
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://app.navan.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
8129513
cache-control
max-age=31536000
content-encoding
br
content-length
154
content-security-policy
base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only
base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
content-type
text/html; charset=utf-8
date
Mon, 11 Dec 2023 23:36:13 GMT
etag
"27c67c0d52761104439bb051c7856ab1"
last-modified
Fri, 08 Sep 2023 21:23:50 GMT
server
Fastly
strict-transport-security
max-age=31556926; includeSubDomains; preload
timing-allow-origin
*
vary
Accept-Encoding
via
1.1 varnish
x-cache
HIT
x-cache-hits
475434
x-content-type-options
nosniff
x-request-id
026e391e-182c-4cc5-a37d-0c3fdd1571c7
x-served-by
cache-cph2320047-CPH
m-outer-6576085ca35ee42f2f484cda6763e4aa.js
js.stripe.com/v3/fingerprinted/js/ Frame 8252 		631 B
533 B 		Script
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/fingerprinted/js/m-outer-6576085ca35ee42f2f484cda6763e4aa.js
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/m-outer-27c67c0d52761104439bb051c7856ab1.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.0.176 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
f0205495d259e89d99e6c4989147f8a65bef41513bfbe3e97251cd6fb6fa5947
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.stripe.com/v3/m-outer-27c67c0d52761104439bb051c7856ab1.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
date
Mon, 11 Dec 2023 23:36:13 GMT
via
1.1 varnish
age
8129512
x-cache
HIT
content-length
399
x-request-id
51d69349-c33b-4261-80dd-81ba6d655053
x-served-by
cache-cph2320047-CPH
last-modified
Fri, 08 Sep 2023 21:23:49 GMT
server
Fastly
etag
"70cacf09ae81711ac6dcbc5ee59750c4"
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
x-cache-hits
448188
csp-report
q.stripe.com/ Frame 8252 		0
716 B 		Other
General
Check archive.org
Download Go to
Full URL
https://q.stripe.com/csp-report
Requested by
Host: app.navan.com
URL: https://app.navan.com/app/user2
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-187-119-242.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://js.stripe.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Mon, 11 Dec 2023 23:36:13 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
x-stripe-server-envoy-start-time-us
1702337773715898
x-envoy-upstream-service-time
3
content-length
0
x-stripe-bg-intended-route-color
blue
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
nginx
cross-origin-opener-policy
same-origin
access-control-max-age
3600
access-control-allow-methods
GET, POST, OPTIONS
x-stripe-server-envoy-upstream-service-time-ms
1
access-control-allow-origin
https://js.stripe.com
x-stripe-client-envoy-start-time-us
1702337773715371
cache-control
max-age=0, no-cache, no-store, must-revalidate
access-control-expose-headers
Server, Range, Content-Type
x-robots-tag
none
access-control-allow-headers
Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires
0
csp-report
q.stripe.com/ Frame 8252 		0
716 B 		Other
General
Check archive.org
Download Go to
Full URL
https://q.stripe.com/csp-report
Requested by
Host: app.navan.com
URL: https://app.navan.com/app/user2
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-187-119-242.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://js.stripe.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Mon, 11 Dec 2023 23:36:13 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
x-stripe-server-envoy-start-time-us
1702337773716410
x-envoy-upstream-service-time
3
content-length
0
x-stripe-bg-intended-route-color
blue
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
nginx
cross-origin-opener-policy
same-origin
access-control-max-age
3600
access-control-allow-methods
GET, POST, OPTIONS
x-stripe-server-envoy-upstream-service-time-ms
1
access-control-allow-origin
https://js.stripe.com
x-stripe-client-envoy-start-time-us
1702337773715506
cache-control
max-age=0, no-cache, no-store, must-revalidate
access-control-expose-headers
Server, Range, Content-Type
x-robots-tag
none
access-control-allow-headers
Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires
0
inner.html
m.stripe.network/ Frame 9319 		930 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://m.stripe.network/inner.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/m-outer-6576085ca35ee42f2f484cda6763e4aa.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.0.176 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
947ac0903521f5eceefc90637c066306a8ca67466ccc188bb0107fb7cfb532d1
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-/5Guo2nzv5n/w6ukZpOBZOtTJBJPSkJ6mhHpnBgm3Ls='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://js.stripe.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
300
cache-control
max-age=300, public
content-encoding
br
content-length
540
content-security-policy
base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-/5Guo2nzv5n/w6ukZpOBZOtTJBJPSkJ6mhHpnBgm3Ls='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report
content-type
text/html; charset=utf-8
date
Mon, 11 Dec 2023 23:36:13 GMT
server
Fastly
strict-transport-security
max-age=31556926; includeSubDomains; preload
vary
Accept-Encoding, Origin
via
1.1 varnish
x-cache
HIT
x-cache-hits
1
x-content-type-options
nosniff
x-request-id
1cf59bc4-69c2-40be-899e-f0a1d0b5e04e
x-served-by
cache-cph2320047-CPH
x-timer
S1702337773.265545,VS0,VE1
csp-report
q.stripe.com/ Frame 9319 		0
491 B 		Other
General
Check archive.org
Download Go to
Full URL
https://q.stripe.com/csp-report
Requested by
Host: app.navan.com
URL: https://app.navan.com/app/user2
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-187-119-242.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload, max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://m.stripe.network/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Mon, 11 Dec 2023 23:36:13 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload, max-age=31556926; includeSubDomains; preload
x-content-type-options
nosniff
x-stripe-server-envoy-start-time-us
1702337773715819
x-envoy-upstream-service-time
1
content-length
0
x-stripe-bg-intended-route-color
blue
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
nginx
cross-origin-opener-policy
same-origin
x-stripe-server-envoy-upstream-service-time-ms
0
x-stripe-client-envoy-start-time-us
1702337773715337
cache-control
max-age=0, no-cache, no-store, must-revalidate
x-robots-tag
none
expires
0
out-4.5.43.js
m.stripe.network/ Frame 9319 		87 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://m.stripe.network/out-4.5.43.js
Requested by
Host: m.stripe.network
URL: https://m.stripe.network/inner.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.0.176 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
e039e607c78306c7e029a7fd0ecdb14f86456f16e1a5ce65aa26b4fdf1d38a3c
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://m.stripe.network/inner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
date
Mon, 11 Dec 2023 23:36:13 GMT
x-content-type-options
nosniff
content-encoding
br
via
1.1 varnish
age
241
x-cache
HIT
content-length
15509
x-request-id
23baa07b-968d-4bb2-bc69-729c729dbf0e
x-served-by
cache-cph2320047-CPH
server
Fastly
x-timer
S1702337773.321169,VS0,VE0
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=utf-8
cache-control
max-age=300, public
accept-ranges
bytes
x-cache-hits
34
nr-spa-1.248.0.min.js
js-agent.newrelic.com/ 		87 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js-agent.newrelic.com/nr-spa-1.248.0.min.js
Requested by
Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-loader-spa-1.248.0.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
8e4147148517b1b092a5bf8fb1fb4e78b568bdc40a127ec16732de62ddbb472a
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://app.navan.com/
Origin
https://app.navan.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

