urlscan.io logo urlscan.io
SecurityTrails logo

maxmatch.finway.de Open in urlscan Pro
13.35.73.96  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://maxmatch.finway.de/
Effective URL: https://maxmatch.finway.de/
Submission: On November 09 via api from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 11 IPs in 2 countries across 9 domains to perform 40 HTTP transactions. The main IP is 13.35.73.96, located in United States and belongs to AMAZON-02, US. The main domain is maxmatch.finway.de.
TLS certificate: Issued by Amazon on August 7th 2022. Valid for: a year.
This is the only time maxmatch.finway.de was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 13.35.73.16 16509 (AMAZON-02)
14 13.35.73.96 16509 (AMAZON-02)
3 2600:1400:d::... 20940 (AKAMAI-ASN1)
3 34.120.195.249 396982 (GOOGLE-CL...)
5 151.101.128.176 54113 (FASTLY)
3 34.120.227.216 396982 (GOOGLE-CL...)
1 18.159.137.111 16509 (AMAZON-02)
1 2600:1400:d::... 20940 (AKAMAI-ASN1)
3 54.186.23.98 16509 (AMAZON-02)
1 1 13.249.190.3 16509 (AMAZON-02)
3 13.35.73.6 16509 (AMAZON-02)
2 52.89.187.149 16509 (AMAZON-02)
2 2607:f8b0:400... 15169 (GOOGLE)
40 11
1    13.35.73.16 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-35-73-16.bos50.r.cloudfront.net
maxmatch.finway.de
14    13.35.73.96 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-35-73-96.bos50.r.cloudfront.net
maxmatch.finway.de
3    2600:1400:d::173c:60ab (New York, United States)

ASN20940 (AKAMAI-ASN1, NL)
use.typekit.net
3    34.120.195.249 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 249.195.120.34.bc.googleusercontent.com
o469633.ingest.sentry.io
5    151.101.128.176 (United States)

ASN54113 (FASTLY, US)
js.stripe.com
m.stripe.network
3    34.120.227.216 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 216.227.120.34.bc.googleusercontent.com
secure.weavr.io
1    18.159.137.111 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-159-137-111.eu-central-1.compute.amazonaws.com
api.saas-eu-00.finway.de
1    2600:1400:d::173c:60b1 (New York, United States)

ASN20940 (AKAMAI-ASN1, NL)
p.typekit.net
3    54.186.23.98 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ip-54-186-23-98.stripe.com
q.stripe.com
1    13.249.190.3 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-249-190-3.bos50.r.cloudfront.net
widget.intercom.io
3    13.35.73.6 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-35-73-6.bos50.r.cloudfront.net
js.intercomcdn.com
2    52.89.187.149 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-89-187-149.us-west-2.compute.amazonaws.com
m.stripe.com
2    2607:f8b0:4006:81c::200a (United States)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
Apex Domain
Subdomains		 Transfer
16 finway.de
maxmatch.finway.de
api.saas-eu-00.finway.de
3 MB
8 stripe.com
js.stripe.com — Cisco Umbrella Rank: 2552
q.stripe.com — Cisco Umbrella Rank: 22338
m.stripe.com — Cisco Umbrella Rank: 2258
99 KB
4 typekit.net
use.typekit.net — Cisco Umbrella Rank: 980
p.typekit.net — Cisco Umbrella Rank: 1212
67 KB
3 intercomcdn.com
js.intercomcdn.com — Cisco Umbrella Rank: 4898
202 KB
3 weavr.io
secure.weavr.io
37 KB
3 sentry.io
o469633.ingest.sentry.io
397 B
2 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 118
2 KB
2 stripe.network
m.stripe.network — Cisco Umbrella Rank: 2810
17 KB
1 intercom.io
widget.intercom.io — Cisco Umbrella Rank: 5727
297 B
40 9
Domain Requested by
15 maxmatch.finway.de 1 redirects maxmatch.finway.de
3 js.intercomcdn.com widget.intercom.io
3 q.stripe.com maxmatch.finway.de
3 secure.weavr.io maxmatch.finway.de
secure.weavr.io
3 js.stripe.com maxmatch.finway.de
js.stripe.com
3 o469633.ingest.sentry.io maxmatch.finway.de
3 use.typekit.net client
use.typekit.net
2 fonts.googleapis.com secure.weavr.io
2 m.stripe.com m.stripe.network
2 m.stripe.network js.stripe.com
m.stripe.network
1 widget.intercom.io 1 redirects
1 p.typekit.net use.typekit.net
1 api.saas-eu-00.finway.de maxmatch.finway.de
40 13

This site contains links to these domains. Also see Links.

Domain
finway.de
Subject Issuer Validity Valid
*.finway.de
Amazon		 2022-08-07 -
2023-09-05		 a year crt.sh
use.typekit.net
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-09-14 -
2023-10-15		 a year crt.sh
*.ingest.sentry.io
R3		 2022-10-19 -
2023-01-17		 3 months crt.sh
a.stripecdn.com
DigiCert SHA2 Extended Validation Server CA		 2022-10-19 -
2023-01-11		 3 months crt.sh
*.weavr.io
Sectigo RSA Organization Validation Secure Server CA		 2022-07-18 -
2023-08-17		 a year crt.sh
*.saas-eu-00.finway.de
Amazon		 2022-02-08 -
2023-03-09		 a year crt.sh
*.stripe.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-09-06 -
2022-12-07		 3 months crt.sh
m.stripe.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-09-15 -
2023-01-26		 4 months crt.sh
upload.video.google.com
GTS CA 1C3		 2022-10-17 -
2023-01-09		 3 months crt.sh
*.intercomcdn.com
Amazon		 2022-01-30 -
2023-02-28		 a year crt.sh

This page contains 5 frames:

Primary Page: https://maxmatch.finway.de/
Frame ID: 834BBC5066E642CE79509A5061CA6B9C
Requests: 25 HTTP requests in this frame

Frame: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html
Frame ID: 097A5B785A06561F2E8C54D140065B00
Requests: 4 HTTP requests in this frame

Frame: https://secure.weavr.io/app/secure/static/server.1.html
Frame ID: 7A4B1B463D233DA51C036ABD4AD30784
Requests: 4 HTTP requests in this frame

Frame: https://m.stripe.network/inner.html
Frame ID: D4CA81DE44231A3FDF08A9CB3FC66DAA
Requests: 5 HTTP requests in this frame

Frame: https://js.intercomcdn.com/frame-modern.dc150152.js
Frame ID: D3C5B5C18B8824A47F63A65D2764BA5D
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Finway

Page URL History Show full URLs

  1. http://maxmatch.finway.de/ HTTP 301
    https://maxmatch.finway.de/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • js\.stripe\.com

Page Statistics

40
Requests

98 %
HTTPS

23 %
IPv6

9
Domains

13
Subdomains

11
IPs

2
Countries

3593 kB
Transfer

16947 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://maxmatch.finway.de/ HTTP 301
    https://maxmatch.finway.de/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 29
  • https://widget.intercom.io/widget/r97dh13d HTTP 302
  • https://js.intercomcdn.com/shim.latest.js

40 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
maxmatch.finway.de/
Redirect Chain
  • http://maxmatch.finway.de/
  • https://maxmatch.finway.de/
1 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://maxmatch.finway.de/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.73.96 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-73-96.bos50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
4783b5ab45ce512a0ccfd080bb08ac078c2b6bbbcb285cc6d6567c24726d6456

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

age
47691
content-length
1380
content-type
text/html
date
Wed, 09 Nov 2022 00:39:34 GMT
etag
"7e970654e8d4ed695d96aa93392063cc"
last-modified
Wed, 09 Nov 2022 00:35:55 GMT
server
AmazonS3
via
1.1 909fc123d4e8b7ecf80a806121a98be6.cloudfront.net (CloudFront)
x-amz-cf-id
Vl1OaSM0IVEdENp9NxiNJGi2ZVvfK59skiN5sWJBjkiVqT6xnPxieQ==
x-amz-cf-pop
BOS50-C1
x-cache
Hit from cloudfront

Redirect headers

Connection
keep-alive
Content-Length
167
Content-Type
text/html
Date
Wed, 09 Nov 2022 13:54:24 GMT
Location
https://maxmatch.finway.de/
Server
CloudFront
Via
1.1 aca7cedbae634cf959491824fe54bc78.cloudfront.net (CloudFront)
X-Amz-Cf-Id
mV9dsrkyMt1ff9eWDjs5TwAJsPRWdd0irdsh6Fg6VcEG_16G32gMPw==
X-Amz-Cf-Pop
BOS50-C1
X-Cache
Redirect from cloudfront
manifest.c545c17c50d88674fa88.bundle.js
maxmatch.finway.de/js/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maxmatch.finway.de/js/manifest.c545c17c50d88674fa88.bundle.js
Requested by
Host: maxmatch.finway.de
URL: https://maxmatch.finway.de/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.73.96 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-73-96.bos50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
40108de3ff735424d95fa87139b499667f88d18dcc494c53ea52de4cfce51037

Request headers

accept-language
en-US,en;q=0.9
Referer
https://maxmatch.finway.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Wed, 09 Nov 2022 03:24:36 GMT
content-encoding
gzip
via
1.1 909fc123d4e8b7ecf80a806121a98be6.cloudfront.net (CloudFront)
last-modified
Wed, 09 Nov 2022 00:35:59 GMT
server
AmazonS3
x-amz-cf-pop
BOS50-C1
age
37790
etag
"82cb51fd574d1a6bb6fc870bd501420e"
x-cache
Hit from cloudfront
content-type
application/javascript
content-length
780
x-amz-cf-id
pqm4-4GoO7evvN76znVmSJFNRKZM-BwsgDp1cwRQXYkoj2-0ofmerg==
vendors~253ae210.89f7b35b0251a8234997.bundle.js
maxmatch.finway.de/js/ 		3 MB
649 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maxmatch.finway.de/js/vendors~253ae210.89f7b35b0251a8234997.bundle.js
Requested by
Host: maxmatch.finway.de
URL: https://maxmatch.finway.de/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.73.96 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-73-96.bos50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
76578d788b9f38ddfb0ae81a7f4681d8d29a0093f5e886415d840ff564f79979

Request headers

accept-language
en-US,en;q=0.9
Referer
https://maxmatch.finway.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Wed, 09 Nov 2022 03:24:36 GMT
content-encoding
gzip
via
1.1 909fc123d4e8b7ecf80a806121a98be6.cloudfront.net (CloudFront)
last-modified
Wed, 09 Nov 2022 00:35:59 GMT
server
AmazonS3
x-amz-cf-pop
BOS50-C1
age
37790
etag
"f8095edd3061c1e396760e4795947077"
x-cache
Hit from cloudfront
content-type
application/javascript
content-length
663488
x-amz-cf-id
RnsweAWSVhWdYD2aHA-hpfSH0obg42JEpAc65TUxZ40g7FPplKekng==
vendors~7274e1de.ea1a5938f01c600065ca.bundle.js
maxmatch.finway.de/js/ 		2 MB
457 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maxmatch.finway.de/js/vendors~7274e1de.ea1a5938f01c600065ca.bundle.js
Requested by
Host: maxmatch.finway.de
URL: https://maxmatch.finway.de/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.73.96 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-73-96.bos50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
76e217d5575df59d3d9a7a1e3d09de0926af66176ce385065a26567be02dc51e

Request headers

accept-language
en-US,en;q=0.9
Referer
https://maxmatch.finway.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Wed, 09 Nov 2022 07:12:29 GMT
content-encoding
gzip
via
1.1 909fc123d4e8b7ecf80a806121a98be6.cloudfront.net (CloudFront)
last-modified
Wed, 09 Nov 2022 00:35:59 GMT
server
AmazonS3
x-amz-cf-pop
BOS50-C1
age
24117
etag
"d679206caf22e75d18c640e790c61928"
x-cache
Hit from cloudfront
content-type
application/javascript
content-length
467090
x-amz-cf-id
F_F8U5JOt6ViY5cOSrLiZwlzMGH_zkQ3ZqY1GM8VA_MI5rf_3sZa_g==
vendors~70aabc29.268d2d5c8328964a4606.bundle.js
maxmatch.finway.de/js/ 		1 MB
306 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maxmatch.finway.de/js/vendors~70aabc29.268d2d5c8328964a4606.bundle.js
Requested by
Host: maxmatch.finway.de
URL: https://maxmatch.finway.de/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.73.96 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-73-96.bos50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
6daf1232230d355c46c69a274c2bbc9b8044bd925d4d23cac891be2db45163ca