x-amz-version-id
WdicPIzDGJD8og5dR8sXZo1iUf3RkEzi
content-encoding
br
via
1.1 varnish
date
Mon, 11 Dec 2023 23:36:13 GMT
strict-transport-security
max-age=300
x-amz-request-id
0NV84X9NY2RY505Y
x-amz-server-side-encryption
AES256
x-cache
HIT
cross-origin-resource-policy
cross-origin
content-length
29446
x-amz-id-2
Tmr+SWuuLgp1LK9JhaPbr4eFIppJQI76yBRSMo8beg/4HV/eatWptx4l580sZ0g4SwCjby9ntPs=
x-served-by
cache-cph2320021-CPH
last-modified
Thu, 16 Nov 2023 17:54:54 GMT
server
AmazonS3
x-timer
S1702337774.504168,VS0,VE0
etag
"9aea0ff91a800a354637269e96e31dac"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=86400, stale-if-error=86400
accept-ranges
bytes
x-cache-hits
149029
6
m.stripe.com/ Frame 9319 		156 B
669 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://m.stripe.com/6
Requested by
Host: m.stripe.network
URL: https://m.stripe.network/out-4.5.43.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.10.76.194 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-10-76-194.us-west-2.compute.amazonaws.com
Software
nginx /
Resource Hash
7a235c36b126670409c480bba34332b734d41311db7e8469dd9bb14b9a57c1a1
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://m.stripe.network/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-stripe-bg-intended-route-color
blue
date
Mon, 11 Dec 2023 23:36:13 GMT
strict-transport-security
max-age=31556926; includeSubDomains; preload
x-content-type-options
nosniff
x-stripe-server-envoy-start-time-us
1702337773906633
server
nginx
content-type
application/json;charset=utf-8
x-stripe-server-envoy-upstream-service-time-ms
2
access-control-allow-origin
https://m.stripe.network
x-stripe-client-envoy-start-time-us
1702337773906175
access-control-allow-credentials
true
access-control-allow-headers
Content-Type
content-length
156
NRJS-d0e82c054a0db776b2e
bam.nr-data.net/1/ 		40 B
462 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://bam.nr-data.net/1/NRJS-d0e82c054a0db776b2e?a=967033548&sa=1&v=1.248.0&t=Unnamed%20Transaction&rst=2734&ck=0&s=9edf965069d36e80&ref=https://app.navan.com/app/user2&af=err,xhr,stn,ins,spa&be=859&fe=1701&dc=1370&fsh=1&perf=%7B%22timing%22:%7B%22of%22:1702337770821,%22n%22:0,%22f%22:580,%22dn%22:590,%22dne%22:590,%22c%22:590,%22s%22:614,%22ce%22:644,%22rq%22:644,%22rp%22:860,%22rpe%22:861,%22di%22:1019,%22ds%22:2227,%22de%22:2229,%22dc%22:2558,%22l%22:2558,%22le%22:2560%7D,%22navigation%22:%7B%7D%7D
Requested by
Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-loader-spa-1.248.0.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.247.241.14 , United States, ASN23467 (NEWRELIC-AS-1, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5ca742541d65d718402499ed1d84d003258ce2116562169b85744cf7d798485a

Request headers

Referer
https://app.navan.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
content-type
text/plain

Response headers

Date
Mon, 11 Dec 2023 23:36:13 GMT
CF-Cache-Status
DYNAMIC
Server
cloudflare
Vary
Accept-Encoding
access-control-allow-methods
GET, POST, PUT, HEAD, OPTIONS
Content-Type
text/plain
Access-Control-Allow-Origin
https://app.navan.com
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
Connection
keep-alive
CF-Ray
83418c6d788c90e8-FRA
Content-Length
40
nr-spa-recorder-1.248.0.min.js
js-agent.newrelic.com/ 		163 KB
53 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js-agent.newrelic.com/nr-spa-recorder-1.248.0.min.js
Requested by
Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-loader-spa-1.248.0.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e08acd7585caffd696e4af57549ca5659318b12c1c78b6cf5aceae5f769019bd
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://app.navan.com/
Origin
https://app.navan.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

x-amz-version-id
BLMzs_9FjMbSvC1S4LxtwJjXgpRtVy4T
content-encoding
br
via
1.1 varnish
date
Mon, 11 Dec 2023 23:36:13 GMT
strict-transport-security
max-age=300
x-amz-request-id
ZHFA6H84QDGA080B
x-amz-server-side-encryption
AES256
x-cache
HIT
cross-origin-resource-policy
cross-origin
content-length
54189
x-amz-id-2
6l8Qu2sre8ZzPN555Y/uJu1NVcePN4dGfpndLcJaPZqRDFBUcuuRtSQz1rKn9Hyg/svSWmnmHao=
x-served-by
cache-cph2320021-CPH
last-modified
Thu, 16 Nov 2023 17:54:54 GMT
server
AmazonS3
x-timer
S1702337774.938625,VS0,VE1
etag
"7d05bd54f5112b6dbb5446181c904cb2"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=86400, stale-if-error=86400
access-control-allow-credentials
true
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
accept-ranges
bytes
x-cache-hits
1
NRJS-d0e82c054a0db776b2e
bam.nr-data.net/resources/1/ 		36 B
414 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://bam.nr-data.net/resources/1/NRJS-d0e82c054a0db776b2e?a=967033548&sa=1&v=1.248.0&t=Unnamed%20Transaction&rst=3100&ck=0&s=9edf965069d36e80&ref=https://app.navan.com/app/user2&st=1702337770821&hr=1&fts=1702337770821&n=26&fsh=1
Requested by
Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-loader-spa-1.248.0.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.247.241.14 , United States, ASN23467 (NEWRELIC-AS-1, US),
Reverse DNS
Software
cloudflare /
Resource Hash
754963699cca458d4ddc15e35c4f40a5057bc7186d8aa854d63f441d7a961bdf