Request headers

accept-language
en-US,en;q=0.9
Referer
https://maxmatch.finway.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Wed, 09 Nov 2022 03:24:36 GMT
content-encoding
gzip
via
1.1 909fc123d4e8b7ecf80a806121a98be6.cloudfront.net (CloudFront)
last-modified
Wed, 09 Nov 2022 00:35:59 GMT
server
AmazonS3
x-amz-cf-pop
BOS50-C1
age
37790
etag
"d50e44060ce5542cb86ca7bf2049a22c"
x-cache
Hit from cloudfront
content-type
application/javascript
content-length
313105
x-amz-cf-id
oXWFJLIXfkMG2GCx-xltBhx6JklO-8R8lqiUFPE4Ed3Qmg7wTGPDJg==
vendors~9c5b28f6.16aff52ec7d786ab9d26.bundle.js
maxmatch.finway.de/js/ 		629 KB
122 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maxmatch.finway.de/js/vendors~9c5b28f6.16aff52ec7d786ab9d26.bundle.js
Requested by
Host: maxmatch.finway.de
URL: https://maxmatch.finway.de/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.73.96 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-73-96.bos50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
9e291904dee89a455829cbf31707eb070851b3646d048f7299b20f12487f0af1

Request headers

accept-language
en-US,en;q=0.9
Referer
https://maxmatch.finway.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Wed, 09 Nov 2022 03:24:36 GMT
content-encoding
gzip
via
1.1 909fc123d4e8b7ecf80a806121a98be6.cloudfront.net (CloudFront)
last-modified
Wed, 09 Nov 2022 00:35:59 GMT
server
AmazonS3
x-amz-cf-pop
BOS50-C1
age
37790
etag
"caace33fae498477a4b5216e1a5800e4"
x-cache
Hit from cloudfront
content-type
application/javascript
content-length
124432
x-amz-cf-id
T-whJsuY0mIIL8ws7MNRL-IhNFPBsq23-QIfFp7aCcRPDwUpBh9fug==
vendors~f9ca8911.33e2cb21a0e4226859e6.bundle.js
maxmatch.finway.de/js/ 		373 KB
100 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maxmatch.finway.de/js/vendors~f9ca8911.33e2cb21a0e4226859e6.bundle.js
Requested by
Host: maxmatch.finway.de
URL: https://maxmatch.finway.de/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.73.96 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-73-96.bos50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
089d87a7c7c27d39f6b190b76c0e8043bda90852dc351c300d56b1316115c49e

Request headers

accept-language
en-US,en;q=0.9
Referer
https://maxmatch.finway.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Wed, 09 Nov 2022 03:24:36 GMT
content-encoding
gzip
via
1.1 909fc123d4e8b7ecf80a806121a98be6.cloudfront.net (CloudFront)
last-modified
Wed, 09 Nov 2022 00:35:59 GMT
server
AmazonS3
x-amz-cf-pop
BOS50-C1
age
37790
etag
"464f17ab86ee6a990c01dd78704ac555"
x-cache
Hit from cloudfront
content-type
application/javascript
content-length
102214
x-amz-cf-id
p8_lhPx28Brhs5UbjW0juPOuD1IMbN5BK_isohMR_BciC3hmeEYJzw==
vendors~fd731fb0.53064548da938c30d670.bundle.js
maxmatch.finway.de/js/ 		450 KB
126 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maxmatch.finway.de/js/vendors~fd731fb0.53064548da938c30d670.bundle.js
Requested by
Host: maxmatch.finway.de
URL: https://maxmatch.finway.de/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.73.96 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-73-96.bos50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
af85524341fd0bae513927e686750200c8a7c47294eddaedf059423c2dfa4035

Request headers

accept-language
en-US,en;q=0.9
Referer
https://maxmatch.finway.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Wed, 09 Nov 2022 03:24:37 GMT
content-encoding
gzip
via
1.1 909fc123d4e8b7ecf80a806121a98be6.cloudfront.net (CloudFront)
last-modified
Wed, 09 Nov 2022 00:36:00 GMT
server
AmazonS3
x-amz-cf-pop
BOS50-C1
age
37789
etag
"1d9bebf63878e18a7edb6e84c72d41e4"
x-cache
Hit from cloudfront
content-type
application/javascript
content-length
128497
x-amz-cf-id
H_OK2Fvay3epZqHtYwKcmua8tTMu_3T8Odjj1FCFlwWMyGIRpSmK6g==
vendors~3ffedb8b.52ba0f75cb51395e087f.bundle.js
maxmatch.finway.de/js/ 		1 MB
299 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maxmatch.finway.de/js/vendors~3ffedb8b.52ba0f75cb51395e087f.bundle.js
Requested by
Host: maxmatch.finway.de
URL: https://maxmatch.finway.de/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.73.96 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-73-96.bos50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
04ae66e3d2186b04a2ce88b2cb98364b86e72fb7dd43b125121cd3a77eda3eca

Request headers

accept-language
en-US,en;q=0.9
Referer
https://maxmatch.finway.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Wed, 09 Nov 2022 03:24:38 GMT
content-encoding
gzip
via
1.1 909fc123d4e8b7ecf80a806121a98be6.cloudfront.net (CloudFront)
last-modified
Wed, 09 Nov 2022 00:35:59 GMT
server
AmazonS3
x-amz-cf-pop
BOS50-C1
age
37788
etag
"3264d7094434477496ae05b9def4c9f1"
x-cache
Hit from cloudfront
content-type
application/javascript
content-length
305386
x-amz-cf-id
0_z-zWUEaK9Le8JJcuuRqrs7EJIGfFy7Q_NFVhkv7ONS9tq6vf2mzQ==
vendors~ec8c427e.dab3314deadbe311bb7a.bundle.js
maxmatch.finway.de/js/ 		83 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maxmatch.finway.de/js/vendors~ec8c427e.dab3314deadbe311bb7a.bundle.js
Requested by
Host: maxmatch.finway.de
URL: https://maxmatch.finway.de/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.73.96 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-73-96.bos50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
85a480567c795e5c98c321e7d6989a27483f13c40ba0273d1091712ca2235a33

Request headers

accept-language
en-US,en;q=0.9
Referer
https://maxmatch.finway.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Wed, 09 Nov 2022 08:07:57 GMT
content-encoding
gzip
via
1.1 909fc123d4e8b7ecf80a806121a98be6.cloudfront.net (CloudFront)
last-modified
Wed, 09 Nov 2022 00:35:59 GMT
server
AmazonS3
x-amz-cf-pop
BOS50-C1
age
20789
etag
"189eb81cac0d9dbafc31b3983f1bb7b2"
x-cache
Hit from cloudfront
content-type
application/javascript
content-length
28138
x-amz-cf-id
esr0J4lgUROb4S-hT-iETcmQQqh3JSePFUX4a6QGkTLLHIEVsMQGxQ==
vendors~cfbf0a2e.2e14a05e6c9e6a4bc55c.bundle.js
maxmatch.finway.de/js/ 		54 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maxmatch.finway.de/js/vendors~cfbf0a2e.2e14a05e6c9e6a4bc55c.bundle.js
Requested by
Host: maxmatch.finway.de
URL: https://maxmatch.finway.de/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.73.96 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-73-96.bos50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
0fe2ae6d69132a7d7d5f17d249223680273891a96a49cc3e9c00965d8676f097