Request headers

Referer
https://app.navan.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
content-type
text/plain

Response headers

Date
Mon, 11 Dec 2023 23:36:14 GMT
CF-Cache-Status
DYNAMIC
Server
cloudflare
Vary
Accept-Encoding
access-control-allow-methods
GET, POST, PUT, HEAD, OPTIONS
Content-Type
text/plain
Access-Control-Allow-Origin
https://app.navan.com
access-control-allow-credentials
true
Connection
keep-alive
CF-Ray
83418c6f194090e8-FRA
Content-Length
36
nr-spa-compressor-1.248.0.min.js
js-agent.newrelic.com/ 		7 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js-agent.newrelic.com/nr-spa-compressor-1.248.0.min.js
Requested by
Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-loader-spa-1.248.0.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6e8ef2bdb553afff2e7d0a6f0806afad86c5d3b0e64f1fa075178253ffaf4fb9
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://app.navan.com/
Origin
https://app.navan.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

x-amz-version-id
hIDkPYp42CA5kZ1NJl9J3N3dWxyUV17O
content-encoding
br
via
1.1 varnish
date
Mon, 11 Dec 2023 23:36:14 GMT
strict-transport-security
max-age=300
x-amz-request-id
M74T9P6VFJY7JJSB
x-amz-server-side-encryption
AES256
x-cache
HIT
cross-origin-resource-policy
cross-origin
content-length
3727
x-amz-id-2
0qAKlM5p3HIr8eGfF9XrMXwkwu+1RYaShlCBLOiCA9FBJVMufRIrm64VNjJQvBgtBjgzrSIybuQ=
x-served-by
cache-cph2320021-CPH
last-modified
Thu, 16 Nov 2023 17:54:54 GMT
server
AmazonS3
x-timer
S1702337774.014549,VS0,VE1
etag
"8b3db6af238c59f01dbd145b383c9b69"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=86400, stale-if-error=86400
access-control-allow-credentials
true
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
accept-ranges
bytes
x-cache-hits
1
NRJS-d0e82c054a0db776b2e
bam.nr-data.net/events/1/ 		24 B
401 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://bam.nr-data.net/events/1/NRJS-d0e82c054a0db776b2e?a=967033548&sa=1&v=1.248.0&t=Unnamed%20Transaction&rst=3271&ck=0&s=9edf965069d36e80&ref=https://app.navan.com/app/user2&ptid=78b8d3d6-0001-b469-58b4-018c5b3d01c1
Requested by
Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-loader-spa-1.248.0.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.247.241.14 , United States, ASN23467 (NEWRELIC-AS-1, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300

Request headers

Referer
https://app.navan.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
content-type
text/plain

Response headers

Date
Mon, 11 Dec 2023 23:36:14 GMT
CF-Cache-Status
DYNAMIC
Server
cloudflare
Vary
Accept-Encoding
access-control-allow-methods
GET, POST, PUT, HEAD, OPTIONS
Content-Type
image/gif
Access-Control-Allow-Origin
https://app.navan.com
access-control-allow-credentials
true
Connection
keep-alive
CF-Ray
83418c7029bf90e8-FRA
Content-Length
24

Verdicts & Comments Add Verdict or Comment

20 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| documentPictureInPicture function| OptanonWrapper object| eventTypes function| onSherpaEvent object| NREUM object| webpackChunk:NRBA-1.248.0.PROD object| newrelic object| webpackChunkStripeJSouter function| noop function| Stripe object| AppcuesBundleSettings object| Appcues object| regeneratorRuntime object| webpackChunktaFeUser function| SSE