Request headers

accept-language
en-US,en;q=0.9
Referer
https://maxmatch.finway.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Wed, 09 Nov 2022 08:07:57 GMT
content-encoding
gzip
via
1.1 909fc123d4e8b7ecf80a806121a98be6.cloudfront.net (CloudFront)
last-modified
Wed, 09 Nov 2022 00:35:59 GMT
server
AmazonS3
x-amz-cf-pop
BOS50-C1
age
20789
etag
"553e3afc4a1803b213416f60ad930897"
x-cache
Hit from cloudfront
content-type
application/javascript
content-length
15031
x-amz-cf-id
zGxuHDYIMyXmnJD9z-f95C5eMV8fnJgkVvr_dGPFK0ZMwpXzHb4XPA==
antd~1d8c4c28.3b0ed43f29280878af39.bundle.js
maxmatch.finway.de/js/ 		1 MB
222 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maxmatch.finway.de/js/antd~1d8c4c28.3b0ed43f29280878af39.bundle.js
Requested by
Host: maxmatch.finway.de
URL: https://maxmatch.finway.de/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.73.96 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-73-96.bos50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
09a52148878c32338a07792e32d70efed424bba3f325a9498cbf37d181590df2

Request headers

accept-language
en-US,en;q=0.9
Referer
https://maxmatch.finway.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Wed, 09 Nov 2022 08:07:57 GMT
content-encoding
gzip
via
1.1 909fc123d4e8b7ecf80a806121a98be6.cloudfront.net (CloudFront)
last-modified
Wed, 09 Nov 2022 00:35:58 GMT
server
AmazonS3
x-amz-cf-pop
BOS50-C1
age
20789
etag
"e1a8b91f6bfc6f19c468927c15a5e598"
x-cache
Hit from cloudfront
content-type
application/javascript
content-length
227086
x-amz-cf-id
MmerQJG8bms479v-88Je3uJamwh8N7_n2N6uyidsRquOj_kedoc1Dg==
app.37b63499ef0d23302cf1.bundle.js
maxmatch.finway.de/js/ 		5 MB
835 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maxmatch.finway.de/js/app.37b63499ef0d23302cf1.bundle.js
Requested by
Host: maxmatch.finway.de
URL: https://maxmatch.finway.de/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.73.96 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-73-96.bos50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
fa79109a7f50b51568b29e4b54b48d8c59a9790b6a94a6ec259be88f3e443f53

Request headers

accept-language
en-US,en;q=0.9
Referer
https://maxmatch.finway.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Wed, 09 Nov 2022 03:24:38 GMT
content-encoding
gzip
via
1.1 909fc123d4e8b7ecf80a806121a98be6.cloudfront.net (CloudFront)
last-modified
Wed, 09 Nov 2022 00:35:59 GMT
server
AmazonS3
x-amz-cf-pop
BOS50-C1
age
37788
etag
"f4701fd695df9e11cdee7f65c9bdddc4"
x-cache
Hit from cloudfront
content-type
application/javascript
content-length
853270
x-amz-cf-id
RLM-qwNvGQK02EBP5IWXyxNJ6d8WblaO2Q-JmpspQ3Wd08F1n_mfqg==
ucp6oqc.css
use.typekit.net/ 		5 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/ucp6oqc.css
Requested by
Host: client
URL: about:client
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:d::173c:60ab New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
4f4d6acba6592d161fd44f5c631cc8256773aabc629293817bdf7cd6fbdfe442
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains;

Request headers

accept-language
en-US,en;q=0.9
Referer
https://maxmatch.finway.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains;
content-encoding
gzip
date
Wed, 09 Nov 2022 13:54:26 GMT
server
nginx
vary
Accept-Encoding
content-type
text/css;charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=600, stale-while-revalidate=604800
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
800
/
o469633.ingest.sentry.io/api/5499472/envelope/ 		2 B
279 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://o469633.ingest.sentry.io/api/5499472/envelope/?sentry_key=4675fa2b89ef4385a39c36713f79f7bf&sentry_version=7&sentry_client=sentry.javascript.react%2F7.11.1
Requested by
Host: maxmatch.finway.de
URL: https://maxmatch.finway.de/js/vendors~253ae210.89f7b35b0251a8234997.bundle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.195.249 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
249.195.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://maxmatch.finway.de/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Wed, 09 Nov 2022 13:54:26 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 google
server
nginx
vary
Origin
content-type
application/json
access-control-allow-origin
https://maxmatch.finway.de
access-control-expose-headers
x-sentry-rate-limits, retry-after, x-sentry-error
x-envoy-upstream-service-time
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2
v3
js.stripe.com/ 		395 KB
95 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3
Requested by
Host: maxmatch.finway.de
URL: https://maxmatch.finway.de/js/vendors~253ae210.89f7b35b0251a8234997.bundle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.128.176 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
447bf0648eda3fd643b4b7321169d2b5834893f972b854030cf6864e072a2dba
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://maxmatch.finway.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
date
Wed, 09 Nov 2022 13:54:26 GMT
via
1.1 varnish
age
32
x-cache
HIT
content-length
96841
x-request-id
0403f216-d4ff-49c4-9ad8-90350f1972dd
x-served-by
cache-mia11353-MIA
last-modified
Tue, 08 Nov 2022 17:18:42 GMT
server
Fastly
etag
"c20ccba614bc1067d6003a7d8c9232a1"
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=60
accept-ranges
bytes
timing-allow-origin
*
x-cache-hits
30
client.1.js
secure.weavr.io/app/secure/static/ 		60 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.weavr.io/app/secure/static/client.1.js
Requested by
Host: maxmatch.finway.de
URL: https://maxmatch.finway.de/js/app.37b63499ef0d23302cf1.bundle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.227.216 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
216.227.120.34.bc.googleusercontent.com
Software
envoy /
Resource Hash
ff70fb557f15b0d9bb10a8f9fb84023b2daa8bdde13f645954a732203d7b751e

Request headers

accept-language
en-US,en;q=0.9
Referer
https://maxmatch.finway.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Wed, 09 Nov 2022 13:54:26 GMT
content-encoding
gzip
via
1.1 google
last-modified
Wed, 26 Oct 2022 11:29:02 GMT
server
envoy
vary
Accept-Encoding
content-type
application/javascript
cache-control
no-store
x-envoy-upstream-service-time
1
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
version
api.saas-eu-00.finway.de/api/ 		22 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.saas-eu-00.finway.de/api/version
Requested by
Host: maxmatch.finway.de
URL: https://maxmatch.finway.de/js/vendors~253ae210.89f7b35b0251a8234997.bundle.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.159.137.111 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-159-137-111.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3d45fa5cedaabd39ecd42cfbd1e8e93a60897de7d9a3bc872e28515a3a4bda6
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
application/json, text/plain, */*
Referer
https://maxmatch.finway.de/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security
max-age=15552000; includeSubDomains
X-Content-Type-Options
nosniff
Date
Wed, 09 Nov 2022 13:54:27 GMT
X-Permitted-Cross-Domain-Policies
none
Cross-Origin-Embedder-Policy
require-corp
X-DNS-Prefetch-Control
off
Cross-Origin-Resource-Policy
same-origin
Connection
keep-alive
Content-Length
22
X-XSS-Protection
0
Referrer-Policy
no-referrer
Cross-Origin-Opener-Policy
same-origin
ETag
W/"16-9lqKtrsX+peS+meLs4feKE81GB4"
Expect-CT
max-age=0
X-Frame-Options
SAMEORIGIN
Vary
Origin
X-Download-Options
noopen
Access-Control-Allow-Origin
https://maxmatch.finway.de
Origin-Agent-Cluster
?1
Access-Control-Expose-Headers
Retry-After,Retry-attempt
Access-Control-Allow-Credentials
true
Content-Language
en
Content-Type
application/json; charset=utf-8
Keep-Alive
timeout=5
p.css
p.typekit.net/ 		5 B
195 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://p.typekit.net/p.css?s=1&k=ucp6oqc&ht=tk&f=137.139.169.175.5474.25136&a=83668984&app=typekit&e=css
Requested by
Host: use.typekit.net
URL: https://use.typekit.net/ucp6oqc.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:d::173c:60b1 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb

Request headers

accept-language
en-US,en;q=0.9
Referer
https://use.typekit.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

unused62
8096267
date
Wed, 09 Nov 2022 13:54:26 GMT
last-modified
Sat, 02 Oct 2021 08:25:28 GMT
server
nginx
etag
"61581778-5"
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=604800
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
5
l
use.typekit.net/af/705e94/00000000000000003b9b3062/27/ 		33 KB
33 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/705e94/00000000000000003b9b3062/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3
Requested by
Host: use.typekit.net
URL: https://use.typekit.net/ucp6oqc.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:d::173c:60ab New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
31685af3bbf1ff809935f70512ea48729eac2add3a47f604db26c43f2a253541

Request headers

Referer
https://use.typekit.net/ucp6oqc.css
Origin
https://maxmatch.finway.de
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Wed, 09 Nov 2022 13:54:26 GMT
server
nginx
etag
"79fea02668402fc378c129193093131a2db2577c"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
33576
m-outer-3437aaddcdf6922d623e172c2d6f9278.html
js.stripe.com/v3/ Frame 097A 		200 B
784 B 		Document
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.128.176 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
35dcc382eb69d00369d708708cdc545f3968b68fa5bbe3e728d11fedd04f93bb
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://maxmatch.finway.de/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
2396316
cache-control
max-age=31536000
content-encoding
br
content-length
122
content-security-policy
base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only
base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
content-type
text/html; charset=utf-8
date
Wed, 09 Nov 2022 13:54:26 GMT
etag
"3437aaddcdf6922d623e172c2d6f9278"
last-modified
Wed, 12 Oct 2022 20:13:44 GMT
server
Fastly
strict-transport-security
max-age=31556926; includeSubDomains; preload
timing-allow-origin
*
vary
Accept-Encoding
via
1.1 varnish
x-cache
HIT
x-cache-hits
45979
x-content-type-options
nosniff
x-request-id
cf659072-52ac-4375-b35a-398f61b32079
x-served-by
cache-mia11353-MIA
server.1.html
secure.weavr.io/app/secure/static/ Frame 7A4B 		5 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://secure.weavr.io/app/secure/static/server.1.html
Requested by
Host: secure.weavr.io
URL: https://secure.weavr.io/app/secure/static/client.1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.227.216 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
216.227.120.34.bc.googleusercontent.com
Software
envoy /
Resource Hash
1150922e5d3edd845eed755650dca061bb6a6939a41028fff2e79cba1e4700e4

Request headers

Referer
https://maxmatch.finway.de/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-store
content-encoding
gzip
content-type
text/html
date
Wed, 09 Nov 2022 13:54:27 GMT
last-modified
Wed, 26 Oct 2022 11:29:50 GMT
server
envoy
vary
Accept-Encoding
via
1.1 google
x-envoy-upstream-service-time
2
csp-report
q.stripe.com/ Frame 097A 		0
571 B 		Other
General
Check archive.org
Download Go to
Full URL
https://q.stripe.com/csp-report
Requested by
Host: maxmatch.finway.de
URL: https://maxmatch.finway.de/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.186.23.98 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-186-23-98.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://js.stripe.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Wed, 09 Nov 2022 13:54:27 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
x-envoy-upstream-service-time
0
content-length
0
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
nginx
cross-origin-opener-policy
same-origin
access-control-max-age
3600
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://js.stripe.com
access-control-expose-headers
Server, Range, Content-Type
cache-control
max-age=0, no-cache, no-store, must-revalidate
x-robots-tag
none
access-control-allow-headers
Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires
0
csp-report
q.stripe.com/ Frame 097A 		0
570 B 		Other
General
Check archive.org
Download Go to
Full URL
https://q.stripe.com/csp-report
Requested by
Host: maxmatch.finway.de
URL: https://maxmatch.finway.de/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.186.23.98 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-186-23-98.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://js.stripe.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Wed, 09 Nov 2022 13:54:27 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
x-envoy-upstream-service-time
1
content-length
0
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
nginx
cross-origin-opener-policy
same-origin
access-control-max-age
3600
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://js.stripe.com
access-control-expose-headers
Server, Range, Content-Type
cache-control
max-age=0, no-cache, no-store, must-revalidate
x-robots-tag
none
access-control-allow-headers
Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires
0
m-outer-15a2b40a058ddff1cffdb63779fe3de1.js
js.stripe.com/v3/fingerprinted/js/ Frame 097A 		526 B
413 B 		Script
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/fingerprinted/js/m-outer-15a2b40a058ddff1cffdb63779fe3de1.js
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.128.176 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
ba2338aa6670580269c762f51c4291daef913201aa8f4d4fd166c1a878262652
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
date
Wed, 09 Nov 2022 13:54:27 GMT
via
1.1 varnish
age
2396315
x-cache
HIT
content-length
256
x-request-id
011bf4ec-da3c-4b29-a336-1090f56a1bc9
x-served-by
cache-mia11353-MIA
last-modified
Wed, 12 Oct 2022 20:13:43 GMT
server
Fastly
etag
"d96c709017743c0759cf3853d1806ba5"
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
x-cache-hits
35911
inner.html
m.stripe.network/ Frame D4CA 		930 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://m.stripe.network/inner.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/m-outer-15a2b40a058ddff1cffdb63779fe3de1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.128.176 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
a5f27af9c0c6f37979ebafcac22eb3a613841a3d4e728f4577baf94e64d42f35
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-e/Jqu4k9Gk1ZCWO6StAsfhF3i7qgIwfuitaD1g9DyvE='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://js.stripe.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