5 Cookies

Domain/Path Name / Value
.tripactions.com/ Name: tripactions_snowplow
Value: ad945a33-a900-4a9a-b807-41dd11ce0b5f
.tripactions.com/ Name: __cf_bm
Value: THMBkMK6Xfn06VWqsHedNwHbD3ysSiEXaYkBxTsddos-1702337771-1-AcbtW1afbQJHrOYET1Dk+mPLpa0ozldxky/3eopw6KZwytj50WpHMiU96xF2Hs4MShP7KtXmHKctUgfBgV/gM90=
m.stripe.com/ Name: m
Value: 180b9828-5f6c-4aeb-b5d6-d2805c865f13af754e
.app.navan.com/ Name: __stripe_mid
Value: e1cac953-5f34-4d29-9a74-3c06e314a43680cb2b
.app.navan.com/ Name: __stripe_sid
Value: 1ab58c9a-5e5a-47b1-be22-fc520968bef71fc76d

4 Console Messages

Source Level URL
Text
network error URL: https://app.navan.com/app/user2/runtime.8c24ab3c0e809c97.js
Message:
Failed to load resource: the server responded with a status of 404 ()
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self'".
security error URL: https://js-agent.newrelic.com/nr-loader-spa-1.248.0.min.js(Line 1)
Message:
Error parsing 'integrity' attribute ('undefined'). The hash algorithm must be one of 'sha256', 'sha384', or 'sha512', followed by a '-' character.
security error URL: https://js-agent.newrelic.com/nr-loader-spa-1.248.0.min.js(Line 1)
Message:
Error parsing 'integrity' attribute ('undefined'). The hash algorithm must be one of 'sha256', 'sha384', or 'sha512', followed by a '-' character.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

app.navan.com
app.tripactions.com
bam.nr-data.net
collector.tripactions.com
fast.appcues.com
js-agent.newrelic.com
js.stripe.com
m.stripe.com
m.stripe.network
q.stripe.com
151.101.0.176
151.101.194.137
162.247.241.14
2606:4700:4400::ac40:94ce
2606:4700::6812:9078
2a04:4e42:600::622
52.10.76.194
54.187.119.242
0854cf1a0ce3f0e51ef7a606e18f26cde6fd063f013996275ba3334aa9ed7719
0aeaa11d402b896d02fa88fd604411fec1e31977171ec55f4a9bd1256a8fba56
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
2a66fba2f51a1ca039ad7c84d1d506e00004dcef2d25679eedee6e4535c7e67f
31b66466752d08ce8c7069445465cfa5a34c4664352af5589a5e7cc400a18cff
351ffc2bdf381352dcd801be49be5018361119588eae077650260f9e162fe7b9
5ca742541d65d718402499ed1d84d003258ce2116562169b85744cf7d798485a
6c8c50d58cc87c7b849dda2602249129e6a8f1dd35e127e35e1b228562b7267a
6e8ef2bdb553afff2e7d0a6f0806afad86c5d3b0e64f1fa075178253ffaf4fb9
7358ef9fc01a20d8bc4f977e21664343b85abf89b48f22fcfe3f787b9419fb04
754963699cca458d4ddc15e35c4f40a5057bc7186d8aa854d63f441d7a961bdf
7a235c36b126670409c480bba34332b734d41311db7e8469dd9bb14b9a57c1a1
8e4147148517b1b092a5bf8fb1fb4e78b568bdc40a127ec16732de62ddbb472a
947ac0903521f5eceefc90637c066306a8ca67466ccc188bb0107fb7cfb532d1
958c92fc215e8c98d1c4fba52533853f82f5323e86de3943f22cf920946394f1
c2f5a697cf483b8a50b286ec9481c2767bcc448ad563047894e7e623de8049eb
d94fae2a77d913ab9c9f9f36b1346ae783d7278b1daf7c5a76ded64899ca78f0
e039e607c78306c7e029a7fd0ecdb14f86456f16e1a5ce65aa26b4fdf1d38a3c
e08acd7585caffd696e4af57549ca5659318b12c1c78b6cf5aceae5f769019bd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f0205495d259e89d99e6c4989147f8a65bef41513bfbe3e97251cd6fb6fa5947
fedbdb0e2b84201df42bc0dbe144a77af8d48d6efe02507ef4f1b8f50589329c