accept-ranges
bytes
age
69
cache-control
max-age=300, public
content-encoding
gzip
content-length
527
content-security-policy
base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-e/Jqu4k9Gk1ZCWO6StAsfhF3i7qgIwfuitaD1g9DyvE='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report
content-type
text/html; charset=utf-8
date
Wed, 09 Nov 2022 13:54:27 GMT
server
Fastly
strict-transport-security
max-age=31556926; includeSubDomains; preload
vary
Accept-Encoding, Origin
via
1.1 varnish
x-cache
HIT
x-cache-hits
79
x-content-type-options
nosniff
x-request-id
f3a10a8f-87ba-4100-a21e-a2fc70be96df
x-served-by
cache-mia11353-MIA
x-timer
S1668002067.131346,VS0,VE0
server.1.js
secure.weavr.io/app/secure/static/ Frame 7A4B 		41 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.weavr.io/app/secure/static/server.1.js
Requested by
Host: secure.weavr.io
URL: https://secure.weavr.io/app/secure/static/server.1.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.120.227.216 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
216.227.120.34.bc.googleusercontent.com
Software
envoy /
Resource Hash
4cad573a0751e8930491b09556501761dafee7d1cbade1519e774e11162e9937

Request headers

accept-language
en-US,en;q=0.9
Referer
https://secure.weavr.io/app/secure/static/server.1.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Wed, 09 Nov 2022 13:54:27 GMT
content-encoding
gzip
via
1.1 google
last-modified
Wed, 26 Oct 2022 11:29:07 GMT
server
envoy
vary
Accept-Encoding
content-type
application/javascript
cache-control
no-store
x-envoy-upstream-service-time
1
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
csp-report
q.stripe.com/ Frame D4CA 		0
344 B 		Other
General
Check archive.org
Download Go to
Full URL
https://q.stripe.com/csp-report
Requested by
Host: maxmatch.finway.de
URL: https://maxmatch.finway.de/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.186.23.98 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-186-23-98.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload, max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://m.stripe.network/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-Type
application/csp-report

Response headers

pragma
no-cache
date
Wed, 09 Nov 2022 13:54:27 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload, max-age=31556926; includeSubDomains; preload
referrer-policy
strict-origin-when-cross-origin
x-content-type-options
nosniff
server
nginx
cross-origin-opener-policy
same-origin
cache-control
max-age=0, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
1
x-robots-tag
none
content-length
0
expires
0
out-4.5.42.js
m.stripe.network/ Frame D4CA 		86 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://m.stripe.network/out-4.5.42.js
Requested by
Host: m.stripe.network
URL: https://m.stripe.network/inner.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.128.176 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
f445ee14f2454d974293d28677213ae002e9ac17721fc04b2fdeb037e083b083
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://m.stripe.network/inner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
date
Wed, 09 Nov 2022 13:54:27 GMT
x-content-type-options
nosniff
content-encoding
gzip
via
1.1 varnish
age
201
x-cache
HIT
content-length
16031
x-request-id
f8f75e1c-eee5-4b3f-9b29-215ef25fcfb6
x-served-by
cache-mia11353-MIA
server
Fastly
x-timer
S1668002067.194932,VS0,VE0
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=utf-8
cache-control
max-age=300, public
accept-ranges
bytes
x-cache-hits
184
/
o469633.ingest.sentry.io/api/5499472/envelope/ 		41 B
59 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://o469633.ingest.sentry.io/api/5499472/envelope/?sentry_key=4675fa2b89ef4385a39c36713f79f7bf&sentry_version=7&sentry_client=sentry.javascript.react%2F7.11.1
Requested by
Host: maxmatch.finway.de
URL: https://maxmatch.finway.de/js/vendors~253ae210.89f7b35b0251a8234997.bundle.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.120.195.249 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
249.195.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
bef3b18236c63d697d731e6c002ee7ef7ae79591bbad768722b1b7639460d29c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://maxmatch.finway.de/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Wed, 09 Nov 2022 13:54:27 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 google
server
nginx
vary
Origin
content-type
application/json
access-control-allow-origin
https://maxmatch.finway.de
access-control-expose-headers
x-sentry-rate-limits, retry-after, x-sentry-error
x-envoy-upstream-service-time
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
41
shim.latest.js
js.intercomcdn.com/
Redirect Chain
  • https://widget.intercom.io/widget/r97dh13d
  • https://js.intercomcdn.com/shim.latest.js
18 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.intercomcdn.com/shim.latest.js
Protocol
H2
Server
13.35.73.6 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-73-6.bos50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
40af314057c9bb2e1423055ab93a30b600b59b27a30be88d5c9d84e8b825fa2b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
en-US,en;q=0.9
Referer
https://maxmatch.finway.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Wed, 09 Nov 2022 13:53:46 GMT
content-encoding
gzip
via
1.1 8ae5b5a688f9a8d1d770a34b9d1af94e.cloudfront.net (CloudFront)
x-amz-version-id
9o2RBT1SqrD6_T1gj2lCtMuX_d5.hTrl
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
BOS50-C1
age
43
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
6172
last-modified
Wed, 09 Nov 2022 12:08:41 GMT
server
AmazonS3
etag
"d329ee32a97c724213b47dca58829309"
content-type
application/javascript; charset=UTF-8
cache-control
max-age=300, s-maxage=300, public
accept-ranges
bytes
x-amz-cf-id
2czXTQgYx-HMMXnLq0Xh0lkwPzMrlrB4N7CzMdT7ClrEAETdFBpm7Q==

Redirect headers

date
Fri, 04 Nov 2022 14:25:58 GMT
via
1.1 6cfc86e6ccd19a4761a27f5f2d9c9a90.cloudfront.net (CloudFront)
server
AmazonS3
x-amz-cf-pop
BOS50-C2
age
430110
x-cache
Hit from cloudfront
location
https://js.intercomcdn.com/shim.latest.js
cache-control
max-age=86400
alt-svc
h3=":443"; ma=86400
content-length
0
x-amz-cf-id
HydVc9WcJ-LP4aggExz-h49NRMrgr3_3Cfzv39PItUlayVkNbMXaYQ==
logo.svg
maxmatch.finway.de/images/ 		4 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://maxmatch.finway.de/images/logo.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.73.96 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-73-96.bos50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
146c565da7974afc93c74e51bcae799c1d6182398e25a134317930f6a11a2f2f

Request headers

accept-language
en-US,en;q=0.9
Referer
https://maxmatch.finway.de/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Wed, 09 Nov 2022 03:24:42 GMT
via
1.1 909fc123d4e8b7ecf80a806121a98be6.cloudfront.net (CloudFront)
last-modified
Wed, 09 Nov 2022 00:35:55 GMT
server
AmazonS3
x-amz-cf-pop
BOS50-C1
age
37785
etag
"0c9bf2cfa9e25b13f41ff8911cbf5bfe"
x-cache
Hit from cloudfront
content-type
image/svg+xml
content-length
4544
x-amz-cf-id
IdFpdY0S4AOqTMNxDlpLzeRLK-eWLfSwYJIa4O_1r7F-SDTnX8ziyw==
l
use.typekit.net/af/6e816b/00000000000000003b9b3064/27/ 		33 KB
33 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/6e816b/00000000000000003b9b3064/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n5&v=3
Requested by
Host: use.typekit.net
URL: https://use.typekit.net/ucp6oqc.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:d::173c:60ab New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
3f8d3c0b0f92db9629b4d13d41f1aa4c858cd12c4ccffd4b8d587dc72abd4a5b

Request headers

Referer
https://use.typekit.net/ucp6oqc.css
Origin
https://maxmatch.finway.de
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Wed, 09 Nov 2022 13:54:27 GMT
server
nginx
etag
"8ae17cf0eecce59afa191d331a008a4661e1553d"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
33428
6
m.stripe.com/ Frame D4CA 		156 B
523 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://m.stripe.com/6
Requested by
Host: m.stripe.network
URL: https://m.stripe.network/out-4.5.42.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.89.187.149 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-89-187-149.us-west-2.compute.amazonaws.com
Software
nginx /
Resource Hash
94cd15d2860063227bf73b2a1a06d204d2a1fc3e511becab34732d493f33ab14
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://m.stripe.network/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Wed, 09 Nov 2022 13:54:27 GMT
strict-transport-security
max-age=31556926; includeSubDomains; preload
x-content-type-options
nosniff
server
nginx
content-type
application/json;charset=utf-8
access-control-allow-origin
https://m.stripe.network
access-control-allow-credentials
true
access-control-allow-headers
Content-Type
content-length
156
css
fonts.googleapis.com/ Frame 7A4B 		2 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Montserrat
Requested by
Host: secure.weavr.io
URL: https://secure.weavr.io/app/secure/static/server.1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81c::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
a5feba8ce66eafb93cd4dfff5083877ea2b2bf8daaded3058288b7cddb956cfb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://secure.weavr.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Wed, 09 Nov 2022 13:54:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 09 Nov 2022 12:53:09 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 09 Nov 2022 13:54:27 GMT
css2
fonts.googleapis.com/ Frame 7A4B 		2 KB
643 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Inter
Requested by
Host: secure.weavr.io
URL: https://secure.weavr.io/app/secure/static/server.1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81c::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
4401aeae8ced32f3503b820eda4fb6bec9cc703ef9a1a42a817fae255f34e716
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://secure.weavr.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Wed, 09 Nov 2022 13:54:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 09 Nov 2022 13:38:35 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 09 Nov 2022 13:54:27 GMT
frame-modern.dc150152.js
js.intercomcdn.com/ Frame D3C5 		450 KB
123 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.intercomcdn.com/frame-modern.dc150152.js
Requested by
Host: widget.intercom.io
URL: https://widget.intercom.io/widget/r97dh13d
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
13.35.73.6 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-73-6.bos50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
3ae36bb9d735513174b4c64054730933671b92628380e0ceb0871064b9f21d72
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Wed, 09 Nov 2022 12:08:46 GMT
content-encoding
gzip
x-amz-version-id
Chn1kEZBy8xjRkVw5OH3gHBQMnWmEgg7
via
1.1 bae03a76f4f3eb92893beec8dc1a7f7c.cloudfront.net (CloudFront)
x-amz-cf-pop
BOS50-C1
age
6343
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
125145
last-modified
Wed, 09 Nov 2022 12:07:09 GMT
server
AmazonS3
etag
"2d22711f7445d1fcaa0ae32b8f3f09f1"
content-type
application/javascript; charset=UTF-8
cache-control
max-age=31536000, s-maxage=7200, public
accept-ranges
bytes
x-amz-cf-id
Qh2wTUnESOap0MYuN4xpZb9Qvyuwh5zKVARmzBb6mbiMle-PJq8-tA==
vendor-modern.0df046e7.js
js.intercomcdn.com/ Frame D3C5 		236 KB
73 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.intercomcdn.com/vendor-modern.0df046e7.js
Requested by
Host: widget.intercom.io
URL: https://widget.intercom.io/widget/r97dh13d
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
13.35.73.6 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-73-6.bos50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
57e51fee4a18a1eaa750d422f41f3b201af6d29544ada64883d2b9f936581201
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
via
1.1 bae03a76f4f3eb92893beec8dc1a7f7c.cloudfront.net (CloudFront)
x-amz-version-id
9rGn7MKobrRO_GsSVNbNuFagPNe7jT07
date
Wed, 09 Nov 2022 12:14:18 GMT
x-amz-cf-pop
BOS50-C1
age
6011
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
74286
last-modified
Tue, 08 Nov 2022 14:06:53 GMT
server
AmazonS3
etag
"b2d1f33d1a5a0be06f8482f5604eea8d"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=31536000, s-maxage=7200, public
accept-ranges
bytes
x-amz-cf-id
jKoWBdkyiF0IoijwafMBcKw2s-ocHOageieDmKIc6B948UD6eALg6A==
/
o469633.ingest.sentry.io/api/5499472/envelope/ 		41 B
59 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://o469633.ingest.sentry.io/api/5499472/envelope/?sentry_key=4675fa2b89ef4385a39c36713f79f7bf&sentry_version=7&sentry_client=sentry.javascript.react%2F7.11.1
Requested by
Host: maxmatch.finway.de
URL: https://maxmatch.finway.de/js/vendors~253ae210.89f7b35b0251a8234997.bundle.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.120.195.249 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
249.195.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
81738b5aed4f836e56cff8a913f1b3dba444ba7ca703e20c29fe4543328ab4b0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://maxmatch.finway.de/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Wed, 09 Nov 2022 13:54:28 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 google
server
nginx
vary
Origin
content-type
application/json
access-control-allow-origin
https://maxmatch.finway.de
access-control-expose-headers
x-sentry-error, x-sentry-rate-limits, retry-after
x-envoy-upstream-service-time
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
41
6
m.stripe.com/ Frame D4CA 		156 B
523 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://m.stripe.com/6
Requested by
Host: m.stripe.network
URL: https://m.stripe.network/out-4.5.42.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.89.187.149 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-89-187-149.us-west-2.compute.amazonaws.com
Software
nginx /
Resource Hash
94cd15d2860063227bf73b2a1a06d204d2a1fc3e511becab34732d493f33ab14
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://m.stripe.network/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Wed, 09 Nov 2022 13:54:31 GMT
strict-transport-security
max-age=31556926; includeSubDomains; preload
x-content-type-options
nosniff
server
nginx
content-type
application/json;charset=utf-8
access-control-allow-origin
https://m.stripe.network
access-control-allow-credentials
true
access-control-allow-headers
Content-Type
content-length
156

Verdicts & Comments Add Verdict or Comment

24 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation object| webpackJsonp object| SENTRY_RELEASE object| SENTRY_RELEASES object| __SENTRY__ object| regeneratorRuntime function| setImmediate function| clearImmediate object| webpackChunkStripeJSouter function| Stripe object| OpcUxSecureClient function| Intercom function| __intercomAssignLocation

3 Cookies

Domain/Path Name / Value
m.stripe.com/ Name: m
Value: b25f19d8-4674-4c06-8ea6-89b0472e3d1796c326
.maxmatch.finway.de/ Name: __stripe_mid
Value: baf49d36-9335-45b5-988c-9719131877c4a70627
.maxmatch.finway.de/ Name: __stripe_sid
Value: fe6b8ae5-b2b4-4bf2-9cf1-0411d765da3125b337

1 Console Messages

Source Level URL
Text
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self'".

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.saas-eu-00.finway.de
fonts.googleapis.com
js.intercomcdn.com
js.stripe.com
m.stripe.com
m.stripe.network
maxmatch.finway.de
o469633.ingest.sentry.io
p.typekit.net
q.stripe.com
secure.weavr.io
use.typekit.net
widget.intercom.io
13.249.190.3
13.35.73.16
13.35.73.6
13.35.73.96
151.101.128.176
18.159.137.111
2600:1400:d::173c:60ab
2600:1400:d::173c:60b1
2607:f8b0:4006:81c::200a
34.120.195.249
34.120.227.216
52.89.187.149
54.186.23.98
04ae66e3d2186b04a2ce88b2cb98364b86e72fb7dd43b125121cd3a77eda3eca
089d87a7c7c27d39f6b190b76c0e8043bda90852dc351c300d56b1316115c49e
09a52148878c32338a07792e32d70efed424bba3f325a9498cbf37d181590df2
0fe2ae6d69132a7d7d5f17d249223680273891a96a49cc3e9c00965d8676f097
1150922e5d3edd845eed755650dca061bb6a6939a41028fff2e79cba1e4700e4
146c565da7974afc93c74e51bcae799c1d6182398e25a134317930f6a11a2f2f
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb
31685af3bbf1ff809935f70512ea48729eac2add3a47f604db26c43f2a253541
35dcc382eb69d00369d708708cdc545f3968b68fa5bbe3e728d11fedd04f93bb
3ae36bb9d735513174b4c64054730933671b92628380e0ceb0871064b9f21d72
3f8d3c0b0f92db9629b4d13d41f1aa4c858cd12c4ccffd4b8d587dc72abd4a5b
40108de3ff735424d95fa87139b499667f88d18dcc494c53ea52de4cfce51037
40af314057c9bb2e1423055ab93a30b600b59b27a30be88d5c9d84e8b825fa2b
4401aeae8ced32f3503b820eda4fb6bec9cc703ef9a1a42a817fae255f34e716
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
447bf0648eda3fd643b4b7321169d2b5834893f972b854030cf6864e072a2dba
4783b5ab45ce512a0ccfd080bb08ac078c2b6bbbcb285cc6d6567c24726d6456
4cad573a0751e8930491b09556501761dafee7d1cbade1519e774e11162e9937
4f4d6acba6592d161fd44f5c631cc8256773aabc629293817bdf7cd6fbdfe442
57e51fee4a18a1eaa750d422f41f3b201af6d29544ada64883d2b9f936581201
6daf1232230d355c46c69a274c2bbc9b8044bd925d4d23cac891be2db45163ca
76578d788b9f38ddfb0ae81a7f4681d8d29a0093f5e886415d840ff564f79979
76e217d5575df59d3d9a7a1e3d09de0926af66176ce385065a26567be02dc51e
81738b5aed4f836e56cff8a913f1b3dba444ba7ca703e20c29fe4543328ab4b0
85a480567c795e5c98c321e7d6989a27483f13c40ba0273d1091712ca2235a33
94cd15d2860063227bf73b2a1a06d204d2a1fc3e511becab34732d493f33ab14
9e291904dee89a455829cbf31707eb070851b3646d048f7299b20f12487f0af1
a5f27af9c0c6f37979ebafcac22eb3a613841a3d4e728f4577baf94e64d42f35
a5feba8ce66eafb93cd4dfff5083877ea2b2bf8daaded3058288b7cddb956cfb
af85524341fd0bae513927e686750200c8a7c47294eddaedf059423c2dfa4035
ba2338aa6670580269c762f51c4291daef913201aa8f4d4fd166c1a878262652
bef3b18236c63d697d731e6c002ee7ef7ae79591bbad768722b1b7639460d29c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3d45fa5cedaabd39ecd42cfbd1e8e93a60897de7d9a3bc872e28515a3a4bda6
f445ee14f2454d974293d28677213ae002e9ac17721fc04b2fdeb037e083b083
fa79109a7f50b51568b29e4b54b48d8c59a9790b6a94a6ec259be88f3e443f53
ff70fb557f15b0d9bb10a8f9fb84023b2daa8bdde13f645954a732203d7b751e